From beahadil@cauldron.sk Wed Feb 01 07:29:55 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F4H7T-0002se-Gk for capwap-archive@megatron.ietf.org; Wed, 01 Feb 2006 07:29:55 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA13417 for ; Wed, 1 Feb 2006 07:28:18 -0500 (EST) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1F4HIb-0002t3-NM for capwap-archive@ietf.org; Wed, 01 Feb 2006 07:41:27 -0500 Received: from [201.3.39.16] (helo=cauldron.sk) by mx2.foretec.com with smtp (Exim 4.24) id 1F4H7O-00059j-Eh for capwap-archive@ietf.org; Wed, 01 Feb 2006 07:29:50 -0500 Message-ID: <000001c6272b$2bea4c10$1616a8c0@carbonic> Reply-To: "Hadil Bea" From: "Hadil Bea" To: "Jess Mercure" Subject: tractate symmetrize Date: Wed, 1 Feb 2006 07:29:40 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C62701.43144410" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: 3.5 (+++) X-Scan-Signature: 2857c5c041d6c02d7181d602c22822c8 This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C62701.43144410 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable =20 V=20 V=20 C=20 l=20 A=20 l=20 A=20 L=20 A=20 G=20 l=20 L=20 R=20 U=20 l=20 A=20 M=20 S=20 =20 =20 =20 $=20 $=20 $=20 69=20 85=20 99=20 (=20 (=20 (=20 10=20 30=20 10=20 )=20 )=20 )=20 =20 and many other at http://www.visiteine.com =20 Good day , Do not over pay for your meds , save up to 70% with http://www.visiteine.com ------=_NextPart_000_0001_01C62701.43144410 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
 
V
V
C
l
A
l
A
L
A
G
l
L
R
U
l
A
M
S
 
 
 
$
$
$
69
85
99 =
(
(
(
10
30
10
)
)
)
 
and many other at http://www.visiteine.com
 
Good day , Do not over = pay for your meds , save up to 70% with http://www.visiteine.com
------=_NextPart_000_0001_01C62701.43144410-- From skitrip-bounces+capwap-archive=lists.ietf.org@frascone.com Wed Feb 01 08:34:59 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F4I8R-0004Mi-Ke for capwap-archive@megatron.ietf.org; Wed, 01 Feb 2006 08:34:59 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA26877 for ; Wed, 1 Feb 2006 08:33:10 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id B23F14300DC for ; Wed, 1 Feb 2006 05:34:33 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: frascone.com mailing list memberships reminder From: skitrip-owner@frascone.com X-No-Archive: yes Message-ID: Date: Wed, 01 Feb 2006 05:31:33 -0800 Precedence: bulk X-BeenThere: skitrip@frascone.com X-Mailman-Version: 2.1.5 List-Id: skitrip.frascone.com X-List-Administrivia: yes To: capwap-archive@ietf.org Errors-To: skitrip-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: 7bit This is a monthly reminder about your frascone.com mailing list memberships. It shows the lists you are subscribed to, your passwords, and a Web page URL you can use to manage your subscriptions. Visit the Web page URL shown below to unsubscribe, change your e-mail address, temporarily disable your subscription for a vacation, set digest-style delivery, and so on. You can also use e-mail to make changes. For more info, send a message to the '-request' address of the list (for example, skitrip-request@frascone.com) containing just the word 'help' in the message body. An e-mail message will be sent to you with instructions. Here is the subscription information for capwap-archive@lists.ietf.org: List Password // URL ---- -------- capwap@frascone.com ugimni http://lists.frascone.com/mailman/options/capwap/capwap-archive%40lists.ietf.org From hadarigarber@fnm.com Wed Feb 01 15:20:20 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F4OSh-00037T-Ty for capwap-archive@megatron.ietf.org; Wed, 01 Feb 2006 15:20:19 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA02595 for ; Wed, 1 Feb 2006 15:18:41 -0500 (EST) Received: from [60.221.183.127] (helo=fnm.com) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1F4Odo-0004RN-SW for capwap-archive@ietf.org; Wed, 01 Feb 2006 15:31:55 -0500 Message-ID: <000001c6276c$da829520$588fa8c0@soilless> Reply-To: "Hadar Garber" From: "Hadar Garber" To: "Sharyl Klopfenstein" Subject: present Negrillo Date: Wed, 1 Feb 2006 15:19:50 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C62742.F1AC8D20" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: 2.4 (++) X-Scan-Signature: 20f22c03b5c66958bff5ef54fcda6e48 This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C62742.F1AC8D20 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, Do you need to over pay for your meds? Nothing like you need it - save over 50% on your meds with http://www.briglig.com =20 C=20 V=20 V=20 I=20 A=20 l=20 A=20 L=20 A=20 L=20 l=20 G=20 l=20 U=20 R=20 S=20 M=20 A=20 =20 =20 =20 $=20 $=20 $=20 99=20 85=20 69=20 /=20 /=20 /=20 x=20 x=20 x=20 10=20 30=20 10=20 ------=_NextPart_000_0001_01C62742.F1AC8D20 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Hi,
Do you need to over pay for your meds?
Nothing like you need it - save over 50% on your meds with http://www.briglig.com
 
C
V
V
I
A
l
A
L
A
L
l
G
l
U
R
S
M
A
 
 
 
$
$
$
99
85
69



/
/
/
x
x
x
10
30
10
------=_NextPart_000_0001_01C62742.F1AC8D20-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Wed Feb 01 17:00:31 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F4Q1f-0007Z9-6Y for capwap-archive@megatron.ietf.org; Wed, 01 Feb 2006 17:00:31 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA16800 for ; Wed, 1 Feb 2006 16:58:43 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 01E7E43010C for ; Wed, 1 Feb 2006 14:00:17 -0800 (PST) Received: from hermes.tigertech.net (hermes.tigertech.net [64.71.157.146]) by leela.tigertech.net (Postfix) with ESMTP id E7A91430048 for ; Wed, 1 Feb 2006 13:59:53 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id D3A8880C0F9 for ; Wed, 1 Feb 2006 13:59:53 -0800 (PST) Received: from smtpout1.bayarea.net (smtpout1.bayarea.net [209.128.95.10]) by hermes.tigertech.net (Postfix) with ESMTP id 6398080C11C for ; Wed, 1 Feb 2006 13:59:51 -0800 (PST) Received: from shell4.bayarea.net (shell4.bayarea.net [209.128.82.1]) by smtpout1.bayarea.net (8.12.10/8.12.10) with ESMTP id k11M011l004294 for ; Wed, 1 Feb 2006 14:00:01 -0800 Received: from shell4.bayarea.net (localhost [127.0.0.1]) by shell4.bayarea.net (8.12.11/8.12.11) with ESMTP id k11Lxol7013746 for ; Wed, 1 Feb 2006 13:59:50 -0800 Received: from localhost (dperkins@localhost) by shell4.bayarea.net (8.12.11/8.12.11/Submit) with ESMTP id k11Lxk66013728 for ; Wed, 1 Feb 2006 13:59:49 -0800 X-Authentication-Warning: shell4.bayarea.net: dperkins owned process doing -bs Date: Wed, 1 Feb 2006 13:59:46 -0800 (PST) From: "David T. Perkins" X-Sender: dperkins@shell4.bayarea.net To: capwap@frascone.com Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Subject: [Capwap] Join to Image Data X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com HI, The LWAPP State Machine in figure 2 has the transition labelled "m" that is Join to Image Data. This transition is not described, and it seems inappropriate. I believe that it should be removed. Regards, /david t. perkins _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Wed Feb 01 23:39:15 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F4WFW-0000e6-6M for capwap-archive@megatron.ietf.org; Wed, 01 Feb 2006 23:39:15 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA24544 for ; Wed, 1 Feb 2006 23:37:35 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 0D2FE4300EE for ; Wed, 1 Feb 2006 20:39:07 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id A466C430048 for ; Wed, 1 Feb 2006 20:38:38 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id CA4EE398030 for ; Wed, 1 Feb 2006 20:38:37 -0800 (PST) X-Greylist-Status: Sender first seen 00:03:50 ago Received: from co300216-ier2.net.avaya.com (co300216-ier2.net.avaya.com [198.152.13.103]) by zoidberg.tigertech.net (Postfix) with ESMTP id C090C398046 for ; Wed, 1 Feb 2006 20:38:32 -0800 (PST) Received: from tierw.net.avaya.com (h198-152-13-100.avaya.com [198.152.13.100]) by co300216-ier2.net.avaya.com (Switch-3.1.7/Switch-3.1.7) with ESMTP id k123Vmij004806 for ; Wed, 1 Feb 2006 22:31:49 -0500 Received: from cof110avexu1.global.avaya.com (h135-9-6-16.avaya.com [135.9.6.16]) by tierw.net.avaya.com (Switch-3.1.2/Switch-3.1.0) with ESMTP id k124JKYj027777 for ; Wed, 1 Feb 2006 23:19:20 -0500 (EST) X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Subject: RE: [Capwap] WGLC timeline for Evaluation draft Date: Wed, 1 Feb 2006 21:34:41 -0700 Message-ID: Thread-Topic: [Capwap] WGLC timeline for Evaluation draft Thread-Index: AcYcuEXXgsVdSDySRmKLHXgbPHFu3AAVaCsgABdfXfAAAoppwAAEdLCAAA7fQUICe6s0YA== X-Priority: 1 Priority: Urgent Importance: high From: "Mani, Mahalingam (Mani)" To: "Nelson, David" , "Saravanan Govindan" , X-Scanner: InterScan AntiVirus for Sendmail X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.093 tagged_above=-999 required=7 tests=X_PRIORITY_HIGH X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable All: Based on this thread (and subsequent emails in this thread after this one) - the WG appears to agree and we (chairs) opine that the evaluation draft will be sent to IESG (requesting publication as informational RFC) as it stands. Regards, -mani & Dorothy =3D=3D=3D=3D=3D=3D -----Original Message----- From: Nelson, David [mailto:dnelson@enterasys.com]=20 Sent: Friday, January 20, 2006 5:16 AM To: Saravanan Govindan; capwap@frascone.com Subject: RE: [Capwap] WGLC timeline for Evaluation draft Saravanan Govindan writes... =20 > However, since the Evaluation document is subject to WG consensus, I > think it should represent that. =20 Well, in fact ,the Evaluation Team document was *not* intended to be subject to WG consensus, when the Chairs and Area Director initially set the ground rules for the Evaluation Team process. That's the basis of my issue with your suggestion to incorporate other opinions.=20 > In the spirit of a quick resolution, maybe we can get the Chairs' input > in this. =20 Yes, I agree. I would appreciate clarification from the Chairs. =20 Regards, Dave _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Wed Feb 01 23:43:13 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F4WJN-00038Y-FE for capwap-archive@megatron.ietf.org; Wed, 01 Feb 2006 23:43:13 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA24895 for ; Wed, 1 Feb 2006 23:41:35 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 0C25E4300CE for ; Wed, 1 Feb 2006 20:43:12 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 8C5D3430048 for ; Wed, 1 Feb 2006 20:42:41 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 7B8A1398046 for ; Wed, 1 Feb 2006 20:42:41 -0800 (PST) X-Greylist-Status: Sender first seen 7 days 12:54:54 ago Received: from nj300815-ier2.net.avaya.com (nj300815-ier2.net.avaya.com [198.152.12.103]) by zoidberg.tigertech.net (Postfix) with ESMTP id D50A3398038 for ; Wed, 1 Feb 2006 20:42:37 -0800 (PST) Received: from tiere.net.avaya.com (tiere.net.avaya.com [198.152.12.100]) by nj300815-ier2.net.avaya.com (Switch-3.1.7/Switch-3.1.7) with ESMTP id k124d0xl006822 for ; Wed, 1 Feb 2006 23:39:00 -0500 Received: from cof110avexu1.global.avaya.com (h135-9-6-16.avaya.com [135.9.6.16]) by tiere.net.avaya.com (Switch-3.1.2/Switch-3.1.0) with ESMTP id k124dYQH019509 for ; Wed, 1 Feb 2006 23:39:35 -0500 (EST) X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Wed, 1 Feb 2006 21:42:37 -0700 Message-ID: Thread-Topic: Milsetones update Thread-Index: AcYnsxW478tNX97kSiaqcPAiqAlvCQ== X-Priority: 1 Priority: Urgent Importance: high From: "Mani, Mahalingam (Mani)" To: X-Scanner: InterScan AntiVirus for Sendmail X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.3 tagged_above=-999 required=7 tests=UPPERCASE_25_50, X_PRIORITY_HIGH Subject: [Capwap] Milsetones update X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable As agreed to by the AD, The CAPWAP milestones will be updated to reflect = the following timeline and status: Done Submit CAPWAP Objectives to IEEE/IETF experts review=20 Done First WGLC for CAPWAP Objectives Draft=20 Done=A0 Deadline to submit candidate protocol proposals to the WG=20 Done Second WGLC for CAPWAP Objectives Draft Feb 2006 Submit CAPWAP Objectives draft to IESG as Informational RFC=20 Done Issue first Internet-Draft of CAPWAP Evaluation draft=20 Feb 2006 Submit CAPWAP Evaluation draft to IESG as Information RFC=20 Feb 2006 Issue first Internet Draft of CAPWAP protocol=20 Mar 2006 Issue first Internet-Draft of CAPWAP MIB=20 Jul=A02006 WGLC for CAPWAP protocol=20 Sep 2006=A0Submit CAPWAP protocol to IESG as Proposed Standard RFC=20 Aug=A02006=A0WGLC for CAPWAP MIB=20 Sep 2006 Submit CAPWAP MIB to IESG as Proposed Standard RFC Regards, -mani & Dorothy =3D=3D=3D=3D=3D=3D _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Feb 02 00:37:43 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F4XA7-0001MU-8b for capwap-archive@megatron.ietf.org; Thu, 02 Feb 2006 00:37:43 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA28123 for ; Thu, 2 Feb 2006 00:36:06 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 67FF64300CE for ; Wed, 1 Feb 2006 21:37:41 -0800 (PST) Received: from hermes.tigertech.net (hermes.tigertech.net [64.71.157.146]) by leela.tigertech.net (Postfix) with ESMTP id 7AAFE430048 for ; Wed, 1 Feb 2006 21:37:18 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 5D6F280C12B for ; Wed, 1 Feb 2006 21:37:18 -0800 (PST) Received: from smtpout1.bayarea.net (smtpout1.BAYAREA.NET [209.128.95.10]) by hermes.tigertech.net (Postfix) with ESMTP id 75B8680C0FE for ; Wed, 1 Feb 2006 21:37:16 -0800 (PST) Received: from shell4.bayarea.net (shell4.bayarea.net [209.128.82.1]) by smtpout1.bayarea.net (8.12.10/8.12.10) with ESMTP id k125bQ1l004031 for ; Wed, 1 Feb 2006 21:37:26 -0800 Received: from shell4.bayarea.net (localhost [127.0.0.1]) by shell4.bayarea.net (8.12.11/8.12.11) with ESMTP id k125bG9Q000936 for ; Wed, 1 Feb 2006 21:37:16 -0800 Received: from localhost (dperkins@localhost) by shell4.bayarea.net (8.12.11/8.12.11/Submit) with ESMTP id k125bFgW000932 for ; Wed, 1 Feb 2006 21:37:15 -0800 X-Authentication-Warning: shell4.bayarea.net: dperkins owned process doing -bs Date: Wed, 1 Feb 2006 21:37:15 -0800 (PST) From: "David T. Perkins" X-Sender: dperkins@shell4.bayarea.net To: capwap@frascone.com Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Subject: [Capwap] XNonce and WNonce X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com HI, Unless there is a subtle distinction that I'm missing, it appears that both the terms XNonce and WNonce are used in the LWAPP-03 spec, and mean the same thing. It looks like XNonce is an old term that needs to be updated to WNonce. Regards, /david t. perkins _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From fortmano@email.cz Thu Feb 02 03:16:46 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F4Ze1-0006bL-1U for capwap-archive@megatron.ietf.org; Thu, 02 Feb 2006 03:16:46 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA09724 for ; Thu, 2 Feb 2006 03:15:07 -0500 (EST) Received: from def92-7-82-231-202-246.fbx.proxad.net ([82.231.202.246] helo=email.cz) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1F4ZpK-0000VE-CB for capwap-archive@ietf.org; Thu, 02 Feb 2006 03:28:27 -0500 Message-ID: <000001c627d0$f4b56fd0$ca05a8c0@esurient> Reply-To: "Geoffrey Fortman" From: "Geoffrey Fortman" To: "Miklo Taitt" Subject: perplexity fixature Date: Thu, 2 Feb 2006 03:16:23 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C627A7.0BDF67D0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: 2.4 (++) X-Scan-Signature: 25eb6223a37c19d53ede858176b14339 This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C627A7.0BDF67D0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, Do you need to over pay for your meds? Nothing like you need it - save over 50% on your meds with http://www.truohisod.com =20 C=20 V=20 V=20 I=20 l=20 A=20 A=20 A=20 L=20 L=20 G=20 l=20 l=20 R=20 U=20 S=20 A=20 M=20 =20 =20 =20 $=20 $=20 $=20 99=20 69=20 85=20 /=20 /=20 /=20 x=20 x=20 x=20 10=20 10=20 30=20 ------=_NextPart_000_0001_01C627A7.0BDF67D0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Hi,
Do you need to over pay for your meds?
Nothing like you need it - save over 50% on your meds with http://www.truohisod.com
 
C
V
V
I
l
A
A
A
L
L
G
l
l
R
U
S
A
M
 
 
 
$
$
$
99
69
85



/
/
/
x
x
x
10
10
30
------=_NextPart_000_0001_01C627A7.0BDF67D0-- From bordxjr@hotmail.com Thu Feb 02 05:56:17 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F4c8P-0005H3-NA for capwap-archive@megatron.ietf.org; Thu, 02 Feb 2006 05:56:17 -0500 Received: from jnehwyexksd.info ([220.71.97.12]) by ietf.org (8.9.1a/8.9.1a) with SMTP id FAA21054 for ; Thu, 2 Feb 2006 05:54:28 -0500 (EST) Received: from allegation.sank.com (ponderous [195.241.100.206]) by poe.com (clown) with barrett id 8943174065143 for ; Thu, 02 Feb 2006 00:16:39 -0500 From: Jodi King To: capwap-archive@ietf.org Subject: Amazing, Leanna X-Mailer: erotic 7.656.4151 Date: Thu, 02 Feb 2006 03:24:51 -0500 Message-ID: <283574979199946466059696.18112@hotmail.com> Content-Type: multipart/mixed;boundary="------=8307101375" Content-Transfer-Encoding: base64 --------=8307101375 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: 8bit

Even if you have no erection problems Cialis would help you to make better sex more often and to bring unimaginable plesure to her. Just disolve half a pill under your tongue and get ready for action in 15 minutes. The tests showed that the majority of men after taking this medication were able to have perfect erection during 36 hours!

Package Quantity Price in your local drugstore* Our price

Learn
More
Now
10 softtabs 20 doses $149.95 $119.95
20 softtabs 40 doses $299.95 $159.95
30 softtabs 60 doses $849.95 $169.95
60 softtabs 120 doses $1 999.95 $259.95
90 softtabs 180 doses $3 099.95 $299.95

When you are young and stressed up…
When you are aged and never give up…
Cialis gives you confidence in any chance, every time.


Life is like a dogsled team. If you ain't the lead dog, the scenery never changes.Character is always lost when a high ideal is sacrificed on the altar of conformity and popularity.
The inspiration of the almighty gives man understanding.I don't deserve this award, but I have arthritis, and I don't deserve that, either. --------=8307101375 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Good morning sir, Amazing, Lindsey-> http://tqkcet.allworlda.info/?23595030 --------=8307101375-- From randaahlst@rscc.ru Thu Feb 02 12:27:40 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F4iFA-0002Es-OR for capwap-archive@megatron.ietf.org; Thu, 02 Feb 2006 12:27:40 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA22299 for ; Thu, 2 Feb 2006 12:25:50 -0500 (EST) Received: from [216.233.69.150] (helo=rscc.ru) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1F4iQN-0003yK-74 for capwap-archive@ietf.org; Thu, 02 Feb 2006 12:39:16 -0500 Message-ID: <000001c6281d$e47fc820$c5f3a8c0@vapoury> Reply-To: "Randa Ahlstrom" From: "Randa Ahlstrom" To: "Pekka Lama" Subject: Re: l U Date: Thu, 2 Feb 2006 12:27:07 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C627F3.FBA9C020" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: 2.4 (++) X-Scan-Signature: 6640e3bbe8a4d70c4469bcdcbbf0921d This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C627F3.FBA9C020 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hello, =20 Do you want to OVER P A Y for your MEDs ? =20 Nothing like you need it, S A V E yourself over 65 % with http://www.deermine.com =20 \/=20 C=20 \/=20 A=20 l=20 I=20 L=20 A=20 A=20 l=20 L=20 G=20 U=20 I=20 R=20 M=20 S=20 A=20 =20 =20 =20 $=20 $=20 $=20 8=20 6=20 6=20 5=20 7=20 9=20 ,=20 ,=20 ,=20 4=20 5=20 9=20 5=20 0=20 5=20 ------=_NextPart_000_0001_01C627F3.FBA9C020 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Hello,
 
Do you want to OVER P A Y for your MEDs ?
 
Nothing like you need it, S A V E=20 yourself over 65 % with http://www.deermine.com
=
 
\/
C
\/
A
l
I
L
A
A
l
L
G
U
I
R
M
S
A
 
 
 
$
$
$
8
6
6
5
7
9
,
,
,
4
5
9
5
0
5
------=_NextPart_000_0001_01C627F3.FBA9C020-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Feb 02 14:19:57 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F4jzg-0006vs-Dj for capwap-archive@megatron.ietf.org; Thu, 02 Feb 2006 14:19:57 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA01341 for ; Thu, 2 Feb 2006 14:17:58 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 679B44300E3 for ; Thu, 2 Feb 2006 11:19:22 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 8588D430048 for ; Thu, 2 Feb 2006 11:18:43 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id D1444398059 for ; Thu, 2 Feb 2006 11:18:42 -0800 (PST) Received: from mail.u4eatech.com (blackhole.u4eatech.com [195.188.241.2]) by zoidberg.tigertech.net (Postfix) with ESMTP id 655BA398058 for ; Thu, 2 Feb 2006 11:18:38 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.u4eatech.com (Postfix) with ESMTP id 0B2B236074F; Thu, 2 Feb 2006 19:01:30 +0000 (GMT) Received: FROM mail.u4eatech.com ([127.0.0.1]) BY localhost WITH ESMTP ; Thu, 2 Feb 2006 19:01:30 +0000 Received: from localhost (localhost [127.0.0.1]) by mail.u4eatech.com (Postfix) with ESMTP id EC4E536074C; Thu, 2 Feb 2006 19:01:29 +0000 (GMT) Received: from mail.u4eatech.com ([127.0.0.1]) by localhost (mail.u4eatech.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 08454-08; Thu, 2 Feb 2006 19:01:23 +0000 (GMT) Received: from u4eatech.com (unknown [172.28.1.2]) by mail.u4eatech.com (Postfix) with ESMTP id 466FF360730; Thu, 2 Feb 2006 19:01:23 +0000 (GMT) Received: from 172.30.20.117 ([172.30.20.117]) by webmail.u4eatech.com (Horde MIME library) with HTTP; Thu, 02 Feb 2006 19:18:30 +0000 Message-ID: <20060202191830.dnno3005c4kkg480@webmail.u4eatech.com> Date: Thu, 02 Feb 2006 19:18:30 +0000 From: Philip.Rakity@u4eatech.com To: capwap@frascone.com References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.0.4) X-Virus-Scanned: amavisd-new at u4eatech.com X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.178 tagged_above=-999 required=7 tests=NO_REAL_NAME Subject: [Capwap] Radius X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: 7bit I was wondering if it really makes sense in the NON split MAC case to require the AC handle radius requests. It seems this is over burdening the AC. The LWAPP protocol should allow the AC to configure the radius server. regards, Philip _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Feb 02 14:29:20 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F4k8q-0002fb-Ap for capwap-archive@megatron.ietf.org; Thu, 02 Feb 2006 14:29:20 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA01973 for ; Thu, 2 Feb 2006 14:27:14 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 99CDB430118 for ; Thu, 2 Feb 2006 11:28:50 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id B0C44430048 for ; Thu, 2 Feb 2006 11:28:30 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 9E27D39801B for ; Thu, 2 Feb 2006 11:28:30 -0800 (PST) Received: from mail.u4eatech.com (blackhole.u4eatech.com [195.188.241.2]) by zoidberg.tigertech.net (Postfix) with ESMTP id 9C9D1398071 for ; Thu, 2 Feb 2006 11:28:28 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.u4eatech.com (Postfix) with ESMTP id DF6A5360751 for ; Thu, 2 Feb 2006 19:11:19 +0000 (GMT) Received: FROM mail.u4eatech.com ([127.0.0.1]) BY localhost WITH ESMTP ; Thu, 2 Feb 2006 19:11:19 +0000 Received: from localhost (localhost [127.0.0.1]) by mail.u4eatech.com (Postfix) with ESMTP id CCD3536074F for ; Thu, 2 Feb 2006 19:11:19 +0000 (GMT) Received: from mail.u4eatech.com ([127.0.0.1]) by localhost (mail.u4eatech.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 08768-04 for ; Thu, 2 Feb 2006 19:11:18 +0000 (GMT) Received: from u4eatech.com (unknown [172.28.1.2]) by mail.u4eatech.com (Postfix) with ESMTP id 50AB736074C for ; Thu, 2 Feb 2006 19:11:18 +0000 (GMT) Received: from 172.30.20.117 ([172.30.20.117]) by webmail.u4eatech.com (Horde MIME library) with HTTP; Thu, 02 Feb 2006 19:28:25 +0000 Message-ID: <20060202192825.qtosxvr9cwo4cok4@webmail.u4eatech.com> Date: Thu, 02 Feb 2006 19:28:25 +0000 From: Philip.Rakity@u4eatech.com To: capwap@frascone.com References: <20060202191830.dnno3005c4kkg480@webmail.u4eatech.com> In-Reply-To: <20060202191830.dnno3005c4kkg480@webmail.u4eatech.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.0.4) X-Virus-Scanned: amavisd-new at u4eatech.com X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.178 tagged_above=-999 required=7 tests=NO_REAL_NAME Subject: [Capwap] get WLAN Config message X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: 7bit I would like to go back to my request for an additional message to find out the ssid. I think the spec could be enhanced to allow an OPTIONAL get_wlan_config message from the AC to the WTP. This would occur after the join. This would then allow the AC to know all the information that is configured in the AP since there already is a get_config message. Opinions ? Philip _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Feb 02 22:56:59 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F4s46-00055i-QA for capwap-archive@megatron.ietf.org; Thu, 02 Feb 2006 22:56:59 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA17309 for ; Thu, 2 Feb 2006 22:55:04 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id E313B43008F for ; Thu, 2 Feb 2006 19:56:38 -0800 (PST) Received: from hermes.tigertech.net (hermes.tigertech.net [64.71.157.146]) by leela.tigertech.net (Postfix) with ESMTP id C240F43004F for ; Thu, 2 Feb 2006 19:56:13 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id AA1DD80C14A for ; Thu, 2 Feb 2006 19:56:13 -0800 (PST) Received: from huawei.com (usaga01-in.huawei.com [12.129.211.51]) by hermes.tigertech.net (Postfix) with ESMTP id 8A4D280C145 for ; Thu, 2 Feb 2006 19:56:11 -0800 (PST) Received: from huawei.com (usaga01-in [172.18.4.6]) by usaga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IU300GONERSSI@usaga01-in.huawei.com> for capwap@frascone.com; Thu, 02 Feb 2006 19:52:40 -0800 (PST) Received: from huawei.com ([172.17.1.188]) by usaga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IU300L0BERRC1@usaga01-in.huawei.com> for capwap@frascone.com; Thu, 02 Feb 2006 19:52:40 -0800 (PST) Received: from [172.24.1.3] (Forwarded-For: [10.18.4.151]) by szxmc01-in.huawei.com (mshttpd); Fri, 03 Feb 2006 08:55:51 +0500 Date: Fri, 03 Feb 2006 08:55:51 +0500 From: zhaoyujin 31390 Subject: Re:[Capwap] get WLAN Config message To: Philip.Rakity@u4eatech.com Message-id: MIME-version: 1.0 X-Mailer: iPlanet Messenger Express 5.2 HotFix 1.25 (built Mar 3 2004) Content-type: text/plain; charset=us-ascii Content-language: zh-CN Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: zh-CN Priority: normal X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Cc: capwap@frascone.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: 7BIT Why LWAPP need this? LWAPP should maintain the consistent configuration between AP and AC. All configuration of AP is distributed with LWAPP with AC. If AP occurs some configuration error, LWAPP can know this problem and should do some operation for it (Maybe reboot AP). So that, AC does not need to check the AP configuration. Best regards Michael > > I would like to go back to my request for an additional message to > find > out the ssid. I think the spec could be enhanced to allow an > OPTIONAL > get_wlan_config message from the AC to the WTP. This would occur > after > the join. This would then allow the AC to know all the > information > that is configured in the AP since there already is a get_config > message. > > Opinions ? > > Philip > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap > > Archives: http://lists.frascone.com/pipermail/capwap > _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Fri Feb 03 05:08:16 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F4xrT-0004Dm-Fm for capwap-archive@megatron.ietf.org; Fri, 03 Feb 2006 05:08:16 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA11656 for ; Fri, 3 Feb 2006 05:06:27 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 9ED854300E1 for ; Fri, 3 Feb 2006 02:07:52 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 9C9F443007C for ; Fri, 3 Feb 2006 02:07:21 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 87873398010 for ; Fri, 3 Feb 2006 02:07:21 -0800 (PST) Received: from mail.u4eatech.com (blackhole.u4eatech.com [195.188.241.2]) by zoidberg.tigertech.net (Postfix) with ESMTP id 4644E39800E for ; Fri, 3 Feb 2006 02:07:17 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.u4eatech.com (Postfix) with ESMTP id B7E91360756; Fri, 3 Feb 2006 09:49:58 +0000 (GMT) Received: FROM mail.u4eatech.com ([127.0.0.1]) BY localhost WITH ESMTP ; Fri, 3 Feb 2006 09:49:58 +0000 Received: from localhost (localhost [127.0.0.1]) by mail.u4eatech.com (Postfix) with ESMTP id A0FC0360753; Fri, 3 Feb 2006 09:49:58 +0000 (GMT) Received: from mail.u4eatech.com ([127.0.0.1]) by localhost (mail.u4eatech.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27368-17; Fri, 3 Feb 2006 09:49:52 +0000 (GMT) Received: from u4eatech.com (unknown [172.28.1.2]) by mail.u4eatech.com (Postfix) with ESMTP id 47F78360752; Fri, 3 Feb 2006 09:49:52 +0000 (GMT) Received: from 172.30.20.117 ([172.30.20.117]) by webmail.u4eatech.com (Horde MIME library) with HTTP; Fri, 03 Feb 2006 10:07:08 +0000 Message-ID: <20060203100708.r8y03fffkkgkgww8@webmail.u4eatech.com> Date: Fri, 03 Feb 2006 10:07:08 +0000 From: Philip.Rakity@u4eatech.com To: zhaoyujin 31390 Subject: Re:[Capwap] get WLAN Config message References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.0.4) X-Virus-Scanned: amavisd-new at u4eatech.com X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.178 tagged_above=-999 required=7 tests=NO_REAL_NAME Cc: Philip.Rakity@u4eatech.com, capwap@frascone.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: 7bit Michael, How is the AC supposed to know if some configuration error occurs if it cannot read the configuration? Philip Quoting zhaoyujin 31390 : > Why LWAPP need this? > > LWAPP should maintain the consistent configuration between AP and AC. > All configuration of AP is distributed with LWAPP with AC. If AP > occurs some configuration error, LWAPP can know this problem and > should do some operation for it (Maybe reboot AP). > > So that, AC does not need to check the AP configuration. > > Best regards > Michael > > >> >> I would like to go back to my request for an additional message to >> find >> out the ssid. I think the spec could be enhanced to allow an >> OPTIONAL >> get_wlan_config message from the AC to the WTP. This would occur >> after >> the join. This would then allow the AC to know all the >> information >> that is configured in the AP since there already is a get_config >> message. >> >> Opinions ? >> >> Philip >> >> _________________________________________________________________ >> To unsubscribe or modify your subscription options, please visit: >> http://lists.frascone.com/mailman/listinfo/capwap >> >> Archives: http://lists.frascone.com/pipermail/capwap >> > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap > > Archives: http://lists.frascone.com/pipermail/capwap > _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Fri Feb 03 06:00:22 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F4yfm-0005So-6s for capwap-archive@megatron.ietf.org; Fri, 03 Feb 2006 06:00:22 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA16687 for ; Fri, 3 Feb 2006 05:58:24 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 6821E4300F1 for ; Fri, 3 Feb 2006 02:59:58 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 4563F43004F for ; Fri, 3 Feb 2006 02:59:30 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 2FF6839801C for ; Fri, 3 Feb 2006 02:59:30 -0800 (PST) Received: from imo-m19.mx.aol.com (imo-m19.mx.aol.com [64.12.137.11]) by zoidberg.tigertech.net (Postfix) with ESMTP id E39D839800E for ; Fri, 3 Feb 2006 02:59:25 -0800 (PST) Received: from mauricegoodf@aim.com by imo-m19.mx.aol.com (mail_out_v38_r6.3.) id r.22c.5ad9330 (57868); Fri, 3 Feb 2006 05:59:18 -0500 (EST) Received: from mblk-d40 ([205.188.212.224]) by air-ia01.mail.aol.com (vx) with ESMTP id MAILINIA12-e20c43e3376a3f; Fri, 03 Feb 2006 05:59:18 -0500 Date: Fri, 03 Feb 2006 05:58:51 -0500 Message-Id: <8C7F6C7F3553C1F-8DC-1F48@mblk-d40.sysops.aol.com> From: mauricegoodf@aim.com References: <20060203100708.r8y03fffkkgkgww8@webmail.u4eatech.com> Received: from 151.104.104.42 by mblk-d40.sysops.aol.com (205.188.212.224) with HTTP (WebMailUI); Fri, 03 Feb 2006 05:58:50 -0500 X-MB-Message-Source: WebUI X-MB-Message-Type: User In-Reply-To: <20060203100708.r8y03fffkkgkgww8@webmail.u4eatech.com> X-Mailer: AIM WebMail 15106 Subject: Re: [Capwap] get WLAN Config message Content-Type: text/plain; charset="us-ascii"; format=flowed MIME-Version: 1.0 To: Philip.Rakity@u4eatech.com, zhaoyujin@huawei.com X-AOL-IP: 205.188.212.224 X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=1.928 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE, DNS_FROM_RFC_POST, MSGID_FROM_MTA_HEADER, NO_REAL_NAME X-Spam-Level: * Cc: capwap@frascone.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com I agree that NOT having the ability to read the configuration from the AP is dangerous. While I accept the argument that the configuration on both the AC and the AP SHOULD be the same, in practice humans are fallible and bugs will occur. I would go so far as to suggest that the AC should not rely on what it thinks that the AP has been programmed with, but should always read the updated configuration from the AP. Sorry, but I have spent a lot of time in debugging other people's code. I would sooner nip this bug in the bud. Especially as this will be more of a problem when the AC and the AP come from different vendors. And that is what CAPWAP is about. Maurice -----Original Message----- From: Philip.Rakity@u4eatech.com To: zhaoyujin 31390 Cc: Philip.Rakity@u4eatech.com; capwap@frascone.com Sent: Fri, 03 Feb 2006 10:07:08 +0000 Subject: Re:[Capwap] get WLAN Config message Michael, How is the AC supposed to know if some configuration error occurs if it cannot read the configuration? Philip Quoting zhaoyujin 31390 : > Why LWAPP need this? > > LWAPP should maintain the consistent configuration between AP and AC. > All configuration of AP is distributed with LWAPP with AC. If AP > occurs some configuration error, LWAPP can know this problem and > should do some operation for it (Maybe reboot AP). > > So that, AC does not need to check the AP configuration. > > Best regards > Michael > > >> >> I would like to go back to my request for an additional message to >> find >> out the ssid. I think the spec could be enhanced to allow an >> OPTIONAL >> get_wlan_config message from the AC to the WTP. This would occur >> after >> the join. This would then allow the AC to know all the >> information >> that is configured in the AP since there already is a get_config >> message. >> >> Opinions ? >> >> Philip >> >> _________________________________________________________________ >> To unsubscribe or modify your subscription options, please visit: >> http://lists.frascone.com/mailman/listinfo/capwap >> >> Archives: http://lists.frascone.com/pipermail/capwap >> > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap > > Archives: http://lists.frascone.com/pipermail/capwap > _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap ________________________________________________________________________ Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection. _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Fri Feb 03 07:09:50 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F4zky-0003Yh-Ej for capwap-archive@megatron.ietf.org; Fri, 03 Feb 2006 07:09:50 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA21343 for ; Fri, 3 Feb 2006 07:07:50 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 610F34300DC for ; Fri, 3 Feb 2006 04:09:26 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id E77F643004F for ; Fri, 3 Feb 2006 04:08:35 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id B9A8E39802D for ; Fri, 3 Feb 2006 04:08:35 -0800 (PST) Received: from huawei.com (usaga01-in.huawei.com [12.129.211.51]) by zoidberg.tigertech.net (Postfix) with ESMTP id 116A5398013 for ; Fri, 3 Feb 2006 04:08:31 -0800 (PST) Received: from huawei.com (usaga01-in [172.18.4.6]) by usaga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IU400HKE1JCLN@usaga01-in.huawei.com> for capwap@frascone.com; Fri, 03 Feb 2006 04:04:25 -0800 (PST) Received: from huawei.com ([172.17.1.188]) by usaga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IU400HP31JAO4@usaga01-in.huawei.com> for capwap@frascone.com; Fri, 03 Feb 2006 04:04:24 -0800 (PST) Received: from [172.24.1.3] (Forwarded-For: [10.18.4.151]) by szxmc01-in.huawei.com (mshttpd); Fri, 03 Feb 2006 17:07:35 +0500 Date: Fri, 03 Feb 2006 17:07:35 +0500 From: zhaoyujin 31390 Subject: Re:Re: [Capwap] get WLAN Config message To: mauricegoodf@aim.com Message-id: MIME-version: 1.0 X-Mailer: iPlanet Messenger Express 5.2 HotFix 1.25 (built Mar 3 2004) Content-type: text/plain; charset=us-ascii Content-language: zh-CN Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: zh-CN Priority: normal X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Cc: Philip.Rakity@u4eatech.com, capwap@frascone.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: 7BIT I recommend: For all configuration which are sent by LWAPP form AC to AP. LWAPP can add the next comment: "Every configuration message which are sent by LWAPP form AC to AP only be responded after AP finishs the configuration process. If there are some configuration error, LWAPP record it as a fatal failure. LWAPP should notify AC fatal error in response." If AC receive the configuration error, I suggest AC can start the AP. Best regards Michael > I agree that NOT having the ability to read the configuration from > the > AP is dangerous. While I accept the argument that the > configuration on > both the AC and the AP SHOULD be the same, in practice humans are > fallible and bugs will occur. > > I would go so far as to suggest that the AC should not rely on > what it > thinks that the AP has been programmed with, but should always > read the > updated configuration from the AP. > > Sorry, but I have spent a lot of time in debugging other people's > code. > I would sooner nip this bug in the bud. Especially as this will > be > more of a problem when the AC and the AP come from different > vendors. > And that is what CAPWAP is about. > > > Maurice > > -----Original Message----- > From: Philip.Rakity@u4eatech.com > To: zhaoyujin 31390 > Cc: Philip.Rakity@u4eatech.com; capwap@frascone.com > Sent: Fri, 03 Feb 2006 10:07:08 +0000 > Subject: Re:[Capwap] get WLAN Config message > > Michael, > > How is the AC supposed to know if some configuration error > occurs if > it cannot read the configuration? > > Philip > > Quoting zhaoyujin 31390 : > > > Why LWAPP need this? > > > > LWAPP should maintain the consistent configuration between AP > and > AC. > All configuration of AP is distributed with LWAPP with AC. > If AP > > occurs some configuration error, LWAPP can know this problem > and > > should do some operation for it (Maybe reboot AP). > > > > So that, AC does not need to check the AP configuration. > > > > Best regards > > Michael > > > > > >> > >> I would like to go back to my request for an additional > message to > >> find > >> out the ssid. I think the spec could be enhanced to allow an > >> OPTIONAL > >> get_wlan_config message from the AC to the WTP. This would occur > >> after > >> the join. This would then allow the AC to know all the > >> information > >> that is configured in the AP since there already is a get_config > >> message. > >> > >> Opinions ? > >> > >> Philip > >> > >> _________________________________________________________________ > >> To unsubscribe or modify your subscription options, please visit: > >> http://lists.frascone.com/mailman/listinfo/capwap > >> > >> Archives: http://lists.frascone.com/pipermail/capwap > >> > > > > _________________________________________________________________ > > To unsubscribe or modify your subscription options, please visit: > > http://lists.frascone.com/mailman/listinfo/capwap > > > > Archives: http://lists.frascone.com/pipermail/capwap > > > > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap > > Archives: http://lists.frascone.com/pipermail/capwap > > > ________________________________________________________________________ > Check Out the new free AIM(R) Mail -- 2 GB of storage and > industry-leading spam and email virus protection. > > _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From daramarg@aidshilfen.at Fri Feb 03 08:12:07 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F50cs-0000mM-2v for capwap-archive@megatron.ietf.org; Fri, 03 Feb 2006 08:05:23 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA22219 for ; Fri, 3 Feb 2006 08:03:35 -0500 (EST) Received: from 59-112-44-131.dynamic.hinet.net ([59.112.44.131] helo=aidshilfen.at) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1F50mJ-0007h0-JQ for capwap-archive@ietf.org; Fri, 03 Feb 2006 08:15:08 -0500 Message-ID: <000001c628c2$0f52f820$78f6a8c0@biz> Reply-To: "Marguerite Darrington" From: "Marguerite Darrington" To: "Rodolph Seeman" Subject: Re: J d Date: Fri, 3 Feb 2006 08:02:17 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C62898.267F6120" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: 0.1 (/) X-Scan-Signature: 20f22c03b5c66958bff5ef54fcda6e48 This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C62898.267F6120 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hello, =20 Do you want to OverP A Y for your MED ? =20 I don't think you need it, SAV E up to 50% on your meds with http://www.chaneabe.com =20 V=20 V=20 C=20 l.=20 A=20 I.=20 A=20 L=20 A=20 G=20 I=20 L=20 R=20 U=20 I=20 A=20 M=20 S=20 =20 =20 =20 $=20 $=20 $=20 6=20 8=20 6=20 9=20 5=20 7=20 ,=20 ,=20 ,=20 9=20 4=20 5=20 9=20 5=20 9=20 ------=_NextPart_000_0001_01C62898.267F6120 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Hello,
 
Do you want to OverP A Y for your MED ?
 
I don't think you need it, SAV E up to 50% on your meds=20 with=20 http://www.chaneabe.com
=
 
V
V
C
l.
A
I.
A
L
A
G
I
L
R
U
I
A
M
S
 
 
 
$
$
$
6
8
6
9
5
7
,
,
,
9
4
5
9
5
9
------=_NextPart_000_0001_01C62898.267F6120-- From v25da@ameritrade.com Fri Feb 03 12:40:10 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F54uo-0003yq-2d; Fri, 03 Feb 2006 12:40:10 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA23079; Fri, 3 Feb 2006 12:38:31 -0500 (EST) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1F556M-0004R6-AN; Fri, 03 Feb 2006 12:52:10 -0500 Received: from 245.red-81-37-20.dynamicip.rima-tde.net ([81.37.20.245]) by mx2.foretec.com with smtp (Exim 4.24) id 1F54uh-0002w3-I0; Fri, 03 Feb 2006 12:40:04 -0500 Received: from [192.168.1.6] ([81.37.20.245]) by yahoo.com (Sendmail 8.7.3) with ESMTP (SSL) id IYT06580 for ; Fri, 03 Feb 2006 11:39:50 -0600 Message-ID: <149d196q.5698600@yahoo.com> DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=gird; d=yahoo.com; b=WnVGWRqwBe9fbUMIZCBF4I3sh35ht1dGT8jEGS8TIui4W6hQZRzjAlOE88Hys6Bmr6v6ntIb1EztnJDi; X-Display: Full X-List: stack.usenet Date: Fri, 03 Feb 2006 11:39:50 -0600 From: "Robbie Hinkle" User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: bridge-mib-admin@ietf.org, business@ietf.org, calsch@ietf.org, cancer@ietf.org, capwap-archive@ietf.org, casandra.boykin@ietf.org, cats@ietf.org, ccamp-archive@ietf.org, ccips@ietf.org, cclark@ietf.org, cdi-archive@ietf.org, cdir-admin@ietf.org, cfrg@ietf.org, cfrg-admin@ietf.org, cfrg-archive@ietf.org, cfrg-bounces@ietf.org Subject: Pre-approved Application #scouvpL13272517 Content-Type: multipart/related; boundary="------------AttPart_74749053==.OLA" X-Spam-Score: 1.8 (+) X-Scan-Signature: ee80a2074afbfe28d15369f4e74e579d This is a multi-part message in MIME format. --------------AttPart_74749053==.OLA Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit
the clown a eagle but chromate try minstrel ! horrible , removal a idempotent or forsythe be littleton in beardsley on fixture some mustard not threonine not today'll Or maybe not

--------------AttPart_74749053==.OLA Content-Type: image/gif; name="legitimacy.7.gif" Content-ID: <8.0.0.00.0.30390027882619.66580091@sheathe.msn.com.3> Content-Disposition: inline; filename="legitimacy.7.gif" Content-Transfer-Encoding: base64 R0lGODlhtgHYAMQAAP/////MzP+Zmf9mZv8zM/8AAMzM/8zMzMyZ/5mZ/5mZzJmZmZlmzGZm zGZmZmYzzDMzMzMAzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ACH5BAAAAAAALAAAAAC2AdgAAAX/ICCOZGmeaKqubOu+cCzPdG3feK7vfO//wKBwSCwaj8ik cslsOp/QqHRKrVqv2Kx2y+16v+CweEwum8/otHrNbrvf8Lh8Tq/b7/gf5ECCLFQLEAB+eYWG h1V7fX8pgYOMiJGSk0OKI4SNgpiUnJ2eM5YimAcQEhKWjpiBpqGfrq+cpaazfwcSDiILEnyp f7qMDruww8SGrYQQuCOOvQASkAAOysXU1XDHf7KzpgC9tnzLgtbj5GjYjyfNzyTS5e7vYOe/ IqS+mr7r0cLo8P3+UucAkKKV616uWZZs/VvIkI0DaA0jSpxIsaLFixgzatzIsaPHjyBDihxJ suQ4XSRu/41o52ITvXwuFkzz4TKGo0Ezy9wkoevAzioscdQUsu+GA3Epiu74CWSfLqRDU9S0 BXGFzCBRY4pLloZpt11epQS9kfWH0hpHV5zNEbYHJmn71kqtKuMqkLIs2upEakLvk7E28PaQ axYcD786WO4ihJKerFYCEdoKFgycLlaGL5sCLCIYZnqeYT6bhcsWq4Okp4VWpK1eNwiPDa92 +ZPQgdCMFK7M+TX1t5eQwML+rPDmQFN0j99CuupUWoGPk2urHG048hG3CUZm58D0Ke4p+RxX xdfPZJUjnMaONg32bp6CAq3XrCy0skDB8H3Wt661EJSkdIPLc5MdZNgltVwnzP881R3ESCm8 wQbOcxJCp8x1rvHDIISiWPLcTYydwos4R4l33SIvdSgeV7p1ltOGKr2FHjMiNljcVuJkiN2M 33314HcF+lgCKTmawkcwOXI1iCKklCYBePzsGE5k961T2wKmQbRgPpW1aKQIML32lSI77VOi hb3xwqUg3wQo5hDftKOQkkoWZIJt+QgT5kPOHFinnSY89xIfMLGEiVJctQWiPeB809OOEN3U jqCRHdAieyUgistNo4nC6KA3NiglilM6A417fza2El+/URonq7tcamhVmCAzE0pXUmWCntC0 w5g0+JTATEJxqemnT3H1+keYiOnwjCV+5KPNNncmCE7/rNtI9iRPOXGGKYpFzbodt9/2tZU9 O/rEV5TpWSoMYOZt6yIJlwoIJpb36PYTtmKGts2x9LIpr50u/baSlkfmtAu8WA4srrDxnUuv cIsYHJ7FYvbiCJ/wvVkpmGpm+4xxIgNZocdCHCWvygiygOe1hB6Y3qndrtsZrDG/x4+moprr qceODqxrCcCSiLPFNfHMHp8ysbSvu/3yVgJt4iCqya0D9/yxqwsfXVStdPlRK9ZfXbwWr1B2 aupZw6YLctk+v41CY82yhd6Yy+SjY8sGv4vKlj/mROSEODp2oWzKyBg4dB6KsyjQwlSYpQmm GeYemksaSLS06FUOpnpmixkk/5HC8mg0OKUIXCVEthT5bo9Ndmi47F+hTtcqO65OpewYv80g dfrU12PHO/WNuodP7nRm7TQCCmeYd0On3dTWyq3ZJprdwlt2+ykXHOI/o7aZMtzX+CZjSBk8 W9isagPJeLdvE9TlmTvfZ6jSb3aCcoJezxL8+5uO39yHHQI6hhWQyEr0AHjAGvWuT+ILBYOG Rrz0FWslkkHZ9X6Uj7qZhAVhahke/pSFB37QHaOjX8fmQD/gbcFbJ0ThdGQWvjmshoZYIEwM d8jDHvrwh0AMohCHSMQixkEwT0BiXwqlw5bYDCtPhIIKYzDFFlRxIFE0wqOKsMUZdBELSmxC GDNVJP+pUTGLNEGjGNWogiq6zGZPocsRvvifJlrFjlKUI0D0CIj+4PGNR3CjFNkoFUJODY5/ rCMOf0BHGDTSWZqxlCwg0Rwm3eKSp3kNKwgkQMs8hpPT200pJEkabGXyeou8xCXfd0MwTYOO qZtFZrZRCiGJYlsbPIF19IfB/eRPNNqADH+Q0sr6eY8n8ouMLH85E39N8XqdyaA+Ujek6QAH g2PiRt4mlMEtMmgex7xljELZOiMppxTZIAj/cHCdp6jJQdF0l7QYASM2Xc5z9aTd3qbJuJfs QxVrWoFpyuMcWRDqlWf5pDYvAxdtwk4lDPUMrcbHoWk21ETaq2hqhveS4fz/AUkXzZxppFFR z5BUJSrrziAK2iOQemZdA+GTSSU6zAMNVGUCg0QwekOb12kPOUGipj7kedJNnWKUq1DpjoCa OpVZCUJ8aKpQa3A30RCqV92ByaFOJQiuXbUPXYUV0Yw2Mdvdix18HCoGEYqLu8GSR4QiFi79 SKh9kG5qWgXL8AqETlXWFRhZa103kGVBXKAqr+7iC5ZoR5m8LeApeUOkmizYVY7eMoHPoOBO 3Vk6wu5IE0/yTlxXillkDUhzE3sdZun5OoSmVS2GsSrGAoG0BEEsGgir18ZKdiCWcKxdP/MO Le8om6x9x60JZU5mmSUvEalEuP86JDIfWzLQimxZ/6rJ2kohWt3MTYsWDLoTiUr2EKstUU29 etJOxTuxhuk0eWvpSXj14aNfjMyP1z0Oa2U2tPXOTHP+Io0NikLgr+6mtnKTnVcheImumlFn C95ZKucWrqIUaHgupF1kGjaTWkZzlJFJhjRGLN5ZUlfEI07niEd8UGya674oBpZ3tbdiZMnx cpRZ8UPCe1dkorcP6tXuSqcbpCE3Ur5h8vBRNTGcW+pYqZcx1pC4ZOEOtlbHr1VBgYH7O2xZ DhjQAtJD/YY6MZNviv8bs1mrY5kt4bCLnB1IOhOkXfrpqqKyWGp7rByhGl0mxID9aOcudzf/ GugXrQt05hrbz5HCs35xBv8xhqa6TWXWgkOGxiCZvvQlyB7ZlJdGD00ZGs0zh1WtdBxanE/0 qEgnEgVbtl4GERzB/3Wy1mcWMNGmwb9/UhIh+02HUrLXuWzRyoKhzhY7LPzdiWarzbQsczKd kd3SLZPYrNlKtsh3XQ0H2JLZkqw/ERJNFDRbfJ2OrzCga8F1f0mcAvYXaiHVy20Emz/SzAIJ XfbgJdyGcizetVKFxcrMpHgmPukLidPRNM6kWFgB7wwltyeN3so4FxOvuMBvBY3baJw7wKrK bSz+W7ukY+HYQfnIAQ5yiJQ8UhEXEK+lNnCBHLxRCI85FVpoR55P2IhAt2G+VVDMoBv96EhP utL/l870pjudi69+utTb8MipW/3qWGe6QqgSSpTZxoDMjBySSJ31sgNh61/q3Si2dc+vuy6q KunPz81O9xig/cu3xRTXtPYbOhmy7oBvAdpJZbYj8fa3bxtFXwPPeBoMXoTckRTNccYuCjb+ 8oIP7cCG4rndNVrN6CCFu7JROGpj/vTbuVRUVLjOBl4yqoBFz+UI3W/U2556t889FTyo+95X Isu+D77wh0/84hv/+MgXAwxJYsKQ/GT5SIiKm24QdRyMh4bKPVFNKSeLV04yb+YLWAgZeTW5 6evvXtQ1T3LT/XBoP481ZAf6k8CxeolROjmoPllGXBO6bZr0UWUzJuMk//iAD4YnM6oyBKlw OCmCMj1gX15xKPZEgLYEf+yyKiUUOcBHBNI3f7A2dzzwDJxhGjVUIgQGDcWzMN5nKpfwIh5I A0xhV7j0glrxQPkBOR5XKhYYFZRiBYHwE5W0Zh+zOb5kHw04L4pHGjZTPt7UTepXb9xGKkb4 Gje4KvuWDEJWNFAyLzOzCd9QFECoTtHhIiBWQKVkeCGkMRuFHMaxHtynhLcEGeeBgLDxUTPx LO/DNvIjOKMhIpcRClO4NvrjHVfzGBioBWVoS9ThhclFODezIgIDHnhSJTZzOVGmiEixFmdy V2v3iGhyiZvTChWnXY7CF2PxJ9GShwmYgG8SJP/zgCTV9HZtsi7NwGDn53mpZjoZs4QVNSi2 sggwMVucw4eRUyE4xiSEtg4ZUis9oiQ96IN8sSeGlYcHEhZfFC+SmA0ouC6U8ih7wgh66Ce2 hQ7XiCyLlFKgUmfoojOi0GE8pjYHkXepol42s2DjJyaH0igziBMrBHkZo0Ot4yHTyI8IEoxK oTT0NoTFgSjLolOJ8yDMQVZakILVaBCDsoX96CKyMpAFsy4kZErhlmD28y3Y2BvGphejCHvj IkLP10x3+IPpAoa0KDHp4nAIwzh0KGENmAolMzU25TjhV1Zp8ThjgYduc4S5wIejsh1M0Q7h 8pA1pBvPWAX7glXlwor/U3mNDYN3v6iDN+NjDLYrCMiQBQFQ6ZBFviIT3RYlFsMsFpSDdqJV LtiOyFQuh3iR8dgx+biTFjkXGTmVpQhdp0CRQRGDfqKUR7iQ4hiWD8OIXxCGgPVjsRMwjeOJ nAiUKumKlqWZZIZamoiMBAVW3OSA0NE0PWEYLVITxpiJoxU7uqIrrcY2ZQRPI6hmzaOX4KiP djJB/aeLMsWNWdUki+kME7hhxrlsizMxSymVoJlgjZmHGoYFTIFK4Bc9KZdvgchASbgZvHiG EfQ9JxCISUmEfraERdeA3zVe5tOGvKRJMPGHNFQ8Y2iXZrgZkfN++JibfOl60gGHWCQzTmWd //xwHN6Hn+gGGC2SoCujfk8ZPo5ZPxthf2JRezAgTO/QfMknbOxHoUwAfSKBoRn6Yu0ZoiRa oiZ6oiiaoiq6oiw6AgRQADBKAAEgAwJQAERAAAQAADUqACJQAAPQRk9IRRtIEwhkAgEAo0hK ADxKBD7aoz/qA03qpOwEgjswRmeHTlMJA9MnBDg6AC+aozFQozeaozX6pFFqbgkypIRHf5tm pAVAAAPgpTD6pEIQpWfKA2d6pzSgf4Ghpj7QGFn6AlsaBDgqAoUapjY6BIUaAAMwowCgp7h3 gS9gpSHIWm66pAAQAC+KqUCgpFIKpXQKqTLApzVAqX9KgwFUBIVao/9gmqkvGqMF4Kg1mqSJ WgKamqQzyqow6qpIyqkDgKRvmqNHKgCzuqtoWjvVqT0bph1fl1WUwYhRVXTrZDHKczIkMKzX GqW3Oqck8KsxKqvfCgBfGq46GgDFWqsicKSvWgDE2qsjcK4vqqPAeq7puq5L+qtf+oHRxEvz Q0wuCWLrQ4gRxE3jxz+q81xuWJ2PtQdvUSW+ZLBTphnvM58usK7smq5zKqexKq8+6q3oirFv Gqcwaq4xKgBH2rEv+qT4KrJvmqnsyqghKxXk9mgc4jl9t7AYpY1us3jgNGgDMg3u9mDYSgKL GqNyCqYr660zOqct+6pwaqzpurK2iqQe+7T/GzurLGujMAunW/ujJxunKQsA3iqj+rqJ7uEl ybJsOLIi8/RoaTGLU0aJloaLsmknpei2s4k3qWUiJqI7FQun3sqjL+qot7q0ZOuyHyuuF5uu PMqqM7qpLhqrrPquLTu0oipChHaYQ4gOsIFsUSl2eik1t4isnDG0LpqjkGuo7Dq5GPujb2qu jxulNeqoIwCpJ5urLSuvPPq6IFu7ofqkqau4W6tl5ogiv8I0WfMhQgM2Z3UwLFgtHTM0qTKT gLIK16Is7MIUCDaPL3CoR/qjcJqtAWC68moCh1oCs6u6wAqj7Uq74iqsi3u5NbRcELeSnGtn vrazNvUkWYEM7xWU/xjLqY+Kuq3qsu26vi07q2B6vulLAra7uEM7rOQrpp/6qMCLwOz6q7DV lJtyDxvjcvfhkQ9CZyE5OD4ZMEP4XdpUKjuhJIL5HR05ZcbbcYl0vk1bwLP7vUSbuPFqAg2c snEaxCSLqZoKv0sqv1GyDjyjetpIMhOCUHQ5JftWEBKKAhPcpD0sAjvKqkEcp0t6q+Dbqg3s u5cawAGsw5FLxp8KxF0MsxtMlmtzL2fhNMs7wiJZOpFqt/kLCI5DIkehn3dyKzC1edlANn+r uj+Kr7i7sWGruImryLwqr476q09axD16sbdqxBWcUD8STYvDxOQoMG12aYlDZQlyZkBbE/+Z NgKmq7Riy7uzOr5veq8vW8sETLnua8FlbMBm3Mivqsa6/MqVXKga7I8QZLbEJGqWVS6Ss3hv 8TfqAjd5I7cGw5uR0sf20irQTLeDjCKauYEWe7gWO7K8ur4nMM5kurHqS7UgC6yaHMwRmG/Z IyeErCF7AIbqh4VF6nrNpF2r3M7ASrvjvKTn+rony77vi8sl8MBfDMGYPM61mqd0Os6JXKv2 ZyZPOEHjNxbrU0O5tF0iNx2iXJ/jdxO0FZEhM5gk3YOgnD9WKgBdjL5BDNO0C9NeTKe2KsRR 67423agl0MXEmqk+LbZLaqH3JwMeagJdPAACrKNBrNRe3K1MrcX/RDzUIzDVOU24Q82oNT3T dIrVRE0CPS2rdIp4LZoGlAqiZ416lMp7a/3WcB3Xcj3XdF3Xdj0FLeynLRB1qanXd30ReV0Y WiovpvrXgA0Vfg1bg23Mhu0PfRgr33eghiVLM0ud56Ea7eGvgng3EIsbktrY8NBOfjZXyRnY mDi3S/luSqyMrC23K1nYoO0KVQWeSmPa32h5P2OacFMoA1kqfR3bC3GC7aJbIcw31fVAGtNV gIyPP3mEsA3cnRBrEFTbiH3Hm5sSjTEaMCPF24iU0P0P0q1aTuY8z9xm7oJDjAaLCUYjru0l HPrdsBDe0DY+5P1rRWpCGg2egAKxKymg//D93wAe4AI+4ARe4AZ+4Aie4Aq+4Aze4A7+4BAe 4RI+4RRe4RZ+4Rie4Rq+4Rze4R7+4SAe4iI+4iRe4sT3ABGQ4iluACKQACie4g+QACrg4ioe 4yNgACqu4gmQ4xHwACkQASyOAgzA4wAw5DUe5EZe4wDw4jpeAgzAACXwAD4+AjSe4g0Q5EKe 4wyA5QBgAA1Q4zI+AjZOAhEA5QDw5T2O5BFA5lCO42EOADue41MuAjhOAjhO5GV+42je42++ 5H0OAHl+AlWe5jceAW++41g+6GN+5zm+5Dz+5y3O5GO+5HPe5YZO5ZL+5lLe4iluAg9g5iKw 6Y6e4wnA6FZO5/88DuR2ruqF/uZeDuZUHgEIMAKdLgJDzuK3zgIJwAAo/uS4DuO8nuKgXgJx /uloPuU4/ulPvuVP3uMMAOmcXulOXubLXuTUbuS/vuzPTunazuXW3ueiPupP/uLQzujjvuKc 7uxGPucozuV5vuMPgOa2vua03uaXTufN/ungfu+2PuTKDuhmXuzN3uNizuoiEOhRLuzBfu9u Hutq7uwvbub5/uTcvuzebu3OjuZmHu6WHubrzgAaH+o+7u8n8OkkIOpS3u3Jfu72ruy+vuoP gOUND+fAvu6obuYIgO6OPu8Xn+WxHvM3juKQDu8y3+sdbwIzjwIv3vPWPu0O3/RRLu3/087v ok7ysW7wBT/s8G7p/O7oDRDqOg/wNM/iBuDx9H7w9v7nSY/qtX7yc57nd77vXz/qWI7wI2D1 bE/2/I7oNA/0dC70Ys7uUk8CRB/0qs7xDV/4f3/4Uk7wJT/sKC/tSU/wa18Cdz7nDR/3Jx8B c+/4Rh7mnM/zLjDkBe/td+7pWG/rqA7plU/4ZW73JED6sX/27Q71bq8CSR7km57sJrDjcx/r w97ivw7ptf/ifv/ujn/3Zy/2lV/5Qz7kfx7ueQ79qM/ixh/ksA/oUo/jX5/0fF/7q077gq8C YU/nYY74l17+XX7+KQ7toQ75U87xR0/z3d/1lq/kR0/9Cc/i/18OAgAQNdEDIFEiMpEhwrHc wqQslm9s37ARAYOv36oHeESOrl4rmGwGTwAo8IR0FmGt3/JxSmV3Uu3SiOwlVMdHWhphsIC6 abIGJ8rwPtNoLPLaKaGpebWJvOWp3QDqAaS98Mjk/I1dBYX9NBhRxhBlbippblpG/TmpcDkN nZaJEJXcEdbJpK2kIbw+RSDEzYHSuSLebMkIxwn9PDAsM6yGxYAB/MANvzHTIbGRMTOseHH7 Aqc8GADW9gDGEJv5wUQDtpwYpynSBDYGhxHfxqSPwPmDRuhEvH+JnnFq9GgakzL+vjHzxXCU H0/G0AGhhk4Zs3QQlxlIllFHMnCdZP8lwBPQnZppNMCc6fWLTI12pm4AiZFgGZKQik4iNHWq 4QwXfGjKWFlURBtGF4O1O2emFRle6WBd5BJnR6xn+Fj58YeoZzWrUrBqDKaxZzJpPx/1wQjj oU0xoALiOcoOSdAjaT22I9IiC76DpgYrCUeHV590JPSum2kPQIlnhoqmdXuisNugJZdVrrY0 jcbJc+sipXNUjqSfUCUqc6Q3WJ2HGf0yXbKOYWGFJDq2Egvn8p7alW4nLZOMr1tRdF6E1qmX LqjoMODiVWM99wsvXBgn/StlpUrlrg27BWJrdvq56nEgd5QZ1GQu5KSVoOpemyPmnDkn1s8s qW1F2S4F9oP/GoJKSJGCMOWwFwd/CSBBTTY6NMGYPxDCoR6EL7QRkn/nNTLbJ5wcYqEJGAKh 4Rgc3uAgNU04995l9g2R3xzUbcJFAzmylt0KPgLZxWashZcginsMeRSA+RRXxIXHgNeEDvSA R9ZMwPhAyopGQHhKEakI0dkNE113nmlcBkgFH14+s6Y/9DihoJsXeflTdrEEsVadtF1ipmxx OjSGMXlmsecgrGhEZithRuGLbVic6eV9SvSpB6RV6JCOg+HEdppQl+hBWnqqACVdoqyEMU5x AvZ1w05nRjSTAdzMwE0zLCh2q2K76pTZrK7suhM3tugazrA+WFbrL7jSuoxlXo0p/y0t1mph 0hQkzecrU1l00wkz0+YRq7FwbOesuCDJmsW57PZwK7ZMHeutD+Pq5C6w14WRQBHv7rqvvywk O4OyEuE7TL/9zrelww9DHLHEE1NcscUXY5wxxOFq3LHHH4McMpghkVyyySejnLLKK7Pcsssv wxyzzDPTXLPNN+Ocs84789yzzb8oELTQQxNdtNFHI5200ksz3bTTT0MdtdRTU1211VdjnbXW W0+tmMhfgx222GOTXbbZZ6Odttprs92222/DHbfcc9Ndt91345233nvz3bfffwMeuOCDE164 4YcjnrjiizPeuOOPQx655JNTXrnll2Oeueabc96555+DHv+66KOTXrrpp6Oeuuqrs96666/D Hrvss9Neu+2345677rvz3rvvvwMfvPDDE1885BBIkLwDEkOwwA0OJJ88BGc3b7z1k1d/gATO Q1y9DA4sLwIE05ft/fXnN+69+Q6vLwL4MCxAPtnto1+/4dUvIMEBMECvPP/JL0B70vte+AAA gfAdAHkAhMEB+rc9/Ykgf9F7H/iQtz8Hjs95Eiyg/Tr4NwVKQH4OgMD+Erg87R0ggeLjXgwc GEIYjE8ECeReDAEgwf3lj4YSWB70yDfCEiLPedsz4P48aES+qW96+Sui+PY3RBiykH8OiF8L 5QcA7QFghDFYIgAgCEMeki9/MZj/oQGteMQz4s1825Ng9BaYQBKu8HnLO+D/2pg8E8pAf1jc Ig/DR8UYZC+IaByk3dS4ADFuApH0ex8K3cdB/lmRi14UXx9lOEkyWjKKhNxk29QnAfHBMYuf pKIiNZlFP5JPewiMoSojeEdR6rCS7oNjAreXwBQO8Y+c3CXaQBhKUUqviAqkoSnf50gZgrCA tVSeF9m4Q1m6L3oZBGb46MfLa1pujx8zIza76bgcIvOR3hzn6uI3QXKiM53qXCc72+nOd8Iz nvLkZANF1jztmTJiiBzjEx2my3nO04Ihu2c/KQY9TR4UYv8EKDxVKc6MWXNiIzTjAh+2UIa6 E3zaNOAI/wdYxxB6j42hrB4EH+g/ZE6QmwecIvzit8oJQvCAII1eIyPITYxes5HmQx756JhF Wi4QnD+NY0mHSMZW2vCFMjigLklIxzdaMqY7tOkxRTBJnHbTmNqsoQ2VeMkhFpSlJHUiC9+3 vouCFYfT06IWGRjTAv5xjxfFKi/t+ETzkdKMBLXr9MbaRSaalYlX5OYQzarBtWoypixsqvMi SldC/vOPePUqP4UoWCj+NbPHPKsZG4nCTyZ1qG7d32ThR0LQPhabVzVgYxfbU6AWNpRc9Osk 35c/PyrVrTD0KRa1lZHZshYGIcxnagd5USoGF5gg5Z5IieYrPr5UeWbcJxevNqM3Ze5QsaZt IWqL+9iCBs6Y3p0nUqN2fGqOl7zJvCzg5prdGzQ3vvKdL33ra9/748ALTt0vf/vr3/8COMAC zm8IAAA7 --------------AttPart_74749053==.OLA-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Fri Feb 03 17:07:51 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F595r-0005YG-Ht for capwap-archive@megatron.ietf.org; Fri, 03 Feb 2006 17:07:51 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA19752 for ; Fri, 3 Feb 2006 17:06:05 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id BCD0F430092 for ; Fri, 3 Feb 2006 14:07:30 -0800 (PST) Received: from hermes.tigertech.net (hermes.tigertech.net [64.71.157.146]) by leela.tigertech.net (Postfix) with ESMTP id 5CAEE430058 for ; Sat, 28 Jan 2006 15:15:11 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 4344180C130 for ; Sat, 28 Jan 2006 15:15:11 -0800 (PST) Received: from sj-iport-2.cisco.com (sj-iport-2-in.cisco.com [171.71.176.71]) by hermes.tigertech.net (Postfix) with ESMTP id 5715280C105 for ; Sat, 28 Jan 2006 15:15:07 -0800 (PST) Received: from sj-core-2.cisco.com ([171.71.177.254]) by sj-iport-2.cisco.com with ESMTP; 28 Jan 2006 15:15:07 -0800 Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id k0SNF6WF016196; Sat, 28 Jan 2006 15:15:06 -0800 (PST) Received: from xmb-sjc-222.amer.cisco.com ([128.107.191.106]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Sat, 28 Jan 2006 15:15:06 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C62460.AC84AB3F" Subject: RE: [Capwap] lwapp-dtls edits Date: Sat, 28 Jan 2006 15:15:04 -0800 Message-ID: <08A9A3213527A6428774900A80DBD8D80165C2CD@xmb-sjc-222.amer.cisco.com> X-MS-Has-Attach: yes Thread-Topic: [Capwap] lwapp-dtls edits Thread-Index: AcYjYMinXnSPEPJ4QqWETXwrxsyOrwAQQAbAAC+gE4A= From: "Nancy Winget (ncamwing)" To: "Susan Hares" , "Scott G. Kelly" , "capwap" X-OriginalArrivalTime: 28 Jan 2006 23:15:06.0150 (UTC) FILETIME=[ACD15C60:01C62460] X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.374 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE X-Mailman-Approved-At: Fri, 03 Feb 2006 14:06:20 -0800 X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com This is a multi-part message in MIME format. ------_=_NextPart_001_01C62460.AC84AB3F Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Scott, I also could only do a cursory security review of the current draft as I need more clarification and elaboration on the authentication/authorization enforcement as well as how the rekey mechanisms work. Once I have a better understanding of those, I think we can close loop on the security review. I think my comments are along the same vein as Sue's. =20 Attached are my comments embedded in the word-(re)formatted draft. Thanks, Nancy. =20 -----Original Message----- From: Susan Hares [mailto:skh@nexthop.com]=20 Sent: Friday, January 27, 2006 4:39 PM To: Scott G. Kelly; capwap Cc: Nancy Winget (ncamwing); Pat Calhoun (pacalhou) Subject: RE: [Capwap] lwapp-dtls edits Scott: My focus has been the interaction of the DTLS work with the LWAPP State machine. The draft-kelley-capwap-lwap-dtls-00.txt gave no state machine interactions. The draft-kelley-capwap-lwapp-dtls-01.txt draft gives some state machine interactions, and modifies the LWAPP state machine.=20 However, these state machine interactions do not provide guidance on what to do in the DTLS handshake errors, fragmentation errors, or alert messages. I've attached very draft text to guide you in providing the next revision. (It's a word document - so let me know if that's a problem. I turned on the revision history and highlighted the suggested text.)=20 =20 I'll do a final DTLS and security review once you finalize your next revision. =20 Pat and I went through a few rounds on the state machine of LWAPP to reach the current form. Glad to do an early review of your text prior to release to the working group.=20 Cheers,=20 Sue PS - I used (lwapp-03, dtls-05). I sent my comments from Nancy Winget (Cisco). She may find more issues with the state machine based on conversations we had at IEEE. =20 ------_=_NextPart_001_01C62460.AC84AB3F Content-Type: application/msword; name="draft-kelly-capwap-lwapp-dtls-01-ncw.doc" Content-Description: draft-kelly-capwap-lwapp-dtls-01-ncw.doc Content-Disposition: attachment; filename="draft-kelly-capwap-lwapp-dtls-01-ncw.doc" Content-Transfer-Encoding: base64 0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAPgADAP7/CQAGAAAAAAAAAAAAAAACAAAA+gAAAAAAAAAA EAAA/AAAAAEAAAD+////AAAAAPQAAAD7AAAA//////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////s pcEAe2AJBAAA8BK/AAAAAAAAEAAAAAAABgAAS4AAAA4AYmpiau5G7kYAAAAAAAAAAAAAAAAAAAAA AAAJBBYANOQAAIwsAACMLAAANngAAAAAAAAAAAAAAAAAABQAAAAAAAAAAAAAAAAAAAD//w8AAAAA AAAAAAD//w8AAAAAAAAAAAD//w8AAAAAAAAAAAAAAAAAAAAAAKQAAAAAABAZAAAAAAAAEBkAABAZ AAAAAAAAEBkAAAAAAAAyGQAAJgAAAGoZAAAMAAAAdhkAABQAAAAAAAAAAAAAAIoZAAAAAAAAEr0A AAAAAAASvQAAAAAAABK9AAAAAAAAEr0AAEwAAABevQAAPAEAAIoZAAAAAAAAcdsAAFACAACmvgAA AAAAAKa+AAAAAAAApr4AAAAAAACmvgAAAAAAAKa+AAAAAAAAgb8AAAAAAACBvwAAAAAAAIG/AAAA AAAAwtoAAAIAAADE2gAAAAAAAMTaAAAAAAAAxNoAAAAAAADE2gAAAAAAAMTaAAAAAAAAxNoAACQA AADB3QAAaAIAACngAABqAAAA6NoAABUAAAAAAAAAAAAAAAAAAAAAAAAAEBkAACIAAACBxAAAEgAA AAAAAAAAAAAAAAAAAAAAAACBvwAAAAAAAIG/AAAAAAAAk8QAAAwAAACfxAAACAAAAOjaAAAAAAAA AAAAAAAAAAAQGQAAAAAAABAZAAAAAAAApr4AAAAAAAAAAAAAAAAAAKa+AADbAAAA/doAADgAAACx 0AAAAAAAALHQAAAAAAAAsdAAAAAAAACnxAAAbAEAABAZAAAAAAAApr4AAAAAAAAQGQAAAAAAAKa+ AAAAAAAAwtoAAAAAAAAAAAAAAAAAALHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAgcQAAAAAAADC2gAAAAAAAAAAAAAAAAAAsdAAAAAAAACx0AAA VgAAAGbYAACUAQAAEBkAAAAAAAAQGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWtoAAAAAAACmvgAAAAAAAJq+AAAMAAAAwKhnQdAj xgEAAAAAAAAAABK9AAAAAAAAE8YAAEgKAAD62QAADAAAAAAAAAAAAAAAwtoAAAAAAAA12wAAPAAA AHHbAAAAAAAABtoAAFQAAACT4AAAAAAAAFvQAABGAAAAk+AAABgAAABa2gAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAJPgAAAAAAAAAAAAAAAAAABYGQAAEgAAAFraAABoAAAAgb8AAMoAAABLwAAAkAAAALHQ AAAAAAAA28AAAHQAAABPwQAAMgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgb8A AAAAAACBvwAAAAAAAIG/AAAAAAAA6NoAAAAAAADo2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAodAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIG/AAAA AAAAgb8AAAAAAACBvwAAAAAAAHHbAAAAAAAAgcQAAAAAAACBxAAAAAAAAIHEAAAAAAAAgcQAAAAA AAAAAAAAAAAAAIoZAAAAAAAAihkAAAAAAACKGQAA5GYAAG6AAACkPAAAihkAAAAAAACKGQAAAAAA AIoZAAAAAAAAboAAAAAAAACKGQAAAAAAAIoZAAAAAAAAihkAAAAAAAAQGQAAAAAAABAZAAAAAAAA EBkAAAAAAAAQGQAAAAAAABAZAAAAAAAAEBkAAAAAAAD/////AAAAAAIADAEAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0NDU5l dHdvcmsgV29ya2luZyBHcm91cCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICBTLiBLZWxseQ1JbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICBUYWxhcmkgTmV0d29ya3MNRXhwaXJlczogSnVuZSAxNSwgMjAwNiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEUuIFJlc2NvcmxhDSAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBOZXR3b3JrIFJlc29u YW5jZQ0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgRGVjZW1iZXIgMTIsIDIwMDUNDQ0gICAgICAgICAgICAgICAgICAgICAgICBTZWN1cmluZyBM V0FQUCB3aXRoIERUTFMNICAgICAgICAgICAgICAgICAgICBkcmFmdC1rZWxseS1jYXB3YXAtbHdh cHAtZHRscy0wMQ0NU3RhdHVzIG9mIHRoaXMgTWVtbw0NICAgQnkgc3VibWl0dGluZyB0aGlzIElu dGVybmV0LURyYWZ0LCBlYWNoIGF1dGhvciByZXByZXNlbnRzIHRoYXQgYW55DSAgIGFwcGxpY2Fi bGUgcGF0ZW50IG9yIG90aGVyIElQUiBjbGFpbXMgb2Ygd2hpY2ggaGUgb3Igc2hlIGlzIGF3YXJl DSAgIGhhdmUgYmVlbiBvciB3aWxsIGJlIGRpc2Nsb3NlZCwgYW5kIGFueSBvZiB3aGljaCBoZSBv ciBzaGUgYmVjb21lcw0gICBhd2FyZSB3aWxsIGJlIGRpc2Nsb3NlZCwgaW4gYWNjb3JkYW5jZSB3 aXRoIFNlY3Rpb24gNiBvZiBCQ1AgNzkuDQ0gICBJbnRlcm5ldC1EcmFmdHMgYXJlIHdvcmtpbmcg ZG9jdW1lbnRzIG9mIHRoZSBJbnRlcm5ldCBFbmdpbmVlcmluZw0gICBUYXNrIEZvcmNlIChJRVRG KSwgaXRzIGFyZWFzLCBhbmQgaXRzIHdvcmtpbmcgZ3JvdXBzLiAgTm90ZSB0aGF0DSAgIG90aGVy IGdyb3VwcyBtYXkgYWxzbyBkaXN0cmlidXRlIHdvcmtpbmcgZG9jdW1lbnRzIGFzIEludGVybmV0 LQ0gICBEcmFmdHMuDQ0gICBJbnRlcm5ldC1EcmFmdHMgYXJlIGRyYWZ0IGRvY3VtZW50cyB2YWxp ZCBmb3IgYSBtYXhpbXVtIG9mIHNpeCBtb250aHMNICAgYW5kIG1heSBiZSB1cGRhdGVkLCByZXBs YWNlZCwgb3Igb2Jzb2xldGVkIGJ5IG90aGVyIGRvY3VtZW50cyBhdCBhbnkNICAgdGltZS4gIEl0 IGlzIGluYXBwcm9wcmlhdGUgdG8gdXNlIEludGVybmV0LURyYWZ0cyBhcyByZWZlcmVuY2UNICAg bWF0ZXJpYWwgb3IgdG8gY2l0ZSB0aGVtIG90aGVyIHRoYW4gYXMgIndvcmsgaW4gcHJvZ3Jlc3Mu Ig0NICAgVGhlIGxpc3Qgb2YgY3VycmVudCBJbnRlcm5ldC1EcmFmdHMgY2FuIGJlIGFjY2Vzc2Vk IGF0DSAgIGh0dHA6Ly93d3cuaWV0Zi5vcmcvaWV0Zi8xaWQtYWJzdHJhY3RzLnR4dC4NDSAgIFRo ZSBsaXN0IG9mIEludGVybmV0LURyYWZ0IFNoYWRvdyBEaXJlY3RvcmllcyBjYW4gYmUgYWNjZXNz ZWQgYXQNICAgaHR0cDovL3d3dy5pZXRmLm9yZy9zaGFkb3cuaHRtbC4NDSAgIFRoaXMgSW50ZXJu ZXQtRHJhZnQgd2lsbCBleHBpcmUgb24gSnVuZSAxNSwgMjAwNi4NDUNvcHlyaWdodCBOb3RpY2UN DSAgIENvcHlyaWdodCAoQykgVGhlIEludGVybmV0IFNvY2lldHkgKDIwMDUpLg0NQWJzdHJhY3QN DSAgIFRoZSBMV0FQUCBwcm90b2NvbCBkZWZpbmVzIGludGVyYWN0aW9ucyBiZXR3ZWVuIHdpcmVs ZXNzIHRlcm1pbmF0aW9uDSAgIHBvaW50cyBhbmQgd2lyZWxlc3MgYWNjZXNzIGNvbnRyb2xsZXJz LiAgQ29tbXVuaWNhdGlvbnMgYmV0d2VlbiB0aGVzZQ0gICBjb21wb25lbnRzIG11c3QgYmUgc2Vj dXJlZCwgYW5kIHRoZSBjdXJyZW50IHNwZWNpZmljYXRpb24gcHJvdmlkZXMNICAgZm9yIHRyYW5z cG9ydCBzZWN1cml0eSB1c2luZyBwcm9wcmlldGFyeSBtZWNoYW5pc21zIHdoaWNoIGFyZQ0gICBl bWJlZGRlZCBpbiB0aGUgcHJvdG9jb2wuICBUaGlzIGRvY3VtZW50IGRlc2NyaWJlcyBhbiBhbHRl cm5hdGl2ZQ0gICBhcHByb2FjaCB3aGljaCBlbGltaW5hdGVzIHRoZSBlbWJlZGRlZCBzZWN1cml0 eSwgYW5kIGluc3RlYWQgdXNlcw0gICBEVExTIGFzIGEgc2VjdXJlLCB0aWdodGx5LWludGVncmF0 ZWQgd3JhcHBlci4NDQ0NS2VsbHkgJiBSZXNjb3JsYSAgICAgICAgICBFeHBpcmVzIEp1bmUgMTUs IDIwMDYgICAgICAgICAgICAgICAgIFtQYWdlIDFdDQwNSW50ZXJuZXQtRHJhZnQgICAgICAgICAg U2VjdXJpbmcgTFdBUFAgd2l0aCBEVExTICAgICAgICAgICBEZWNlbWJlciAyMDA1DQ0NVGFibGUg b2YgQ29udGVudHMNDSAgIDEuICBJbnRyb2R1Y3Rpb24gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMw0gICAyLiAgSW5zZXJ0aW5nIERUTFMgLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDQNICAgICAyLjEuICBD b250cm9sL0RhdGEgQ2hhbm5lbCBDb25zaWRlcmF0aW9ucyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAu ICA3DSAgICAgICAyLjEuMS4gIFNlcGFyYXRlIENvbnRyb2wvRGF0YSBDaGFubmVsIFBvcnRzICAu IC4gLiAuIC4gLiAuIC4gLiAgOA0gICAgICAgMi4xLjIuICBBZGRpbmcgYSBQcm90b2NvbCBNdXgg IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDgNICAgMy4gIEVuZHBvaW50IEF1dGhl bnRpY2F0aW9uIHVzaW5nIERUTFMgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICA4DSAgICAg My4xLiAgQXV0aGVudGljYXRpbmcgd2l0aCBDZXJ0aWZpY2F0ZXMgLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAgOQ0gICAgIDMuMi4gIEF1dGhlbnRpY2F0aW5nIHdpdGggUHJlc2hhcmVkIEtleXMg LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDkNICAgNC4gIENvbmNsdXNpb25zICAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDEwDSAgIDUuICBTZWN1cml0 eSBDb25zaWRlcmF0aW9ucyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAx MA0gICA2LiAgSUFOQSBDb25zaWRlcmF0aW9ucyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAuIC4gMTENICAgNy4gIFJlZmVyZW5jZXMgLiAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDExDSAgICAgNy4xLiAgTm9ybWF0aXZlIFJl ZmVyZW5jZXMgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAxMQ0gICAgIDcu Mi4gIEluZm9ybWF0aXZlIFJlZmVyZW5jZXMgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gMTENICAgQXV0aG9ycycgQWRkcmVzc2VzIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIDEzDSAgIEludGVsbGVjdHVhbCBQcm9wZXJ0eSBhbmQgQ29w eXJpZ2h0IFN0YXRlbWVudHMgLiAuIC4gLiAuIC4gLiAuIC4gLiAxNA0NDQ0NDQ0NDQ0NDQ0NDQ0N DQ0NDQ0NDQ0NDQ0NDQ0NDQ1LZWxseSAmIFJlc2NvcmxhICAgICAgICAgIEV4cGlyZXMgSnVuZSAx NSwgMjAwNiAgICAgICAgICAgICAgICAgW1BhZ2UgMl0NDA1JbnRlcm5ldC1EcmFmdCAgICAgICAg ICBTZWN1cmluZyBMV0FQUCB3aXRoIERUTFMgICAgICAgICAgIERlY2VtYmVyIDIwMDUNDQ0xLiAg SW50cm9kdWN0aW9uDQ0gICBUaGUgTGlnaHQgV2VpZ2h0IEFjZXNzIFBvaW50IFByb3RvY29sIChM V0FQUCkgcHJvdmlkZXMgZm9yDSAgIGNlbnRyYWxpemVkIGNvbnRyb2wgYW5kIG1hbmFnZW1lbnQg b2YgV2lyZWxlc3MgVGVybWluYXRpb24gUG9pbnRzDSAgIChXVFBzKSBieSBkZXZpY2VzIHJlZmVy cmVkIHRvIGFzIEFjY2VzcyBDb250cm9sbGVycyAoQUNzKS4gIEZvciBtb3JlDSAgIGRldGFpbCBv biB0aGlzIHByb3RvY29sIGFuZC9vciB0aGVzZSBjb21wb25lbnRzLCBzZWUgW0xXQVBQXS4gIFRo ZQ0gICBDQVBXQVAgd29ya2luZyBncm91cCBpcyBjdXJyZW50bHkgY29uc2lkZXJpbmcgdXNpbmcg TFdBUFAgYXMgdGhlDSAgIGJhc2lzIGZvciBhIHN0YW5kYXJkaXplZCBBQy1XVFAgY29udHJvbCBw cm90b2NvbCAocmVjb21tZW5kZWQgaW4NICAgW0NBUFdBUC1FVkFMXSkuDQ0gICBMV0FQUCBjdXJy ZW50bHkgaW5jbHVkZXMgc2VjdXJpdHkgZWxlbWVudHMgd2hpY2ggcHJvdmlkZSBmb3IgdGhlDSAg IGZvbGxvd2luZyBjYXBhYmlsaXRpZXM6DQ0gICBvICBFbmRwb2ludCBBdXRoZW50aWNhdGlvbiAt IEFDIGFuZCBXVFAgYXJlIHN0cm9uZ2x5IGF1dGhlbnRpY2F0ZWQNICAgICAgdXNpbmcgZWl0aGVy IHB1YmxpYyBrZXkgY2VydGlmaWNhdGVzIG9yIHNoYXJlZCBzZWNyZXRzIChhbHNvIGtub3duDSAg ICAgIGFzICJwcmUtc2hhcmVkIGtleXMiKS4NDSAgIG8gIERhdGEgQ29uZmlkZW50aWFsaXR5IC0g KEFDLVdUUCBjb250cm9sIGNoYW5uZWwpIGRhdGEgaXMgZW5jcnlwdGVkDSAgICAgIHVzaW5nIHRo ZSAxMjgtYml0IEFFUy1DQkMgYWxnb3JpdGhtLg0NICAgbyAgRGF0YSBJbnRlZ3JpdHkvT3JpZ2lu IEF1dGhlbnRpY2l0eSAtIGFuIEludGVncml0eSBDaGVjayBWYWx1ZQ0gICAgICAoSUNWKSBpcyBj b21wdXRlZCB1c2luZyAxMjgtYml0IEFFUy1DQkMtTUFDIChhIGtleWVkIE1BQykuDQ0gICBUaGUg Y3VycmVudCBMV0FQUCBzZWN1cml0eSBzY2hlbWUgaGFzIGJlZW4gdGhyb3VnaCBhdCBsZWFzdCBv bmUNICAgc2VjdXJpdHkgcmV2aWV3IFtMV0FQUC1TRUNdLCB0aGUgcmVzdWx0cyBvZiB3aGljaCB3 ZXJlIGZhdm9yYWJsZS4NICAgU3RpbGwsIHRoZSBwcm90b2NvbCBldmFsdWF0aW9uIHRlYW0gY29u Y2x1ZGVkIHRoYXQgTFdBUFAgd291bGQNICAgYmVuZWZpdCBmcm9tIHJlcGxhY2VtZW50IG9mIGl0 cyBwcm9wcmlldGFyeSBzZWN1cml0eSBzY2hlbWUgd2l0aCBhDSAgIHN0YW5kYXJkaXplZCwgbW9y ZSB3aWRlbHkgZGVwbG95ZWQgZmFjaWxpdHkgc3VjaCBhcyBEVExTIFtEVExTXS4NDSAgIFdoeSBy ZXBsYWNlIExXQVBQJ3Mgc2VjdXJpdHkgbWVjaGFuaXNtLCB3aGVuIHNvIGZhciwgc2VjdXJpdHkN ICAgZXZhbHVhdGlvbnMgaGF2ZSBub3QgZm91bmQgaXQgd2FudGluZz8gIFRoZXJlIGFyZSBhdCBs ZWFzdCB0d28gZ29vZA0gICByZWFzb25zOg0NICAgbyAgSW5kdXN0cnkgZXhwZXJpZW5jZS9yZXZp ZXcgLSB0byB0aGUgY2hhZ3JpbiBvZiBtYW55IHByb3RvY29sDSAgICAgIGRlc2lnbmVycywgaXQg aGFzIGJlZW4gb2Z0ZW4gZGVtb25zdHJhdGVkIHRoYXQgc3VidGxlIHNlY3VyaXR5DSAgICAgIGZs YXdzIG1heSBlc2NhcGUgdGhlIG1vc3QgZGlsaWdlbnQgcmV2aWV3ZXIuICBBcyBhIHJlc3VsdCwg dGhlDSAgICAgIGNyeXB0b2dyYXBoaWMgY29tbXVuaXR5IGludmVzdHMgc2lnbmlmaWNhbnQgZWZm b3J0IGluIHRoZSBvbmdvaW5nDSAgICAgIGFuYWx5c2lzIG9mIGRlcGxveWVkIChhbmQgcHJvcG9z ZWQpIHNlY3VyaXR5IG1lY2hhbmlzbXMuDSAgICAgIFNvbWV0aW1lcyBwcm9ibGVtcyBhcmUgZm91 bmQgdmVyeSBxdWlja2x5LCBidXQgaW4gb3RoZXIgY2FzZXMNICAgICAgaXNzdWVzIG15IG5vdCBi ZSBkaXNjb3ZlcmVkIGZvciB5ZWFycy4gIFRodXMsIHNlY3VyaXR5IHByb3RvY29scw0gICAgICBh bmQgbWVjaGFuaXNtcyB3aGljaCBoYXZlIGJlZW4gZXh0ZW5zaXZlbHkgZGVwbG95ZWQgYW5kIGFu YWx5emVkDSAgICAgIGFyZSBhbG1vc3QgYWx3YXlzIHByZWZlcmFibGUgdG8gdGhvc2Ugd2hpY2gg aGF2ZSBub3QuDQ0gICBvICBBbGdvcml0aG0gQWdpbGl0eSAtIEJlY2F1c2UgbW9zdCBjcnlwdG9n cmFwaGljIGFsZ29yaXRobXMgYXJlDSAgICAgIGV2ZW50dWFsbHkgZWl0aGVyIGJyb2tlbiBvdXRy aWdodCBvciByZW5kZXJlZCBjb21wdXRhdGlvbmFsbHkNICAgICAgaW5zdWZmaWNpZW50IGJ5IGFk dmFuY2luZyB0ZWNobm9sb2d5LCBpdCBpcyBjcnVjaWFsIHRvIGhhdmUgdGhlDSAgICAgIGFiaWxp dHkgdG8gZWFzaWx5IHJlcGxhY2Ugb3V0ZGF0ZWQgb3IgY29tcHJvbWlzZWQgYWxnb3JpdGhtcy4N DQ0NDUtlbGx5ICYgUmVzY29ybGEgICAgICAgICAgRXhwaXJlcyBKdW5lIDE1LCAyMDA2ICAgICAg ICAgICAgICAgICBbUGFnZSAzXQxJbnRlcm5ldC1EcmFmdCAgICAgICAgICBTZWN1cmluZyBMV0FQ UCB3aXRoIERUTFMgICAgICAgICAgIERlY2VtYmVyIDIwMDUNDQ0gICBOb3RlIHRoYXQgTFdBUFAs IHdoaWxlIGhhdmluZyBnb25lIHRocm91Z2ggc29tZSBzZWN1cml0eSByZXZpZXcsIGhhcw0gICBu b3QgeWV0IHByb3ZpZGVkIHRoZSBvcHBvcnR1bml0eSBmb3IgdGhlIHNvcnQgb2YgZXh0ZW5zaXZl IHB1YmxpYw0gICByZXZpZXcgYW5kIGFuYWx5c2lzIHRoYXQgVExTIFtUTFMxMV0gaGFzIGVuam95 ZWQuICBBbHNvLCBMV0FQUA0gICBwcm92aWRlcyBubyBmYWNpbGl0eSBmb3IgYWxnb3JpdGhtIG5l Z290aWF0aW9uIC0gY2hhbmdpbmcgc2VjdXJpdHkNICAgYWxnb3JpdGhtcyB3b3VsZCByZXF1aXJl IGEgY2hhbmdlIHRvIHRoZSBwcm90b2NvbCBzdGFuZGFyZCwgYWxvbmcNICAgd2l0aCBmaXJtd2Fy ZSB1cGdyYWRlcyBmb3IgYm90aCBXVFAgYW5kIEFDLiAgVGhpcyBpcyBjbGVhcmx5DSAgIHVuZGVz aXJhYmxlLg0NICAgRFRMUywgb24gdGhlIG90aGVyIGhhbmQsIGlzIGEgc3RhbmRhcmRzLXRyYWNr IGVmZm9ydCB3aGljaCBpcyBiYXNlZA0gICB1cG9uIFRMUy4gIFRoZSB1bmRlcmx5aW5nIHNlY3Vy aXR5LXJlbGF0ZWQgcHJvdG9jb2wgbWVjaGFuaXNtcyBoYXZlDSAgIGJlZW4gc3VjY2Vzc2Z1bGx5 IGRlcGxveWVkIGZvciBtYW55IHllYXJzIG5vdy4gIFRoZSBUTFMgcHJvdG9jb2wgaXMNICAgd2Vs bC11bmRlcnN0b29kIGZyb20gYW4gb3BlcmF0aW9uYWwgcGVyc3BlY3RpdmUsIGFuZCB3aXRoIHRo ZSByZWNlbnQNICAgc3BlY2lmaWNhdGlvbiBvZiBpdHMgZGF0YWdyYW0tYmFzZWQgdmFyaWFudCwg aXMgYW4gb2J2aW91cyBjaG9pY2UgZm9yDSAgIG1lZXRpbmcgdGhlIHNlY3VyaXR5IHJlcXVpcmVt ZW50cyBvZiBMV0FQUC4NDQ0yLiAgSW5zZXJ0aW5nIERUTFMNDSAgIE5vdGUgdGhhdCBmb3IgdGhl IHRpbWUgYmVpbmcsIG9ubHkgdGhlIFVEUCB0cmFuc3BvcnQgbWVjaGFuaXNtIGZvcg0gICBMV0FQ UCBpcyBjb25zaWRlcmVkLiAgU2luY2UgdGhlIGV2YWx1YXRpb24gZG9jdW1lbnQgcmVjb21tZW5k cw0gICBlbGltaW5hdGluZyBsYXllciAyIGVuY2Fwc3VsYXRpb24gc3VwcG9ydCwgaXQgaXMgbm90 IGFkZHJlc3NlZCBoZXJlLg0gICBTaG91bGQgdGhpcyBjaGFuZ2UsIHRoZSBtZWNoYW5pc20gZGVz Y3JpYmVkIGJlbG93IGluIHNlY3Rpb24gMi4xLjINICAgY291bGQgYmUgdXNlZCB0byBwYXJ0aWFs bHkgYWRkcmVzcyB0aGF0IGNhc2UuDQ0gICBGcm9tIGEgaGlnaCBsZXZlbCwgc2ltcGxlIHJlcGxh Y2VtZW50IG9mIHRoZSBMV0FQUCBzZWN1cml0eQ0gICBtZWNoYW5pc21zIHdpdGggRFRMUyBhbW91 bnRzIHRvIHNvbWV0aGluZyBsaWtlIHRoaXM6DQ0gICAxLiAgUmVwbGFjZSB0aGUgSk9JTiBwaGFz ZSB3aXRoIERUTFMgc2Vzc2lvbiBlc3RhYmxpc2htZW50DQ0KDSAgIDIuICBSZXBsYWNlIExXQVBQ IHJlLWtleSBmdW5jdGlvbmFsaXR5IHdpdGggYSBEVExTIHJlLWtleQ0NCg0gICAzLiAgUmVtb3Zl IHRoZSBleGlzdGluZyBMV0FQUCBzZWNjdXJpdHkgc2NoZW1lDQ1bTkNXXSBIb3cgd2lsbCB3ZSBi ZSBhYmxlIHRvIGRpc3Rpbmd1aXNoIGFuZCB0aHVzIGVuYWJsZSBhcHByb3ByaWF0ZSBhdXRob3Jp emF0aW9uIHBvbGljaWVzIHRoYXQgdGhlIERUTFMgc2Vzc2lvbiBlc3RhYmxpc2htZW50LCByZWtl eSBhbmQgcmVzZXQgYXJlIHNwZWNpZmljIHRvIHRoaXMgYXBwbGljYXRpb24gKGUuZy4gTFdBUFAp Pw1XaGlsZSAoRClUTFMgZW5hYmxlcyBhdXRoZW50aWNhdGlvbiwgaG93IGRvZXMgaXSScyB1c2Ug aW4gdGhpcyBhcHBsaWNhdGlvbiBlbmZvcmNlIHRoYXQgdGhlIFRMUyCTY2xpZW50lCBpcyBhdXRo b3JpemVkIHRvIGFjdCBhcyBhIFdUUCBhbmQgY29udmVyc2VseSB0aGUgIFRMUyCTc2VydmVylCBp cyBhbiBhdXRob3JpemVkIEFDPw0NCg0gICBUaGlzIGFtb3VudHMgdG8gZW1wbG95aW5nIERUTFMg YXMgYSB0aWdodGx5LWludGVncmF0ZWQgc2VjdXJlDSAgIHdyYXBwZXIuICBIZXJlIGlzIHRoZSBy ZXN1bHRpbmcgTFdBUFAgc3RhdGUgbWFjaGluZToNDQ0NDQ0NDQ0NDQ0NDQ0NDUtlbGx5ICYgUmVz Y29ybGEgICAgICAgICAgRXhwaXJlcyBKdW5lIDE1LCAyMDA2ICAgICAgICAgICAgICAgICBbUGFn ZSA0XQxJbnRlcm5ldC1EcmFmdCAgICAgICAgICBTZWN1cmluZyBMV0FQUCB3aXRoIERUTFMgICAg ICAgICAgIERlY2VtYmVyIDIwMDUNDQ0gICAgICAgIC8tLS0tLS0tLS0tLS0tXA0gICAgICAgICB8 ICAgICAgICAgICAgIHYNICAgICAgICAgfCAgICAgICArLS0tLS0tLS0tLS0tKw0gICAgICAgICB8 ICAgICAgQ3wgICAgSWRsZSAgICB8PC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tKw0gICAgICAgICB8ICAgICAgICstLS0tLS0tLS0tLS0rICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgfA0gICAgICAgICB8ICAgICAgICBeICAgIHxhICAgIF4gICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfA0gICAgICAgICB8ICAgICAgICB8ICAg IHwgICAgIFwtLS0tXCAgICAgICAgICAgICAgICAgeSAgICAgICAgICAgICAgICAgfA0gICAgICAg ICB8ICAgICAgICB8ICAgIHwgICAgICAgICAgfCAgICstLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0t LSsgeiAgfA0gICAgICAgICB8ICAgICAgICB8ICAgIHwgICAgICAgICAgfCAgIHwgICAgICAgICAg ICAgfCBEVExTLXJla2V5IHwtXCAgfA0gICAgICAgICB8ICAgICAgICB8ICAgIHwgICAgICAgICAg fCAgIHwgICstLS0tLS0tLS0+Ky0tLS0tLS0tLS0tLSsgfCAgfA0gICAgICAgICB8ICAgICAgICB8 ICAgIHwgICAgICAgICAgfCAgIHwgIHwgICAgICAgICAgICAgICAgICAgICAgICAgfCAgXg0gICAg ICAgICB8ICAgICAgICB8ICAgIHwgICAgICAgICAgfHQgIFYgIHwgeCAgICAgICAgICAgICAgICAg ICAgICAgfCAgfA0gICAgICAgICB8ICAgICAgICB8ICAgIHwgICAgICAgICstLS0tLS0tLSstLSsg ICAgICAgKy0tLS0tLS0tLS0tLSsgfCAgfA0gICAgICAgICB8ICAgICAgIC8gICAgIHwgICAgICAg Q3wgICAgUnVuICAgIHwtLS0tLS0+fCBEVExTLVJlc2V0IHw8Ky0tfC0tLS1cDSAgICAgICAgIHwg ICAgIC8gICAgICAgfCAgICAgICByKy0tLS0tLS0tLS0tKyAgICAgdSArLS0tLS0tLS0tLS0tKyB8 ICB8ICAgICB8DSAgICAgICAgIHwgICAgLyAgICAgICAgfCAgICAgICAgICAgICAgXiAgICAgICAg ICAgICAgICBeICAgICB2fCAgICB8ICB8ICAgICB8DSAgICAgICAgIHwgICB8ICAgICAgICAgdiAg ICAgICAgICAgICAgfCAgICAgICAgICAgICAgICB8ICAgICAgfCAgICB8ICB8ICAgICB8DSAgICAg ICAgIHwgICB8ICAgKy0tLS0tLS0tLS0tLS0tKyAgICAgfCAgICAgICAgICAvLS0tLS8gICAgICAg ViAgICBWICB8ICAgICB8DSAgICAgICAgIHwgICB8ICBDfCAgRGlzY292ZXJ5ICAgfCAgICBxfCAg ICAgICAgb3wgICAgICAgICAgICstLS0tLS0tKyB8ICAgICB8DSAgICAgICAgIHwgICB8ICBiKy0t LS0tLS0tLS0tLS0tKyAgICArLS0tLS0tLS0tLS0tLSsgICAgICAgIHwgUmVzZXQgfC0rIHcgICB8 DSAgICAgICAgIHwgICB8ICAgICB8ZCAgICAgZnwgIF4gICAgICB8ICBDb25maWd1cmUgIHwgICAg ICAgICstLS0tLS0tKyAgICAgICB8DSAgICAgICAgIHwgICB8ICAgICB8ICAgICAgIHwgIHwgICAg ICArLS0tLS0tLS0tLS0tLSsgICAgICAgICAgICAgICAgICAgICAgICB8DSAgICAgICAgIHwgICB8 ZSAgICB2ICAgICAgIHwgIHwgICAgICAgICAgICAgIF4gICAgICAgICAgICAgICAgICAgICAgICAg ICAgICB8DSAgICAgICAgIHwgICstLS0tLS0tLS0rICAgIHYgIHxpICAgICAgICAgICAgMnwgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICB8DSAgICAgICAgIHwgQ3wgU3Vsa2luZyB8ICAgKy0t LS0tLS0tLS0tLSsgICAgKy0tLS0tLS0tLS0tLS0tKyAgICAgICAgICAgICAgICB8DSAgICAgICAg IHwgICstLS0tLS0tLS0rICBDfCBEVExTLUluaXQgIHwtLS0+fCBEVExTLUNvbXBsZXRlfCAgICAg ICAgICAgICAgICB8DSAgICAgICAgIHwgICAgICAgICAgICAgICBnKy0tLS0tLS0tLS0tLSsgeiAg Ky0tLS0tLS0tLS0tLS0tKyAgICAgICAgICAgICAgICB8DSAgICAgICAgIHwgICAgICAgICAgICAg ICAgICAgfGggICAgICBtfCAgICAgICAgICAgICAgICAgfDQgICAgICAgICAgICAgICAgICB8DSAg ICAgICAgIHwgICAgICAgICAgICAgICAgICAgfCAgICAgICAgfCAgICAgICAgICAgICAgICAgdiAg ICAgICAgICAgICAgICAgbyAvDSAgICAgICAgICBcICAgICAgICAgICAgICAgICAgfCAgICAgICAg fCAgICAgICAgICAgICAgICstLS0tLS0tLS0tLS0rLS0tLS0tLS8NICAgICAgICAgICBcLS0tLS0t LS0tLS0tLS0tLS0vICAgICAgICAgXC0tLS0tLS0tLS0tLS0+fCBJbWFnZSBEYXRhIHxDDSAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICstLS0tLS0t LS0tLS0rbg0NICAgICAgICAgICAgICAgICAgRmlndXJlIDE6IExXQVBQIFN0YXRlIE1hY2hpbmUg dy9EVExTIFN1cHBvcnQNDQ0gICBGb2xsb3dpbmcgaXMgYSBkZXNjcmlwdGlvbiBvZiB0aGUgYXNz b2NpYXRlZCBzdGF0ZSBjaGFuZ2VzLiAgTm90ZQ0gICB0aGF0IHdlIG9ubHkgYWRkcmVzcyB0aG9z ZSB3aGljaCBhcmUgbmV3Og0NDSAgIERpc2NvdmVyeSB0byBEVExTLUluaXQgKGYpOiBUaGlzIHN0 YXRlIGlzIHVzZWQgYnkgdGhlIFdUUCB0byBjb25maXJtDSAgIGl0cyBjb21taXRtZW50IHRvIGFu IEFDIHRoYXQgaXQgd2lzaGVzIHRvIGJlIHByb3ZpZGVkIHNlcnZpY2UsIGFuZCB0bw0gICBzaW11 bHRhbmVvdXNseSBlc3RhYmxpc2ggYSBzZWN1cmUgY29udHJvbCBjaGFubmVsLg0NICAgICAgV1RQ OiBUaGUgV1RQIHNlbGVjdHMgdGhlIGJlc3QgQUMgYmFzZWQgb24gdGhlIGluZm9ybWF0aW9uIGl0 DSAgICAgIGdhdGhlcmVkIGR1cmluZyB0aGUgRGlzY292ZXJ5IFBoYXNlLiAgSXQgdGhlbiBpbml0 aWF0ZXMgYSBEVExTDSAgICAgIGNvbm5lY3Rpb24gd2l0aCBpdHMgcHJlZmVycmVkIEFDLiAgVGhl IFdUUCBzdGFydHMgdGhlIFdhaXRKb2luDSAgICAgIFRpbWVyLg1bTkNXXSBCeSB0aGlzLCBJIGJl bGlldmUgeW91IGFyZSBpbXBseWluZyB0aGF0IHRoZSBXVFAgYWN0cyBhcyB0aGUgVExTIJNjbGll bnSUIHdoaWxlIHRoZSBBQyBhY3RzIGFzIHRoZSBUTFMgk3NlcnZlcpQ/ICBUaGlzIHdpbGwgaGF2 ZSB0byBiZSBhIGhhcmQgcmVxdWlyZW1lbnQgdG8gZW5zdXJlIHRoZSByb2xlcyBhcmUgZXhwbGlj aXRseSBkZWZpbmVkIGFuZCBhbGxvdyBmb3IgYXBwcm9wcmlhdGUgYXV0aG9yaXphdGlvbiBwb2xp Y2llcyB0byBiZSBlbXBsb3llZC4gIA0NDQ0NDQ1LZWxseSAmIFJlc2NvcmxhICAgICAgICAgIEV4 cGlyZXMgSnVuZSAxNSwgMjAwNiAgICAgICAgICAgICAgICAgW1BhZ2UgNV0NDQ0NDA1JbnRlcm5l dC1EcmFmdCAgICAgICAgICBTZWN1cmluZyBMV0FQUCB3aXRoIERUTFMgICAgICAgICAgIERlY2Vt YmVyIDIwMDUNDQ0gICAgICBBQzogVGhlIEFDIGVudGVycyB0aGlzIHN0YXRlIGZvciB0aGUgZ2l2 ZW4gV1RQIHVwb24gcmVjZXB0aW9uIG9mIGENICAgICAgRFRMUyBpbml0aWFsaXphdGlvbiByZXF1 ZXN0LiAgVGhlIEFDIHByb2Nlc3NlcyB0aGUgcmVxdWVzdCBhbmQNICAgICAgcmVzcG9uZHMgYnkg ZW5nYWdpbmcgaW4gRFRMUyBuZWdvdGlhdGlvbiB3aXRoIHRoZSBXVFAuDVtOQ1ddIFdoYXQgaXMg YSBEVExTIGluaXRpYWxpemF0aW9uIHJlcXVlc3Q/ICBJIGNhbpJ0IHF1aXRlIHNlZW0gdG8gbWFw IHRoZSBzdGF0ZSBtYWNoaW5lcyBkZWZpbmVkIGluIHRoZSBkcmFmdC1yZXNjb2xhLWR0bHMtMDUu dHh0IHRvIHRoZSBEVExTLUluaXQgYW5kIERUTFMtQ29tcGxldGUgc3RhdGVzIGFib3ZlLiAgQ2Fu IHlvdSBwbGVhc2UgZWxhYm9yYXRlIGZ1cnRoZXIgb24gdGhlc2U/ICBIb3cgYXJlIHRoZSBEVExT L1RMUyBzdGF0ZSBtYWNoaW5lIGFuZCBwYWNrZXQgZmxvdyBtYXAgaW50byB0aGUgMiBib3hlcyBh cyB5b3Ugc3RhdGUgYWJvdmU/DQ0gICBEVExTLUluaXQgdG8gRGlzY292ZXJ5IChpKTogVGhpcyBz dGF0ZSBpcyB1c2VkIHRvIHJldHVybiB0aGUgV1RQIHRvDSAgIGRpc2NvdmVyeSBtb2RlIHdoZW4g YW4gdW5yZXNwb25zaXZlIEFDIGlzIGVuY291bnRlcmVkLg0NICAgICAgV1RQOiBUaGUgV1RQIGVu dGVycyB0aGlzIHN0YXRlIHdoZW4gdGhlIFdhaXRKb2luIHRpbWVyIGV4cGlyZXMNICAgICAgcHJp b3IgdG8gc3VjY2Vzc2Z1bCBjb21wbGV0aW9uIG9mIERUTFMgbmVnb3RpYXRpb24uDQ0gICAgICBB QzogVGhpcyBzdGF0ZSB0cmFuc2l0aW9uIGlzIGludmFsaWQuDQ0gICBEVExTLUluaXQgdG8gRFRM Uy1Db21wbGV0ZSAoeik6IFRoaXMgc3RhdGUgaXMgdXNlZCB0byBpbmRpY2F0ZSBEVExTDSAgIHNl c3Npb24gZXN0YWJsaXNobWVudC4NDSAgICAgIFdUUDogVGhpcyBzdGF0ZSBpcyBlbnRlcmVkIHdo ZW4gdGhlIFdUUCBhbmQgQUMgY29tcGxldGUgRFRMUw0gICAgICBuZWdvdGlhdGlvbi4NDSAgICAg IEFDOiBUaGlzIHN0YXRlIGlzIGVudGVyZWQgd2hlbiB0aGUgV1RQIGFuZCBBQyBjb21wbGV0ZSBE VExTDSAgICAgIG5lZ290aWF0aW9uLg1bTkNXXSBVbmRlciB3aGF0IGNvbmRpdGlvbnMgZG9lcyBE VExTLUluaXQgcmV0dXJuIHRvIHRoZSBpZGxlIHN0YXRlPyAgVGhpcyBuZWVkcyB0byBiZSBkZXNj cmliZWQuICBUaGVyZSBhcmUgZXJyb3IgY29uZGl0aW9ucyB0aGF0IGhhdmUgdG8gYmUgcmVmbGVj dGVkIGFuZCBkZXNjcmliZWQgZm9yIERUTFMgYXMgVExTIHJlY29yZHMgbWF5IGZhaWwgYW5kIGlu IGdlbmVyYWwsIHRoZSBhdXRoZW50aWNhdGlvbiBtYXkgZmFpbCBmb3IgZGlmZmVyZW50IHJlYXNv bnMgd2hpY2ggc2hvdWxkIGFsc28gYmUgZGVzY3JpYmVkIGluIHRoaXMgZHJhZnQuDQ1bTkNXXSBX aHkgZG9lcyB0aGUgc3RhdGUgZGlhZ3JhbSBzaG93IGEgRFRMUy1Jbml0IHRvIEltYWdlIGRhdGE/ ICBJdCBhcHBlYXJzIHRoYXQgdGhlIERUTFMgc2Vzc2lvbiBlc3RhYmxpc2htZW50IGhhcyBub3Qg Y29tcGxldGVkIHVudGlsIHRoZSBEVExTLUNvbXBsZXRlIHN0YXRlIGlzIHJlYWNoZWQuICBKdW1w aW5nIHRvIEltYWdlIERhdGEgZnJvbSBEVExTLUluaXQgaXMgYSBzZWN1cml0eSB2aW9sYXRpb24g YXMgdGhhdCBhbGxvd3MgV1RQIGltYWdlIHVwZGF0ZXMgd2l0aG91dCBhIHByb3BlciBzZWN1cml0 eSBhc3NvY2lhdGlvbi4NDQ0NICAgUnVuIHRvIERUTFMtUmVzZXQgKHUpOiBUaGlzIHN0YXRlIGlz IHVzZWQgdG8FIHdoZW4gdGhlIEFDIG9yIFdUUCB3aXNoDSAgIHRvIHRlYXIgZG93biB0aGUgY29u bmVjdGlvbi4NDQ0gICAgICBXVFA6IFRoZSBXVFAgZW50ZXJzIHRoaXMgc3RhdGUgd2hlbiBpdCB3 aXNoZXMgdG8gaW5pdGlhdGUgb3JkZXJseQ0gICAgICB0ZXJtaW5hdGlvbiBvZiB0aGUgRFRMUyBj b25uZWN0aW9uOyB0aGUgV1RQIHNlbmRzIHRoZSBhIFRMUw0gICAgICBGaW5pc2hlZCBtZXNzYWdl Lg0NDSAgICAgIEFDOiBUaGUgQUMgZW50ZXJzIHRoaXMgc3RhdGUgdXBvbiByZWNlaXB0IG9mIFRM UyBGaW5pc2hlZCBtZXNzYWdlDSAgICAgIGZyb20gdGhlIFdUUC4NDVtOQ1ddIEhvdyBkb2VzIExX QVBQIGFzIGFuIGFwcGxpY2F0aW9uIHdvdWxkIHRyaWdnZXIgdGhlIFRMUyBmaW5pc2hlZD8gRnJv bSBhIHNlY3VyaXR5IHN0YW5kcG9pbnQsIHRoZSBBQyBtdXN0IGVmZmVjdGl2ZWx5IGJsb2NrIGFs bCBMV0FQUCB0cmFmZmljIGFzIHdlbGwsIGlzbpJ0IHRoYXQgd2hhdCB0aGUgb3JpZ2luYWwgUmVz ZXQgc3RhdGUgd2FzIGludGVuZGVkIGZvcj8gIFdoYXQgaXMgdGhlIGRpc3RpbmN0aW9uIGJldHdl ZW4gdGhlIERUTFMtUmVzZXQgYW5kIFJlc2V0IHN0YXRlPyANDSAgIEltYWdlLWRhdGEgdG8gRFRM Uy1SZXNldCAobyk6IFRoaXMgc3RhdGUgaXMgdXNlZCB0byByZXNldCB0aGUNICAgY29ubmVjdGlv biBwcmlvciB0byByZXN0YXJ0aW5nIHRoZSBXVFAgYWZ0ZXIgYW4gaW1hZ2UgZG93bmxvYWQuDQ0N ICAgICAgV1RQOiBUaGUgV1RQIGVudGVycyB0aGlzIHN0YXRlIHdoZW4gaW1hZ2UgZG93bmxvYWQg Y29tcGxldGVzDQ0gICAgICBBQzogVGhlIEFDIGVudGVycyB0aGlzIHN0YXRlIHVwb24gcmVjZWlw dCBvZiBUTFMgRmluaXNoZWQgbWVzc2FnZQ0gICAgICBmcm9tIHRoZSBXVFAuDVtOQ1ddIFRoaXMg ZG9lc26SdCBzZWVtIHF1aXRlIHJpZ2h0hXRoZSBXVFAgk3Nob3VsZJQgcmVib290IG9yIHJlZnJl c2ggaXRzZWxmIHRvIGVuc3VyZSBpdJJzIHVzaW5nIHRoZSBsYXRlc3QgdXBkYXRlLiAgQnV0IHRo YXQgYXNpZGUsIGhvdyBkb2VzIHRoZSBBQyByZWNlaXZlIGEgVExTIEZpbmlzaGVkIG1lc3NhZ2Ug ZnJvbSB0aGUgV1RQPyAgSXQgc2VlbXMgbW9yZSBkZXRlcm1pbmF0ZSB0byBoYXZlIHRoZSBBQyBl bnRlciB0aGUgUmVzZXQgc3RhdGUgYWZ0ZXIgaXQgaGFzIHN1Y2Nlc3NmdWxseSBjb21wbGV0ZWQg dGhlIGltYWdlIGRvd25sb2FkIG9yIG9uIGEgbGluayBlcnJvci4NDSAgIERUTFMtUmVzZXQgdG8g UmVzZXQgKHYpOiBUaGlzIHN0YXRlIGlzIHVzZWQgdG8gY29tcGxldGUgRFRMUyBzZXNzaW9uDSAg IHRlYXItZG93bg0NICAgICAgV1RQOiBUaGUgV1RQIGVudGVycyB0aGlzIHN0YXRlIHdoZW4gaXQg aGFzIGNvbXBsZXRlZCBEVExTIHNlc3Npb24NICAgICAgY2xlYW51cCwgYW5kIGl0IGlzIHJlYWR5 IHRvIGZpbmlzaCBMV0FQUCBzZXNzaW9uIGNsZWFuLXVwLg0NW05DV10gUGxlYXNlIHByb3ZpZGUg bW9yZSBlbGFib3JhdGlvbiBvbiB3aGF0IERUTFMgc2Vzc2lvbiBjbGVhbnVwIG1lYW5zLiAgQWxz bywgdW5kZXIgd2hhdCBjb25kaXRpb25zIGRvZXMgV1RQIGFuZCBBQyBnbyBmcm9tIFJlc2V0IHRv IERUTFMtUmVzZXQ/ICBJIHdvdWxkIHN1Z2dlc3QgbWVyZ2luZyBSZXNldCBhbmQgRFRMUy1SZXNl dCBhcyBiZWluZyB0aGUgc2FtZSBzdGF0ZSBhbmQgaW5jbHVkZSB0aGUgc2VjdXJpdHkgY29uc2lk ZXJhdGlvbnMgaW4gaXRzIGRlc2NyaXB0aW9uLg0NDQ0NDQ0NS2VsbHkgJiBSZXNjb3JsYSAgICAg ICAgICBFeHBpcmVzIEp1bmUgMTUsIDIwMDYgICAgICAgICAgICAgICAgIFtQYWdlIDZdDEludGVy bmV0LURyYWZ0ICAgICAgICAgIFNlY3VyaW5nIExXQVBQIHdpdGggRFRMUyAgICAgICAgICAgRGVj ZW1iZXIgMjAwNQ0NDSAgICAgIEFDOiBUaGUgQUMgZW50ZXJzIHRoaXMgc3RhdGUgd2hlbiBpdCBo YXMgY29tcGxldGVkIERUTFMgc2Vzc2lvbg0gICAgICBjbGVhbnVwLCBhbmQgaXQgaXMgcmVhZHkg dG8gZmluaXNoIExXQVBQIHNlc3Npb24gY2xlYW4tdXAuDQ0gICBSdW4gdG8gRFRMUy1SZWtleSAo eCk6IFRoaXMgc3RhdGUgaXMgdXNlZCB0byBpbml0aWF0ZSBhIG5ldyBEVExTDSAgIGhhbmRzaGFr ZS4gIEVpdGhlciB0aGUgV1RQIG9yIEFDIG1heSBpbml0aWF0ZSB0aGUgc3RhdGUgdHJhbnNpdGlv bi4NICAgSXQgaXMgaW1wb3J0YW50IHRvIG5vdGUgdGhhdCB0aGlzIG1pZ2h0IG1vcmUgYWNjdXJh dGVseSBiZSB0ZXJtZWQgYQ0gICAibWV0YS1zdGF0ZSIsIGFzIHRoZSBEVExTIHJlLWhhbmRzaGFr ZSBpcyB0cmFuc3BhcmVudCB0byB0aGUgTFdBUFANICAgcHJvdG9jb2wsIGFuZCBtYXkgZXZlbiBi ZSBpbnRlcnBlcnNlZCB3aXRoIG90aGVyIExXQVBQIGNvbnRyb2wNICAgbWVzc2FnZXMuDQ0gICAg ICBXVFA6IFRoZSBXVFAgZW50ZXJzIHRoaXMgc3RhdGUgd2hlbiBlaXRoZXIgKDEpIGEgcmVrZXkg aXMNICAgICAgcmVxdWlyZWQsIG9yICgyKSB0aGUgQUMgaW5pdGlhdGVzIGEgRFRMUyBoYW5kc2hh a2UuDQ0gICAgICBBQzogVGhlIEFDIGVudGVycyB0aGlzIHN0YXRlIHdoZW4gZWl0aGVyICgxKSBh IHJla2V5IGlzIHJlcXVpcmVkLA0gICAgICBvciAoMikgdGhlIFdUUCBpbml0aWF0ZXMgYSBEVExT IGhhbmRzaGFrZS4NW05DV10gUGxlYXNlIGVsYWJvcmF0ZSBvbiB0aGUgcmVrZXkgcHJvdG9jb2wg dXNlZCBpbiBEVExTIGFzIGl0IGlzIG5vdCBleHBsaWNpdGx5IGRlc2NyaWJlZCBpbiB0aGUgZHJh ZnQtcmVzY29ybGEtZHRscy0wNS50eHQgZHJhZnQuICBBbHNvLCB0aGVyZSBhcmUgc2VjdXJpdHkg aW1wbGljYXRpb25zIGluIGtleSBzeW5jaHJvbml6YXRpb24gYW5kIG90aGVyIExXQVBQIHRyYWZm aWMgZHVyaW5nIHRoaXMga2V5IGV4Y2hhbmdlIGFzIHRoaXMgZHJhZnQgaXMgYWxsb3dpbmcgaXQg dG8gaGFwcGVuIJNpbnRlcnNwZXJzZWSUICBpbiBMV0FQUC4gIEkgYW0gYXNzdW1pbmcgdGhhdCBi eSB0aGUgdXNlIG9mIHRoZSBlcG9jaCwgdGhlIHN5c3RlbSBtYXkgZGVmaW5lIGEgcmVwbGF5IHdp bmRvdyBieSB3aGljaCBtb3JlIHRoYW4gb25lIGtleSBjYW4gYmUgbGl2ZSB0byBhbGxvdyBmb3Ig dGhlIHJla2V5cyB0byB3b3JrLiAgSG93ZXZlciwgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgbXVz dCBiZSBkZXNjcmliZWQgdG8gYmV0dGVyIGFuYWx5emUgdGhlIHNlY3VyaXR5IGltcGxpY2F0aW9u cyBmb3IgdGhpcyBhcHBsaWNhdGlvbi4NDSAgIERUTFMtUmVrZXkgdG8gUmVzZXQgKHopOiBUaGlz IHN0YXRlIGlzIHVzZWQgdG8gY2xlYW4gdXAgd2hlbiBhIERUTFMNICAgaGFuZHNoYWtlIGZhaWxz Lg0NICAgICAgV1RQOiBUaGUgV1RQIGVudGVycyB0aGlzIHN0YXRlIHdoZW4gYSBEVExTIGhhbmRz aGFrZSBmYWlscy4NDSAgICAgIEFDOiBUaGUgQUMgZW50ZXJzIHRoaXMgc3RhdGUgd2hlbiBhIERU TFMgaGFuZHNoYWtlIGZhaWxzLg1bTkNXXSBBcyBub3RlZCBhYm92ZSwgdGhlIHJla2V5IHByb3Rv Y29sIGFuZCBtZWNoYW5pc20gbmVlZHMgdG8gYmUgZGVzY3JpYmVkIGFuZCBieSB0aGlzIGRlc2Ny aXB0aW9uLCBpdCBzZWVtcyB0aGF0IHRoZSBSZXNldCBhbmQgRFRMUy1SZXNldCBhcmUgZXF1aXZh bGVudCBzdGF0ZXM/DQ0yLjEuICBDb250cm9sL0RhdGEgQ2hhbm5lbCBDb25zaWRlcmF0aW9ucw0N ICAgTm90ZSB0aGF0IHdoaWxlIHRoaXMgc2NoZW1lIHNlZW1zIHF1aXRlIHNpbXBsZSBhdCBmaXJz dCBnbGFuY2UsIHRoZXJlDSAgIGlzIG9uZSBjb21wbGljYXRpb24uICBDdXJyZW50bHksIExXQVBQ IG9ubHkgYXBwbGllcyBzZWN1cml0eSB0bw0gICBjb250cm9sIGNoYW5uZWwgY29tbXVuaWNhdGlv bnMsIGFuZCByZWxpZXMgdXBvbiBleHRlcm5hbCBmYWNpbGl0aWVzDSAgIGZvciBzZWN1cmluZyB1 c2VyIGRhdGEuICBJbiBvcmRlciB0byBwcmVzZXJ2ZSB0aGlzIGNvbnZlbnRpb24sIHdlDSAgIG11 c3QgYmUgYWJsZSB0byBkaXN0aW5ndWlzaCBiZXR3ZWVuIGNvbnRyb2wgYW5kIGRhdGEgcGFja2V0 cywNICAgZm9yd2FyZGluZyBvbmx5IGNvbnRyb2wgcGFja2V0cyB0byB0aGUgRFRMUyBlbmdpbmUu DQ0gICBUaGlzIHRhc2sgaXMgY29tcGxpY2F0ZWQgYnkgdGhlIGZhY3QgdGhhdCBMV0FQUCBjdXJy ZW50bHkNICAgZGlzdGluZ3Vpc2hlcyBiZXR3ZWVuIGNvbnRyb2wgYW5kIGRhdGEgdHJhZmZpYyB1 c2luZyB0aGUgJ0MnIGJpdCBpbg0gICB0aGUgTFdBUFAgaGVhZGVyLiAgVGhpcyBpcyBwb3NzaWJs ZSBldmVuIG9uIHRoZSBlbmNyeXB0ZWQgY29udHJvbA0gICBjaGFubmVsIGJlY2F1c2UgdGhlIExX QVBQIGhlYWRlciBpcyBub3QgZW5jcnlwdGVkIC0gaW4gdGhlIGNhc2Ugb2YNICAgdGhlIGNvbnRy b2wgY2hhbm5lbCwgaXQgaXMgb25seSBhdXRoZW50aWNhdGVkOg0NICAgICAgICArLS0tLS0tLS0r LS0tLS0tLS0tKy0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rLS0tLS0tLS0t LS0rDSAgICAgICAgfCBJUCBIZHIgfCBVRFAgSGRyIHwgTFdBUFAgSGRyIHwgICAgIERhdGEgICAg ICAgICAgICAgICAgfCBMV0FQUCBUbHIgfA0gICAgICAgICstLS0tLS0tLSstLS0tLS0tLS0rLS0t LS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSstLS0tLS0tLS0tLSsNICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXC0tLS0tLSBlbmNyeXB0ZWQgIC0tLS0tLS8N ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFwtLS0tLS0tLSBhdXRoZW50aWNhdGVkIC0tLS0t LS0tLS0tLw0NICAgICAgICAgICAgICAgICAgRmlndXJlIDI6IEN1cnJlbnQgTFdBUFAgUGFja2V0 IFNlY3VyaXR5DQ0gICBEVExTLCBvbiB0aGUgb3RoZXIgaGFuZCwgcHJvdmlkZXMgZm9yIHNlY3Vy aW5nIHRoZSBlbnRpcmUgY2hhbm5lbC4NICAgSWYgdGhlIExXQVBQIHBhY2tldHMgYXJlIGVuY2Fw c3VsYXRlZCB3aXRoaW4gRFRMUywgdGhlIExXQVBQIGhlYWRlcg0NDQ1LZWxseSAmIFJlc2Nvcmxh ICAgICAgICAgIEV4cGlyZXMgSnVuZSAxNSwgMjAwNiAgICAgICAgICAgICAgICAgW1BhZ2UgN10M SW50ZXJuZXQtRHJhZnQgICAgICAgICAgU2VjdXJpbmcgTFdBUFAgd2l0aCBEVExTICAgICAgICAg ICBEZWNlbWJlciAyMDA1DQ0NICAgd2lsbCBiZSBlbmNyeXB0ZWQ6DQ0gICAgICAgICstLS0tLS0t LSstLS0tLS0tLS0rLS0tLS0tLS0tKy0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0rLS0tLS0tLS0t LSsNICAgICAgICB8IElQIEhkciB8IFVEUCBIZHIgfERUTFMgSGRyIHwgTFdBUFAgSGRyIHwgICAg IERhdGEgICAgfCBEVExTIFRsciB8DSAgICAgICAgKy0tLS0tLS0tKy0tLS0tLS0tLSstLS0tLS0t LS0rLS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0tLSstLS0tLS0tLS0tKw0gICAgICAgICAgICAgICAg ICAgICAgICAgICAgXC0tLS0tLS0tLSBhdXRoZW50aWNhdGVkIC0tLS0tLS0tLS8NICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFwtLS0tLS0tLS0tLS0gZW5jcnlwdGVkICAtLS0t LS0tLS0tLS8NDSAgICAgICAgICAgICAgICAgIEZpZ3VyZSAzOiBMV0FQUCtEVExTIFBhY2tldCBT ZWN1cml0eQ0NDSAgIEEgZGlyZWN0IGNvbnNlcXVlbmNlIG9mIHRoaXMgaXMgdGhhdCB3aXRoIERU TFMgZW5jYXBzdWxhdGlvbiwgd2UNICAgY2Fubm90IGRpc3Rpbmd1aXNoIGJldHdlZW4gY29udHJv bCB0cmFmZmljIGFuZCBkYXRhIHdpdGhvdXQgZmlyc3QNICAgZGVjcnlwdGluZyB0aGUgcGFja2V0 IC0gdGhpcyBtZWFucyB3ZSBtdXN0IGVzdGFibGlzaCBzZXBhcmF0ZQ0gICBjaGFubmVscyBpZiB3 ZSBkbyBub3Qgd2lzaCB0byBlbmNyeXB0IGRhdGEgY2hhbm5lbCB0cmFmZmljLiAgVHdvDSAgIG1l dGhvZHMgZm9yIGFjY29tcGxpc2hpbmcgdGhpcyBhcmUgZGlzY3Vzc2VkIGJlbG93Lg1bTkNXXSBG b3IgY2xhcml0eSwgaXQgd291bGQgYmUgdXNlZnVsIHRvIHByZWNlZGUgdGhpcyBzZWN0aW9uIHdp dGggYSBkZXNjcmlwdGlvbiBvZiB0aGUgRFRMUyBlbmNhcHN1bGF0aW9uIGFzIExXQVBQIG92ZXIg RFRMUyBhcyBJIGJlbGlldmUgdGhlIGFib3ZlIGRlc2NyaXB0aW9uIGhhcyBpbnN0YW50aWF0ZWQg KHVwIHVudGlsIHRoaXMgc2VjdGlvbiwgaXQgd2FzIHVuY2xlYXIgYXMgdG8gaG93IHRoZSB0cmFu c3BvcnQgbGF5ZXJpbmcgd2FzIGJlaW5nIGludm9rZWQpLiAgV2l0aCB0aGlzIGVuY2Fwc3VsYXRp b24sIHRoZXJlIG11c3QgYmUgc29tZSBtZWNoYW5pc20gYnkgd2hpY2ggZHVyaW5nIHRoZSBEVExT IGF1dGhlbnRpY2F0aW9uIHRoZSByb2xlcyBvZiBlYWNoIG11c3QgYmUgYXNzZXJ0ZWQgdG8gZW5z dXJlIHRoYXQgdGhlIGtleXMgcmVzdWx0aW5nIGZyb20gYSBzdWNjZXNzZnVsIERUTFMgYXV0aGVu dGljYXRpb24gYXJlIHVzZWQgdG8gb25seSBwcm90ZWN0IExXQVBQLg0NMi4xLjEuICBTZXBhcmF0 ZSBDb250cm9sL0RhdGEgQ2hhbm5lbCBQb3J0cw0NICAgVGhlIHNpbXBsZXN0IHNvbHV0aW9uIGVu dGFpbHMgdXNpbmcgc2VwYXJhdGUgcG9ydHMgZm9yIExXQVBQIGNvbnRyb2wNICAgYW5kIGRhdGEg dHJhZmZpYywgd2l0aCBEVExTIHNlY3VyaW5nIG9ubHkgdGhlIGNvbnRyb2wgY2hhbm5lbC4gIFRo ZQ0gICBjb250cm9sIHRyYWZmaWMgY291bGQgY29udGludWUgdG8gdXRpbGl6ZSB0aGUgY3VycmVu dCB3ZWxsLWtub3duDSAgIExXQVBQIHBvcnQuICBGb3IgdGhlIGRhdGEgY2hhbm5lbCwgYSBuZXcg cG9ydCBjb3VsZCBiZSBhc3NpZ25lZCBieQ0gICBJQU5BLCBvciBpdCBjb3VsZCBpbnN0ZWFkIGJl IHNwZWNpZmllZCBieSB0aGUgQUMgYWZ0ZXIgdGhlIERUTFMNICAgc2Vzc2lvbiBpcyBlc3RhYmxp c2hlZCwgcHJvdmlkaW5nIHNvbWUgYWRkaXRpb25hbCBmbGV4aWJpbGl0eS4gIE5vdGUNICAgdGhh dCB0aGlzIHNvbHV0aW9uIHdpbGwgbm90IHdvcmsgZm9yIGxheWVyIDIgTFdBUFAgZW5jYXBzdWxh dGlvbi4NICAgSG93ZXZlciwgaWYgTDIgc3VwcG9ydCBpcyB0byBiZSByZW1vdmVkIGZyb20gTFdB UFAsIHRoaXMgcG9pbnQgaXMNICAgbW9vdC4NW05DV10gSSBkbyBub3QgdW5kZXJzdGFuZCBob3cg dGhpcyBwcm9wb3NlZCBzY2hlbWUgd291bGQgd29yayBhcyB0aGUgZW50aXJlIGx3YXAgY29uc3Ry dWN0aW9uIGlzIGVuY3J5cHRlZD8NDTIuMS4yLiAgQWRkaW5nIGEgUHJvdG9jb2wgTXV4DQ0gICBB biBhbHRlcm5hdGl2ZSBzb2x1dGlvbiBlbnRhaWxzIGFkZGluZyBhIHByb3RvY29sIG11bHRpcGxl eGVyIG1vZHVsZQ0gICBiZXR3ZWVuIHRoZSBwYWNrZXQgaW5wdXQvb3V0cHV0IGFuZCB0aGUgRFRM UyBtb2R1bGVzLCBhbmQgYWRkaW5nIGFuDSAgIGFkZGl0aW9uYWwgc21hbGwgYXNzb2NpYXRlZCBM V0FQUCBoZWFkZXIgYmV0d2VlbiB0aGUgVURQIGhlYWRlciBhbmQNICAgdGhlIERUTFMgcmVjb3Jk IGxheWVyIGhlYWRlci4gIFdoaWxlIHRoaXMgTFdBUFAgaGVhZGVyIG5lZWQgb25seQ0gICBjb250 YWluIGEgc2luZ2xlIGJpdCB0byBkaWZmZXJlbnRpYXRlIGJldHdlZW4gY29udHJvbC9kYXRhIHRy YWZmaWMsDSAgIGFsaWdubWVudCBjb25jZXJucyBzdWdnZXN0IHRoZSBoZWFkZXIgd291bGQgbW9z dCBsaWtlbHkgYmUgZWl0aGVyIDMyDSAgIG9yIDY0IGJpdHMgaW4gbGVuZ3RoLg1bTkNXXSBJcyB0 aGUgaW50ZW50IHRvIGFsbG93IGZvciBhbiBhdXRoZW50aWNhdGVkIGJ1dCB1bmVuY3J5cHRlZCBo ZWFkZXIgdG8gYmUgdHJhbnNwb3J0ZWQ/DQ0NDQ0NMy4gIEVuZHBvaW50IEF1dGhlbnRpY2F0aW9u IHVzaW5nIERUTFMNDVtOQ1ddIEkgd291bGQgbGlrZSB0byBzZWUgYSBzZWN1cml0eSBjb25zaWRl cmF0aW9ucyBzZWN0aW9ucyBmb3IgdGhlIGRpZmZlcmVudCBhdXRoZW50aWNhdGlvbiBtZXRob2Rz IHVzaW5nIERUTFMuICBUaGUgY3VycmVudCBMV0FQUCBzcGVjaWZpY2F0aW9uIGVuZm9yY2VzIG11 dHVhbCBhdXRoZW50aWNhdGlvbiB0aHJvdWdoIEpvaW4gcmVxdWVzdC9yZXNwb25zZSBleGNoYW5n ZSByZXF1aXJpbmcgZWFjaCBwYXJ0aWNpcGFudCB0byBwcmVzZW50IGEgY3JlZGVudGlhbC4gIFRo aXMgaXMgbm90IGVuZm9yY2VkIGluIFRMUyBhbmQgdGh1cyBjYW4gbGVhZCB0byBkaWZmZXJlbnQg c2VjdXJpdHkgdGhyZWF0IGNvbnNpZGVyYXRpb25zLiAgDQ0gICBDdXJyZW50bHksIExXQVBQIHN1 cHBvcnRzIGF1dGhlbnRpY2F0aW9uIHVzaW5nIGVpdGhlciBwdWJsaWMga2V5DSAgIGNlcnRpZmlj YXRlcyBvciBzaGFyZWQgc2VjcmV0cyAocHJlLXNoYXJlZCBrZXlzKS4gIERUTFMgc3VwcG9ydA0g ICBpbXBsaWVzIG5vIGNoYW5nZXMgaW4gdGhpcyByZWdhcmQuICBDZXJ0aWZpY2F0ZS1iYXNlZCBh dXRoZW50aWNhdGlvbg0gICBpcyBuYXRpdmVseSBzdXBwb3J0ZWQsIGFuZCBzdXBwb3J0IGZvciBw cmVzaGFyZWQga2V5cyBpcyBjdXJyZW50bHkNICAgcHJvZ3Jlc3NpbmcgdG93YXJkIHN0YW5kYXJk aXphdGlvbiAoc2VlIFtUTFMtUFNLXSkuICBCZWxvdyB3ZQ0gICBkZXNjcmliZSBzdXBwb3J0ZWQg VExTIGFsZ29yaXRobSBzdWl0ZXMgZm9yIGVhY2ggZW5kcG9pbnQNDQ0NS2VsbHkgJiBSZXNjb3Js YSAgICAgICAgICBFeHBpcmVzIEp1bmUgMTUsIDIwMDYgICAgICAgICAgICAgICAgIFtQYWdlIDhd DEludGVybmV0LURyYWZ0ICAgICAgICAgIFNlY3VyaW5nIExXQVBQIHdpdGggRFRMUyAgICAgICAg ICAgRGVjZW1iZXIgMjAwNQ0NDSAgIGF1dGhlbnRpY2F0aW9uIG1ldGhvZC4NDTMuMS4gIEF1dGhl bnRpY2F0aW5nIHdpdGggQ2VydGlmaWNhdGVzDQ0gICBOb3RlIHRoYXQgb25seSBibG9jayBjaXBo ZXJzIGFyZSBjdXJyZW50bHkgcmVjb21tZW5kZWQgZm9yIHVzZSB3aXRoDSAgIERUTFMuICBUbyB1 bmRlcnN0YW5kIHRoZSByZWFzb25pbmcgYmVoaW5kIHRoaXMsIHNlZSBbRFRMUy1ERVNJR05dLg0g ICBUaGUgZm9sbG93aW5nIGFsZ29yaXRobXMgTVVTVCBiZSBzdXBwb3J0ZWQgd2hlbiB1c2luZyBj ZXJ0aWZpY2F0ZXMNICAgZm9yIExXQVBQIGF1dGhlbnRpY2F0aW9uOg0NICAgbyAgVExTX1JTQV9X SVRIX0FFU18xMjhfQ0JDX1NIQQ0NICAgbyAgVExTX1JTQV9XSVRIXzNERVNfRURFX0NCQ19TSEEN DSAgIFRoZSBmb2xsb3dpbmcgYWxnb3JpdGhtcyBTSE9VTEQgYmUgc3VwcG9ydGVkIHdoZW4gdXNp bmcgY2VydGlmaWNhdGVzOg0NICAgbyAgVExTX0RIX1JTQV9XSVRIX0FFU18xMjhfQ0JDX1NIQQ0N ICAgbyAgVExTX0RIX1JTQV9XSVRIXzNERVNfRURFX0NCQ19TSEENDSAgIFRoZSBmb2xsb3dpbmcg YWxnb3JpdGhtcyBNQVkgYmUgc3VwcG9ydGVkIHdoZW4gdXNpbmcgY2VydGlmaWNhdGVzOg0NICAg byAgVExTX1JTQV9XSVRIX0FFU18yNTZfQ0JDX1NIQQ0NICAgbyAgVExTX0RIX1JTQV9XSVRIX0FF U18yNTZfQ0JDX1NIQQ0NICAgQ2VydGlmaWNhdGVzIHNob3VsZCBiZSB2ZXJpZmllZCBpbiB0aGUg c2FtZSBtYW5uZXIgYXMgY3VycmVudGx5DSAgIHNwZWNpZmllZCBpbiBMV0FQUC4NDTMuMi4gIEF1 dGhlbnRpY2F0aW5nIHdpdGggUHJlc2hhcmVkIEtleXMNDSAgIFByZS1zaGFyZWQga2V5cyBwcmVz ZW50IHNpZ25pZmljYW50IGNoYWxsZW5nZXMgZnJvbSBhIHNlY3VyaXR5DSAgIHBlcnNwZWN0aXZl LCBhbmQgZm9yIHRoYXQgcmVhc29uLCB0aGVpciB1c2UgaXMgc3Ryb25nbHkgZGlzY291cmFnZWQu DSAgIEhvd2V2ZXIsIFtUTFMtUFNLXSBkZWZpbmVzIDMgZGlmZmVyZW50IG1ldGhvZHMgZm9yIGF1 dGhlbnRpY2F0aW5nDSAgIHdpdGggcHJlc2hhcmVkIGtleXM6DQ0gICBvICBQU0sga2V5IGV4Y2hh bmdlIGFsZ29yaXRobSAtIHNpbXBsZXN0IG1ldGhvZCwgY2lwaGVyc3VpdGVzIHVzZQ0gICAgICBv bmx5IHN5bW1ldHJpYyBrZXkgYWxnb3JpdGhtcw0NICAgbyAgREhFX1BTSyBrZXkgZXhjaGFuZ2Ug YWxnb3JpdGhtIC0gdXNlIGEgUFNLIHRvIGF1dGhlbnRpY2F0ZSBhDSAgICAgIERpZmZpZS1IZWxs bWFuIGV4Y2hhbmdlLiAgVGhlc2UgY2lwaGVyc3VpdGVzIGdpdmUgc29tZSBhZGRpdGlvbmFsDSAg ICAgIHByb3RlY3Rpb24gYWdhaW5zdCBkaWN0aW9uYXJ5IGF0dGFja3MgYW5kIGFsc28gcHJvdmlk ZSBQZXJmZWN0DSAgICAgIEZvcndhcmQgU2VjcmVjeSAoUEZTKS4NDSAgIG8gIFJTQV9QU0sga2V5 IGV4Y2hhbmdlIGFsZ29yaXRobSAtIHVzZSBSU0EgYW5kIGNlcnRpZmljYXRlcyB0bw0gICAgICBh dXRoZW50aWNhdGUgdGhlIHNlcnZlciwgaW4gYWRkaXRpb24gdG8gdXNpbmcgYSBQU0suICBOb3QN ICAgICAgc3VzY2VwdGlibGUgdG8gcGFzc2l2ZSBhdHRhY2tzLg0NICAgVGhlIGZpcnN0IGFwcHJv YWNoIChQU0spIGlzIHN1c2NlcHRpYmxlIHRvIHBhc3NpdmUgZGljdGlvbmFyeQ0NDQ1LZWxseSAm IFJlc2NvcmxhICAgICAgICAgIEV4cGlyZXMgSnVuZSAxNSwgMjAwNiAgICAgICAgICAgICAgICAg W1BhZ2UgOV0MSW50ZXJuZXQtRHJhZnQgICAgICAgICAgU2VjdXJpbmcgTFdBUFAgd2l0aCBEVExT ICAgICAgICAgICBEZWNlbWJlciAyMDA1DQ0NICAgYXR0YWNrczsgaGVuY2UsIHRoYXQgbWV0aG9k IE1VU1QgTk9UIGJlIHVzZWQuICBJZiBzdXBwb3J0IGZvciBwcmUtDSAgIHNoYXJlZCBrZXlzIGlz IGRlc2lyZWQsIHRoZW4gREhFX1BTSyBNVVNUIGJlIHN1cHBvcnRlZCwgYW5kIFJTQV9QU0sNICAg TUFZIGJlIHN1cHBvcnRlZC4NDSAgIFRoZSBmb2xsb3dpbmcgY3J5cHRvZ3JhcGhpYyBhbGdvcml0 aG1zIE1VU1QgYmUgc3VwcG9ydGVkIHdoZW4gdXNpbmcNICAgcHJlc2hhcmVkIGtleXM6DQ0gICBv ICBUTFNfUFNLX1dJVEhfQUVTXzEyOF9DQkNfU0hBDQ0gICBvICBUTFNfUFNLX1dJVEhfM0RFU19F REVfQ0JDX1NIQQ0NICAgVGhlIGZvbGxvd2luZyBhbGdvcml0aG1zIFNIT1VMRCBiZSBzdXBwb3J0 ZWQgd2hlbiB1c2luZyBwcmVzaGFyZWQNICAga2V5czoNDSAgIG8gIFRMU19QU0tfV0lUSF9BRVNf MjU2X0NCQ19TSEENDSAgIFRoZSBmb2xsb3dpbmcgYWxnb3JpdGhtcyBNQVkgYmUgc3VwcG9ydGVk IHdoZW4gdXNpbmcgcHJlc2hhcmVkIGtleXM6DQ0gICBvICBUTFNfUlNBX1BTS19XSVRIX0FFU18x MjhfQ0JDX1NIQQ0NICAgbyAgVExTX1JTQV9QU0tfV0lUSF9BRVNfMjU2X0NCQ19TSEENDSAgIG8g IFRMU19SU0FfUFNLX1dJVEhfM0RFU19FREVfQ0JDX1NIQQ0NDTQuICBDb25jbHVzaW9ucw0NICAg RFRMUyByZXByZXNlbnRzIGEgc3Ryb25nIHJlcGxhY2VtZW50IGNhbmRpZGF0ZSBmb3IgdGhlIGV4 aXN0aW5nIExXQVBQDSAgIHNlY3VyaXR5IHNjaGVtZS4gIEluIGFkZGl0aW9uIHRvIGJlaW5nIGEg a25vd24gcXVhbnRpdHkgd2hpY2ggaGFzDSAgIHJlY2VpdmVkIGFuZCB3aWxsIGNvbnRpbnVlIHRv IHJlY2VpdmUgYSBoZWFsdGh5IGRvc2Ugb2Ygb25nb2luZw0gICBhbmFseXNpcyBhbmQgcmV2aWV3 IGZyb20gdGhlIGNyeXB0b2dyYXBoaWMgY29tbXVuaXR5LCBpdCBzdXBwb3J0cyBhbGwNICAgcmVx dWlyZWQgTFdBUFAgc2VjdXJpdHkgZnVuY3Rpb25hbGl0eSwgYW5kIGFsc28gcHJvdmlkZXMgZm9y DSAgIGFsZ29yaXRobSBhZ2lsaXR5IHNob3VsZCB0aGUgbmVlZCBhcmlzZS4gIEZ1cnRoZXIsIGl0 cyBuZWdvdGlhdGlvbg0gICBjYXBhYmlsaXR5IHByb3ZpZGVzIGZvciBhIG1lYXN1cmUgb2YgaW1w bGVtZW50YXRpb24gZmxleGliaWxpdHkgbm90DSAgIHBvc3NpYmxlIHdpdGggdGhlIGN1cnJlbnQg TFdBUFAgc2NoZW1lLg0NICAgV2hpbGUgaXQgaXMgbm90IGEgZHJvcC1pbiByZXBsYWNlbWVudCwg aXQgcmVxdWlyZXMgYSByZWFzb25hYmx5DSAgIGJvdW5kZWQgYW1vdW50IG9mIGNoYW5nZSB0byB0 aGUgZXhpc3Rpbmcgc3RhdGUgbWFjaGluZSBhbmQgcGFja2V0DSAgIGZvcm1hdHMuICBBcyBub3Rl ZCwgc2luY2UgRFRMUyBkb2VzIG5vdCBwcm92aWRlIGZvciB1bmVxdWFsDSAgIGVuY3J5cHRpb24g dnMgYXV0aGVudGljYXRpb24gbGVuZ3RocyB3aXRoaW4gYSBwYWNrZXQsIGl0IHJlcXVpcmVzDSAg IGFkZGluZyBlaXRoZXIgYSBzZWNvbmRhcnkgZGF0YSBwb3J0IG9yIGEgc2hvcnQgZGVtdXggaGVh ZGVyLg0NDTUuICBTZWN1cml0eSBDb25zaWRlcmF0aW9ucw0NICAgVGhlIHNlY3VyaXR5IG9mIExX QVBQIG92ZXIgRFRMUyBpcyBjb21wbGV0ZWx5IGRlcGVuZGVudCBvbiB0aGUNICAgc2VjdXJpdHkg b2YgRFRMUy4gIEFueSBmbGF3cyBpbiBEVExTIGNvbXByb21pc2UgdGhlIHNlY3VyaXR5IG9mDSAg IExXQVBQLiAgSW4gcGFydGljdWxhciwgaXQgaXMgY3JpdGljYWwgdGhhdCB0aGUgY29tbXVuaWNh dGluZyBwYXJ0aWVzDQ0NDUtlbGx5ICYgUmVzY29ybGEgICAgICAgICAgRXhwaXJlcyBKdW5lIDE1 LCAyMDA2ICAgICAgICAgICAgICAgIFtQYWdlIDEwXQxJbnRlcm5ldC1EcmFmdCAgICAgICAgICBT ZWN1cmluZyBMV0FQUCB3aXRoIERUTFMgICAgICAgICAgIERlY2VtYmVyIDIwMDUNDQ0gICB2ZXJp ZnkgdGhlaXIgcGVlcidzIGNyZWRlbnRpYWxzLiAgSW4gdGhlIGNhc2Ugb2YgcHJlLXNoYXJlZCBr ZXlzLA0gICB0aGlzIGhhcHBlbnMgYXV0b21hdGljYWxseSB2aWEgdGhlIGtleS4gIEluIHRoZSBj YXNlIG9mIGNlcnRpZmljYXRlcywNICAgdGhlIHBhcnRpZXMgbXVzdCBjaGVjayB0aGUgcGVlcidz IGNlcnRpZmljYXRlLiAgVGhlIGFwcHJvcHJpYXRlDSAgIGNoZWNrcyBhcmUgZGVzY3JpYmVkIGlu IHRoZSBjdXJyZW50IExXQVBQIGRvY3VtZW50DQ0gICBUaGUgdXNlIG9mIHBhcmFsbGVsIHByb3Rl Y3RlZCBhbmQgdW5wcm90ZWN0ZWQgY2hhbm5lbHMgZGVzZXJ2ZXMNICAgc3BlY2lhbCBjb25zaWRl cmF0aW9uLCBidXQgZG9lcyBub3QgY3JlYXRlIGEgdGhyZWF0LiAgVGhlcmUgYXJlIHR3bw0gICBw b3RlbnRpYWwgY29uY2VybnM6IGF0dGVtcHRpbmcgdG8gY29udmVydCBwcm90ZWN0ZWQgZGF0YSBp bnRvIHVuLQ0gICBwcm90ZWN0ZWQgZGF0YSBhbmQgYXR0ZW1wdGluZyB0byBjb252ZXJ0IHVuLXBy b3RlY3RlZCBkYXRhIGludG8NICAgcHJvdGVjdGVkIGRhdGEuICBUaGUgdXNlIG9mIHRoZSBNQUMg bWFrZXMgaXQgaW1wb3NzaWJsZSBmb3IgdGhlDSAgIGF0dGFja2VyIHRvIGZvcmdlIHByb3RlY3Rl ZCByZWNvcmRzLiAgVGhlIGF0dGFja2VyIGNhbiBlYXNpbHkgcmVtb3ZlDSAgIHByb3RlY3RlZCBy ZWNvcmRzIGZyb20gdGhlIHN0cmVhbSAodGhpcyBpcyBhIGNvbnNlcXVlbmNlIG9mDSAgIHVucmVs aWFiaWxpdHkpLCB0aG91Z2ggbm90IHVuZGV0ZWN0YWJseSBzby4gIElmIGEgbm9uLWVuY3J5cHRl ZA0gICBjaXBoZXIgc3VpdGUgaXMgaW4gdXNlLCB0aGUgYXR0YWNrZXIgY2FuIHR1cm4gc3VjaCBh IHJlY29yZCBpbnRvIGFuDSAgIHVuLXByb3RlY3RlZCByZWNvcmQuICBIb3dldmVyLCB0aGlzIGF0 dGFjayBpcyByZWFsbHkgbm8gZGlmZmVyZW50DSAgIGZyb20gc2ltcGxlIGluamVjdGlvbiBpbnRv IHRoZSB1bnByb3RlY3RlZCBzdHJlYW0uDQ0NNi4gIElBTkEgQ29uc2lkZXJhdGlvbnMNDSAgIFNo b3VsZCBhIHNlcGFyYXRlIFVEUCBwb3J0IGZvciBkYXRhIGNoYW5uZWwgY29tbXVuaWNhdGlvbnMg YmUgdGhlDSAgIHNlbGVjdGVkIGRlbXVsdGlwbGV4aW5nIG1lY2hhbmlzbSwgYSBwb3J0IG11c3Qg YmUgYXNzaWduZWQgZm9yIHRoaXMNICAgcHVycG9zZS4gIFNob3VsZCBhIGRlbXVsdGlwbGV4aW5n IGhlYWRlciBiZSB1c2VkIGluc3RlYWQsIHRoZXJlIG1heQ0gICBiZSBhZGRpdGlvbmFsIElBTkEg cmVxdWlyZW1lbnRzICh3ZSdsbCBjcm9zcyB0aGF0IGJyaWRnZSBpZiB3ZSBjb21lDSAgIHRvIGl0 KS4NDQ03LiAgUmVmZXJlbmNlcw0NNy4xLiAgTm9ybWF0aXZlIFJlZmVyZW5jZXMNDSAgIFtEVExT XSAgICAgUmVzY29ybGEgZXQgYWwsIEUuLCAiRGF0YWdyYW0gVHJhbnNwb3J0IExheWVyIFNlY3Vy aXR5IiwNICAgICAgICAgICAgICBKdW5lIDIwMDQuDQ0gICBbTFdBUFBdICAgIENhbGhvdW4gZXQg YWwsIFAuLCAiTGlnaHQgV2VpZ2h0IEFjY2VzcyBQb2ludCBQcm90b2NvbCIsDSAgICAgICAgICAg ICAgSnVuZSAyMDA1LCA8aHR0cDovL3d3dy5pZXRmLm9yZz4uDQ0gICBbVExTLVBTS10gIEVyb25l biBldCBhbCwgUC4sICJQcmUtU2hhcmVkIEtleSBDaXBoZXJzdWl0ZXMgZm9yDSAgICAgICAgICAg ICAgVHJhbnNwb3J0IExheWVyIFNlY3VyaXR5IChUTFMpIiwgSnVuZSAyMDA1Lg0NNy4yLiAgSW5m b3JtYXRpdmUgUmVmZXJlbmNlcw0NICAgW0NBUFdBUC1FVkFMXQ0gICAgICAgICAgICAgIExvaHJl ciBldCBhbCwgRC4sICJFdmFsdWF0aW9uIG9mIENhbmRpZGF0ZSBDQVBXQVANICAgICAgICAgICAg ICBQcm90b2NvbHMiLCBBdWd1c3QgMjAwNSwgPGh0dHA6Ly93d3cuaWV0Zi5vcmc+Lg0NICAgW0RU TFMtREVTSUdOXQ0gICAgICAgICAgICAgIE1vZGFkdWd1IGV0IGFsLCBOLiwgIlRoZSBEZXNpZ24g YW5kIEltcGxlbWVudGF0aW9uIG9mDQ0NDUtlbGx5ICYgUmVzY29ybGEgICAgICAgICAgRXhwaXJl cyBKdW5lIDE1LCAyMDA2ICAgICAgICAgICAgICAgIFtQYWdlIDExXQxJbnRlcm5ldC1EcmFmdCAg ICAgICAgICBTZWN1cmluZyBMV0FQUCB3aXRoIERUTFMgICAgICAgICAgIERlY2VtYmVyIDIwMDUN DQ0gICAgICAgICAgICAgIERhdGFncmFtIFRMUyIsIEZlYiAyMDA0Lg0NICAgW0xXQVBQLVNFQ10N ICAgICAgICAgICAgICBDbGFuY3ksIEMuLCAiU2VjdXJpdHkgUmV2aWV3IG9mIHRoZSBMaWdodCBX ZWlnaHQgQWNjZXNzDSAgICAgICAgICAgICAgUG9pbnQgUHJvdG9jb2wiLCBNYXkgMjAwNS4NDSAg IFtUTFMxMV0gICAgRGllcmtzIGV0IGFsLCBULiwgIlRoZSBUTFMgUHJvdG9jb2wgVmVyc2lvbiAx LjEiLA0gICAgICAgICAgICAgIEp1bmUgMjAwNS4NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0N DQ0NDQ0NDQ0NDQ0NDQ0NDUtlbGx5ICYgUmVzY29ybGEgICAgICAgICAgRXhwaXJlcyBKdW5lIDE1 LCAyMDA2ICAgICAgICAgICAgICAgIFtQYWdlIDEyXQ0MDUludGVybmV0LURyYWZ0ICAgICAgICAg IFNlY3VyaW5nIExXQVBQIHdpdGggRFRMUyAgICAgICAgICAgRGVjZW1iZXIgMjAwNQ0NDUF1dGhv cnMnIEFkZHJlc3Nlcw0NICAgU2NvdHQgRy4gS2VsbHkNICAgVGFsYXJpIE5ldHdvcmtzDSAgIDE1 MCBXLiBJb3dhIEF2ZSBTdGUgMjA4DSAgIFN1bm55dmFsZSwgQ0EgIDk0MDg2DSAgIFVTDQ0gICBF bWFpbDogc2NvdHRAaHlwZXJ0aG91Z2h0LmNvbQ0NDSAgIEVyaWMgUmVzY29ybGEgICBOZXR3b3Jr IFJlc29uYW5jZSAgIDI0ODMgRWwgQ2FtaW5vIFJlYWwsICMyMTIgICBQYWxvIEFsdG8sIENBICA5 NDMwMyAgIFVTDSAgIEVtYWlsOiBla3JAbmV0d29ya3Jlc29uYW5jZS5jb20NDQ0NDQ0NDQ0NDQ0N DQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ1LZWxseSAmIFJlc2NvcmxhICAgICAgICAgIEV4cGlyZXMgSnVu ZSAxNSwgMjAwNiAgICAgICAgICAgICAgICBbUGFnZSAxM10MSW50ZXJuZXQtRHJhZnQgICAgICAg ICAgU2VjdXJpbmcgTFdBUFAgd2l0aCBEVExTICAgICAgICAgICBEZWNlbWJlciAyMDA1DQ0NSW50 ZWxsZWN0dWFsIFByb3BlcnR5IFN0YXRlbWVudA0NICAgVGhlIElFVEYgdGFrZXMgbm8gcG9zaXRp b24gcmVnYXJkaW5nIHRoZSB2YWxpZGl0eSBvciBzY29wZSBvZiBhbnkNICAgSW50ZWxsZWN0dWFs IFByb3BlcnR5IFJpZ2h0cyBvciBvdGhlciByaWdodHMgdGhhdCBtaWdodCBiZSBjbGFpbWVkIHRv DSAgIHBlcnRhaW4gdG8gdGhlIGltcGxlbWVudGF0aW9uIG9yIHVzZSBvZiB0aGUgdGVjaG5vbG9n eSBkZXNjcmliZWQgaW4NICAgdGhpcyBkb2N1bWVudCBvciB0aGUgZXh0ZW50IHRvIHdoaWNoIGFu eSBsaWNlbnNlIHVuZGVyIHN1Y2ggcmlnaHRzDSAgIG1pZ2h0IG9yIG1pZ2h0IG5vdCBiZSBhdmFp bGFibGU7IG5vciBkb2VzIGl0IHJlcHJlc2VudCB0aGF0IGl0IGhhcw0gICBtYWRlIGFueSBpbmRl cGVuZGVudCBlZmZvcnQgdG8gaWRlbnRpZnkgYW55IHN1Y2ggcmlnaHRzLiAgSW5mb3JtYXRpb24N ICAgb24gdGhlIHByb2NlZHVyZXMgd2l0aCByZXNwZWN0IHRvIHJpZ2h0cyBpbiBSRkMgZG9jdW1l bnRzIGNhbiBiZQ0gICBmb3VuZCBpbiBCQ1AgNzggYW5kIEJDUCA3OS4NDSAgIENvcGllcyBvZiBJ UFIgZGlzY2xvc3VyZXMgbWFkZSB0byB0aGUgSUVURiBTZWNyZXRhcmlhdCBhbmQgYW55DSAgIGFz c3VyYW5jZXMgb2YgbGljZW5zZXMgdG8gYmUgbWFkZSBhdmFpbGFibGUsIG9yIHRoZSByZXN1bHQg b2YgYW4NICAgYXR0ZW1wdCBtYWRlIHRvIG9idGFpbiBhIGdlbmVyYWwgbGljZW5zZSBvciBwZXJt aXNzaW9uIGZvciB0aGUgdXNlIG9mDSAgIHN1Y2ggcHJvcHJpZXRhcnkgcmlnaHRzIGJ5IGltcGxl bWVudGVycyBvciB1c2VycyBvZiB0aGlzDSAgIHNwZWNpZmljYXRpb24gY2FuIGJlIG9idGFpbmVk IGZyb20gdGhlIElFVEYgb24tbGluZSBJUFIgcmVwb3NpdG9yeSBhdA0gICBodHRwOi8vd3d3Lmll dGYub3JnL2lwci4NDSAgIFRoZSBJRVRGIGludml0ZXMgYW55IGludGVyZXN0ZWQgcGFydHkgdG8g YnJpbmcgdG8gaXRzIGF0dGVudGlvbiBhbnkNICAgY29weXJpZ2h0cywgcGF0ZW50cyBvciBwYXRl bnQgYXBwbGljYXRpb25zLCBvciBvdGhlciBwcm9wcmlldGFyeQ0gICByaWdodHMgdGhhdCBtYXkg Y292ZXIgdGVjaG5vbG9neSB0aGF0IG1heSBiZSByZXF1aXJlZCB0byBpbXBsZW1lbnQNICAgdGhp cyBzdGFuZGFyZC4gIFBsZWFzZSBhZGRyZXNzIHRoZSBpbmZvcm1hdGlvbiB0byB0aGUgSUVURiBh dA0gICBpZXRmLWlwckBpZXRmLm9yZy4NDQ1EaXNjbGFpbWVyIG9mIFZhbGlkaXR5DQ0gICBUaGlz IGRvY3VtZW50IGFuZCB0aGUgaW5mb3JtYXRpb24gY29udGFpbmVkIGhlcmVpbiBhcmUgcHJvdmlk ZWQgb24gYW4NICAgIkFTIElTIiBiYXNpcyBhbmQgVEhFIENPTlRSSUJVVE9SLCBUSEUgT1JHQU5J WkFUSU9OIEhFL1NIRSBSRVBSRVNFTlRTDSAgIE9SIElTIFNQT05TT1JFRCBCWSAoSUYgQU5ZKSwg VEhFIElOVEVSTkVUIFNPQ0lFVFkgQU5EIFRIRSBJTlRFUk5FVA0gICBFTkdJTkVFUklORyBUQVNL IEZPUkNFIERJU0NMQUlNIEFMTCBXQVJSQU5USUVTLCBFWFBSRVNTIE9SIElNUExJRUQsDSAgIElO Q0xVRElORyBCVVQgTk9UIExJTUlURUQgVE8gQU5ZIFdBUlJBTlRZIFRIQVQgVEhFIFVTRSBPRiBU SEUNICAgSU5GT1JNQVRJT04gSEVSRUlOIFdJTEwgTk9UIElORlJJTkdFIEFOWSBSSUdIVFMgT1Ig QU5ZIElNUExJRUQNICAgV0FSUkFOVElFUyBPRiBNRVJDSEFOVEFCSUxJVFkgT1IgRklUTkVTUyBG T1IgQSBQQVJUSUNVTEFSIFBVUlBPU0UuDQ0NQ29weXJpZ2h0IFN0YXRlbWVudA0NICAgQ29weXJp Z2h0IChDKSBUaGUgSW50ZXJuZXQgU29jaWV0eSAoMjAwNSkuICBUaGlzIGRvY3VtZW50IGlzIHN1 YmplY3QNICAgdG8gdGhlIHJpZ2h0cywgbGljZW5zZXMgYW5kIHJlc3RyaWN0aW9ucyBjb250YWlu ZWQgaW4gQkNQIDc4LCBhbmQNICAgZXhjZXB0IGFzIHNldCBmb3J0aCB0aGVyZWluLCB0aGUgYXV0 aG9ycyByZXRhaW4gYWxsIHRoZWlyIHJpZ2h0cy4NDQ1BY2tub3dsZWRnbWVudA0NICAgRnVuZGlu ZyBmb3IgdGhlIFJGQyBFZGl0b3IgZnVuY3Rpb24gaXMgY3VycmVudGx5IHByb3ZpZGVkIGJ5IHRo ZQ0gICBJbnRlcm5ldCBTb2NpZXR5Lg0NDQ0NS2VsbHkgJiBSZXNjb3JsYSAgICAgICAgICBFeHBp cmVzIEp1bmUgMTUsIDIwMDYgICAgICAgICAgICAgICAgW1BhZ2UgMTRdDQwNDQVFeHRyYW5lb3Vz IHdvcmQgKA0NDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYAABgQAABj EAAAMR8AAHofAADaJAAA2yQAAOIkAAAYJQAAGSUAABolAAAbJQAAHCUAACMlAABYJQAAWSUAAFol AABbJQAAXCUAAGMlAAB/JQAAgCUAAPnu+d351r75tJ6I+XD5Zp6I+U75OAAAACsACIEVaCNsswAW aDwCPQAXaElQfABjSAEAZGgAAAAAZGgAAAAAZGiG3KGmLwAIgRVoI2yzABZoPAI9ABdoQwS4AGNI AQBkaAAAAABkaAAAAABkaGncoaZnSAYAEwEIgQRIAQAFaGfcoaYWaDwCPQAvAAiBFWgjbLMAFmg8 Aj0AF2hDBLgAY0gBAGRoAAAAAGRoAAAAAGRoZ9yhpmdIBgArAAiBFWgjbLMAFmg8Aj0AF2hDBLgA Y0gBAGRoAAAAAGRoAAAAAGRoadyhpisACIEVaCNsswAWaEMEuAAXaEMEuABjSAEAZGgAAAAAZGgA AAAAZGhp3KGmEwEIgQRIAQAFaGTcoaYWaDwCPQAvAAiBFWgjbLMAFmg8Aj0AF2hDBLgAY0gBAGRo AAAAAGRoAAAAAGRoZNyhpmdIBgAMFWgjbLMAFmhDBLgAACEVaEMEuAAWaDwCPQCJygcBAQBj3KGm gyoBbUgMBHNIDAQUFWhDBLgAFmg8Aj0AbUgMBHNIDAQADBVoI2yzABZoPAI9ABUABgAAAQgAAAII AAADCAAATAgAAJUIAADeCAAAJwkAAHAJAABxCQAAcgkAAKMJAADYCQAA2QkAAO0JAADuCQAANAoA AHkKAAC/CgAAAwsAAAQLAABJCwAAjQsAANALAADbCwAA3AsAACUMAABtDAAArwwAAO0MAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAEIwBnZCNsswAAHQAGAAA2gAAASoAA AP39AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAQAAQEC7QwAAO4MAAAoDQAA Vw0AAFgNAACcDQAAwA0AAMENAAD2DQAA9w0AAAgOAAAJDgAANw4AADgOAABBDgAAQg4AAIoOAADT DgAAGQ8AAFoPAACfDwAA5A8AABUQAAAWEAAAFxAAABgQAABhEAAAYxAAAKwQAACtEAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAABCMAZ2QjbLMAAB2tEAAArhAAAMAQAADB EAAAChEAAFMRAACcEQAA5REAAC4SAAB3EgAAwBIAAAkTAABSEwAAmxMAAOQTAAAtFAAAdhQAAL8U AAAIFQAAURUAAFIVAABTFQAAVBUAAFUVAABWFQAAVxUAAFgVAABZFQAAWhUAAFsVAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAEIwBnZCNsswAAHVsVAABcFQAAXRUAAF4V AABfFQAAYBUAAGEVAABiFQAAYxUAAGQVAABlFQAAZhUAAGcVAABoFQAAaRUAAGoVAABrFQAAbBUA AG0VAABuFQAAbxUAAHAVAABxFQAAchUAALsVAAC9FQAABhYAAAcWAAAIFgAAGRYAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAAAAAAAAQjAGdkI2yzAAAdGRYAABoWAABYFgAAnRYA AOUWAAArFwAAbxcAALMXAADGFwAAxxcAAAsYAAAmGAAAJxgAAG0YAAC2GAAA0xgAANQYAAAcGQAA RxkAAEgZAACMGQAAzRkAAM4ZAAARGgAAVhoAAJgaAADeGgAAIhsAACMbAABkGwAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAABCMAZ2QjbLMAAB1kGwAAqxsAALcbAAC4GwAA +xsAAEAcAACFHAAAzRwAAAwdAABQHQAAlx0AAN4dAAAaHgAAGx4AAF8eAACjHgAA6R4AAC0fAAAu HwAALx8AADAfAAAxHwAAeR8AAHofAADDHwAAxB8AAMUfAAANIAAAUiAAAJQgAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAEIwBnZCNsswAAHZQgAADaIAAAHyEAAF8hAABv IQAAcCEAALchAAD+IQAARSIAAI0iAADWIgAABSMAAAYjAAAHIwAAGiMAABsjAABhIwAAoyMAAOsj AAAxJAAAYiQAAGMkAACiJAAA2iQAANskAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQjAGdkI2yzAAAY2yQAABklAAAbJQAAHCUAALQA AAAAAAAAAAAAAABiAAAAAAAAAAAAAAAAXQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQj AGdkI2yzAFIjAEMkAUXGgAAAAQBk3KGmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZ2RDBLgAb8YHAQEAZNyhpmQmAQ+EaAFehGgB SyMACiYAC0YTAEMkAUXGgAAAAQBk3KGmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZ2RDBLgAAAMcJQAAWSUAAFslAABcJQAAtAAA AAAAAAAAAAAAAGIAAAAAAAAAAAAAAABdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABCMA Z2QjbLMAUiMAQyQBRcaAAAABAGfcoaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnZEMEuABvxgcBAQBn3KGmZCYBD4RoAV6EaAFL IwAKJgALRhMAQyQBRcaAAAABAGfcoaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnZEMEuAAAA4AlAACBJQAAjSUAAI4lAAAOJgAA HyYAACAmAAAjJgAAQCYAAE0mAABOJgAATyYAAOkmAADqJgAADCcAAA0nAACHJwAAkycAAJgnAADh JwAAKSgAACooAAAEMQAABTEAAEQxAABFMQAARjEAAEcxAAC4MQAA9e7k2tDaxtrG2rmvpZuF7m/u Xu5v7m/ub1RN7gAAAAAAAAAAAAAMFWgjbLMAFmhJUHwAABMBCIEESAEABWiG3KGmFmg8Aj0AIRVo QwS4ABZoPAI9AInKBwEBAGPcoaaDKgFtSAwEc0gMBCsACIEVaCNsswAWaDwCPQAXaElQfABjSAEA ZGgAAAAAZGgAAAAAZGiG3KGmKwAIgRVoI2yzABZoQwS4ABdoXBByAGNIAQBkaAAAAABkaAAAAABk aG/doaYTAQiBBEgBAAVob92hphZoXBByABMBCIEESAEABWhp3KGmFmhcEHIAEwEIgQRIAQAFaG7d oaYWaFwQcgAZAQiBBEgBAAVoadyhphVoI2yzABZoQwS4ABMBCIEESAEABWhr3KGmFmhVKqMAEwEI gQRIAQAFaGrcoaYWaFUqowATAQiBBEgBAAVoadyhphZoQwS4ABMBCIEESAEABWhp3KGmFmg8Aj0A DBVoI2yzABZoPAI9AAATAQiBBEgBAAVohtyhphZoSVB8AAAcXCUAAI4lAACPJQAAtAAAAAAAAAAA AAAAAGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEcjAEMkAUXGgAAAAQBp3KGmAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZ2RDBLgASyMA CiYAC0YTAEMkAUXGgAAAAQBp3KGmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZ2RDBLgAAAKPJQAADCcAAA4nAAAPJwAAUCcAAIgn AACJJwAAiicAAIsnAACMJwAArQAAAAAAAAAAAAAAAFsAAAAAAAAAAAAAAABWAAAAAAAAAAAAAAAA VgAAAAAAAAAAAAAAAFYAAAAAAAAAAAAAAABWAAAAAAAAAAAAAAAAVgAAAAAAAAAAAAAAAFYAAAAA AAAAAAAAAABWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQjAGdkI2yzAFIjAEMkAUXGgAAA AQBv3aGmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAZ2RDBLgAb8YHAQEAadyhpmQmAQ+EaAFehGgBUiMAQyQBRcaAAAABAGncoaYA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAABnZEMEuABvxgcBAQBp3KGmZCYBD4RoAV6EaAEACYwnAACNJwAAjicAAI8nAACQJwAAkScA AJInAACTJwAAlCcAAJUnAACWJwAAlycAAJgnAADgJwAA4ScAACooAAArKAAALCgAAEQoAABdKAAA fSgAAMUoAAANKQAAVSkAAJ0pAADlKQAALSoAAHUqAAC9KgAABSsAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAAAAAAAAQjAGdkI2yzAAAdBSsAAE0rAACaKwAA6CsAADYsAACELAAA 0iwAACAtAABuLQAAvC0AAAouAABYLgAApi4AAPQuAABCLwAAkC8AAN4vAAAsMAAAeTAAAL8wAAAF MQAABjEAAEUxAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAABCMAZ2QjbLMAABZFMQAARjEAAEcxAACMMQAAuTEAALoxAAC7 MQAAAzIAAEwyAACCMgAAgzIAAMYyAAALMwAAtwAAAAAAAAAAAAAAALIAAAAAAAAAAAAAAACyAAAA AAAAAAAAAAAAsgAAAAAAAAAAAAAAAGoAAAAAAAAAAAAAAACyAAAAAAAAAAAAAAAAsgAAAAAAAAAA AAAAALIAAAAAAAAAAAAAAACyAAAAAAAAAAAAAAAAsgAAAAAAAAAAAAAAALIAAAAAAAAAAAAAAACy AAAAAAAAAAAAAAAAAAAAAABHIwBDJAFFxoAAAAEAh9yhpgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGdkI2yzAAAEIwBnZCNsswAA RyMAQyQBRcaAAAABAIbcoaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnZCNsswAADLgxAAC5MQAAujEAALsxAACBMgAAgjIAAFwz AABdMwAApDMAAGo0AABrNAAAbjQAAG80AABwNAAAcTQAALk0AAC6NAAAvDQAAL00AAC+NAAABzUA AAg1AADUNQAA1TUAAAg2AAD/NgAA9e7Y0bvRsaedh3HR9WrR9WBqu9G70VZMQgAAABMBCIEESAEA BWhv3KGmFmhVKqMAEwEIgQRIAQAFaG7coaYWaFUqowATAQiBBEgBAAVobtyhphZoPAI9ABMBCIEE SAEABWiH3KGmFmgXHVwADBVoI2yzABZoFx1cAAArAAiBFWgjbLMAFmg8Aj0AF2hVKqMAY0gBAGRo AAAAAGRoAAAAAGRobtyhpisACIEVaCNsswAWaFUqowAXaFUqowBjSAEAZGgAAAAAZGgAAAAAZGhu 3KGmEwEIgQRIAQAFaG3coaYWaFUqowATAQiBBEgBAAVobNyhphZoVSqjABMBCIEESAEABWhs3KGm Fmg8Aj0AKwAIgRVoI2yzABZoPAI9ABdoFx1cAGNIAQBkaAAAAABkaAAAAABkaIfcoaYMFWgjbLMA Fmg8Aj0AACsACIEVaCNsswAWaDwCPQAXaElQfABjSAEAZGgAAAAAZGgAAAAAZGiG3KGmDBVoI2yz ABZoSVB8AAATAQiBBEgBAAVoh9yhphZoPAI9AAAZCzMAAFAzAABdMwAAazQAAGw0AABtNAAAbjQA AG80AABwNAAAcTQAALo0AAC7NAAAvDQAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAAsgAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AABqAAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAABqAAAAAAAAAAAAAAAAagAA AAAAAAAAAAAAAAAAAAAARyMAQyQBRcaAAAABAIfcoaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnZCNsswAARyMAQyQBRcaAAAAB AGzcoaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAABnZCNsswAABCMAZ2QjbLMAAAy8NAAAvTQAAL80AAAINQAACTUAAAo1AABTNQAA mDUAANU1AAATNwAAFDcAAFs3AACVNwAAtwAAAAAAAAAAAAAAALIAAAAAAAAAAAAAAACyAAAAAAAA AAAAAAAAsgAAAAAAAAAAAAAAALIAAAAAAAAAAAAAAACyAAAAAAAAAAAAAAAAsgAAAAAAAAAAAAAA ALIAAAAAAAAAAAAAAABqAAAAAAAAAAAAAAAAsgAAAAAAAAAAAAAAALIAAAAAAAAAAAAAAACyAAAA AAAAAAAAAAAAAAAAAABHIwBDJAFFxoAAAAEAbtyhpgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGdkI2yzAAAEIwBnZCNsswAARyMA QyQBRcaAAAABAIfcoaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAABnZCNsswAADP82AAASNwAAEzcAAGI3AABjNwAAFDgAABU4AABB OAAAQjgAAEM4AACjOAAApDgAAPo4AAD7OAAAUDkAAIk5AADJOgAANTsAADc7AAA4OwAATTsAAFw7 AAC7OwAAvDsAAL07AAC+OwAA7jsAAO87AAAnPAAA9e7n4+ff59/Y59/nwue4rqSakJqGkH50Z+dV 5wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIwNqAAAAABZoYAliADBKEwBPSgMAUEoAAFFKAwBV CAFeSgMAGQEIgQRIAQAFaITcoaYVaCNsswAWaElQfAATAQiBBEgBAAVohdyhphZoSVB8AA8ACIEW aDwCPQAXaElQfAATAQiBBEgBAAVog9yhphZoSVB8ABMBCIEESAEABWiE3KGmFmhJUHwAEwEIgQRI AQAFaILcoaYWaElQfAATAQiBBEgBAAVogtyhphZoPAI9ABMBCIEESAEABWiB3KGmFmg8Aj0AEwEI gQRIAQAFaIDcoaYWaDwCPQArAAiBFWgjbLMAFmg8Aj0AF2gXHVwAY0gBAGRoAAAAAGRoAAAAAGRo iNyhpgwVaCNsswAWaBcdXAAABhZoPAI9AAAGFmgXHVwAAAwVaCNsswAWaDwCPQAADBVoI2yzABZo VSqjAAATAQiBBEgBAAVocNyhphZoVSqjAAAclTcAAJY3AADbNwAAFTgAABY4AABCOAAAQzgAAIo4 AACkOAAApTgAAOg4AAD7OAAA/DgAAD45AABROQAAiDoAAIk6AAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAALIAAAAAAAAA AAAAAACyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARyMAQyQBRcaAAAABAIHc oaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAABnZCNsswAABCMAZ2QjbLMAABCJOgAAvDsAAL07AAC+OwAAvzsAAAg8AAAoPAAAKTwA ACo8AAByPAAAtDwAAMw8AADNPAAAtwAAAAAAAAAAAAAAALcAAAAAAAAAAAAAAABvAAAAAAAAAAAA AAAAagAAAAAAAAAAAAAAAGoAAAAAAAAAAAAAAABqAAAAAAAAAAAAAAAAbwAAAAAAAAAAAAAAAGoA AAAAAAAAAAAAAABqAAAAAAAAAAAAAAAAagAAAAAAAAAAAAAAAGoAAAAAAAAAAAAAAAC3AAAAAAAA AAAAAAAAAAAAAAAEIwBnZCNsswAARyMAQyQBRcaAAAABAITcoaYAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnZCNsswAARyMAQyQB RcaAAAABAIXcoaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAABnZCNsswAADCc8AAAoPAAAKTwAACo8AADLPAAAzDwAAM08AADOPAAA KT0AACo9AAArPQAAMT0AADI9AAA1PQAAOj0AAEU9AABiPQAAcT0AALA9AADKPQAAQj4AAEM+AABE PgAART4AAMg+AADJPgAAyj4AAMs+AAANPwAADj8AAOnf2NG7sdjRqZySiH6IfnRqYFZMYLHY0bux 2NG7AAAAEwEIgQRIAQAFaC/doaYWaEVoywATAQiBBEgBAAVoLt2hphZoRWjLABMBCIEESAEABWgt 3aGmFmhFaMsAEwEIgQRIAQAFaJjcoaYWaHsOFQATAQiBBEgBAAVok9yhphZoew4VABMBCIEESAEA BWiT3KGmFmhgCWIAEwEIgQRIAQAFaG3doaYWaFwQcgATAQiBBEgBAAVojdyhphZoYAliABkBCIEE SAEABWiN3KGmFWgjbLMAFmhgCWIADwAIgRZoPAI9ABdoYAliABMBCIEESAEABWiF3KGmFmg8Aj0A KwAIgRVoI2yzABZoPAI9ABdoSVB8AGNIAQBkaAAAAABkaAAAAABkaIXcoaYMFWgjbLMAFmg8Aj0A AAwVaCNsswAWaElQfAAAEwEIgQRIAQAFaITcoaYWaDwCPQArAAiBFWgjbLMAFmg8Aj0AF2hJUHwA Y0gBAGRoAAAAAGRoAAAAAGRohNyhpgAdzTwAAM48AAAWPQAAKj0AACs9AABEPgAART4AAIY+AADJ PgAAyj4AAMs+AAAOPwAADz8AAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAAsgAAAAAAAAAAAAAA AGoAAAAAAAAAAAAAAACyAAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAAsgAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAAAAAAAARyMAQyQBRcaAAAABAI3coaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnZCNsswAARyMAQyQBRcaAAAABAIXcoaYA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAABnZCNsswAABCMAZ2QjbLMAAAwPPwAAVz8AAGs/AAC6QAAAu0AAAANBAAAQQQAAEUEAAFlB AACaQQAAm0EAALFCAACyQgAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAACyAAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAAagAAAAAAAAAAAAAAAGoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAAAAAAAABHIwBDJAFFxoAAAAEAntyhpgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGdkI2yzAABHIwBDJAFFxoAAAAEAmdyhpgAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAGdkI2yzAAAEIwBnZCNsswAADA4/AABqPwAAaz8AAJc/AAC5QAAAukAAAJlBAACaQQAAHUIA AB5CAAAuQgAAMEIAALBCAACxQgAAskIAALhCAAABQwAAL0YAADBGAABpRgAA/UYAAABIAAB1SAAA +e/l29T5zMK4wq6kl4H5cPlmXFJIPgAAAAAAAAAAAAATAQiBBEgBAAVoNN2hphZoRWjLABMBCIEE SAEABWgz3aGmFmhFaMsAEwEIgQRIAQAFaDLdoaYWaEVoywATAQiBBEgBAAVoMd2hphZoRWjLABMB CIEESAEABWgx3aGmFmg8Aj0AIRVoQwS4ABZoPAI9AInKBwEBAGPcoaaDKgFtSAwEc0gMBCsACIEV aCNsswAWaDwCPQAXaHsOFQBjSAEAZGgAAAAAZGgAAAAAZGid3KGmGQEIgQRIAQAFaJ7coaYVaCNs swAWaB0a2QATAQiBBEgBAAVoMN2hphZoRWjLABMBCIEESAEABWgs3aGmFmhFaMsAEwEIgQRIAQAF aCvdoaYWaEVoywATAQiBBEgBAAVontyhphZoHRrZAA8ACIEWaDwCPQAXaB0a2QAMFWgjbLMAFmh7 DhUAABMBCIEESAEABWia3KGmFmh7DhUAEwEIgQRIAQAFaJncoaYWaHsOFQATAQiBBEgBAAVomdyh phZoPAI9AAwVaCNsswAWaDwCPQAWskIAALNCAAC0QgAAtUIAALZCAAC3QgAAuEIAAABDAAABQwAA SkMAAEtDAABMQwAAkkMAANNDAADUQwAAGEQAAF9EAACmRAAA7EQAAC5FAAA7RQAAPEUAAHxFAAC2 RQAAt0UAAP9FAAAwRgAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAABCMAZ2QjbLMAABowRgAAdkgAAHdIAAC+SAAA0kgAANNIAAAVSQAAFkkAAFZJAAD6 SQAA+0kAACVKAAAmSgAAtwAAAAAAAAAAAAAAALIAAAAAAAAAAAAAAACyAAAAAAAAAAAAAAAAsgAA AAAAAAAAAAAAALIAAAAAAAAAAAAAAACyAAAAAAAAAAAAAAAAsgAAAAAAAAAAAAAAALIAAAAAAAAA AAAAAABqAAAAAAAAAAAAAAAAsgAAAAAAAAAAAAAAALIAAAAAAAAAAAAAAACyAAAAAAAAAAAAAAAA AAAAAABHIwBDJAFFxoAAAAEANN2hpgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGdkI2yzAAAEIwBnZCNsswAARyMAQyQBRcaAAAAB ADHdoaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAABnZCNsswAADHVIAAB2SAAAVUkAAFZJAACWSQAAmEkAAPlJAAD6SQAANU8AAH5P AADNUgAAzlIAANxTAACyVAAAtlQAAMVUAADGVAAAKlcAACtXAACWVwAAl1cAAHhZAAB5WQAAf1kA ANRZAADVWQAA1lkAANdZAAD58uje1N7N8rzystSonJKL8oF3cPJmXFJw8kgAAAAAABMBCIEESAEA BWh53aGmFmg8Aj0AEwEIgQRIAQAFaHfdoaYWaHY5ZQATAQiBBEgBAAVodN2hphZodjllABMBCIEE SAEABWh03aGmFmg8Aj0ADBVoI2yzABZodjllAAATAQiBBEgBAAVodt2hphZodjllABMBCIEESAEA BWh23aGmFmg8Aj0ADBVodjllABZodjllAAATAQiBBEgBAAVoct2hphZodjllABYBCIEESAEABWhy 3aGmFmh2OWUANQiBABMBCIEESAEABWhx3aGmFmh2OWUAEwEIgQRIAQAFaHDdoaYWaDwCPQAhFWhD BLgAFmg8Aj0AicoHAQEAY9yhpoMqAW1IDARzSAwEDBVoI2yzABZo51HLAAATAQiBBEgBAAVocN2h phZodjllABMBCIEESAEABWg03aGmFmjnUcsAEwEIgQRIAQAFaDTdoaYWaDwCPQAMFWgjbLMAFmg8 Aj0AAAwVaCNsswAWaEVoywAbJkoAAG9KAACySgAA+UoAAD5LAAB/SwAAtksAALdLAAD0SwAAO0wA AIBMAADGTAAA+EwAAPlMAABITQAAl00AAOZNAAAoTgAAaU4AAGpOAACkTgAApU4AAOtOAAAyTwAA M08AADRPAAA1TwAAfU8AAH5PAADHTwAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAAAAAAABCMAZ2QjbLMAAB3HTwAAyE8AAMlPAADfTwAA4E8AACxQAAB4UAAAxFAAAARRAABPUQAA UFEAAIdRAACIUQAAiVEAAM1RAAASUgAAU1IAAJdSAADOUgAAxlQAAMdUAAD6AAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAACyAAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABHIwBDJAFFxoAAAAEAcN2hpgAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGdk I2yzAAAEIwBnZCNsswAAFMdUAADzVAAA9FQAADxVAACDVQAAx1UAAA1WAABQVgAAmFYAAN1WAAAi VwAAK1cAAJdXAACYVwAAtlcAALdXAAD/VwAARlgAAI1YAADRWAAAGFkAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAAsgAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEcjAEMkAUXGgAAAAQB23aGmAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZ2Qj bLMAAAQjAGdkI2yzAAAUGFkAAGBZAAB5WQAA1VkAANZZAADXWQAA2FkAANlZAADaWQAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAACyAAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAGoAAAAAAAAAAAAA AABqAAAAAAAAAAAAAAAAagAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA RyMAQyQBRcaAAAABAHndoaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnZCNsswAARyMAQyQBRcaAAAABAHTdoaYAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnZCNs swAABCMAZ2QjbLMAAAjXWQAA2VkAANpZAADeWQAAAFoAAAFaAAAPWwAANVsAAGtbAABsWwAAbVsA AABdAAABXQAABF0AAE1dAACWXQAAmF0AAJtdAADzYwAAPGQAAGNrAACsawAAqXMAAPJzAACXdgAA 13YAADR3AAB9dwAANYAAAPXu1s/Fu7Gnse7Pkc+Az5Fqz4DPgM+Az1lIgM8hFWhDBLgAFmg8Aj0A icoHAQEAY9yhpoMqAW1IFgRzSBYEIRVoQwS4ABZoPAI9AInKBwEBAGPcoaaDKgFtSAooc0gKKCsA CIEVaCNsswAWaDwCPQAXaPUbOQBjSAEAZGgAAAAAZGgAAAAAZGh43aGmIRVoQwS4ABZoPAI9AInK BwEBAGPcoaaDKgFtSAwEc0gMBCsACIEVaCNsswAWaDwCPQAXaPUbOQBjSAEAZGgAAAAAZGgAAAAA ZGh53aGmEwEIgQRIAQAFaIDdoaYWaHUQMgATAQiBBEgBAAVoe92hphZodRAyABMBCIEESAEABWh6 3aGmFmh1EDIAEwEIgQRIAQAFaHndoaYWaDwCPQAMFWgjbLMAFmg8Aj0AAC8ACIEVaCNsswAWaDwC PQAXaHUQMgBjSAEAZGgAAAAAZGgAAAAAZGh53aGmZ0gGAAwVaCNsswAWaHUQMgAAEwEIgQRIAQAF aHndoaYWaHUQMgAAHNpZAAABWgAAAloAAG1bAABuWwAAslsAAPVbAAA9XAAAg1wAAMRcAAABXQAA tAAAAAAAAAAAAAAAAGIAAAAAAAAAAAAAAABiAAAAAAAAAAAAAAAAXQAAAAAAAAAAAAAAAF0AAAAA AAAAAAAAAABdAAAAAAAAAAAAAAAAXQAAAAAAAAAAAAAAAF0AAAAAAAAAAAAAAABdAAAAAAAAAAAA AAAAXQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEIwBnZCNsswBSIwBDJAFFxoAAAAEAet2hpgAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAGdkdRAyAG/GBwEBAHrdoaZkJgEPhGgBXoRoAUsjAAomAAtGEwBDJAFFxoAAAAEAed2hpgAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAGdkdRAyAAAKAV0AAAJdAAADXQAABF0AAExdAABNXQAAll0AAJddAACYXQAAsl0AALNdAADa XQAA210AACJeAABoXgAArl4AAMteAADMXgAA714AAPBeAAAUXwAAFV8AAF5fAABfXwAAhV8AAIZf AACtXwAArl8AAPRfAAD1XwAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAA BCMAZ2QjbLMAAB31XwAAGGAAABlgAAA/YAAAQGAAAINgAACaYAAAm2AAAMRgAADFYAAAB2EAAE9h AACUYQAArGEAAK1hAADyYQAAFmIAABdiAABaYgAAomIAAOdiAAAEYwAABWMAAEhjAACIYwAArmMA AK9jAADwYwAA8WMAAPJjAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAE IwBnZCNsswAAHfJjAADzYwAAO2QAADxkAACFZAAAhmQAAIdkAADNZAAAFGUAACllAAAqZQAAcWUA AIRlAACFZQAAqGUAAKllAADNZQAAzmUAABNmAAAcZgAAHWYAAEBmAABBZgAAiWYAAIpmAACxZgAA smYAANlmAADaZgAAAmcAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAAAAAAAAQj AGdkI2yzAAAdAmcAAANnAAAEZwAAFGcAABVnAABeZwAAo2cAAOZnAAAvaAAAb2gAALVoAAD8aAAA J2kAAChpAABraQAAsGkAAO9pAAA0agAAdGoAAHVqAAB2agAAkmoAAJNqAADVagAAGGsAAGBrAABh awAAYmsAAGNrAACrawAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAABCMA Z2QjbLMAAB2rawAArGsAAPVrAAD2awAA92sAADxsAACFbAAAyGwAAP5sAAD/bAAAQm0AAIltAADO bQAAEW4AAFRuAACcbgAA224AAB5vAABlbwAAqm8AAOBvAADhbwAA4m8AAPpvAAD7bwAAQHAAAIdw AADOcAAAFXEAACBxAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAEIwBn ZCNsswAAHSBxAAAhcQAAInEAADFxAAAycQAATXEAAE5xAACVcQAArnEAAK9xAAD2cQAAJnIAACdy AABocgAAonIAAKNyAADAcgAAwXIAANJyAAAScwAAUHMAAFFzAABicwAApnMAAKdzAACocwAAqXMA APFzAADycwAAO3QAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAAAAAAAAQjAGdk I2yzAAAdO3QAADx0AAA9dAAAZHQAAGV0AAB0dAAAunQAAON0AADkdAAAJHUAAD11AAA+dQAAP3UA AEB1AABBdQAAQnUAAEN1AABEdQAARXUAAEZ1AABHdQAASHUAAEl1AABKdQAAS3UAAEx1AABNdQAA TnUAAE91AABQdQAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAABCMAZ2Qj bLMAAB1QdQAAUXUAAFJ1AABTdQAAVHUAAFV1AABWdQAAV3UAAFh1AABZdQAAWnUAAFt1AABcdQAA XXUAAF51AABfdQAAYHUAAGF1AABidQAAY3UAAGR1AABldQAAZnUAAGd1AABodQAAsXUAALN1AAD8 dQAA/XUAAP51AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAEIwBnZCNs swAAHf51AAARdgAAEnYAACR2AAA3dgAAUnYAAGp2AABwdgAAcXYAAJJ2AACTdgAAlHYAAKR2AAC4 dgAA1HYAAOt2AADwdgAA8XYAABN3AAAUdwAAFXcAABZ3AAAXdwAAGHcAABl3AAAadwAAG3cAABx3 AAAddwAAHncAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAAAAAAAAQjAGdkI2yz AAAdHncAAB93AAAgdwAAIXcAACJ3AAAjdwAAJHcAACV3AAAmdwAAJ3cAACh3AAApdwAAKncAACt3 AAAsdwAALXcAAC53AAAvdwAAMHcAADF3AAAydwAAM3cAADR3AAB8dwAAfXcAAMZ3AADHdwAAyHcA AOh3AADpdwAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAABCMAZ2QjbLMA AB3pdwAALngAAHd4AAC+eAAABHkAAEp5AACTeQAA13kAAPZ5AAD3eQAAOXoAAH16AADGegAAAnsA AEt7AABnewAAaHsAAK97AADzewAAOXwAAHp8AACQfAAAkXwAAJJ8AACpfAAAqnwAAPN8AAA8fQAA gn0AAMl9AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAEIwBnZCNsswAA Hcl9AAAKfgAATH4AAJJ+AACTfgAAlH4AAKh+AACpfgAA8X4AADZ/AAB7fwAAfH8AAH1/AACMfwAA jX8AANF/AADmfwAA538AAOh/AADpfwAA6n8AADOAAAA1gAAANoAAAEmAAABKgAAAS4AAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+AAAAAAAAAAAAAAAAPYAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAARQAAAQjAGdkI2yzAAAa NYAAADaAAAA3gAAAR4AAAEiAAABJgAAASoAAAEuAAAD88u7n7uP8AAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYW aHUQMgAADAlqBABK8BZo9Rs5AAAGFmj1GzkAABMDagAAAAAWaPUbOQAwShMAVQgBBhZoI2yzAAcy ADGQaAE6cCNsswAfsNAvILDgPSGwJwUisCcFI5CgBSSQoAUlsAAAF7DQAhiw0AIMkNACAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIYC OwASAAEAnAAPAAQAAAAFAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAEQAAEDx/wIARAAMAAAAqyfiAAAABgBOAG8AcgBtAGEAbAAAAAIA AAAcAENKGABQSgUAX0gBBGFKGABtSAkEc0gJBHRICQRaAAFAAQACAFoADAAPAKsn4gAAAAkASABl AGEAZABpAG4AZwAgADEAAAAQAAEABiQBE6TwABSkPABAJgAeADUIgUNKIABLSCAAT0oCAFFKAgBc CIFeSgIAYUogAFwAAkABAAIAXAAMAAAAqyfiAAAACQBIAGUAYQBkAGkAbgBnACAAMgAAABAAAgAG JAETpPAAFKQ8AEAmASAANQiBNgiBQ0ocAE9KAgBRSgIAXAiBXQiBXkoCAGFKHAB4AANAAQACAHgA DAAAAKsn4gAAAAkASABlAGEAZABpAG4AZwAgADMAAAAxAAMABiQBCiYCC0YSAA3GBwHQAgFoAQYP hGgBEYSY/hOk8AAUpDwAQCYCXoRoAWCEmP4AGgA1CIFDShoAT0oCAFFKAgBcCIFeSgIAYUoaAGwA BEABAAIAbAAMAAAAqyfiAAAACQBIAGUAYQBkAGkAbgBnACAANAAAADEABAAGJAEKJgMLRhIADcYH AWADAWgBBg+EaAERhJj+E6TwABSkPABAJgNehGgBYISY/gAOADUIgUNKHABcCIFhShwAbgAFQAEA AgBuAAwAAACrJ+IAAAAJAEgAZQBhAGQAaQBuAGcAIAA1AAAALgAFAAomBAtGEgANxgcB8AMBaAEG D4RoARGEmP4TpPAAFKQ8AEAmBF6EaAFghJj+FAA1CIE2CIFDShoAXAiBXQiBYUoaAGgABkABAAIA aAAMAAAAqyfiAAAACQBIAGUAYQBkAGkAbgBnACAANgAAAC4ABgAKJgULRhIADcYHAYAEAWgBBg+E aAERhJj+E6TwABSkPABAJgVehGgBYISY/g4ANQiBQ0oWAFwIgWFKFgBaAAdAAQACAFoADAAAAKsn 4gAAAAkASABlAGEAZABpAG4AZwAgADcAAAAuAAcACiYGC0YSAA3GBwEQBQFoAQYPhGgBEYSY/hOk 8AAUpDwAQCYGXoRoAWCEmP4AAGAACEABAAIAYAAMAAAAqyfiAAAACQBIAGUAYQBkAGkAbgBnACAA OAAAAC4ACAAKJgcLRhIADcYHAaAFAWgBBg+EaAERhJj+E6TwABSkPABAJgdehGgBYISY/gYANgiB XQiBbgAJQAEAAgBuAAwAAACrJ+IAAAAJAEgAZQBhAGQAaQBuAGcAIAA5AAAALgAJAAomCAtGEgAN xgcBMAYBaAEGD4RoARGEmP4TpPAAFKQ8AEAmCF6EaAFghJj+FABDShYAT0oCAFFKAgBeSgIAYUoW AEQAQUDy/6EARAAMAQAAqyfiAAAAFgBEAGUAZgBhAHUAbAB0ACAAUABhAHIAYQBnAHIAYQBwAGgA IABGAG8AbgB0AAAAAABSAGkA8/+zAFIADAEAAAAAAAAAAAwAVABhAGIAbABlACAATgBvAHIAbQBh AGwAAAAcABf2AwAANNYGAAEKA2wANNYGAAEFAwAAYfYDAAACAAsAAAAoAGsA9P/BACgAAAEAAKsn 4gAAAAcATgBvACAATABpAHMAdAAAAAIADAAAAAAAXgD+T6IA8QBeAAwAAQBjd/YAAAAKACAAQwBo AGEAcgAgAEMAaABhAHIAAAAyADUIAUNKIABLSCAAT0oCAFBKBQBRSgIAXAgBXkoCAF9IAQRhSiAA bUgJBHNICQR0SAkESACZQAEAAgFIAAwBAABjd/YAAAAMAEIAYQBsAGwAbwBvAG4AIABUAGUAeAB0 AAAAAgAQABQAQ0oQAE9KBgBRSgYAXkoGAGFKEAAwAv5PogARATACDAASAGN39gAAAPUAQwBhAHAA dABpAG8AbgAgAEMAaABhAHIAMQAgAEMAaABhAHIAMQAsAEMAYQBwAHQAaQBvAG4AIABDAGgAYQBy ACAAQwBoAGEAcgAgAEMAaABhAHIAMQAsAEMAYQBwAHQAaQBvAG4AIABDAGgAYQByADEAIABDAGgA YQByACAAQwBoAGEAcgAsAEMAYQBwAHQAaQBvAG4AIABDAGgAYQByADIAIABDAGgAYQByACwAQwBh AHAAdABpAG8AbgAgAEMAaABhAHIAIABDAGgAYQByACAAQwBoAGEAcgAgAEMAaABhAHIALABDAGEA cAB0AGkAbwBuACAAQwBoAGEAcgAgAEMAaABhAHIAMQAgAEMAaABhAHIALABDAGEAcAB0AGkAbwBu ACAAQwBoAGEAcgAgAEMAaABhAHIAMgAsAEMAYQBwAHQAaQBvAG4AIABDAGgAYQByADMAIABDAGgA YQByACAAQwBoAGEAcgAsAEMAYQBwAHQAaQBvAG4AIABDAGgAYQByADEAIABDAGgAYQByADEAIABD AGgAYQByACAAQwBoAGEAcgAsAEMAYQBwAHQAaQBvAG4AIABDAGgAYQByACAAQwBoAGEAcgAgAEMA aABhAHIAMQAgAEMAaABhAHIAIABDAGgAYQByAAAALgA1CAFDShgAT0oHAFBKBQBRSgcAXAgBXkoH AF9IAQRhShgAbUgJBHNICQR0SAkEOAIiQAEAAgA4AgwBEQBjd/YAAAD8AEMAYQBwAHQAaQBvAG4A LABDAGEAcAB0AGkAbwBuACAAQwBoAGEAcgAxACwAQwBhAHAAdABpAG8AbgAgAEMAaABhAHIAIABD AGgAYQByACwAQwBhAHAAdABpAG8AbgAgAEMAaABhAHIAMQAgAEMAaABhAHIALABDAGEAcAB0AGkA bwBuACAAQwBoAGEAcgAyACwAQwBhAHAAdABpAG8AbgAgAEMAaABhAHIAIABDAGgAYQByACAAQwBo AGEAcgAsAEMAYQBwAHQAaQBvAG4AIABDAGgAYQByACAAQwBoAGEAcgAxACwAQwBhAHAAdABpAG8A bgAgAEMAaABhAHIALABDAGEAcAB0AGkAbwBuACAAQwBoAGEAcgAzACAAQwBoAGEAcgAsAEMAYQBw AHQAaQBvAG4AIABDAGgAYQByADEAIABDAGgAYQByADEAIABDAGgAYQByACwAQwBhAHAAdABpAG8A bgAgAEMAaABhAHIAIABDAGgAYQByACAAQwBoAGEAcgAxACAAQwBoAGEAcgAsAEMAYQBwAHQAaQBv AG4AIABDAGgAYQByADIAIABDAGgAYQByACAAQwBoAGEAcgAsAEMAYQBwAHQAaQBvAG4AIABDAGgA YQByACAAQwBoAGEAcgAxACAAQwBoAGEAcgAgAEMAaABhAAAAEwASAAMkAQYkAROkkAEUpMgAYSQB ABIANQiBT0oHAFFKBwBcCIFeSgcAQgAnQKIAMQFCAAwBAABjd/YAAAARAEMAbwBtAG0AZQBuAHQA IABSAGUAZgBlAHIAZQBuAGMAZQAAAAgAQ0oQAGFKEABQAB5AAQBCAVAADAEAAGN39gAAAAwAQwBv AG0AbQBlAG4AdAAgAFQAZQB4AHQAAAAFABQAMSQAABgAQ0oUAE9KAwBQSgAAUUoDAF5KAwBhShQA VABqQEEBQgFUAAwBAABjd/YAAAAPAEMAbwBtAG0AZQBuAHQAIABTAHUAYgBqAGUAYwB0AAAABQAV ADEkAQAWADUIgU9KAABQSgUAUUoAAFwIgV5KAAA+ACoAogBhAT4ADAEAAKsn4gAAABEARQBuAGQA bgBvAHQAZQAgAFIAZQBmAGUAcgBlAG4AYwBlAAAAAwBIKgAAmgD+TwEAcgGaAAwALgBjd/YAAAAN AFIARgBDACAAVABlAHgAdAAgAEMAaABhAHIAAABaABcADcZHABewAWADEAXABnAIIArQC4ANMA/g EJASQBTwFaAXUBkAG7AcYB4QIMAhcCMgJdAmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhLABEmQQ /wAAXoSwAQwAT0oIAFFKCABeSggAZgArQNECggFmAAwBAACrJ+IAAAAdAEUAbgBkAG4AbwB0AGUA IABUAGUAeAB0ACwAUgBGAEMAIABFAG4AZABuAG8AdABlACAAVABlAHgAdAAAABIAGAAPhGADEYRQ /l6EYANghFD+AABGAFZAogCRAUYADAAAAKsn4gAAABEARgBvAGwAbABvAHcAZQBkAEgAeQBwAGUA cgBsAGkAbgBrAAAADAA+KgFCKgxwaIAAgABGACBAAQCiAUYADAAAAKsn4gAAAAYARgBvAG8AdABl AHIAAAATABoADcYIAAKwE2AnAQISZBD/AAAADABPSggAUUoIAF5KCABAACYAogCxAUAADAEAAKsn 4gAAABIARgBvAG8AdABuAG8AdABlACAAUgBlAGYAZQByAGUAbgBjAGUAAAADAEgqAQA+AB1AAQDC AT4ADAEAAKsn4gAAAA0ARgBvAG8AdABuAG8AdABlACAAVABlAHgAdAAAAAIAHAAIAENKFABhShQA KAD+T/L/0QEoAAwAAABjd/YAAAAIAEgALwBGAC0AQgBvAGwAZAAAAAAARgAfQAEA4gFGAAwAAACr J+IAAAAGAEgAZQBhAGQAZQByAAAAEwAeAA3GCAACsBNgJwECEmQQ/wAAAAwAT0oIAFFKCABeSggA jABlQAEA8gGMAAwAAABjd/YAAAARAEgAVABNAEwAIABQAHIAZQBmAG8AcgBtAGEAdAB0AGUAZAAA ADcAHwANxjIAEJQDKAe8ClAO5BF4FQwZoBw0IMgjXCfwKoQuGDKsNUA5AAAAAAAAAAAAAAAAAAAA AAAYAENKFABPSggAUEoAAFFKCABeSggAYUoUADYAVUCiAAECNgAMAAAAqyfiAAAACQBIAHkAcABl AHIAbABpAG4AawAAAAwAPioBQioCcGgAAP8ATAD+TwEAEgJMAAwAAABjd/YAAAAIAEkAbgAgAHQA YQBiAGwAZQAAABYAIQADJAEFJAEGJAETpHgAFKR4AGEkAQwAQ0oUAFBKAABhShQALgApQKIAIQIu AAwAAACrJ+IAAAALAFAAYQBnAGUAIABOAHUAbQBiAGUAcgAAAAAARABaQAEAMgJEAAwAAACrJ+IA AAAKAFAAbABhAGkAbgAgAFQAZQB4AHQAAAACACMAFABDShQAT0oIAFFKCABeSggAYUoUAFgA/k8B AEICWAAMACUAY3f2AAAAEQBQAGwAYQBpAG4AIABUAGUAeAB0ACAAMgAgAEMAaABhAHIAAAAQACQA D4RgAxJk1P4AAF6EYAMMAE9KCABRSggAXkoIAGwA/k+iAFECbAAMACQAY3f2AAAAFgBQAGwAYQBp AG4AIABUAGUAeAB0ACAAMgAgAEMAaABhAHIAIABDAGgAYQByAAAAKABDShgAT0oIAFBKBQBRSggA XkoIAF9IAQRhShgAbUgJBHNICQR0SAkEhAD+T9ECYgKEAA0AAACrJ+IAAAAIAFIARgBDACAARABh AHQAZQAAAFUAJgADJAIKJgELRhIADcYzF7ABYAMQBcAGcAggCtALgA0wD+AQkBJAFPAVoBdQGQAb sBxgHhAgwCFwIyAl0CYBaAEGD4RoARGEmP5ehGgBYISY/mEkAgAEAFBKCQBgAP5P0QJyAmAABQAA AKsn4gAAABQAUgBGAEMAIABIAGUAYQBkAGkAbgBnACAALQAgAE4AbwAgAFQATwBDAAAAEgAnAA3G BQABcycKD4QAAF6EAAALAG1IAARuSAAEdQgBAHwA/k8RAIICfAAMACkAqyfiAAAADABSAEYAQwAg AEgAZQBhAGQAaQBuAGcAMQAAAC8AKAAKJgALRhIADcYFAAFoAQYPhGgBEYSY/hJkEP8AABOkAAAU pAAAXoRoAWCEmP4AGgA1CIFDShgAT0oIAFFKCABcCIFeSggAYUoYAE4A/k/yAJECTgAMACgAY3f2 AAAAEQBSAEYAQwAgAEgAZQBhAGQAaQBuAGcAMQAgAEMAaABhAHIAAAAUAENKGABPSggAUUoIAF5K CABhShgAQgD+T4ECcgFCAAwAKwBjd/YAAAARAFIARgBDACAASABlAGEAZABpAG4AZwAyACAAQwBo AGEAcgAAAAUAKgBAJgEAAABEAP5PkgKxAkQADAAqAGN39gAAABYAUgBGAEMAIABIAGUAYQBkAGkA bgBnADIAIABDAGgAYQByACAAQwBoAGEAcgAAAAAAOAD+T6ECMgI4AAwAAABjd/YAAAAMAFIARgBD ACAASABlAGEAZABpAG4AZwAzAAAABQAsAEAmAgAAAJAA/k8BANICkAAMAC8AqyfiAAAACABSAEYA QwAgAFQAZQB4AHQAAABaAC0ADcZHABewAWADEAXABnAIIArQC4ANMA/gEJASQBTwFaAXUBkAG7Ac YB4QIMAhcCMgJdAmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhLABEmQQ/wAAXoSwAQwAT0oIAFFK CABeSggAZAD+T6IA4QJkAAwAFwBjd/YAAAASAFIARgBDACAAVABlAHgAdAAgAEMAaABhAHIAIABD AGgAYQByAAAAKABDShgAT0oIAFBKBQBRSggAXkoIAF9IAQRhShgAbUgJBHNICQR0SAkEXAD+T6IA 8QJcAAwALQBjd/YAAAAOAFIARgBDACAAVABlAHgAdAAgAEMAaABhAHIAMQAAACgAQ0oYAE9KCABQ SgUAUUoIAF5KCABfSAEEYUoYAG1ICQRzSAkEdEgJBHoAmgCzAAMDegAMAAAAY3f2AAAACgBUAGEA YgBsAGUAIABHAHIAaQBkAAAAPAA6VjAAE9YwAAAA/wQBAAAAAAD/BAEAAAAAAP8EAQAAAAAA/wQB AAAAAAD/BAEAAAAAAP8EAQAAYfYAAAAFADAAMSQAAAgAUEoAAF9IAQRoABNA0QICAGgABQEAAKsn 4gAAAAUAVABPAEMAIAAxAAAAOAAxAA3GMxewAWADEAXABnAIIArQC4ANMA/gEJASQBTwFaAXUBkA G7AcYB4QIMAhcCMgJdAmAWAnCgsAbUgABG5IAAR1CAEAZAAUQNECAgBkAA0BAACrJ+IAAAAFAFQA TwBDACAAMgAAAEAAMgANxjMXsAFgAxAFwAZwCCAK0AuADTAP4BCQEkAU8BWgF1AZABuwHGAeECDA IXAjICXQJgFgJwoPhGADXoRgAwAANgAVQNECAgA2AA0BAACrJ+IAAAAFAFQATwBDACAAMwAAAAoA MwAPhAAAXoQAAAgAbkgSBHRIEgQuABZAAQACAC4ADQEAAKsn4gAAAAUAVABPAEMAIAA0AAAACgA0 AA+E0AJehNACAAAuABdAAQACAC4ADQEAAKsn4gAAAAUAVABPAEMAIAA1AAAACgA1AA+EwANehMAD AAAuABhAAQACAC4ADQEAAKsn4gAAAAUAVABPAEMAIAA2AAAACgA2AA+EsARehLAEAAAuABlAAQAC AC4ADQEAAKsn4gAAAAUAVABPAEMAIAA3AAAACgA3AA+EoAVehKAFAAAuABpAAQACAC4ADQEAAKsn 4gAAAAUAVABPAEMAIAA4AAAACgA4AA+EkAZehJAGAAAuABtAAQACAC4ADQEAAKsn4gAAAAUAVABP AEMAIAA5AAAACgA5AA+EgAdehIAHAAA+AP5PgQLSAj4ADAAAAKsn4gAAAAwAUgBGAEMAIABIAGUA YQBkAGkAbgBnADIAAAAMADoACiYAC0YAAEAmAQAAEABOAGEAbgBjAHkAIABDAGEAbQAtAFcAaQBu AGcAZQB0AO4zAABLeAAAAwBOAEMAVwAAAAAAAAAAAAAAAAAAAAAAAAAv4YQHjdyhpgAAAAAAAAAA AAAAAAAAAAAAABMAAAAWAAAAAAAAAEt4AAAHAADkAAAEAP////8AAAAAAQAAAAIAAAADAAAATAAA AJUAAADeAAAAJwEAAHABAABxAQAAcgEAAKMBAADYAQAA2QEAAO0BAADuAQAANAIAAHkCAAC/AgAA AwMAAAQDAABJAwAAjQMAANADAADbAwAA3AMAACUEAABtBAAArwQAAO0EAADuBAAAKAUAAFcFAABY BQAAnAUAAMAFAADBBQAA9gUAAPcFAAAIBgAACQYAADcGAAA4BgAAQQYAAEIGAACKBgAA0wYAABkH AABaBwAAnwcAAOQHAAAVCAAAFggAABcIAAAYCAAAYQgAAGMIAACsCAAArQgAAK4IAADACAAAwQgA AAoJAABTCQAAnAkAAOUJAAAuCgAAdwoAAMAKAAAJCwAAUgsAAJsLAADkCwAALQwAAHYMAAC/DAAA CA0AAFENAABSDQAAUw0AAFQNAABVDQAAVg0AAFcNAABYDQAAWQ0AAFoNAABbDQAAXA0AAF0NAABe DQAAXw0AAGANAABhDQAAYg0AAGMNAABkDQAAZQ0AAGYNAABnDQAAaA0AAGkNAABqDQAAaw0AAGwN AABtDQAAbg0AAG8NAABwDQAAcQ0AAHINAAC7DQAAvQ0AAAYOAAAHDgAACA4AABkOAAAaDgAAWA4A AJ0OAADlDgAAKw8AAG8PAACzDwAAxg8AAMcPAAALEAAAJhAAACcQAABtEAAAthAAANMQAADUEAAA HBEAAEcRAABIEQAAjBEAAM0RAADOEQAAERIAAFYSAACYEgAA3hIAACITAAAjEwAAZBMAAKsTAAC3 EwAAuBMAAPsTAABAFAAAhRQAAM0UAAAMFQAAUBUAAJcVAADeFQAAGhYAABsWAABfFgAAoxYAAOkW AAAtFwAALhcAAC8XAAAwFwAAMRcAAHkXAAB6FwAAwxcAAMQXAADFFwAADRgAAFIYAACUGAAA2hgA AB8ZAABfGQAAbxkAAHAZAAC3GQAA/hkAAEUaAACNGgAA1hoAAAUbAAAGGwAABxsAABobAAAbGwAA YRsAAKMbAADrGwAAMRwAAGIcAABjHAAAohwAANocAADbHAAAGR0AABsdAAAcHQAAWR0AAFsdAABc HQAAjh0AAI8dAAAMHwAADh8AAA8fAABQHwAAiB8AAIkfAACKHwAAix8AAIwfAACNHwAAjh8AAI8f AACQHwAAkR8AAJIfAACTHwAAlB8AAJUfAACWHwAAlx8AAJgfAADgHwAA4R8AACogAAArIAAALCAA AEQgAABdIAAAfSAAAMUgAAANIQAAVSEAAJ0hAADlIQAALSIAAHUiAAC9IgAABSMAAE0jAACaIwAA 6CMAADYkAACEJAAA0iQAACAlAABuJQAAvCUAAAomAABYJgAApiYAAPQmAABCJwAAkCcAAN4nAAAs KAAAeSgAAL8oAAAFKQAABikAAEUpAABGKQAARykAAIwpAAC5KQAAuikAALspAAADKgAATCoAAIIq AACDKgAAxioAAAsrAABQKwAAXSsAAGssAABsLAAAbSwAAG4sAABvLAAAcCwAAHEsAAC6LAAAuywA ALwsAAC9LAAAvywAAAgtAAAJLQAACi0AAFMtAACYLQAA1S0AABMvAAAULwAAWy8AAJUvAACWLwAA 2y8AABUwAAAWMAAAQjAAAEMwAACKMAAApDAAAKUwAADoMAAA+zAAAPwwAAA+MQAAUTEAAIgyAACJ MgAAvDMAAL0zAAC+MwAAvzMAAAg0AAAoNAAAKTQAACo0AAByNAAAtDQAAMw0AADNNAAAzjQAABY1 AAAqNQAAKzUAAEQ2AABFNgAAhjYAAMk2AADKNgAAyzYAAA43AAAPNwAAVzcAAGs3AAC6OAAAuzgA AAM5AAAQOQAAETkAAFk5AACaOQAAmzkAALE6AACyOgAAszoAALQ6AAC1OgAAtjoAALc6AAC4OgAA ADsAAAE7AABKOwAASzsAAEw7AACSOwAA0zsAANQ7AAAYPAAAXzwAAKY8AADsPAAALj0AADs9AAA8 PQAAfD0AALY9AAC3PQAA/z0AADA+AAB2QAAAd0AAAL5AAADSQAAA00AAABVBAAAWQQAAVkEAAPpB AAD7QQAAJUIAACZCAABvQgAAskIAAPlCAAA+QwAAf0MAALZDAAC3QwAA9EMAADtEAACARAAAxkQA APhEAAD5RAAASEUAAJdFAADmRQAAKEYAAGlGAABqRgAApEYAAKVGAADrRgAAMkcAADNHAAA0RwAA NUcAAH1HAAB+RwAAx0cAAMhHAADJRwAA30cAAOBHAAAsSAAAeEgAAMRIAAAESQAAT0kAAFBJAACH SQAAiEkAAIlJAADNSQAAEkoAAFNKAACXSgAAzkoAAMZMAADHTAAA80wAAPRMAAA8TQAAg00AAMdN AAANTgAAUE4AAJhOAADdTgAAIk8AACtPAACXTwAAmE8AALZPAAC3TwAA/08AAEZQAACNUAAA0VAA ABhRAABgUQAAeVEAANVRAADWUQAA11EAANhRAADZUQAA2lEAAAFSAAACUgAAbVMAAG5TAACyUwAA 9VMAAD1UAACDVAAAxFQAAAFVAAACVQAAA1UAAARVAABMVQAATVUAAJZVAACXVQAAmFUAALJVAACz VQAA2lUAANtVAAAiVgAAaFYAAK5WAADLVgAAzFYAAO9WAADwVgAAFFcAABVXAABeVwAAX1cAAIVX AACGVwAArVcAAK5XAAD0VwAA9VcAABhYAAAZWAAAP1gAAEBYAACDWAAAmlgAAJtYAADEWAAAxVgA AAdZAABPWQAAlFkAAKxZAACtWQAA8lkAABZaAAAXWgAAWloAAKJaAADnWgAABFsAAAVbAABIWwAA iFsAAK5bAACvWwAA8FsAAPFbAADyWwAA81sAADtcAAA8XAAAhVwAAIZcAACHXAAAzVwAABRdAAAp XQAAKl0AAHFdAACEXQAAhV0AAKhdAACpXQAAzV0AAM5dAAATXgAAHF4AAB1eAABAXgAAQV4AAIle AACKXgAAsV4AALJeAADZXgAA2l4AAAJfAAADXwAABF8AABRfAAAVXwAAXl8AAKNfAADmXwAAL2AA AG9gAAC1YAAA/GAAACdhAAAoYQAAa2EAALBhAADvYQAANGIAAHRiAAB1YgAAdmIAAJJiAACTYgAA 1WIAABhjAABgYwAAYWMAAGJjAABjYwAAq2MAAKxjAAD1YwAA9mMAAPdjAAA8ZAAAhWQAAMhkAAD+ ZAAA/2QAAEJlAACJZQAAzmUAABFmAABUZgAAnGYAANtmAAAeZwAAZWcAAKpnAADgZwAA4WcAAOJn AAD6ZwAA+2cAAEBoAACHaAAAzmgAABVpAAAgaQAAIWkAACJpAAAxaQAAMmkAAE1pAABOaQAAlWkA AK5pAACvaQAA9mkAACZqAAAnagAAaGoAAKJqAACjagAAwGoAAMFqAADSagAAEmsAAFBrAABRawAA YmsAAKZrAACnawAAqGsAAKlrAADxawAA8msAADtsAAA8bAAAPWwAAGRsAABlbAAAdGwAALpsAADj bAAA5GwAACRtAAA9bQAAPm0AAD9tAABAbQAAQW0AAEJtAABDbQAARG0AAEVtAABGbQAAR20AAEht AABJbQAASm0AAEttAABMbQAATW0AAE5tAABPbQAAUG0AAFFtAABSbQAAU20AAFRtAABVbQAAVm0A AFdtAABYbQAAWW0AAFptAABbbQAAXG0AAF1tAABebQAAX20AAGBtAABhbQAAYm0AAGNtAABkbQAA ZW0AAGZtAABnbQAAaG0AALFtAACzbQAA/G0AAP1tAAD+bQAAEW4AABJuAAAkbgAAN24AAFJuAABq bgAAcG4AAHFuAACSbgAAk24AAJRuAACkbgAAuG4AANRuAADrbgAA8G4AAPFuAAATbwAAFG8AABVv AAAWbwAAF28AABhvAAAZbwAAGm8AABtvAAAcbwAAHW8AAB5vAAAfbwAAIG8AACFvAAAibwAAI28A ACRvAAAlbwAAJm8AACdvAAAobwAAKW8AACpvAAArbwAALG8AAC1vAAAubwAAL28AADBvAAAxbwAA Mm8AADNvAAA0bwAAfG8AAH1vAADGbwAAx28AAMhvAADobwAA6W8AAC5wAAB3cAAAvnAAAARxAABK cQAAk3EAANdxAAD2cQAA93EAADlyAAB9cgAAxnIAAAJzAABLcwAAZ3MAAGhzAACvcwAA83MAADl0 AAB6dAAAkHQAAJF0AACSdAAAqXQAAKp0AADzdAAAPHUAAIJ1AADJdQAACnYAAEx2AACSdgAAk3YA AJR2AACodgAAqXYAAPF2AAA2dwAAe3cAAHx3AAB9dwAAjHcAAI13AADRdwAA5ncAAOd3AADodwAA 6XcAAOp3AAAzeAAANXgAADZ4AABJeAAATHgAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA gACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJiAEyAjMAAAAAAAAACA AAAAgAAAAAAAAAAAEACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAgAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAACAAJiAEyAjMAEAAAAAAACAAAAAgAAAAAAAAAAAEACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJiAEyAjMAIAAAAAAACAAAAA gAAAAAAAAAAAEACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAABAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAACACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIgAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAiACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAIgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAiACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAiACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AIgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA gACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACQAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA EACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACI AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAiACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIgA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAEACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAQAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAEACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAABAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAEACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAACACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAEACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAABAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAQAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAACACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAABAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAIAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAkACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAEACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA ABAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACQ AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAgA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAABAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAIAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAEACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAABAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAABAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAEACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAEACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAABAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAEACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAEACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAABAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYgBMgIzAD AAAAAAAAgAAAAIAAAAAAAAAAABAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAQAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAAGYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAgAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAZgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAHmIADAAMAAAAAAAAAEA AAAAAAAAAAAAAAAAgAGYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAACAGYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAABmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAeYgAMAAwAAAAAAAAAQAAAAAAAAAAAAAAAACAAZgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAAB5iAAwADAAAAAAAAAB AAAAAAAAAAAAAAAAAIABmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAHmIADAAMAAAAAAAAAEAAAAAAAAAAAAAAAAAgAGYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAkAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAAAAAAAAADAAAAAAAAAAAAAAAAAAAAAA AAAAAIABmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAHmIADAAMAAAAAAAAAEAAAAAAAAAAAAA AAAAgAGYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAAB5iAAwADAAAAAAAAABAAAAAAAAAAAAAAAAAIABmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmkAAABQwAAAAAAAA AIAAAACAAAAAAAAAAAAABQoAAAAAMAAAAAAAAAAAAAAAAAYwEwAAAAAAAAcAAAAAAQAAAAIAAAAD AAAATAAAAJUAAADeAAAAJwEAAHABAABxAQAAcgEAAKMBAADYAQAA2QEAAO0BAADuAQAANAIAAHkC AAC/AgAAAwMAAAQDAABJAwAAjQMAANADAADbAwAA3AMAACUEAABtBAAArwQAAO0EAADuBAAAKAUA AFcFAABYBQAAnAUAAMAFAADBBQAA9gUAAPcFAAAIBgAACQYAADcGAAA4BgAAQQYAAEIGAACKBgAA 0wYAABkHAABaBwAAnwcAAOQHAAAVCAAAFggAABcIAAAYCAAAYQgAAGMIAACsCAAArQgAAK4IAADA CAAAwQgAAAoJAABTCQAAnAkAAOUJAAAuCgAAdwoAAMAKAAAJCwAAUgsAAJsLAADkCwAALQwAAHYM AAC/DAAACA0AAFENAABSDQAAUw0AAFQNAABVDQAAVg0AAFcNAABYDQAAWQ0AAFoNAABbDQAAXA0A AF0NAABeDQAAXw0AAGANAABhDQAAYg0AAGMNAABkDQAAZQ0AAGYNAABnDQAAaA0AAGkNAABqDQAA aw0AAGwNAABtDQAAbg0AAG8NAABwDQAAcQ0AAHINAAC7DQAAvQ0AAAYOAAAHDgAACA4AABkOAAAa DgAAWA4AAJ0OAADlDgAAKw8AAG8PAACzDwAAxg8AAMcPAAALEAAAJhAAACcQAABtEAAAthAAANMQ AADUEAAAHBEAAEcRAABIEQAAjBEAAM0RAADOEQAAERIAAFYSAACYEgAA3hIAACITAAAjEwAAZBMA AKsTAAC3EwAAuBMAAPsTAABAFAAAhRQAAM0UAAAMFQAAUBUAAJcVAADeFQAAGhYAABsWAABfFgAA oxYAAOkWAAAtFwAALhcAAC8XAAAwFwAAMRcAAHkXAAB6FwAAwxcAAMQXAADFFwAADRgAAFIYAACU GAAA2hgAAB8ZAABfGQAAbxkAAHAZAAC3GQAA/hkAAEUaAACNGgAA1hoAAAUbAAAGGwAABxsAABob AAAbGwAAYRsAAKMbAADrGwAAMRwAAGIcAABjHAAAohwAANocAADbHAAAGR0AABsdAAAcHQAAWR0A AFsdAABcHQAAjh0AAI8dAAAMHwAADh8AAA8fAABQHwAAiB8AAIkfAACKHwAAix8AAIwfAACNHwAA jh8AAI8fAACQHwAAkR8AAJIfAACTHwAAlB8AAJUfAACWHwAAlx8AAJgfAADgHwAA4R8AACogAAAr IAAALCAAAEQgAABdIAAAfSAAAMUgAAANIQAAVSEAAJ0hAADlIQAALSIAAHUiAAC9IgAABSMAAE0j AACaIwAA6CMAADYkAACEJAAA0iQAACAlAABuJQAAvCUAAAomAABYJgAApiYAAPQmAABCJwAAkCcA AN4nAAAsKAAAeSgAAL8oAAAFKQAABikAAEUpAABGKQAARykAAIwpAAC5KQAAuikAALspAAADKgAA TCoAAIIqAACDKgAAxioAAAsrAABQKwAAXSsAAGssAABsLAAAbSwAAG4sAABvLAAAcCwAAHEsAAC6 LAAAuywAALwsAAC9LAAAvywAAAgtAAAJLQAACi0AAFMtAACYLQAA1S0AABMvAAAULwAAWy8AAJUv AACWLwAA2y8AABUwAAAWMAAAQjAAAEMwAACKMAAApDAAAKUwAADoMAAA+zAAAPwwAAA+MQAAUTEA AIgyAACJMgAAvDMAAL0zAAC+MwAAvzMAAAg0AAAoNAAAKTQAACo0AAByNAAAtDQAAMw0AADNNAAA zjQAABY1AAAqNQAAKzUAAEQ2AABFNgAAhjYAAMk2AADKNgAAyzYAAA43AAAPNwAAVzcAAGs3AAC6 OAAAuzgAAAM5AAAQOQAAETkAAFk5AACaOQAAmzkAALE6AACyOgAAszoAALQ6AAC1OgAAtjoAALc6 AAC4OgAAADsAAAE7AABKOwAASzsAAEw7AACSOwAA0zsAANQ7AAAYPAAAXzwAAKY8AADsPAAALj0A ADs9AAA8PQAAfD0AALY9AAC3PQAA/z0AADA+AAB2QAAAd0AAAL5AAADSQAAA00AAABVBAAAWQQAA VkEAAPpBAAD7QQAAJUIAACZCAABvQgAAskIAAPlCAAA+QwAAf0MAALZDAAC3QwAA9EMAADtEAACA RAAAxkQAAPhEAAD5RAAASEUAAJdFAADmRQAAKEYAAGlGAABqRgAApEYAAKVGAADrRgAAMkcAADNH AAA0RwAANUcAAH1HAAB+RwAAx0cAAMhHAADJRwAA30cAAOBHAAAsSAAAeEgAAMRIAAAESQAAT0kA AFBJAACHSQAAiEkAAIlJAADNSQAAEkoAAFNKAACXSgAAzkoAAMZMAADHTAAA80wAAPRMAAA8TQAA g00AAMdNAAANTgAAUE4AAJhOAADdTgAAIk8AACtPAACXTwAAmE8AALZPAAC3TwAA/08AAEZQAACN UAAA0VAAABhRAABgUQAAeVEAANVRAADWUQAA11EAANhRAADZUQAA2lEAAAFSAAACUgAAbVMAAD1U AACDVAAAxFQAAAFVAABMVQAATVUAAJZVAACXVQAAmFUAALJVAAA2eAAASXgAAEx4AACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA gACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA gACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA gACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAgACYgBMgIzAAAAAAAAAAgAAAAIAAAAAAAAAAAJAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYgBMgIzABAAAAAAAAgAAAAIAAAAAA AAAAAJAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAgACYgBMgIzACAAAAAAAAgAAAAIAAAAAAAAAAAJAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAkACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA gACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACI AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAiACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIgA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAiACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAiACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIgAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAiACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAiACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA kACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAkACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAJAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAiACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIgAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAJAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAkACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAJAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAACQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAA gAAAAIAAAAAoAAAAABAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIgAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAJAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAkACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAkACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA iACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAJAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAkACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAiACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAJAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAACQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAkACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACQAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAiACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAJAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAACQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAiACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAABAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAABAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACQAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAABAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAJAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAACQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAkACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAIAAmIATICMwAwAAAAAAAIAAAACAAAAAAAAAAACQAHmIADAaMQAAAAAAAAEA AAALAAAAAAAAAAAAkAF5iAAwGjEAAAAAAAABAAAACwAAAAAAAAAAAIAHeYgAMBoRAAAAAAAAAQAA AAsAAAAbAQAAQCTCB3mIADAaAQAAAAAAAAEAAAAKAAAAAAAAAAAAgAd5iAAwGgEAAAAAAAACAAAA CAAAAAAAAAAAAIAHeYgAMBoxAAAAAAAAAQAAAAYAAAAAAAAAAACIB3mIADAaMQAAAAAAAAEAAAAH AAAAGwEAAEAkwgd5iAAwGjEAAAAAAAABAAAABgAAAAAAAAAAAIAHecgAMBoxAAAAAAAAAQAAAAUA AAAAAAAAAACAB3mIADAaMQAAAAAAAAEAAAAEAAAAAAAAAAAAiAd5iAAwGjEAAAAAAAACAAAAAgAA AAAAAAAAAIgHmAAAAAAwAAAAAAAAAIAAAACAAAAAAAAAAAAAB5gAAAAAMAAAAAAAAACAAAAAgAAA AAAAAACAAAd5yAAwADAAAAAAAAABAAAAAAAAAAAAAAAAAAAHCAAAAAAwAAAAAAAAAAAAAAAABjAT AAAAAAAABwAGAACAJQAAuDEAAP82AAAnPAAADj8AAHVIAADXWQAANYAAAEuAAABBAAAATAAAAFIA AABVAAAAWAAAAFsAAABeAAAAYwAAAHEAAAAABgAA7QwAAK0QAABbFQAAGRYAAGQbAACUIAAA2yQA ABwlAABcJQAAjyUAAIwnAAAFKwAARTEAAAszAAC8NAAAlTcAAIk6AADNPAAADz8AALJCAAAwRgAA JkoAAMdPAADHVAAAGFkAANpZAAABXQAA9V8AAPJjAAACZwAAq2sAACBxAAA7dAAAUHUAAP51AAAe dwAA6XcAAMl9AABLgAAAQgAAAEQAAABFAAAARgAAAEcAAABIAAAASQAAAEoAAABLAAAATQAAAE4A AABPAAAAUAAAAFEAAABTAAAAVAAAAFYAAABXAAAAWQAAAFoAAABcAAAAXQAAAF8AAABgAAAAYQAA AGIAAABkAAAAZQAAAGYAAABnAAAAaAAAAGkAAABqAAAAawAAAGwAAABtAAAAbgAAAG8AAABwAAAA AAYAAEqAAABDAAAADwAA8DgAAAAAAAbwGAAAAAIIAAACAAAAAQAAAAEAAAABAAAAAgAAAEAAHvEQ AAAA//8AAAAA/wCAgIAA9wAAEAAPAALwkgAAABAACPAIAAAAAQAAAAEEAAAPAAPwMAAAAA8ABPAo AAAAAQAJ8BAAAAAAAAAAAAAAAAAAAAAAAAAAAgAK8AgAAAAABAAABQAAAA8ABPBCAAAAEgAK8AgA AAABBAAAAA4AAFMAC/AeAAAAvwEAABAAywEAAAAA/wEAAAgABAMJAAAAPwMBAAEAAAAR8AQAAAAB AAAA//8OAAAABgCD2RwKEQABACyvjAMGAITZHAoIAAEANB2DBQYAhdkcChEAAQC0Ro4DBgCG2RwK EQABABQwGAAGAIfZHAoRAAEAVDAYAAYAiNkcCggAAQD8Q4MFBgCJ2RwKCQABAKxEgwUGAIrZHAoI AAIAVFqBBQYAi9kcCggAAQDUrY8DBgCM2RwKEQABAPxNjwMGAI3ZHAoIAAEAhLWBBQYAjtkcCgkA AQDsWoEFBgCP2RwKCQABAKzYIgAGAJDZHAoRAAEAJGyPAyIpAAAiKQAAKCkAACopAAAwKQAArC4A AKwuAAA0bgAAWW4AAFluAABybgAAcm4AAH1uAACBbgAATHgAAAAAAAACAAEAAAACAAIAAAACAAMA AAADAAQAAAABAAUAAAACAAYAAAACAAcAAAABAAgAAAACAAkAAAACAAwAAAACAAoAAAACAAsAAAAC AA0AAAACACcpAAAtKQAALSkAAC8pAAA1KQAAsS4AALEuAABBbgAAb24AAG9uAAB7bgAAf24AAIZu AACGbgAATHgAAAAAAQABAAEAAgABAAMAAAAEAAAABQAAAAYAAAAHAAAACAAAAAkAAAALAAEADAAB AAoAAAANAAAACQAAAFYAAAANAAAAKoB1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTpz bWFydHRhZ3MFgHBsYWNlHYBodHRwOi8vd3d3LjVpYW50bGF2YWxhbXAuY29tL2gAAAAIAAAAKoB1 cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTpzbWFydHRhZ3MEgENpdHkwgGh0dHA6Ly93 d3cuNWlhbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOnNtYXJ0dGFncz0AAAAOAAAAKoB1cm46c2No ZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTpzbWFydHRhZ3MJgFBsYWNlTmFtZQCAPQAAAAwAAAAq gHVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOnNtYXJ0dGFncwmAUGxhY2VUeXBlAIA7 AAAABgAAACqAdXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6c21hcnR0YWdzB4BhZGRy ZXNzAIBWAAAABwAAACqAdXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6c21hcnR0YWdz CoBQZXJzb25OYW1lGIBodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20+AAAAAQAAACqAdXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6c21hcnR0YWdzCoBQb3N0YWxDb2RlAIA6AAAABQAAACqA dXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6c21hcnR0YWdzBoBTdHJlZXQAgGkAAAAC AAAAKoB1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTpzbWFydHRhZ3MFgFN0YXRlMIBo dHRwOi8vd3d3LjVpYW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTpzbWFydHRhZ3MMAAABqFedAgAA AAAOAAAAAAANAAAAAAAMAAAAAAAOAAAAAAAMAAAAAAANAAAAAAAIAAAAAAAHAAAAAAAGAAAAAAAF AAAAAAANAAAAAAAIAAAAAAACAAAAAAABAAAAAAD//wEACgAAAAABL+GEB//////sMwAAOHgAAAAA AADuMwAAOHgAAAAAAACFAAAAiwAAANUAAADdAAAASQQAAFIEAAAgCAAAKAgAADoIAAA+CAAABgoA AAkKAADfCgAA6AoAAHoNAACCDQAALg4AADMOAAChDgAApQ4AANUOAADYDgAAMhMAADkTAAA5FwAA QRcAAFMXAABXFwAAEB4AABUeAACgHwAAqB8AAE4+AABTPgAA8D8AAPY/AAB/QAAAhEAAAHBBAAB1 QQAAX0UAAGJFAABrRQAAbkUAAIBaAACMWgAAFVwAABlcAACFYwAAiWMAAMtrAADPawAA124AAOtu AADubgAA8G4AAPRuAAATbwAANngAAEx4AAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAc AAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwA BwAcAAcAHAAHABwABwAcAAcABQAHAAUABwAFAAcABwAAAAAAtwEAANcBAAA3AgAAQQIAAHwCAACA AgAAwgIAAMcCAABMAwAAgQMAAJADAACVAwAA0wMAANoDAAAoBAAAKwQAAHAEAAB0BAAAsgQAALoE AAAaBgAAHQYAAH4GAACJBgAAjQYAAJMGAADWBgAA4AYAABwHAAAfBwAAXQcAAGUHAACiBwAAqgcA AOcHAAAUCAAAWwkAAGUJAACoCQAAswkAAPEJAAD6CQAAfwoAAJAKAADICgAA2QoAADUMAABBDAAA fgwAAIwMAABbDgAAZg4AAKAOAADaDgAA6A4AAO4OAAByDwAAdw8AALYPAADFDwAADhAAABcQAAAq EAAANRAAAHMQAAB4EAAAvBAAAL4QAADXEAAA3hAAACIRAAAnEQAASxEAAFIRAAAUEgAAHBIAAJsS AACiEgAA4RIAAO0SAABnEwAAchMAAK4TAAC1EwAAuxMAAMYTAAABFAAAChQAAEYUAABLFAAAixQA AJgUAADTFAAA2xQAAFYVAABcFQAAnRUAAKAVAADkFQAA5xUAAB4WAAAqFgAAZRYAAG8WAACpFgAA tRYAAO8WAAD2FgAAEBgAABMYAABVGAAAWxgAAJcYAACfGAAA3RgAAOcYAAAiGQAAJhkAAGIZAABt GQAAuhkAAL4ZAAABGgAABRoAAEgaAABXGgAAkBoAAJ0aAADZGgAA4BoAAKYbAACxGwAANBwAADkc AAClHAAArxwAAFceAABbHgAAUx8AAFofAADgIgAA5CIAAN0jAADhIwAAKyQAAC8kAAB5JAAAfSQA AMckAADLJAAA3yQAAOMkAAAtJQAAMSUAAIklAACNJQAAJSYAACkmAABhJgAAZSYAAP0mAAABJwAA WycAAFwnAACPKQAAkykAAAYqAAAJKgAATyoAAF0qAADMKgAA1CoAABErAAAbKwAAWS0AAHUtAACe LQAApi0AAF4vAABnLwAA4S8AAOYvAACNMAAAlDAAAO4wAAD5MAAARDEAAE8xAAALNAAADTQAAHg0 AACDNAAAujQAAMs0AAAcNQAAIDUAAIk2AACTNgAAXTcAAGE3AADMOAAA0TgAAAY5AAAPOQAAXzkA AGY5AAACOgAABjoAAJg7AACfOwAAqjwAALQ8AADvPAAA9zwAAII9AACKPQAABT4AAAc+AABYPwAA XT8AAMFAAADKQAAA/kEAAAhCAAByQgAAdEIAALVCAAC8QgAA/EIAAP9CAABBQwAARUMAAIJDAACM QwAA90MAAAREAAA+RAAAQUQAAINEAACKRAAAyUQAAMxEAAAVRgAAJ0YAAMxHAADQRwAAN0kAAE5J AADQSQAA1kkAABVKAAAfSgAAVkoAAF5KAACaSgAAoUoAAMxMAADXTAAAP00AAEJNAACGTQAAjU0A ABBOAAAVTgAAU04AAFpOAACbTgAAn04AACVPAAApTwAAnU8AAKZPAAACUAAACVAAAElQAABTUAAA kFAAAJNQAADUUAAA21AAABtRAAAkUQAAY1EAAGVRAAC1UwAAwVMAAPhTAAD/UwAAQFQAAEJUAACG VAAAkVQAAMdUAADPVAAAm1UAAKlVAAC2VQAAx1UAALFWAAC0VgAAz1YAANVWAADzVgAA+VYAAGJX AABoVwAAiVcAAI9XAAD4VwAA/lcAABxYAAAiWAAAnlgAAK9YAAAKWQAAFVkAALBZAAC2WQAA+FkA APxZAAAaWgAAIFoAAGBaAAB4WgAAqFoAALJaAADtWgAAA1sAAAhbAAAOWwAATlsAAFpbAACOWwAA mVsAAIpcAACRXAAA0FwAANZcAACIXQAAjl0AAKxdAACyXQAAIF4AACZeAACNXgAAk14AALVeAAC7 XgAA3V4AAONeAACmXwAArl8AAOlfAADxXwAAMmAAADpgAAByYAAAe2AAALhgAADCYAAA/2AAAAdh AABuYQAAdWEAAPJhAAD8YQAAN2IAAD1iAAD6YwAAAGQAAD9kAABDZAAAiGQAAItkAADLZAAA0WQA AEVlAABMZQAAjGUAAJVlAADRZQAA2mUAAFdmAABfZgAAn2YAAKhmAADeZgAA62YAACFnAAAnZwAA rWcAALFnAABDaAAAS2gAANFoAADTaAAABGoAACVqAAAgawAAT2sAAPxuAAAQbwAAFG8AABVvAAAZ bwAAKG8AAHpwAACBcAAAwXAAAMVwAAAHcQAADHEAAE1xAABRcQAAlnEAAJhxAAA8cgAARnIAAIBy AACHcgAAyXIAAM1yAAAFcwAAEnMAALJzAAC8cwAA9nMAAPxzAABPdgAAkXYAALp2AAC9dgAA9HYA APZ2AAA5dwAAP3cAADZ4AABMeAAABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMA BwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAH ADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcA MwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAz AAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMA BwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAH ADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcA MwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAz AAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMA BwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAH ADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcA MwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAz AAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMA BwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAH ADMABwAzAAcAMwAHADMABwAzAAcAMwAHAAUABwAFAAcABQAHADMABwAzAAcAMwAHADMABwAzAAcA MwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHAAcAAAAAAAE7AABSOwAA2lEA AN5RAACbVQAAs1UAAP93AAA1eAAANngAAEh4AABMeAAABwAFAAcABQAHAAUABwAFAAcABQAHAAAA AAA2eAAATHgAAAcABwADADp33SCImMBy/w//D/8P/w//D/8P/w//D/8PEAC3D8Mz2AVItf8P/w// D/8P/w//D/8P/w//DxAA+HBfb1zN+JIoACYAAwAEAAUABgAHAAgACQAAAAEAAAAXAAAAAAAAAAAA AABoAQAAAAAAABUYAAAPhNACEYSY/hXGBQAB0AIGXoTQAmCEmP5PSgEAUUoBAG8oAIdoAAAAAIhI AAABALfwAQAAAASAAQAAAAAAAAAAAAAAAAAAAAAAChgAAA+EoAURhJj+FcYFAAGgBQZehKAFYISY /odoAAAAAIhIAAACAAEALgABAAAAAoIBAAAAAAAAAAAAAAAAAAAAAAAKGAAAD4RwCBGETP8VxgUA AXAIBl6EcAhghEz/h2gAAAAAiEgAAAIAAgAuAAEAAAAAgAEAAAAAAAAAAAAAAAAAAAAAAAoYAAAP hEALEYSY/hXGBQABQAsGXoRAC2CEmP6HaAAAAACISAAAAgADAC4AAQAAAASAAQAAAAAAAAAAAAAA AAAAAAAAChgAAA+EEA4RhJj+FcYFAAEQDgZehBAOYISY/odoAAAAAIhIAAACAAQALgABAAAAAoIB AAAAAAAAAAAAAAAAAAAAAAAKGAAAD4TgEBGETP8VxgUAAeAQBl6E4BBghEz/h2gAAAAAiEgAAAIA BQAuAAEAAAAAgAEAAAAAAAAAAAAAAAAAAAAAAAoYAAAPhLATEYSY/hXGBQABsBMGXoSwE2CEmP6H aAAAAACISAAAAgAGAC4AAQAAAASAAQAAAAAAAAAAAAAAAAAAAAAAChgAAA+EgBYRhJj+FcYFAAGA FgZehIAWYISY/odoAAAAAIhIAAACAAcALgABAAAAAoIBAAAAAAAAAAAAAAAAAAAAAAAKGAAAD4RQ GRGETP8VxgUAAVAZBl6EUBlghEz/h2gAAAAAiEgAAAIACAAuAAEAAAAAAAEAAAAAAAAAAAAAAAAA AAAAAAMYAAAPhEgDEYQg/hXGBQABSAMGXoRIA2CEIP5vKAACAAAALgABAAAABIABAAAAAAAAAAAA AAAAAAAAAAAKGAAAD4SgBRGEmP4VxgUAAaAFBl6EoAVghJj+h2gAAAAAiEgAAAIAAQAuAAEAAAAC ggEAAAAAAAAAAAAAAAAAAAAAAAoYAAAPhHAIEYRM/xXGBQABcAgGXoRwCGCETP+HaAAAAACISAAA AgACAC4AAQAAAACAAQAAAAAAAAAAAAAAAAAAAAAAChgAAA+EQAsRhJj+FcYFAAFACwZehEALYISY /odoAAAAAIhIAAACAAMALgABAAAABIABAAAAAAAAAAAAAAAAAAAAAAAKGAAAD4QQDhGEmP4VxgUA ARAOBl6EEA5ghJj+h2gAAAAAiEgAAAIABAAuAAEAAAACggEAAAAAAAAAAAAAAAAAAAAAAAoYAAAP hOAQEYRM/xXGBQAB4BAGXoTgEGCETP+HaAAAAACISAAAAgAFAC4AAQAAAACAAQAAAAAAAAAAAAAA AAAAAAAAChgAAA+EsBMRhJj+FcYFAAGwEwZehLATYISY/odoAAAAAIhIAAACAAYALgABAAAABIAB AAAAAAAAAAAAAAAAAAAAAAAKGAAAD4SAFhGEmP4VxgUAAYAWBl6EgBZghJj+h2gAAAAAiEgAAAIA BwAuAAEAAAACggEAAAAAAAAAAAAAAAAAAAAAAAoYAAAPhFAZEYRM/xXGBQABUBkGXoRQGWCETP+H aAAAAACISAAAAgAIAC4AAQAAAAAAAQAAAAAAAAAAAQAAAAAAAAAAAxAAAA+EsAERhFD+XoSwAWCE UP5vKAACAAAALgABAAAAAAABAwAAAAAAAAABAAAAAAAAAAADEAAAD4RAAhGEwP1ehEACYITA/W8o AAMAAAAuAAEAAQAAAAAAAQMFAAAAAAAAAAAAAAAAAAAAAxgAAA+E0AIRhDD9FcYFAAHQAgZehNAC YIQw/W8oAAUAAAAuAAEALgACAAEAAAAAAAEDBQcAAAAAAAAAAAAAAAAAAAMYAAAPhGADEYSg/BXG BQABYAMGXoRgA2CEoPxvKAAHAAAALgABAC4AAgAuAAMAAQAAAAAAAQMFBwkAAAAAAAAAAAAAAAAA AxgAAA+E8AMRhBD8FcYFAAHwAwZehPADYIQQ/G8oAAkAAAAuAAEALgACAC4AAwAuAAQAAQAAAAAA AQMFBwkLAAAAAAAAAAAAAAAAAxgAAA+EgAQRhID7FcYFAAGABAZehIAEYISA+28oAAsAAAAuAAEA LgACAC4AAwAuAAQALgAFAAEAAAAAAAEDBQcJCw0AAAAAAAAAAAAAAAMYAAAPhBAFEYTw+hXGBQAB EAUGXoQQBWCE8PpvKAANAAAALgABAC4AAgAuAAMALgAEAC4ABQAuAAYAAQAAAAAAAQMFBwkLDQ8A AAAAAAAAAAAAAxgAAA+EoAURhGD6FcYFAAGgBQZehKAFYIRg+m8oAA8AAAAuAAEALgACAC4AAwAu AAQALgAFAC4ABgAuAAcAAQAAAAAAAQMFBwkLDQ8RAAAAAAAAAAAAAxgAAA+EMAYRhND5FcYFAAEw BgZehDAGYITQ+W8oABEAAAAuAAEALgACAC4AAwAuAAQALgAFAC4ABgAuAAcALgAIABQAAAD4cF9v AAAAAAAAAAAAAAAA+HBfbwAAAAAAAAAAAAAAAPhwX28AAAAAAAAAAAAAAAD4cF9vAAAAAAAAAAAA AAAA+HBfbwAAAAAAAAAAAAAAAPhwX28AAAAAAAAAAAAAAAD4cF9vAAAAAAAAAAAAAAAA+HBfbwAA AAAAAAAAAAAAAPhwX28AAAAAAAAAAAAAAAD4cF9vAAAAAAAAAAAAAAAA+HBfbwAAAAAAAAAAAAAA APhwX28AAAAAAAAAAAAAAAD4cF9vAAAAAAAAAAAAAAAA+HBfbwAAAAAAAAAAAAAAAPhwX28AAAAA AAAAAAAAAAD4cF9vAAAAAAAAAAAAAAAA+HBfbwAAAAAAAAAAAAAAAPhwX28AAAAAAAAAAAAAAAC3 D8MzAAAAAAAAAAAAAAAAOnfdIAAAAAAAAAAAAAAHBv////////////////////////////////// //////////////////////////////////////////////////////////////////////////8D AAAAAAAAAAAA//8DAAAAEgABAAkEGQAJBBsACQQPAAkEGQAJBBsACQQPAAkEGQAJBBsACQQSAJIo ehIZAAkEGwAJBA8ACQQZAAkEGwAJBA8ACQQZAAkEGwAJBAAAFAAAAAQAAAAIAAAA5QAAAAAAAAAT AAAAew4VAHUQMgD1GzkAPAI9ABcdXAA2PF8AYAliAHY5ZQCzKWoAXBByAElQfABVKqMAdBKsACNs swBDBLgA51HLAEVoywAdGtkAqyfiAGN39gD/QAOAAQBrUwAAa1MAAJhaJwIBAAEAa1MAAAEAAABr UwAAAAAAAAIQAAAAAAAAAEt4AABwAAAQAEAAAP//AgAAAAcAVQBuAGsAbgBvAHcAbgAQAE4AYQBu AGMAeQAgAEMAYQBtAC0AVwBpAG4AZwBlAHQA//8CAAgAAAAAAAAAAAAAAAAAAAAAAAAAAQD//wIA AAAAAAAA//8AAAIA//8AAAAA//8AAAIA//8AAAAACgAAAEcWkAEAAAICBgMFBAUCAwSHegAgAAAA gAgAAAAAAAAA/wEAAAAAAABUAGkAbQBlAHMAIABOAGUAdwAgAFIAbwBtAGEAbgAAADUWkAECAAUF AQIBBwYCBQcAAAAAAAAAEAAAAAAAAAAAAAAAgAAAAABTAHkAbQBiAG8AbAAAADMmkAEAAAILBgQC AgICAgSHegAgAAAAgAgAAAAAAAAA/wEAAAAAAABBAHIAaQBhAGwAAAAzFpABAAACAgYDBQQFAgME h3oAIAAAAIAIAAAAAAAAAP8BAAAAAAAAVABpAG0AZQBzAAAAOwaQAQIABQAAAAAAAAAAAAAAAAAA AAAQAAAAAAAAAAAAAACAAAAAAFcAaQBuAGcAZABpAG4AZwBzAAAAOxaQAYEHAgMGAAABAQEBAa8C ALD7fNdpMAAAAAAAAACfAAgAAAAAAEIAYQB0AGEAbgBnAAAAFLzV0AAANSaQAQAAAgsGBAMFBAQC BId6ACEAAACACAAAAAAAAAD/AQEAAAAAAFQAYQBoAG8AbQBhAAAAOyaQAQAAAgsGBAICAgICBId6 ACAAAACACAAAAAAAAAD/AQAAAAAAAEgAZQBsAHYAZQB0AGkAYwBhAAAAPzWQAQAAAgcDCQICBQIE BId6ACAAAACACAAAAAAAAAD/AQAAAAAAAEMAbwB1AHIAaQBlAHIAIABOAGUAdwAAADsCkAGGBwIB BgADAQEBAQEBAAAAAAAOCBAAAAAAAAAAAAAEAAAAAABTAGkAbQBTAHUAbgAAAItbU08AACIABABx iIgYAPDQAgAAaAEAAAAAatyhpoHdoaYAAAAACgB9AAAA8REAAEVmAAABAD0AAAAEAAMQ2gAAAPER AABFZgAAAQA9AAAA2gAAAAAAAAAhAwDwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnBaAF tAC0AIGBMjQAABAAGQBkAAAAGQAAAPl3AAD5dwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAUyg1EA8BAACAADAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASFAAAAAAKPD/DwEAAT8AAAAAAADbHAAA////f////38A AAAA////f////3////9/NjxfAAAAAAAyAAAAAAAAAAAAAAAAAAEAAAD//xIAAAAAAAAAAAAAAAAA AAAQAE4AYQBuAGMAeQAgAEMAYQBtAC0AVwBpAG4AZwBlAHQAEABOAGEAbgBjAHkAIABDAGEAbQAt AFcAaQBuAGcAZQB0AAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAYAAAADAAAAAAAMAAEADAACAAwA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+ /wAABQACAAAAAAAAAAAAAAAAAAAAAAABAAAA4IWf8vlPaBCrkQgAKyez2TAAAACEAQAAEQAAAAEA AACQAAAAAgAAAJgAAAADAAAApAAAAAQAAACwAAAABQAAAMwAAAAGAAAA2AAAAAcAAADkAAAACAAA APgAAAAJAAAAFAEAABIAAAAgAQAACgAAAEABAAAMAAAATAEAAA0AAABYAQAADgAAAGQBAAAPAAAA bAEAABAAAAB0AQAAEwAAAHwBAAACAAAA5AQAAB4AAAAEAAAAAAAAAB4AAAAEAAAAAAAAAB4AAAAU AAAATmFuY3kgQ2FtLVdpbmdldAAAAAAeAAAABAAAAAAAAAAeAAAABAAAAAAAAAAeAAAADAAAAE5v cm1hbC5kb3QAAB4AAAAUAAAATmFuY3kgQ2FtLVdpbmdldAAAAAAeAAAABAAAADEwAAAeAAAAGAAA AE1pY3Jvc29mdCBPZmZpY2UgV29yZAAAAEAAAAAALll2EQAAAEAAAAAAZN4HrCPGAUAAAAAANm42 0CPGAQMAAAABAAAAAwAAAPERAAADAAAARWYAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/v8AAAUAAgAA AAAAAAAAAAAAAAAAAAAAAQAAAALVzdWcLhsQk5cIACss+a4wAAAA+AAAAAwAAAABAAAAaAAAAA8A AABwAAAABQAAAIwAAAAGAAAAlAAAABEAAACcAAAAFwAAAKQAAAALAAAArAAAABAAAAC0AAAAEwAA ALwAAAAWAAAAxAAAAA0AAADMAAAADAAAANkAAAACAAAA5AQAAB4AAAAUAAAAQ2lzY28gU3lzdGVt cywgSW5jLgADAAAA2gAAAAMAAAA9AAAAAwAAAPl3AAADAAAARxYLAAsAAAAAAAAACwAAAAAAAAAL AAAAAAAAAAsAAAAAAAAAHhAAAAEAAAABAAAAAAwQAAACAAAAHgAAAAYAAABUaXRsZQADAAAAAQAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAACAAAAAwAAAAQAAAAF AAAABgAAAAcAAAAIAAAACQAAAAoAAAALAAAADAAAAA0AAAAOAAAADwAAABAAAAARAAAAEgAAABMA AAAUAAAAFQAAABYAAAAXAAAAGAAAABkAAAAaAAAAGwAAABwAAAAdAAAAHgAAAB8AAAAgAAAAIQAA ACIAAAAjAAAAJAAAACUAAAAmAAAAJwAAACgAAAApAAAAKgAAACsAAAAsAAAALQAAAC4AAAAvAAAA MAAAADEAAAAyAAAAMwAAADQAAAA1AAAANgAAADcAAAA4AAAAOQAAADoAAAA7AAAAPAAAAD0AAAA+ AAAAPwAAAEAAAABBAAAAQgAAAEMAAABEAAAARQAAAEYAAABHAAAASAAAAEkAAABKAAAASwAAAEwA AABNAAAATgAAAE8AAABQAAAAUQAAAFIAAABTAAAAVAAAAFUAAABWAAAAVwAAAFgAAABZAAAAWgAA AFsAAABcAAAAXQAAAF4AAABfAAAAYAAAAGEAAABiAAAAYwAAAGQAAABlAAAAZgAAAGcAAABoAAAA aQAAAGoAAABrAAAAbAAAAG0AAABuAAAAbwAAAHAAAABxAAAAcgAAAP7///90AAAAdQAAAHYAAAB3 AAAAeAAAAHkAAAB6AAAAewAAAHwAAAB9AAAAfgAAAH8AAACAAAAAgQAAAIIAAACDAAAAhAAAAIUA AACGAAAAhwAAAIgAAACJAAAAigAAAIsAAACMAAAAjQAAAI4AAACPAAAAkAAAAJEAAACSAAAAkwAA AJQAAACVAAAAlgAAAJcAAACYAAAAmQAAAJoAAACbAAAAnAAAAJ0AAACeAAAAnwAAAKAAAAChAAAA ogAAAKMAAACkAAAApQAAAKYAAACnAAAAqAAAAKkAAACqAAAAqwAAAKwAAACtAAAArgAAAK8AAACw AAAAsQAAALIAAACzAAAAtAAAALUAAAC2AAAAtwAAALgAAAC5AAAAugAAALsAAAC8AAAAvQAAAL4A AAC/AAAAwAAAAMEAAADCAAAAwwAAAMQAAADFAAAAxgAAAMcAAADIAAAAyQAAAMoAAADLAAAAzAAA AM0AAADOAAAAzwAAANAAAADRAAAA0gAAANMAAADUAAAA1QAAANYAAADXAAAA2AAAANkAAADaAAAA 2wAAANwAAADdAAAA3gAAAN8AAADgAAAA4QAAAOIAAADjAAAA/v///+UAAADmAAAA5wAAAOgAAADp AAAA6gAAAOsAAAD+////7QAAAO4AAADvAAAA8AAAAPEAAADyAAAA8wAAAP7////9/////f////cA AAD+/////v////7///////////////////////////////////9SAG8AbwB0ACAARQBuAHQAcgB5 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFgAFAf////////// AwAAAAYJAgAAAAAAwAAAAAAAAEYAAAAAAAAAAAAAAADAEoBB0CPGAfkAAACAAAAAAAAAADEAVABh AGIAbABlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAOAAIB/////wUAAAD/////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcwAA AKvgAAAAAAAAVwBvAHIAZABEAG8AYwB1AG0AZQBuAHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAABoAAgEBAAAA//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAANOQAAAAAAAAFAFMAdQBtAG0AYQByAHkASQBuAGYAbwByAG0AYQB0AGkA bwBuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAACAQIAAAAEAAAA/////wAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOQAAAAAEAAAAAAAAAUARABvAGMAdQBtAGUAbgB0AFMA dQBtAG0AYQByAHkASQBuAGYAbwByAG0AYQB0AGkAbwBuAAAAAAAAAAAAAAA4AAIB//////////// ////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7AAAAAAQAAAAAAAAAQBDAG8A bQBwAE8AYgBqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ABIAAgD///////////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA cQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAP///////////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA////////////////AAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAP7///////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////8BAP7/AwoAAP////8GCQIAAAAAAMAA AAAAAABGHwAAAE1pY3Jvc29mdCBPZmZpY2UgV29yZCBEb2N1bWVudAAKAAAATVNXb3JkRG9jABAA AABXb3JkLkRvY3VtZW50LjgA9DmycQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFIAbwBvAHQAIABFAG4AdAByAHkAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWAAUB//////////8DAAAA BgkCAAAAAADAAAAAAAAARgAAAAAAAAAAAAAAAMBDHatgJMYB/wAAAMADAAAAAAAAMQBUAGEAYgBs AGUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4A AgH/////BQAAAP////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABzAAAAq+AA AAAAAABXAG8AcgBkAEQAbwBjAHUAbQBlAG4AdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAGgACAQEAAAD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAA05AAAAAAAAAUAUwB1AG0AbQBhAHIAeQBJAG4AZgBvAHIAbQBhAHQAaQBvAG4A AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAIBAgAAAAQAAAD/////AAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAA5AAAAAAQAAAAAAAAgQAAAIIAAACDAAAAhAAAAIUAAACGAAAA hwAAAIgAAACJAAAAigAAAIsAAACMAAAAjQAAAI4AAACPAAAAkAAAAJEAAACSAAAAkwAAAJQAAACV AAAAlgAAAJcAAACYAAAAmQAAAJoAAACbAAAAnAAAAJ0AAACeAAAAnwAAAKAAAAChAAAAogAAAKMA AACkAAAApQAAAKYAAACnAAAAqAAAAKkAAACqAAAAqwAAAKwAAACtAAAArgAAAK8AAACwAAAAsQAA ALIAAACzAAAAtAAAALUAAAC2AAAAtwAAALgAAAC5AAAAugAAALsAAAC8AAAAvQAAAL4AAAC/AAAA wAAAAMEAAADCAAAAwwAAAMQAAADFAAAAxgAAAMcAAADIAAAAyQAAAMoAAADLAAAAzAAAAM0AAADO AAAAzwAAANAAAADRAAAA0gAAANMAAADUAAAA1QAAANYAAADXAAAA2AAAANkAAADaAAAA2wAAANwA AADdAAAA3gAAAN8AAADgAAAA4QAAAOIAAADjAAAA/v///+UAAADmAAAA5wAAAOgAAADpAAAA6gAA AOsAAAD+///////////////////////////////////////////////9//////////////////// ///////////+AAAA/f////7////+/////v////0AAAABAAAA/v///wMAAAAEAAAABQAAAAYAAAAH AAAACAAAAAkAAAAKAAAACwAAAAwAAAANAAAADgAAAP7///////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////7QBAAAFAAAAAgAAABQAAABfAEEAZABIAG8A YwBSAGUAdgBpAGUAdwBDAHkAYwBsAGUASQBEAAAAAwAAABAAAABfAE4AZQB3AFIAZQB2AGkAZQB3 AEMAeQBjAGwAZQAAAAQAAAAOAAAAXwBFAG0AYQBpAGwAUwB1AGIAagBlAGMAdAAAAAUAAAANAAAA XwBBAHUAdABoAG8AcgBFAG0AYQBpAGwAAAAAAAYAAAAYAAAAXwBBAHUAdABoAG8AcgBFAG0AYQBp AGwARABpAHMAcABsAGEAeQBOAGEAbQBlAAAAAgAAALAEAAATAAAACQQAAAMAAAAdSdKkHwAAAAEA AAAAAAAAHwAAABoAAABbAEMAYQBwAHcAYQBwAF0AIABsAHcAYQBwAHAALQBkAHQAbABzACAAZQBk AGkAdABzAAAAHwAAABMAAABuAGMAYQBtAHcAaQBuAGcAQABjAGkAcwBjAG8ALgBjAG8AbQAAAAAA HwAAABgAAABOAGEAbgBjAHkAIABXAGkAbgBnAGUAdAAgACgAbgBjAGEAbQB3AGkAbgBnACkAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQBEAG8AYwB1AG0AZQBuAHQAUwB1AG0AbQBh AHIAeQBJAG4AZgBvAHIAbQBhAHQAaQBvAG4AAAAAAAAAAAAAADgAAgH///////////////8AAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAKAMAAAAAAAABAEMAbwBtAHAATwBi AGoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgACAP// /////////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABxAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAA////////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD///////////////8AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAP7/AwoAAP////8GCQIAAAAAAMAAAAAAAABG HwAAAE1pY3Jvc29mdCBPZmZpY2UgV29yZCBEb2N1bWVudAAKAAAATVNXb3JkRG9jABAAAABXb3Jk LkRvY3VtZW50LjgA9DmycQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7/AAAFAAIAAAAAAAAA AAAAAAAAAAAAAAIAAAAC1c3VnC4bEJOXCAArLPmuRAAAAAXVzdWcLhsQk5cIACss+a48AQAA+AAA AAwAAAABAAAAaAAAAA8AAABwAAAABQAAAIwAAAAGAAAAlAAAABEAAACcAAAAFwAAAKQAAAALAAAA rAAAABAAAAC0AAAAEwAAALwAAAAWAAAAxAAAAA0AAADMAAAADAAAANkAAAACAAAA5AQAAB4AAAAU AAAAQ2lzY28gU3lzdGVtcywgSW5jLgADAAAA2gAAAAMAAAA9AAAAAwAAAPl3AAADAAAARxYLAAsA AAAAAAAACwAAAAAAAAALAAAAAAAAAAsAAAAAAAAAHhAAAAEAAAABAAAAAAwQAAACAAAAHgAAAAYA AABUaXRsZQADAAAAAQAAAADsAQAACAAAAAAAAABIAAAAAQAAACQBAAAAAACALAEAAAIAAAA0AQAA AwAAADwBAAAEAAAASAEAAAUAAACEAQAABgAAAA== ------_=_NextPart_001_01C62460.AC84AB3F Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Disposition: inline Content-Transfer-Encoding: 7bit _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap ------_=_NextPart_001_01C62460.AC84AB3F-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Fri Feb 03 17:09:30 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F597R-0006Gg-8B for capwap-archive@megatron.ietf.org; Fri, 03 Feb 2006 17:09:30 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA19849 for ; Fri, 3 Feb 2006 17:07:46 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 5279C4300C1 for ; Fri, 3 Feb 2006 14:09:24 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id D985C43004F for ; Fri, 3 Feb 2006 08:10:49 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id B400B398026 for ; Fri, 3 Feb 2006 08:10:49 -0800 (PST) Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87]) by zoidberg.tigertech.net (Postfix) with ESMTP id 1A2AC398059 for ; Fri, 3 Feb 2006 08:10:44 -0800 (PST) Received: from sj-core-1.cisco.com ([171.71.177.237]) by sj-iport-5.cisco.com with ESMTP; 03 Feb 2006 08:10:44 -0800 X-IronPort-AV: i="4.02,85,1139212800"; d="doc'32?scan'32,208,32"; a="253402273:sNHT85853922" Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id k13GAiKT010387 for ; Fri, 3 Feb 2006 08:10:44 -0800 (PST) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Fri, 3 Feb 2006 08:10:43 -0800 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C628DC.6289BB8A" Subject: FW: [Capwap] lwapp-dtls edits X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Fri, 3 Feb 2006 08:10:43 -0800 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A2015616B3@xmb-sjc-235.amer.cisco.com> X-MS-Has-Attach: yes Thread-Topic: [Capwap] lwapp-dtls edits Thread-Index: AcYjYMinXnSPEPJ4QqWETXwrxsyOrwAQQAbAAC+gE4ABHwMvQA== From: "Pat Calhoun (pacalhou)" To: X-OriginalArrivalTime: 03 Feb 2006 16:10:43.0978 (UTC) FILETIME=[62A8BEA0:01C628DC] X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.374 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE X-Mailman-Approved-At: Fri, 03 Feb 2006 14:06:20 -0800 X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com This is a multi-part message in MIME format. ------_=_NextPart_001_01C628DC.6289BB8A Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Re-sending for Nancy. Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems =20 > -----Original Message----- > From: Nancy Winget (ncamwing)=20 > Sent: Saturday, January 28, 2006 3:15 PM > To: Susan Hares; Scott G. Kelly; capwap > Cc: Pat Calhoun (pacalhou) > Subject: RE: [Capwap] lwapp-dtls edits >=20 > Scott, >=20 > I also could only do a cursory security review of the current=20 > draft as I need more clarification and elaboration on the=20 > authentication/authorization enforcement as well as how the=20 > rekey mechanisms work. Once I have a better understanding of=20 > those, I think we can close loop on the security review. I=20 > think my comments are along the same vein as Sue's. =20 >=20 > Attached are my comments embedded in the word-(re)formatted draft. >=20 > Thanks, > Nancy. =20 >=20 > -----Original Message----- > From: Susan Hares [mailto:skh@nexthop.com] > Sent: Friday, January 27, 2006 4:39 PM > To: Scott G. Kelly; capwap > Cc: Nancy Winget (ncamwing); Pat Calhoun (pacalhou) > Subject: RE: [Capwap] lwapp-dtls edits >=20 > Scott: >=20 > My focus has been the interaction of the DTLS work with the=20 > LWAPP State machine. The=20 > draft-kelley-capwap-lwap-dtls-00.txt gave no state machine=20 > interactions. >=20 > The draft-kelley-capwap-lwapp-dtls-01.txt draft gives some=20 > state machine interactions, and modifies the LWAPP state machine.=20 >=20 > However, these state machine interactions do not provide=20 > guidance on what to do in the DTLS handshake errors,=20 > fragmentation errors, or alert messages. >=20 > I've attached very draft text to guide you in providing the=20 > next revision. > (It's a word document - so let me know if that's a problem. =20 > I turned on the revision history and highlighted the suggested text.)=20 > =20 > I'll do a final DTLS and security review once you finalize=20 > your next revision. =20 >=20 > Pat and I went through a few rounds on the state machine of LWAPP to > reach the current form. Glad to do an early review of your=20 > text prior > to release to the working group.=20 >=20 > Cheers,=20 >=20 > Sue >=20 > PS - I used (lwapp-03, dtls-05). >=20 > I sent my comments from Nancy Winget (Cisco). She may find more > issues with the state machine based on conversations we=20 > had at IEEE. > =20 >=20 ------_=_NextPart_001_01C628DC.6289BB8A Content-Type: application/msword; name="draft-kelly-capwap-lwapp-dtls-01-ncw.doc" Content-Description: draft-kelly-capwap-lwapp-dtls-01-ncw.doc Content-Disposition: attachment; filename="draft-kelly-capwap-lwapp-dtls-01-ncw.doc" Content-Transfer-Encoding: base64 0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAPgADAP7/CQAGAAAAAAAAAAAAAAACAAAA+gAAAAAAAAAA EAAA/AAAAAEAAAD+////AAAAAPQAAAD7AAAA//////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////s pcEAe2AJBAAA8BK/AAAAAAAAEAAAAAAABgAAS4AAAA4AYmpiau5G7kYAAAAAAAAAAAAAAAAAAAAA AAAJBBYANOQAAIwsAACMLAAANngAAAAAAAAAAAAAAAAAABQAAAAAAAAAAAAAAAAAAAD//w8AAAAA AAAAAAD//w8AAAAAAAAAAAD//w8AAAAAAAAAAAAAAAAAAAAAAKQAAAAAABAZAAAAAAAAEBkAABAZ AAAAAAAAEBkAAAAAAAAyGQAAJgAAAGoZAAAMAAAAdhkAABQAAAAAAAAAAAAAAIoZAAAAAAAAEr0A AAAAAAASvQAAAAAAABK9AAAAAAAAEr0AAEwAAABevQAAPAEAAIoZAAAAAAAAcdsAAFACAACmvgAA AAAAAKa+AAAAAAAApr4AAAAAAACmvgAAAAAAAKa+AAAAAAAAgb8AAAAAAACBvwAAAAAAAIG/AAAA AAAAwtoAAAIAAADE2gAAAAAAAMTaAAAAAAAAxNoAAAAAAADE2gAAAAAAAMTaAAAAAAAAxNoAACQA AADB3QAAaAIAACngAABqAAAA6NoAABUAAAAAAAAAAAAAAAAAAAAAAAAAEBkAACIAAACBxAAAEgAA AAAAAAAAAAAAAAAAAAAAAACBvwAAAAAAAIG/AAAAAAAAk8QAAAwAAACfxAAACAAAAOjaAAAAAAAA AAAAAAAAAAAQGQAAAAAAABAZAAAAAAAApr4AAAAAAAAAAAAAAAAAAKa+AADbAAAA/doAADgAAACx 0AAAAAAAALHQAAAAAAAAsdAAAAAAAACnxAAAbAEAABAZAAAAAAAApr4AAAAAAAAQGQAAAAAAAKa+ AAAAAAAAwtoAAAAAAAAAAAAAAAAAALHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAgcQAAAAAAADC2gAAAAAAAAAAAAAAAAAAsdAAAAAAAACx0AAA VgAAAGbYAACUAQAAEBkAAAAAAAAQGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWtoAAAAAAACmvgAAAAAAAJq+AAAMAAAAwKhnQdAj xgEAAAAAAAAAABK9AAAAAAAAE8YAAEgKAAD62QAADAAAAAAAAAAAAAAAwtoAAAAAAAA12wAAPAAA AHHbAAAAAAAABtoAAFQAAACT4AAAAAAAAFvQAABGAAAAk+AAABgAAABa2gAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAJPgAAAAAAAAAAAAAAAAAABYGQAAEgAAAFraAABoAAAAgb8AAMoAAABLwAAAkAAAALHQ AAAAAAAA28AAAHQAAABPwQAAMgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgb8A AAAAAACBvwAAAAAAAIG/AAAAAAAA6NoAAAAAAADo2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAodAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIG/AAAA AAAAgb8AAAAAAACBvwAAAAAAAHHbAAAAAAAAgcQAAAAAAACBxAAAAAAAAIHEAAAAAAAAgcQAAAAA AAAAAAAAAAAAAIoZAAAAAAAAihkAAAAAAACKGQAA5GYAAG6AAACkPAAAihkAAAAAAACKGQAAAAAA AIoZAAAAAAAAboAAAAAAAACKGQAAAAAAAIoZAAAAAAAAihkAAAAAAAAQGQAAAAAAABAZAAAAAAAA EBkAAAAAAAAQGQAAAAAAABAZAAAAAAAAEBkAAAAAAAD/////AAAAAAIADAEAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0NDU5l dHdvcmsgV29ya2luZyBHcm91cCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICBTLiBLZWxseQ1JbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICBUYWxhcmkgTmV0d29ya3MNRXhwaXJlczogSnVuZSAxNSwgMjAwNiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEUuIFJlc2NvcmxhDSAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBOZXR3b3JrIFJlc29u YW5jZQ0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgRGVjZW1iZXIgMTIsIDIwMDUNDQ0gICAgICAgICAgICAgICAgICAgICAgICBTZWN1cmluZyBM V0FQUCB3aXRoIERUTFMNICAgICAgICAgICAgICAgICAgICBkcmFmdC1rZWxseS1jYXB3YXAtbHdh cHAtZHRscy0wMQ0NU3RhdHVzIG9mIHRoaXMgTWVtbw0NICAgQnkgc3VibWl0dGluZyB0aGlzIElu dGVybmV0LURyYWZ0LCBlYWNoIGF1dGhvciByZXByZXNlbnRzIHRoYXQgYW55DSAgIGFwcGxpY2Fi bGUgcGF0ZW50IG9yIG90aGVyIElQUiBjbGFpbXMgb2Ygd2hpY2ggaGUgb3Igc2hlIGlzIGF3YXJl DSAgIGhhdmUgYmVlbiBvciB3aWxsIGJlIGRpc2Nsb3NlZCwgYW5kIGFueSBvZiB3aGljaCBoZSBv ciBzaGUgYmVjb21lcw0gICBhd2FyZSB3aWxsIGJlIGRpc2Nsb3NlZCwgaW4gYWNjb3JkYW5jZSB3 aXRoIFNlY3Rpb24gNiBvZiBCQ1AgNzkuDQ0gICBJbnRlcm5ldC1EcmFmdHMgYXJlIHdvcmtpbmcg ZG9jdW1lbnRzIG9mIHRoZSBJbnRlcm5ldCBFbmdpbmVlcmluZw0gICBUYXNrIEZvcmNlIChJRVRG KSwgaXRzIGFyZWFzLCBhbmQgaXRzIHdvcmtpbmcgZ3JvdXBzLiAgTm90ZSB0aGF0DSAgIG90aGVy IGdyb3VwcyBtYXkgYWxzbyBkaXN0cmlidXRlIHdvcmtpbmcgZG9jdW1lbnRzIGFzIEludGVybmV0 LQ0gICBEcmFmdHMuDQ0gICBJbnRlcm5ldC1EcmFmdHMgYXJlIGRyYWZ0IGRvY3VtZW50cyB2YWxp ZCBmb3IgYSBtYXhpbXVtIG9mIHNpeCBtb250aHMNICAgYW5kIG1heSBiZSB1cGRhdGVkLCByZXBs YWNlZCwgb3Igb2Jzb2xldGVkIGJ5IG90aGVyIGRvY3VtZW50cyBhdCBhbnkNICAgdGltZS4gIEl0 IGlzIGluYXBwcm9wcmlhdGUgdG8gdXNlIEludGVybmV0LURyYWZ0cyBhcyByZWZlcmVuY2UNICAg bWF0ZXJpYWwgb3IgdG8gY2l0ZSB0aGVtIG90aGVyIHRoYW4gYXMgIndvcmsgaW4gcHJvZ3Jlc3Mu Ig0NICAgVGhlIGxpc3Qgb2YgY3VycmVudCBJbnRlcm5ldC1EcmFmdHMgY2FuIGJlIGFjY2Vzc2Vk IGF0DSAgIGh0dHA6Ly93d3cuaWV0Zi5vcmcvaWV0Zi8xaWQtYWJzdHJhY3RzLnR4dC4NDSAgIFRo ZSBsaXN0IG9mIEludGVybmV0LURyYWZ0IFNoYWRvdyBEaXJlY3RvcmllcyBjYW4gYmUgYWNjZXNz ZWQgYXQNICAgaHR0cDovL3d3dy5pZXRmLm9yZy9zaGFkb3cuaHRtbC4NDSAgIFRoaXMgSW50ZXJu ZXQtRHJhZnQgd2lsbCBleHBpcmUgb24gSnVuZSAxNSwgMjAwNi4NDUNvcHlyaWdodCBOb3RpY2UN DSAgIENvcHlyaWdodCAoQykgVGhlIEludGVybmV0IFNvY2lldHkgKDIwMDUpLg0NQWJzdHJhY3QN DSAgIFRoZSBMV0FQUCBwcm90b2NvbCBkZWZpbmVzIGludGVyYWN0aW9ucyBiZXR3ZWVuIHdpcmVs ZXNzIHRlcm1pbmF0aW9uDSAgIHBvaW50cyBhbmQgd2lyZWxlc3MgYWNjZXNzIGNvbnRyb2xsZXJz LiAgQ29tbXVuaWNhdGlvbnMgYmV0d2VlbiB0aGVzZQ0gICBjb21wb25lbnRzIG11c3QgYmUgc2Vj dXJlZCwgYW5kIHRoZSBjdXJyZW50IHNwZWNpZmljYXRpb24gcHJvdmlkZXMNICAgZm9yIHRyYW5z cG9ydCBzZWN1cml0eSB1c2luZyBwcm9wcmlldGFyeSBtZWNoYW5pc21zIHdoaWNoIGFyZQ0gICBl bWJlZGRlZCBpbiB0aGUgcHJvdG9jb2wuICBUaGlzIGRvY3VtZW50IGRlc2NyaWJlcyBhbiBhbHRl cm5hdGl2ZQ0gICBhcHByb2FjaCB3aGljaCBlbGltaW5hdGVzIHRoZSBlbWJlZGRlZCBzZWN1cml0 eSwgYW5kIGluc3RlYWQgdXNlcw0gICBEVExTIGFzIGEgc2VjdXJlLCB0aWdodGx5LWludGVncmF0 ZWQgd3JhcHBlci4NDQ0NS2VsbHkgJiBSZXNjb3JsYSAgICAgICAgICBFeHBpcmVzIEp1bmUgMTUs IDIwMDYgICAgICAgICAgICAgICAgIFtQYWdlIDFdDQwNSW50ZXJuZXQtRHJhZnQgICAgICAgICAg U2VjdXJpbmcgTFdBUFAgd2l0aCBEVExTICAgICAgICAgICBEZWNlbWJlciAyMDA1DQ0NVGFibGUg b2YgQ29udGVudHMNDSAgIDEuICBJbnRyb2R1Y3Rpb24gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMw0gICAyLiAgSW5zZXJ0aW5nIERUTFMgLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDQNICAgICAyLjEuICBD b250cm9sL0RhdGEgQ2hhbm5lbCBDb25zaWRlcmF0aW9ucyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAu ICA3DSAgICAgICAyLjEuMS4gIFNlcGFyYXRlIENvbnRyb2wvRGF0YSBDaGFubmVsIFBvcnRzICAu IC4gLiAuIC4gLiAuIC4gLiAgOA0gICAgICAgMi4xLjIuICBBZGRpbmcgYSBQcm90b2NvbCBNdXgg IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDgNICAgMy4gIEVuZHBvaW50IEF1dGhl bnRpY2F0aW9uIHVzaW5nIERUTFMgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICA4DSAgICAg My4xLiAgQXV0aGVudGljYXRpbmcgd2l0aCBDZXJ0aWZpY2F0ZXMgLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAgOQ0gICAgIDMuMi4gIEF1dGhlbnRpY2F0aW5nIHdpdGggUHJlc2hhcmVkIEtleXMg LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDkNICAgNC4gIENvbmNsdXNpb25zICAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDEwDSAgIDUuICBTZWN1cml0 eSBDb25zaWRlcmF0aW9ucyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAx MA0gICA2LiAgSUFOQSBDb25zaWRlcmF0aW9ucyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAuIC4gMTENICAgNy4gIFJlZmVyZW5jZXMgLiAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDExDSAgICAgNy4xLiAgTm9ybWF0aXZlIFJl ZmVyZW5jZXMgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAxMQ0gICAgIDcu Mi4gIEluZm9ybWF0aXZlIFJlZmVyZW5jZXMgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gMTENICAgQXV0aG9ycycgQWRkcmVzc2VzIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIDEzDSAgIEludGVsbGVjdHVhbCBQcm9wZXJ0eSBhbmQgQ29w eXJpZ2h0IFN0YXRlbWVudHMgLiAuIC4gLiAuIC4gLiAuIC4gLiAxNA0NDQ0NDQ0NDQ0NDQ0NDQ0N DQ0NDQ0NDQ0NDQ0NDQ0NDQ1LZWxseSAmIFJlc2NvcmxhICAgICAgICAgIEV4cGlyZXMgSnVuZSAx NSwgMjAwNiAgICAgICAgICAgICAgICAgW1BhZ2UgMl0NDA1JbnRlcm5ldC1EcmFmdCAgICAgICAg ICBTZWN1cmluZyBMV0FQUCB3aXRoIERUTFMgICAgICAgICAgIERlY2VtYmVyIDIwMDUNDQ0xLiAg SW50cm9kdWN0aW9uDQ0gICBUaGUgTGlnaHQgV2VpZ2h0IEFjZXNzIFBvaW50IFByb3RvY29sIChM V0FQUCkgcHJvdmlkZXMgZm9yDSAgIGNlbnRyYWxpemVkIGNvbnRyb2wgYW5kIG1hbmFnZW1lbnQg b2YgV2lyZWxlc3MgVGVybWluYXRpb24gUG9pbnRzDSAgIChXVFBzKSBieSBkZXZpY2VzIHJlZmVy cmVkIHRvIGFzIEFjY2VzcyBDb250cm9sbGVycyAoQUNzKS4gIEZvciBtb3JlDSAgIGRldGFpbCBv biB0aGlzIHByb3RvY29sIGFuZC9vciB0aGVzZSBjb21wb25lbnRzLCBzZWUgW0xXQVBQXS4gIFRo ZQ0gICBDQVBXQVAgd29ya2luZyBncm91cCBpcyBjdXJyZW50bHkgY29uc2lkZXJpbmcgdXNpbmcg TFdBUFAgYXMgdGhlDSAgIGJhc2lzIGZvciBhIHN0YW5kYXJkaXplZCBBQy1XVFAgY29udHJvbCBw cm90b2NvbCAocmVjb21tZW5kZWQgaW4NICAgW0NBUFdBUC1FVkFMXSkuDQ0gICBMV0FQUCBjdXJy ZW50bHkgaW5jbHVkZXMgc2VjdXJpdHkgZWxlbWVudHMgd2hpY2ggcHJvdmlkZSBmb3IgdGhlDSAg IGZvbGxvd2luZyBjYXBhYmlsaXRpZXM6DQ0gICBvICBFbmRwb2ludCBBdXRoZW50aWNhdGlvbiAt IEFDIGFuZCBXVFAgYXJlIHN0cm9uZ2x5IGF1dGhlbnRpY2F0ZWQNICAgICAgdXNpbmcgZWl0aGVy IHB1YmxpYyBrZXkgY2VydGlmaWNhdGVzIG9yIHNoYXJlZCBzZWNyZXRzIChhbHNvIGtub3duDSAg ICAgIGFzICJwcmUtc2hhcmVkIGtleXMiKS4NDSAgIG8gIERhdGEgQ29uZmlkZW50aWFsaXR5IC0g KEFDLVdUUCBjb250cm9sIGNoYW5uZWwpIGRhdGEgaXMgZW5jcnlwdGVkDSAgICAgIHVzaW5nIHRo ZSAxMjgtYml0IEFFUy1DQkMgYWxnb3JpdGhtLg0NICAgbyAgRGF0YSBJbnRlZ3JpdHkvT3JpZ2lu IEF1dGhlbnRpY2l0eSAtIGFuIEludGVncml0eSBDaGVjayBWYWx1ZQ0gICAgICAoSUNWKSBpcyBj b21wdXRlZCB1c2luZyAxMjgtYml0IEFFUy1DQkMtTUFDIChhIGtleWVkIE1BQykuDQ0gICBUaGUg Y3VycmVudCBMV0FQUCBzZWN1cml0eSBzY2hlbWUgaGFzIGJlZW4gdGhyb3VnaCBhdCBsZWFzdCBv bmUNICAgc2VjdXJpdHkgcmV2aWV3IFtMV0FQUC1TRUNdLCB0aGUgcmVzdWx0cyBvZiB3aGljaCB3 ZXJlIGZhdm9yYWJsZS4NICAgU3RpbGwsIHRoZSBwcm90b2NvbCBldmFsdWF0aW9uIHRlYW0gY29u Y2x1ZGVkIHRoYXQgTFdBUFAgd291bGQNICAgYmVuZWZpdCBmcm9tIHJlcGxhY2VtZW50IG9mIGl0 cyBwcm9wcmlldGFyeSBzZWN1cml0eSBzY2hlbWUgd2l0aCBhDSAgIHN0YW5kYXJkaXplZCwgbW9y ZSB3aWRlbHkgZGVwbG95ZWQgZmFjaWxpdHkgc3VjaCBhcyBEVExTIFtEVExTXS4NDSAgIFdoeSBy ZXBsYWNlIExXQVBQJ3Mgc2VjdXJpdHkgbWVjaGFuaXNtLCB3aGVuIHNvIGZhciwgc2VjdXJpdHkN ICAgZXZhbHVhdGlvbnMgaGF2ZSBub3QgZm91bmQgaXQgd2FudGluZz8gIFRoZXJlIGFyZSBhdCBs ZWFzdCB0d28gZ29vZA0gICByZWFzb25zOg0NICAgbyAgSW5kdXN0cnkgZXhwZXJpZW5jZS9yZXZp ZXcgLSB0byB0aGUgY2hhZ3JpbiBvZiBtYW55IHByb3RvY29sDSAgICAgIGRlc2lnbmVycywgaXQg aGFzIGJlZW4gb2Z0ZW4gZGVtb25zdHJhdGVkIHRoYXQgc3VidGxlIHNlY3VyaXR5DSAgICAgIGZs YXdzIG1heSBlc2NhcGUgdGhlIG1vc3QgZGlsaWdlbnQgcmV2aWV3ZXIuICBBcyBhIHJlc3VsdCwg dGhlDSAgICAgIGNyeXB0b2dyYXBoaWMgY29tbXVuaXR5IGludmVzdHMgc2lnbmlmaWNhbnQgZWZm b3J0IGluIHRoZSBvbmdvaW5nDSAgICAgIGFuYWx5c2lzIG9mIGRlcGxveWVkIChhbmQgcHJvcG9z ZWQpIHNlY3VyaXR5IG1lY2hhbmlzbXMuDSAgICAgIFNvbWV0aW1lcyBwcm9ibGVtcyBhcmUgZm91 bmQgdmVyeSBxdWlja2x5LCBidXQgaW4gb3RoZXIgY2FzZXMNICAgICAgaXNzdWVzIG15IG5vdCBi ZSBkaXNjb3ZlcmVkIGZvciB5ZWFycy4gIFRodXMsIHNlY3VyaXR5IHByb3RvY29scw0gICAgICBh bmQgbWVjaGFuaXNtcyB3aGljaCBoYXZlIGJlZW4gZXh0ZW5zaXZlbHkgZGVwbG95ZWQgYW5kIGFu YWx5emVkDSAgICAgIGFyZSBhbG1vc3QgYWx3YXlzIHByZWZlcmFibGUgdG8gdGhvc2Ugd2hpY2gg aGF2ZSBub3QuDQ0gICBvICBBbGdvcml0aG0gQWdpbGl0eSAtIEJlY2F1c2UgbW9zdCBjcnlwdG9n cmFwaGljIGFsZ29yaXRobXMgYXJlDSAgICAgIGV2ZW50dWFsbHkgZWl0aGVyIGJyb2tlbiBvdXRy aWdodCBvciByZW5kZXJlZCBjb21wdXRhdGlvbmFsbHkNICAgICAgaW5zdWZmaWNpZW50IGJ5IGFk dmFuY2luZyB0ZWNobm9sb2d5LCBpdCBpcyBjcnVjaWFsIHRvIGhhdmUgdGhlDSAgICAgIGFiaWxp dHkgdG8gZWFzaWx5IHJlcGxhY2Ugb3V0ZGF0ZWQgb3IgY29tcHJvbWlzZWQgYWxnb3JpdGhtcy4N DQ0NDUtlbGx5ICYgUmVzY29ybGEgICAgICAgICAgRXhwaXJlcyBKdW5lIDE1LCAyMDA2ICAgICAg ICAgICAgICAgICBbUGFnZSAzXQxJbnRlcm5ldC1EcmFmdCAgICAgICAgICBTZWN1cmluZyBMV0FQ UCB3aXRoIERUTFMgICAgICAgICAgIERlY2VtYmVyIDIwMDUNDQ0gICBOb3RlIHRoYXQgTFdBUFAs IHdoaWxlIGhhdmluZyBnb25lIHRocm91Z2ggc29tZSBzZWN1cml0eSByZXZpZXcsIGhhcw0gICBu b3QgeWV0IHByb3ZpZGVkIHRoZSBvcHBvcnR1bml0eSBmb3IgdGhlIHNvcnQgb2YgZXh0ZW5zaXZl IHB1YmxpYw0gICByZXZpZXcgYW5kIGFuYWx5c2lzIHRoYXQgVExTIFtUTFMxMV0gaGFzIGVuam95 ZWQuICBBbHNvLCBMV0FQUA0gICBwcm92aWRlcyBubyBmYWNpbGl0eSBmb3IgYWxnb3JpdGhtIG5l Z290aWF0aW9uIC0gY2hhbmdpbmcgc2VjdXJpdHkNICAgYWxnb3JpdGhtcyB3b3VsZCByZXF1aXJl IGEgY2hhbmdlIHRvIHRoZSBwcm90b2NvbCBzdGFuZGFyZCwgYWxvbmcNICAgd2l0aCBmaXJtd2Fy ZSB1cGdyYWRlcyBmb3IgYm90aCBXVFAgYW5kIEFDLiAgVGhpcyBpcyBjbGVhcmx5DSAgIHVuZGVz aXJhYmxlLg0NICAgRFRMUywgb24gdGhlIG90aGVyIGhhbmQsIGlzIGEgc3RhbmRhcmRzLXRyYWNr IGVmZm9ydCB3aGljaCBpcyBiYXNlZA0gICB1cG9uIFRMUy4gIFRoZSB1bmRlcmx5aW5nIHNlY3Vy aXR5LXJlbGF0ZWQgcHJvdG9jb2wgbWVjaGFuaXNtcyBoYXZlDSAgIGJlZW4gc3VjY2Vzc2Z1bGx5 IGRlcGxveWVkIGZvciBtYW55IHllYXJzIG5vdy4gIFRoZSBUTFMgcHJvdG9jb2wgaXMNICAgd2Vs bC11bmRlcnN0b29kIGZyb20gYW4gb3BlcmF0aW9uYWwgcGVyc3BlY3RpdmUsIGFuZCB3aXRoIHRo ZSByZWNlbnQNICAgc3BlY2lmaWNhdGlvbiBvZiBpdHMgZGF0YWdyYW0tYmFzZWQgdmFyaWFudCwg aXMgYW4gb2J2aW91cyBjaG9pY2UgZm9yDSAgIG1lZXRpbmcgdGhlIHNlY3VyaXR5IHJlcXVpcmVt ZW50cyBvZiBMV0FQUC4NDQ0yLiAgSW5zZXJ0aW5nIERUTFMNDSAgIE5vdGUgdGhhdCBmb3IgdGhl IHRpbWUgYmVpbmcsIG9ubHkgdGhlIFVEUCB0cmFuc3BvcnQgbWVjaGFuaXNtIGZvcg0gICBMV0FQ UCBpcyBjb25zaWRlcmVkLiAgU2luY2UgdGhlIGV2YWx1YXRpb24gZG9jdW1lbnQgcmVjb21tZW5k cw0gICBlbGltaW5hdGluZyBsYXllciAyIGVuY2Fwc3VsYXRpb24gc3VwcG9ydCwgaXQgaXMgbm90 IGFkZHJlc3NlZCBoZXJlLg0gICBTaG91bGQgdGhpcyBjaGFuZ2UsIHRoZSBtZWNoYW5pc20gZGVz Y3JpYmVkIGJlbG93IGluIHNlY3Rpb24gMi4xLjINICAgY291bGQgYmUgdXNlZCB0byBwYXJ0aWFs bHkgYWRkcmVzcyB0aGF0IGNhc2UuDQ0gICBGcm9tIGEgaGlnaCBsZXZlbCwgc2ltcGxlIHJlcGxh Y2VtZW50IG9mIHRoZSBMV0FQUCBzZWN1cml0eQ0gICBtZWNoYW5pc21zIHdpdGggRFRMUyBhbW91 bnRzIHRvIHNvbWV0aGluZyBsaWtlIHRoaXM6DQ0gICAxLiAgUmVwbGFjZSB0aGUgSk9JTiBwaGFz ZSB3aXRoIERUTFMgc2Vzc2lvbiBlc3RhYmxpc2htZW50DQ0KDSAgIDIuICBSZXBsYWNlIExXQVBQ IHJlLWtleSBmdW5jdGlvbmFsaXR5IHdpdGggYSBEVExTIHJlLWtleQ0NCg0gICAzLiAgUmVtb3Zl IHRoZSBleGlzdGluZyBMV0FQUCBzZWNjdXJpdHkgc2NoZW1lDQ1bTkNXXSBIb3cgd2lsbCB3ZSBi ZSBhYmxlIHRvIGRpc3Rpbmd1aXNoIGFuZCB0aHVzIGVuYWJsZSBhcHByb3ByaWF0ZSBhdXRob3Jp emF0aW9uIHBvbGljaWVzIHRoYXQgdGhlIERUTFMgc2Vzc2lvbiBlc3RhYmxpc2htZW50LCByZWtl eSBhbmQgcmVzZXQgYXJlIHNwZWNpZmljIHRvIHRoaXMgYXBwbGljYXRpb24gKGUuZy4gTFdBUFAp Pw1XaGlsZSAoRClUTFMgZW5hYmxlcyBhdXRoZW50aWNhdGlvbiwgaG93IGRvZXMgaXSScyB1c2Ug aW4gdGhpcyBhcHBsaWNhdGlvbiBlbmZvcmNlIHRoYXQgdGhlIFRMUyCTY2xpZW50lCBpcyBhdXRo b3JpemVkIHRvIGFjdCBhcyBhIFdUUCBhbmQgY29udmVyc2VseSB0aGUgIFRMUyCTc2VydmVylCBp cyBhbiBhdXRob3JpemVkIEFDPw0NCg0gICBUaGlzIGFtb3VudHMgdG8gZW1wbG95aW5nIERUTFMg YXMgYSB0aWdodGx5LWludGVncmF0ZWQgc2VjdXJlDSAgIHdyYXBwZXIuICBIZXJlIGlzIHRoZSBy ZXN1bHRpbmcgTFdBUFAgc3RhdGUgbWFjaGluZToNDQ0NDQ0NDQ0NDQ0NDQ0NDUtlbGx5ICYgUmVz Y29ybGEgICAgICAgICAgRXhwaXJlcyBKdW5lIDE1LCAyMDA2ICAgICAgICAgICAgICAgICBbUGFn ZSA0XQxJbnRlcm5ldC1EcmFmdCAgICAgICAgICBTZWN1cmluZyBMV0FQUCB3aXRoIERUTFMgICAg ICAgICAgIERlY2VtYmVyIDIwMDUNDQ0gICAgICAgIC8tLS0tLS0tLS0tLS0tXA0gICAgICAgICB8 ICAgICAgICAgICAgIHYNICAgICAgICAgfCAgICAgICArLS0tLS0tLS0tLS0tKw0gICAgICAgICB8 ICAgICAgQ3wgICAgSWRsZSAgICB8PC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tKw0gICAgICAgICB8ICAgICAgICstLS0tLS0tLS0tLS0rICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgfA0gICAgICAgICB8ICAgICAgICBeICAgIHxhICAgIF4gICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfA0gICAgICAgICB8ICAgICAgICB8ICAg IHwgICAgIFwtLS0tXCAgICAgICAgICAgICAgICAgeSAgICAgICAgICAgICAgICAgfA0gICAgICAg ICB8ICAgICAgICB8ICAgIHwgICAgICAgICAgfCAgICstLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0t LSsgeiAgfA0gICAgICAgICB8ICAgICAgICB8ICAgIHwgICAgICAgICAgfCAgIHwgICAgICAgICAg ICAgfCBEVExTLXJla2V5IHwtXCAgfA0gICAgICAgICB8ICAgICAgICB8ICAgIHwgICAgICAgICAg fCAgIHwgICstLS0tLS0tLS0+Ky0tLS0tLS0tLS0tLSsgfCAgfA0gICAgICAgICB8ICAgICAgICB8 ICAgIHwgICAgICAgICAgfCAgIHwgIHwgICAgICAgICAgICAgICAgICAgICAgICAgfCAgXg0gICAg ICAgICB8ICAgICAgICB8ICAgIHwgICAgICAgICAgfHQgIFYgIHwgeCAgICAgICAgICAgICAgICAg ICAgICAgfCAgfA0gICAgICAgICB8ICAgICAgICB8ICAgIHwgICAgICAgICstLS0tLS0tLSstLSsg ICAgICAgKy0tLS0tLS0tLS0tLSsgfCAgfA0gICAgICAgICB8ICAgICAgIC8gICAgIHwgICAgICAg Q3wgICAgUnVuICAgIHwtLS0tLS0+fCBEVExTLVJlc2V0IHw8Ky0tfC0tLS1cDSAgICAgICAgIHwg ICAgIC8gICAgICAgfCAgICAgICByKy0tLS0tLS0tLS0tKyAgICAgdSArLS0tLS0tLS0tLS0tKyB8 ICB8ICAgICB8DSAgICAgICAgIHwgICAgLyAgICAgICAgfCAgICAgICAgICAgICAgXiAgICAgICAg ICAgICAgICBeICAgICB2fCAgICB8ICB8ICAgICB8DSAgICAgICAgIHwgICB8ICAgICAgICAgdiAg ICAgICAgICAgICAgfCAgICAgICAgICAgICAgICB8ICAgICAgfCAgICB8ICB8ICAgICB8DSAgICAg ICAgIHwgICB8ICAgKy0tLS0tLS0tLS0tLS0tKyAgICAgfCAgICAgICAgICAvLS0tLS8gICAgICAg ViAgICBWICB8ICAgICB8DSAgICAgICAgIHwgICB8ICBDfCAgRGlzY292ZXJ5ICAgfCAgICBxfCAg ICAgICAgb3wgICAgICAgICAgICstLS0tLS0tKyB8ICAgICB8DSAgICAgICAgIHwgICB8ICBiKy0t LS0tLS0tLS0tLS0tKyAgICArLS0tLS0tLS0tLS0tLSsgICAgICAgIHwgUmVzZXQgfC0rIHcgICB8 DSAgICAgICAgIHwgICB8ICAgICB8ZCAgICAgZnwgIF4gICAgICB8ICBDb25maWd1cmUgIHwgICAg ICAgICstLS0tLS0tKyAgICAgICB8DSAgICAgICAgIHwgICB8ICAgICB8ICAgICAgIHwgIHwgICAg ICArLS0tLS0tLS0tLS0tLSsgICAgICAgICAgICAgICAgICAgICAgICB8DSAgICAgICAgIHwgICB8 ZSAgICB2ICAgICAgIHwgIHwgICAgICAgICAgICAgIF4gICAgICAgICAgICAgICAgICAgICAgICAg ICAgICB8DSAgICAgICAgIHwgICstLS0tLS0tLS0rICAgIHYgIHxpICAgICAgICAgICAgMnwgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICB8DSAgICAgICAgIHwgQ3wgU3Vsa2luZyB8ICAgKy0t LS0tLS0tLS0tLSsgICAgKy0tLS0tLS0tLS0tLS0tKyAgICAgICAgICAgICAgICB8DSAgICAgICAg IHwgICstLS0tLS0tLS0rICBDfCBEVExTLUluaXQgIHwtLS0+fCBEVExTLUNvbXBsZXRlfCAgICAg ICAgICAgICAgICB8DSAgICAgICAgIHwgICAgICAgICAgICAgICBnKy0tLS0tLS0tLS0tLSsgeiAg Ky0tLS0tLS0tLS0tLS0tKyAgICAgICAgICAgICAgICB8DSAgICAgICAgIHwgICAgICAgICAgICAg ICAgICAgfGggICAgICBtfCAgICAgICAgICAgICAgICAgfDQgICAgICAgICAgICAgICAgICB8DSAg ICAgICAgIHwgICAgICAgICAgICAgICAgICAgfCAgICAgICAgfCAgICAgICAgICAgICAgICAgdiAg ICAgICAgICAgICAgICAgbyAvDSAgICAgICAgICBcICAgICAgICAgICAgICAgICAgfCAgICAgICAg fCAgICAgICAgICAgICAgICstLS0tLS0tLS0tLS0rLS0tLS0tLS8NICAgICAgICAgICBcLS0tLS0t LS0tLS0tLS0tLS0vICAgICAgICAgXC0tLS0tLS0tLS0tLS0+fCBJbWFnZSBEYXRhIHxDDSAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICstLS0tLS0t LS0tLS0rbg0NICAgICAgICAgICAgICAgICAgRmlndXJlIDE6IExXQVBQIFN0YXRlIE1hY2hpbmUg dy9EVExTIFN1cHBvcnQNDQ0gICBGb2xsb3dpbmcgaXMgYSBkZXNjcmlwdGlvbiBvZiB0aGUgYXNz b2NpYXRlZCBzdGF0ZSBjaGFuZ2VzLiAgTm90ZQ0gICB0aGF0IHdlIG9ubHkgYWRkcmVzcyB0aG9z ZSB3aGljaCBhcmUgbmV3Og0NDSAgIERpc2NvdmVyeSB0byBEVExTLUluaXQgKGYpOiBUaGlzIHN0 YXRlIGlzIHVzZWQgYnkgdGhlIFdUUCB0byBjb25maXJtDSAgIGl0cyBjb21taXRtZW50IHRvIGFu IEFDIHRoYXQgaXQgd2lzaGVzIHRvIGJlIHByb3ZpZGVkIHNlcnZpY2UsIGFuZCB0bw0gICBzaW11 bHRhbmVvdXNseSBlc3RhYmxpc2ggYSBzZWN1cmUgY29udHJvbCBjaGFubmVsLg0NICAgICAgV1RQ OiBUaGUgV1RQIHNlbGVjdHMgdGhlIGJlc3QgQUMgYmFzZWQgb24gdGhlIGluZm9ybWF0aW9uIGl0 DSAgICAgIGdhdGhlcmVkIGR1cmluZyB0aGUgRGlzY292ZXJ5IFBoYXNlLiAgSXQgdGhlbiBpbml0 aWF0ZXMgYSBEVExTDSAgICAgIGNvbm5lY3Rpb24gd2l0aCBpdHMgcHJlZmVycmVkIEFDLiAgVGhl IFdUUCBzdGFydHMgdGhlIFdhaXRKb2luDSAgICAgIFRpbWVyLg1bTkNXXSBCeSB0aGlzLCBJIGJl bGlldmUgeW91IGFyZSBpbXBseWluZyB0aGF0IHRoZSBXVFAgYWN0cyBhcyB0aGUgVExTIJNjbGll bnSUIHdoaWxlIHRoZSBBQyBhY3RzIGFzIHRoZSBUTFMgk3NlcnZlcpQ/ICBUaGlzIHdpbGwgaGF2 ZSB0byBiZSBhIGhhcmQgcmVxdWlyZW1lbnQgdG8gZW5zdXJlIHRoZSByb2xlcyBhcmUgZXhwbGlj aXRseSBkZWZpbmVkIGFuZCBhbGxvdyBmb3IgYXBwcm9wcmlhdGUgYXV0aG9yaXphdGlvbiBwb2xp Y2llcyB0byBiZSBlbXBsb3llZC4gIA0NDQ0NDQ1LZWxseSAmIFJlc2NvcmxhICAgICAgICAgIEV4 cGlyZXMgSnVuZSAxNSwgMjAwNiAgICAgICAgICAgICAgICAgW1BhZ2UgNV0NDQ0NDA1JbnRlcm5l dC1EcmFmdCAgICAgICAgICBTZWN1cmluZyBMV0FQUCB3aXRoIERUTFMgICAgICAgICAgIERlY2Vt YmVyIDIwMDUNDQ0gICAgICBBQzogVGhlIEFDIGVudGVycyB0aGlzIHN0YXRlIGZvciB0aGUgZ2l2 ZW4gV1RQIHVwb24gcmVjZXB0aW9uIG9mIGENICAgICAgRFRMUyBpbml0aWFsaXphdGlvbiByZXF1 ZXN0LiAgVGhlIEFDIHByb2Nlc3NlcyB0aGUgcmVxdWVzdCBhbmQNICAgICAgcmVzcG9uZHMgYnkg ZW5nYWdpbmcgaW4gRFRMUyBuZWdvdGlhdGlvbiB3aXRoIHRoZSBXVFAuDVtOQ1ddIFdoYXQgaXMg YSBEVExTIGluaXRpYWxpemF0aW9uIHJlcXVlc3Q/ICBJIGNhbpJ0IHF1aXRlIHNlZW0gdG8gbWFw IHRoZSBzdGF0ZSBtYWNoaW5lcyBkZWZpbmVkIGluIHRoZSBkcmFmdC1yZXNjb2xhLWR0bHMtMDUu dHh0IHRvIHRoZSBEVExTLUluaXQgYW5kIERUTFMtQ29tcGxldGUgc3RhdGVzIGFib3ZlLiAgQ2Fu IHlvdSBwbGVhc2UgZWxhYm9yYXRlIGZ1cnRoZXIgb24gdGhlc2U/ICBIb3cgYXJlIHRoZSBEVExT L1RMUyBzdGF0ZSBtYWNoaW5lIGFuZCBwYWNrZXQgZmxvdyBtYXAgaW50byB0aGUgMiBib3hlcyBh cyB5b3Ugc3RhdGUgYWJvdmU/DQ0gICBEVExTLUluaXQgdG8gRGlzY292ZXJ5IChpKTogVGhpcyBz dGF0ZSBpcyB1c2VkIHRvIHJldHVybiB0aGUgV1RQIHRvDSAgIGRpc2NvdmVyeSBtb2RlIHdoZW4g YW4gdW5yZXNwb25zaXZlIEFDIGlzIGVuY291bnRlcmVkLg0NICAgICAgV1RQOiBUaGUgV1RQIGVu dGVycyB0aGlzIHN0YXRlIHdoZW4gdGhlIFdhaXRKb2luIHRpbWVyIGV4cGlyZXMNICAgICAgcHJp b3IgdG8gc3VjY2Vzc2Z1bCBjb21wbGV0aW9uIG9mIERUTFMgbmVnb3RpYXRpb24uDQ0gICAgICBB QzogVGhpcyBzdGF0ZSB0cmFuc2l0aW9uIGlzIGludmFsaWQuDQ0gICBEVExTLUluaXQgdG8gRFRM Uy1Db21wbGV0ZSAoeik6IFRoaXMgc3RhdGUgaXMgdXNlZCB0byBpbmRpY2F0ZSBEVExTDSAgIHNl c3Npb24gZXN0YWJsaXNobWVudC4NDSAgICAgIFdUUDogVGhpcyBzdGF0ZSBpcyBlbnRlcmVkIHdo ZW4gdGhlIFdUUCBhbmQgQUMgY29tcGxldGUgRFRMUw0gICAgICBuZWdvdGlhdGlvbi4NDSAgICAg IEFDOiBUaGlzIHN0YXRlIGlzIGVudGVyZWQgd2hlbiB0aGUgV1RQIGFuZCBBQyBjb21wbGV0ZSBE VExTDSAgICAgIG5lZ290aWF0aW9uLg1bTkNXXSBVbmRlciB3aGF0IGNvbmRpdGlvbnMgZG9lcyBE VExTLUluaXQgcmV0dXJuIHRvIHRoZSBpZGxlIHN0YXRlPyAgVGhpcyBuZWVkcyB0byBiZSBkZXNj cmliZWQuICBUaGVyZSBhcmUgZXJyb3IgY29uZGl0aW9ucyB0aGF0IGhhdmUgdG8gYmUgcmVmbGVj dGVkIGFuZCBkZXNjcmliZWQgZm9yIERUTFMgYXMgVExTIHJlY29yZHMgbWF5IGZhaWwgYW5kIGlu IGdlbmVyYWwsIHRoZSBhdXRoZW50aWNhdGlvbiBtYXkgZmFpbCBmb3IgZGlmZmVyZW50IHJlYXNv bnMgd2hpY2ggc2hvdWxkIGFsc28gYmUgZGVzY3JpYmVkIGluIHRoaXMgZHJhZnQuDQ1bTkNXXSBX aHkgZG9lcyB0aGUgc3RhdGUgZGlhZ3JhbSBzaG93IGEgRFRMUy1Jbml0IHRvIEltYWdlIGRhdGE/ ICBJdCBhcHBlYXJzIHRoYXQgdGhlIERUTFMgc2Vzc2lvbiBlc3RhYmxpc2htZW50IGhhcyBub3Qg Y29tcGxldGVkIHVudGlsIHRoZSBEVExTLUNvbXBsZXRlIHN0YXRlIGlzIHJlYWNoZWQuICBKdW1w aW5nIHRvIEltYWdlIERhdGEgZnJvbSBEVExTLUluaXQgaXMgYSBzZWN1cml0eSB2aW9sYXRpb24g YXMgdGhhdCBhbGxvd3MgV1RQIGltYWdlIHVwZGF0ZXMgd2l0aG91dCBhIHByb3BlciBzZWN1cml0 eSBhc3NvY2lhdGlvbi4NDQ0NICAgUnVuIHRvIERUTFMtUmVzZXQgKHUpOiBUaGlzIHN0YXRlIGlz IHVzZWQgdG8FIHdoZW4gdGhlIEFDIG9yIFdUUCB3aXNoDSAgIHRvIHRlYXIgZG93biB0aGUgY29u bmVjdGlvbi4NDQ0gICAgICBXVFA6IFRoZSBXVFAgZW50ZXJzIHRoaXMgc3RhdGUgd2hlbiBpdCB3 aXNoZXMgdG8gaW5pdGlhdGUgb3JkZXJseQ0gICAgICB0ZXJtaW5hdGlvbiBvZiB0aGUgRFRMUyBj b25uZWN0aW9uOyB0aGUgV1RQIHNlbmRzIHRoZSBhIFRMUw0gICAgICBGaW5pc2hlZCBtZXNzYWdl Lg0NDSAgICAgIEFDOiBUaGUgQUMgZW50ZXJzIHRoaXMgc3RhdGUgdXBvbiByZWNlaXB0IG9mIFRM UyBGaW5pc2hlZCBtZXNzYWdlDSAgICAgIGZyb20gdGhlIFdUUC4NDVtOQ1ddIEhvdyBkb2VzIExX QVBQIGFzIGFuIGFwcGxpY2F0aW9uIHdvdWxkIHRyaWdnZXIgdGhlIFRMUyBmaW5pc2hlZD8gRnJv bSBhIHNlY3VyaXR5IHN0YW5kcG9pbnQsIHRoZSBBQyBtdXN0IGVmZmVjdGl2ZWx5IGJsb2NrIGFs bCBMV0FQUCB0cmFmZmljIGFzIHdlbGwsIGlzbpJ0IHRoYXQgd2hhdCB0aGUgb3JpZ2luYWwgUmVz ZXQgc3RhdGUgd2FzIGludGVuZGVkIGZvcj8gIFdoYXQgaXMgdGhlIGRpc3RpbmN0aW9uIGJldHdl ZW4gdGhlIERUTFMtUmVzZXQgYW5kIFJlc2V0IHN0YXRlPyANDSAgIEltYWdlLWRhdGEgdG8gRFRM Uy1SZXNldCAobyk6IFRoaXMgc3RhdGUgaXMgdXNlZCB0byByZXNldCB0aGUNICAgY29ubmVjdGlv biBwcmlvciB0byByZXN0YXJ0aW5nIHRoZSBXVFAgYWZ0ZXIgYW4gaW1hZ2UgZG93bmxvYWQuDQ0N ICAgICAgV1RQOiBUaGUgV1RQIGVudGVycyB0aGlzIHN0YXRlIHdoZW4gaW1hZ2UgZG93bmxvYWQg Y29tcGxldGVzDQ0gICAgICBBQzogVGhlIEFDIGVudGVycyB0aGlzIHN0YXRlIHVwb24gcmVjZWlw dCBvZiBUTFMgRmluaXNoZWQgbWVzc2FnZQ0gICAgICBmcm9tIHRoZSBXVFAuDVtOQ1ddIFRoaXMg ZG9lc26SdCBzZWVtIHF1aXRlIHJpZ2h0hXRoZSBXVFAgk3Nob3VsZJQgcmVib290IG9yIHJlZnJl c2ggaXRzZWxmIHRvIGVuc3VyZSBpdJJzIHVzaW5nIHRoZSBsYXRlc3QgdXBkYXRlLiAgQnV0IHRo YXQgYXNpZGUsIGhvdyBkb2VzIHRoZSBBQyByZWNlaXZlIGEgVExTIEZpbmlzaGVkIG1lc3NhZ2Ug ZnJvbSB0aGUgV1RQPyAgSXQgc2VlbXMgbW9yZSBkZXRlcm1pbmF0ZSB0byBoYXZlIHRoZSBBQyBl bnRlciB0aGUgUmVzZXQgc3RhdGUgYWZ0ZXIgaXQgaGFzIHN1Y2Nlc3NmdWxseSBjb21wbGV0ZWQg dGhlIGltYWdlIGRvd25sb2FkIG9yIG9uIGEgbGluayBlcnJvci4NDSAgIERUTFMtUmVzZXQgdG8g UmVzZXQgKHYpOiBUaGlzIHN0YXRlIGlzIHVzZWQgdG8gY29tcGxldGUgRFRMUyBzZXNzaW9uDSAg IHRlYXItZG93bg0NICAgICAgV1RQOiBUaGUgV1RQIGVudGVycyB0aGlzIHN0YXRlIHdoZW4gaXQg aGFzIGNvbXBsZXRlZCBEVExTIHNlc3Npb24NICAgICAgY2xlYW51cCwgYW5kIGl0IGlzIHJlYWR5 IHRvIGZpbmlzaCBMV0FQUCBzZXNzaW9uIGNsZWFuLXVwLg0NW05DV10gUGxlYXNlIHByb3ZpZGUg bW9yZSBlbGFib3JhdGlvbiBvbiB3aGF0IERUTFMgc2Vzc2lvbiBjbGVhbnVwIG1lYW5zLiAgQWxz bywgdW5kZXIgd2hhdCBjb25kaXRpb25zIGRvZXMgV1RQIGFuZCBBQyBnbyBmcm9tIFJlc2V0IHRv IERUTFMtUmVzZXQ/ICBJIHdvdWxkIHN1Z2dlc3QgbWVyZ2luZyBSZXNldCBhbmQgRFRMUy1SZXNl dCBhcyBiZWluZyB0aGUgc2FtZSBzdGF0ZSBhbmQgaW5jbHVkZSB0aGUgc2VjdXJpdHkgY29uc2lk ZXJhdGlvbnMgaW4gaXRzIGRlc2NyaXB0aW9uLg0NDQ0NDQ0NS2VsbHkgJiBSZXNjb3JsYSAgICAg ICAgICBFeHBpcmVzIEp1bmUgMTUsIDIwMDYgICAgICAgICAgICAgICAgIFtQYWdlIDZdDEludGVy bmV0LURyYWZ0ICAgICAgICAgIFNlY3VyaW5nIExXQVBQIHdpdGggRFRMUyAgICAgICAgICAgRGVj ZW1iZXIgMjAwNQ0NDSAgICAgIEFDOiBUaGUgQUMgZW50ZXJzIHRoaXMgc3RhdGUgd2hlbiBpdCBo YXMgY29tcGxldGVkIERUTFMgc2Vzc2lvbg0gICAgICBjbGVhbnVwLCBhbmQgaXQgaXMgcmVhZHkg dG8gZmluaXNoIExXQVBQIHNlc3Npb24gY2xlYW4tdXAuDQ0gICBSdW4gdG8gRFRMUy1SZWtleSAo eCk6IFRoaXMgc3RhdGUgaXMgdXNlZCB0byBpbml0aWF0ZSBhIG5ldyBEVExTDSAgIGhhbmRzaGFr ZS4gIEVpdGhlciB0aGUgV1RQIG9yIEFDIG1heSBpbml0aWF0ZSB0aGUgc3RhdGUgdHJhbnNpdGlv bi4NICAgSXQgaXMgaW1wb3J0YW50IHRvIG5vdGUgdGhhdCB0aGlzIG1pZ2h0IG1vcmUgYWNjdXJh dGVseSBiZSB0ZXJtZWQgYQ0gICAibWV0YS1zdGF0ZSIsIGFzIHRoZSBEVExTIHJlLWhhbmRzaGFr ZSBpcyB0cmFuc3BhcmVudCB0byB0aGUgTFdBUFANICAgcHJvdG9jb2wsIGFuZCBtYXkgZXZlbiBi ZSBpbnRlcnBlcnNlZCB3aXRoIG90aGVyIExXQVBQIGNvbnRyb2wNICAgbWVzc2FnZXMuDQ0gICAg ICBXVFA6IFRoZSBXVFAgZW50ZXJzIHRoaXMgc3RhdGUgd2hlbiBlaXRoZXIgKDEpIGEgcmVrZXkg aXMNICAgICAgcmVxdWlyZWQsIG9yICgyKSB0aGUgQUMgaW5pdGlhdGVzIGEgRFRMUyBoYW5kc2hh a2UuDQ0gICAgICBBQzogVGhlIEFDIGVudGVycyB0aGlzIHN0YXRlIHdoZW4gZWl0aGVyICgxKSBh IHJla2V5IGlzIHJlcXVpcmVkLA0gICAgICBvciAoMikgdGhlIFdUUCBpbml0aWF0ZXMgYSBEVExT IGhhbmRzaGFrZS4NW05DV10gUGxlYXNlIGVsYWJvcmF0ZSBvbiB0aGUgcmVrZXkgcHJvdG9jb2wg dXNlZCBpbiBEVExTIGFzIGl0IGlzIG5vdCBleHBsaWNpdGx5IGRlc2NyaWJlZCBpbiB0aGUgZHJh ZnQtcmVzY29ybGEtZHRscy0wNS50eHQgZHJhZnQuICBBbHNvLCB0aGVyZSBhcmUgc2VjdXJpdHkg aW1wbGljYXRpb25zIGluIGtleSBzeW5jaHJvbml6YXRpb24gYW5kIG90aGVyIExXQVBQIHRyYWZm aWMgZHVyaW5nIHRoaXMga2V5IGV4Y2hhbmdlIGFzIHRoaXMgZHJhZnQgaXMgYWxsb3dpbmcgaXQg dG8gaGFwcGVuIJNpbnRlcnNwZXJzZWSUICBpbiBMV0FQUC4gIEkgYW0gYXNzdW1pbmcgdGhhdCBi eSB0aGUgdXNlIG9mIHRoZSBlcG9jaCwgdGhlIHN5c3RlbSBtYXkgZGVmaW5lIGEgcmVwbGF5IHdp bmRvdyBieSB3aGljaCBtb3JlIHRoYW4gb25lIGtleSBjYW4gYmUgbGl2ZSB0byBhbGxvdyBmb3Ig dGhlIHJla2V5cyB0byB3b3JrLiAgSG93ZXZlciwgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgbXVz dCBiZSBkZXNjcmliZWQgdG8gYmV0dGVyIGFuYWx5emUgdGhlIHNlY3VyaXR5IGltcGxpY2F0aW9u cyBmb3IgdGhpcyBhcHBsaWNhdGlvbi4NDSAgIERUTFMtUmVrZXkgdG8gUmVzZXQgKHopOiBUaGlz IHN0YXRlIGlzIHVzZWQgdG8gY2xlYW4gdXAgd2hlbiBhIERUTFMNICAgaGFuZHNoYWtlIGZhaWxz Lg0NICAgICAgV1RQOiBUaGUgV1RQIGVudGVycyB0aGlzIHN0YXRlIHdoZW4gYSBEVExTIGhhbmRz aGFrZSBmYWlscy4NDSAgICAgIEFDOiBUaGUgQUMgZW50ZXJzIHRoaXMgc3RhdGUgd2hlbiBhIERU TFMgaGFuZHNoYWtlIGZhaWxzLg1bTkNXXSBBcyBub3RlZCBhYm92ZSwgdGhlIHJla2V5IHByb3Rv Y29sIGFuZCBtZWNoYW5pc20gbmVlZHMgdG8gYmUgZGVzY3JpYmVkIGFuZCBieSB0aGlzIGRlc2Ny aXB0aW9uLCBpdCBzZWVtcyB0aGF0IHRoZSBSZXNldCBhbmQgRFRMUy1SZXNldCBhcmUgZXF1aXZh bGVudCBzdGF0ZXM/DQ0yLjEuICBDb250cm9sL0RhdGEgQ2hhbm5lbCBDb25zaWRlcmF0aW9ucw0N ICAgTm90ZSB0aGF0IHdoaWxlIHRoaXMgc2NoZW1lIHNlZW1zIHF1aXRlIHNpbXBsZSBhdCBmaXJz dCBnbGFuY2UsIHRoZXJlDSAgIGlzIG9uZSBjb21wbGljYXRpb24uICBDdXJyZW50bHksIExXQVBQ IG9ubHkgYXBwbGllcyBzZWN1cml0eSB0bw0gICBjb250cm9sIGNoYW5uZWwgY29tbXVuaWNhdGlv bnMsIGFuZCByZWxpZXMgdXBvbiBleHRlcm5hbCBmYWNpbGl0aWVzDSAgIGZvciBzZWN1cmluZyB1 c2VyIGRhdGEuICBJbiBvcmRlciB0byBwcmVzZXJ2ZSB0aGlzIGNvbnZlbnRpb24sIHdlDSAgIG11 c3QgYmUgYWJsZSB0byBkaXN0aW5ndWlzaCBiZXR3ZWVuIGNvbnRyb2wgYW5kIGRhdGEgcGFja2V0 cywNICAgZm9yd2FyZGluZyBvbmx5IGNvbnRyb2wgcGFja2V0cyB0byB0aGUgRFRMUyBlbmdpbmUu DQ0gICBUaGlzIHRhc2sgaXMgY29tcGxpY2F0ZWQgYnkgdGhlIGZhY3QgdGhhdCBMV0FQUCBjdXJy ZW50bHkNICAgZGlzdGluZ3Vpc2hlcyBiZXR3ZWVuIGNvbnRyb2wgYW5kIGRhdGEgdHJhZmZpYyB1 c2luZyB0aGUgJ0MnIGJpdCBpbg0gICB0aGUgTFdBUFAgaGVhZGVyLiAgVGhpcyBpcyBwb3NzaWJs ZSBldmVuIG9uIHRoZSBlbmNyeXB0ZWQgY29udHJvbA0gICBjaGFubmVsIGJlY2F1c2UgdGhlIExX QVBQIGhlYWRlciBpcyBub3QgZW5jcnlwdGVkIC0gaW4gdGhlIGNhc2Ugb2YNICAgdGhlIGNvbnRy b2wgY2hhbm5lbCwgaXQgaXMgb25seSBhdXRoZW50aWNhdGVkOg0NICAgICAgICArLS0tLS0tLS0r LS0tLS0tLS0tKy0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rLS0tLS0tLS0t LS0rDSAgICAgICAgfCBJUCBIZHIgfCBVRFAgSGRyIHwgTFdBUFAgSGRyIHwgICAgIERhdGEgICAg ICAgICAgICAgICAgfCBMV0FQUCBUbHIgfA0gICAgICAgICstLS0tLS0tLSstLS0tLS0tLS0rLS0t LS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSstLS0tLS0tLS0tLSsNICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXC0tLS0tLSBlbmNyeXB0ZWQgIC0tLS0tLS8N ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFwtLS0tLS0tLSBhdXRoZW50aWNhdGVkIC0tLS0t LS0tLS0tLw0NICAgICAgICAgICAgICAgICAgRmlndXJlIDI6IEN1cnJlbnQgTFdBUFAgUGFja2V0 IFNlY3VyaXR5DQ0gICBEVExTLCBvbiB0aGUgb3RoZXIgaGFuZCwgcHJvdmlkZXMgZm9yIHNlY3Vy aW5nIHRoZSBlbnRpcmUgY2hhbm5lbC4NICAgSWYgdGhlIExXQVBQIHBhY2tldHMgYXJlIGVuY2Fw c3VsYXRlZCB3aXRoaW4gRFRMUywgdGhlIExXQVBQIGhlYWRlcg0NDQ1LZWxseSAmIFJlc2Nvcmxh ICAgICAgICAgIEV4cGlyZXMgSnVuZSAxNSwgMjAwNiAgICAgICAgICAgICAgICAgW1BhZ2UgN10M SW50ZXJuZXQtRHJhZnQgICAgICAgICAgU2VjdXJpbmcgTFdBUFAgd2l0aCBEVExTICAgICAgICAg ICBEZWNlbWJlciAyMDA1DQ0NICAgd2lsbCBiZSBlbmNyeXB0ZWQ6DQ0gICAgICAgICstLS0tLS0t LSstLS0tLS0tLS0rLS0tLS0tLS0tKy0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0rLS0tLS0tLS0t LSsNICAgICAgICB8IElQIEhkciB8IFVEUCBIZHIgfERUTFMgSGRyIHwgTFdBUFAgSGRyIHwgICAg IERhdGEgICAgfCBEVExTIFRsciB8DSAgICAgICAgKy0tLS0tLS0tKy0tLS0tLS0tLSstLS0tLS0t LS0rLS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0tLSstLS0tLS0tLS0tKw0gICAgICAgICAgICAgICAg ICAgICAgICAgICAgXC0tLS0tLS0tLSBhdXRoZW50aWNhdGVkIC0tLS0tLS0tLS8NICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFwtLS0tLS0tLS0tLS0gZW5jcnlwdGVkICAtLS0t LS0tLS0tLS8NDSAgICAgICAgICAgICAgICAgIEZpZ3VyZSAzOiBMV0FQUCtEVExTIFBhY2tldCBT ZWN1cml0eQ0NDSAgIEEgZGlyZWN0IGNvbnNlcXVlbmNlIG9mIHRoaXMgaXMgdGhhdCB3aXRoIERU TFMgZW5jYXBzdWxhdGlvbiwgd2UNICAgY2Fubm90IGRpc3Rpbmd1aXNoIGJldHdlZW4gY29udHJv bCB0cmFmZmljIGFuZCBkYXRhIHdpdGhvdXQgZmlyc3QNICAgZGVjcnlwdGluZyB0aGUgcGFja2V0 IC0gdGhpcyBtZWFucyB3ZSBtdXN0IGVzdGFibGlzaCBzZXBhcmF0ZQ0gICBjaGFubmVscyBpZiB3 ZSBkbyBub3Qgd2lzaCB0byBlbmNyeXB0IGRhdGEgY2hhbm5lbCB0cmFmZmljLiAgVHdvDSAgIG1l dGhvZHMgZm9yIGFjY29tcGxpc2hpbmcgdGhpcyBhcmUgZGlzY3Vzc2VkIGJlbG93Lg1bTkNXXSBG b3IgY2xhcml0eSwgaXQgd291bGQgYmUgdXNlZnVsIHRvIHByZWNlZGUgdGhpcyBzZWN0aW9uIHdp dGggYSBkZXNjcmlwdGlvbiBvZiB0aGUgRFRMUyBlbmNhcHN1bGF0aW9uIGFzIExXQVBQIG92ZXIg RFRMUyBhcyBJIGJlbGlldmUgdGhlIGFib3ZlIGRlc2NyaXB0aW9uIGhhcyBpbnN0YW50aWF0ZWQg KHVwIHVudGlsIHRoaXMgc2VjdGlvbiwgaXQgd2FzIHVuY2xlYXIgYXMgdG8gaG93IHRoZSB0cmFu c3BvcnQgbGF5ZXJpbmcgd2FzIGJlaW5nIGludm9rZWQpLiAgV2l0aCB0aGlzIGVuY2Fwc3VsYXRp b24sIHRoZXJlIG11c3QgYmUgc29tZSBtZWNoYW5pc20gYnkgd2hpY2ggZHVyaW5nIHRoZSBEVExT IGF1dGhlbnRpY2F0aW9uIHRoZSByb2xlcyBvZiBlYWNoIG11c3QgYmUgYXNzZXJ0ZWQgdG8gZW5z dXJlIHRoYXQgdGhlIGtleXMgcmVzdWx0aW5nIGZyb20gYSBzdWNjZXNzZnVsIERUTFMgYXV0aGVu dGljYXRpb24gYXJlIHVzZWQgdG8gb25seSBwcm90ZWN0IExXQVBQLg0NMi4xLjEuICBTZXBhcmF0 ZSBDb250cm9sL0RhdGEgQ2hhbm5lbCBQb3J0cw0NICAgVGhlIHNpbXBsZXN0IHNvbHV0aW9uIGVu dGFpbHMgdXNpbmcgc2VwYXJhdGUgcG9ydHMgZm9yIExXQVBQIGNvbnRyb2wNICAgYW5kIGRhdGEg dHJhZmZpYywgd2l0aCBEVExTIHNlY3VyaW5nIG9ubHkgdGhlIGNvbnRyb2wgY2hhbm5lbC4gIFRo ZQ0gICBjb250cm9sIHRyYWZmaWMgY291bGQgY29udGludWUgdG8gdXRpbGl6ZSB0aGUgY3VycmVu dCB3ZWxsLWtub3duDSAgIExXQVBQIHBvcnQuICBGb3IgdGhlIGRhdGEgY2hhbm5lbCwgYSBuZXcg cG9ydCBjb3VsZCBiZSBhc3NpZ25lZCBieQ0gICBJQU5BLCBvciBpdCBjb3VsZCBpbnN0ZWFkIGJl IHNwZWNpZmllZCBieSB0aGUgQUMgYWZ0ZXIgdGhlIERUTFMNICAgc2Vzc2lvbiBpcyBlc3RhYmxp c2hlZCwgcHJvdmlkaW5nIHNvbWUgYWRkaXRpb25hbCBmbGV4aWJpbGl0eS4gIE5vdGUNICAgdGhh dCB0aGlzIHNvbHV0aW9uIHdpbGwgbm90IHdvcmsgZm9yIGxheWVyIDIgTFdBUFAgZW5jYXBzdWxh dGlvbi4NICAgSG93ZXZlciwgaWYgTDIgc3VwcG9ydCBpcyB0byBiZSByZW1vdmVkIGZyb20gTFdB UFAsIHRoaXMgcG9pbnQgaXMNICAgbW9vdC4NW05DV10gSSBkbyBub3QgdW5kZXJzdGFuZCBob3cg dGhpcyBwcm9wb3NlZCBzY2hlbWUgd291bGQgd29yayBhcyB0aGUgZW50aXJlIGx3YXAgY29uc3Ry dWN0aW9uIGlzIGVuY3J5cHRlZD8NDTIuMS4yLiAgQWRkaW5nIGEgUHJvdG9jb2wgTXV4DQ0gICBB biBhbHRlcm5hdGl2ZSBzb2x1dGlvbiBlbnRhaWxzIGFkZGluZyBhIHByb3RvY29sIG11bHRpcGxl eGVyIG1vZHVsZQ0gICBiZXR3ZWVuIHRoZSBwYWNrZXQgaW5wdXQvb3V0cHV0IGFuZCB0aGUgRFRM UyBtb2R1bGVzLCBhbmQgYWRkaW5nIGFuDSAgIGFkZGl0aW9uYWwgc21hbGwgYXNzb2NpYXRlZCBM V0FQUCBoZWFkZXIgYmV0d2VlbiB0aGUgVURQIGhlYWRlciBhbmQNICAgdGhlIERUTFMgcmVjb3Jk IGxheWVyIGhlYWRlci4gIFdoaWxlIHRoaXMgTFdBUFAgaGVhZGVyIG5lZWQgb25seQ0gICBjb250 YWluIGEgc2luZ2xlIGJpdCB0byBkaWZmZXJlbnRpYXRlIGJldHdlZW4gY29udHJvbC9kYXRhIHRy YWZmaWMsDSAgIGFsaWdubWVudCBjb25jZXJucyBzdWdnZXN0IHRoZSBoZWFkZXIgd291bGQgbW9z dCBsaWtlbHkgYmUgZWl0aGVyIDMyDSAgIG9yIDY0IGJpdHMgaW4gbGVuZ3RoLg1bTkNXXSBJcyB0 aGUgaW50ZW50IHRvIGFsbG93IGZvciBhbiBhdXRoZW50aWNhdGVkIGJ1dCB1bmVuY3J5cHRlZCBo ZWFkZXIgdG8gYmUgdHJhbnNwb3J0ZWQ/DQ0NDQ0NMy4gIEVuZHBvaW50IEF1dGhlbnRpY2F0aW9u IHVzaW5nIERUTFMNDVtOQ1ddIEkgd291bGQgbGlrZSB0byBzZWUgYSBzZWN1cml0eSBjb25zaWRl cmF0aW9ucyBzZWN0aW9ucyBmb3IgdGhlIGRpZmZlcmVudCBhdXRoZW50aWNhdGlvbiBtZXRob2Rz IHVzaW5nIERUTFMuICBUaGUgY3VycmVudCBMV0FQUCBzcGVjaWZpY2F0aW9uIGVuZm9yY2VzIG11 dHVhbCBhdXRoZW50aWNhdGlvbiB0aHJvdWdoIEpvaW4gcmVxdWVzdC9yZXNwb25zZSBleGNoYW5n ZSByZXF1aXJpbmcgZWFjaCBwYXJ0aWNpcGFudCB0byBwcmVzZW50IGEgY3JlZGVudGlhbC4gIFRo aXMgaXMgbm90IGVuZm9yY2VkIGluIFRMUyBhbmQgdGh1cyBjYW4gbGVhZCB0byBkaWZmZXJlbnQg c2VjdXJpdHkgdGhyZWF0IGNvbnNpZGVyYXRpb25zLiAgDQ0gICBDdXJyZW50bHksIExXQVBQIHN1 cHBvcnRzIGF1dGhlbnRpY2F0aW9uIHVzaW5nIGVpdGhlciBwdWJsaWMga2V5DSAgIGNlcnRpZmlj YXRlcyBvciBzaGFyZWQgc2VjcmV0cyAocHJlLXNoYXJlZCBrZXlzKS4gIERUTFMgc3VwcG9ydA0g ICBpbXBsaWVzIG5vIGNoYW5nZXMgaW4gdGhpcyByZWdhcmQuICBDZXJ0aWZpY2F0ZS1iYXNlZCBh dXRoZW50aWNhdGlvbg0gICBpcyBuYXRpdmVseSBzdXBwb3J0ZWQsIGFuZCBzdXBwb3J0IGZvciBw cmVzaGFyZWQga2V5cyBpcyBjdXJyZW50bHkNICAgcHJvZ3Jlc3NpbmcgdG93YXJkIHN0YW5kYXJk aXphdGlvbiAoc2VlIFtUTFMtUFNLXSkuICBCZWxvdyB3ZQ0gICBkZXNjcmliZSBzdXBwb3J0ZWQg VExTIGFsZ29yaXRobSBzdWl0ZXMgZm9yIGVhY2ggZW5kcG9pbnQNDQ0NS2VsbHkgJiBSZXNjb3Js YSAgICAgICAgICBFeHBpcmVzIEp1bmUgMTUsIDIwMDYgICAgICAgICAgICAgICAgIFtQYWdlIDhd DEludGVybmV0LURyYWZ0ICAgICAgICAgIFNlY3VyaW5nIExXQVBQIHdpdGggRFRMUyAgICAgICAg ICAgRGVjZW1iZXIgMjAwNQ0NDSAgIGF1dGhlbnRpY2F0aW9uIG1ldGhvZC4NDTMuMS4gIEF1dGhl bnRpY2F0aW5nIHdpdGggQ2VydGlmaWNhdGVzDQ0gICBOb3RlIHRoYXQgb25seSBibG9jayBjaXBo ZXJzIGFyZSBjdXJyZW50bHkgcmVjb21tZW5kZWQgZm9yIHVzZSB3aXRoDSAgIERUTFMuICBUbyB1 bmRlcnN0YW5kIHRoZSByZWFzb25pbmcgYmVoaW5kIHRoaXMsIHNlZSBbRFRMUy1ERVNJR05dLg0g ICBUaGUgZm9sbG93aW5nIGFsZ29yaXRobXMgTVVTVCBiZSBzdXBwb3J0ZWQgd2hlbiB1c2luZyBj ZXJ0aWZpY2F0ZXMNICAgZm9yIExXQVBQIGF1dGhlbnRpY2F0aW9uOg0NICAgbyAgVExTX1JTQV9X SVRIX0FFU18xMjhfQ0JDX1NIQQ0NICAgbyAgVExTX1JTQV9XSVRIXzNERVNfRURFX0NCQ19TSEEN DSAgIFRoZSBmb2xsb3dpbmcgYWxnb3JpdGhtcyBTSE9VTEQgYmUgc3VwcG9ydGVkIHdoZW4gdXNp bmcgY2VydGlmaWNhdGVzOg0NICAgbyAgVExTX0RIX1JTQV9XSVRIX0FFU18xMjhfQ0JDX1NIQQ0N ICAgbyAgVExTX0RIX1JTQV9XSVRIXzNERVNfRURFX0NCQ19TSEENDSAgIFRoZSBmb2xsb3dpbmcg YWxnb3JpdGhtcyBNQVkgYmUgc3VwcG9ydGVkIHdoZW4gdXNpbmcgY2VydGlmaWNhdGVzOg0NICAg byAgVExTX1JTQV9XSVRIX0FFU18yNTZfQ0JDX1NIQQ0NICAgbyAgVExTX0RIX1JTQV9XSVRIX0FF U18yNTZfQ0JDX1NIQQ0NICAgQ2VydGlmaWNhdGVzIHNob3VsZCBiZSB2ZXJpZmllZCBpbiB0aGUg c2FtZSBtYW5uZXIgYXMgY3VycmVudGx5DSAgIHNwZWNpZmllZCBpbiBMV0FQUC4NDTMuMi4gIEF1 dGhlbnRpY2F0aW5nIHdpdGggUHJlc2hhcmVkIEtleXMNDSAgIFByZS1zaGFyZWQga2V5cyBwcmVz ZW50IHNpZ25pZmljYW50IGNoYWxsZW5nZXMgZnJvbSBhIHNlY3VyaXR5DSAgIHBlcnNwZWN0aXZl LCBhbmQgZm9yIHRoYXQgcmVhc29uLCB0aGVpciB1c2UgaXMgc3Ryb25nbHkgZGlzY291cmFnZWQu DSAgIEhvd2V2ZXIsIFtUTFMtUFNLXSBkZWZpbmVzIDMgZGlmZmVyZW50IG1ldGhvZHMgZm9yIGF1 dGhlbnRpY2F0aW5nDSAgIHdpdGggcHJlc2hhcmVkIGtleXM6DQ0gICBvICBQU0sga2V5IGV4Y2hh bmdlIGFsZ29yaXRobSAtIHNpbXBsZXN0IG1ldGhvZCwgY2lwaGVyc3VpdGVzIHVzZQ0gICAgICBv bmx5IHN5bW1ldHJpYyBrZXkgYWxnb3JpdGhtcw0NICAgbyAgREhFX1BTSyBrZXkgZXhjaGFuZ2Ug YWxnb3JpdGhtIC0gdXNlIGEgUFNLIHRvIGF1dGhlbnRpY2F0ZSBhDSAgICAgIERpZmZpZS1IZWxs bWFuIGV4Y2hhbmdlLiAgVGhlc2UgY2lwaGVyc3VpdGVzIGdpdmUgc29tZSBhZGRpdGlvbmFsDSAg ICAgIHByb3RlY3Rpb24gYWdhaW5zdCBkaWN0aW9uYXJ5IGF0dGFja3MgYW5kIGFsc28gcHJvdmlk ZSBQZXJmZWN0DSAgICAgIEZvcndhcmQgU2VjcmVjeSAoUEZTKS4NDSAgIG8gIFJTQV9QU0sga2V5 IGV4Y2hhbmdlIGFsZ29yaXRobSAtIHVzZSBSU0EgYW5kIGNlcnRpZmljYXRlcyB0bw0gICAgICBh dXRoZW50aWNhdGUgdGhlIHNlcnZlciwgaW4gYWRkaXRpb24gdG8gdXNpbmcgYSBQU0suICBOb3QN ICAgICAgc3VzY2VwdGlibGUgdG8gcGFzc2l2ZSBhdHRhY2tzLg0NICAgVGhlIGZpcnN0IGFwcHJv YWNoIChQU0spIGlzIHN1c2NlcHRpYmxlIHRvIHBhc3NpdmUgZGljdGlvbmFyeQ0NDQ1LZWxseSAm IFJlc2NvcmxhICAgICAgICAgIEV4cGlyZXMgSnVuZSAxNSwgMjAwNiAgICAgICAgICAgICAgICAg W1BhZ2UgOV0MSW50ZXJuZXQtRHJhZnQgICAgICAgICAgU2VjdXJpbmcgTFdBUFAgd2l0aCBEVExT ICAgICAgICAgICBEZWNlbWJlciAyMDA1DQ0NICAgYXR0YWNrczsgaGVuY2UsIHRoYXQgbWV0aG9k IE1VU1QgTk9UIGJlIHVzZWQuICBJZiBzdXBwb3J0IGZvciBwcmUtDSAgIHNoYXJlZCBrZXlzIGlz IGRlc2lyZWQsIHRoZW4gREhFX1BTSyBNVVNUIGJlIHN1cHBvcnRlZCwgYW5kIFJTQV9QU0sNICAg TUFZIGJlIHN1cHBvcnRlZC4NDSAgIFRoZSBmb2xsb3dpbmcgY3J5cHRvZ3JhcGhpYyBhbGdvcml0 aG1zIE1VU1QgYmUgc3VwcG9ydGVkIHdoZW4gdXNpbmcNICAgcHJlc2hhcmVkIGtleXM6DQ0gICBv ICBUTFNfUFNLX1dJVEhfQUVTXzEyOF9DQkNfU0hBDQ0gICBvICBUTFNfUFNLX1dJVEhfM0RFU19F REVfQ0JDX1NIQQ0NICAgVGhlIGZvbGxvd2luZyBhbGdvcml0aG1zIFNIT1VMRCBiZSBzdXBwb3J0 ZWQgd2hlbiB1c2luZyBwcmVzaGFyZWQNICAga2V5czoNDSAgIG8gIFRMU19QU0tfV0lUSF9BRVNf MjU2X0NCQ19TSEENDSAgIFRoZSBmb2xsb3dpbmcgYWxnb3JpdGhtcyBNQVkgYmUgc3VwcG9ydGVk IHdoZW4gdXNpbmcgcHJlc2hhcmVkIGtleXM6DQ0gICBvICBUTFNfUlNBX1BTS19XSVRIX0FFU18x MjhfQ0JDX1NIQQ0NICAgbyAgVExTX1JTQV9QU0tfV0lUSF9BRVNfMjU2X0NCQ19TSEENDSAgIG8g IFRMU19SU0FfUFNLX1dJVEhfM0RFU19FREVfQ0JDX1NIQQ0NDTQuICBDb25jbHVzaW9ucw0NICAg RFRMUyByZXByZXNlbnRzIGEgc3Ryb25nIHJlcGxhY2VtZW50IGNhbmRpZGF0ZSBmb3IgdGhlIGV4 aXN0aW5nIExXQVBQDSAgIHNlY3VyaXR5IHNjaGVtZS4gIEluIGFkZGl0aW9uIHRvIGJlaW5nIGEg a25vd24gcXVhbnRpdHkgd2hpY2ggaGFzDSAgIHJlY2VpdmVkIGFuZCB3aWxsIGNvbnRpbnVlIHRv IHJlY2VpdmUgYSBoZWFsdGh5IGRvc2Ugb2Ygb25nb2luZw0gICBhbmFseXNpcyBhbmQgcmV2aWV3 IGZyb20gdGhlIGNyeXB0b2dyYXBoaWMgY29tbXVuaXR5LCBpdCBzdXBwb3J0cyBhbGwNICAgcmVx dWlyZWQgTFdBUFAgc2VjdXJpdHkgZnVuY3Rpb25hbGl0eSwgYW5kIGFsc28gcHJvdmlkZXMgZm9y DSAgIGFsZ29yaXRobSBhZ2lsaXR5IHNob3VsZCB0aGUgbmVlZCBhcmlzZS4gIEZ1cnRoZXIsIGl0 cyBuZWdvdGlhdGlvbg0gICBjYXBhYmlsaXR5IHByb3ZpZGVzIGZvciBhIG1lYXN1cmUgb2YgaW1w bGVtZW50YXRpb24gZmxleGliaWxpdHkgbm90DSAgIHBvc3NpYmxlIHdpdGggdGhlIGN1cnJlbnQg TFdBUFAgc2NoZW1lLg0NICAgV2hpbGUgaXQgaXMgbm90IGEgZHJvcC1pbiByZXBsYWNlbWVudCwg aXQgcmVxdWlyZXMgYSByZWFzb25hYmx5DSAgIGJvdW5kZWQgYW1vdW50IG9mIGNoYW5nZSB0byB0 aGUgZXhpc3Rpbmcgc3RhdGUgbWFjaGluZSBhbmQgcGFja2V0DSAgIGZvcm1hdHMuICBBcyBub3Rl ZCwgc2luY2UgRFRMUyBkb2VzIG5vdCBwcm92aWRlIGZvciB1bmVxdWFsDSAgIGVuY3J5cHRpb24g dnMgYXV0aGVudGljYXRpb24gbGVuZ3RocyB3aXRoaW4gYSBwYWNrZXQsIGl0IHJlcXVpcmVzDSAg IGFkZGluZyBlaXRoZXIgYSBzZWNvbmRhcnkgZGF0YSBwb3J0IG9yIGEgc2hvcnQgZGVtdXggaGVh ZGVyLg0NDTUuICBTZWN1cml0eSBDb25zaWRlcmF0aW9ucw0NICAgVGhlIHNlY3VyaXR5IG9mIExX QVBQIG92ZXIgRFRMUyBpcyBjb21wbGV0ZWx5IGRlcGVuZGVudCBvbiB0aGUNICAgc2VjdXJpdHkg b2YgRFRMUy4gIEFueSBmbGF3cyBpbiBEVExTIGNvbXByb21pc2UgdGhlIHNlY3VyaXR5IG9mDSAg IExXQVBQLiAgSW4gcGFydGljdWxhciwgaXQgaXMgY3JpdGljYWwgdGhhdCB0aGUgY29tbXVuaWNh dGluZyBwYXJ0aWVzDQ0NDUtlbGx5ICYgUmVzY29ybGEgICAgICAgICAgRXhwaXJlcyBKdW5lIDE1 LCAyMDA2ICAgICAgICAgICAgICAgIFtQYWdlIDEwXQxJbnRlcm5ldC1EcmFmdCAgICAgICAgICBT ZWN1cmluZyBMV0FQUCB3aXRoIERUTFMgICAgICAgICAgIERlY2VtYmVyIDIwMDUNDQ0gICB2ZXJp ZnkgdGhlaXIgcGVlcidzIGNyZWRlbnRpYWxzLiAgSW4gdGhlIGNhc2Ugb2YgcHJlLXNoYXJlZCBr ZXlzLA0gICB0aGlzIGhhcHBlbnMgYXV0b21hdGljYWxseSB2aWEgdGhlIGtleS4gIEluIHRoZSBj YXNlIG9mIGNlcnRpZmljYXRlcywNICAgdGhlIHBhcnRpZXMgbXVzdCBjaGVjayB0aGUgcGVlcidz IGNlcnRpZmljYXRlLiAgVGhlIGFwcHJvcHJpYXRlDSAgIGNoZWNrcyBhcmUgZGVzY3JpYmVkIGlu IHRoZSBjdXJyZW50IExXQVBQIGRvY3VtZW50DQ0gICBUaGUgdXNlIG9mIHBhcmFsbGVsIHByb3Rl Y3RlZCBhbmQgdW5wcm90ZWN0ZWQgY2hhbm5lbHMgZGVzZXJ2ZXMNICAgc3BlY2lhbCBjb25zaWRl cmF0aW9uLCBidXQgZG9lcyBub3QgY3JlYXRlIGEgdGhyZWF0LiAgVGhlcmUgYXJlIHR3bw0gICBw b3RlbnRpYWwgY29uY2VybnM6IGF0dGVtcHRpbmcgdG8gY29udmVydCBwcm90ZWN0ZWQgZGF0YSBp bnRvIHVuLQ0gICBwcm90ZWN0ZWQgZGF0YSBhbmQgYXR0ZW1wdGluZyB0byBjb252ZXJ0IHVuLXBy b3RlY3RlZCBkYXRhIGludG8NICAgcHJvdGVjdGVkIGRhdGEuICBUaGUgdXNlIG9mIHRoZSBNQUMg bWFrZXMgaXQgaW1wb3NzaWJsZSBmb3IgdGhlDSAgIGF0dGFja2VyIHRvIGZvcmdlIHByb3RlY3Rl ZCByZWNvcmRzLiAgVGhlIGF0dGFja2VyIGNhbiBlYXNpbHkgcmVtb3ZlDSAgIHByb3RlY3RlZCBy ZWNvcmRzIGZyb20gdGhlIHN0cmVhbSAodGhpcyBpcyBhIGNvbnNlcXVlbmNlIG9mDSAgIHVucmVs aWFiaWxpdHkpLCB0aG91Z2ggbm90IHVuZGV0ZWN0YWJseSBzby4gIElmIGEgbm9uLWVuY3J5cHRl ZA0gICBjaXBoZXIgc3VpdGUgaXMgaW4gdXNlLCB0aGUgYXR0YWNrZXIgY2FuIHR1cm4gc3VjaCBh IHJlY29yZCBpbnRvIGFuDSAgIHVuLXByb3RlY3RlZCByZWNvcmQuICBIb3dldmVyLCB0aGlzIGF0 dGFjayBpcyByZWFsbHkgbm8gZGlmZmVyZW50DSAgIGZyb20gc2ltcGxlIGluamVjdGlvbiBpbnRv IHRoZSB1bnByb3RlY3RlZCBzdHJlYW0uDQ0NNi4gIElBTkEgQ29uc2lkZXJhdGlvbnMNDSAgIFNo b3VsZCBhIHNlcGFyYXRlIFVEUCBwb3J0IGZvciBkYXRhIGNoYW5uZWwgY29tbXVuaWNhdGlvbnMg YmUgdGhlDSAgIHNlbGVjdGVkIGRlbXVsdGlwbGV4aW5nIG1lY2hhbmlzbSwgYSBwb3J0IG11c3Qg YmUgYXNzaWduZWQgZm9yIHRoaXMNICAgcHVycG9zZS4gIFNob3VsZCBhIGRlbXVsdGlwbGV4aW5n IGhlYWRlciBiZSB1c2VkIGluc3RlYWQsIHRoZXJlIG1heQ0gICBiZSBhZGRpdGlvbmFsIElBTkEg cmVxdWlyZW1lbnRzICh3ZSdsbCBjcm9zcyB0aGF0IGJyaWRnZSBpZiB3ZSBjb21lDSAgIHRvIGl0 KS4NDQ03LiAgUmVmZXJlbmNlcw0NNy4xLiAgTm9ybWF0aXZlIFJlZmVyZW5jZXMNDSAgIFtEVExT XSAgICAgUmVzY29ybGEgZXQgYWwsIEUuLCAiRGF0YWdyYW0gVHJhbnNwb3J0IExheWVyIFNlY3Vy aXR5IiwNICAgICAgICAgICAgICBKdW5lIDIwMDQuDQ0gICBbTFdBUFBdICAgIENhbGhvdW4gZXQg YWwsIFAuLCAiTGlnaHQgV2VpZ2h0IEFjY2VzcyBQb2ludCBQcm90b2NvbCIsDSAgICAgICAgICAg ICAgSnVuZSAyMDA1LCA8aHR0cDovL3d3dy5pZXRmLm9yZz4uDQ0gICBbVExTLVBTS10gIEVyb25l biBldCBhbCwgUC4sICJQcmUtU2hhcmVkIEtleSBDaXBoZXJzdWl0ZXMgZm9yDSAgICAgICAgICAg ICAgVHJhbnNwb3J0IExheWVyIFNlY3VyaXR5IChUTFMpIiwgSnVuZSAyMDA1Lg0NNy4yLiAgSW5m b3JtYXRpdmUgUmVmZXJlbmNlcw0NICAgW0NBUFdBUC1FVkFMXQ0gICAgICAgICAgICAgIExvaHJl ciBldCBhbCwgRC4sICJFdmFsdWF0aW9uIG9mIENhbmRpZGF0ZSBDQVBXQVANICAgICAgICAgICAg ICBQcm90b2NvbHMiLCBBdWd1c3QgMjAwNSwgPGh0dHA6Ly93d3cuaWV0Zi5vcmc+Lg0NICAgW0RU TFMtREVTSUdOXQ0gICAgICAgICAgICAgIE1vZGFkdWd1IGV0IGFsLCBOLiwgIlRoZSBEZXNpZ24g YW5kIEltcGxlbWVudGF0aW9uIG9mDQ0NDUtlbGx5ICYgUmVzY29ybGEgICAgICAgICAgRXhwaXJl cyBKdW5lIDE1LCAyMDA2ICAgICAgICAgICAgICAgIFtQYWdlIDExXQxJbnRlcm5ldC1EcmFmdCAg ICAgICAgICBTZWN1cmluZyBMV0FQUCB3aXRoIERUTFMgICAgICAgICAgIERlY2VtYmVyIDIwMDUN DQ0gICAgICAgICAgICAgIERhdGFncmFtIFRMUyIsIEZlYiAyMDA0Lg0NICAgW0xXQVBQLVNFQ10N ICAgICAgICAgICAgICBDbGFuY3ksIEMuLCAiU2VjdXJpdHkgUmV2aWV3IG9mIHRoZSBMaWdodCBX ZWlnaHQgQWNjZXNzDSAgICAgICAgICAgICAgUG9pbnQgUHJvdG9jb2wiLCBNYXkgMjAwNS4NDSAg IFtUTFMxMV0gICAgRGllcmtzIGV0IGFsLCBULiwgIlRoZSBUTFMgUHJvdG9jb2wgVmVyc2lvbiAx LjEiLA0gICAgICAgICAgICAgIEp1bmUgMjAwNS4NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0N DQ0NDQ0NDQ0NDQ0NDQ0NDUtlbGx5ICYgUmVzY29ybGEgICAgICAgICAgRXhwaXJlcyBKdW5lIDE1 LCAyMDA2ICAgICAgICAgICAgICAgIFtQYWdlIDEyXQ0MDUludGVybmV0LURyYWZ0ICAgICAgICAg IFNlY3VyaW5nIExXQVBQIHdpdGggRFRMUyAgICAgICAgICAgRGVjZW1iZXIgMjAwNQ0NDUF1dGhv cnMnIEFkZHJlc3Nlcw0NICAgU2NvdHQgRy4gS2VsbHkNICAgVGFsYXJpIE5ldHdvcmtzDSAgIDE1 MCBXLiBJb3dhIEF2ZSBTdGUgMjA4DSAgIFN1bm55dmFsZSwgQ0EgIDk0MDg2DSAgIFVTDQ0gICBF bWFpbDogc2NvdHRAaHlwZXJ0aG91Z2h0LmNvbQ0NDSAgIEVyaWMgUmVzY29ybGEgICBOZXR3b3Jr IFJlc29uYW5jZSAgIDI0ODMgRWwgQ2FtaW5vIFJlYWwsICMyMTIgICBQYWxvIEFsdG8sIENBICA5 NDMwMyAgIFVTDSAgIEVtYWlsOiBla3JAbmV0d29ya3Jlc29uYW5jZS5jb20NDQ0NDQ0NDQ0NDQ0N DQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ1LZWxseSAmIFJlc2NvcmxhICAgICAgICAgIEV4cGlyZXMgSnVu ZSAxNSwgMjAwNiAgICAgICAgICAgICAgICBbUGFnZSAxM10MSW50ZXJuZXQtRHJhZnQgICAgICAg ICAgU2VjdXJpbmcgTFdBUFAgd2l0aCBEVExTICAgICAgICAgICBEZWNlbWJlciAyMDA1DQ0NSW50 ZWxsZWN0dWFsIFByb3BlcnR5IFN0YXRlbWVudA0NICAgVGhlIElFVEYgdGFrZXMgbm8gcG9zaXRp b24gcmVnYXJkaW5nIHRoZSB2YWxpZGl0eSBvciBzY29wZSBvZiBhbnkNICAgSW50ZWxsZWN0dWFs IFByb3BlcnR5IFJpZ2h0cyBvciBvdGhlciByaWdodHMgdGhhdCBtaWdodCBiZSBjbGFpbWVkIHRv DSAgIHBlcnRhaW4gdG8gdGhlIGltcGxlbWVudGF0aW9uIG9yIHVzZSBvZiB0aGUgdGVjaG5vbG9n eSBkZXNjcmliZWQgaW4NICAgdGhpcyBkb2N1bWVudCBvciB0aGUgZXh0ZW50IHRvIHdoaWNoIGFu eSBsaWNlbnNlIHVuZGVyIHN1Y2ggcmlnaHRzDSAgIG1pZ2h0IG9yIG1pZ2h0IG5vdCBiZSBhdmFp bGFibGU7IG5vciBkb2VzIGl0IHJlcHJlc2VudCB0aGF0IGl0IGhhcw0gICBtYWRlIGFueSBpbmRl cGVuZGVudCBlZmZvcnQgdG8gaWRlbnRpZnkgYW55IHN1Y2ggcmlnaHRzLiAgSW5mb3JtYXRpb24N ICAgb24gdGhlIHByb2NlZHVyZXMgd2l0aCByZXNwZWN0IHRvIHJpZ2h0cyBpbiBSRkMgZG9jdW1l bnRzIGNhbiBiZQ0gICBmb3VuZCBpbiBCQ1AgNzggYW5kIEJDUCA3OS4NDSAgIENvcGllcyBvZiBJ UFIgZGlzY2xvc3VyZXMgbWFkZSB0byB0aGUgSUVURiBTZWNyZXRhcmlhdCBhbmQgYW55DSAgIGFz c3VyYW5jZXMgb2YgbGljZW5zZXMgdG8gYmUgbWFkZSBhdmFpbGFibGUsIG9yIHRoZSByZXN1bHQg b2YgYW4NICAgYXR0ZW1wdCBtYWRlIHRvIG9idGFpbiBhIGdlbmVyYWwgbGljZW5zZSBvciBwZXJt aXNzaW9uIGZvciB0aGUgdXNlIG9mDSAgIHN1Y2ggcHJvcHJpZXRhcnkgcmlnaHRzIGJ5IGltcGxl bWVudGVycyBvciB1c2VycyBvZiB0aGlzDSAgIHNwZWNpZmljYXRpb24gY2FuIGJlIG9idGFpbmVk IGZyb20gdGhlIElFVEYgb24tbGluZSBJUFIgcmVwb3NpdG9yeSBhdA0gICBodHRwOi8vd3d3Lmll dGYub3JnL2lwci4NDSAgIFRoZSBJRVRGIGludml0ZXMgYW55IGludGVyZXN0ZWQgcGFydHkgdG8g YnJpbmcgdG8gaXRzIGF0dGVudGlvbiBhbnkNICAgY29weXJpZ2h0cywgcGF0ZW50cyBvciBwYXRl bnQgYXBwbGljYXRpb25zLCBvciBvdGhlciBwcm9wcmlldGFyeQ0gICByaWdodHMgdGhhdCBtYXkg Y292ZXIgdGVjaG5vbG9neSB0aGF0IG1heSBiZSByZXF1aXJlZCB0byBpbXBsZW1lbnQNICAgdGhp cyBzdGFuZGFyZC4gIFBsZWFzZSBhZGRyZXNzIHRoZSBpbmZvcm1hdGlvbiB0byB0aGUgSUVURiBh dA0gICBpZXRmLWlwckBpZXRmLm9yZy4NDQ1EaXNjbGFpbWVyIG9mIFZhbGlkaXR5DQ0gICBUaGlz IGRvY3VtZW50IGFuZCB0aGUgaW5mb3JtYXRpb24gY29udGFpbmVkIGhlcmVpbiBhcmUgcHJvdmlk ZWQgb24gYW4NICAgIkFTIElTIiBiYXNpcyBhbmQgVEhFIENPTlRSSUJVVE9SLCBUSEUgT1JHQU5J WkFUSU9OIEhFL1NIRSBSRVBSRVNFTlRTDSAgIE9SIElTIFNQT05TT1JFRCBCWSAoSUYgQU5ZKSwg VEhFIElOVEVSTkVUIFNPQ0lFVFkgQU5EIFRIRSBJTlRFUk5FVA0gICBFTkdJTkVFUklORyBUQVNL IEZPUkNFIERJU0NMQUlNIEFMTCBXQVJSQU5USUVTLCBFWFBSRVNTIE9SIElNUExJRUQsDSAgIElO Q0xVRElORyBCVVQgTk9UIExJTUlURUQgVE8gQU5ZIFdBUlJBTlRZIFRIQVQgVEhFIFVTRSBPRiBU SEUNICAgSU5GT1JNQVRJT04gSEVSRUlOIFdJTEwgTk9UIElORlJJTkdFIEFOWSBSSUdIVFMgT1Ig QU5ZIElNUExJRUQNICAgV0FSUkFOVElFUyBPRiBNRVJDSEFOVEFCSUxJVFkgT1IgRklUTkVTUyBG T1IgQSBQQVJUSUNVTEFSIFBVUlBPU0UuDQ0NQ29weXJpZ2h0IFN0YXRlbWVudA0NICAgQ29weXJp Z2h0IChDKSBUaGUgSW50ZXJuZXQgU29jaWV0eSAoMjAwNSkuICBUaGlzIGRvY3VtZW50IGlzIHN1 YmplY3QNICAgdG8gdGhlIHJpZ2h0cywgbGljZW5zZXMgYW5kIHJlc3RyaWN0aW9ucyBjb250YWlu ZWQgaW4gQkNQIDc4LCBhbmQNICAgZXhjZXB0IGFzIHNldCBmb3J0aCB0aGVyZWluLCB0aGUgYXV0 aG9ycyByZXRhaW4gYWxsIHRoZWlyIHJpZ2h0cy4NDQ1BY2tub3dsZWRnbWVudA0NICAgRnVuZGlu ZyBmb3IgdGhlIFJGQyBFZGl0b3IgZnVuY3Rpb24gaXMgY3VycmVudGx5IHByb3ZpZGVkIGJ5IHRo ZQ0gICBJbnRlcm5ldCBTb2NpZXR5Lg0NDQ0NS2VsbHkgJiBSZXNjb3JsYSAgICAgICAgICBFeHBp cmVzIEp1bmUgMTUsIDIwMDYgICAgICAgICAgICAgICAgW1BhZ2UgMTRdDQwNDQVFeHRyYW5lb3Vz IHdvcmQgKA0NDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYAABgQAABj EAAAMR8AAHofAADaJAAA2yQAAOIkAAAYJQAAGSUAABolAAAbJQAAHCUAACMlAABYJQAAWSUAAFol AABbJQAAXCUAAGMlAAB/JQAAgCUAAPnu+d351r75tJ6I+XD5Zp6I+U75OAAAACsACIEVaCNsswAW aDwCPQAXaElQfABjSAEAZGgAAAAAZGgAAAAAZGiG3KGmLwAIgRVoI2yzABZoPAI9ABdoQwS4AGNI AQBkaAAAAABkaAAAAABkaGncoaZnSAYAEwEIgQRIAQAFaGfcoaYWaDwCPQAvAAiBFWgjbLMAFmg8 Aj0AF2hDBLgAY0gBAGRoAAAAAGRoAAAAAGRoZ9yhpmdIBgArAAiBFWgjbLMAFmg8Aj0AF2hDBLgA Y0gBAGRoAAAAAGRoAAAAAGRoadyhpisACIEVaCNsswAWaEMEuAAXaEMEuABjSAEAZGgAAAAAZGgA AAAAZGhp3KGmEwEIgQRIAQAFaGTcoaYWaDwCPQAvAAiBFWgjbLMAFmg8Aj0AF2hDBLgAY0gBAGRo AAAAAGRoAAAAAGRoZNyhpmdIBgAMFWgjbLMAFmhDBLgAACEVaEMEuAAWaDwCPQCJygcBAQBj3KGm gyoBbUgMBHNIDAQUFWhDBLgAFmg8Aj0AbUgMBHNIDAQADBVoI2yzABZoPAI9ABUABgAAAQgAAAII AAADCAAATAgAAJUIAADeCAAAJwkAAHAJAABxCQAAcgkAAKMJAADYCQAA2QkAAO0JAADuCQAANAoA AHkKAAC/CgAAAwsAAAQLAABJCwAAjQsAANALAADbCwAA3AsAACUMAABtDAAArwwAAO0MAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAEIwBnZCNsswAAHQAGAAA2gAAASoAA AP39AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAQAAQEC7QwAAO4MAAAoDQAA Vw0AAFgNAACcDQAAwA0AAMENAAD2DQAA9w0AAAgOAAAJDgAANw4AADgOAABBDgAAQg4AAIoOAADT DgAAGQ8AAFoPAACfDwAA5A8AABUQAAAWEAAAFxAAABgQAABhEAAAYxAAAKwQAACtEAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAABCMAZ2QjbLMAAB2tEAAArhAAAMAQAADB EAAAChEAAFMRAACcEQAA5REAAC4SAAB3EgAAwBIAAAkTAABSEwAAmxMAAOQTAAAtFAAAdhQAAL8U AAAIFQAAURUAAFIVAABTFQAAVBUAAFUVAABWFQAAVxUAAFgVAABZFQAAWhUAAFsVAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAEIwBnZCNsswAAHVsVAABcFQAAXRUAAF4V AABfFQAAYBUAAGEVAABiFQAAYxUAAGQVAABlFQAAZhUAAGcVAABoFQAAaRUAAGoVAABrFQAAbBUA AG0VAABuFQAAbxUAAHAVAABxFQAAchUAALsVAAC9FQAABhYAAAcWAAAIFgAAGRYAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAAAAAAAAQjAGdkI2yzAAAdGRYAABoWAABYFgAAnRYA AOUWAAArFwAAbxcAALMXAADGFwAAxxcAAAsYAAAmGAAAJxgAAG0YAAC2GAAA0xgAANQYAAAcGQAA RxkAAEgZAACMGQAAzRkAAM4ZAAARGgAAVhoAAJgaAADeGgAAIhsAACMbAABkGwAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAABCMAZ2QjbLMAAB1kGwAAqxsAALcbAAC4GwAA +xsAAEAcAACFHAAAzRwAAAwdAABQHQAAlx0AAN4dAAAaHgAAGx4AAF8eAACjHgAA6R4AAC0fAAAu HwAALx8AADAfAAAxHwAAeR8AAHofAADDHwAAxB8AAMUfAAANIAAAUiAAAJQgAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAEIwBnZCNsswAAHZQgAADaIAAAHyEAAF8hAABv IQAAcCEAALchAAD+IQAARSIAAI0iAADWIgAABSMAAAYjAAAHIwAAGiMAABsjAABhIwAAoyMAAOsj AAAxJAAAYiQAAGMkAACiJAAA2iQAANskAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQjAGdkI2yzAAAY2yQAABklAAAbJQAAHCUAALQA AAAAAAAAAAAAAABiAAAAAAAAAAAAAAAAXQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQj AGdkI2yzAFIjAEMkAUXGgAAAAQBk3KGmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZ2RDBLgAb8YHAQEAZNyhpmQmAQ+EaAFehGgB SyMACiYAC0YTAEMkAUXGgAAAAQBk3KGmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZ2RDBLgAAAMcJQAAWSUAAFslAABcJQAAtAAA AAAAAAAAAAAAAGIAAAAAAAAAAAAAAABdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABCMA Z2QjbLMAUiMAQyQBRcaAAAABAGfcoaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnZEMEuABvxgcBAQBn3KGmZCYBD4RoAV6EaAFL IwAKJgALRhMAQyQBRcaAAAABAGfcoaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnZEMEuAAAA4AlAACBJQAAjSUAAI4lAAAOJgAA HyYAACAmAAAjJgAAQCYAAE0mAABOJgAATyYAAOkmAADqJgAADCcAAA0nAACHJwAAkycAAJgnAADh JwAAKSgAACooAAAEMQAABTEAAEQxAABFMQAARjEAAEcxAAC4MQAA9e7k2tDaxtrG2rmvpZuF7m/u Xu5v7m/ub1RN7gAAAAAAAAAAAAAMFWgjbLMAFmhJUHwAABMBCIEESAEABWiG3KGmFmg8Aj0AIRVo QwS4ABZoPAI9AInKBwEBAGPcoaaDKgFtSAwEc0gMBCsACIEVaCNsswAWaDwCPQAXaElQfABjSAEA ZGgAAAAAZGgAAAAAZGiG3KGmKwAIgRVoI2yzABZoQwS4ABdoXBByAGNIAQBkaAAAAABkaAAAAABk aG/doaYTAQiBBEgBAAVob92hphZoXBByABMBCIEESAEABWhp3KGmFmhcEHIAEwEIgQRIAQAFaG7d oaYWaFwQcgAZAQiBBEgBAAVoadyhphVoI2yzABZoQwS4ABMBCIEESAEABWhr3KGmFmhVKqMAEwEI gQRIAQAFaGrcoaYWaFUqowATAQiBBEgBAAVoadyhphZoQwS4ABMBCIEESAEABWhp3KGmFmg8Aj0A DBVoI2yzABZoPAI9AAATAQiBBEgBAAVohtyhphZoSVB8AAAcXCUAAI4lAACPJQAAtAAAAAAAAAAA AAAAAGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEcjAEMkAUXGgAAAAQBp3KGmAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZ2RDBLgASyMA CiYAC0YTAEMkAUXGgAAAAQBp3KGmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZ2RDBLgAAAKPJQAADCcAAA4nAAAPJwAAUCcAAIgn AACJJwAAiicAAIsnAACMJwAArQAAAAAAAAAAAAAAAFsAAAAAAAAAAAAAAABWAAAAAAAAAAAAAAAA VgAAAAAAAAAAAAAAAFYAAAAAAAAAAAAAAABWAAAAAAAAAAAAAAAAVgAAAAAAAAAAAAAAAFYAAAAA AAAAAAAAAABWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQjAGdkI2yzAFIjAEMkAUXGgAAA AQBv3aGmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAZ2RDBLgAb8YHAQEAadyhpmQmAQ+EaAFehGgBUiMAQyQBRcaAAAABAGncoaYA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAABnZEMEuABvxgcBAQBp3KGmZCYBD4RoAV6EaAEACYwnAACNJwAAjicAAI8nAACQJwAAkScA AJInAACTJwAAlCcAAJUnAACWJwAAlycAAJgnAADgJwAA4ScAACooAAArKAAALCgAAEQoAABdKAAA fSgAAMUoAAANKQAAVSkAAJ0pAADlKQAALSoAAHUqAAC9KgAABSsAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAAAAAAAAQjAGdkI2yzAAAdBSsAAE0rAACaKwAA6CsAADYsAACELAAA 0iwAACAtAABuLQAAvC0AAAouAABYLgAApi4AAPQuAABCLwAAkC8AAN4vAAAsMAAAeTAAAL8wAAAF MQAABjEAAEUxAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAABCMAZ2QjbLMAABZFMQAARjEAAEcxAACMMQAAuTEAALoxAAC7 MQAAAzIAAEwyAACCMgAAgzIAAMYyAAALMwAAtwAAAAAAAAAAAAAAALIAAAAAAAAAAAAAAACyAAAA AAAAAAAAAAAAsgAAAAAAAAAAAAAAAGoAAAAAAAAAAAAAAACyAAAAAAAAAAAAAAAAsgAAAAAAAAAA AAAAALIAAAAAAAAAAAAAAACyAAAAAAAAAAAAAAAAsgAAAAAAAAAAAAAAALIAAAAAAAAAAAAAAACy AAAAAAAAAAAAAAAAAAAAAABHIwBDJAFFxoAAAAEAh9yhpgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGdkI2yzAAAEIwBnZCNsswAA RyMAQyQBRcaAAAABAIbcoaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnZCNsswAADLgxAAC5MQAAujEAALsxAACBMgAAgjIAAFwz AABdMwAApDMAAGo0AABrNAAAbjQAAG80AABwNAAAcTQAALk0AAC6NAAAvDQAAL00AAC+NAAABzUA AAg1AADUNQAA1TUAAAg2AAD/NgAA9e7Y0bvRsaedh3HR9WrR9WBqu9G70VZMQgAAABMBCIEESAEA BWhv3KGmFmhVKqMAEwEIgQRIAQAFaG7coaYWaFUqowATAQiBBEgBAAVobtyhphZoPAI9ABMBCIEE SAEABWiH3KGmFmgXHVwADBVoI2yzABZoFx1cAAArAAiBFWgjbLMAFmg8Aj0AF2hVKqMAY0gBAGRo AAAAAGRoAAAAAGRobtyhpisACIEVaCNsswAWaFUqowAXaFUqowBjSAEAZGgAAAAAZGgAAAAAZGhu 3KGmEwEIgQRIAQAFaG3coaYWaFUqowATAQiBBEgBAAVobNyhphZoVSqjABMBCIEESAEABWhs3KGm Fmg8Aj0AKwAIgRVoI2yzABZoPAI9ABdoFx1cAGNIAQBkaAAAAABkaAAAAABkaIfcoaYMFWgjbLMA Fmg8Aj0AACsACIEVaCNsswAWaDwCPQAXaElQfABjSAEAZGgAAAAAZGgAAAAAZGiG3KGmDBVoI2yz ABZoSVB8AAATAQiBBEgBAAVoh9yhphZoPAI9AAAZCzMAAFAzAABdMwAAazQAAGw0AABtNAAAbjQA AG80AABwNAAAcTQAALo0AAC7NAAAvDQAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAAsgAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AABqAAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAABqAAAAAAAAAAAAAAAAagAA AAAAAAAAAAAAAAAAAAAARyMAQyQBRcaAAAABAIfcoaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnZCNsswAARyMAQyQBRcaAAAAB AGzcoaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAABnZCNsswAABCMAZ2QjbLMAAAy8NAAAvTQAAL80AAAINQAACTUAAAo1AABTNQAA mDUAANU1AAATNwAAFDcAAFs3AACVNwAAtwAAAAAAAAAAAAAAALIAAAAAAAAAAAAAAACyAAAAAAAA AAAAAAAAsgAAAAAAAAAAAAAAALIAAAAAAAAAAAAAAACyAAAAAAAAAAAAAAAAsgAAAAAAAAAAAAAA ALIAAAAAAAAAAAAAAABqAAAAAAAAAAAAAAAAsgAAAAAAAAAAAAAAALIAAAAAAAAAAAAAAACyAAAA AAAAAAAAAAAAAAAAAABHIwBDJAFFxoAAAAEAbtyhpgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGdkI2yzAAAEIwBnZCNsswAARyMA QyQBRcaAAAABAIfcoaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAABnZCNsswAADP82AAASNwAAEzcAAGI3AABjNwAAFDgAABU4AABB OAAAQjgAAEM4AACjOAAApDgAAPo4AAD7OAAAUDkAAIk5AADJOgAANTsAADc7AAA4OwAATTsAAFw7 AAC7OwAAvDsAAL07AAC+OwAA7jsAAO87AAAnPAAA9e7n4+ff59/Y59/nwue4rqSakJqGkH50Z+dV 5wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIwNqAAAAABZoYAliADBKEwBPSgMAUEoAAFFKAwBV CAFeSgMAGQEIgQRIAQAFaITcoaYVaCNsswAWaElQfAATAQiBBEgBAAVohdyhphZoSVB8AA8ACIEW aDwCPQAXaElQfAATAQiBBEgBAAVog9yhphZoSVB8ABMBCIEESAEABWiE3KGmFmhJUHwAEwEIgQRI AQAFaILcoaYWaElQfAATAQiBBEgBAAVogtyhphZoPAI9ABMBCIEESAEABWiB3KGmFmg8Aj0AEwEI gQRIAQAFaIDcoaYWaDwCPQArAAiBFWgjbLMAFmg8Aj0AF2gXHVwAY0gBAGRoAAAAAGRoAAAAAGRo iNyhpgwVaCNsswAWaBcdXAAABhZoPAI9AAAGFmgXHVwAAAwVaCNsswAWaDwCPQAADBVoI2yzABZo VSqjAAATAQiBBEgBAAVocNyhphZoVSqjAAAclTcAAJY3AADbNwAAFTgAABY4AABCOAAAQzgAAIo4 AACkOAAApTgAAOg4AAD7OAAA/DgAAD45AABROQAAiDoAAIk6AAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAALIAAAAAAAAA AAAAAACyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARyMAQyQBRcaAAAABAIHc oaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAABnZCNsswAABCMAZ2QjbLMAABCJOgAAvDsAAL07AAC+OwAAvzsAAAg8AAAoPAAAKTwA ACo8AAByPAAAtDwAAMw8AADNPAAAtwAAAAAAAAAAAAAAALcAAAAAAAAAAAAAAABvAAAAAAAAAAAA AAAAagAAAAAAAAAAAAAAAGoAAAAAAAAAAAAAAABqAAAAAAAAAAAAAAAAbwAAAAAAAAAAAAAAAGoA AAAAAAAAAAAAAABqAAAAAAAAAAAAAAAAagAAAAAAAAAAAAAAAGoAAAAAAAAAAAAAAAC3AAAAAAAA AAAAAAAAAAAAAAAEIwBnZCNsswAARyMAQyQBRcaAAAABAITcoaYAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnZCNsswAARyMAQyQB RcaAAAABAIXcoaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAABnZCNsswAADCc8AAAoPAAAKTwAACo8AADLPAAAzDwAAM08AADOPAAA KT0AACo9AAArPQAAMT0AADI9AAA1PQAAOj0AAEU9AABiPQAAcT0AALA9AADKPQAAQj4AAEM+AABE PgAART4AAMg+AADJPgAAyj4AAMs+AAANPwAADj8AAOnf2NG7sdjRqZySiH6IfnRqYFZMYLHY0bux 2NG7AAAAEwEIgQRIAQAFaC/doaYWaEVoywATAQiBBEgBAAVoLt2hphZoRWjLABMBCIEESAEABWgt 3aGmFmhFaMsAEwEIgQRIAQAFaJjcoaYWaHsOFQATAQiBBEgBAAVok9yhphZoew4VABMBCIEESAEA BWiT3KGmFmhgCWIAEwEIgQRIAQAFaG3doaYWaFwQcgATAQiBBEgBAAVojdyhphZoYAliABkBCIEE SAEABWiN3KGmFWgjbLMAFmhgCWIADwAIgRZoPAI9ABdoYAliABMBCIEESAEABWiF3KGmFmg8Aj0A KwAIgRVoI2yzABZoPAI9ABdoSVB8AGNIAQBkaAAAAABkaAAAAABkaIXcoaYMFWgjbLMAFmg8Aj0A AAwVaCNsswAWaElQfAAAEwEIgQRIAQAFaITcoaYWaDwCPQArAAiBFWgjbLMAFmg8Aj0AF2hJUHwA Y0gBAGRoAAAAAGRoAAAAAGRohNyhpgAdzTwAAM48AAAWPQAAKj0AACs9AABEPgAART4AAIY+AADJ PgAAyj4AAMs+AAAOPwAADz8AAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAAsgAAAAAAAAAAAAAA AGoAAAAAAAAAAAAAAACyAAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAAsgAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAAAAAAAARyMAQyQBRcaAAAABAI3coaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnZCNsswAARyMAQyQBRcaAAAABAIXcoaYA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAABnZCNsswAABCMAZ2QjbLMAAAwPPwAAVz8AAGs/AAC6QAAAu0AAAANBAAAQQQAAEUEAAFlB AACaQQAAm0EAALFCAACyQgAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAACyAAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAAagAAAAAAAAAAAAAAAGoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAAAAAAAABHIwBDJAFFxoAAAAEAntyhpgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGdkI2yzAABHIwBDJAFFxoAAAAEAmdyhpgAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAGdkI2yzAAAEIwBnZCNsswAADA4/AABqPwAAaz8AAJc/AAC5QAAAukAAAJlBAACaQQAAHUIA AB5CAAAuQgAAMEIAALBCAACxQgAAskIAALhCAAABQwAAL0YAADBGAABpRgAA/UYAAABIAAB1SAAA +e/l29T5zMK4wq6kl4H5cPlmXFJIPgAAAAAAAAAAAAATAQiBBEgBAAVoNN2hphZoRWjLABMBCIEE SAEABWgz3aGmFmhFaMsAEwEIgQRIAQAFaDLdoaYWaEVoywATAQiBBEgBAAVoMd2hphZoRWjLABMB CIEESAEABWgx3aGmFmg8Aj0AIRVoQwS4ABZoPAI9AInKBwEBAGPcoaaDKgFtSAwEc0gMBCsACIEV aCNsswAWaDwCPQAXaHsOFQBjSAEAZGgAAAAAZGgAAAAAZGid3KGmGQEIgQRIAQAFaJ7coaYVaCNs swAWaB0a2QATAQiBBEgBAAVoMN2hphZoRWjLABMBCIEESAEABWgs3aGmFmhFaMsAEwEIgQRIAQAF aCvdoaYWaEVoywATAQiBBEgBAAVontyhphZoHRrZAA8ACIEWaDwCPQAXaB0a2QAMFWgjbLMAFmh7 DhUAABMBCIEESAEABWia3KGmFmh7DhUAEwEIgQRIAQAFaJncoaYWaHsOFQATAQiBBEgBAAVomdyh phZoPAI9AAwVaCNsswAWaDwCPQAWskIAALNCAAC0QgAAtUIAALZCAAC3QgAAuEIAAABDAAABQwAA SkMAAEtDAABMQwAAkkMAANNDAADUQwAAGEQAAF9EAACmRAAA7EQAAC5FAAA7RQAAPEUAAHxFAAC2 RQAAt0UAAP9FAAAwRgAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAABCMAZ2QjbLMAABowRgAAdkgAAHdIAAC+SAAA0kgAANNIAAAVSQAAFkkAAFZJAAD6 SQAA+0kAACVKAAAmSgAAtwAAAAAAAAAAAAAAALIAAAAAAAAAAAAAAACyAAAAAAAAAAAAAAAAsgAA AAAAAAAAAAAAALIAAAAAAAAAAAAAAACyAAAAAAAAAAAAAAAAsgAAAAAAAAAAAAAAALIAAAAAAAAA AAAAAABqAAAAAAAAAAAAAAAAsgAAAAAAAAAAAAAAALIAAAAAAAAAAAAAAACyAAAAAAAAAAAAAAAA AAAAAABHIwBDJAFFxoAAAAEANN2hpgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGdkI2yzAAAEIwBnZCNsswAARyMAQyQBRcaAAAAB ADHdoaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAABnZCNsswAADHVIAAB2SAAAVUkAAFZJAACWSQAAmEkAAPlJAAD6SQAANU8AAH5P AADNUgAAzlIAANxTAACyVAAAtlQAAMVUAADGVAAAKlcAACtXAACWVwAAl1cAAHhZAAB5WQAAf1kA ANRZAADVWQAA1lkAANdZAAD58uje1N7N8rzystSonJKL8oF3cPJmXFJw8kgAAAAAABMBCIEESAEA BWh53aGmFmg8Aj0AEwEIgQRIAQAFaHfdoaYWaHY5ZQATAQiBBEgBAAVodN2hphZodjllABMBCIEE SAEABWh03aGmFmg8Aj0ADBVoI2yzABZodjllAAATAQiBBEgBAAVodt2hphZodjllABMBCIEESAEA BWh23aGmFmg8Aj0ADBVodjllABZodjllAAATAQiBBEgBAAVoct2hphZodjllABYBCIEESAEABWhy 3aGmFmh2OWUANQiBABMBCIEESAEABWhx3aGmFmh2OWUAEwEIgQRIAQAFaHDdoaYWaDwCPQAhFWhD BLgAFmg8Aj0AicoHAQEAY9yhpoMqAW1IDARzSAwEDBVoI2yzABZo51HLAAATAQiBBEgBAAVocN2h phZodjllABMBCIEESAEABWg03aGmFmjnUcsAEwEIgQRIAQAFaDTdoaYWaDwCPQAMFWgjbLMAFmg8 Aj0AAAwVaCNsswAWaEVoywAbJkoAAG9KAACySgAA+UoAAD5LAAB/SwAAtksAALdLAAD0SwAAO0wA AIBMAADGTAAA+EwAAPlMAABITQAAl00AAOZNAAAoTgAAaU4AAGpOAACkTgAApU4AAOtOAAAyTwAA M08AADRPAAA1TwAAfU8AAH5PAADHTwAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAAAAAAABCMAZ2QjbLMAAB3HTwAAyE8AAMlPAADfTwAA4E8AACxQAAB4UAAAxFAAAARRAABPUQAA UFEAAIdRAACIUQAAiVEAAM1RAAASUgAAU1IAAJdSAADOUgAAxlQAAMdUAAD6AAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAACyAAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABHIwBDJAFFxoAAAAEAcN2hpgAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGdk I2yzAAAEIwBnZCNsswAAFMdUAADzVAAA9FQAADxVAACDVQAAx1UAAA1WAABQVgAAmFYAAN1WAAAi VwAAK1cAAJdXAACYVwAAtlcAALdXAAD/VwAARlgAAI1YAADRWAAAGFkAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAAsgAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEcjAEMkAUXGgAAAAQB23aGmAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZ2Qj bLMAAAQjAGdkI2yzAAAUGFkAAGBZAAB5WQAA1VkAANZZAADXWQAA2FkAANlZAADaWQAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAACyAAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAGoAAAAAAAAAAAAA AABqAAAAAAAAAAAAAAAAagAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA RyMAQyQBRcaAAAABAHndoaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnZCNsswAARyMAQyQBRcaAAAABAHTdoaYAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnZCNs swAABCMAZ2QjbLMAAAjXWQAA2VkAANpZAADeWQAAAFoAAAFaAAAPWwAANVsAAGtbAABsWwAAbVsA AABdAAABXQAABF0AAE1dAACWXQAAmF0AAJtdAADzYwAAPGQAAGNrAACsawAAqXMAAPJzAACXdgAA 13YAADR3AAB9dwAANYAAAPXu1s/Fu7Gnse7Pkc+Az5Fqz4DPgM+Az1lIgM8hFWhDBLgAFmg8Aj0A icoHAQEAY9yhpoMqAW1IFgRzSBYEIRVoQwS4ABZoPAI9AInKBwEBAGPcoaaDKgFtSAooc0gKKCsA CIEVaCNsswAWaDwCPQAXaPUbOQBjSAEAZGgAAAAAZGgAAAAAZGh43aGmIRVoQwS4ABZoPAI9AInK BwEBAGPcoaaDKgFtSAwEc0gMBCsACIEVaCNsswAWaDwCPQAXaPUbOQBjSAEAZGgAAAAAZGgAAAAA ZGh53aGmEwEIgQRIAQAFaIDdoaYWaHUQMgATAQiBBEgBAAVoe92hphZodRAyABMBCIEESAEABWh6 3aGmFmh1EDIAEwEIgQRIAQAFaHndoaYWaDwCPQAMFWgjbLMAFmg8Aj0AAC8ACIEVaCNsswAWaDwC PQAXaHUQMgBjSAEAZGgAAAAAZGgAAAAAZGh53aGmZ0gGAAwVaCNsswAWaHUQMgAAEwEIgQRIAQAF aHndoaYWaHUQMgAAHNpZAAABWgAAAloAAG1bAABuWwAAslsAAPVbAAA9XAAAg1wAAMRcAAABXQAA tAAAAAAAAAAAAAAAAGIAAAAAAAAAAAAAAABiAAAAAAAAAAAAAAAAXQAAAAAAAAAAAAAAAF0AAAAA AAAAAAAAAABdAAAAAAAAAAAAAAAAXQAAAAAAAAAAAAAAAF0AAAAAAAAAAAAAAABdAAAAAAAAAAAA AAAAXQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEIwBnZCNsswBSIwBDJAFFxoAAAAEAet2hpgAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAGdkdRAyAG/GBwEBAHrdoaZkJgEPhGgBXoRoAUsjAAomAAtGEwBDJAFFxoAAAAEAed2hpgAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAGdkdRAyAAAKAV0AAAJdAAADXQAABF0AAExdAABNXQAAll0AAJddAACYXQAAsl0AALNdAADa XQAA210AACJeAABoXgAArl4AAMteAADMXgAA714AAPBeAAAUXwAAFV8AAF5fAABfXwAAhV8AAIZf AACtXwAArl8AAPRfAAD1XwAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAA BCMAZ2QjbLMAAB31XwAAGGAAABlgAAA/YAAAQGAAAINgAACaYAAAm2AAAMRgAADFYAAAB2EAAE9h AACUYQAArGEAAK1hAADyYQAAFmIAABdiAABaYgAAomIAAOdiAAAEYwAABWMAAEhjAACIYwAArmMA AK9jAADwYwAA8WMAAPJjAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAE IwBnZCNsswAAHfJjAADzYwAAO2QAADxkAACFZAAAhmQAAIdkAADNZAAAFGUAACllAAAqZQAAcWUA AIRlAACFZQAAqGUAAKllAADNZQAAzmUAABNmAAAcZgAAHWYAAEBmAABBZgAAiWYAAIpmAACxZgAA smYAANlmAADaZgAAAmcAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAAAAAAAAQj AGdkI2yzAAAdAmcAAANnAAAEZwAAFGcAABVnAABeZwAAo2cAAOZnAAAvaAAAb2gAALVoAAD8aAAA J2kAAChpAABraQAAsGkAAO9pAAA0agAAdGoAAHVqAAB2agAAkmoAAJNqAADVagAAGGsAAGBrAABh awAAYmsAAGNrAACrawAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAABCMA Z2QjbLMAAB2rawAArGsAAPVrAAD2awAA92sAADxsAACFbAAAyGwAAP5sAAD/bAAAQm0AAIltAADO bQAAEW4AAFRuAACcbgAA224AAB5vAABlbwAAqm8AAOBvAADhbwAA4m8AAPpvAAD7bwAAQHAAAIdw AADOcAAAFXEAACBxAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAEIwBn ZCNsswAAHSBxAAAhcQAAInEAADFxAAAycQAATXEAAE5xAACVcQAArnEAAK9xAAD2cQAAJnIAACdy AABocgAAonIAAKNyAADAcgAAwXIAANJyAAAScwAAUHMAAFFzAABicwAApnMAAKdzAACocwAAqXMA APFzAADycwAAO3QAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAAAAAAAAQjAGdk I2yzAAAdO3QAADx0AAA9dAAAZHQAAGV0AAB0dAAAunQAAON0AADkdAAAJHUAAD11AAA+dQAAP3UA AEB1AABBdQAAQnUAAEN1AABEdQAARXUAAEZ1AABHdQAASHUAAEl1AABKdQAAS3UAAEx1AABNdQAA TnUAAE91AABQdQAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAABCMAZ2Qj bLMAAB1QdQAAUXUAAFJ1AABTdQAAVHUAAFV1AABWdQAAV3UAAFh1AABZdQAAWnUAAFt1AABcdQAA XXUAAF51AABfdQAAYHUAAGF1AABidQAAY3UAAGR1AABldQAAZnUAAGd1AABodQAAsXUAALN1AAD8 dQAA/XUAAP51AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAEIwBnZCNs swAAHf51AAARdgAAEnYAACR2AAA3dgAAUnYAAGp2AABwdgAAcXYAAJJ2AACTdgAAlHYAAKR2AAC4 dgAA1HYAAOt2AADwdgAA8XYAABN3AAAUdwAAFXcAABZ3AAAXdwAAGHcAABl3AAAadwAAG3cAABx3 AAAddwAAHncAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAAAAAAAAQjAGdkI2yz AAAdHncAAB93AAAgdwAAIXcAACJ3AAAjdwAAJHcAACV3AAAmdwAAJ3cAACh3AAApdwAAKncAACt3 AAAsdwAALXcAAC53AAAvdwAAMHcAADF3AAAydwAAM3cAADR3AAB8dwAAfXcAAMZ3AADHdwAAyHcA AOh3AADpdwAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAABCMAZ2QjbLMA AB3pdwAALngAAHd4AAC+eAAABHkAAEp5AACTeQAA13kAAPZ5AAD3eQAAOXoAAH16AADGegAAAnsA AEt7AABnewAAaHsAAK97AADzewAAOXwAAHp8AACQfAAAkXwAAJJ8AACpfAAAqnwAAPN8AAA8fQAA gn0AAMl9AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAEIwBnZCNsswAA Hcl9AAAKfgAATH4AAJJ+AACTfgAAlH4AAKh+AACpfgAA8X4AADZ/AAB7fwAAfH8AAH1/AACMfwAA jX8AANF/AADmfwAA538AAOh/AADpfwAA6n8AADOAAAA1gAAANoAAAEmAAABKgAAAS4AAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+AAAAAAAAAAAAAAAAPYAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAARQAAAQjAGdkI2yzAAAa NYAAADaAAAA3gAAAR4AAAEiAAABJgAAASoAAAEuAAAD88u7n7uP8AAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYW aHUQMgAADAlqBABK8BZo9Rs5AAAGFmj1GzkAABMDagAAAAAWaPUbOQAwShMAVQgBBhZoI2yzAAcy ADGQaAE6cCNsswAfsNAvILDgPSGwJwUisCcFI5CgBSSQoAUlsAAAF7DQAhiw0AIMkNACAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIYC OwASAAEAnAAPAAQAAAAFAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAEQAAEDx/wIARAAMAAAAqyfiAAAABgBOAG8AcgBtAGEAbAAAAAIA AAAcAENKGABQSgUAX0gBBGFKGABtSAkEc0gJBHRICQRaAAFAAQACAFoADAAPAKsn4gAAAAkASABl AGEAZABpAG4AZwAgADEAAAAQAAEABiQBE6TwABSkPABAJgAeADUIgUNKIABLSCAAT0oCAFFKAgBc CIFeSgIAYUogAFwAAkABAAIAXAAMAAAAqyfiAAAACQBIAGUAYQBkAGkAbgBnACAAMgAAABAAAgAG JAETpPAAFKQ8AEAmASAANQiBNgiBQ0ocAE9KAgBRSgIAXAiBXQiBXkoCAGFKHAB4AANAAQACAHgA DAAAAKsn4gAAAAkASABlAGEAZABpAG4AZwAgADMAAAAxAAMABiQBCiYCC0YSAA3GBwHQAgFoAQYP hGgBEYSY/hOk8AAUpDwAQCYCXoRoAWCEmP4AGgA1CIFDShoAT0oCAFFKAgBcCIFeSgIAYUoaAGwA BEABAAIAbAAMAAAAqyfiAAAACQBIAGUAYQBkAGkAbgBnACAANAAAADEABAAGJAEKJgMLRhIADcYH AWADAWgBBg+EaAERhJj+E6TwABSkPABAJgNehGgBYISY/gAOADUIgUNKHABcCIFhShwAbgAFQAEA AgBuAAwAAACrJ+IAAAAJAEgAZQBhAGQAaQBuAGcAIAA1AAAALgAFAAomBAtGEgANxgcB8AMBaAEG D4RoARGEmP4TpPAAFKQ8AEAmBF6EaAFghJj+FAA1CIE2CIFDShoAXAiBXQiBYUoaAGgABkABAAIA aAAMAAAAqyfiAAAACQBIAGUAYQBkAGkAbgBnACAANgAAAC4ABgAKJgULRhIADcYHAYAEAWgBBg+E aAERhJj+E6TwABSkPABAJgVehGgBYISY/g4ANQiBQ0oWAFwIgWFKFgBaAAdAAQACAFoADAAAAKsn 4gAAAAkASABlAGEAZABpAG4AZwAgADcAAAAuAAcACiYGC0YSAA3GBwEQBQFoAQYPhGgBEYSY/hOk 8AAUpDwAQCYGXoRoAWCEmP4AAGAACEABAAIAYAAMAAAAqyfiAAAACQBIAGUAYQBkAGkAbgBnACAA OAAAAC4ACAAKJgcLRhIADcYHAaAFAWgBBg+EaAERhJj+E6TwABSkPABAJgdehGgBYISY/gYANgiB XQiBbgAJQAEAAgBuAAwAAACrJ+IAAAAJAEgAZQBhAGQAaQBuAGcAIAA5AAAALgAJAAomCAtGEgAN xgcBMAYBaAEGD4RoARGEmP4TpPAAFKQ8AEAmCF6EaAFghJj+FABDShYAT0oCAFFKAgBeSgIAYUoW AEQAQUDy/6EARAAMAQAAqyfiAAAAFgBEAGUAZgBhAHUAbAB0ACAAUABhAHIAYQBnAHIAYQBwAGgA IABGAG8AbgB0AAAAAABSAGkA8/+zAFIADAEAAAAAAAAAAAwAVABhAGIAbABlACAATgBvAHIAbQBh AGwAAAAcABf2AwAANNYGAAEKA2wANNYGAAEFAwAAYfYDAAACAAsAAAAoAGsA9P/BACgAAAEAAKsn 4gAAAAcATgBvACAATABpAHMAdAAAAAIADAAAAAAAXgD+T6IA8QBeAAwAAQBjd/YAAAAKACAAQwBo AGEAcgAgAEMAaABhAHIAAAAyADUIAUNKIABLSCAAT0oCAFBKBQBRSgIAXAgBXkoCAF9IAQRhSiAA bUgJBHNICQR0SAkESACZQAEAAgFIAAwBAABjd/YAAAAMAEIAYQBsAGwAbwBvAG4AIABUAGUAeAB0 AAAAAgAQABQAQ0oQAE9KBgBRSgYAXkoGAGFKEAAwAv5PogARATACDAASAGN39gAAAPUAQwBhAHAA dABpAG8AbgAgAEMAaABhAHIAMQAgAEMAaABhAHIAMQAsAEMAYQBwAHQAaQBvAG4AIABDAGgAYQBy ACAAQwBoAGEAcgAgAEMAaABhAHIAMQAsAEMAYQBwAHQAaQBvAG4AIABDAGgAYQByADEAIABDAGgA YQByACAAQwBoAGEAcgAsAEMAYQBwAHQAaQBvAG4AIABDAGgAYQByADIAIABDAGgAYQByACwAQwBh AHAAdABpAG8AbgAgAEMAaABhAHIAIABDAGgAYQByACAAQwBoAGEAcgAgAEMAaABhAHIALABDAGEA cAB0AGkAbwBuACAAQwBoAGEAcgAgAEMAaABhAHIAMQAgAEMAaABhAHIALABDAGEAcAB0AGkAbwBu ACAAQwBoAGEAcgAgAEMAaABhAHIAMgAsAEMAYQBwAHQAaQBvAG4AIABDAGgAYQByADMAIABDAGgA YQByACAAQwBoAGEAcgAsAEMAYQBwAHQAaQBvAG4AIABDAGgAYQByADEAIABDAGgAYQByADEAIABD AGgAYQByACAAQwBoAGEAcgAsAEMAYQBwAHQAaQBvAG4AIABDAGgAYQByACAAQwBoAGEAcgAgAEMA aABhAHIAMQAgAEMAaABhAHIAIABDAGgAYQByAAAALgA1CAFDShgAT0oHAFBKBQBRSgcAXAgBXkoH AF9IAQRhShgAbUgJBHNICQR0SAkEOAIiQAEAAgA4AgwBEQBjd/YAAAD8AEMAYQBwAHQAaQBvAG4A LABDAGEAcAB0AGkAbwBuACAAQwBoAGEAcgAxACwAQwBhAHAAdABpAG8AbgAgAEMAaABhAHIAIABD AGgAYQByACwAQwBhAHAAdABpAG8AbgAgAEMAaABhAHIAMQAgAEMAaABhAHIALABDAGEAcAB0AGkA bwBuACAAQwBoAGEAcgAyACwAQwBhAHAAdABpAG8AbgAgAEMAaABhAHIAIABDAGgAYQByACAAQwBo AGEAcgAsAEMAYQBwAHQAaQBvAG4AIABDAGgAYQByACAAQwBoAGEAcgAxACwAQwBhAHAAdABpAG8A bgAgAEMAaABhAHIALABDAGEAcAB0AGkAbwBuACAAQwBoAGEAcgAzACAAQwBoAGEAcgAsAEMAYQBw AHQAaQBvAG4AIABDAGgAYQByADEAIABDAGgAYQByADEAIABDAGgAYQByACwAQwBhAHAAdABpAG8A bgAgAEMAaABhAHIAIABDAGgAYQByACAAQwBoAGEAcgAxACAAQwBoAGEAcgAsAEMAYQBwAHQAaQBv AG4AIABDAGgAYQByADIAIABDAGgAYQByACAAQwBoAGEAcgAsAEMAYQBwAHQAaQBvAG4AIABDAGgA YQByACAAQwBoAGEAcgAxACAAQwBoAGEAcgAgAEMAaABhAAAAEwASAAMkAQYkAROkkAEUpMgAYSQB ABIANQiBT0oHAFFKBwBcCIFeSgcAQgAnQKIAMQFCAAwBAABjd/YAAAARAEMAbwBtAG0AZQBuAHQA IABSAGUAZgBlAHIAZQBuAGMAZQAAAAgAQ0oQAGFKEABQAB5AAQBCAVAADAEAAGN39gAAAAwAQwBv AG0AbQBlAG4AdAAgAFQAZQB4AHQAAAAFABQAMSQAABgAQ0oUAE9KAwBQSgAAUUoDAF5KAwBhShQA VABqQEEBQgFUAAwBAABjd/YAAAAPAEMAbwBtAG0AZQBuAHQAIABTAHUAYgBqAGUAYwB0AAAABQAV ADEkAQAWADUIgU9KAABQSgUAUUoAAFwIgV5KAAA+ACoAogBhAT4ADAEAAKsn4gAAABEARQBuAGQA bgBvAHQAZQAgAFIAZQBmAGUAcgBlAG4AYwBlAAAAAwBIKgAAmgD+TwEAcgGaAAwALgBjd/YAAAAN AFIARgBDACAAVABlAHgAdAAgAEMAaABhAHIAAABaABcADcZHABewAWADEAXABnAIIArQC4ANMA/g EJASQBTwFaAXUBkAG7AcYB4QIMAhcCMgJdAmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhLABEmQQ /wAAXoSwAQwAT0oIAFFKCABeSggAZgArQNECggFmAAwBAACrJ+IAAAAdAEUAbgBkAG4AbwB0AGUA IABUAGUAeAB0ACwAUgBGAEMAIABFAG4AZABuAG8AdABlACAAVABlAHgAdAAAABIAGAAPhGADEYRQ /l6EYANghFD+AABGAFZAogCRAUYADAAAAKsn4gAAABEARgBvAGwAbABvAHcAZQBkAEgAeQBwAGUA cgBsAGkAbgBrAAAADAA+KgFCKgxwaIAAgABGACBAAQCiAUYADAAAAKsn4gAAAAYARgBvAG8AdABl AHIAAAATABoADcYIAAKwE2AnAQISZBD/AAAADABPSggAUUoIAF5KCABAACYAogCxAUAADAEAAKsn 4gAAABIARgBvAG8AdABuAG8AdABlACAAUgBlAGYAZQByAGUAbgBjAGUAAAADAEgqAQA+AB1AAQDC AT4ADAEAAKsn4gAAAA0ARgBvAG8AdABuAG8AdABlACAAVABlAHgAdAAAAAIAHAAIAENKFABhShQA KAD+T/L/0QEoAAwAAABjd/YAAAAIAEgALwBGAC0AQgBvAGwAZAAAAAAARgAfQAEA4gFGAAwAAACr J+IAAAAGAEgAZQBhAGQAZQByAAAAEwAeAA3GCAACsBNgJwECEmQQ/wAAAAwAT0oIAFFKCABeSggA jABlQAEA8gGMAAwAAABjd/YAAAARAEgAVABNAEwAIABQAHIAZQBmAG8AcgBtAGEAdAB0AGUAZAAA ADcAHwANxjIAEJQDKAe8ClAO5BF4FQwZoBw0IMgjXCfwKoQuGDKsNUA5AAAAAAAAAAAAAAAAAAAA AAAYAENKFABPSggAUEoAAFFKCABeSggAYUoUADYAVUCiAAECNgAMAAAAqyfiAAAACQBIAHkAcABl AHIAbABpAG4AawAAAAwAPioBQioCcGgAAP8ATAD+TwEAEgJMAAwAAABjd/YAAAAIAEkAbgAgAHQA YQBiAGwAZQAAABYAIQADJAEFJAEGJAETpHgAFKR4AGEkAQwAQ0oUAFBKAABhShQALgApQKIAIQIu AAwAAACrJ+IAAAALAFAAYQBnAGUAIABOAHUAbQBiAGUAcgAAAAAARABaQAEAMgJEAAwAAACrJ+IA AAAKAFAAbABhAGkAbgAgAFQAZQB4AHQAAAACACMAFABDShQAT0oIAFFKCABeSggAYUoUAFgA/k8B AEICWAAMACUAY3f2AAAAEQBQAGwAYQBpAG4AIABUAGUAeAB0ACAAMgAgAEMAaABhAHIAAAAQACQA D4RgAxJk1P4AAF6EYAMMAE9KCABRSggAXkoIAGwA/k+iAFECbAAMACQAY3f2AAAAFgBQAGwAYQBp AG4AIABUAGUAeAB0ACAAMgAgAEMAaABhAHIAIABDAGgAYQByAAAAKABDShgAT0oIAFBKBQBRSggA XkoIAF9IAQRhShgAbUgJBHNICQR0SAkEhAD+T9ECYgKEAA0AAACrJ+IAAAAIAFIARgBDACAARABh AHQAZQAAAFUAJgADJAIKJgELRhIADcYzF7ABYAMQBcAGcAggCtALgA0wD+AQkBJAFPAVoBdQGQAb sBxgHhAgwCFwIyAl0CYBaAEGD4RoARGEmP5ehGgBYISY/mEkAgAEAFBKCQBgAP5P0QJyAmAABQAA AKsn4gAAABQAUgBGAEMAIABIAGUAYQBkAGkAbgBnACAALQAgAE4AbwAgAFQATwBDAAAAEgAnAA3G BQABcycKD4QAAF6EAAALAG1IAARuSAAEdQgBAHwA/k8RAIICfAAMACkAqyfiAAAADABSAEYAQwAg AEgAZQBhAGQAaQBuAGcAMQAAAC8AKAAKJgALRhIADcYFAAFoAQYPhGgBEYSY/hJkEP8AABOkAAAU pAAAXoRoAWCEmP4AGgA1CIFDShgAT0oIAFFKCABcCIFeSggAYUoYAE4A/k/yAJECTgAMACgAY3f2 AAAAEQBSAEYAQwAgAEgAZQBhAGQAaQBuAGcAMQAgAEMAaABhAHIAAAAUAENKGABPSggAUUoIAF5K CABhShgAQgD+T4ECcgFCAAwAKwBjd/YAAAARAFIARgBDACAASABlAGEAZABpAG4AZwAyACAAQwBo AGEAcgAAAAUAKgBAJgEAAABEAP5PkgKxAkQADAAqAGN39gAAABYAUgBGAEMAIABIAGUAYQBkAGkA bgBnADIAIABDAGgAYQByACAAQwBoAGEAcgAAAAAAOAD+T6ECMgI4AAwAAABjd/YAAAAMAFIARgBD ACAASABlAGEAZABpAG4AZwAzAAAABQAsAEAmAgAAAJAA/k8BANICkAAMAC8AqyfiAAAACABSAEYA QwAgAFQAZQB4AHQAAABaAC0ADcZHABewAWADEAXABnAIIArQC4ANMA/gEJASQBTwFaAXUBkAG7Ac YB4QIMAhcCMgJdAmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhLABEmQQ/wAAXoSwAQwAT0oIAFFK CABeSggAZAD+T6IA4QJkAAwAFwBjd/YAAAASAFIARgBDACAAVABlAHgAdAAgAEMAaABhAHIAIABD AGgAYQByAAAAKABDShgAT0oIAFBKBQBRSggAXkoIAF9IAQRhShgAbUgJBHNICQR0SAkEXAD+T6IA 8QJcAAwALQBjd/YAAAAOAFIARgBDACAAVABlAHgAdAAgAEMAaABhAHIAMQAAACgAQ0oYAE9KCABQ SgUAUUoIAF5KCABfSAEEYUoYAG1ICQRzSAkEdEgJBHoAmgCzAAMDegAMAAAAY3f2AAAACgBUAGEA YgBsAGUAIABHAHIAaQBkAAAAPAA6VjAAE9YwAAAA/wQBAAAAAAD/BAEAAAAAAP8EAQAAAAAA/wQB AAAAAAD/BAEAAAAAAP8EAQAAYfYAAAAFADAAMSQAAAgAUEoAAF9IAQRoABNA0QICAGgABQEAAKsn 4gAAAAUAVABPAEMAIAAxAAAAOAAxAA3GMxewAWADEAXABnAIIArQC4ANMA/gEJASQBTwFaAXUBkA G7AcYB4QIMAhcCMgJdAmAWAnCgsAbUgABG5IAAR1CAEAZAAUQNECAgBkAA0BAACrJ+IAAAAFAFQA TwBDACAAMgAAAEAAMgANxjMXsAFgAxAFwAZwCCAK0AuADTAP4BCQEkAU8BWgF1AZABuwHGAeECDA IXAjICXQJgFgJwoPhGADXoRgAwAANgAVQNECAgA2AA0BAACrJ+IAAAAFAFQATwBDACAAMwAAAAoA MwAPhAAAXoQAAAgAbkgSBHRIEgQuABZAAQACAC4ADQEAAKsn4gAAAAUAVABPAEMAIAA0AAAACgA0 AA+E0AJehNACAAAuABdAAQACAC4ADQEAAKsn4gAAAAUAVABPAEMAIAA1AAAACgA1AA+EwANehMAD AAAuABhAAQACAC4ADQEAAKsn4gAAAAUAVABPAEMAIAA2AAAACgA2AA+EsARehLAEAAAuABlAAQAC AC4ADQEAAKsn4gAAAAUAVABPAEMAIAA3AAAACgA3AA+EoAVehKAFAAAuABpAAQACAC4ADQEAAKsn 4gAAAAUAVABPAEMAIAA4AAAACgA4AA+EkAZehJAGAAAuABtAAQACAC4ADQEAAKsn4gAAAAUAVABP AEMAIAA5AAAACgA5AA+EgAdehIAHAAA+AP5PgQLSAj4ADAAAAKsn4gAAAAwAUgBGAEMAIABIAGUA YQBkAGkAbgBnADIAAAAMADoACiYAC0YAAEAmAQAAEABOAGEAbgBjAHkAIABDAGEAbQAtAFcAaQBu AGcAZQB0AO4zAABLeAAAAwBOAEMAVwAAAAAAAAAAAAAAAAAAAAAAAAAv4YQHjdyhpgAAAAAAAAAA AAAAAAAAAAAAABMAAAAWAAAAAAAAAEt4AAAHAADkAAAEAP////8AAAAAAQAAAAIAAAADAAAATAAA AJUAAADeAAAAJwEAAHABAABxAQAAcgEAAKMBAADYAQAA2QEAAO0BAADuAQAANAIAAHkCAAC/AgAA AwMAAAQDAABJAwAAjQMAANADAADbAwAA3AMAACUEAABtBAAArwQAAO0EAADuBAAAKAUAAFcFAABY BQAAnAUAAMAFAADBBQAA9gUAAPcFAAAIBgAACQYAADcGAAA4BgAAQQYAAEIGAACKBgAA0wYAABkH AABaBwAAnwcAAOQHAAAVCAAAFggAABcIAAAYCAAAYQgAAGMIAACsCAAArQgAAK4IAADACAAAwQgA AAoJAABTCQAAnAkAAOUJAAAuCgAAdwoAAMAKAAAJCwAAUgsAAJsLAADkCwAALQwAAHYMAAC/DAAA CA0AAFENAABSDQAAUw0AAFQNAABVDQAAVg0AAFcNAABYDQAAWQ0AAFoNAABbDQAAXA0AAF0NAABe DQAAXw0AAGANAABhDQAAYg0AAGMNAABkDQAAZQ0AAGYNAABnDQAAaA0AAGkNAABqDQAAaw0AAGwN AABtDQAAbg0AAG8NAABwDQAAcQ0AAHINAAC7DQAAvQ0AAAYOAAAHDgAACA4AABkOAAAaDgAAWA4A AJ0OAADlDgAAKw8AAG8PAACzDwAAxg8AAMcPAAALEAAAJhAAACcQAABtEAAAthAAANMQAADUEAAA HBEAAEcRAABIEQAAjBEAAM0RAADOEQAAERIAAFYSAACYEgAA3hIAACITAAAjEwAAZBMAAKsTAAC3 EwAAuBMAAPsTAABAFAAAhRQAAM0UAAAMFQAAUBUAAJcVAADeFQAAGhYAABsWAABfFgAAoxYAAOkW AAAtFwAALhcAAC8XAAAwFwAAMRcAAHkXAAB6FwAAwxcAAMQXAADFFwAADRgAAFIYAACUGAAA2hgA AB8ZAABfGQAAbxkAAHAZAAC3GQAA/hkAAEUaAACNGgAA1hoAAAUbAAAGGwAABxsAABobAAAbGwAA YRsAAKMbAADrGwAAMRwAAGIcAABjHAAAohwAANocAADbHAAAGR0AABsdAAAcHQAAWR0AAFsdAABc HQAAjh0AAI8dAAAMHwAADh8AAA8fAABQHwAAiB8AAIkfAACKHwAAix8AAIwfAACNHwAAjh8AAI8f AACQHwAAkR8AAJIfAACTHwAAlB8AAJUfAACWHwAAlx8AAJgfAADgHwAA4R8AACogAAArIAAALCAA AEQgAABdIAAAfSAAAMUgAAANIQAAVSEAAJ0hAADlIQAALSIAAHUiAAC9IgAABSMAAE0jAACaIwAA 6CMAADYkAACEJAAA0iQAACAlAABuJQAAvCUAAAomAABYJgAApiYAAPQmAABCJwAAkCcAAN4nAAAs KAAAeSgAAL8oAAAFKQAABikAAEUpAABGKQAARykAAIwpAAC5KQAAuikAALspAAADKgAATCoAAIIq AACDKgAAxioAAAsrAABQKwAAXSsAAGssAABsLAAAbSwAAG4sAABvLAAAcCwAAHEsAAC6LAAAuywA ALwsAAC9LAAAvywAAAgtAAAJLQAACi0AAFMtAACYLQAA1S0AABMvAAAULwAAWy8AAJUvAACWLwAA 2y8AABUwAAAWMAAAQjAAAEMwAACKMAAApDAAAKUwAADoMAAA+zAAAPwwAAA+MQAAUTEAAIgyAACJ MgAAvDMAAL0zAAC+MwAAvzMAAAg0AAAoNAAAKTQAACo0AAByNAAAtDQAAMw0AADNNAAAzjQAABY1 AAAqNQAAKzUAAEQ2AABFNgAAhjYAAMk2AADKNgAAyzYAAA43AAAPNwAAVzcAAGs3AAC6OAAAuzgA AAM5AAAQOQAAETkAAFk5AACaOQAAmzkAALE6AACyOgAAszoAALQ6AAC1OgAAtjoAALc6AAC4OgAA ADsAAAE7AABKOwAASzsAAEw7AACSOwAA0zsAANQ7AAAYPAAAXzwAAKY8AADsPAAALj0AADs9AAA8 PQAAfD0AALY9AAC3PQAA/z0AADA+AAB2QAAAd0AAAL5AAADSQAAA00AAABVBAAAWQQAAVkEAAPpB AAD7QQAAJUIAACZCAABvQgAAskIAAPlCAAA+QwAAf0MAALZDAAC3QwAA9EMAADtEAACARAAAxkQA APhEAAD5RAAASEUAAJdFAADmRQAAKEYAAGlGAABqRgAApEYAAKVGAADrRgAAMkcAADNHAAA0RwAA NUcAAH1HAAB+RwAAx0cAAMhHAADJRwAA30cAAOBHAAAsSAAAeEgAAMRIAAAESQAAT0kAAFBJAACH SQAAiEkAAIlJAADNSQAAEkoAAFNKAACXSgAAzkoAAMZMAADHTAAA80wAAPRMAAA8TQAAg00AAMdN AAANTgAAUE4AAJhOAADdTgAAIk8AACtPAACXTwAAmE8AALZPAAC3TwAA/08AAEZQAACNUAAA0VAA ABhRAABgUQAAeVEAANVRAADWUQAA11EAANhRAADZUQAA2lEAAAFSAAACUgAAbVMAAG5TAACyUwAA 9VMAAD1UAACDVAAAxFQAAAFVAAACVQAAA1UAAARVAABMVQAATVUAAJZVAACXVQAAmFUAALJVAACz VQAA2lUAANtVAAAiVgAAaFYAAK5WAADLVgAAzFYAAO9WAADwVgAAFFcAABVXAABeVwAAX1cAAIVX AACGVwAArVcAAK5XAAD0VwAA9VcAABhYAAAZWAAAP1gAAEBYAACDWAAAmlgAAJtYAADEWAAAxVgA AAdZAABPWQAAlFkAAKxZAACtWQAA8lkAABZaAAAXWgAAWloAAKJaAADnWgAABFsAAAVbAABIWwAA iFsAAK5bAACvWwAA8FsAAPFbAADyWwAA81sAADtcAAA8XAAAhVwAAIZcAACHXAAAzVwAABRdAAAp XQAAKl0AAHFdAACEXQAAhV0AAKhdAACpXQAAzV0AAM5dAAATXgAAHF4AAB1eAABAXgAAQV4AAIle AACKXgAAsV4AALJeAADZXgAA2l4AAAJfAAADXwAABF8AABRfAAAVXwAAXl8AAKNfAADmXwAAL2AA AG9gAAC1YAAA/GAAACdhAAAoYQAAa2EAALBhAADvYQAANGIAAHRiAAB1YgAAdmIAAJJiAACTYgAA 1WIAABhjAABgYwAAYWMAAGJjAABjYwAAq2MAAKxjAAD1YwAA9mMAAPdjAAA8ZAAAhWQAAMhkAAD+ ZAAA/2QAAEJlAACJZQAAzmUAABFmAABUZgAAnGYAANtmAAAeZwAAZWcAAKpnAADgZwAA4WcAAOJn AAD6ZwAA+2cAAEBoAACHaAAAzmgAABVpAAAgaQAAIWkAACJpAAAxaQAAMmkAAE1pAABOaQAAlWkA AK5pAACvaQAA9mkAACZqAAAnagAAaGoAAKJqAACjagAAwGoAAMFqAADSagAAEmsAAFBrAABRawAA YmsAAKZrAACnawAAqGsAAKlrAADxawAA8msAADtsAAA8bAAAPWwAAGRsAABlbAAAdGwAALpsAADj bAAA5GwAACRtAAA9bQAAPm0AAD9tAABAbQAAQW0AAEJtAABDbQAARG0AAEVtAABGbQAAR20AAEht AABJbQAASm0AAEttAABMbQAATW0AAE5tAABPbQAAUG0AAFFtAABSbQAAU20AAFRtAABVbQAAVm0A AFdtAABYbQAAWW0AAFptAABbbQAAXG0AAF1tAABebQAAX20AAGBtAABhbQAAYm0AAGNtAABkbQAA ZW0AAGZtAABnbQAAaG0AALFtAACzbQAA/G0AAP1tAAD+bQAAEW4AABJuAAAkbgAAN24AAFJuAABq bgAAcG4AAHFuAACSbgAAk24AAJRuAACkbgAAuG4AANRuAADrbgAA8G4AAPFuAAATbwAAFG8AABVv AAAWbwAAF28AABhvAAAZbwAAGm8AABtvAAAcbwAAHW8AAB5vAAAfbwAAIG8AACFvAAAibwAAI28A ACRvAAAlbwAAJm8AACdvAAAobwAAKW8AACpvAAArbwAALG8AAC1vAAAubwAAL28AADBvAAAxbwAA Mm8AADNvAAA0bwAAfG8AAH1vAADGbwAAx28AAMhvAADobwAA6W8AAC5wAAB3cAAAvnAAAARxAABK cQAAk3EAANdxAAD2cQAA93EAADlyAAB9cgAAxnIAAAJzAABLcwAAZ3MAAGhzAACvcwAA83MAADl0 AAB6dAAAkHQAAJF0AACSdAAAqXQAAKp0AADzdAAAPHUAAIJ1AADJdQAACnYAAEx2AACSdgAAk3YA AJR2AACodgAAqXYAAPF2AAA2dwAAe3cAAHx3AAB9dwAAjHcAAI13AADRdwAA5ncAAOd3AADodwAA 6XcAAOp3AAAzeAAANXgAADZ4AABJeAAATHgAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA gACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJiAEyAjMAAAAAAAAACA AAAAgAAAAAAAAAAAEACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAgAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAACAAJiAEyAjMAEAAAAAAACAAAAAgAAAAAAAAAAAEACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJiAEyAjMAIAAAAAAACAAAAA gAAAAAAAAAAAEACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAABAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAACACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIgAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAiACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAIgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAiACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAiACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AIgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA gACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACQAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA EACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACI AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAiACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIgA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAEACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAQAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAEACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAABAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAEACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAACACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAEACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAABAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAQAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAACACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAABAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAIAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAkACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAEACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA ABAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACQ AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAgA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAABAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAIAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAEACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAABAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAABAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAEACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAEACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAABAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAEACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAEACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAABAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYgBMgIzAD AAAAAAAAgAAAAIAAAAAAAAAAABAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAQAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAAGYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAgAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAZgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAHmIADAAMAAAAAAAAAEA AAAAAAAAAAAAAAAAgAGYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAACAGYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAABmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAeYgAMAAwAAAAAAAAAQAAAAAAAAAAAAAAAACAAZgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAAB5iAAwADAAAAAAAAAB AAAAAAAAAAAAAAAAAIABmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAHmIADAAMAAAAAAAAAEAAAAAAAAAAAAAAAAAgAGYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAkAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAAAAAAAAADAAAAAAAAAAAAAAAAAAAAAA AAAAAIABmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAHmIADAAMAAAAAAAAAEAAAAAAAAAAAAA AAAAgAGYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAAB5iAAwADAAAAAAAAABAAAAAAAAAAAAAAAAAIABmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmkAAABQwAAAAAAAA AIAAAACAAAAAAAAAAAAABQoAAAAAMAAAAAAAAAAAAAAAAAYwEwAAAAAAAAcAAAAAAQAAAAIAAAAD AAAATAAAAJUAAADeAAAAJwEAAHABAABxAQAAcgEAAKMBAADYAQAA2QEAAO0BAADuAQAANAIAAHkC AAC/AgAAAwMAAAQDAABJAwAAjQMAANADAADbAwAA3AMAACUEAABtBAAArwQAAO0EAADuBAAAKAUA AFcFAABYBQAAnAUAAMAFAADBBQAA9gUAAPcFAAAIBgAACQYAADcGAAA4BgAAQQYAAEIGAACKBgAA 0wYAABkHAABaBwAAnwcAAOQHAAAVCAAAFggAABcIAAAYCAAAYQgAAGMIAACsCAAArQgAAK4IAADA CAAAwQgAAAoJAABTCQAAnAkAAOUJAAAuCgAAdwoAAMAKAAAJCwAAUgsAAJsLAADkCwAALQwAAHYM AAC/DAAACA0AAFENAABSDQAAUw0AAFQNAABVDQAAVg0AAFcNAABYDQAAWQ0AAFoNAABbDQAAXA0A AF0NAABeDQAAXw0AAGANAABhDQAAYg0AAGMNAABkDQAAZQ0AAGYNAABnDQAAaA0AAGkNAABqDQAA aw0AAGwNAABtDQAAbg0AAG8NAABwDQAAcQ0AAHINAAC7DQAAvQ0AAAYOAAAHDgAACA4AABkOAAAa DgAAWA4AAJ0OAADlDgAAKw8AAG8PAACzDwAAxg8AAMcPAAALEAAAJhAAACcQAABtEAAAthAAANMQ AADUEAAAHBEAAEcRAABIEQAAjBEAAM0RAADOEQAAERIAAFYSAACYEgAA3hIAACITAAAjEwAAZBMA AKsTAAC3EwAAuBMAAPsTAABAFAAAhRQAAM0UAAAMFQAAUBUAAJcVAADeFQAAGhYAABsWAABfFgAA oxYAAOkWAAAtFwAALhcAAC8XAAAwFwAAMRcAAHkXAAB6FwAAwxcAAMQXAADFFwAADRgAAFIYAACU GAAA2hgAAB8ZAABfGQAAbxkAAHAZAAC3GQAA/hkAAEUaAACNGgAA1hoAAAUbAAAGGwAABxsAABob AAAbGwAAYRsAAKMbAADrGwAAMRwAAGIcAABjHAAAohwAANocAADbHAAAGR0AABsdAAAcHQAAWR0A AFsdAABcHQAAjh0AAI8dAAAMHwAADh8AAA8fAABQHwAAiB8AAIkfAACKHwAAix8AAIwfAACNHwAA jh8AAI8fAACQHwAAkR8AAJIfAACTHwAAlB8AAJUfAACWHwAAlx8AAJgfAADgHwAA4R8AACogAAAr IAAALCAAAEQgAABdIAAAfSAAAMUgAAANIQAAVSEAAJ0hAADlIQAALSIAAHUiAAC9IgAABSMAAE0j AACaIwAA6CMAADYkAACEJAAA0iQAACAlAABuJQAAvCUAAAomAABYJgAApiYAAPQmAABCJwAAkCcA AN4nAAAsKAAAeSgAAL8oAAAFKQAABikAAEUpAABGKQAARykAAIwpAAC5KQAAuikAALspAAADKgAA TCoAAIIqAACDKgAAxioAAAsrAABQKwAAXSsAAGssAABsLAAAbSwAAG4sAABvLAAAcCwAAHEsAAC6 LAAAuywAALwsAAC9LAAAvywAAAgtAAAJLQAACi0AAFMtAACYLQAA1S0AABMvAAAULwAAWy8AAJUv AACWLwAA2y8AABUwAAAWMAAAQjAAAEMwAACKMAAApDAAAKUwAADoMAAA+zAAAPwwAAA+MQAAUTEA AIgyAACJMgAAvDMAAL0zAAC+MwAAvzMAAAg0AAAoNAAAKTQAACo0AAByNAAAtDQAAMw0AADNNAAA zjQAABY1AAAqNQAAKzUAAEQ2AABFNgAAhjYAAMk2AADKNgAAyzYAAA43AAAPNwAAVzcAAGs3AAC6 OAAAuzgAAAM5AAAQOQAAETkAAFk5AACaOQAAmzkAALE6AACyOgAAszoAALQ6AAC1OgAAtjoAALc6 AAC4OgAAADsAAAE7AABKOwAASzsAAEw7AACSOwAA0zsAANQ7AAAYPAAAXzwAAKY8AADsPAAALj0A ADs9AAA8PQAAfD0AALY9AAC3PQAA/z0AADA+AAB2QAAAd0AAAL5AAADSQAAA00AAABVBAAAWQQAA VkEAAPpBAAD7QQAAJUIAACZCAABvQgAAskIAAPlCAAA+QwAAf0MAALZDAAC3QwAA9EMAADtEAACA RAAAxkQAAPhEAAD5RAAASEUAAJdFAADmRQAAKEYAAGlGAABqRgAApEYAAKVGAADrRgAAMkcAADNH AAA0RwAANUcAAH1HAAB+RwAAx0cAAMhHAADJRwAA30cAAOBHAAAsSAAAeEgAAMRIAAAESQAAT0kA AFBJAACHSQAAiEkAAIlJAADNSQAAEkoAAFNKAACXSgAAzkoAAMZMAADHTAAA80wAAPRMAAA8TQAA g00AAMdNAAANTgAAUE4AAJhOAADdTgAAIk8AACtPAACXTwAAmE8AALZPAAC3TwAA/08AAEZQAACN UAAA0VAAABhRAABgUQAAeVEAANVRAADWUQAA11EAANhRAADZUQAA2lEAAAFSAAACUgAAbVMAAD1U AACDVAAAxFQAAAFVAABMVQAATVUAAJZVAACXVQAAmFUAALJVAAA2eAAASXgAAEx4AACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA gACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA gACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA gACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAgACYgBMgIzAAAAAAAAAAgAAAAIAAAAAAAAAAAJAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYgBMgIzABAAAAAAAAgAAAAIAAAAAA AAAAAJAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAgACYgBMgIzACAAAAAAAAgAAAAIAAAAAAAAAAAJAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAkACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA gACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACI AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAiACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIgA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAiACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAiACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIgAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAiACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAiACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA kACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAkACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAJAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAiACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIgAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAJAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAkACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAJAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAACQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAA gAAAAIAAAAAoAAAAABAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIgAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAJAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAkACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAkACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA iACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAJAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAkACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAiACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAJAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAACQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAkACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACQAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAiACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAJAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAACQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAiACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAABAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAABAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACQAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAABAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAJAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAACQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAkACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAIAAmIATICMwAwAAAAAAAIAAAACAAAAAAAAAAACQAHmIADAaMQAAAAAAAAEA AAALAAAAAAAAAAAAkAF5iAAwGjEAAAAAAAABAAAACwAAAAAAAAAAAIAHeYgAMBoRAAAAAAAAAQAA AAsAAAAbAQAAQCTCB3mIADAaAQAAAAAAAAEAAAAKAAAAAAAAAAAAgAd5iAAwGgEAAAAAAAACAAAA CAAAAAAAAAAAAIAHeYgAMBoxAAAAAAAAAQAAAAYAAAAAAAAAAACIB3mIADAaMQAAAAAAAAEAAAAH AAAAGwEAAEAkwgd5iAAwGjEAAAAAAAABAAAABgAAAAAAAAAAAIAHecgAMBoxAAAAAAAAAQAAAAUA AAAAAAAAAACAB3mIADAaMQAAAAAAAAEAAAAEAAAAAAAAAAAAiAd5iAAwGjEAAAAAAAACAAAAAgAA AAAAAAAAAIgHmAAAAAAwAAAAAAAAAIAAAACAAAAAAAAAAAAAB5gAAAAAMAAAAAAAAACAAAAAgAAA AAAAAACAAAd5yAAwADAAAAAAAAABAAAAAAAAAAAAAAAAAAAHCAAAAAAwAAAAAAAAAAAAAAAABjAT AAAAAAAABwAGAACAJQAAuDEAAP82AAAnPAAADj8AAHVIAADXWQAANYAAAEuAAABBAAAATAAAAFIA AABVAAAAWAAAAFsAAABeAAAAYwAAAHEAAAAABgAA7QwAAK0QAABbFQAAGRYAAGQbAACUIAAA2yQA ABwlAABcJQAAjyUAAIwnAAAFKwAARTEAAAszAAC8NAAAlTcAAIk6AADNPAAADz8AALJCAAAwRgAA JkoAAMdPAADHVAAAGFkAANpZAAABXQAA9V8AAPJjAAACZwAAq2sAACBxAAA7dAAAUHUAAP51AAAe dwAA6XcAAMl9AABLgAAAQgAAAEQAAABFAAAARgAAAEcAAABIAAAASQAAAEoAAABLAAAATQAAAE4A AABPAAAAUAAAAFEAAABTAAAAVAAAAFYAAABXAAAAWQAAAFoAAABcAAAAXQAAAF8AAABgAAAAYQAA AGIAAABkAAAAZQAAAGYAAABnAAAAaAAAAGkAAABqAAAAawAAAGwAAABtAAAAbgAAAG8AAABwAAAA AAYAAEqAAABDAAAADwAA8DgAAAAAAAbwGAAAAAIIAAACAAAAAQAAAAEAAAABAAAAAgAAAEAAHvEQ AAAA//8AAAAA/wCAgIAA9wAAEAAPAALwkgAAABAACPAIAAAAAQAAAAEEAAAPAAPwMAAAAA8ABPAo AAAAAQAJ8BAAAAAAAAAAAAAAAAAAAAAAAAAAAgAK8AgAAAAABAAABQAAAA8ABPBCAAAAEgAK8AgA AAABBAAAAA4AAFMAC/AeAAAAvwEAABAAywEAAAAA/wEAAAgABAMJAAAAPwMBAAEAAAAR8AQAAAAB AAAA//8OAAAABgCD2RwKEQABACyvjAMGAITZHAoIAAEANB2DBQYAhdkcChEAAQC0Ro4DBgCG2RwK EQABABQwGAAGAIfZHAoRAAEAVDAYAAYAiNkcCggAAQD8Q4MFBgCJ2RwKCQABAKxEgwUGAIrZHAoI AAIAVFqBBQYAi9kcCggAAQDUrY8DBgCM2RwKEQABAPxNjwMGAI3ZHAoIAAEAhLWBBQYAjtkcCgkA AQDsWoEFBgCP2RwKCQABAKzYIgAGAJDZHAoRAAEAJGyPAyIpAAAiKQAAKCkAACopAAAwKQAArC4A AKwuAAA0bgAAWW4AAFluAABybgAAcm4AAH1uAACBbgAATHgAAAAAAAACAAEAAAACAAIAAAACAAMA AAADAAQAAAABAAUAAAACAAYAAAACAAcAAAABAAgAAAACAAkAAAACAAwAAAACAAoAAAACAAsAAAAC AA0AAAACACcpAAAtKQAALSkAAC8pAAA1KQAAsS4AALEuAABBbgAAb24AAG9uAAB7bgAAf24AAIZu AACGbgAATHgAAAAAAQABAAEAAgABAAMAAAAEAAAABQAAAAYAAAAHAAAACAAAAAkAAAALAAEADAAB AAoAAAANAAAACQAAAFYAAAANAAAAKoB1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTpz bWFydHRhZ3MFgHBsYWNlHYBodHRwOi8vd3d3LjVpYW50bGF2YWxhbXAuY29tL2gAAAAIAAAAKoB1 cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTpzbWFydHRhZ3MEgENpdHkwgGh0dHA6Ly93 d3cuNWlhbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOnNtYXJ0dGFncz0AAAAOAAAAKoB1cm46c2No ZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTpzbWFydHRhZ3MJgFBsYWNlTmFtZQCAPQAAAAwAAAAq gHVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOnNtYXJ0dGFncwmAUGxhY2VUeXBlAIA7 AAAABgAAACqAdXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6c21hcnR0YWdzB4BhZGRy ZXNzAIBWAAAABwAAACqAdXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6c21hcnR0YWdz CoBQZXJzb25OYW1lGIBodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20+AAAAAQAAACqAdXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6c21hcnR0YWdzCoBQb3N0YWxDb2RlAIA6AAAABQAAACqA dXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6c21hcnR0YWdzBoBTdHJlZXQAgGkAAAAC AAAAKoB1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTpzbWFydHRhZ3MFgFN0YXRlMIBo dHRwOi8vd3d3LjVpYW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTpzbWFydHRhZ3MMAAABqFedAgAA AAAOAAAAAAANAAAAAAAMAAAAAAAOAAAAAAAMAAAAAAANAAAAAAAIAAAAAAAHAAAAAAAGAAAAAAAF AAAAAAANAAAAAAAIAAAAAAACAAAAAAABAAAAAAD//wEACgAAAAABL+GEB//////sMwAAOHgAAAAA AADuMwAAOHgAAAAAAACFAAAAiwAAANUAAADdAAAASQQAAFIEAAAgCAAAKAgAADoIAAA+CAAABgoA AAkKAADfCgAA6AoAAHoNAACCDQAALg4AADMOAAChDgAApQ4AANUOAADYDgAAMhMAADkTAAA5FwAA QRcAAFMXAABXFwAAEB4AABUeAACgHwAAqB8AAE4+AABTPgAA8D8AAPY/AAB/QAAAhEAAAHBBAAB1 QQAAX0UAAGJFAABrRQAAbkUAAIBaAACMWgAAFVwAABlcAACFYwAAiWMAAMtrAADPawAA124AAOtu AADubgAA8G4AAPRuAAATbwAANngAAEx4AAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAc AAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwA BwAcAAcAHAAHABwABwAcAAcABQAHAAUABwAFAAcABwAAAAAAtwEAANcBAAA3AgAAQQIAAHwCAACA AgAAwgIAAMcCAABMAwAAgQMAAJADAACVAwAA0wMAANoDAAAoBAAAKwQAAHAEAAB0BAAAsgQAALoE AAAaBgAAHQYAAH4GAACJBgAAjQYAAJMGAADWBgAA4AYAABwHAAAfBwAAXQcAAGUHAACiBwAAqgcA AOcHAAAUCAAAWwkAAGUJAACoCQAAswkAAPEJAAD6CQAAfwoAAJAKAADICgAA2QoAADUMAABBDAAA fgwAAIwMAABbDgAAZg4AAKAOAADaDgAA6A4AAO4OAAByDwAAdw8AALYPAADFDwAADhAAABcQAAAq EAAANRAAAHMQAAB4EAAAvBAAAL4QAADXEAAA3hAAACIRAAAnEQAASxEAAFIRAAAUEgAAHBIAAJsS AACiEgAA4RIAAO0SAABnEwAAchMAAK4TAAC1EwAAuxMAAMYTAAABFAAAChQAAEYUAABLFAAAixQA AJgUAADTFAAA2xQAAFYVAABcFQAAnRUAAKAVAADkFQAA5xUAAB4WAAAqFgAAZRYAAG8WAACpFgAA tRYAAO8WAAD2FgAAEBgAABMYAABVGAAAWxgAAJcYAACfGAAA3RgAAOcYAAAiGQAAJhkAAGIZAABt GQAAuhkAAL4ZAAABGgAABRoAAEgaAABXGgAAkBoAAJ0aAADZGgAA4BoAAKYbAACxGwAANBwAADkc AAClHAAArxwAAFceAABbHgAAUx8AAFofAADgIgAA5CIAAN0jAADhIwAAKyQAAC8kAAB5JAAAfSQA AMckAADLJAAA3yQAAOMkAAAtJQAAMSUAAIklAACNJQAAJSYAACkmAABhJgAAZSYAAP0mAAABJwAA WycAAFwnAACPKQAAkykAAAYqAAAJKgAATyoAAF0qAADMKgAA1CoAABErAAAbKwAAWS0AAHUtAACe LQAApi0AAF4vAABnLwAA4S8AAOYvAACNMAAAlDAAAO4wAAD5MAAARDEAAE8xAAALNAAADTQAAHg0 AACDNAAAujQAAMs0AAAcNQAAIDUAAIk2AACTNgAAXTcAAGE3AADMOAAA0TgAAAY5AAAPOQAAXzkA AGY5AAACOgAABjoAAJg7AACfOwAAqjwAALQ8AADvPAAA9zwAAII9AACKPQAABT4AAAc+AABYPwAA XT8AAMFAAADKQAAA/kEAAAhCAAByQgAAdEIAALVCAAC8QgAA/EIAAP9CAABBQwAARUMAAIJDAACM QwAA90MAAAREAAA+RAAAQUQAAINEAACKRAAAyUQAAMxEAAAVRgAAJ0YAAMxHAADQRwAAN0kAAE5J AADQSQAA1kkAABVKAAAfSgAAVkoAAF5KAACaSgAAoUoAAMxMAADXTAAAP00AAEJNAACGTQAAjU0A ABBOAAAVTgAAU04AAFpOAACbTgAAn04AACVPAAApTwAAnU8AAKZPAAACUAAACVAAAElQAABTUAAA kFAAAJNQAADUUAAA21AAABtRAAAkUQAAY1EAAGVRAAC1UwAAwVMAAPhTAAD/UwAAQFQAAEJUAACG VAAAkVQAAMdUAADPVAAAm1UAAKlVAAC2VQAAx1UAALFWAAC0VgAAz1YAANVWAADzVgAA+VYAAGJX AABoVwAAiVcAAI9XAAD4VwAA/lcAABxYAAAiWAAAnlgAAK9YAAAKWQAAFVkAALBZAAC2WQAA+FkA APxZAAAaWgAAIFoAAGBaAAB4WgAAqFoAALJaAADtWgAAA1sAAAhbAAAOWwAATlsAAFpbAACOWwAA mVsAAIpcAACRXAAA0FwAANZcAACIXQAAjl0AAKxdAACyXQAAIF4AACZeAACNXgAAk14AALVeAAC7 XgAA3V4AAONeAACmXwAArl8AAOlfAADxXwAAMmAAADpgAAByYAAAe2AAALhgAADCYAAA/2AAAAdh AABuYQAAdWEAAPJhAAD8YQAAN2IAAD1iAAD6YwAAAGQAAD9kAABDZAAAiGQAAItkAADLZAAA0WQA AEVlAABMZQAAjGUAAJVlAADRZQAA2mUAAFdmAABfZgAAn2YAAKhmAADeZgAA62YAACFnAAAnZwAA rWcAALFnAABDaAAAS2gAANFoAADTaAAABGoAACVqAAAgawAAT2sAAPxuAAAQbwAAFG8AABVvAAAZ bwAAKG8AAHpwAACBcAAAwXAAAMVwAAAHcQAADHEAAE1xAABRcQAAlnEAAJhxAAA8cgAARnIAAIBy AACHcgAAyXIAAM1yAAAFcwAAEnMAALJzAAC8cwAA9nMAAPxzAABPdgAAkXYAALp2AAC9dgAA9HYA APZ2AAA5dwAAP3cAADZ4AABMeAAABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMA BwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAH ADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcA MwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAz AAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMA BwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAH ADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcA MwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAz AAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMA BwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAH ADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcA MwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAz AAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMA BwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAH ADMABwAzAAcAMwAHADMABwAzAAcAMwAHAAUABwAFAAcABQAHADMABwAzAAcAMwAHADMABwAzAAcA MwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHAAcAAAAAAAE7AABSOwAA2lEA AN5RAACbVQAAs1UAAP93AAA1eAAANngAAEh4AABMeAAABwAFAAcABQAHAAUABwAFAAcABQAHAAAA AAA2eAAATHgAAAcABwADADp33SCImMBy/w//D/8P/w//D/8P/w//D/8PEAC3D8Mz2AVItf8P/w// D/8P/w//D/8P/w//DxAA+HBfb1zN+JIoACYAAwAEAAUABgAHAAgACQAAAAEAAAAXAAAAAAAAAAAA AABoAQAAAAAAABUYAAAPhNACEYSY/hXGBQAB0AIGXoTQAmCEmP5PSgEAUUoBAG8oAIdoAAAAAIhI AAABALfwAQAAAASAAQAAAAAAAAAAAAAAAAAAAAAAChgAAA+EoAURhJj+FcYFAAGgBQZehKAFYISY /odoAAAAAIhIAAACAAEALgABAAAAAoIBAAAAAAAAAAAAAAAAAAAAAAAKGAAAD4RwCBGETP8VxgUA AXAIBl6EcAhghEz/h2gAAAAAiEgAAAIAAgAuAAEAAAAAgAEAAAAAAAAAAAAAAAAAAAAAAAoYAAAP hEALEYSY/hXGBQABQAsGXoRAC2CEmP6HaAAAAACISAAAAgADAC4AAQAAAASAAQAAAAAAAAAAAAAA AAAAAAAAChgAAA+EEA4RhJj+FcYFAAEQDgZehBAOYISY/odoAAAAAIhIAAACAAQALgABAAAAAoIB AAAAAAAAAAAAAAAAAAAAAAAKGAAAD4TgEBGETP8VxgUAAeAQBl6E4BBghEz/h2gAAAAAiEgAAAIA BQAuAAEAAAAAgAEAAAAAAAAAAAAAAAAAAAAAAAoYAAAPhLATEYSY/hXGBQABsBMGXoSwE2CEmP6H aAAAAACISAAAAgAGAC4AAQAAAASAAQAAAAAAAAAAAAAAAAAAAAAAChgAAA+EgBYRhJj+FcYFAAGA FgZehIAWYISY/odoAAAAAIhIAAACAAcALgABAAAAAoIBAAAAAAAAAAAAAAAAAAAAAAAKGAAAD4RQ GRGETP8VxgUAAVAZBl6EUBlghEz/h2gAAAAAiEgAAAIACAAuAAEAAAAAAAEAAAAAAAAAAAAAAAAA AAAAAAMYAAAPhEgDEYQg/hXGBQABSAMGXoRIA2CEIP5vKAACAAAALgABAAAABIABAAAAAAAAAAAA AAAAAAAAAAAKGAAAD4SgBRGEmP4VxgUAAaAFBl6EoAVghJj+h2gAAAAAiEgAAAIAAQAuAAEAAAAC ggEAAAAAAAAAAAAAAAAAAAAAAAoYAAAPhHAIEYRM/xXGBQABcAgGXoRwCGCETP+HaAAAAACISAAA AgACAC4AAQAAAACAAQAAAAAAAAAAAAAAAAAAAAAAChgAAA+EQAsRhJj+FcYFAAFACwZehEALYISY /odoAAAAAIhIAAACAAMALgABAAAABIABAAAAAAAAAAAAAAAAAAAAAAAKGAAAD4QQDhGEmP4VxgUA ARAOBl6EEA5ghJj+h2gAAAAAiEgAAAIABAAuAAEAAAACggEAAAAAAAAAAAAAAAAAAAAAAAoYAAAP hOAQEYRM/xXGBQAB4BAGXoTgEGCETP+HaAAAAACISAAAAgAFAC4AAQAAAACAAQAAAAAAAAAAAAAA AAAAAAAAChgAAA+EsBMRhJj+FcYFAAGwEwZehLATYISY/odoAAAAAIhIAAACAAYALgABAAAABIAB AAAAAAAAAAAAAAAAAAAAAAAKGAAAD4SAFhGEmP4VxgUAAYAWBl6EgBZghJj+h2gAAAAAiEgAAAIA BwAuAAEAAAACggEAAAAAAAAAAAAAAAAAAAAAAAoYAAAPhFAZEYRM/xXGBQABUBkGXoRQGWCETP+H aAAAAACISAAAAgAIAC4AAQAAAAAAAQAAAAAAAAAAAQAAAAAAAAAAAxAAAA+EsAERhFD+XoSwAWCE UP5vKAACAAAALgABAAAAAAABAwAAAAAAAAABAAAAAAAAAAADEAAAD4RAAhGEwP1ehEACYITA/W8o AAMAAAAuAAEAAQAAAAAAAQMFAAAAAAAAAAAAAAAAAAAAAxgAAA+E0AIRhDD9FcYFAAHQAgZehNAC YIQw/W8oAAUAAAAuAAEALgACAAEAAAAAAAEDBQcAAAAAAAAAAAAAAAAAAAMYAAAPhGADEYSg/BXG BQABYAMGXoRgA2CEoPxvKAAHAAAALgABAC4AAgAuAAMAAQAAAAAAAQMFBwkAAAAAAAAAAAAAAAAA AxgAAA+E8AMRhBD8FcYFAAHwAwZehPADYIQQ/G8oAAkAAAAuAAEALgACAC4AAwAuAAQAAQAAAAAA AQMFBwkLAAAAAAAAAAAAAAAAAxgAAA+EgAQRhID7FcYFAAGABAZehIAEYISA+28oAAsAAAAuAAEA LgACAC4AAwAuAAQALgAFAAEAAAAAAAEDBQcJCw0AAAAAAAAAAAAAAAMYAAAPhBAFEYTw+hXGBQAB EAUGXoQQBWCE8PpvKAANAAAALgABAC4AAgAuAAMALgAEAC4ABQAuAAYAAQAAAAAAAQMFBwkLDQ8A AAAAAAAAAAAAAxgAAA+EoAURhGD6FcYFAAGgBQZehKAFYIRg+m8oAA8AAAAuAAEALgACAC4AAwAu AAQALgAFAC4ABgAuAAcAAQAAAAAAAQMFBwkLDQ8RAAAAAAAAAAAAAxgAAA+EMAYRhND5FcYFAAEw BgZehDAGYITQ+W8oABEAAAAuAAEALgACAC4AAwAuAAQALgAFAC4ABgAuAAcALgAIABQAAAD4cF9v AAAAAAAAAAAAAAAA+HBfbwAAAAAAAAAAAAAAAPhwX28AAAAAAAAAAAAAAAD4cF9vAAAAAAAAAAAA AAAA+HBfbwAAAAAAAAAAAAAAAPhwX28AAAAAAAAAAAAAAAD4cF9vAAAAAAAAAAAAAAAA+HBfbwAA AAAAAAAAAAAAAPhwX28AAAAAAAAAAAAAAAD4cF9vAAAAAAAAAAAAAAAA+HBfbwAAAAAAAAAAAAAA APhwX28AAAAAAAAAAAAAAAD4cF9vAAAAAAAAAAAAAAAA+HBfbwAAAAAAAAAAAAAAAPhwX28AAAAA AAAAAAAAAAD4cF9vAAAAAAAAAAAAAAAA+HBfbwAAAAAAAAAAAAAAAPhwX28AAAAAAAAAAAAAAAC3 D8MzAAAAAAAAAAAAAAAAOnfdIAAAAAAAAAAAAAAHBv////////////////////////////////// //////////////////////////////////////////////////////////////////////////8D AAAAAAAAAAAA//8DAAAAEgABAAkEGQAJBBsACQQPAAkEGQAJBBsACQQPAAkEGQAJBBsACQQSAJIo ehIZAAkEGwAJBA8ACQQZAAkEGwAJBA8ACQQZAAkEGwAJBAAAFAAAAAQAAAAIAAAA5QAAAAAAAAAT AAAAew4VAHUQMgD1GzkAPAI9ABcdXAA2PF8AYAliAHY5ZQCzKWoAXBByAElQfABVKqMAdBKsACNs swBDBLgA51HLAEVoywAdGtkAqyfiAGN39gD/QAOAAQBrUwAAa1MAAJhaJwIBAAEAa1MAAAEAAABr UwAAAAAAAAIQAAAAAAAAAEt4AABwAAAQAEAAAP//AgAAAAcAVQBuAGsAbgBvAHcAbgAQAE4AYQBu AGMAeQAgAEMAYQBtAC0AVwBpAG4AZwBlAHQA//8CAAgAAAAAAAAAAAAAAAAAAAAAAAAAAQD//wIA AAAAAAAA//8AAAIA//8AAAAA//8AAAIA//8AAAAACgAAAEcWkAEAAAICBgMFBAUCAwSHegAgAAAA gAgAAAAAAAAA/wEAAAAAAABUAGkAbQBlAHMAIABOAGUAdwAgAFIAbwBtAGEAbgAAADUWkAECAAUF AQIBBwYCBQcAAAAAAAAAEAAAAAAAAAAAAAAAgAAAAABTAHkAbQBiAG8AbAAAADMmkAEAAAILBgQC AgICAgSHegAgAAAAgAgAAAAAAAAA/wEAAAAAAABBAHIAaQBhAGwAAAAzFpABAAACAgYDBQQFAgME h3oAIAAAAIAIAAAAAAAAAP8BAAAAAAAAVABpAG0AZQBzAAAAOwaQAQIABQAAAAAAAAAAAAAAAAAA AAAQAAAAAAAAAAAAAACAAAAAAFcAaQBuAGcAZABpAG4AZwBzAAAAOxaQAYEHAgMGAAABAQEBAa8C ALD7fNdpMAAAAAAAAACfAAgAAAAAAEIAYQB0AGEAbgBnAAAAFLzV0AAANSaQAQAAAgsGBAMFBAQC BId6ACEAAACACAAAAAAAAAD/AQEAAAAAAFQAYQBoAG8AbQBhAAAAOyaQAQAAAgsGBAICAgICBId6 ACAAAACACAAAAAAAAAD/AQAAAAAAAEgAZQBsAHYAZQB0AGkAYwBhAAAAPzWQAQAAAgcDCQICBQIE BId6ACAAAACACAAAAAAAAAD/AQAAAAAAAEMAbwB1AHIAaQBlAHIAIABOAGUAdwAAADsCkAGGBwIB BgADAQEBAQEBAAAAAAAOCBAAAAAAAAAAAAAEAAAAAABTAGkAbQBTAHUAbgAAAItbU08AACIABABx iIgYAPDQAgAAaAEAAAAAatyhpoHdoaYAAAAACgB9AAAA8REAAEVmAAABAD0AAAAEAAMQ2gAAAPER AABFZgAAAQA9AAAA2gAAAAAAAAAhAwDwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnBaAF tAC0AIGBMjQAABAAGQBkAAAAGQAAAPl3AAD5dwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAUyg1EA8BAACAADAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASFAAAAAAKPD/DwEAAT8AAAAAAADbHAAA////f////38A AAAA////f////3////9/NjxfAAAAAAAyAAAAAAAAAAAAAAAAAAEAAAD//xIAAAAAAAAAAAAAAAAA AAAQAE4AYQBuAGMAeQAgAEMAYQBtAC0AVwBpAG4AZwBlAHQAEABOAGEAbgBjAHkAIABDAGEAbQAt AFcAaQBuAGcAZQB0AAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAYAAAADAAAAAAAMAAEADAACAAwA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+ /wAABQACAAAAAAAAAAAAAAAAAAAAAAABAAAA4IWf8vlPaBCrkQgAKyez2TAAAACEAQAAEQAAAAEA AACQAAAAAgAAAJgAAAADAAAApAAAAAQAAACwAAAABQAAAMwAAAAGAAAA2AAAAAcAAADkAAAACAAA APgAAAAJAAAAFAEAABIAAAAgAQAACgAAAEABAAAMAAAATAEAAA0AAABYAQAADgAAAGQBAAAPAAAA bAEAABAAAAB0AQAAEwAAAHwBAAACAAAA5AQAAB4AAAAEAAAAAAAAAB4AAAAEAAAAAAAAAB4AAAAU AAAATmFuY3kgQ2FtLVdpbmdldAAAAAAeAAAABAAAAAAAAAAeAAAABAAAAAAAAAAeAAAADAAAAE5v cm1hbC5kb3QAAB4AAAAUAAAATmFuY3kgQ2FtLVdpbmdldAAAAAAeAAAABAAAADEwAAAeAAAAGAAA AE1pY3Jvc29mdCBPZmZpY2UgV29yZAAAAEAAAAAALll2EQAAAEAAAAAAZN4HrCPGAUAAAAAANm42 0CPGAQMAAAABAAAAAwAAAPERAAADAAAARWYAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/v8AAAUAAgAA AAAAAAAAAAAAAAAAAAAAAQAAAALVzdWcLhsQk5cIACss+a4wAAAA+AAAAAwAAAABAAAAaAAAAA8A AABwAAAABQAAAIwAAAAGAAAAlAAAABEAAACcAAAAFwAAAKQAAAALAAAArAAAABAAAAC0AAAAEwAA ALwAAAAWAAAAxAAAAA0AAADMAAAADAAAANkAAAACAAAA5AQAAB4AAAAUAAAAQ2lzY28gU3lzdGVt cywgSW5jLgADAAAA2gAAAAMAAAA9AAAAAwAAAPl3AAADAAAARxYLAAsAAAAAAAAACwAAAAAAAAAL AAAAAAAAAAsAAAAAAAAAHhAAAAEAAAABAAAAAAwQAAACAAAAHgAAAAYAAABUaXRsZQADAAAAAQAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAACAAAAAwAAAAQAAAAF AAAABgAAAAcAAAAIAAAACQAAAAoAAAALAAAADAAAAA0AAAAOAAAADwAAABAAAAARAAAAEgAAABMA AAAUAAAAFQAAABYAAAAXAAAAGAAAABkAAAAaAAAAGwAAABwAAAAdAAAAHgAAAB8AAAAgAAAAIQAA ACIAAAAjAAAAJAAAACUAAAAmAAAAJwAAACgAAAApAAAAKgAAACsAAAAsAAAALQAAAC4AAAAvAAAA MAAAADEAAAAyAAAAMwAAADQAAAA1AAAANgAAADcAAAA4AAAAOQAAADoAAAA7AAAAPAAAAD0AAAA+ AAAAPwAAAEAAAABBAAAAQgAAAEMAAABEAAAARQAAAEYAAABHAAAASAAAAEkAAABKAAAASwAAAEwA AABNAAAATgAAAE8AAABQAAAAUQAAAFIAAABTAAAAVAAAAFUAAABWAAAAVwAAAFgAAABZAAAAWgAA AFsAAABcAAAAXQAAAF4AAABfAAAAYAAAAGEAAABiAAAAYwAAAGQAAABlAAAAZgAAAGcAAABoAAAA aQAAAGoAAABrAAAAbAAAAG0AAABuAAAAbwAAAHAAAABxAAAAcgAAAP7///90AAAAdQAAAHYAAAB3 AAAAeAAAAHkAAAB6AAAAewAAAHwAAAB9AAAAfgAAAH8AAACAAAAAgQAAAIIAAACDAAAAhAAAAIUA AACGAAAAhwAAAIgAAACJAAAAigAAAIsAAACMAAAAjQAAAI4AAACPAAAAkAAAAJEAAACSAAAAkwAA AJQAAACVAAAAlgAAAJcAAACYAAAAmQAAAJoAAACbAAAAnAAAAJ0AAACeAAAAnwAAAKAAAAChAAAA ogAAAKMAAACkAAAApQAAAKYAAACnAAAAqAAAAKkAAACqAAAAqwAAAKwAAACtAAAArgAAAK8AAACw AAAAsQAAALIAAACzAAAAtAAAALUAAAC2AAAAtwAAALgAAAC5AAAAugAAALsAAAC8AAAAvQAAAL4A AAC/AAAAwAAAAMEAAADCAAAAwwAAAMQAAADFAAAAxgAAAMcAAADIAAAAyQAAAMoAAADLAAAAzAAA AM0AAADOAAAAzwAAANAAAADRAAAA0gAAANMAAADUAAAA1QAAANYAAADXAAAA2AAAANkAAADaAAAA 2wAAANwAAADdAAAA3gAAAN8AAADgAAAA4QAAAOIAAADjAAAA/v///+UAAADmAAAA5wAAAOgAAADp AAAA6gAAAOsAAAD+////7QAAAO4AAADvAAAA8AAAAPEAAADyAAAA8wAAAP7////9/////f////cA AAD+/////v////7///////////////////////////////////9SAG8AbwB0ACAARQBuAHQAcgB5 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFgAFAf////////// AwAAAAYJAgAAAAAAwAAAAAAAAEYAAAAAAAAAAAAAAADAEoBB0CPGAfkAAACAAAAAAAAAADEAVABh AGIAbABlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAOAAIB/////wUAAAD/////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcwAA AKvgAAAAAAAAVwBvAHIAZABEAG8AYwB1AG0AZQBuAHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAABoAAgEBAAAA//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAANOQAAAAAAAAFAFMAdQBtAG0AYQByAHkASQBuAGYAbwByAG0AYQB0AGkA bwBuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAACAQIAAAAEAAAA/////wAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOQAAAAAEAAAAAAAAAUARABvAGMAdQBtAGUAbgB0AFMA dQBtAG0AYQByAHkASQBuAGYAbwByAG0AYQB0AGkAbwBuAAAAAAAAAAAAAAA4AAIB//////////// ////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7AAAAAAQAAAAAAAAAQBDAG8A bQBwAE8AYgBqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ABIAAgD///////////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA cQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAP///////////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA////////////////AAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAP7///////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////8BAP7/AwoAAP////8GCQIAAAAAAMAA AAAAAABGHwAAAE1pY3Jvc29mdCBPZmZpY2UgV29yZCBEb2N1bWVudAAKAAAATVNXb3JkRG9jABAA AABXb3JkLkRvY3VtZW50LjgA9DmycQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFIAbwBvAHQAIABFAG4AdAByAHkAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWAAUB//////////8DAAAA BgkCAAAAAADAAAAAAAAARgAAAAAAAAAAAAAAAMBDHatgJMYB/wAAAMADAAAAAAAAMQBUAGEAYgBs AGUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4A AgH/////BQAAAP////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABzAAAAq+AA AAAAAABXAG8AcgBkAEQAbwBjAHUAbQBlAG4AdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAGgACAQEAAAD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAA05AAAAAAAAAUAUwB1AG0AbQBhAHIAeQBJAG4AZgBvAHIAbQBhAHQAaQBvAG4A AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAIBAgAAAAQAAAD/////AAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAA5AAAAAAQAAAAAAAAgQAAAIIAAACDAAAAhAAAAIUAAACGAAAA hwAAAIgAAACJAAAAigAAAIsAAACMAAAAjQAAAI4AAACPAAAAkAAAAJEAAACSAAAAkwAAAJQAAACV AAAAlgAAAJcAAACYAAAAmQAAAJoAAACbAAAAnAAAAJ0AAACeAAAAnwAAAKAAAAChAAAAogAAAKMA AACkAAAApQAAAKYAAACnAAAAqAAAAKkAAACqAAAAqwAAAKwAAACtAAAArgAAAK8AAACwAAAAsQAA ALIAAACzAAAAtAAAALUAAAC2AAAAtwAAALgAAAC5AAAAugAAALsAAAC8AAAAvQAAAL4AAAC/AAAA wAAAAMEAAADCAAAAwwAAAMQAAADFAAAAxgAAAMcAAADIAAAAyQAAAMoAAADLAAAAzAAAAM0AAADO AAAAzwAAANAAAADRAAAA0gAAANMAAADUAAAA1QAAANYAAADXAAAA2AAAANkAAADaAAAA2wAAANwA AADdAAAA3gAAAN8AAADgAAAA4QAAAOIAAADjAAAA/v///+UAAADmAAAA5wAAAOgAAADpAAAA6gAA AOsAAAD+///////////////////////////////////////////////9//////////////////// ///////////+AAAA/f////7////+/////v////0AAAABAAAA/v///wMAAAAEAAAABQAAAAYAAAAH AAAACAAAAAkAAAAKAAAACwAAAAwAAAANAAAADgAAAP7///////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////7QBAAAFAAAAAgAAABQAAABfAEEAZABIAG8A YwBSAGUAdgBpAGUAdwBDAHkAYwBsAGUASQBEAAAAAwAAABAAAABfAE4AZQB3AFIAZQB2AGkAZQB3 AEMAeQBjAGwAZQAAAAQAAAAOAAAAXwBFAG0AYQBpAGwAUwB1AGIAagBlAGMAdAAAAAUAAAANAAAA XwBBAHUAdABoAG8AcgBFAG0AYQBpAGwAAAAAAAYAAAAYAAAAXwBBAHUAdABoAG8AcgBFAG0AYQBp AGwARABpAHMAcABsAGEAeQBOAGEAbQBlAAAAAgAAALAEAAATAAAACQQAAAMAAAAdSdKkHwAAAAEA AAAAAAAAHwAAABoAAABbAEMAYQBwAHcAYQBwAF0AIABsAHcAYQBwAHAALQBkAHQAbABzACAAZQBk AGkAdABzAAAAHwAAABMAAABuAGMAYQBtAHcAaQBuAGcAQABjAGkAcwBjAG8ALgBjAG8AbQAAAAAA HwAAABgAAABOAGEAbgBjAHkAIABXAGkAbgBnAGUAdAAgACgAbgBjAGEAbQB3AGkAbgBnACkAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQBEAG8AYwB1AG0AZQBuAHQAUwB1AG0AbQBh AHIAeQBJAG4AZgBvAHIAbQBhAHQAaQBvAG4AAAAAAAAAAAAAADgAAgH///////////////8AAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAKAMAAAAAAAABAEMAbwBtAHAATwBi AGoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgACAP// /////////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABxAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAA////////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD///////////////8AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAP7/AwoAAP////8GCQIAAAAAAMAAAAAAAABG HwAAAE1pY3Jvc29mdCBPZmZpY2UgV29yZCBEb2N1bWVudAAKAAAATVNXb3JkRG9jABAAAABXb3Jk LkRvY3VtZW50LjgA9DmycQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7/AAAFAAIAAAAAAAAA AAAAAAAAAAAAAAIAAAAC1c3VnC4bEJOXCAArLPmuRAAAAAXVzdWcLhsQk5cIACss+a48AQAA+AAA AAwAAAABAAAAaAAAAA8AAABwAAAABQAAAIwAAAAGAAAAlAAAABEAAACcAAAAFwAAAKQAAAALAAAA rAAAABAAAAC0AAAAEwAAALwAAAAWAAAAxAAAAA0AAADMAAAADAAAANkAAAACAAAA5AQAAB4AAAAU AAAAQ2lzY28gU3lzdGVtcywgSW5jLgADAAAA2gAAAAMAAAA9AAAAAwAAAPl3AAADAAAARxYLAAsA AAAAAAAACwAAAAAAAAALAAAAAAAAAAsAAAAAAAAAHhAAAAEAAAABAAAAAAwQAAACAAAAHgAAAAYA AABUaXRsZQADAAAAAQAAAADsAQAACAAAAAAAAABIAAAAAQAAACQBAAAAAACALAEAAAIAAAA0AQAA AwAAADwBAAAEAAAASAEAAAUAAACEAQAABgAAAA== ------_=_NextPart_001_01C628DC.6289BB8A Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Disposition: inline Content-Transfer-Encoding: 7bit _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap ------_=_NextPart_001_01C628DC.6289BB8A-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Fri Feb 03 17:11:20 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F599E-000754-7u for capwap-archive@megatron.ietf.org; Fri, 03 Feb 2006 17:11:20 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA19982 for ; Fri, 3 Feb 2006 17:09:39 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 96D914300A4 for ; Fri, 3 Feb 2006 14:11:16 -0800 (PST) Received: from hermes.tigertech.net (hermes.tigertech.net [64.71.157.146]) by leela.tigertech.net (Postfix) with ESMTP id 1E355430067 for ; Fri, 3 Feb 2006 08:40:52 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 0F14A80C15E for ; Fri, 3 Feb 2006 08:40:52 -0800 (PST) Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87]) by hermes.tigertech.net (Postfix) with ESMTP id 883AA80C15B for ; Fri, 3 Feb 2006 08:40:43 -0800 (PST) Received: from sj-core-1.cisco.com ([171.71.177.237]) by sj-iport-5.cisco.com with ESMTP; 03 Feb 2006 08:40:44 -0800 X-IronPort-AV: i="4.02,85,1139212800"; d="doc'32?scan'32,208,32"; a="253411450:sNHT96888184" Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id k13GegKT027027; Fri, 3 Feb 2006 08:40:42 -0800 (PST) Received: from xmb-sjc-222.amer.cisco.com ([128.107.191.106]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Fri, 3 Feb 2006 08:40:42 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C628E0.9274BA91" Subject: RE: [Capwap] lwapp-dtls edits Date: Fri, 3 Feb 2006 08:40:41 -0800 Message-ID: <08A9A3213527A6428774900A80DBD8D8016D8A17@xmb-sjc-222.amer.cisco.com> X-MS-Has-Attach: yes Thread-Topic: [Capwap] lwapp-dtls edits Thread-Index: AcYjYMinXnSPEPJ4QqWETXwrxsyOrwAQQAbAAC+gE4ABH5qXsA== From: "Nancy Winget (ncamwing)" To: "Nancy Winget (ncamwing)" , "Susan Hares" , "Scott G. Kelly" , "capwap" X-OriginalArrivalTime: 03 Feb 2006 16:40:42.0532 (UTC) FILETIME=[92AE4E40:01C628E0] X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.374 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE X-Mailman-Approved-At: Fri, 03 Feb 2006 14:06:20 -0800 X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com This is a multi-part message in MIME format. ------_=_NextPart_001_01C628E0.9274BA91 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Though I didn't receive a notice, I'm resending as I have been notified that this email was rejected. =20 Thanks, Nancy. -----Original Message----- From: Nancy Winget (ncamwing)=20 Sent: Saturday, January 28, 2006 3:15 PM To: 'Susan Hares'; Scott G. Kelly; capwap Cc: Pat Calhoun (pacalhou) Subject: RE: [Capwap] lwapp-dtls edits Scott, I also could only do a cursory security review of the current draft as I need more clarification and elaboration on the authentication/authorization enforcement as well as how the rekey mechanisms work. Once I have a better understanding of those, I think we can close loop on the security review. I think my comments are along the same vein as Sue's. =20 Attached are my comments embedded in the word-(re)formatted draft. Thanks, Nancy. =20 -----Original Message----- From: Susan Hares [mailto:skh@nexthop.com] Sent: Friday, January 27, 2006 4:39 PM To: Scott G. Kelly; capwap Cc: Nancy Winget (ncamwing); Pat Calhoun (pacalhou) Subject: RE: [Capwap] lwapp-dtls edits Scott: My focus has been the interaction of the DTLS work with the LWAPP State machine. The draft-kelley-capwap-lwap-dtls-00.txt gave no state machine interactions. The draft-kelley-capwap-lwapp-dtls-01.txt draft gives some state machine interactions, and modifies the LWAPP state machine.=20 However, these state machine interactions do not provide guidance on what to do in the DTLS handshake errors, fragmentation errors, or alert messages. I've attached very draft text to guide you in providing the next revision. (It's a word document - so let me know if that's a problem. I turned on the revision history and highlighted the suggested text.)=20 =20 I'll do a final DTLS and security review once you finalize your next revision. =20 Pat and I went through a few rounds on the state machine of LWAPP to reach the current form. Glad to do an early review of your text prior to release to the working group.=20 Cheers,=20 Sue PS - I used (lwapp-03, dtls-05). I sent my comments from Nancy Winget (Cisco). She may find more issues with the state machine based on conversations we had at IEEE. =20 ------_=_NextPart_001_01C628E0.9274BA91 Content-Type: application/msword; name="draft-kelly-capwap-lwapp-dtls-01-ncw.doc" Content-Description: draft-kelly-capwap-lwapp-dtls-01-ncw.doc Content-Disposition: attachment; filename="draft-kelly-capwap-lwapp-dtls-01-ncw.doc" Content-Transfer-Encoding: base64 0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAPgADAP7/CQAGAAAAAAAAAAAAAAACAAAA+gAAAAAAAAAA EAAA/AAAAAEAAAD+////AAAAAPQAAAD7AAAA//////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////s pcEAe2AJBAAA8BK/AAAAAAAAEAAAAAAABgAAS4AAAA4AYmpiau5G7kYAAAAAAAAAAAAAAAAAAAAA AAAJBBYANOQAAIwsAACMLAAANngAAAAAAAAAAAAAAAAAABQAAAAAAAAAAAAAAAAAAAD//w8AAAAA AAAAAAD//w8AAAAAAAAAAAD//w8AAAAAAAAAAAAAAAAAAAAAAKQAAAAAABAZAAAAAAAAEBkAABAZ AAAAAAAAEBkAAAAAAAAyGQAAJgAAAGoZAAAMAAAAdhkAABQAAAAAAAAAAAAAAIoZAAAAAAAAEr0A AAAAAAASvQAAAAAAABK9AAAAAAAAEr0AAEwAAABevQAAPAEAAIoZAAAAAAAAcdsAAFACAACmvgAA AAAAAKa+AAAAAAAApr4AAAAAAACmvgAAAAAAAKa+AAAAAAAAgb8AAAAAAACBvwAAAAAAAIG/AAAA AAAAwtoAAAIAAADE2gAAAAAAAMTaAAAAAAAAxNoAAAAAAADE2gAAAAAAAMTaAAAAAAAAxNoAACQA AADB3QAAaAIAACngAABqAAAA6NoAABUAAAAAAAAAAAAAAAAAAAAAAAAAEBkAACIAAACBxAAAEgAA AAAAAAAAAAAAAAAAAAAAAACBvwAAAAAAAIG/AAAAAAAAk8QAAAwAAACfxAAACAAAAOjaAAAAAAAA AAAAAAAAAAAQGQAAAAAAABAZAAAAAAAApr4AAAAAAAAAAAAAAAAAAKa+AADbAAAA/doAADgAAACx 0AAAAAAAALHQAAAAAAAAsdAAAAAAAACnxAAAbAEAABAZAAAAAAAApr4AAAAAAAAQGQAAAAAAAKa+ AAAAAAAAwtoAAAAAAAAAAAAAAAAAALHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAgcQAAAAAAADC2gAAAAAAAAAAAAAAAAAAsdAAAAAAAACx0AAA VgAAAGbYAACUAQAAEBkAAAAAAAAQGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWtoAAAAAAACmvgAAAAAAAJq+AAAMAAAAwKhnQdAj xgEAAAAAAAAAABK9AAAAAAAAE8YAAEgKAAD62QAADAAAAAAAAAAAAAAAwtoAAAAAAAA12wAAPAAA AHHbAAAAAAAABtoAAFQAAACT4AAAAAAAAFvQAABGAAAAk+AAABgAAABa2gAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAJPgAAAAAAAAAAAAAAAAAABYGQAAEgAAAFraAABoAAAAgb8AAMoAAABLwAAAkAAAALHQ AAAAAAAA28AAAHQAAABPwQAAMgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgb8A AAAAAACBvwAAAAAAAIG/AAAAAAAA6NoAAAAAAADo2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAodAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIG/AAAA AAAAgb8AAAAAAACBvwAAAAAAAHHbAAAAAAAAgcQAAAAAAACBxAAAAAAAAIHEAAAAAAAAgcQAAAAA AAAAAAAAAAAAAIoZAAAAAAAAihkAAAAAAACKGQAA5GYAAG6AAACkPAAAihkAAAAAAACKGQAAAAAA AIoZAAAAAAAAboAAAAAAAACKGQAAAAAAAIoZAAAAAAAAihkAAAAAAAAQGQAAAAAAABAZAAAAAAAA EBkAAAAAAAAQGQAAAAAAABAZAAAAAAAAEBkAAAAAAAD/////AAAAAAIADAEAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0NDU5l dHdvcmsgV29ya2luZyBHcm91cCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICBTLiBLZWxseQ1JbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICBUYWxhcmkgTmV0d29ya3MNRXhwaXJlczogSnVuZSAxNSwgMjAwNiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEUuIFJlc2NvcmxhDSAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBOZXR3b3JrIFJlc29u YW5jZQ0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgRGVjZW1iZXIgMTIsIDIwMDUNDQ0gICAgICAgICAgICAgICAgICAgICAgICBTZWN1cmluZyBM V0FQUCB3aXRoIERUTFMNICAgICAgICAgICAgICAgICAgICBkcmFmdC1rZWxseS1jYXB3YXAtbHdh cHAtZHRscy0wMQ0NU3RhdHVzIG9mIHRoaXMgTWVtbw0NICAgQnkgc3VibWl0dGluZyB0aGlzIElu dGVybmV0LURyYWZ0LCBlYWNoIGF1dGhvciByZXByZXNlbnRzIHRoYXQgYW55DSAgIGFwcGxpY2Fi bGUgcGF0ZW50IG9yIG90aGVyIElQUiBjbGFpbXMgb2Ygd2hpY2ggaGUgb3Igc2hlIGlzIGF3YXJl DSAgIGhhdmUgYmVlbiBvciB3aWxsIGJlIGRpc2Nsb3NlZCwgYW5kIGFueSBvZiB3aGljaCBoZSBv ciBzaGUgYmVjb21lcw0gICBhd2FyZSB3aWxsIGJlIGRpc2Nsb3NlZCwgaW4gYWNjb3JkYW5jZSB3 aXRoIFNlY3Rpb24gNiBvZiBCQ1AgNzkuDQ0gICBJbnRlcm5ldC1EcmFmdHMgYXJlIHdvcmtpbmcg ZG9jdW1lbnRzIG9mIHRoZSBJbnRlcm5ldCBFbmdpbmVlcmluZw0gICBUYXNrIEZvcmNlIChJRVRG KSwgaXRzIGFyZWFzLCBhbmQgaXRzIHdvcmtpbmcgZ3JvdXBzLiAgTm90ZSB0aGF0DSAgIG90aGVy IGdyb3VwcyBtYXkgYWxzbyBkaXN0cmlidXRlIHdvcmtpbmcgZG9jdW1lbnRzIGFzIEludGVybmV0 LQ0gICBEcmFmdHMuDQ0gICBJbnRlcm5ldC1EcmFmdHMgYXJlIGRyYWZ0IGRvY3VtZW50cyB2YWxp ZCBmb3IgYSBtYXhpbXVtIG9mIHNpeCBtb250aHMNICAgYW5kIG1heSBiZSB1cGRhdGVkLCByZXBs YWNlZCwgb3Igb2Jzb2xldGVkIGJ5IG90aGVyIGRvY3VtZW50cyBhdCBhbnkNICAgdGltZS4gIEl0 IGlzIGluYXBwcm9wcmlhdGUgdG8gdXNlIEludGVybmV0LURyYWZ0cyBhcyByZWZlcmVuY2UNICAg bWF0ZXJpYWwgb3IgdG8gY2l0ZSB0aGVtIG90aGVyIHRoYW4gYXMgIndvcmsgaW4gcHJvZ3Jlc3Mu Ig0NICAgVGhlIGxpc3Qgb2YgY3VycmVudCBJbnRlcm5ldC1EcmFmdHMgY2FuIGJlIGFjY2Vzc2Vk IGF0DSAgIGh0dHA6Ly93d3cuaWV0Zi5vcmcvaWV0Zi8xaWQtYWJzdHJhY3RzLnR4dC4NDSAgIFRo ZSBsaXN0IG9mIEludGVybmV0LURyYWZ0IFNoYWRvdyBEaXJlY3RvcmllcyBjYW4gYmUgYWNjZXNz ZWQgYXQNICAgaHR0cDovL3d3dy5pZXRmLm9yZy9zaGFkb3cuaHRtbC4NDSAgIFRoaXMgSW50ZXJu ZXQtRHJhZnQgd2lsbCBleHBpcmUgb24gSnVuZSAxNSwgMjAwNi4NDUNvcHlyaWdodCBOb3RpY2UN DSAgIENvcHlyaWdodCAoQykgVGhlIEludGVybmV0IFNvY2lldHkgKDIwMDUpLg0NQWJzdHJhY3QN DSAgIFRoZSBMV0FQUCBwcm90b2NvbCBkZWZpbmVzIGludGVyYWN0aW9ucyBiZXR3ZWVuIHdpcmVs ZXNzIHRlcm1pbmF0aW9uDSAgIHBvaW50cyBhbmQgd2lyZWxlc3MgYWNjZXNzIGNvbnRyb2xsZXJz LiAgQ29tbXVuaWNhdGlvbnMgYmV0d2VlbiB0aGVzZQ0gICBjb21wb25lbnRzIG11c3QgYmUgc2Vj dXJlZCwgYW5kIHRoZSBjdXJyZW50IHNwZWNpZmljYXRpb24gcHJvdmlkZXMNICAgZm9yIHRyYW5z cG9ydCBzZWN1cml0eSB1c2luZyBwcm9wcmlldGFyeSBtZWNoYW5pc21zIHdoaWNoIGFyZQ0gICBl bWJlZGRlZCBpbiB0aGUgcHJvdG9jb2wuICBUaGlzIGRvY3VtZW50IGRlc2NyaWJlcyBhbiBhbHRl cm5hdGl2ZQ0gICBhcHByb2FjaCB3aGljaCBlbGltaW5hdGVzIHRoZSBlbWJlZGRlZCBzZWN1cml0 eSwgYW5kIGluc3RlYWQgdXNlcw0gICBEVExTIGFzIGEgc2VjdXJlLCB0aWdodGx5LWludGVncmF0 ZWQgd3JhcHBlci4NDQ0NS2VsbHkgJiBSZXNjb3JsYSAgICAgICAgICBFeHBpcmVzIEp1bmUgMTUs IDIwMDYgICAgICAgICAgICAgICAgIFtQYWdlIDFdDQwNSW50ZXJuZXQtRHJhZnQgICAgICAgICAg U2VjdXJpbmcgTFdBUFAgd2l0aCBEVExTICAgICAgICAgICBEZWNlbWJlciAyMDA1DQ0NVGFibGUg b2YgQ29udGVudHMNDSAgIDEuICBJbnRyb2R1Y3Rpb24gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMw0gICAyLiAgSW5zZXJ0aW5nIERUTFMgLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDQNICAgICAyLjEuICBD b250cm9sL0RhdGEgQ2hhbm5lbCBDb25zaWRlcmF0aW9ucyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAu ICA3DSAgICAgICAyLjEuMS4gIFNlcGFyYXRlIENvbnRyb2wvRGF0YSBDaGFubmVsIFBvcnRzICAu IC4gLiAuIC4gLiAuIC4gLiAgOA0gICAgICAgMi4xLjIuICBBZGRpbmcgYSBQcm90b2NvbCBNdXgg IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDgNICAgMy4gIEVuZHBvaW50IEF1dGhl bnRpY2F0aW9uIHVzaW5nIERUTFMgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICA4DSAgICAg My4xLiAgQXV0aGVudGljYXRpbmcgd2l0aCBDZXJ0aWZpY2F0ZXMgLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAgOQ0gICAgIDMuMi4gIEF1dGhlbnRpY2F0aW5nIHdpdGggUHJlc2hhcmVkIEtleXMg LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDkNICAgNC4gIENvbmNsdXNpb25zICAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDEwDSAgIDUuICBTZWN1cml0 eSBDb25zaWRlcmF0aW9ucyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAx MA0gICA2LiAgSUFOQSBDb25zaWRlcmF0aW9ucyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAuIC4gMTENICAgNy4gIFJlZmVyZW5jZXMgLiAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDExDSAgICAgNy4xLiAgTm9ybWF0aXZlIFJl ZmVyZW5jZXMgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAxMQ0gICAgIDcu Mi4gIEluZm9ybWF0aXZlIFJlZmVyZW5jZXMgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gMTENICAgQXV0aG9ycycgQWRkcmVzc2VzIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIDEzDSAgIEludGVsbGVjdHVhbCBQcm9wZXJ0eSBhbmQgQ29w eXJpZ2h0IFN0YXRlbWVudHMgLiAuIC4gLiAuIC4gLiAuIC4gLiAxNA0NDQ0NDQ0NDQ0NDQ0NDQ0N DQ0NDQ0NDQ0NDQ0NDQ0NDQ1LZWxseSAmIFJlc2NvcmxhICAgICAgICAgIEV4cGlyZXMgSnVuZSAx NSwgMjAwNiAgICAgICAgICAgICAgICAgW1BhZ2UgMl0NDA1JbnRlcm5ldC1EcmFmdCAgICAgICAg ICBTZWN1cmluZyBMV0FQUCB3aXRoIERUTFMgICAgICAgICAgIERlY2VtYmVyIDIwMDUNDQ0xLiAg SW50cm9kdWN0aW9uDQ0gICBUaGUgTGlnaHQgV2VpZ2h0IEFjZXNzIFBvaW50IFByb3RvY29sIChM V0FQUCkgcHJvdmlkZXMgZm9yDSAgIGNlbnRyYWxpemVkIGNvbnRyb2wgYW5kIG1hbmFnZW1lbnQg b2YgV2lyZWxlc3MgVGVybWluYXRpb24gUG9pbnRzDSAgIChXVFBzKSBieSBkZXZpY2VzIHJlZmVy cmVkIHRvIGFzIEFjY2VzcyBDb250cm9sbGVycyAoQUNzKS4gIEZvciBtb3JlDSAgIGRldGFpbCBv biB0aGlzIHByb3RvY29sIGFuZC9vciB0aGVzZSBjb21wb25lbnRzLCBzZWUgW0xXQVBQXS4gIFRo ZQ0gICBDQVBXQVAgd29ya2luZyBncm91cCBpcyBjdXJyZW50bHkgY29uc2lkZXJpbmcgdXNpbmcg TFdBUFAgYXMgdGhlDSAgIGJhc2lzIGZvciBhIHN0YW5kYXJkaXplZCBBQy1XVFAgY29udHJvbCBw cm90b2NvbCAocmVjb21tZW5kZWQgaW4NICAgW0NBUFdBUC1FVkFMXSkuDQ0gICBMV0FQUCBjdXJy ZW50bHkgaW5jbHVkZXMgc2VjdXJpdHkgZWxlbWVudHMgd2hpY2ggcHJvdmlkZSBmb3IgdGhlDSAg IGZvbGxvd2luZyBjYXBhYmlsaXRpZXM6DQ0gICBvICBFbmRwb2ludCBBdXRoZW50aWNhdGlvbiAt IEFDIGFuZCBXVFAgYXJlIHN0cm9uZ2x5IGF1dGhlbnRpY2F0ZWQNICAgICAgdXNpbmcgZWl0aGVy IHB1YmxpYyBrZXkgY2VydGlmaWNhdGVzIG9yIHNoYXJlZCBzZWNyZXRzIChhbHNvIGtub3duDSAg ICAgIGFzICJwcmUtc2hhcmVkIGtleXMiKS4NDSAgIG8gIERhdGEgQ29uZmlkZW50aWFsaXR5IC0g KEFDLVdUUCBjb250cm9sIGNoYW5uZWwpIGRhdGEgaXMgZW5jcnlwdGVkDSAgICAgIHVzaW5nIHRo ZSAxMjgtYml0IEFFUy1DQkMgYWxnb3JpdGhtLg0NICAgbyAgRGF0YSBJbnRlZ3JpdHkvT3JpZ2lu IEF1dGhlbnRpY2l0eSAtIGFuIEludGVncml0eSBDaGVjayBWYWx1ZQ0gICAgICAoSUNWKSBpcyBj b21wdXRlZCB1c2luZyAxMjgtYml0IEFFUy1DQkMtTUFDIChhIGtleWVkIE1BQykuDQ0gICBUaGUg Y3VycmVudCBMV0FQUCBzZWN1cml0eSBzY2hlbWUgaGFzIGJlZW4gdGhyb3VnaCBhdCBsZWFzdCBv bmUNICAgc2VjdXJpdHkgcmV2aWV3IFtMV0FQUC1TRUNdLCB0aGUgcmVzdWx0cyBvZiB3aGljaCB3 ZXJlIGZhdm9yYWJsZS4NICAgU3RpbGwsIHRoZSBwcm90b2NvbCBldmFsdWF0aW9uIHRlYW0gY29u Y2x1ZGVkIHRoYXQgTFdBUFAgd291bGQNICAgYmVuZWZpdCBmcm9tIHJlcGxhY2VtZW50IG9mIGl0 cyBwcm9wcmlldGFyeSBzZWN1cml0eSBzY2hlbWUgd2l0aCBhDSAgIHN0YW5kYXJkaXplZCwgbW9y ZSB3aWRlbHkgZGVwbG95ZWQgZmFjaWxpdHkgc3VjaCBhcyBEVExTIFtEVExTXS4NDSAgIFdoeSBy ZXBsYWNlIExXQVBQJ3Mgc2VjdXJpdHkgbWVjaGFuaXNtLCB3aGVuIHNvIGZhciwgc2VjdXJpdHkN ICAgZXZhbHVhdGlvbnMgaGF2ZSBub3QgZm91bmQgaXQgd2FudGluZz8gIFRoZXJlIGFyZSBhdCBs ZWFzdCB0d28gZ29vZA0gICByZWFzb25zOg0NICAgbyAgSW5kdXN0cnkgZXhwZXJpZW5jZS9yZXZp ZXcgLSB0byB0aGUgY2hhZ3JpbiBvZiBtYW55IHByb3RvY29sDSAgICAgIGRlc2lnbmVycywgaXQg aGFzIGJlZW4gb2Z0ZW4gZGVtb25zdHJhdGVkIHRoYXQgc3VidGxlIHNlY3VyaXR5DSAgICAgIGZs YXdzIG1heSBlc2NhcGUgdGhlIG1vc3QgZGlsaWdlbnQgcmV2aWV3ZXIuICBBcyBhIHJlc3VsdCwg dGhlDSAgICAgIGNyeXB0b2dyYXBoaWMgY29tbXVuaXR5IGludmVzdHMgc2lnbmlmaWNhbnQgZWZm b3J0IGluIHRoZSBvbmdvaW5nDSAgICAgIGFuYWx5c2lzIG9mIGRlcGxveWVkIChhbmQgcHJvcG9z ZWQpIHNlY3VyaXR5IG1lY2hhbmlzbXMuDSAgICAgIFNvbWV0aW1lcyBwcm9ibGVtcyBhcmUgZm91 bmQgdmVyeSBxdWlja2x5LCBidXQgaW4gb3RoZXIgY2FzZXMNICAgICAgaXNzdWVzIG15IG5vdCBi ZSBkaXNjb3ZlcmVkIGZvciB5ZWFycy4gIFRodXMsIHNlY3VyaXR5IHByb3RvY29scw0gICAgICBh bmQgbWVjaGFuaXNtcyB3aGljaCBoYXZlIGJlZW4gZXh0ZW5zaXZlbHkgZGVwbG95ZWQgYW5kIGFu YWx5emVkDSAgICAgIGFyZSBhbG1vc3QgYWx3YXlzIHByZWZlcmFibGUgdG8gdGhvc2Ugd2hpY2gg aGF2ZSBub3QuDQ0gICBvICBBbGdvcml0aG0gQWdpbGl0eSAtIEJlY2F1c2UgbW9zdCBjcnlwdG9n cmFwaGljIGFsZ29yaXRobXMgYXJlDSAgICAgIGV2ZW50dWFsbHkgZWl0aGVyIGJyb2tlbiBvdXRy aWdodCBvciByZW5kZXJlZCBjb21wdXRhdGlvbmFsbHkNICAgICAgaW5zdWZmaWNpZW50IGJ5IGFk dmFuY2luZyB0ZWNobm9sb2d5LCBpdCBpcyBjcnVjaWFsIHRvIGhhdmUgdGhlDSAgICAgIGFiaWxp dHkgdG8gZWFzaWx5IHJlcGxhY2Ugb3V0ZGF0ZWQgb3IgY29tcHJvbWlzZWQgYWxnb3JpdGhtcy4N DQ0NDUtlbGx5ICYgUmVzY29ybGEgICAgICAgICAgRXhwaXJlcyBKdW5lIDE1LCAyMDA2ICAgICAg ICAgICAgICAgICBbUGFnZSAzXQxJbnRlcm5ldC1EcmFmdCAgICAgICAgICBTZWN1cmluZyBMV0FQ UCB3aXRoIERUTFMgICAgICAgICAgIERlY2VtYmVyIDIwMDUNDQ0gICBOb3RlIHRoYXQgTFdBUFAs IHdoaWxlIGhhdmluZyBnb25lIHRocm91Z2ggc29tZSBzZWN1cml0eSByZXZpZXcsIGhhcw0gICBu b3QgeWV0IHByb3ZpZGVkIHRoZSBvcHBvcnR1bml0eSBmb3IgdGhlIHNvcnQgb2YgZXh0ZW5zaXZl IHB1YmxpYw0gICByZXZpZXcgYW5kIGFuYWx5c2lzIHRoYXQgVExTIFtUTFMxMV0gaGFzIGVuam95 ZWQuICBBbHNvLCBMV0FQUA0gICBwcm92aWRlcyBubyBmYWNpbGl0eSBmb3IgYWxnb3JpdGhtIG5l Z290aWF0aW9uIC0gY2hhbmdpbmcgc2VjdXJpdHkNICAgYWxnb3JpdGhtcyB3b3VsZCByZXF1aXJl IGEgY2hhbmdlIHRvIHRoZSBwcm90b2NvbCBzdGFuZGFyZCwgYWxvbmcNICAgd2l0aCBmaXJtd2Fy ZSB1cGdyYWRlcyBmb3IgYm90aCBXVFAgYW5kIEFDLiAgVGhpcyBpcyBjbGVhcmx5DSAgIHVuZGVz aXJhYmxlLg0NICAgRFRMUywgb24gdGhlIG90aGVyIGhhbmQsIGlzIGEgc3RhbmRhcmRzLXRyYWNr IGVmZm9ydCB3aGljaCBpcyBiYXNlZA0gICB1cG9uIFRMUy4gIFRoZSB1bmRlcmx5aW5nIHNlY3Vy aXR5LXJlbGF0ZWQgcHJvdG9jb2wgbWVjaGFuaXNtcyBoYXZlDSAgIGJlZW4gc3VjY2Vzc2Z1bGx5 IGRlcGxveWVkIGZvciBtYW55IHllYXJzIG5vdy4gIFRoZSBUTFMgcHJvdG9jb2wgaXMNICAgd2Vs bC11bmRlcnN0b29kIGZyb20gYW4gb3BlcmF0aW9uYWwgcGVyc3BlY3RpdmUsIGFuZCB3aXRoIHRo ZSByZWNlbnQNICAgc3BlY2lmaWNhdGlvbiBvZiBpdHMgZGF0YWdyYW0tYmFzZWQgdmFyaWFudCwg aXMgYW4gb2J2aW91cyBjaG9pY2UgZm9yDSAgIG1lZXRpbmcgdGhlIHNlY3VyaXR5IHJlcXVpcmVt ZW50cyBvZiBMV0FQUC4NDQ0yLiAgSW5zZXJ0aW5nIERUTFMNDSAgIE5vdGUgdGhhdCBmb3IgdGhl IHRpbWUgYmVpbmcsIG9ubHkgdGhlIFVEUCB0cmFuc3BvcnQgbWVjaGFuaXNtIGZvcg0gICBMV0FQ UCBpcyBjb25zaWRlcmVkLiAgU2luY2UgdGhlIGV2YWx1YXRpb24gZG9jdW1lbnQgcmVjb21tZW5k cw0gICBlbGltaW5hdGluZyBsYXllciAyIGVuY2Fwc3VsYXRpb24gc3VwcG9ydCwgaXQgaXMgbm90 IGFkZHJlc3NlZCBoZXJlLg0gICBTaG91bGQgdGhpcyBjaGFuZ2UsIHRoZSBtZWNoYW5pc20gZGVz Y3JpYmVkIGJlbG93IGluIHNlY3Rpb24gMi4xLjINICAgY291bGQgYmUgdXNlZCB0byBwYXJ0aWFs bHkgYWRkcmVzcyB0aGF0IGNhc2UuDQ0gICBGcm9tIGEgaGlnaCBsZXZlbCwgc2ltcGxlIHJlcGxh Y2VtZW50IG9mIHRoZSBMV0FQUCBzZWN1cml0eQ0gICBtZWNoYW5pc21zIHdpdGggRFRMUyBhbW91 bnRzIHRvIHNvbWV0aGluZyBsaWtlIHRoaXM6DQ0gICAxLiAgUmVwbGFjZSB0aGUgSk9JTiBwaGFz ZSB3aXRoIERUTFMgc2Vzc2lvbiBlc3RhYmxpc2htZW50DQ0KDSAgIDIuICBSZXBsYWNlIExXQVBQ IHJlLWtleSBmdW5jdGlvbmFsaXR5IHdpdGggYSBEVExTIHJlLWtleQ0NCg0gICAzLiAgUmVtb3Zl IHRoZSBleGlzdGluZyBMV0FQUCBzZWNjdXJpdHkgc2NoZW1lDQ1bTkNXXSBIb3cgd2lsbCB3ZSBi ZSBhYmxlIHRvIGRpc3Rpbmd1aXNoIGFuZCB0aHVzIGVuYWJsZSBhcHByb3ByaWF0ZSBhdXRob3Jp emF0aW9uIHBvbGljaWVzIHRoYXQgdGhlIERUTFMgc2Vzc2lvbiBlc3RhYmxpc2htZW50LCByZWtl eSBhbmQgcmVzZXQgYXJlIHNwZWNpZmljIHRvIHRoaXMgYXBwbGljYXRpb24gKGUuZy4gTFdBUFAp Pw1XaGlsZSAoRClUTFMgZW5hYmxlcyBhdXRoZW50aWNhdGlvbiwgaG93IGRvZXMgaXSScyB1c2Ug aW4gdGhpcyBhcHBsaWNhdGlvbiBlbmZvcmNlIHRoYXQgdGhlIFRMUyCTY2xpZW50lCBpcyBhdXRo b3JpemVkIHRvIGFjdCBhcyBhIFdUUCBhbmQgY29udmVyc2VseSB0aGUgIFRMUyCTc2VydmVylCBp cyBhbiBhdXRob3JpemVkIEFDPw0NCg0gICBUaGlzIGFtb3VudHMgdG8gZW1wbG95aW5nIERUTFMg YXMgYSB0aWdodGx5LWludGVncmF0ZWQgc2VjdXJlDSAgIHdyYXBwZXIuICBIZXJlIGlzIHRoZSBy ZXN1bHRpbmcgTFdBUFAgc3RhdGUgbWFjaGluZToNDQ0NDQ0NDQ0NDQ0NDQ0NDUtlbGx5ICYgUmVz Y29ybGEgICAgICAgICAgRXhwaXJlcyBKdW5lIDE1LCAyMDA2ICAgICAgICAgICAgICAgICBbUGFn ZSA0XQxJbnRlcm5ldC1EcmFmdCAgICAgICAgICBTZWN1cmluZyBMV0FQUCB3aXRoIERUTFMgICAg ICAgICAgIERlY2VtYmVyIDIwMDUNDQ0gICAgICAgIC8tLS0tLS0tLS0tLS0tXA0gICAgICAgICB8 ICAgICAgICAgICAgIHYNICAgICAgICAgfCAgICAgICArLS0tLS0tLS0tLS0tKw0gICAgICAgICB8 ICAgICAgQ3wgICAgSWRsZSAgICB8PC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tKw0gICAgICAgICB8ICAgICAgICstLS0tLS0tLS0tLS0rICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgfA0gICAgICAgICB8ICAgICAgICBeICAgIHxhICAgIF4gICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfA0gICAgICAgICB8ICAgICAgICB8ICAg IHwgICAgIFwtLS0tXCAgICAgICAgICAgICAgICAgeSAgICAgICAgICAgICAgICAgfA0gICAgICAg ICB8ICAgICAgICB8ICAgIHwgICAgICAgICAgfCAgICstLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0t LSsgeiAgfA0gICAgICAgICB8ICAgICAgICB8ICAgIHwgICAgICAgICAgfCAgIHwgICAgICAgICAg ICAgfCBEVExTLXJla2V5IHwtXCAgfA0gICAgICAgICB8ICAgICAgICB8ICAgIHwgICAgICAgICAg fCAgIHwgICstLS0tLS0tLS0+Ky0tLS0tLS0tLS0tLSsgfCAgfA0gICAgICAgICB8ICAgICAgICB8 ICAgIHwgICAgICAgICAgfCAgIHwgIHwgICAgICAgICAgICAgICAgICAgICAgICAgfCAgXg0gICAg ICAgICB8ICAgICAgICB8ICAgIHwgICAgICAgICAgfHQgIFYgIHwgeCAgICAgICAgICAgICAgICAg ICAgICAgfCAgfA0gICAgICAgICB8ICAgICAgICB8ICAgIHwgICAgICAgICstLS0tLS0tLSstLSsg ICAgICAgKy0tLS0tLS0tLS0tLSsgfCAgfA0gICAgICAgICB8ICAgICAgIC8gICAgIHwgICAgICAg Q3wgICAgUnVuICAgIHwtLS0tLS0+fCBEVExTLVJlc2V0IHw8Ky0tfC0tLS1cDSAgICAgICAgIHwg ICAgIC8gICAgICAgfCAgICAgICByKy0tLS0tLS0tLS0tKyAgICAgdSArLS0tLS0tLS0tLS0tKyB8 ICB8ICAgICB8DSAgICAgICAgIHwgICAgLyAgICAgICAgfCAgICAgICAgICAgICAgXiAgICAgICAg ICAgICAgICBeICAgICB2fCAgICB8ICB8ICAgICB8DSAgICAgICAgIHwgICB8ICAgICAgICAgdiAg ICAgICAgICAgICAgfCAgICAgICAgICAgICAgICB8ICAgICAgfCAgICB8ICB8ICAgICB8DSAgICAg ICAgIHwgICB8ICAgKy0tLS0tLS0tLS0tLS0tKyAgICAgfCAgICAgICAgICAvLS0tLS8gICAgICAg ViAgICBWICB8ICAgICB8DSAgICAgICAgIHwgICB8ICBDfCAgRGlzY292ZXJ5ICAgfCAgICBxfCAg ICAgICAgb3wgICAgICAgICAgICstLS0tLS0tKyB8ICAgICB8DSAgICAgICAgIHwgICB8ICBiKy0t LS0tLS0tLS0tLS0tKyAgICArLS0tLS0tLS0tLS0tLSsgICAgICAgIHwgUmVzZXQgfC0rIHcgICB8 DSAgICAgICAgIHwgICB8ICAgICB8ZCAgICAgZnwgIF4gICAgICB8ICBDb25maWd1cmUgIHwgICAg ICAgICstLS0tLS0tKyAgICAgICB8DSAgICAgICAgIHwgICB8ICAgICB8ICAgICAgIHwgIHwgICAg ICArLS0tLS0tLS0tLS0tLSsgICAgICAgICAgICAgICAgICAgICAgICB8DSAgICAgICAgIHwgICB8 ZSAgICB2ICAgICAgIHwgIHwgICAgICAgICAgICAgIF4gICAgICAgICAgICAgICAgICAgICAgICAg ICAgICB8DSAgICAgICAgIHwgICstLS0tLS0tLS0rICAgIHYgIHxpICAgICAgICAgICAgMnwgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICB8DSAgICAgICAgIHwgQ3wgU3Vsa2luZyB8ICAgKy0t LS0tLS0tLS0tLSsgICAgKy0tLS0tLS0tLS0tLS0tKyAgICAgICAgICAgICAgICB8DSAgICAgICAg IHwgICstLS0tLS0tLS0rICBDfCBEVExTLUluaXQgIHwtLS0+fCBEVExTLUNvbXBsZXRlfCAgICAg ICAgICAgICAgICB8DSAgICAgICAgIHwgICAgICAgICAgICAgICBnKy0tLS0tLS0tLS0tLSsgeiAg Ky0tLS0tLS0tLS0tLS0tKyAgICAgICAgICAgICAgICB8DSAgICAgICAgIHwgICAgICAgICAgICAg ICAgICAgfGggICAgICBtfCAgICAgICAgICAgICAgICAgfDQgICAgICAgICAgICAgICAgICB8DSAg ICAgICAgIHwgICAgICAgICAgICAgICAgICAgfCAgICAgICAgfCAgICAgICAgICAgICAgICAgdiAg ICAgICAgICAgICAgICAgbyAvDSAgICAgICAgICBcICAgICAgICAgICAgICAgICAgfCAgICAgICAg fCAgICAgICAgICAgICAgICstLS0tLS0tLS0tLS0rLS0tLS0tLS8NICAgICAgICAgICBcLS0tLS0t LS0tLS0tLS0tLS0vICAgICAgICAgXC0tLS0tLS0tLS0tLS0+fCBJbWFnZSBEYXRhIHxDDSAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICstLS0tLS0t LS0tLS0rbg0NICAgICAgICAgICAgICAgICAgRmlndXJlIDE6IExXQVBQIFN0YXRlIE1hY2hpbmUg dy9EVExTIFN1cHBvcnQNDQ0gICBGb2xsb3dpbmcgaXMgYSBkZXNjcmlwdGlvbiBvZiB0aGUgYXNz b2NpYXRlZCBzdGF0ZSBjaGFuZ2VzLiAgTm90ZQ0gICB0aGF0IHdlIG9ubHkgYWRkcmVzcyB0aG9z ZSB3aGljaCBhcmUgbmV3Og0NDSAgIERpc2NvdmVyeSB0byBEVExTLUluaXQgKGYpOiBUaGlzIHN0 YXRlIGlzIHVzZWQgYnkgdGhlIFdUUCB0byBjb25maXJtDSAgIGl0cyBjb21taXRtZW50IHRvIGFu IEFDIHRoYXQgaXQgd2lzaGVzIHRvIGJlIHByb3ZpZGVkIHNlcnZpY2UsIGFuZCB0bw0gICBzaW11 bHRhbmVvdXNseSBlc3RhYmxpc2ggYSBzZWN1cmUgY29udHJvbCBjaGFubmVsLg0NICAgICAgV1RQ OiBUaGUgV1RQIHNlbGVjdHMgdGhlIGJlc3QgQUMgYmFzZWQgb24gdGhlIGluZm9ybWF0aW9uIGl0 DSAgICAgIGdhdGhlcmVkIGR1cmluZyB0aGUgRGlzY292ZXJ5IFBoYXNlLiAgSXQgdGhlbiBpbml0 aWF0ZXMgYSBEVExTDSAgICAgIGNvbm5lY3Rpb24gd2l0aCBpdHMgcHJlZmVycmVkIEFDLiAgVGhl IFdUUCBzdGFydHMgdGhlIFdhaXRKb2luDSAgICAgIFRpbWVyLg1bTkNXXSBCeSB0aGlzLCBJIGJl bGlldmUgeW91IGFyZSBpbXBseWluZyB0aGF0IHRoZSBXVFAgYWN0cyBhcyB0aGUgVExTIJNjbGll bnSUIHdoaWxlIHRoZSBBQyBhY3RzIGFzIHRoZSBUTFMgk3NlcnZlcpQ/ICBUaGlzIHdpbGwgaGF2 ZSB0byBiZSBhIGhhcmQgcmVxdWlyZW1lbnQgdG8gZW5zdXJlIHRoZSByb2xlcyBhcmUgZXhwbGlj aXRseSBkZWZpbmVkIGFuZCBhbGxvdyBmb3IgYXBwcm9wcmlhdGUgYXV0aG9yaXphdGlvbiBwb2xp Y2llcyB0byBiZSBlbXBsb3llZC4gIA0NDQ0NDQ1LZWxseSAmIFJlc2NvcmxhICAgICAgICAgIEV4 cGlyZXMgSnVuZSAxNSwgMjAwNiAgICAgICAgICAgICAgICAgW1BhZ2UgNV0NDQ0NDA1JbnRlcm5l dC1EcmFmdCAgICAgICAgICBTZWN1cmluZyBMV0FQUCB3aXRoIERUTFMgICAgICAgICAgIERlY2Vt YmVyIDIwMDUNDQ0gICAgICBBQzogVGhlIEFDIGVudGVycyB0aGlzIHN0YXRlIGZvciB0aGUgZ2l2 ZW4gV1RQIHVwb24gcmVjZXB0aW9uIG9mIGENICAgICAgRFRMUyBpbml0aWFsaXphdGlvbiByZXF1 ZXN0LiAgVGhlIEFDIHByb2Nlc3NlcyB0aGUgcmVxdWVzdCBhbmQNICAgICAgcmVzcG9uZHMgYnkg ZW5nYWdpbmcgaW4gRFRMUyBuZWdvdGlhdGlvbiB3aXRoIHRoZSBXVFAuDVtOQ1ddIFdoYXQgaXMg YSBEVExTIGluaXRpYWxpemF0aW9uIHJlcXVlc3Q/ICBJIGNhbpJ0IHF1aXRlIHNlZW0gdG8gbWFw IHRoZSBzdGF0ZSBtYWNoaW5lcyBkZWZpbmVkIGluIHRoZSBkcmFmdC1yZXNjb2xhLWR0bHMtMDUu dHh0IHRvIHRoZSBEVExTLUluaXQgYW5kIERUTFMtQ29tcGxldGUgc3RhdGVzIGFib3ZlLiAgQ2Fu IHlvdSBwbGVhc2UgZWxhYm9yYXRlIGZ1cnRoZXIgb24gdGhlc2U/ICBIb3cgYXJlIHRoZSBEVExT L1RMUyBzdGF0ZSBtYWNoaW5lIGFuZCBwYWNrZXQgZmxvdyBtYXAgaW50byB0aGUgMiBib3hlcyBh cyB5b3Ugc3RhdGUgYWJvdmU/DQ0gICBEVExTLUluaXQgdG8gRGlzY292ZXJ5IChpKTogVGhpcyBz dGF0ZSBpcyB1c2VkIHRvIHJldHVybiB0aGUgV1RQIHRvDSAgIGRpc2NvdmVyeSBtb2RlIHdoZW4g YW4gdW5yZXNwb25zaXZlIEFDIGlzIGVuY291bnRlcmVkLg0NICAgICAgV1RQOiBUaGUgV1RQIGVu dGVycyB0aGlzIHN0YXRlIHdoZW4gdGhlIFdhaXRKb2luIHRpbWVyIGV4cGlyZXMNICAgICAgcHJp b3IgdG8gc3VjY2Vzc2Z1bCBjb21wbGV0aW9uIG9mIERUTFMgbmVnb3RpYXRpb24uDQ0gICAgICBB QzogVGhpcyBzdGF0ZSB0cmFuc2l0aW9uIGlzIGludmFsaWQuDQ0gICBEVExTLUluaXQgdG8gRFRM Uy1Db21wbGV0ZSAoeik6IFRoaXMgc3RhdGUgaXMgdXNlZCB0byBpbmRpY2F0ZSBEVExTDSAgIHNl c3Npb24gZXN0YWJsaXNobWVudC4NDSAgICAgIFdUUDogVGhpcyBzdGF0ZSBpcyBlbnRlcmVkIHdo ZW4gdGhlIFdUUCBhbmQgQUMgY29tcGxldGUgRFRMUw0gICAgICBuZWdvdGlhdGlvbi4NDSAgICAg IEFDOiBUaGlzIHN0YXRlIGlzIGVudGVyZWQgd2hlbiB0aGUgV1RQIGFuZCBBQyBjb21wbGV0ZSBE VExTDSAgICAgIG5lZ290aWF0aW9uLg1bTkNXXSBVbmRlciB3aGF0IGNvbmRpdGlvbnMgZG9lcyBE VExTLUluaXQgcmV0dXJuIHRvIHRoZSBpZGxlIHN0YXRlPyAgVGhpcyBuZWVkcyB0byBiZSBkZXNj cmliZWQuICBUaGVyZSBhcmUgZXJyb3IgY29uZGl0aW9ucyB0aGF0IGhhdmUgdG8gYmUgcmVmbGVj dGVkIGFuZCBkZXNjcmliZWQgZm9yIERUTFMgYXMgVExTIHJlY29yZHMgbWF5IGZhaWwgYW5kIGlu IGdlbmVyYWwsIHRoZSBhdXRoZW50aWNhdGlvbiBtYXkgZmFpbCBmb3IgZGlmZmVyZW50IHJlYXNv bnMgd2hpY2ggc2hvdWxkIGFsc28gYmUgZGVzY3JpYmVkIGluIHRoaXMgZHJhZnQuDQ1bTkNXXSBX aHkgZG9lcyB0aGUgc3RhdGUgZGlhZ3JhbSBzaG93IGEgRFRMUy1Jbml0IHRvIEltYWdlIGRhdGE/ ICBJdCBhcHBlYXJzIHRoYXQgdGhlIERUTFMgc2Vzc2lvbiBlc3RhYmxpc2htZW50IGhhcyBub3Qg Y29tcGxldGVkIHVudGlsIHRoZSBEVExTLUNvbXBsZXRlIHN0YXRlIGlzIHJlYWNoZWQuICBKdW1w aW5nIHRvIEltYWdlIERhdGEgZnJvbSBEVExTLUluaXQgaXMgYSBzZWN1cml0eSB2aW9sYXRpb24g YXMgdGhhdCBhbGxvd3MgV1RQIGltYWdlIHVwZGF0ZXMgd2l0aG91dCBhIHByb3BlciBzZWN1cml0 eSBhc3NvY2lhdGlvbi4NDQ0NICAgUnVuIHRvIERUTFMtUmVzZXQgKHUpOiBUaGlzIHN0YXRlIGlz IHVzZWQgdG8FIHdoZW4gdGhlIEFDIG9yIFdUUCB3aXNoDSAgIHRvIHRlYXIgZG93biB0aGUgY29u bmVjdGlvbi4NDQ0gICAgICBXVFA6IFRoZSBXVFAgZW50ZXJzIHRoaXMgc3RhdGUgd2hlbiBpdCB3 aXNoZXMgdG8gaW5pdGlhdGUgb3JkZXJseQ0gICAgICB0ZXJtaW5hdGlvbiBvZiB0aGUgRFRMUyBj b25uZWN0aW9uOyB0aGUgV1RQIHNlbmRzIHRoZSBhIFRMUw0gICAgICBGaW5pc2hlZCBtZXNzYWdl Lg0NDSAgICAgIEFDOiBUaGUgQUMgZW50ZXJzIHRoaXMgc3RhdGUgdXBvbiByZWNlaXB0IG9mIFRM UyBGaW5pc2hlZCBtZXNzYWdlDSAgICAgIGZyb20gdGhlIFdUUC4NDVtOQ1ddIEhvdyBkb2VzIExX QVBQIGFzIGFuIGFwcGxpY2F0aW9uIHdvdWxkIHRyaWdnZXIgdGhlIFRMUyBmaW5pc2hlZD8gRnJv bSBhIHNlY3VyaXR5IHN0YW5kcG9pbnQsIHRoZSBBQyBtdXN0IGVmZmVjdGl2ZWx5IGJsb2NrIGFs bCBMV0FQUCB0cmFmZmljIGFzIHdlbGwsIGlzbpJ0IHRoYXQgd2hhdCB0aGUgb3JpZ2luYWwgUmVz ZXQgc3RhdGUgd2FzIGludGVuZGVkIGZvcj8gIFdoYXQgaXMgdGhlIGRpc3RpbmN0aW9uIGJldHdl ZW4gdGhlIERUTFMtUmVzZXQgYW5kIFJlc2V0IHN0YXRlPyANDSAgIEltYWdlLWRhdGEgdG8gRFRM Uy1SZXNldCAobyk6IFRoaXMgc3RhdGUgaXMgdXNlZCB0byByZXNldCB0aGUNICAgY29ubmVjdGlv biBwcmlvciB0byByZXN0YXJ0aW5nIHRoZSBXVFAgYWZ0ZXIgYW4gaW1hZ2UgZG93bmxvYWQuDQ0N ICAgICAgV1RQOiBUaGUgV1RQIGVudGVycyB0aGlzIHN0YXRlIHdoZW4gaW1hZ2UgZG93bmxvYWQg Y29tcGxldGVzDQ0gICAgICBBQzogVGhlIEFDIGVudGVycyB0aGlzIHN0YXRlIHVwb24gcmVjZWlw dCBvZiBUTFMgRmluaXNoZWQgbWVzc2FnZQ0gICAgICBmcm9tIHRoZSBXVFAuDVtOQ1ddIFRoaXMg ZG9lc26SdCBzZWVtIHF1aXRlIHJpZ2h0hXRoZSBXVFAgk3Nob3VsZJQgcmVib290IG9yIHJlZnJl c2ggaXRzZWxmIHRvIGVuc3VyZSBpdJJzIHVzaW5nIHRoZSBsYXRlc3QgdXBkYXRlLiAgQnV0IHRo YXQgYXNpZGUsIGhvdyBkb2VzIHRoZSBBQyByZWNlaXZlIGEgVExTIEZpbmlzaGVkIG1lc3NhZ2Ug ZnJvbSB0aGUgV1RQPyAgSXQgc2VlbXMgbW9yZSBkZXRlcm1pbmF0ZSB0byBoYXZlIHRoZSBBQyBl bnRlciB0aGUgUmVzZXQgc3RhdGUgYWZ0ZXIgaXQgaGFzIHN1Y2Nlc3NmdWxseSBjb21wbGV0ZWQg dGhlIGltYWdlIGRvd25sb2FkIG9yIG9uIGEgbGluayBlcnJvci4NDSAgIERUTFMtUmVzZXQgdG8g UmVzZXQgKHYpOiBUaGlzIHN0YXRlIGlzIHVzZWQgdG8gY29tcGxldGUgRFRMUyBzZXNzaW9uDSAg IHRlYXItZG93bg0NICAgICAgV1RQOiBUaGUgV1RQIGVudGVycyB0aGlzIHN0YXRlIHdoZW4gaXQg aGFzIGNvbXBsZXRlZCBEVExTIHNlc3Npb24NICAgICAgY2xlYW51cCwgYW5kIGl0IGlzIHJlYWR5 IHRvIGZpbmlzaCBMV0FQUCBzZXNzaW9uIGNsZWFuLXVwLg0NW05DV10gUGxlYXNlIHByb3ZpZGUg bW9yZSBlbGFib3JhdGlvbiBvbiB3aGF0IERUTFMgc2Vzc2lvbiBjbGVhbnVwIG1lYW5zLiAgQWxz bywgdW5kZXIgd2hhdCBjb25kaXRpb25zIGRvZXMgV1RQIGFuZCBBQyBnbyBmcm9tIFJlc2V0IHRv IERUTFMtUmVzZXQ/ICBJIHdvdWxkIHN1Z2dlc3QgbWVyZ2luZyBSZXNldCBhbmQgRFRMUy1SZXNl dCBhcyBiZWluZyB0aGUgc2FtZSBzdGF0ZSBhbmQgaW5jbHVkZSB0aGUgc2VjdXJpdHkgY29uc2lk ZXJhdGlvbnMgaW4gaXRzIGRlc2NyaXB0aW9uLg0NDQ0NDQ0NS2VsbHkgJiBSZXNjb3JsYSAgICAg ICAgICBFeHBpcmVzIEp1bmUgMTUsIDIwMDYgICAgICAgICAgICAgICAgIFtQYWdlIDZdDEludGVy bmV0LURyYWZ0ICAgICAgICAgIFNlY3VyaW5nIExXQVBQIHdpdGggRFRMUyAgICAgICAgICAgRGVj ZW1iZXIgMjAwNQ0NDSAgICAgIEFDOiBUaGUgQUMgZW50ZXJzIHRoaXMgc3RhdGUgd2hlbiBpdCBo YXMgY29tcGxldGVkIERUTFMgc2Vzc2lvbg0gICAgICBjbGVhbnVwLCBhbmQgaXQgaXMgcmVhZHkg dG8gZmluaXNoIExXQVBQIHNlc3Npb24gY2xlYW4tdXAuDQ0gICBSdW4gdG8gRFRMUy1SZWtleSAo eCk6IFRoaXMgc3RhdGUgaXMgdXNlZCB0byBpbml0aWF0ZSBhIG5ldyBEVExTDSAgIGhhbmRzaGFr ZS4gIEVpdGhlciB0aGUgV1RQIG9yIEFDIG1heSBpbml0aWF0ZSB0aGUgc3RhdGUgdHJhbnNpdGlv bi4NICAgSXQgaXMgaW1wb3J0YW50IHRvIG5vdGUgdGhhdCB0aGlzIG1pZ2h0IG1vcmUgYWNjdXJh dGVseSBiZSB0ZXJtZWQgYQ0gICAibWV0YS1zdGF0ZSIsIGFzIHRoZSBEVExTIHJlLWhhbmRzaGFr ZSBpcyB0cmFuc3BhcmVudCB0byB0aGUgTFdBUFANICAgcHJvdG9jb2wsIGFuZCBtYXkgZXZlbiBi ZSBpbnRlcnBlcnNlZCB3aXRoIG90aGVyIExXQVBQIGNvbnRyb2wNICAgbWVzc2FnZXMuDQ0gICAg ICBXVFA6IFRoZSBXVFAgZW50ZXJzIHRoaXMgc3RhdGUgd2hlbiBlaXRoZXIgKDEpIGEgcmVrZXkg aXMNICAgICAgcmVxdWlyZWQsIG9yICgyKSB0aGUgQUMgaW5pdGlhdGVzIGEgRFRMUyBoYW5kc2hh a2UuDQ0gICAgICBBQzogVGhlIEFDIGVudGVycyB0aGlzIHN0YXRlIHdoZW4gZWl0aGVyICgxKSBh IHJla2V5IGlzIHJlcXVpcmVkLA0gICAgICBvciAoMikgdGhlIFdUUCBpbml0aWF0ZXMgYSBEVExT IGhhbmRzaGFrZS4NW05DV10gUGxlYXNlIGVsYWJvcmF0ZSBvbiB0aGUgcmVrZXkgcHJvdG9jb2wg dXNlZCBpbiBEVExTIGFzIGl0IGlzIG5vdCBleHBsaWNpdGx5IGRlc2NyaWJlZCBpbiB0aGUgZHJh ZnQtcmVzY29ybGEtZHRscy0wNS50eHQgZHJhZnQuICBBbHNvLCB0aGVyZSBhcmUgc2VjdXJpdHkg aW1wbGljYXRpb25zIGluIGtleSBzeW5jaHJvbml6YXRpb24gYW5kIG90aGVyIExXQVBQIHRyYWZm aWMgZHVyaW5nIHRoaXMga2V5IGV4Y2hhbmdlIGFzIHRoaXMgZHJhZnQgaXMgYWxsb3dpbmcgaXQg dG8gaGFwcGVuIJNpbnRlcnNwZXJzZWSUICBpbiBMV0FQUC4gIEkgYW0gYXNzdW1pbmcgdGhhdCBi eSB0aGUgdXNlIG9mIHRoZSBlcG9jaCwgdGhlIHN5c3RlbSBtYXkgZGVmaW5lIGEgcmVwbGF5IHdp bmRvdyBieSB3aGljaCBtb3JlIHRoYW4gb25lIGtleSBjYW4gYmUgbGl2ZSB0byBhbGxvdyBmb3Ig dGhlIHJla2V5cyB0byB3b3JrLiAgSG93ZXZlciwgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgbXVz dCBiZSBkZXNjcmliZWQgdG8gYmV0dGVyIGFuYWx5emUgdGhlIHNlY3VyaXR5IGltcGxpY2F0aW9u cyBmb3IgdGhpcyBhcHBsaWNhdGlvbi4NDSAgIERUTFMtUmVrZXkgdG8gUmVzZXQgKHopOiBUaGlz IHN0YXRlIGlzIHVzZWQgdG8gY2xlYW4gdXAgd2hlbiBhIERUTFMNICAgaGFuZHNoYWtlIGZhaWxz Lg0NICAgICAgV1RQOiBUaGUgV1RQIGVudGVycyB0aGlzIHN0YXRlIHdoZW4gYSBEVExTIGhhbmRz aGFrZSBmYWlscy4NDSAgICAgIEFDOiBUaGUgQUMgZW50ZXJzIHRoaXMgc3RhdGUgd2hlbiBhIERU TFMgaGFuZHNoYWtlIGZhaWxzLg1bTkNXXSBBcyBub3RlZCBhYm92ZSwgdGhlIHJla2V5IHByb3Rv Y29sIGFuZCBtZWNoYW5pc20gbmVlZHMgdG8gYmUgZGVzY3JpYmVkIGFuZCBieSB0aGlzIGRlc2Ny aXB0aW9uLCBpdCBzZWVtcyB0aGF0IHRoZSBSZXNldCBhbmQgRFRMUy1SZXNldCBhcmUgZXF1aXZh bGVudCBzdGF0ZXM/DQ0yLjEuICBDb250cm9sL0RhdGEgQ2hhbm5lbCBDb25zaWRlcmF0aW9ucw0N ICAgTm90ZSB0aGF0IHdoaWxlIHRoaXMgc2NoZW1lIHNlZW1zIHF1aXRlIHNpbXBsZSBhdCBmaXJz dCBnbGFuY2UsIHRoZXJlDSAgIGlzIG9uZSBjb21wbGljYXRpb24uICBDdXJyZW50bHksIExXQVBQ IG9ubHkgYXBwbGllcyBzZWN1cml0eSB0bw0gICBjb250cm9sIGNoYW5uZWwgY29tbXVuaWNhdGlv bnMsIGFuZCByZWxpZXMgdXBvbiBleHRlcm5hbCBmYWNpbGl0aWVzDSAgIGZvciBzZWN1cmluZyB1 c2VyIGRhdGEuICBJbiBvcmRlciB0byBwcmVzZXJ2ZSB0aGlzIGNvbnZlbnRpb24sIHdlDSAgIG11 c3QgYmUgYWJsZSB0byBkaXN0aW5ndWlzaCBiZXR3ZWVuIGNvbnRyb2wgYW5kIGRhdGEgcGFja2V0 cywNICAgZm9yd2FyZGluZyBvbmx5IGNvbnRyb2wgcGFja2V0cyB0byB0aGUgRFRMUyBlbmdpbmUu DQ0gICBUaGlzIHRhc2sgaXMgY29tcGxpY2F0ZWQgYnkgdGhlIGZhY3QgdGhhdCBMV0FQUCBjdXJy ZW50bHkNICAgZGlzdGluZ3Vpc2hlcyBiZXR3ZWVuIGNvbnRyb2wgYW5kIGRhdGEgdHJhZmZpYyB1 c2luZyB0aGUgJ0MnIGJpdCBpbg0gICB0aGUgTFdBUFAgaGVhZGVyLiAgVGhpcyBpcyBwb3NzaWJs ZSBldmVuIG9uIHRoZSBlbmNyeXB0ZWQgY29udHJvbA0gICBjaGFubmVsIGJlY2F1c2UgdGhlIExX QVBQIGhlYWRlciBpcyBub3QgZW5jcnlwdGVkIC0gaW4gdGhlIGNhc2Ugb2YNICAgdGhlIGNvbnRy b2wgY2hhbm5lbCwgaXQgaXMgb25seSBhdXRoZW50aWNhdGVkOg0NICAgICAgICArLS0tLS0tLS0r LS0tLS0tLS0tKy0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rLS0tLS0tLS0t LS0rDSAgICAgICAgfCBJUCBIZHIgfCBVRFAgSGRyIHwgTFdBUFAgSGRyIHwgICAgIERhdGEgICAg ICAgICAgICAgICAgfCBMV0FQUCBUbHIgfA0gICAgICAgICstLS0tLS0tLSstLS0tLS0tLS0rLS0t LS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSstLS0tLS0tLS0tLSsNICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXC0tLS0tLSBlbmNyeXB0ZWQgIC0tLS0tLS8N ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFwtLS0tLS0tLSBhdXRoZW50aWNhdGVkIC0tLS0t LS0tLS0tLw0NICAgICAgICAgICAgICAgICAgRmlndXJlIDI6IEN1cnJlbnQgTFdBUFAgUGFja2V0 IFNlY3VyaXR5DQ0gICBEVExTLCBvbiB0aGUgb3RoZXIgaGFuZCwgcHJvdmlkZXMgZm9yIHNlY3Vy aW5nIHRoZSBlbnRpcmUgY2hhbm5lbC4NICAgSWYgdGhlIExXQVBQIHBhY2tldHMgYXJlIGVuY2Fw c3VsYXRlZCB3aXRoaW4gRFRMUywgdGhlIExXQVBQIGhlYWRlcg0NDQ1LZWxseSAmIFJlc2Nvcmxh ICAgICAgICAgIEV4cGlyZXMgSnVuZSAxNSwgMjAwNiAgICAgICAgICAgICAgICAgW1BhZ2UgN10M SW50ZXJuZXQtRHJhZnQgICAgICAgICAgU2VjdXJpbmcgTFdBUFAgd2l0aCBEVExTICAgICAgICAg ICBEZWNlbWJlciAyMDA1DQ0NICAgd2lsbCBiZSBlbmNyeXB0ZWQ6DQ0gICAgICAgICstLS0tLS0t LSstLS0tLS0tLS0rLS0tLS0tLS0tKy0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0rLS0tLS0tLS0t LSsNICAgICAgICB8IElQIEhkciB8IFVEUCBIZHIgfERUTFMgSGRyIHwgTFdBUFAgSGRyIHwgICAg IERhdGEgICAgfCBEVExTIFRsciB8DSAgICAgICAgKy0tLS0tLS0tKy0tLS0tLS0tLSstLS0tLS0t LS0rLS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0tLSstLS0tLS0tLS0tKw0gICAgICAgICAgICAgICAg ICAgICAgICAgICAgXC0tLS0tLS0tLSBhdXRoZW50aWNhdGVkIC0tLS0tLS0tLS8NICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFwtLS0tLS0tLS0tLS0gZW5jcnlwdGVkICAtLS0t LS0tLS0tLS8NDSAgICAgICAgICAgICAgICAgIEZpZ3VyZSAzOiBMV0FQUCtEVExTIFBhY2tldCBT ZWN1cml0eQ0NDSAgIEEgZGlyZWN0IGNvbnNlcXVlbmNlIG9mIHRoaXMgaXMgdGhhdCB3aXRoIERU TFMgZW5jYXBzdWxhdGlvbiwgd2UNICAgY2Fubm90IGRpc3Rpbmd1aXNoIGJldHdlZW4gY29udHJv bCB0cmFmZmljIGFuZCBkYXRhIHdpdGhvdXQgZmlyc3QNICAgZGVjcnlwdGluZyB0aGUgcGFja2V0 IC0gdGhpcyBtZWFucyB3ZSBtdXN0IGVzdGFibGlzaCBzZXBhcmF0ZQ0gICBjaGFubmVscyBpZiB3 ZSBkbyBub3Qgd2lzaCB0byBlbmNyeXB0IGRhdGEgY2hhbm5lbCB0cmFmZmljLiAgVHdvDSAgIG1l dGhvZHMgZm9yIGFjY29tcGxpc2hpbmcgdGhpcyBhcmUgZGlzY3Vzc2VkIGJlbG93Lg1bTkNXXSBG b3IgY2xhcml0eSwgaXQgd291bGQgYmUgdXNlZnVsIHRvIHByZWNlZGUgdGhpcyBzZWN0aW9uIHdp dGggYSBkZXNjcmlwdGlvbiBvZiB0aGUgRFRMUyBlbmNhcHN1bGF0aW9uIGFzIExXQVBQIG92ZXIg RFRMUyBhcyBJIGJlbGlldmUgdGhlIGFib3ZlIGRlc2NyaXB0aW9uIGhhcyBpbnN0YW50aWF0ZWQg KHVwIHVudGlsIHRoaXMgc2VjdGlvbiwgaXQgd2FzIHVuY2xlYXIgYXMgdG8gaG93IHRoZSB0cmFu c3BvcnQgbGF5ZXJpbmcgd2FzIGJlaW5nIGludm9rZWQpLiAgV2l0aCB0aGlzIGVuY2Fwc3VsYXRp b24sIHRoZXJlIG11c3QgYmUgc29tZSBtZWNoYW5pc20gYnkgd2hpY2ggZHVyaW5nIHRoZSBEVExT IGF1dGhlbnRpY2F0aW9uIHRoZSByb2xlcyBvZiBlYWNoIG11c3QgYmUgYXNzZXJ0ZWQgdG8gZW5z dXJlIHRoYXQgdGhlIGtleXMgcmVzdWx0aW5nIGZyb20gYSBzdWNjZXNzZnVsIERUTFMgYXV0aGVu dGljYXRpb24gYXJlIHVzZWQgdG8gb25seSBwcm90ZWN0IExXQVBQLg0NMi4xLjEuICBTZXBhcmF0 ZSBDb250cm9sL0RhdGEgQ2hhbm5lbCBQb3J0cw0NICAgVGhlIHNpbXBsZXN0IHNvbHV0aW9uIGVu dGFpbHMgdXNpbmcgc2VwYXJhdGUgcG9ydHMgZm9yIExXQVBQIGNvbnRyb2wNICAgYW5kIGRhdGEg dHJhZmZpYywgd2l0aCBEVExTIHNlY3VyaW5nIG9ubHkgdGhlIGNvbnRyb2wgY2hhbm5lbC4gIFRo ZQ0gICBjb250cm9sIHRyYWZmaWMgY291bGQgY29udGludWUgdG8gdXRpbGl6ZSB0aGUgY3VycmVu dCB3ZWxsLWtub3duDSAgIExXQVBQIHBvcnQuICBGb3IgdGhlIGRhdGEgY2hhbm5lbCwgYSBuZXcg cG9ydCBjb3VsZCBiZSBhc3NpZ25lZCBieQ0gICBJQU5BLCBvciBpdCBjb3VsZCBpbnN0ZWFkIGJl IHNwZWNpZmllZCBieSB0aGUgQUMgYWZ0ZXIgdGhlIERUTFMNICAgc2Vzc2lvbiBpcyBlc3RhYmxp c2hlZCwgcHJvdmlkaW5nIHNvbWUgYWRkaXRpb25hbCBmbGV4aWJpbGl0eS4gIE5vdGUNICAgdGhh dCB0aGlzIHNvbHV0aW9uIHdpbGwgbm90IHdvcmsgZm9yIGxheWVyIDIgTFdBUFAgZW5jYXBzdWxh dGlvbi4NICAgSG93ZXZlciwgaWYgTDIgc3VwcG9ydCBpcyB0byBiZSByZW1vdmVkIGZyb20gTFdB UFAsIHRoaXMgcG9pbnQgaXMNICAgbW9vdC4NW05DV10gSSBkbyBub3QgdW5kZXJzdGFuZCBob3cg dGhpcyBwcm9wb3NlZCBzY2hlbWUgd291bGQgd29yayBhcyB0aGUgZW50aXJlIGx3YXAgY29uc3Ry dWN0aW9uIGlzIGVuY3J5cHRlZD8NDTIuMS4yLiAgQWRkaW5nIGEgUHJvdG9jb2wgTXV4DQ0gICBB biBhbHRlcm5hdGl2ZSBzb2x1dGlvbiBlbnRhaWxzIGFkZGluZyBhIHByb3RvY29sIG11bHRpcGxl eGVyIG1vZHVsZQ0gICBiZXR3ZWVuIHRoZSBwYWNrZXQgaW5wdXQvb3V0cHV0IGFuZCB0aGUgRFRM UyBtb2R1bGVzLCBhbmQgYWRkaW5nIGFuDSAgIGFkZGl0aW9uYWwgc21hbGwgYXNzb2NpYXRlZCBM V0FQUCBoZWFkZXIgYmV0d2VlbiB0aGUgVURQIGhlYWRlciBhbmQNICAgdGhlIERUTFMgcmVjb3Jk IGxheWVyIGhlYWRlci4gIFdoaWxlIHRoaXMgTFdBUFAgaGVhZGVyIG5lZWQgb25seQ0gICBjb250 YWluIGEgc2luZ2xlIGJpdCB0byBkaWZmZXJlbnRpYXRlIGJldHdlZW4gY29udHJvbC9kYXRhIHRy YWZmaWMsDSAgIGFsaWdubWVudCBjb25jZXJucyBzdWdnZXN0IHRoZSBoZWFkZXIgd291bGQgbW9z dCBsaWtlbHkgYmUgZWl0aGVyIDMyDSAgIG9yIDY0IGJpdHMgaW4gbGVuZ3RoLg1bTkNXXSBJcyB0 aGUgaW50ZW50IHRvIGFsbG93IGZvciBhbiBhdXRoZW50aWNhdGVkIGJ1dCB1bmVuY3J5cHRlZCBo ZWFkZXIgdG8gYmUgdHJhbnNwb3J0ZWQ/DQ0NDQ0NMy4gIEVuZHBvaW50IEF1dGhlbnRpY2F0aW9u IHVzaW5nIERUTFMNDVtOQ1ddIEkgd291bGQgbGlrZSB0byBzZWUgYSBzZWN1cml0eSBjb25zaWRl cmF0aW9ucyBzZWN0aW9ucyBmb3IgdGhlIGRpZmZlcmVudCBhdXRoZW50aWNhdGlvbiBtZXRob2Rz IHVzaW5nIERUTFMuICBUaGUgY3VycmVudCBMV0FQUCBzcGVjaWZpY2F0aW9uIGVuZm9yY2VzIG11 dHVhbCBhdXRoZW50aWNhdGlvbiB0aHJvdWdoIEpvaW4gcmVxdWVzdC9yZXNwb25zZSBleGNoYW5n ZSByZXF1aXJpbmcgZWFjaCBwYXJ0aWNpcGFudCB0byBwcmVzZW50IGEgY3JlZGVudGlhbC4gIFRo aXMgaXMgbm90IGVuZm9yY2VkIGluIFRMUyBhbmQgdGh1cyBjYW4gbGVhZCB0byBkaWZmZXJlbnQg c2VjdXJpdHkgdGhyZWF0IGNvbnNpZGVyYXRpb25zLiAgDQ0gICBDdXJyZW50bHksIExXQVBQIHN1 cHBvcnRzIGF1dGhlbnRpY2F0aW9uIHVzaW5nIGVpdGhlciBwdWJsaWMga2V5DSAgIGNlcnRpZmlj YXRlcyBvciBzaGFyZWQgc2VjcmV0cyAocHJlLXNoYXJlZCBrZXlzKS4gIERUTFMgc3VwcG9ydA0g ICBpbXBsaWVzIG5vIGNoYW5nZXMgaW4gdGhpcyByZWdhcmQuICBDZXJ0aWZpY2F0ZS1iYXNlZCBh dXRoZW50aWNhdGlvbg0gICBpcyBuYXRpdmVseSBzdXBwb3J0ZWQsIGFuZCBzdXBwb3J0IGZvciBw cmVzaGFyZWQga2V5cyBpcyBjdXJyZW50bHkNICAgcHJvZ3Jlc3NpbmcgdG93YXJkIHN0YW5kYXJk aXphdGlvbiAoc2VlIFtUTFMtUFNLXSkuICBCZWxvdyB3ZQ0gICBkZXNjcmliZSBzdXBwb3J0ZWQg VExTIGFsZ29yaXRobSBzdWl0ZXMgZm9yIGVhY2ggZW5kcG9pbnQNDQ0NS2VsbHkgJiBSZXNjb3Js YSAgICAgICAgICBFeHBpcmVzIEp1bmUgMTUsIDIwMDYgICAgICAgICAgICAgICAgIFtQYWdlIDhd DEludGVybmV0LURyYWZ0ICAgICAgICAgIFNlY3VyaW5nIExXQVBQIHdpdGggRFRMUyAgICAgICAg ICAgRGVjZW1iZXIgMjAwNQ0NDSAgIGF1dGhlbnRpY2F0aW9uIG1ldGhvZC4NDTMuMS4gIEF1dGhl bnRpY2F0aW5nIHdpdGggQ2VydGlmaWNhdGVzDQ0gICBOb3RlIHRoYXQgb25seSBibG9jayBjaXBo ZXJzIGFyZSBjdXJyZW50bHkgcmVjb21tZW5kZWQgZm9yIHVzZSB3aXRoDSAgIERUTFMuICBUbyB1 bmRlcnN0YW5kIHRoZSByZWFzb25pbmcgYmVoaW5kIHRoaXMsIHNlZSBbRFRMUy1ERVNJR05dLg0g ICBUaGUgZm9sbG93aW5nIGFsZ29yaXRobXMgTVVTVCBiZSBzdXBwb3J0ZWQgd2hlbiB1c2luZyBj ZXJ0aWZpY2F0ZXMNICAgZm9yIExXQVBQIGF1dGhlbnRpY2F0aW9uOg0NICAgbyAgVExTX1JTQV9X SVRIX0FFU18xMjhfQ0JDX1NIQQ0NICAgbyAgVExTX1JTQV9XSVRIXzNERVNfRURFX0NCQ19TSEEN DSAgIFRoZSBmb2xsb3dpbmcgYWxnb3JpdGhtcyBTSE9VTEQgYmUgc3VwcG9ydGVkIHdoZW4gdXNp bmcgY2VydGlmaWNhdGVzOg0NICAgbyAgVExTX0RIX1JTQV9XSVRIX0FFU18xMjhfQ0JDX1NIQQ0N ICAgbyAgVExTX0RIX1JTQV9XSVRIXzNERVNfRURFX0NCQ19TSEENDSAgIFRoZSBmb2xsb3dpbmcg YWxnb3JpdGhtcyBNQVkgYmUgc3VwcG9ydGVkIHdoZW4gdXNpbmcgY2VydGlmaWNhdGVzOg0NICAg byAgVExTX1JTQV9XSVRIX0FFU18yNTZfQ0JDX1NIQQ0NICAgbyAgVExTX0RIX1JTQV9XSVRIX0FF U18yNTZfQ0JDX1NIQQ0NICAgQ2VydGlmaWNhdGVzIHNob3VsZCBiZSB2ZXJpZmllZCBpbiB0aGUg c2FtZSBtYW5uZXIgYXMgY3VycmVudGx5DSAgIHNwZWNpZmllZCBpbiBMV0FQUC4NDTMuMi4gIEF1 dGhlbnRpY2F0aW5nIHdpdGggUHJlc2hhcmVkIEtleXMNDSAgIFByZS1zaGFyZWQga2V5cyBwcmVz ZW50IHNpZ25pZmljYW50IGNoYWxsZW5nZXMgZnJvbSBhIHNlY3VyaXR5DSAgIHBlcnNwZWN0aXZl LCBhbmQgZm9yIHRoYXQgcmVhc29uLCB0aGVpciB1c2UgaXMgc3Ryb25nbHkgZGlzY291cmFnZWQu DSAgIEhvd2V2ZXIsIFtUTFMtUFNLXSBkZWZpbmVzIDMgZGlmZmVyZW50IG1ldGhvZHMgZm9yIGF1 dGhlbnRpY2F0aW5nDSAgIHdpdGggcHJlc2hhcmVkIGtleXM6DQ0gICBvICBQU0sga2V5IGV4Y2hh bmdlIGFsZ29yaXRobSAtIHNpbXBsZXN0IG1ldGhvZCwgY2lwaGVyc3VpdGVzIHVzZQ0gICAgICBv bmx5IHN5bW1ldHJpYyBrZXkgYWxnb3JpdGhtcw0NICAgbyAgREhFX1BTSyBrZXkgZXhjaGFuZ2Ug YWxnb3JpdGhtIC0gdXNlIGEgUFNLIHRvIGF1dGhlbnRpY2F0ZSBhDSAgICAgIERpZmZpZS1IZWxs bWFuIGV4Y2hhbmdlLiAgVGhlc2UgY2lwaGVyc3VpdGVzIGdpdmUgc29tZSBhZGRpdGlvbmFsDSAg ICAgIHByb3RlY3Rpb24gYWdhaW5zdCBkaWN0aW9uYXJ5IGF0dGFja3MgYW5kIGFsc28gcHJvdmlk ZSBQZXJmZWN0DSAgICAgIEZvcndhcmQgU2VjcmVjeSAoUEZTKS4NDSAgIG8gIFJTQV9QU0sga2V5 IGV4Y2hhbmdlIGFsZ29yaXRobSAtIHVzZSBSU0EgYW5kIGNlcnRpZmljYXRlcyB0bw0gICAgICBh dXRoZW50aWNhdGUgdGhlIHNlcnZlciwgaW4gYWRkaXRpb24gdG8gdXNpbmcgYSBQU0suICBOb3QN ICAgICAgc3VzY2VwdGlibGUgdG8gcGFzc2l2ZSBhdHRhY2tzLg0NICAgVGhlIGZpcnN0IGFwcHJv YWNoIChQU0spIGlzIHN1c2NlcHRpYmxlIHRvIHBhc3NpdmUgZGljdGlvbmFyeQ0NDQ1LZWxseSAm IFJlc2NvcmxhICAgICAgICAgIEV4cGlyZXMgSnVuZSAxNSwgMjAwNiAgICAgICAgICAgICAgICAg W1BhZ2UgOV0MSW50ZXJuZXQtRHJhZnQgICAgICAgICAgU2VjdXJpbmcgTFdBUFAgd2l0aCBEVExT ICAgICAgICAgICBEZWNlbWJlciAyMDA1DQ0NICAgYXR0YWNrczsgaGVuY2UsIHRoYXQgbWV0aG9k IE1VU1QgTk9UIGJlIHVzZWQuICBJZiBzdXBwb3J0IGZvciBwcmUtDSAgIHNoYXJlZCBrZXlzIGlz IGRlc2lyZWQsIHRoZW4gREhFX1BTSyBNVVNUIGJlIHN1cHBvcnRlZCwgYW5kIFJTQV9QU0sNICAg TUFZIGJlIHN1cHBvcnRlZC4NDSAgIFRoZSBmb2xsb3dpbmcgY3J5cHRvZ3JhcGhpYyBhbGdvcml0 aG1zIE1VU1QgYmUgc3VwcG9ydGVkIHdoZW4gdXNpbmcNICAgcHJlc2hhcmVkIGtleXM6DQ0gICBv ICBUTFNfUFNLX1dJVEhfQUVTXzEyOF9DQkNfU0hBDQ0gICBvICBUTFNfUFNLX1dJVEhfM0RFU19F REVfQ0JDX1NIQQ0NICAgVGhlIGZvbGxvd2luZyBhbGdvcml0aG1zIFNIT1VMRCBiZSBzdXBwb3J0 ZWQgd2hlbiB1c2luZyBwcmVzaGFyZWQNICAga2V5czoNDSAgIG8gIFRMU19QU0tfV0lUSF9BRVNf MjU2X0NCQ19TSEENDSAgIFRoZSBmb2xsb3dpbmcgYWxnb3JpdGhtcyBNQVkgYmUgc3VwcG9ydGVk IHdoZW4gdXNpbmcgcHJlc2hhcmVkIGtleXM6DQ0gICBvICBUTFNfUlNBX1BTS19XSVRIX0FFU18x MjhfQ0JDX1NIQQ0NICAgbyAgVExTX1JTQV9QU0tfV0lUSF9BRVNfMjU2X0NCQ19TSEENDSAgIG8g IFRMU19SU0FfUFNLX1dJVEhfM0RFU19FREVfQ0JDX1NIQQ0NDTQuICBDb25jbHVzaW9ucw0NICAg RFRMUyByZXByZXNlbnRzIGEgc3Ryb25nIHJlcGxhY2VtZW50IGNhbmRpZGF0ZSBmb3IgdGhlIGV4 aXN0aW5nIExXQVBQDSAgIHNlY3VyaXR5IHNjaGVtZS4gIEluIGFkZGl0aW9uIHRvIGJlaW5nIGEg a25vd24gcXVhbnRpdHkgd2hpY2ggaGFzDSAgIHJlY2VpdmVkIGFuZCB3aWxsIGNvbnRpbnVlIHRv IHJlY2VpdmUgYSBoZWFsdGh5IGRvc2Ugb2Ygb25nb2luZw0gICBhbmFseXNpcyBhbmQgcmV2aWV3 IGZyb20gdGhlIGNyeXB0b2dyYXBoaWMgY29tbXVuaXR5LCBpdCBzdXBwb3J0cyBhbGwNICAgcmVx dWlyZWQgTFdBUFAgc2VjdXJpdHkgZnVuY3Rpb25hbGl0eSwgYW5kIGFsc28gcHJvdmlkZXMgZm9y DSAgIGFsZ29yaXRobSBhZ2lsaXR5IHNob3VsZCB0aGUgbmVlZCBhcmlzZS4gIEZ1cnRoZXIsIGl0 cyBuZWdvdGlhdGlvbg0gICBjYXBhYmlsaXR5IHByb3ZpZGVzIGZvciBhIG1lYXN1cmUgb2YgaW1w bGVtZW50YXRpb24gZmxleGliaWxpdHkgbm90DSAgIHBvc3NpYmxlIHdpdGggdGhlIGN1cnJlbnQg TFdBUFAgc2NoZW1lLg0NICAgV2hpbGUgaXQgaXMgbm90IGEgZHJvcC1pbiByZXBsYWNlbWVudCwg aXQgcmVxdWlyZXMgYSByZWFzb25hYmx5DSAgIGJvdW5kZWQgYW1vdW50IG9mIGNoYW5nZSB0byB0 aGUgZXhpc3Rpbmcgc3RhdGUgbWFjaGluZSBhbmQgcGFja2V0DSAgIGZvcm1hdHMuICBBcyBub3Rl ZCwgc2luY2UgRFRMUyBkb2VzIG5vdCBwcm92aWRlIGZvciB1bmVxdWFsDSAgIGVuY3J5cHRpb24g dnMgYXV0aGVudGljYXRpb24gbGVuZ3RocyB3aXRoaW4gYSBwYWNrZXQsIGl0IHJlcXVpcmVzDSAg IGFkZGluZyBlaXRoZXIgYSBzZWNvbmRhcnkgZGF0YSBwb3J0IG9yIGEgc2hvcnQgZGVtdXggaGVh ZGVyLg0NDTUuICBTZWN1cml0eSBDb25zaWRlcmF0aW9ucw0NICAgVGhlIHNlY3VyaXR5IG9mIExX QVBQIG92ZXIgRFRMUyBpcyBjb21wbGV0ZWx5IGRlcGVuZGVudCBvbiB0aGUNICAgc2VjdXJpdHkg b2YgRFRMUy4gIEFueSBmbGF3cyBpbiBEVExTIGNvbXByb21pc2UgdGhlIHNlY3VyaXR5IG9mDSAg IExXQVBQLiAgSW4gcGFydGljdWxhciwgaXQgaXMgY3JpdGljYWwgdGhhdCB0aGUgY29tbXVuaWNh dGluZyBwYXJ0aWVzDQ0NDUtlbGx5ICYgUmVzY29ybGEgICAgICAgICAgRXhwaXJlcyBKdW5lIDE1 LCAyMDA2ICAgICAgICAgICAgICAgIFtQYWdlIDEwXQxJbnRlcm5ldC1EcmFmdCAgICAgICAgICBT ZWN1cmluZyBMV0FQUCB3aXRoIERUTFMgICAgICAgICAgIERlY2VtYmVyIDIwMDUNDQ0gICB2ZXJp ZnkgdGhlaXIgcGVlcidzIGNyZWRlbnRpYWxzLiAgSW4gdGhlIGNhc2Ugb2YgcHJlLXNoYXJlZCBr ZXlzLA0gICB0aGlzIGhhcHBlbnMgYXV0b21hdGljYWxseSB2aWEgdGhlIGtleS4gIEluIHRoZSBj YXNlIG9mIGNlcnRpZmljYXRlcywNICAgdGhlIHBhcnRpZXMgbXVzdCBjaGVjayB0aGUgcGVlcidz IGNlcnRpZmljYXRlLiAgVGhlIGFwcHJvcHJpYXRlDSAgIGNoZWNrcyBhcmUgZGVzY3JpYmVkIGlu IHRoZSBjdXJyZW50IExXQVBQIGRvY3VtZW50DQ0gICBUaGUgdXNlIG9mIHBhcmFsbGVsIHByb3Rl Y3RlZCBhbmQgdW5wcm90ZWN0ZWQgY2hhbm5lbHMgZGVzZXJ2ZXMNICAgc3BlY2lhbCBjb25zaWRl cmF0aW9uLCBidXQgZG9lcyBub3QgY3JlYXRlIGEgdGhyZWF0LiAgVGhlcmUgYXJlIHR3bw0gICBw b3RlbnRpYWwgY29uY2VybnM6IGF0dGVtcHRpbmcgdG8gY29udmVydCBwcm90ZWN0ZWQgZGF0YSBp bnRvIHVuLQ0gICBwcm90ZWN0ZWQgZGF0YSBhbmQgYXR0ZW1wdGluZyB0byBjb252ZXJ0IHVuLXBy b3RlY3RlZCBkYXRhIGludG8NICAgcHJvdGVjdGVkIGRhdGEuICBUaGUgdXNlIG9mIHRoZSBNQUMg bWFrZXMgaXQgaW1wb3NzaWJsZSBmb3IgdGhlDSAgIGF0dGFja2VyIHRvIGZvcmdlIHByb3RlY3Rl ZCByZWNvcmRzLiAgVGhlIGF0dGFja2VyIGNhbiBlYXNpbHkgcmVtb3ZlDSAgIHByb3RlY3RlZCBy ZWNvcmRzIGZyb20gdGhlIHN0cmVhbSAodGhpcyBpcyBhIGNvbnNlcXVlbmNlIG9mDSAgIHVucmVs aWFiaWxpdHkpLCB0aG91Z2ggbm90IHVuZGV0ZWN0YWJseSBzby4gIElmIGEgbm9uLWVuY3J5cHRl ZA0gICBjaXBoZXIgc3VpdGUgaXMgaW4gdXNlLCB0aGUgYXR0YWNrZXIgY2FuIHR1cm4gc3VjaCBh IHJlY29yZCBpbnRvIGFuDSAgIHVuLXByb3RlY3RlZCByZWNvcmQuICBIb3dldmVyLCB0aGlzIGF0 dGFjayBpcyByZWFsbHkgbm8gZGlmZmVyZW50DSAgIGZyb20gc2ltcGxlIGluamVjdGlvbiBpbnRv IHRoZSB1bnByb3RlY3RlZCBzdHJlYW0uDQ0NNi4gIElBTkEgQ29uc2lkZXJhdGlvbnMNDSAgIFNo b3VsZCBhIHNlcGFyYXRlIFVEUCBwb3J0IGZvciBkYXRhIGNoYW5uZWwgY29tbXVuaWNhdGlvbnMg YmUgdGhlDSAgIHNlbGVjdGVkIGRlbXVsdGlwbGV4aW5nIG1lY2hhbmlzbSwgYSBwb3J0IG11c3Qg YmUgYXNzaWduZWQgZm9yIHRoaXMNICAgcHVycG9zZS4gIFNob3VsZCBhIGRlbXVsdGlwbGV4aW5n IGhlYWRlciBiZSB1c2VkIGluc3RlYWQsIHRoZXJlIG1heQ0gICBiZSBhZGRpdGlvbmFsIElBTkEg cmVxdWlyZW1lbnRzICh3ZSdsbCBjcm9zcyB0aGF0IGJyaWRnZSBpZiB3ZSBjb21lDSAgIHRvIGl0 KS4NDQ03LiAgUmVmZXJlbmNlcw0NNy4xLiAgTm9ybWF0aXZlIFJlZmVyZW5jZXMNDSAgIFtEVExT XSAgICAgUmVzY29ybGEgZXQgYWwsIEUuLCAiRGF0YWdyYW0gVHJhbnNwb3J0IExheWVyIFNlY3Vy aXR5IiwNICAgICAgICAgICAgICBKdW5lIDIwMDQuDQ0gICBbTFdBUFBdICAgIENhbGhvdW4gZXQg YWwsIFAuLCAiTGlnaHQgV2VpZ2h0IEFjY2VzcyBQb2ludCBQcm90b2NvbCIsDSAgICAgICAgICAg ICAgSnVuZSAyMDA1LCA8aHR0cDovL3d3dy5pZXRmLm9yZz4uDQ0gICBbVExTLVBTS10gIEVyb25l biBldCBhbCwgUC4sICJQcmUtU2hhcmVkIEtleSBDaXBoZXJzdWl0ZXMgZm9yDSAgICAgICAgICAg ICAgVHJhbnNwb3J0IExheWVyIFNlY3VyaXR5IChUTFMpIiwgSnVuZSAyMDA1Lg0NNy4yLiAgSW5m b3JtYXRpdmUgUmVmZXJlbmNlcw0NICAgW0NBUFdBUC1FVkFMXQ0gICAgICAgICAgICAgIExvaHJl ciBldCBhbCwgRC4sICJFdmFsdWF0aW9uIG9mIENhbmRpZGF0ZSBDQVBXQVANICAgICAgICAgICAg ICBQcm90b2NvbHMiLCBBdWd1c3QgMjAwNSwgPGh0dHA6Ly93d3cuaWV0Zi5vcmc+Lg0NICAgW0RU TFMtREVTSUdOXQ0gICAgICAgICAgICAgIE1vZGFkdWd1IGV0IGFsLCBOLiwgIlRoZSBEZXNpZ24g YW5kIEltcGxlbWVudGF0aW9uIG9mDQ0NDUtlbGx5ICYgUmVzY29ybGEgICAgICAgICAgRXhwaXJl cyBKdW5lIDE1LCAyMDA2ICAgICAgICAgICAgICAgIFtQYWdlIDExXQxJbnRlcm5ldC1EcmFmdCAg ICAgICAgICBTZWN1cmluZyBMV0FQUCB3aXRoIERUTFMgICAgICAgICAgIERlY2VtYmVyIDIwMDUN DQ0gICAgICAgICAgICAgIERhdGFncmFtIFRMUyIsIEZlYiAyMDA0Lg0NICAgW0xXQVBQLVNFQ10N ICAgICAgICAgICAgICBDbGFuY3ksIEMuLCAiU2VjdXJpdHkgUmV2aWV3IG9mIHRoZSBMaWdodCBX ZWlnaHQgQWNjZXNzDSAgICAgICAgICAgICAgUG9pbnQgUHJvdG9jb2wiLCBNYXkgMjAwNS4NDSAg IFtUTFMxMV0gICAgRGllcmtzIGV0IGFsLCBULiwgIlRoZSBUTFMgUHJvdG9jb2wgVmVyc2lvbiAx LjEiLA0gICAgICAgICAgICAgIEp1bmUgMjAwNS4NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0N DQ0NDQ0NDQ0NDQ0NDQ0NDUtlbGx5ICYgUmVzY29ybGEgICAgICAgICAgRXhwaXJlcyBKdW5lIDE1 LCAyMDA2ICAgICAgICAgICAgICAgIFtQYWdlIDEyXQ0MDUludGVybmV0LURyYWZ0ICAgICAgICAg IFNlY3VyaW5nIExXQVBQIHdpdGggRFRMUyAgICAgICAgICAgRGVjZW1iZXIgMjAwNQ0NDUF1dGhv cnMnIEFkZHJlc3Nlcw0NICAgU2NvdHQgRy4gS2VsbHkNICAgVGFsYXJpIE5ldHdvcmtzDSAgIDE1 MCBXLiBJb3dhIEF2ZSBTdGUgMjA4DSAgIFN1bm55dmFsZSwgQ0EgIDk0MDg2DSAgIFVTDQ0gICBF bWFpbDogc2NvdHRAaHlwZXJ0aG91Z2h0LmNvbQ0NDSAgIEVyaWMgUmVzY29ybGEgICBOZXR3b3Jr IFJlc29uYW5jZSAgIDI0ODMgRWwgQ2FtaW5vIFJlYWwsICMyMTIgICBQYWxvIEFsdG8sIENBICA5 NDMwMyAgIFVTDSAgIEVtYWlsOiBla3JAbmV0d29ya3Jlc29uYW5jZS5jb20NDQ0NDQ0NDQ0NDQ0N DQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ1LZWxseSAmIFJlc2NvcmxhICAgICAgICAgIEV4cGlyZXMgSnVu ZSAxNSwgMjAwNiAgICAgICAgICAgICAgICBbUGFnZSAxM10MSW50ZXJuZXQtRHJhZnQgICAgICAg ICAgU2VjdXJpbmcgTFdBUFAgd2l0aCBEVExTICAgICAgICAgICBEZWNlbWJlciAyMDA1DQ0NSW50 ZWxsZWN0dWFsIFByb3BlcnR5IFN0YXRlbWVudA0NICAgVGhlIElFVEYgdGFrZXMgbm8gcG9zaXRp b24gcmVnYXJkaW5nIHRoZSB2YWxpZGl0eSBvciBzY29wZSBvZiBhbnkNICAgSW50ZWxsZWN0dWFs IFByb3BlcnR5IFJpZ2h0cyBvciBvdGhlciByaWdodHMgdGhhdCBtaWdodCBiZSBjbGFpbWVkIHRv DSAgIHBlcnRhaW4gdG8gdGhlIGltcGxlbWVudGF0aW9uIG9yIHVzZSBvZiB0aGUgdGVjaG5vbG9n eSBkZXNjcmliZWQgaW4NICAgdGhpcyBkb2N1bWVudCBvciB0aGUgZXh0ZW50IHRvIHdoaWNoIGFu eSBsaWNlbnNlIHVuZGVyIHN1Y2ggcmlnaHRzDSAgIG1pZ2h0IG9yIG1pZ2h0IG5vdCBiZSBhdmFp bGFibGU7IG5vciBkb2VzIGl0IHJlcHJlc2VudCB0aGF0IGl0IGhhcw0gICBtYWRlIGFueSBpbmRl cGVuZGVudCBlZmZvcnQgdG8gaWRlbnRpZnkgYW55IHN1Y2ggcmlnaHRzLiAgSW5mb3JtYXRpb24N ICAgb24gdGhlIHByb2NlZHVyZXMgd2l0aCByZXNwZWN0IHRvIHJpZ2h0cyBpbiBSRkMgZG9jdW1l bnRzIGNhbiBiZQ0gICBmb3VuZCBpbiBCQ1AgNzggYW5kIEJDUCA3OS4NDSAgIENvcGllcyBvZiBJ UFIgZGlzY2xvc3VyZXMgbWFkZSB0byB0aGUgSUVURiBTZWNyZXRhcmlhdCBhbmQgYW55DSAgIGFz c3VyYW5jZXMgb2YgbGljZW5zZXMgdG8gYmUgbWFkZSBhdmFpbGFibGUsIG9yIHRoZSByZXN1bHQg b2YgYW4NICAgYXR0ZW1wdCBtYWRlIHRvIG9idGFpbiBhIGdlbmVyYWwgbGljZW5zZSBvciBwZXJt aXNzaW9uIGZvciB0aGUgdXNlIG9mDSAgIHN1Y2ggcHJvcHJpZXRhcnkgcmlnaHRzIGJ5IGltcGxl bWVudGVycyBvciB1c2VycyBvZiB0aGlzDSAgIHNwZWNpZmljYXRpb24gY2FuIGJlIG9idGFpbmVk IGZyb20gdGhlIElFVEYgb24tbGluZSBJUFIgcmVwb3NpdG9yeSBhdA0gICBodHRwOi8vd3d3Lmll dGYub3JnL2lwci4NDSAgIFRoZSBJRVRGIGludml0ZXMgYW55IGludGVyZXN0ZWQgcGFydHkgdG8g YnJpbmcgdG8gaXRzIGF0dGVudGlvbiBhbnkNICAgY29weXJpZ2h0cywgcGF0ZW50cyBvciBwYXRl bnQgYXBwbGljYXRpb25zLCBvciBvdGhlciBwcm9wcmlldGFyeQ0gICByaWdodHMgdGhhdCBtYXkg Y292ZXIgdGVjaG5vbG9neSB0aGF0IG1heSBiZSByZXF1aXJlZCB0byBpbXBsZW1lbnQNICAgdGhp cyBzdGFuZGFyZC4gIFBsZWFzZSBhZGRyZXNzIHRoZSBpbmZvcm1hdGlvbiB0byB0aGUgSUVURiBh dA0gICBpZXRmLWlwckBpZXRmLm9yZy4NDQ1EaXNjbGFpbWVyIG9mIFZhbGlkaXR5DQ0gICBUaGlz IGRvY3VtZW50IGFuZCB0aGUgaW5mb3JtYXRpb24gY29udGFpbmVkIGhlcmVpbiBhcmUgcHJvdmlk ZWQgb24gYW4NICAgIkFTIElTIiBiYXNpcyBhbmQgVEhFIENPTlRSSUJVVE9SLCBUSEUgT1JHQU5J WkFUSU9OIEhFL1NIRSBSRVBSRVNFTlRTDSAgIE9SIElTIFNQT05TT1JFRCBCWSAoSUYgQU5ZKSwg VEhFIElOVEVSTkVUIFNPQ0lFVFkgQU5EIFRIRSBJTlRFUk5FVA0gICBFTkdJTkVFUklORyBUQVNL IEZPUkNFIERJU0NMQUlNIEFMTCBXQVJSQU5USUVTLCBFWFBSRVNTIE9SIElNUExJRUQsDSAgIElO Q0xVRElORyBCVVQgTk9UIExJTUlURUQgVE8gQU5ZIFdBUlJBTlRZIFRIQVQgVEhFIFVTRSBPRiBU SEUNICAgSU5GT1JNQVRJT04gSEVSRUlOIFdJTEwgTk9UIElORlJJTkdFIEFOWSBSSUdIVFMgT1Ig QU5ZIElNUExJRUQNICAgV0FSUkFOVElFUyBPRiBNRVJDSEFOVEFCSUxJVFkgT1IgRklUTkVTUyBG T1IgQSBQQVJUSUNVTEFSIFBVUlBPU0UuDQ0NQ29weXJpZ2h0IFN0YXRlbWVudA0NICAgQ29weXJp Z2h0IChDKSBUaGUgSW50ZXJuZXQgU29jaWV0eSAoMjAwNSkuICBUaGlzIGRvY3VtZW50IGlzIHN1 YmplY3QNICAgdG8gdGhlIHJpZ2h0cywgbGljZW5zZXMgYW5kIHJlc3RyaWN0aW9ucyBjb250YWlu ZWQgaW4gQkNQIDc4LCBhbmQNICAgZXhjZXB0IGFzIHNldCBmb3J0aCB0aGVyZWluLCB0aGUgYXV0 aG9ycyByZXRhaW4gYWxsIHRoZWlyIHJpZ2h0cy4NDQ1BY2tub3dsZWRnbWVudA0NICAgRnVuZGlu ZyBmb3IgdGhlIFJGQyBFZGl0b3IgZnVuY3Rpb24gaXMgY3VycmVudGx5IHByb3ZpZGVkIGJ5IHRo ZQ0gICBJbnRlcm5ldCBTb2NpZXR5Lg0NDQ0NS2VsbHkgJiBSZXNjb3JsYSAgICAgICAgICBFeHBp cmVzIEp1bmUgMTUsIDIwMDYgICAgICAgICAgICAgICAgW1BhZ2UgMTRdDQwNDQVFeHRyYW5lb3Vz IHdvcmQgKA0NDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYAABgQAABj EAAAMR8AAHofAADaJAAA2yQAAOIkAAAYJQAAGSUAABolAAAbJQAAHCUAACMlAABYJQAAWSUAAFol AABbJQAAXCUAAGMlAAB/JQAAgCUAAPnu+d351r75tJ6I+XD5Zp6I+U75OAAAACsACIEVaCNsswAW aDwCPQAXaElQfABjSAEAZGgAAAAAZGgAAAAAZGiG3KGmLwAIgRVoI2yzABZoPAI9ABdoQwS4AGNI AQBkaAAAAABkaAAAAABkaGncoaZnSAYAEwEIgQRIAQAFaGfcoaYWaDwCPQAvAAiBFWgjbLMAFmg8 Aj0AF2hDBLgAY0gBAGRoAAAAAGRoAAAAAGRoZ9yhpmdIBgArAAiBFWgjbLMAFmg8Aj0AF2hDBLgA Y0gBAGRoAAAAAGRoAAAAAGRoadyhpisACIEVaCNsswAWaEMEuAAXaEMEuABjSAEAZGgAAAAAZGgA AAAAZGhp3KGmEwEIgQRIAQAFaGTcoaYWaDwCPQAvAAiBFWgjbLMAFmg8Aj0AF2hDBLgAY0gBAGRo AAAAAGRoAAAAAGRoZNyhpmdIBgAMFWgjbLMAFmhDBLgAACEVaEMEuAAWaDwCPQCJygcBAQBj3KGm gyoBbUgMBHNIDAQUFWhDBLgAFmg8Aj0AbUgMBHNIDAQADBVoI2yzABZoPAI9ABUABgAAAQgAAAII AAADCAAATAgAAJUIAADeCAAAJwkAAHAJAABxCQAAcgkAAKMJAADYCQAA2QkAAO0JAADuCQAANAoA AHkKAAC/CgAAAwsAAAQLAABJCwAAjQsAANALAADbCwAA3AsAACUMAABtDAAArwwAAO0MAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAEIwBnZCNsswAAHQAGAAA2gAAASoAA AP39AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAQAAQEC7QwAAO4MAAAoDQAA Vw0AAFgNAACcDQAAwA0AAMENAAD2DQAA9w0AAAgOAAAJDgAANw4AADgOAABBDgAAQg4AAIoOAADT DgAAGQ8AAFoPAACfDwAA5A8AABUQAAAWEAAAFxAAABgQAABhEAAAYxAAAKwQAACtEAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAABCMAZ2QjbLMAAB2tEAAArhAAAMAQAADB EAAAChEAAFMRAACcEQAA5REAAC4SAAB3EgAAwBIAAAkTAABSEwAAmxMAAOQTAAAtFAAAdhQAAL8U AAAIFQAAURUAAFIVAABTFQAAVBUAAFUVAABWFQAAVxUAAFgVAABZFQAAWhUAAFsVAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAEIwBnZCNsswAAHVsVAABcFQAAXRUAAF4V AABfFQAAYBUAAGEVAABiFQAAYxUAAGQVAABlFQAAZhUAAGcVAABoFQAAaRUAAGoVAABrFQAAbBUA AG0VAABuFQAAbxUAAHAVAABxFQAAchUAALsVAAC9FQAABhYAAAcWAAAIFgAAGRYAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAAAAAAAAQjAGdkI2yzAAAdGRYAABoWAABYFgAAnRYA AOUWAAArFwAAbxcAALMXAADGFwAAxxcAAAsYAAAmGAAAJxgAAG0YAAC2GAAA0xgAANQYAAAcGQAA RxkAAEgZAACMGQAAzRkAAM4ZAAARGgAAVhoAAJgaAADeGgAAIhsAACMbAABkGwAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAABCMAZ2QjbLMAAB1kGwAAqxsAALcbAAC4GwAA +xsAAEAcAACFHAAAzRwAAAwdAABQHQAAlx0AAN4dAAAaHgAAGx4AAF8eAACjHgAA6R4AAC0fAAAu HwAALx8AADAfAAAxHwAAeR8AAHofAADDHwAAxB8AAMUfAAANIAAAUiAAAJQgAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAEIwBnZCNsswAAHZQgAADaIAAAHyEAAF8hAABv IQAAcCEAALchAAD+IQAARSIAAI0iAADWIgAABSMAAAYjAAAHIwAAGiMAABsjAABhIwAAoyMAAOsj AAAxJAAAYiQAAGMkAACiJAAA2iQAANskAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQjAGdkI2yzAAAY2yQAABklAAAbJQAAHCUAALQA AAAAAAAAAAAAAABiAAAAAAAAAAAAAAAAXQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQj AGdkI2yzAFIjAEMkAUXGgAAAAQBk3KGmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZ2RDBLgAb8YHAQEAZNyhpmQmAQ+EaAFehGgB SyMACiYAC0YTAEMkAUXGgAAAAQBk3KGmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZ2RDBLgAAAMcJQAAWSUAAFslAABcJQAAtAAA AAAAAAAAAAAAAGIAAAAAAAAAAAAAAABdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABCMA Z2QjbLMAUiMAQyQBRcaAAAABAGfcoaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnZEMEuABvxgcBAQBn3KGmZCYBD4RoAV6EaAFL IwAKJgALRhMAQyQBRcaAAAABAGfcoaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnZEMEuAAAA4AlAACBJQAAjSUAAI4lAAAOJgAA HyYAACAmAAAjJgAAQCYAAE0mAABOJgAATyYAAOkmAADqJgAADCcAAA0nAACHJwAAkycAAJgnAADh JwAAKSgAACooAAAEMQAABTEAAEQxAABFMQAARjEAAEcxAAC4MQAA9e7k2tDaxtrG2rmvpZuF7m/u Xu5v7m/ub1RN7gAAAAAAAAAAAAAMFWgjbLMAFmhJUHwAABMBCIEESAEABWiG3KGmFmg8Aj0AIRVo QwS4ABZoPAI9AInKBwEBAGPcoaaDKgFtSAwEc0gMBCsACIEVaCNsswAWaDwCPQAXaElQfABjSAEA ZGgAAAAAZGgAAAAAZGiG3KGmKwAIgRVoI2yzABZoQwS4ABdoXBByAGNIAQBkaAAAAABkaAAAAABk aG/doaYTAQiBBEgBAAVob92hphZoXBByABMBCIEESAEABWhp3KGmFmhcEHIAEwEIgQRIAQAFaG7d oaYWaFwQcgAZAQiBBEgBAAVoadyhphVoI2yzABZoQwS4ABMBCIEESAEABWhr3KGmFmhVKqMAEwEI gQRIAQAFaGrcoaYWaFUqowATAQiBBEgBAAVoadyhphZoQwS4ABMBCIEESAEABWhp3KGmFmg8Aj0A DBVoI2yzABZoPAI9AAATAQiBBEgBAAVohtyhphZoSVB8AAAcXCUAAI4lAACPJQAAtAAAAAAAAAAA AAAAAGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEcjAEMkAUXGgAAAAQBp3KGmAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZ2RDBLgASyMA CiYAC0YTAEMkAUXGgAAAAQBp3KGmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZ2RDBLgAAAKPJQAADCcAAA4nAAAPJwAAUCcAAIgn AACJJwAAiicAAIsnAACMJwAArQAAAAAAAAAAAAAAAFsAAAAAAAAAAAAAAABWAAAAAAAAAAAAAAAA VgAAAAAAAAAAAAAAAFYAAAAAAAAAAAAAAABWAAAAAAAAAAAAAAAAVgAAAAAAAAAAAAAAAFYAAAAA AAAAAAAAAABWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQjAGdkI2yzAFIjAEMkAUXGgAAA AQBv3aGmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAZ2RDBLgAb8YHAQEAadyhpmQmAQ+EaAFehGgBUiMAQyQBRcaAAAABAGncoaYA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAABnZEMEuABvxgcBAQBp3KGmZCYBD4RoAV6EaAEACYwnAACNJwAAjicAAI8nAACQJwAAkScA AJInAACTJwAAlCcAAJUnAACWJwAAlycAAJgnAADgJwAA4ScAACooAAArKAAALCgAAEQoAABdKAAA fSgAAMUoAAANKQAAVSkAAJ0pAADlKQAALSoAAHUqAAC9KgAABSsAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAAAAAAAAQjAGdkI2yzAAAdBSsAAE0rAACaKwAA6CsAADYsAACELAAA 0iwAACAtAABuLQAAvC0AAAouAABYLgAApi4AAPQuAABCLwAAkC8AAN4vAAAsMAAAeTAAAL8wAAAF MQAABjEAAEUxAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAABCMAZ2QjbLMAABZFMQAARjEAAEcxAACMMQAAuTEAALoxAAC7 MQAAAzIAAEwyAACCMgAAgzIAAMYyAAALMwAAtwAAAAAAAAAAAAAAALIAAAAAAAAAAAAAAACyAAAA AAAAAAAAAAAAsgAAAAAAAAAAAAAAAGoAAAAAAAAAAAAAAACyAAAAAAAAAAAAAAAAsgAAAAAAAAAA AAAAALIAAAAAAAAAAAAAAACyAAAAAAAAAAAAAAAAsgAAAAAAAAAAAAAAALIAAAAAAAAAAAAAAACy AAAAAAAAAAAAAAAAAAAAAABHIwBDJAFFxoAAAAEAh9yhpgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGdkI2yzAAAEIwBnZCNsswAA RyMAQyQBRcaAAAABAIbcoaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnZCNsswAADLgxAAC5MQAAujEAALsxAACBMgAAgjIAAFwz AABdMwAApDMAAGo0AABrNAAAbjQAAG80AABwNAAAcTQAALk0AAC6NAAAvDQAAL00AAC+NAAABzUA AAg1AADUNQAA1TUAAAg2AAD/NgAA9e7Y0bvRsaedh3HR9WrR9WBqu9G70VZMQgAAABMBCIEESAEA BWhv3KGmFmhVKqMAEwEIgQRIAQAFaG7coaYWaFUqowATAQiBBEgBAAVobtyhphZoPAI9ABMBCIEE SAEABWiH3KGmFmgXHVwADBVoI2yzABZoFx1cAAArAAiBFWgjbLMAFmg8Aj0AF2hVKqMAY0gBAGRo AAAAAGRoAAAAAGRobtyhpisACIEVaCNsswAWaFUqowAXaFUqowBjSAEAZGgAAAAAZGgAAAAAZGhu 3KGmEwEIgQRIAQAFaG3coaYWaFUqowATAQiBBEgBAAVobNyhphZoVSqjABMBCIEESAEABWhs3KGm Fmg8Aj0AKwAIgRVoI2yzABZoPAI9ABdoFx1cAGNIAQBkaAAAAABkaAAAAABkaIfcoaYMFWgjbLMA Fmg8Aj0AACsACIEVaCNsswAWaDwCPQAXaElQfABjSAEAZGgAAAAAZGgAAAAAZGiG3KGmDBVoI2yz ABZoSVB8AAATAQiBBEgBAAVoh9yhphZoPAI9AAAZCzMAAFAzAABdMwAAazQAAGw0AABtNAAAbjQA AG80AABwNAAAcTQAALo0AAC7NAAAvDQAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAAsgAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AABqAAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAABqAAAAAAAAAAAAAAAAagAA AAAAAAAAAAAAAAAAAAAARyMAQyQBRcaAAAABAIfcoaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnZCNsswAARyMAQyQBRcaAAAAB AGzcoaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAABnZCNsswAABCMAZ2QjbLMAAAy8NAAAvTQAAL80AAAINQAACTUAAAo1AABTNQAA mDUAANU1AAATNwAAFDcAAFs3AACVNwAAtwAAAAAAAAAAAAAAALIAAAAAAAAAAAAAAACyAAAAAAAA AAAAAAAAsgAAAAAAAAAAAAAAALIAAAAAAAAAAAAAAACyAAAAAAAAAAAAAAAAsgAAAAAAAAAAAAAA ALIAAAAAAAAAAAAAAABqAAAAAAAAAAAAAAAAsgAAAAAAAAAAAAAAALIAAAAAAAAAAAAAAACyAAAA AAAAAAAAAAAAAAAAAABHIwBDJAFFxoAAAAEAbtyhpgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGdkI2yzAAAEIwBnZCNsswAARyMA QyQBRcaAAAABAIfcoaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAABnZCNsswAADP82AAASNwAAEzcAAGI3AABjNwAAFDgAABU4AABB OAAAQjgAAEM4AACjOAAApDgAAPo4AAD7OAAAUDkAAIk5AADJOgAANTsAADc7AAA4OwAATTsAAFw7 AAC7OwAAvDsAAL07AAC+OwAA7jsAAO87AAAnPAAA9e7n4+ff59/Y59/nwue4rqSakJqGkH50Z+dV 5wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIwNqAAAAABZoYAliADBKEwBPSgMAUEoAAFFKAwBV CAFeSgMAGQEIgQRIAQAFaITcoaYVaCNsswAWaElQfAATAQiBBEgBAAVohdyhphZoSVB8AA8ACIEW aDwCPQAXaElQfAATAQiBBEgBAAVog9yhphZoSVB8ABMBCIEESAEABWiE3KGmFmhJUHwAEwEIgQRI AQAFaILcoaYWaElQfAATAQiBBEgBAAVogtyhphZoPAI9ABMBCIEESAEABWiB3KGmFmg8Aj0AEwEI gQRIAQAFaIDcoaYWaDwCPQArAAiBFWgjbLMAFmg8Aj0AF2gXHVwAY0gBAGRoAAAAAGRoAAAAAGRo iNyhpgwVaCNsswAWaBcdXAAABhZoPAI9AAAGFmgXHVwAAAwVaCNsswAWaDwCPQAADBVoI2yzABZo VSqjAAATAQiBBEgBAAVocNyhphZoVSqjAAAclTcAAJY3AADbNwAAFTgAABY4AABCOAAAQzgAAIo4 AACkOAAApTgAAOg4AAD7OAAA/DgAAD45AABROQAAiDoAAIk6AAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAALIAAAAAAAAA AAAAAACyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARyMAQyQBRcaAAAABAIHc oaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAABnZCNsswAABCMAZ2QjbLMAABCJOgAAvDsAAL07AAC+OwAAvzsAAAg8AAAoPAAAKTwA ACo8AAByPAAAtDwAAMw8AADNPAAAtwAAAAAAAAAAAAAAALcAAAAAAAAAAAAAAABvAAAAAAAAAAAA AAAAagAAAAAAAAAAAAAAAGoAAAAAAAAAAAAAAABqAAAAAAAAAAAAAAAAbwAAAAAAAAAAAAAAAGoA AAAAAAAAAAAAAABqAAAAAAAAAAAAAAAAagAAAAAAAAAAAAAAAGoAAAAAAAAAAAAAAAC3AAAAAAAA AAAAAAAAAAAAAAAEIwBnZCNsswAARyMAQyQBRcaAAAABAITcoaYAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnZCNsswAARyMAQyQB RcaAAAABAIXcoaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAABnZCNsswAADCc8AAAoPAAAKTwAACo8AADLPAAAzDwAAM08AADOPAAA KT0AACo9AAArPQAAMT0AADI9AAA1PQAAOj0AAEU9AABiPQAAcT0AALA9AADKPQAAQj4AAEM+AABE PgAART4AAMg+AADJPgAAyj4AAMs+AAANPwAADj8AAOnf2NG7sdjRqZySiH6IfnRqYFZMYLHY0bux 2NG7AAAAEwEIgQRIAQAFaC/doaYWaEVoywATAQiBBEgBAAVoLt2hphZoRWjLABMBCIEESAEABWgt 3aGmFmhFaMsAEwEIgQRIAQAFaJjcoaYWaHsOFQATAQiBBEgBAAVok9yhphZoew4VABMBCIEESAEA BWiT3KGmFmhgCWIAEwEIgQRIAQAFaG3doaYWaFwQcgATAQiBBEgBAAVojdyhphZoYAliABkBCIEE SAEABWiN3KGmFWgjbLMAFmhgCWIADwAIgRZoPAI9ABdoYAliABMBCIEESAEABWiF3KGmFmg8Aj0A KwAIgRVoI2yzABZoPAI9ABdoSVB8AGNIAQBkaAAAAABkaAAAAABkaIXcoaYMFWgjbLMAFmg8Aj0A AAwVaCNsswAWaElQfAAAEwEIgQRIAQAFaITcoaYWaDwCPQArAAiBFWgjbLMAFmg8Aj0AF2hJUHwA Y0gBAGRoAAAAAGRoAAAAAGRohNyhpgAdzTwAAM48AAAWPQAAKj0AACs9AABEPgAART4AAIY+AADJ PgAAyj4AAMs+AAAOPwAADz8AAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAAsgAAAAAAAAAAAAAA AGoAAAAAAAAAAAAAAACyAAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAAsgAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAAAAAAAARyMAQyQBRcaAAAABAI3coaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnZCNsswAARyMAQyQBRcaAAAABAIXcoaYA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAABnZCNsswAABCMAZ2QjbLMAAAwPPwAAVz8AAGs/AAC6QAAAu0AAAANBAAAQQQAAEUEAAFlB AACaQQAAm0EAALFCAACyQgAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAACyAAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAAagAAAAAAAAAAAAAAAGoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAAAAAAAABHIwBDJAFFxoAAAAEAntyhpgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGdkI2yzAABHIwBDJAFFxoAAAAEAmdyhpgAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAGdkI2yzAAAEIwBnZCNsswAADA4/AABqPwAAaz8AAJc/AAC5QAAAukAAAJlBAACaQQAAHUIA AB5CAAAuQgAAMEIAALBCAACxQgAAskIAALhCAAABQwAAL0YAADBGAABpRgAA/UYAAABIAAB1SAAA +e/l29T5zMK4wq6kl4H5cPlmXFJIPgAAAAAAAAAAAAATAQiBBEgBAAVoNN2hphZoRWjLABMBCIEE SAEABWgz3aGmFmhFaMsAEwEIgQRIAQAFaDLdoaYWaEVoywATAQiBBEgBAAVoMd2hphZoRWjLABMB CIEESAEABWgx3aGmFmg8Aj0AIRVoQwS4ABZoPAI9AInKBwEBAGPcoaaDKgFtSAwEc0gMBCsACIEV aCNsswAWaDwCPQAXaHsOFQBjSAEAZGgAAAAAZGgAAAAAZGid3KGmGQEIgQRIAQAFaJ7coaYVaCNs swAWaB0a2QATAQiBBEgBAAVoMN2hphZoRWjLABMBCIEESAEABWgs3aGmFmhFaMsAEwEIgQRIAQAF aCvdoaYWaEVoywATAQiBBEgBAAVontyhphZoHRrZAA8ACIEWaDwCPQAXaB0a2QAMFWgjbLMAFmh7 DhUAABMBCIEESAEABWia3KGmFmh7DhUAEwEIgQRIAQAFaJncoaYWaHsOFQATAQiBBEgBAAVomdyh phZoPAI9AAwVaCNsswAWaDwCPQAWskIAALNCAAC0QgAAtUIAALZCAAC3QgAAuEIAAABDAAABQwAA SkMAAEtDAABMQwAAkkMAANNDAADUQwAAGEQAAF9EAACmRAAA7EQAAC5FAAA7RQAAPEUAAHxFAAC2 RQAAt0UAAP9FAAAwRgAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAABCMAZ2QjbLMAABowRgAAdkgAAHdIAAC+SAAA0kgAANNIAAAVSQAAFkkAAFZJAAD6 SQAA+0kAACVKAAAmSgAAtwAAAAAAAAAAAAAAALIAAAAAAAAAAAAAAACyAAAAAAAAAAAAAAAAsgAA AAAAAAAAAAAAALIAAAAAAAAAAAAAAACyAAAAAAAAAAAAAAAAsgAAAAAAAAAAAAAAALIAAAAAAAAA AAAAAABqAAAAAAAAAAAAAAAAsgAAAAAAAAAAAAAAALIAAAAAAAAAAAAAAACyAAAAAAAAAAAAAAAA AAAAAABHIwBDJAFFxoAAAAEANN2hpgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGdkI2yzAAAEIwBnZCNsswAARyMAQyQBRcaAAAAB ADHdoaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAABnZCNsswAADHVIAAB2SAAAVUkAAFZJAACWSQAAmEkAAPlJAAD6SQAANU8AAH5P AADNUgAAzlIAANxTAACyVAAAtlQAAMVUAADGVAAAKlcAACtXAACWVwAAl1cAAHhZAAB5WQAAf1kA ANRZAADVWQAA1lkAANdZAAD58uje1N7N8rzystSonJKL8oF3cPJmXFJw8kgAAAAAABMBCIEESAEA BWh53aGmFmg8Aj0AEwEIgQRIAQAFaHfdoaYWaHY5ZQATAQiBBEgBAAVodN2hphZodjllABMBCIEE SAEABWh03aGmFmg8Aj0ADBVoI2yzABZodjllAAATAQiBBEgBAAVodt2hphZodjllABMBCIEESAEA BWh23aGmFmg8Aj0ADBVodjllABZodjllAAATAQiBBEgBAAVoct2hphZodjllABYBCIEESAEABWhy 3aGmFmh2OWUANQiBABMBCIEESAEABWhx3aGmFmh2OWUAEwEIgQRIAQAFaHDdoaYWaDwCPQAhFWhD BLgAFmg8Aj0AicoHAQEAY9yhpoMqAW1IDARzSAwEDBVoI2yzABZo51HLAAATAQiBBEgBAAVocN2h phZodjllABMBCIEESAEABWg03aGmFmjnUcsAEwEIgQRIAQAFaDTdoaYWaDwCPQAMFWgjbLMAFmg8 Aj0AAAwVaCNsswAWaEVoywAbJkoAAG9KAACySgAA+UoAAD5LAAB/SwAAtksAALdLAAD0SwAAO0wA AIBMAADGTAAA+EwAAPlMAABITQAAl00AAOZNAAAoTgAAaU4AAGpOAACkTgAApU4AAOtOAAAyTwAA M08AADRPAAA1TwAAfU8AAH5PAADHTwAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAAAAAAABCMAZ2QjbLMAAB3HTwAAyE8AAMlPAADfTwAA4E8AACxQAAB4UAAAxFAAAARRAABPUQAA UFEAAIdRAACIUQAAiVEAAM1RAAASUgAAU1IAAJdSAADOUgAAxlQAAMdUAAD6AAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAACyAAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABHIwBDJAFFxoAAAAEAcN2hpgAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGdk I2yzAAAEIwBnZCNsswAAFMdUAADzVAAA9FQAADxVAACDVQAAx1UAAA1WAABQVgAAmFYAAN1WAAAi VwAAK1cAAJdXAACYVwAAtlcAALdXAAD/VwAARlgAAI1YAADRWAAAGFkAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAAsgAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEcjAEMkAUXGgAAAAQB23aGmAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZ2Qj bLMAAAQjAGdkI2yzAAAUGFkAAGBZAAB5WQAA1VkAANZZAADXWQAA2FkAANlZAADaWQAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAACyAAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAGoAAAAAAAAAAAAA AABqAAAAAAAAAAAAAAAAagAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA RyMAQyQBRcaAAAABAHndoaYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnZCNsswAARyMAQyQBRcaAAAABAHTdoaYAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnZCNs swAABCMAZ2QjbLMAAAjXWQAA2VkAANpZAADeWQAAAFoAAAFaAAAPWwAANVsAAGtbAABsWwAAbVsA AABdAAABXQAABF0AAE1dAACWXQAAmF0AAJtdAADzYwAAPGQAAGNrAACsawAAqXMAAPJzAACXdgAA 13YAADR3AAB9dwAANYAAAPXu1s/Fu7Gnse7Pkc+Az5Fqz4DPgM+Az1lIgM8hFWhDBLgAFmg8Aj0A icoHAQEAY9yhpoMqAW1IFgRzSBYEIRVoQwS4ABZoPAI9AInKBwEBAGPcoaaDKgFtSAooc0gKKCsA CIEVaCNsswAWaDwCPQAXaPUbOQBjSAEAZGgAAAAAZGgAAAAAZGh43aGmIRVoQwS4ABZoPAI9AInK BwEBAGPcoaaDKgFtSAwEc0gMBCsACIEVaCNsswAWaDwCPQAXaPUbOQBjSAEAZGgAAAAAZGgAAAAA ZGh53aGmEwEIgQRIAQAFaIDdoaYWaHUQMgATAQiBBEgBAAVoe92hphZodRAyABMBCIEESAEABWh6 3aGmFmh1EDIAEwEIgQRIAQAFaHndoaYWaDwCPQAMFWgjbLMAFmg8Aj0AAC8ACIEVaCNsswAWaDwC PQAXaHUQMgBjSAEAZGgAAAAAZGgAAAAAZGh53aGmZ0gGAAwVaCNsswAWaHUQMgAAEwEIgQRIAQAF aHndoaYWaHUQMgAAHNpZAAABWgAAAloAAG1bAABuWwAAslsAAPVbAAA9XAAAg1wAAMRcAAABXQAA tAAAAAAAAAAAAAAAAGIAAAAAAAAAAAAAAABiAAAAAAAAAAAAAAAAXQAAAAAAAAAAAAAAAF0AAAAA AAAAAAAAAABdAAAAAAAAAAAAAAAAXQAAAAAAAAAAAAAAAF0AAAAAAAAAAAAAAABdAAAAAAAAAAAA AAAAXQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEIwBnZCNsswBSIwBDJAFFxoAAAAEAet2hpgAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAGdkdRAyAG/GBwEBAHrdoaZkJgEPhGgBXoRoAUsjAAomAAtGEwBDJAFFxoAAAAEAed2hpgAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAGdkdRAyAAAKAV0AAAJdAAADXQAABF0AAExdAABNXQAAll0AAJddAACYXQAAsl0AALNdAADa XQAA210AACJeAABoXgAArl4AAMteAADMXgAA714AAPBeAAAUXwAAFV8AAF5fAABfXwAAhV8AAIZf AACtXwAArl8AAPRfAAD1XwAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAA BCMAZ2QjbLMAAB31XwAAGGAAABlgAAA/YAAAQGAAAINgAACaYAAAm2AAAMRgAADFYAAAB2EAAE9h AACUYQAArGEAAK1hAADyYQAAFmIAABdiAABaYgAAomIAAOdiAAAEYwAABWMAAEhjAACIYwAArmMA AK9jAADwYwAA8WMAAPJjAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAE IwBnZCNsswAAHfJjAADzYwAAO2QAADxkAACFZAAAhmQAAIdkAADNZAAAFGUAACllAAAqZQAAcWUA AIRlAACFZQAAqGUAAKllAADNZQAAzmUAABNmAAAcZgAAHWYAAEBmAABBZgAAiWYAAIpmAACxZgAA smYAANlmAADaZgAAAmcAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAAAAAAAAQj AGdkI2yzAAAdAmcAAANnAAAEZwAAFGcAABVnAABeZwAAo2cAAOZnAAAvaAAAb2gAALVoAAD8aAAA J2kAAChpAABraQAAsGkAAO9pAAA0agAAdGoAAHVqAAB2agAAkmoAAJNqAADVagAAGGsAAGBrAABh awAAYmsAAGNrAACrawAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAABCMA Z2QjbLMAAB2rawAArGsAAPVrAAD2awAA92sAADxsAACFbAAAyGwAAP5sAAD/bAAAQm0AAIltAADO bQAAEW4AAFRuAACcbgAA224AAB5vAABlbwAAqm8AAOBvAADhbwAA4m8AAPpvAAD7bwAAQHAAAIdw AADOcAAAFXEAACBxAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAEIwBn ZCNsswAAHSBxAAAhcQAAInEAADFxAAAycQAATXEAAE5xAACVcQAArnEAAK9xAAD2cQAAJnIAACdy AABocgAAonIAAKNyAADAcgAAwXIAANJyAAAScwAAUHMAAFFzAABicwAApnMAAKdzAACocwAAqXMA APFzAADycwAAO3QAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAAAAAAAAQjAGdk I2yzAAAdO3QAADx0AAA9dAAAZHQAAGV0AAB0dAAAunQAAON0AADkdAAAJHUAAD11AAA+dQAAP3UA AEB1AABBdQAAQnUAAEN1AABEdQAARXUAAEZ1AABHdQAASHUAAEl1AABKdQAAS3UAAEx1AABNdQAA TnUAAE91AABQdQAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAABCMAZ2Qj bLMAAB1QdQAAUXUAAFJ1AABTdQAAVHUAAFV1AABWdQAAV3UAAFh1AABZdQAAWnUAAFt1AABcdQAA XXUAAF51AABfdQAAYHUAAGF1AABidQAAY3UAAGR1AABldQAAZnUAAGd1AABodQAAsXUAALN1AAD8 dQAA/XUAAP51AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAEIwBnZCNs swAAHf51AAARdgAAEnYAACR2AAA3dgAAUnYAAGp2AABwdgAAcXYAAJJ2AACTdgAAlHYAAKR2AAC4 dgAA1HYAAOt2AADwdgAA8XYAABN3AAAUdwAAFXcAABZ3AAAXdwAAGHcAABl3AAAadwAAG3cAABx3 AAAddwAAHncAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA +gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAAAAAAAAQjAGdkI2yz AAAdHncAAB93AAAgdwAAIXcAACJ3AAAjdwAAJHcAACV3AAAmdwAAJ3cAACh3AAApdwAAKncAACt3 AAAsdwAALXcAAC53AAAvdwAAMHcAADF3AAAydwAAM3cAADR3AAB8dwAAfXcAAMZ3AADHdwAAyHcA AOh3AADpdwAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6 AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAABCMAZ2QjbLMA AB3pdwAALngAAHd4AAC+eAAABHkAAEp5AACTeQAA13kAAPZ5AAD3eQAAOXoAAH16AADGegAAAnsA AEt7AABnewAAaHsAAK97AADzewAAOXwAAHp8AACQfAAAkXwAAJJ8AACpfAAAqnwAAPN8AAA8fQAA gn0AAMl9AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAEIwBnZCNsswAA Hcl9AAAKfgAATH4AAJJ+AACTfgAAlH4AAKh+AACpfgAA8X4AADZ/AAB7fwAAfH8AAH1/AACMfwAA jX8AANF/AADmfwAA538AAOh/AADpfwAA6n8AADOAAAA1gAAANoAAAEmAAABKgAAAS4AAAPoAAAAA AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA AAAAAAAAAAAA+AAAAAAAAAAAAAAAAPYAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAARQAAAQjAGdkI2yzAAAa NYAAADaAAAA3gAAAR4AAAEiAAABJgAAASoAAAEuAAAD88u7n7uP8AAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYW aHUQMgAADAlqBABK8BZo9Rs5AAAGFmj1GzkAABMDagAAAAAWaPUbOQAwShMAVQgBBhZoI2yzAAcy ADGQaAE6cCNsswAfsNAvILDgPSGwJwUisCcFI5CgBSSQoAUlsAAAF7DQAhiw0AIMkNACAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIYC OwASAAEAnAAPAAQAAAAFAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAEQAAEDx/wIARAAMAAAAqyfiAAAABgBOAG8AcgBtAGEAbAAAAAIA AAAcAENKGABQSgUAX0gBBGFKGABtSAkEc0gJBHRICQRaAAFAAQACAFoADAAPAKsn4gAAAAkASABl AGEAZABpAG4AZwAgADEAAAAQAAEABiQBE6TwABSkPABAJgAeADUIgUNKIABLSCAAT0oCAFFKAgBc CIFeSgIAYUogAFwAAkABAAIAXAAMAAAAqyfiAAAACQBIAGUAYQBkAGkAbgBnACAAMgAAABAAAgAG JAETpPAAFKQ8AEAmASAANQiBNgiBQ0ocAE9KAgBRSgIAXAiBXQiBXkoCAGFKHAB4AANAAQACAHgA DAAAAKsn4gAAAAkASABlAGEAZABpAG4AZwAgADMAAAAxAAMABiQBCiYCC0YSAA3GBwHQAgFoAQYP hGgBEYSY/hOk8AAUpDwAQCYCXoRoAWCEmP4AGgA1CIFDShoAT0oCAFFKAgBcCIFeSgIAYUoaAGwA BEABAAIAbAAMAAAAqyfiAAAACQBIAGUAYQBkAGkAbgBnACAANAAAADEABAAGJAEKJgMLRhIADcYH AWADAWgBBg+EaAERhJj+E6TwABSkPABAJgNehGgBYISY/gAOADUIgUNKHABcCIFhShwAbgAFQAEA AgBuAAwAAACrJ+IAAAAJAEgAZQBhAGQAaQBuAGcAIAA1AAAALgAFAAomBAtGEgANxgcB8AMBaAEG D4RoARGEmP4TpPAAFKQ8AEAmBF6EaAFghJj+FAA1CIE2CIFDShoAXAiBXQiBYUoaAGgABkABAAIA aAAMAAAAqyfiAAAACQBIAGUAYQBkAGkAbgBnACAANgAAAC4ABgAKJgULRhIADcYHAYAEAWgBBg+E aAERhJj+E6TwABSkPABAJgVehGgBYISY/g4ANQiBQ0oWAFwIgWFKFgBaAAdAAQACAFoADAAAAKsn 4gAAAAkASABlAGEAZABpAG4AZwAgADcAAAAuAAcACiYGC0YSAA3GBwEQBQFoAQYPhGgBEYSY/hOk 8AAUpDwAQCYGXoRoAWCEmP4AAGAACEABAAIAYAAMAAAAqyfiAAAACQBIAGUAYQBkAGkAbgBnACAA OAAAAC4ACAAKJgcLRhIADcYHAaAFAWgBBg+EaAERhJj+E6TwABSkPABAJgdehGgBYISY/gYANgiB XQiBbgAJQAEAAgBuAAwAAACrJ+IAAAAJAEgAZQBhAGQAaQBuAGcAIAA5AAAALgAJAAomCAtGEgAN xgcBMAYBaAEGD4RoARGEmP4TpPAAFKQ8AEAmCF6EaAFghJj+FABDShYAT0oCAFFKAgBeSgIAYUoW AEQAQUDy/6EARAAMAQAAqyfiAAAAFgBEAGUAZgBhAHUAbAB0ACAAUABhAHIAYQBnAHIAYQBwAGgA IABGAG8AbgB0AAAAAABSAGkA8/+zAFIADAEAAAAAAAAAAAwAVABhAGIAbABlACAATgBvAHIAbQBh AGwAAAAcABf2AwAANNYGAAEKA2wANNYGAAEFAwAAYfYDAAACAAsAAAAoAGsA9P/BACgAAAEAAKsn 4gAAAAcATgBvACAATABpAHMAdAAAAAIADAAAAAAAXgD+T6IA8QBeAAwAAQBjd/YAAAAKACAAQwBo AGEAcgAgAEMAaABhAHIAAAAyADUIAUNKIABLSCAAT0oCAFBKBQBRSgIAXAgBXkoCAF9IAQRhSiAA bUgJBHNICQR0SAkESACZQAEAAgFIAAwBAABjd/YAAAAMAEIAYQBsAGwAbwBvAG4AIABUAGUAeAB0 AAAAAgAQABQAQ0oQAE9KBgBRSgYAXkoGAGFKEAAwAv5PogARATACDAASAGN39gAAAPUAQwBhAHAA dABpAG8AbgAgAEMAaABhAHIAMQAgAEMAaABhAHIAMQAsAEMAYQBwAHQAaQBvAG4AIABDAGgAYQBy ACAAQwBoAGEAcgAgAEMAaABhAHIAMQAsAEMAYQBwAHQAaQBvAG4AIABDAGgAYQByADEAIABDAGgA YQByACAAQwBoAGEAcgAsAEMAYQBwAHQAaQBvAG4AIABDAGgAYQByADIAIABDAGgAYQByACwAQwBh AHAAdABpAG8AbgAgAEMAaABhAHIAIABDAGgAYQByACAAQwBoAGEAcgAgAEMAaABhAHIALABDAGEA cAB0AGkAbwBuACAAQwBoAGEAcgAgAEMAaABhAHIAMQAgAEMAaABhAHIALABDAGEAcAB0AGkAbwBu ACAAQwBoAGEAcgAgAEMAaABhAHIAMgAsAEMAYQBwAHQAaQBvAG4AIABDAGgAYQByADMAIABDAGgA YQByACAAQwBoAGEAcgAsAEMAYQBwAHQAaQBvAG4AIABDAGgAYQByADEAIABDAGgAYQByADEAIABD AGgAYQByACAAQwBoAGEAcgAsAEMAYQBwAHQAaQBvAG4AIABDAGgAYQByACAAQwBoAGEAcgAgAEMA aABhAHIAMQAgAEMAaABhAHIAIABDAGgAYQByAAAALgA1CAFDShgAT0oHAFBKBQBRSgcAXAgBXkoH AF9IAQRhShgAbUgJBHNICQR0SAkEOAIiQAEAAgA4AgwBEQBjd/YAAAD8AEMAYQBwAHQAaQBvAG4A LABDAGEAcAB0AGkAbwBuACAAQwBoAGEAcgAxACwAQwBhAHAAdABpAG8AbgAgAEMAaABhAHIAIABD AGgAYQByACwAQwBhAHAAdABpAG8AbgAgAEMAaABhAHIAMQAgAEMAaABhAHIALABDAGEAcAB0AGkA bwBuACAAQwBoAGEAcgAyACwAQwBhAHAAdABpAG8AbgAgAEMAaABhAHIAIABDAGgAYQByACAAQwBo AGEAcgAsAEMAYQBwAHQAaQBvAG4AIABDAGgAYQByACAAQwBoAGEAcgAxACwAQwBhAHAAdABpAG8A bgAgAEMAaABhAHIALABDAGEAcAB0AGkAbwBuACAAQwBoAGEAcgAzACAAQwBoAGEAcgAsAEMAYQBw AHQAaQBvAG4AIABDAGgAYQByADEAIABDAGgAYQByADEAIABDAGgAYQByACwAQwBhAHAAdABpAG8A bgAgAEMAaABhAHIAIABDAGgAYQByACAAQwBoAGEAcgAxACAAQwBoAGEAcgAsAEMAYQBwAHQAaQBv AG4AIABDAGgAYQByADIAIABDAGgAYQByACAAQwBoAGEAcgAsAEMAYQBwAHQAaQBvAG4AIABDAGgA YQByACAAQwBoAGEAcgAxACAAQwBoAGEAcgAgAEMAaABhAAAAEwASAAMkAQYkAROkkAEUpMgAYSQB ABIANQiBT0oHAFFKBwBcCIFeSgcAQgAnQKIAMQFCAAwBAABjd/YAAAARAEMAbwBtAG0AZQBuAHQA IABSAGUAZgBlAHIAZQBuAGMAZQAAAAgAQ0oQAGFKEABQAB5AAQBCAVAADAEAAGN39gAAAAwAQwBv AG0AbQBlAG4AdAAgAFQAZQB4AHQAAAAFABQAMSQAABgAQ0oUAE9KAwBQSgAAUUoDAF5KAwBhShQA VABqQEEBQgFUAAwBAABjd/YAAAAPAEMAbwBtAG0AZQBuAHQAIABTAHUAYgBqAGUAYwB0AAAABQAV ADEkAQAWADUIgU9KAABQSgUAUUoAAFwIgV5KAAA+ACoAogBhAT4ADAEAAKsn4gAAABEARQBuAGQA bgBvAHQAZQAgAFIAZQBmAGUAcgBlAG4AYwBlAAAAAwBIKgAAmgD+TwEAcgGaAAwALgBjd/YAAAAN AFIARgBDACAAVABlAHgAdAAgAEMAaABhAHIAAABaABcADcZHABewAWADEAXABnAIIArQC4ANMA/g EJASQBTwFaAXUBkAG7AcYB4QIMAhcCMgJdAmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhLABEmQQ /wAAXoSwAQwAT0oIAFFKCABeSggAZgArQNECggFmAAwBAACrJ+IAAAAdAEUAbgBkAG4AbwB0AGUA IABUAGUAeAB0ACwAUgBGAEMAIABFAG4AZABuAG8AdABlACAAVABlAHgAdAAAABIAGAAPhGADEYRQ /l6EYANghFD+AABGAFZAogCRAUYADAAAAKsn4gAAABEARgBvAGwAbABvAHcAZQBkAEgAeQBwAGUA cgBsAGkAbgBrAAAADAA+KgFCKgxwaIAAgABGACBAAQCiAUYADAAAAKsn4gAAAAYARgBvAG8AdABl AHIAAAATABoADcYIAAKwE2AnAQISZBD/AAAADABPSggAUUoIAF5KCABAACYAogCxAUAADAEAAKsn 4gAAABIARgBvAG8AdABuAG8AdABlACAAUgBlAGYAZQByAGUAbgBjAGUAAAADAEgqAQA+AB1AAQDC AT4ADAEAAKsn4gAAAA0ARgBvAG8AdABuAG8AdABlACAAVABlAHgAdAAAAAIAHAAIAENKFABhShQA KAD+T/L/0QEoAAwAAABjd/YAAAAIAEgALwBGAC0AQgBvAGwAZAAAAAAARgAfQAEA4gFGAAwAAACr J+IAAAAGAEgAZQBhAGQAZQByAAAAEwAeAA3GCAACsBNgJwECEmQQ/wAAAAwAT0oIAFFKCABeSggA jABlQAEA8gGMAAwAAABjd/YAAAARAEgAVABNAEwAIABQAHIAZQBmAG8AcgBtAGEAdAB0AGUAZAAA ADcAHwANxjIAEJQDKAe8ClAO5BF4FQwZoBw0IMgjXCfwKoQuGDKsNUA5AAAAAAAAAAAAAAAAAAAA AAAYAENKFABPSggAUEoAAFFKCABeSggAYUoUADYAVUCiAAECNgAMAAAAqyfiAAAACQBIAHkAcABl AHIAbABpAG4AawAAAAwAPioBQioCcGgAAP8ATAD+TwEAEgJMAAwAAABjd/YAAAAIAEkAbgAgAHQA YQBiAGwAZQAAABYAIQADJAEFJAEGJAETpHgAFKR4AGEkAQwAQ0oUAFBKAABhShQALgApQKIAIQIu AAwAAACrJ+IAAAALAFAAYQBnAGUAIABOAHUAbQBiAGUAcgAAAAAARABaQAEAMgJEAAwAAACrJ+IA AAAKAFAAbABhAGkAbgAgAFQAZQB4AHQAAAACACMAFABDShQAT0oIAFFKCABeSggAYUoUAFgA/k8B AEICWAAMACUAY3f2AAAAEQBQAGwAYQBpAG4AIABUAGUAeAB0ACAAMgAgAEMAaABhAHIAAAAQACQA D4RgAxJk1P4AAF6EYAMMAE9KCABRSggAXkoIAGwA/k+iAFECbAAMACQAY3f2AAAAFgBQAGwAYQBp AG4AIABUAGUAeAB0ACAAMgAgAEMAaABhAHIAIABDAGgAYQByAAAAKABDShgAT0oIAFBKBQBRSggA XkoIAF9IAQRhShgAbUgJBHNICQR0SAkEhAD+T9ECYgKEAA0AAACrJ+IAAAAIAFIARgBDACAARABh AHQAZQAAAFUAJgADJAIKJgELRhIADcYzF7ABYAMQBcAGcAggCtALgA0wD+AQkBJAFPAVoBdQGQAb sBxgHhAgwCFwIyAl0CYBaAEGD4RoARGEmP5ehGgBYISY/mEkAgAEAFBKCQBgAP5P0QJyAmAABQAA AKsn4gAAABQAUgBGAEMAIABIAGUAYQBkAGkAbgBnACAALQAgAE4AbwAgAFQATwBDAAAAEgAnAA3G BQABcycKD4QAAF6EAAALAG1IAARuSAAEdQgBAHwA/k8RAIICfAAMACkAqyfiAAAADABSAEYAQwAg AEgAZQBhAGQAaQBuAGcAMQAAAC8AKAAKJgALRhIADcYFAAFoAQYPhGgBEYSY/hJkEP8AABOkAAAU pAAAXoRoAWCEmP4AGgA1CIFDShgAT0oIAFFKCABcCIFeSggAYUoYAE4A/k/yAJECTgAMACgAY3f2 AAAAEQBSAEYAQwAgAEgAZQBhAGQAaQBuAGcAMQAgAEMAaABhAHIAAAAUAENKGABPSggAUUoIAF5K CABhShgAQgD+T4ECcgFCAAwAKwBjd/YAAAARAFIARgBDACAASABlAGEAZABpAG4AZwAyACAAQwBo AGEAcgAAAAUAKgBAJgEAAABEAP5PkgKxAkQADAAqAGN39gAAABYAUgBGAEMAIABIAGUAYQBkAGkA bgBnADIAIABDAGgAYQByACAAQwBoAGEAcgAAAAAAOAD+T6ECMgI4AAwAAABjd/YAAAAMAFIARgBD ACAASABlAGEAZABpAG4AZwAzAAAABQAsAEAmAgAAAJAA/k8BANICkAAMAC8AqyfiAAAACABSAEYA QwAgAFQAZQB4AHQAAABaAC0ADcZHABewAWADEAXABnAIIArQC4ANMA/gEJASQBTwFaAXUBkAG7Ac YB4QIMAhcCMgJdAmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhLABEmQQ/wAAXoSwAQwAT0oIAFFK CABeSggAZAD+T6IA4QJkAAwAFwBjd/YAAAASAFIARgBDACAAVABlAHgAdAAgAEMAaABhAHIAIABD AGgAYQByAAAAKABDShgAT0oIAFBKBQBRSggAXkoIAF9IAQRhShgAbUgJBHNICQR0SAkEXAD+T6IA 8QJcAAwALQBjd/YAAAAOAFIARgBDACAAVABlAHgAdAAgAEMAaABhAHIAMQAAACgAQ0oYAE9KCABQ SgUAUUoIAF5KCABfSAEEYUoYAG1ICQRzSAkEdEgJBHoAmgCzAAMDegAMAAAAY3f2AAAACgBUAGEA YgBsAGUAIABHAHIAaQBkAAAAPAA6VjAAE9YwAAAA/wQBAAAAAAD/BAEAAAAAAP8EAQAAAAAA/wQB AAAAAAD/BAEAAAAAAP8EAQAAYfYAAAAFADAAMSQAAAgAUEoAAF9IAQRoABNA0QICAGgABQEAAKsn 4gAAAAUAVABPAEMAIAAxAAAAOAAxAA3GMxewAWADEAXABnAIIArQC4ANMA/gEJASQBTwFaAXUBkA G7AcYB4QIMAhcCMgJdAmAWAnCgsAbUgABG5IAAR1CAEAZAAUQNECAgBkAA0BAACrJ+IAAAAFAFQA TwBDACAAMgAAAEAAMgANxjMXsAFgAxAFwAZwCCAK0AuADTAP4BCQEkAU8BWgF1AZABuwHGAeECDA IXAjICXQJgFgJwoPhGADXoRgAwAANgAVQNECAgA2AA0BAACrJ+IAAAAFAFQATwBDACAAMwAAAAoA MwAPhAAAXoQAAAgAbkgSBHRIEgQuABZAAQACAC4ADQEAAKsn4gAAAAUAVABPAEMAIAA0AAAACgA0 AA+E0AJehNACAAAuABdAAQACAC4ADQEAAKsn4gAAAAUAVABPAEMAIAA1AAAACgA1AA+EwANehMAD AAAuABhAAQACAC4ADQEAAKsn4gAAAAUAVABPAEMAIAA2AAAACgA2AA+EsARehLAEAAAuABlAAQAC AC4ADQEAAKsn4gAAAAUAVABPAEMAIAA3AAAACgA3AA+EoAVehKAFAAAuABpAAQACAC4ADQEAAKsn 4gAAAAUAVABPAEMAIAA4AAAACgA4AA+EkAZehJAGAAAuABtAAQACAC4ADQEAAKsn4gAAAAUAVABP AEMAIAA5AAAACgA5AA+EgAdehIAHAAA+AP5PgQLSAj4ADAAAAKsn4gAAAAwAUgBGAEMAIABIAGUA YQBkAGkAbgBnADIAAAAMADoACiYAC0YAAEAmAQAAEABOAGEAbgBjAHkAIABDAGEAbQAtAFcAaQBu AGcAZQB0AO4zAABLeAAAAwBOAEMAVwAAAAAAAAAAAAAAAAAAAAAAAAAv4YQHjdyhpgAAAAAAAAAA AAAAAAAAAAAAABMAAAAWAAAAAAAAAEt4AAAHAADkAAAEAP////8AAAAAAQAAAAIAAAADAAAATAAA AJUAAADeAAAAJwEAAHABAABxAQAAcgEAAKMBAADYAQAA2QEAAO0BAADuAQAANAIAAHkCAAC/AgAA AwMAAAQDAABJAwAAjQMAANADAADbAwAA3AMAACUEAABtBAAArwQAAO0EAADuBAAAKAUAAFcFAABY BQAAnAUAAMAFAADBBQAA9gUAAPcFAAAIBgAACQYAADcGAAA4BgAAQQYAAEIGAACKBgAA0wYAABkH AABaBwAAnwcAAOQHAAAVCAAAFggAABcIAAAYCAAAYQgAAGMIAACsCAAArQgAAK4IAADACAAAwQgA AAoJAABTCQAAnAkAAOUJAAAuCgAAdwoAAMAKAAAJCwAAUgsAAJsLAADkCwAALQwAAHYMAAC/DAAA CA0AAFENAABSDQAAUw0AAFQNAABVDQAAVg0AAFcNAABYDQAAWQ0AAFoNAABbDQAAXA0AAF0NAABe DQAAXw0AAGANAABhDQAAYg0AAGMNAABkDQAAZQ0AAGYNAABnDQAAaA0AAGkNAABqDQAAaw0AAGwN AABtDQAAbg0AAG8NAABwDQAAcQ0AAHINAAC7DQAAvQ0AAAYOAAAHDgAACA4AABkOAAAaDgAAWA4A AJ0OAADlDgAAKw8AAG8PAACzDwAAxg8AAMcPAAALEAAAJhAAACcQAABtEAAAthAAANMQAADUEAAA HBEAAEcRAABIEQAAjBEAAM0RAADOEQAAERIAAFYSAACYEgAA3hIAACITAAAjEwAAZBMAAKsTAAC3 EwAAuBMAAPsTAABAFAAAhRQAAM0UAAAMFQAAUBUAAJcVAADeFQAAGhYAABsWAABfFgAAoxYAAOkW AAAtFwAALhcAAC8XAAAwFwAAMRcAAHkXAAB6FwAAwxcAAMQXAADFFwAADRgAAFIYAACUGAAA2hgA AB8ZAABfGQAAbxkAAHAZAAC3GQAA/hkAAEUaAACNGgAA1hoAAAUbAAAGGwAABxsAABobAAAbGwAA YRsAAKMbAADrGwAAMRwAAGIcAABjHAAAohwAANocAADbHAAAGR0AABsdAAAcHQAAWR0AAFsdAABc HQAAjh0AAI8dAAAMHwAADh8AAA8fAABQHwAAiB8AAIkfAACKHwAAix8AAIwfAACNHwAAjh8AAI8f AACQHwAAkR8AAJIfAACTHwAAlB8AAJUfAACWHwAAlx8AAJgfAADgHwAA4R8AACogAAArIAAALCAA AEQgAABdIAAAfSAAAMUgAAANIQAAVSEAAJ0hAADlIQAALSIAAHUiAAC9IgAABSMAAE0jAACaIwAA 6CMAADYkAACEJAAA0iQAACAlAABuJQAAvCUAAAomAABYJgAApiYAAPQmAABCJwAAkCcAAN4nAAAs KAAAeSgAAL8oAAAFKQAABikAAEUpAABGKQAARykAAIwpAAC5KQAAuikAALspAAADKgAATCoAAIIq AACDKgAAxioAAAsrAABQKwAAXSsAAGssAABsLAAAbSwAAG4sAABvLAAAcCwAAHEsAAC6LAAAuywA ALwsAAC9LAAAvywAAAgtAAAJLQAACi0AAFMtAACYLQAA1S0AABMvAAAULwAAWy8AAJUvAACWLwAA 2y8AABUwAAAWMAAAQjAAAEMwAACKMAAApDAAAKUwAADoMAAA+zAAAPwwAAA+MQAAUTEAAIgyAACJ MgAAvDMAAL0zAAC+MwAAvzMAAAg0AAAoNAAAKTQAACo0AAByNAAAtDQAAMw0AADNNAAAzjQAABY1 AAAqNQAAKzUAAEQ2AABFNgAAhjYAAMk2AADKNgAAyzYAAA43AAAPNwAAVzcAAGs3AAC6OAAAuzgA AAM5AAAQOQAAETkAAFk5AACaOQAAmzkAALE6AACyOgAAszoAALQ6AAC1OgAAtjoAALc6AAC4OgAA ADsAAAE7AABKOwAASzsAAEw7AACSOwAA0zsAANQ7AAAYPAAAXzwAAKY8AADsPAAALj0AADs9AAA8 PQAAfD0AALY9AAC3PQAA/z0AADA+AAB2QAAAd0AAAL5AAADSQAAA00AAABVBAAAWQQAAVkEAAPpB AAD7QQAAJUIAACZCAABvQgAAskIAAPlCAAA+QwAAf0MAALZDAAC3QwAA9EMAADtEAACARAAAxkQA APhEAAD5RAAASEUAAJdFAADmRQAAKEYAAGlGAABqRgAApEYAAKVGAADrRgAAMkcAADNHAAA0RwAA NUcAAH1HAAB+RwAAx0cAAMhHAADJRwAA30cAAOBHAAAsSAAAeEgAAMRIAAAESQAAT0kAAFBJAACH SQAAiEkAAIlJAADNSQAAEkoAAFNKAACXSgAAzkoAAMZMAADHTAAA80wAAPRMAAA8TQAAg00AAMdN AAANTgAAUE4AAJhOAADdTgAAIk8AACtPAACXTwAAmE8AALZPAAC3TwAA/08AAEZQAACNUAAA0VAA ABhRAABgUQAAeVEAANVRAADWUQAA11EAANhRAADZUQAA2lEAAAFSAAACUgAAbVMAAG5TAACyUwAA 9VMAAD1UAACDVAAAxFQAAAFVAAACVQAAA1UAAARVAABMVQAATVUAAJZVAACXVQAAmFUAALJVAACz VQAA2lUAANtVAAAiVgAAaFYAAK5WAADLVgAAzFYAAO9WAADwVgAAFFcAABVXAABeVwAAX1cAAIVX AACGVwAArVcAAK5XAAD0VwAA9VcAABhYAAAZWAAAP1gAAEBYAACDWAAAmlgAAJtYAADEWAAAxVgA AAdZAABPWQAAlFkAAKxZAACtWQAA8lkAABZaAAAXWgAAWloAAKJaAADnWgAABFsAAAVbAABIWwAA iFsAAK5bAACvWwAA8FsAAPFbAADyWwAA81sAADtcAAA8XAAAhVwAAIZcAACHXAAAzVwAABRdAAAp XQAAKl0AAHFdAACEXQAAhV0AAKhdAACpXQAAzV0AAM5dAAATXgAAHF4AAB1eAABAXgAAQV4AAIle AACKXgAAsV4AALJeAADZXgAA2l4AAAJfAAADXwAABF8AABRfAAAVXwAAXl8AAKNfAADmXwAAL2AA AG9gAAC1YAAA/GAAACdhAAAoYQAAa2EAALBhAADvYQAANGIAAHRiAAB1YgAAdmIAAJJiAACTYgAA 1WIAABhjAABgYwAAYWMAAGJjAABjYwAAq2MAAKxjAAD1YwAA9mMAAPdjAAA8ZAAAhWQAAMhkAAD+ ZAAA/2QAAEJlAACJZQAAzmUAABFmAABUZgAAnGYAANtmAAAeZwAAZWcAAKpnAADgZwAA4WcAAOJn AAD6ZwAA+2cAAEBoAACHaAAAzmgAABVpAAAgaQAAIWkAACJpAAAxaQAAMmkAAE1pAABOaQAAlWkA AK5pAACvaQAA9mkAACZqAAAnagAAaGoAAKJqAACjagAAwGoAAMFqAADSagAAEmsAAFBrAABRawAA YmsAAKZrAACnawAAqGsAAKlrAADxawAA8msAADtsAAA8bAAAPWwAAGRsAABlbAAAdGwAALpsAADj bAAA5GwAACRtAAA9bQAAPm0AAD9tAABAbQAAQW0AAEJtAABDbQAARG0AAEVtAABGbQAAR20AAEht AABJbQAASm0AAEttAABMbQAATW0AAE5tAABPbQAAUG0AAFFtAABSbQAAU20AAFRtAABVbQAAVm0A AFdtAABYbQAAWW0AAFptAABbbQAAXG0AAF1tAABebQAAX20AAGBtAABhbQAAYm0AAGNtAABkbQAA ZW0AAGZtAABnbQAAaG0AALFtAACzbQAA/G0AAP1tAAD+bQAAEW4AABJuAAAkbgAAN24AAFJuAABq bgAAcG4AAHFuAACSbgAAk24AAJRuAACkbgAAuG4AANRuAADrbgAA8G4AAPFuAAATbwAAFG8AABVv AAAWbwAAF28AABhvAAAZbwAAGm8AABtvAAAcbwAAHW8AAB5vAAAfbwAAIG8AACFvAAAibwAAI28A ACRvAAAlbwAAJm8AACdvAAAobwAAKW8AACpvAAArbwAALG8AAC1vAAAubwAAL28AADBvAAAxbwAA Mm8AADNvAAA0bwAAfG8AAH1vAADGbwAAx28AAMhvAADobwAA6W8AAC5wAAB3cAAAvnAAAARxAABK cQAAk3EAANdxAAD2cQAA93EAADlyAAB9cgAAxnIAAAJzAABLcwAAZ3MAAGhzAACvcwAA83MAADl0 AAB6dAAAkHQAAJF0AACSdAAAqXQAAKp0AADzdAAAPHUAAIJ1AADJdQAACnYAAEx2AACSdgAAk3YA AJR2AACodgAAqXYAAPF2AAA2dwAAe3cAAHx3AAB9dwAAjHcAAI13AADRdwAA5ncAAOd3AADodwAA 6XcAAOp3AAAzeAAANXgAADZ4AABJeAAATHgAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA gACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJiAEyAjMAAAAAAAAACA AAAAgAAAAAAAAAAAEACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAgAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAACAAJiAEyAjMAEAAAAAAACAAAAAgAAAAAAAAAAAEACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJiAEyAjMAIAAAAAAACAAAAA gAAAAAAAAAAAEACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAABAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAACACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIgAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAiACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAIgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAiACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAiACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AIgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA gACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACQAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA EACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACI AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAiACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIgA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAEACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAQAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAEACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAABAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAEACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAACACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAEACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAABAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAQAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAACACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAABAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAIAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAkACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAEACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA ABAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACQ AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAgA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAABAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAIAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAEACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAABAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAABAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAEACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAEACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAABAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAEACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAEACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAABAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYgBMgIzAD AAAAAAAAgAAAAIAAAAAAAAAAABAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAQAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAAGYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAgAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAZgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAHmIADAAMAAAAAAAAAEA AAAAAAAAAAAAAAAAgAGYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAACAGYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAABmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAeYgAMAAwAAAAAAAAAQAAAAAAAAAAAAAAAACAAZgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAAB5iAAwADAAAAAAAAAB AAAAAAAAAAAAAAAAAIABmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAHmIADAAMAAAAAAAAAEAAAAAAAAAAAAAAAAAgAGYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAkAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAAAAAAAAADAAAAAAAAAAAAAAAAAAAAAA AAAAAIABmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAHmIADAAMAAAAAAAAAEAAAAAAAAAAAAA AAAAgAGYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAAB5iAAwADAAAAAAAAABAAAAAAAAAAAAAAAAAIABmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmkAAABQwAAAAAAAA AIAAAACAAAAAAAAAAAAABQoAAAAAMAAAAAAAAAAAAAAAAAYwEwAAAAAAAAcAAAAAAQAAAAIAAAAD AAAATAAAAJUAAADeAAAAJwEAAHABAABxAQAAcgEAAKMBAADYAQAA2QEAAO0BAADuAQAANAIAAHkC AAC/AgAAAwMAAAQDAABJAwAAjQMAANADAADbAwAA3AMAACUEAABtBAAArwQAAO0EAADuBAAAKAUA AFcFAABYBQAAnAUAAMAFAADBBQAA9gUAAPcFAAAIBgAACQYAADcGAAA4BgAAQQYAAEIGAACKBgAA 0wYAABkHAABaBwAAnwcAAOQHAAAVCAAAFggAABcIAAAYCAAAYQgAAGMIAACsCAAArQgAAK4IAADA CAAAwQgAAAoJAABTCQAAnAkAAOUJAAAuCgAAdwoAAMAKAAAJCwAAUgsAAJsLAADkCwAALQwAAHYM AAC/DAAACA0AAFENAABSDQAAUw0AAFQNAABVDQAAVg0AAFcNAABYDQAAWQ0AAFoNAABbDQAAXA0A AF0NAABeDQAAXw0AAGANAABhDQAAYg0AAGMNAABkDQAAZQ0AAGYNAABnDQAAaA0AAGkNAABqDQAA aw0AAGwNAABtDQAAbg0AAG8NAABwDQAAcQ0AAHINAAC7DQAAvQ0AAAYOAAAHDgAACA4AABkOAAAa DgAAWA4AAJ0OAADlDgAAKw8AAG8PAACzDwAAxg8AAMcPAAALEAAAJhAAACcQAABtEAAAthAAANMQ AADUEAAAHBEAAEcRAABIEQAAjBEAAM0RAADOEQAAERIAAFYSAACYEgAA3hIAACITAAAjEwAAZBMA AKsTAAC3EwAAuBMAAPsTAABAFAAAhRQAAM0UAAAMFQAAUBUAAJcVAADeFQAAGhYAABsWAABfFgAA oxYAAOkWAAAtFwAALhcAAC8XAAAwFwAAMRcAAHkXAAB6FwAAwxcAAMQXAADFFwAADRgAAFIYAACU GAAA2hgAAB8ZAABfGQAAbxkAAHAZAAC3GQAA/hkAAEUaAACNGgAA1hoAAAUbAAAGGwAABxsAABob AAAbGwAAYRsAAKMbAADrGwAAMRwAAGIcAABjHAAAohwAANocAADbHAAAGR0AABsdAAAcHQAAWR0A AFsdAABcHQAAjh0AAI8dAAAMHwAADh8AAA8fAABQHwAAiB8AAIkfAACKHwAAix8AAIwfAACNHwAA jh8AAI8fAACQHwAAkR8AAJIfAACTHwAAlB8AAJUfAACWHwAAlx8AAJgfAADgHwAA4R8AACogAAAr IAAALCAAAEQgAABdIAAAfSAAAMUgAAANIQAAVSEAAJ0hAADlIQAALSIAAHUiAAC9IgAABSMAAE0j AACaIwAA6CMAADYkAACEJAAA0iQAACAlAABuJQAAvCUAAAomAABYJgAApiYAAPQmAABCJwAAkCcA AN4nAAAsKAAAeSgAAL8oAAAFKQAABikAAEUpAABGKQAARykAAIwpAAC5KQAAuikAALspAAADKgAA TCoAAIIqAACDKgAAxioAAAsrAABQKwAAXSsAAGssAABsLAAAbSwAAG4sAABvLAAAcCwAAHEsAAC6 LAAAuywAALwsAAC9LAAAvywAAAgtAAAJLQAACi0AAFMtAACYLQAA1S0AABMvAAAULwAAWy8AAJUv AACWLwAA2y8AABUwAAAWMAAAQjAAAEMwAACKMAAApDAAAKUwAADoMAAA+zAAAPwwAAA+MQAAUTEA AIgyAACJMgAAvDMAAL0zAAC+MwAAvzMAAAg0AAAoNAAAKTQAACo0AAByNAAAtDQAAMw0AADNNAAA zjQAABY1AAAqNQAAKzUAAEQ2AABFNgAAhjYAAMk2AADKNgAAyzYAAA43AAAPNwAAVzcAAGs3AAC6 OAAAuzgAAAM5AAAQOQAAETkAAFk5AACaOQAAmzkAALE6AACyOgAAszoAALQ6AAC1OgAAtjoAALc6 AAC4OgAAADsAAAE7AABKOwAASzsAAEw7AACSOwAA0zsAANQ7AAAYPAAAXzwAAKY8AADsPAAALj0A ADs9AAA8PQAAfD0AALY9AAC3PQAA/z0AADA+AAB2QAAAd0AAAL5AAADSQAAA00AAABVBAAAWQQAA VkEAAPpBAAD7QQAAJUIAACZCAABvQgAAskIAAPlCAAA+QwAAf0MAALZDAAC3QwAA9EMAADtEAACA RAAAxkQAAPhEAAD5RAAASEUAAJdFAADmRQAAKEYAAGlGAABqRgAApEYAAKVGAADrRgAAMkcAADNH AAA0RwAANUcAAH1HAAB+RwAAx0cAAMhHAADJRwAA30cAAOBHAAAsSAAAeEgAAMRIAAAESQAAT0kA AFBJAACHSQAAiEkAAIlJAADNSQAAEkoAAFNKAACXSgAAzkoAAMZMAADHTAAA80wAAPRMAAA8TQAA g00AAMdNAAANTgAAUE4AAJhOAADdTgAAIk8AACtPAACXTwAAmE8AALZPAAC3TwAA/08AAEZQAACN UAAA0VAAABhRAABgUQAAeVEAANVRAADWUQAA11EAANhRAADZUQAA2lEAAAFSAAACUgAAbVMAAD1U AACDVAAAxFQAAAFVAABMVQAATVUAAJZVAACXVQAAmFUAALJVAAA2eAAASXgAAEx4AACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA gACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA gACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA gACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAgACYgBMgIzAAAAAAAAAAgAAAAIAAAAAAAAAAAJAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYgBMgIzABAAAAAAAAgAAAAIAAAAAA AAAAAJAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAgACYgBMgIzACAAAAAAAAgAAAAIAAAAAAAAAAAJAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAkACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA gACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACI AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAiACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIgA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAiACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAiACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIgAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAiACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAiACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA kACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAkACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAJAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAiACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIgAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAJAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAkACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAJAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAACQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAA gAAAAIAAAAAoAAAAABAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIgAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAJAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAkACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIgAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAkACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA iACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAJAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAkACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAiACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAJAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAACQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAkACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAACIAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACQAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAiACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAJAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAACQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAiACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AAAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAABAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACA AAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAA AACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAA AIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAA gAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACA AAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAA AAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAA AAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAA AAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAA AAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAA AAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAA AACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAA AIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAABAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAA mAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACY AAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgA AAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAA ACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAA IzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACQAJgAAAAj MAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMw AAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAA AAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAA AAAAAACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAIAAmAAAACMwAAAA AAAAAIAAAACAAAAAAAAAAACAAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAIzAAAAAA AAAAgAAAAIAAAAAAAAAAABAAmAAAACMwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAjMAAAAAAA AACAAAAAgAAAAAAAAAAAgACYAAAAIzAAAAAAAAAAgAAAAIAAAAAAAAAAAJAAmAAAACMwAAAAAAAA AIAAAACAAAAAAAAAAACQAJgAAAAjMAAAAAAAAACAAAAAgAAAAAAAAAAAkACYAAAAIzAAAAAAAAAA gAAAAIAAAAAAAAAAAIAAmIATICMwAwAAAAAAAIAAAACAAAAAAAAAAACQAHmIADAaMQAAAAAAAAEA AAALAAAAAAAAAAAAkAF5iAAwGjEAAAAAAAABAAAACwAAAAAAAAAAAIAHeYgAMBoRAAAAAAAAAQAA AAsAAAAbAQAAQCTCB3mIADAaAQAAAAAAAAEAAAAKAAAAAAAAAAAAgAd5iAAwGgEAAAAAAAACAAAA CAAAAAAAAAAAAIAHeYgAMBoxAAAAAAAAAQAAAAYAAAAAAAAAAACIB3mIADAaMQAAAAAAAAEAAAAH AAAAGwEAAEAkwgd5iAAwGjEAAAAAAAABAAAABgAAAAAAAAAAAIAHecgAMBoxAAAAAAAAAQAAAAUA AAAAAAAAAACAB3mIADAaMQAAAAAAAAEAAAAEAAAAAAAAAAAAiAd5iAAwGjEAAAAAAAACAAAAAgAA AAAAAAAAAIgHmAAAAAAwAAAAAAAAAIAAAACAAAAAAAAAAAAAB5gAAAAAMAAAAAAAAACAAAAAgAAA AAAAAACAAAd5yAAwADAAAAAAAAABAAAAAAAAAAAAAAAAAAAHCAAAAAAwAAAAAAAAAAAAAAAABjAT AAAAAAAABwAGAACAJQAAuDEAAP82AAAnPAAADj8AAHVIAADXWQAANYAAAEuAAABBAAAATAAAAFIA AABVAAAAWAAAAFsAAABeAAAAYwAAAHEAAAAABgAA7QwAAK0QAABbFQAAGRYAAGQbAACUIAAA2yQA ABwlAABcJQAAjyUAAIwnAAAFKwAARTEAAAszAAC8NAAAlTcAAIk6AADNPAAADz8AALJCAAAwRgAA JkoAAMdPAADHVAAAGFkAANpZAAABXQAA9V8AAPJjAAACZwAAq2sAACBxAAA7dAAAUHUAAP51AAAe dwAA6XcAAMl9AABLgAAAQgAAAEQAAABFAAAARgAAAEcAAABIAAAASQAAAEoAAABLAAAATQAAAE4A AABPAAAAUAAAAFEAAABTAAAAVAAAAFYAAABXAAAAWQAAAFoAAABcAAAAXQAAAF8AAABgAAAAYQAA AGIAAABkAAAAZQAAAGYAAABnAAAAaAAAAGkAAABqAAAAawAAAGwAAABtAAAAbgAAAG8AAABwAAAA AAYAAEqAAABDAAAADwAA8DgAAAAAAAbwGAAAAAIIAAACAAAAAQAAAAEAAAABAAAAAgAAAEAAHvEQ AAAA//8AAAAA/wCAgIAA9wAAEAAPAALwkgAAABAACPAIAAAAAQAAAAEEAAAPAAPwMAAAAA8ABPAo AAAAAQAJ8BAAAAAAAAAAAAAAAAAAAAAAAAAAAgAK8AgAAAAABAAABQAAAA8ABPBCAAAAEgAK8AgA AAABBAAAAA4AAFMAC/AeAAAAvwEAABAAywEAAAAA/wEAAAgABAMJAAAAPwMBAAEAAAAR8AQAAAAB AAAA//8OAAAABgCD2RwKEQABACyvjAMGAITZHAoIAAEANB2DBQYAhdkcChEAAQC0Ro4DBgCG2RwK EQABABQwGAAGAIfZHAoRAAEAVDAYAAYAiNkcCggAAQD8Q4MFBgCJ2RwKCQABAKxEgwUGAIrZHAoI AAIAVFqBBQYAi9kcCggAAQDUrY8DBgCM2RwKEQABAPxNjwMGAI3ZHAoIAAEAhLWBBQYAjtkcCgkA AQDsWoEFBgCP2RwKCQABAKzYIgAGAJDZHAoRAAEAJGyPAyIpAAAiKQAAKCkAACopAAAwKQAArC4A AKwuAAA0bgAAWW4AAFluAABybgAAcm4AAH1uAACBbgAATHgAAAAAAAACAAEAAAACAAIAAAACAAMA AAADAAQAAAABAAUAAAACAAYAAAACAAcAAAABAAgAAAACAAkAAAACAAwAAAACAAoAAAACAAsAAAAC AA0AAAACACcpAAAtKQAALSkAAC8pAAA1KQAAsS4AALEuAABBbgAAb24AAG9uAAB7bgAAf24AAIZu AACGbgAATHgAAAAAAQABAAEAAgABAAMAAAAEAAAABQAAAAYAAAAHAAAACAAAAAkAAAALAAEADAAB AAoAAAANAAAACQAAAFYAAAANAAAAKoB1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTpz bWFydHRhZ3MFgHBsYWNlHYBodHRwOi8vd3d3LjVpYW50bGF2YWxhbXAuY29tL2gAAAAIAAAAKoB1 cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTpzbWFydHRhZ3MEgENpdHkwgGh0dHA6Ly93 d3cuNWlhbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOnNtYXJ0dGFncz0AAAAOAAAAKoB1cm46c2No ZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTpzbWFydHRhZ3MJgFBsYWNlTmFtZQCAPQAAAAwAAAAq gHVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOnNtYXJ0dGFncwmAUGxhY2VUeXBlAIA7 AAAABgAAACqAdXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6c21hcnR0YWdzB4BhZGRy ZXNzAIBWAAAABwAAACqAdXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6c21hcnR0YWdz CoBQZXJzb25OYW1lGIBodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20+AAAAAQAAACqAdXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6c21hcnR0YWdzCoBQb3N0YWxDb2RlAIA6AAAABQAAACqA dXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6c21hcnR0YWdzBoBTdHJlZXQAgGkAAAAC AAAAKoB1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTpzbWFydHRhZ3MFgFN0YXRlMIBo dHRwOi8vd3d3LjVpYW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTpzbWFydHRhZ3MMAAABqFedAgAA AAAOAAAAAAANAAAAAAAMAAAAAAAOAAAAAAAMAAAAAAANAAAAAAAIAAAAAAAHAAAAAAAGAAAAAAAF AAAAAAANAAAAAAAIAAAAAAACAAAAAAABAAAAAAD//wEACgAAAAABL+GEB//////sMwAAOHgAAAAA AADuMwAAOHgAAAAAAACFAAAAiwAAANUAAADdAAAASQQAAFIEAAAgCAAAKAgAADoIAAA+CAAABgoA AAkKAADfCgAA6AoAAHoNAACCDQAALg4AADMOAAChDgAApQ4AANUOAADYDgAAMhMAADkTAAA5FwAA QRcAAFMXAABXFwAAEB4AABUeAACgHwAAqB8AAE4+AABTPgAA8D8AAPY/AAB/QAAAhEAAAHBBAAB1 QQAAX0UAAGJFAABrRQAAbkUAAIBaAACMWgAAFVwAABlcAACFYwAAiWMAAMtrAADPawAA124AAOtu AADubgAA8G4AAPRuAAATbwAANngAAEx4AAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAc AAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwA BwAcAAcAHAAHABwABwAcAAcABQAHAAUABwAFAAcABwAAAAAAtwEAANcBAAA3AgAAQQIAAHwCAACA AgAAwgIAAMcCAABMAwAAgQMAAJADAACVAwAA0wMAANoDAAAoBAAAKwQAAHAEAAB0BAAAsgQAALoE AAAaBgAAHQYAAH4GAACJBgAAjQYAAJMGAADWBgAA4AYAABwHAAAfBwAAXQcAAGUHAACiBwAAqgcA AOcHAAAUCAAAWwkAAGUJAACoCQAAswkAAPEJAAD6CQAAfwoAAJAKAADICgAA2QoAADUMAABBDAAA fgwAAIwMAABbDgAAZg4AAKAOAADaDgAA6A4AAO4OAAByDwAAdw8AALYPAADFDwAADhAAABcQAAAq EAAANRAAAHMQAAB4EAAAvBAAAL4QAADXEAAA3hAAACIRAAAnEQAASxEAAFIRAAAUEgAAHBIAAJsS AACiEgAA4RIAAO0SAABnEwAAchMAAK4TAAC1EwAAuxMAAMYTAAABFAAAChQAAEYUAABLFAAAixQA AJgUAADTFAAA2xQAAFYVAABcFQAAnRUAAKAVAADkFQAA5xUAAB4WAAAqFgAAZRYAAG8WAACpFgAA tRYAAO8WAAD2FgAAEBgAABMYAABVGAAAWxgAAJcYAACfGAAA3RgAAOcYAAAiGQAAJhkAAGIZAABt GQAAuhkAAL4ZAAABGgAABRoAAEgaAABXGgAAkBoAAJ0aAADZGgAA4BoAAKYbAACxGwAANBwAADkc AAClHAAArxwAAFceAABbHgAAUx8AAFofAADgIgAA5CIAAN0jAADhIwAAKyQAAC8kAAB5JAAAfSQA AMckAADLJAAA3yQAAOMkAAAtJQAAMSUAAIklAACNJQAAJSYAACkmAABhJgAAZSYAAP0mAAABJwAA WycAAFwnAACPKQAAkykAAAYqAAAJKgAATyoAAF0qAADMKgAA1CoAABErAAAbKwAAWS0AAHUtAACe LQAApi0AAF4vAABnLwAA4S8AAOYvAACNMAAAlDAAAO4wAAD5MAAARDEAAE8xAAALNAAADTQAAHg0 AACDNAAAujQAAMs0AAAcNQAAIDUAAIk2AACTNgAAXTcAAGE3AADMOAAA0TgAAAY5AAAPOQAAXzkA AGY5AAACOgAABjoAAJg7AACfOwAAqjwAALQ8AADvPAAA9zwAAII9AACKPQAABT4AAAc+AABYPwAA XT8AAMFAAADKQAAA/kEAAAhCAAByQgAAdEIAALVCAAC8QgAA/EIAAP9CAABBQwAARUMAAIJDAACM QwAA90MAAAREAAA+RAAAQUQAAINEAACKRAAAyUQAAMxEAAAVRgAAJ0YAAMxHAADQRwAAN0kAAE5J AADQSQAA1kkAABVKAAAfSgAAVkoAAF5KAACaSgAAoUoAAMxMAADXTAAAP00AAEJNAACGTQAAjU0A ABBOAAAVTgAAU04AAFpOAACbTgAAn04AACVPAAApTwAAnU8AAKZPAAACUAAACVAAAElQAABTUAAA kFAAAJNQAADUUAAA21AAABtRAAAkUQAAY1EAAGVRAAC1UwAAwVMAAPhTAAD/UwAAQFQAAEJUAACG VAAAkVQAAMdUAADPVAAAm1UAAKlVAAC2VQAAx1UAALFWAAC0VgAAz1YAANVWAADzVgAA+VYAAGJX AABoVwAAiVcAAI9XAAD4VwAA/lcAABxYAAAiWAAAnlgAAK9YAAAKWQAAFVkAALBZAAC2WQAA+FkA APxZAAAaWgAAIFoAAGBaAAB4WgAAqFoAALJaAADtWgAAA1sAAAhbAAAOWwAATlsAAFpbAACOWwAA mVsAAIpcAACRXAAA0FwAANZcAACIXQAAjl0AAKxdAACyXQAAIF4AACZeAACNXgAAk14AALVeAAC7 XgAA3V4AAONeAACmXwAArl8AAOlfAADxXwAAMmAAADpgAAByYAAAe2AAALhgAADCYAAA/2AAAAdh AABuYQAAdWEAAPJhAAD8YQAAN2IAAD1iAAD6YwAAAGQAAD9kAABDZAAAiGQAAItkAADLZAAA0WQA AEVlAABMZQAAjGUAAJVlAADRZQAA2mUAAFdmAABfZgAAn2YAAKhmAADeZgAA62YAACFnAAAnZwAA rWcAALFnAABDaAAAS2gAANFoAADTaAAABGoAACVqAAAgawAAT2sAAPxuAAAQbwAAFG8AABVvAAAZ bwAAKG8AAHpwAACBcAAAwXAAAMVwAAAHcQAADHEAAE1xAABRcQAAlnEAAJhxAAA8cgAARnIAAIBy AACHcgAAyXIAAM1yAAAFcwAAEnMAALJzAAC8cwAA9nMAAPxzAABPdgAAkXYAALp2AAC9dgAA9HYA APZ2AAA5dwAAP3cAADZ4AABMeAAABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMA BwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAH ADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcA MwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAz AAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMA BwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAH ADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcA MwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAz AAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMA BwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAH ADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcA MwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAz AAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMA BwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAH ADMABwAzAAcAMwAHADMABwAzAAcAMwAHAAUABwAFAAcABQAHADMABwAzAAcAMwAHADMABwAzAAcA MwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHAAcAAAAAAAE7AABSOwAA2lEA AN5RAACbVQAAs1UAAP93AAA1eAAANngAAEh4AABMeAAABwAFAAcABQAHAAUABwAFAAcABQAHAAAA AAA2eAAATHgAAAcABwADADp33SCImMBy/w//D/8P/w//D/8P/w//D/8PEAC3D8Mz2AVItf8P/w// D/8P/w//D/8P/w//DxAA+HBfb1zN+JIoACYAAwAEAAUABgAHAAgACQAAAAEAAAAXAAAAAAAAAAAA AABoAQAAAAAAABUYAAAPhNACEYSY/hXGBQAB0AIGXoTQAmCEmP5PSgEAUUoBAG8oAIdoAAAAAIhI AAABALfwAQAAAASAAQAAAAAAAAAAAAAAAAAAAAAAChgAAA+EoAURhJj+FcYFAAGgBQZehKAFYISY /odoAAAAAIhIAAACAAEALgABAAAAAoIBAAAAAAAAAAAAAAAAAAAAAAAKGAAAD4RwCBGETP8VxgUA AXAIBl6EcAhghEz/h2gAAAAAiEgAAAIAAgAuAAEAAAAAgAEAAAAAAAAAAAAAAAAAAAAAAAoYAAAP hEALEYSY/hXGBQABQAsGXoRAC2CEmP6HaAAAAACISAAAAgADAC4AAQAAAASAAQAAAAAAAAAAAAAA AAAAAAAAChgAAA+EEA4RhJj+FcYFAAEQDgZehBAOYISY/odoAAAAAIhIAAACAAQALgABAAAAAoIB AAAAAAAAAAAAAAAAAAAAAAAKGAAAD4TgEBGETP8VxgUAAeAQBl6E4BBghEz/h2gAAAAAiEgAAAIA BQAuAAEAAAAAgAEAAAAAAAAAAAAAAAAAAAAAAAoYAAAPhLATEYSY/hXGBQABsBMGXoSwE2CEmP6H aAAAAACISAAAAgAGAC4AAQAAAASAAQAAAAAAAAAAAAAAAAAAAAAAChgAAA+EgBYRhJj+FcYFAAGA FgZehIAWYISY/odoAAAAAIhIAAACAAcALgABAAAAAoIBAAAAAAAAAAAAAAAAAAAAAAAKGAAAD4RQ GRGETP8VxgUAAVAZBl6EUBlghEz/h2gAAAAAiEgAAAIACAAuAAEAAAAAAAEAAAAAAAAAAAAAAAAA AAAAAAMYAAAPhEgDEYQg/hXGBQABSAMGXoRIA2CEIP5vKAACAAAALgABAAAABIABAAAAAAAAAAAA AAAAAAAAAAAKGAAAD4SgBRGEmP4VxgUAAaAFBl6EoAVghJj+h2gAAAAAiEgAAAIAAQAuAAEAAAAC ggEAAAAAAAAAAAAAAAAAAAAAAAoYAAAPhHAIEYRM/xXGBQABcAgGXoRwCGCETP+HaAAAAACISAAA AgACAC4AAQAAAACAAQAAAAAAAAAAAAAAAAAAAAAAChgAAA+EQAsRhJj+FcYFAAFACwZehEALYISY /odoAAAAAIhIAAACAAMALgABAAAABIABAAAAAAAAAAAAAAAAAAAAAAAKGAAAD4QQDhGEmP4VxgUA ARAOBl6EEA5ghJj+h2gAAAAAiEgAAAIABAAuAAEAAAACggEAAAAAAAAAAAAAAAAAAAAAAAoYAAAP hOAQEYRM/xXGBQAB4BAGXoTgEGCETP+HaAAAAACISAAAAgAFAC4AAQAAAACAAQAAAAAAAAAAAAAA AAAAAAAAChgAAA+EsBMRhJj+FcYFAAGwEwZehLATYISY/odoAAAAAIhIAAACAAYALgABAAAABIAB AAAAAAAAAAAAAAAAAAAAAAAKGAAAD4SAFhGEmP4VxgUAAYAWBl6EgBZghJj+h2gAAAAAiEgAAAIA BwAuAAEAAAACggEAAAAAAAAAAAAAAAAAAAAAAAoYAAAPhFAZEYRM/xXGBQABUBkGXoRQGWCETP+H aAAAAACISAAAAgAIAC4AAQAAAAAAAQAAAAAAAAAAAQAAAAAAAAAAAxAAAA+EsAERhFD+XoSwAWCE UP5vKAACAAAALgABAAAAAAABAwAAAAAAAAABAAAAAAAAAAADEAAAD4RAAhGEwP1ehEACYITA/W8o AAMAAAAuAAEAAQAAAAAAAQMFAAAAAAAAAAAAAAAAAAAAAxgAAA+E0AIRhDD9FcYFAAHQAgZehNAC YIQw/W8oAAUAAAAuAAEALgACAAEAAAAAAAEDBQcAAAAAAAAAAAAAAAAAAAMYAAAPhGADEYSg/BXG BQABYAMGXoRgA2CEoPxvKAAHAAAALgABAC4AAgAuAAMAAQAAAAAAAQMFBwkAAAAAAAAAAAAAAAAA AxgAAA+E8AMRhBD8FcYFAAHwAwZehPADYIQQ/G8oAAkAAAAuAAEALgACAC4AAwAuAAQAAQAAAAAA AQMFBwkLAAAAAAAAAAAAAAAAAxgAAA+EgAQRhID7FcYFAAGABAZehIAEYISA+28oAAsAAAAuAAEA LgACAC4AAwAuAAQALgAFAAEAAAAAAAEDBQcJCw0AAAAAAAAAAAAAAAMYAAAPhBAFEYTw+hXGBQAB EAUGXoQQBWCE8PpvKAANAAAALgABAC4AAgAuAAMALgAEAC4ABQAuAAYAAQAAAAAAAQMFBwkLDQ8A AAAAAAAAAAAAAxgAAA+EoAURhGD6FcYFAAGgBQZehKAFYIRg+m8oAA8AAAAuAAEALgACAC4AAwAu AAQALgAFAC4ABgAuAAcAAQAAAAAAAQMFBwkLDQ8RAAAAAAAAAAAAAxgAAA+EMAYRhND5FcYFAAEw BgZehDAGYITQ+W8oABEAAAAuAAEALgACAC4AAwAuAAQALgAFAC4ABgAuAAcALgAIABQAAAD4cF9v AAAAAAAAAAAAAAAA+HBfbwAAAAAAAAAAAAAAAPhwX28AAAAAAAAAAAAAAAD4cF9vAAAAAAAAAAAA AAAA+HBfbwAAAAAAAAAAAAAAAPhwX28AAAAAAAAAAAAAAAD4cF9vAAAAAAAAAAAAAAAA+HBfbwAA AAAAAAAAAAAAAPhwX28AAAAAAAAAAAAAAAD4cF9vAAAAAAAAAAAAAAAA+HBfbwAAAAAAAAAAAAAA APhwX28AAAAAAAAAAAAAAAD4cF9vAAAAAAAAAAAAAAAA+HBfbwAAAAAAAAAAAAAAAPhwX28AAAAA AAAAAAAAAAD4cF9vAAAAAAAAAAAAAAAA+HBfbwAAAAAAAAAAAAAAAPhwX28AAAAAAAAAAAAAAAC3 D8MzAAAAAAAAAAAAAAAAOnfdIAAAAAAAAAAAAAAHBv////////////////////////////////// //////////////////////////////////////////////////////////////////////////8D AAAAAAAAAAAA//8DAAAAEgABAAkEGQAJBBsACQQPAAkEGQAJBBsACQQPAAkEGQAJBBsACQQSAJIo ehIZAAkEGwAJBA8ACQQZAAkEGwAJBA8ACQQZAAkEGwAJBAAAFAAAAAQAAAAIAAAA5QAAAAAAAAAT AAAAew4VAHUQMgD1GzkAPAI9ABcdXAA2PF8AYAliAHY5ZQCzKWoAXBByAElQfABVKqMAdBKsACNs swBDBLgA51HLAEVoywAdGtkAqyfiAGN39gD/QAOAAQBrUwAAa1MAAJhaJwIBAAEAa1MAAAEAAABr UwAAAAAAAAIQAAAAAAAAAEt4AABwAAAQAEAAAP//AgAAAAcAVQBuAGsAbgBvAHcAbgAQAE4AYQBu AGMAeQAgAEMAYQBtAC0AVwBpAG4AZwBlAHQA//8CAAgAAAAAAAAAAAAAAAAAAAAAAAAAAQD//wIA AAAAAAAA//8AAAIA//8AAAAA//8AAAIA//8AAAAACgAAAEcWkAEAAAICBgMFBAUCAwSHegAgAAAA gAgAAAAAAAAA/wEAAAAAAABUAGkAbQBlAHMAIABOAGUAdwAgAFIAbwBtAGEAbgAAADUWkAECAAUF AQIBBwYCBQcAAAAAAAAAEAAAAAAAAAAAAAAAgAAAAABTAHkAbQBiAG8AbAAAADMmkAEAAAILBgQC AgICAgSHegAgAAAAgAgAAAAAAAAA/wEAAAAAAABBAHIAaQBhAGwAAAAzFpABAAACAgYDBQQFAgME h3oAIAAAAIAIAAAAAAAAAP8BAAAAAAAAVABpAG0AZQBzAAAAOwaQAQIABQAAAAAAAAAAAAAAAAAA AAAQAAAAAAAAAAAAAACAAAAAAFcAaQBuAGcAZABpAG4AZwBzAAAAOxaQAYEHAgMGAAABAQEBAa8C ALD7fNdpMAAAAAAAAACfAAgAAAAAAEIAYQB0AGEAbgBnAAAAFLzV0AAANSaQAQAAAgsGBAMFBAQC BId6ACEAAACACAAAAAAAAAD/AQEAAAAAAFQAYQBoAG8AbQBhAAAAOyaQAQAAAgsGBAICAgICBId6 ACAAAACACAAAAAAAAAD/AQAAAAAAAEgAZQBsAHYAZQB0AGkAYwBhAAAAPzWQAQAAAgcDCQICBQIE BId6ACAAAACACAAAAAAAAAD/AQAAAAAAAEMAbwB1AHIAaQBlAHIAIABOAGUAdwAAADsCkAGGBwIB BgADAQEBAQEBAAAAAAAOCBAAAAAAAAAAAAAEAAAAAABTAGkAbQBTAHUAbgAAAItbU08AACIABABx iIgYAPDQAgAAaAEAAAAAatyhpoHdoaYAAAAACgB9AAAA8REAAEVmAAABAD0AAAAEAAMQ2gAAAPER AABFZgAAAQA9AAAA2gAAAAAAAAAhAwDwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnBaAF tAC0AIGBMjQAABAAGQBkAAAAGQAAAPl3AAD5dwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAUyg1EA8BAACAADAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASFAAAAAAKPD/DwEAAT8AAAAAAADbHAAA////f////38A AAAA////f////3////9/NjxfAAAAAAAyAAAAAAAAAAAAAAAAAAEAAAD//xIAAAAAAAAAAAAAAAAA AAAQAE4AYQBuAGMAeQAgAEMAYQBtAC0AVwBpAG4AZwBlAHQAEABOAGEAbgBjAHkAIABDAGEAbQAt AFcAaQBuAGcAZQB0AAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAYAAAADAAAAAAAMAAEADAACAAwA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+ /wAABQACAAAAAAAAAAAAAAAAAAAAAAABAAAA4IWf8vlPaBCrkQgAKyez2TAAAACEAQAAEQAAAAEA AACQAAAAAgAAAJgAAAADAAAApAAAAAQAAACwAAAABQAAAMwAAAAGAAAA2AAAAAcAAADkAAAACAAA APgAAAAJAAAAFAEAABIAAAAgAQAACgAAAEABAAAMAAAATAEAAA0AAABYAQAADgAAAGQBAAAPAAAA bAEAABAAAAB0AQAAEwAAAHwBAAACAAAA5AQAAB4AAAAEAAAAAAAAAB4AAAAEAAAAAAAAAB4AAAAU AAAATmFuY3kgQ2FtLVdpbmdldAAAAAAeAAAABAAAAAAAAAAeAAAABAAAAAAAAAAeAAAADAAAAE5v cm1hbC5kb3QAAB4AAAAUAAAATmFuY3kgQ2FtLVdpbmdldAAAAAAeAAAABAAAADEwAAAeAAAAGAAA AE1pY3Jvc29mdCBPZmZpY2UgV29yZAAAAEAAAAAALll2EQAAAEAAAAAAZN4HrCPGAUAAAAAANm42 0CPGAQMAAAABAAAAAwAAAPERAAADAAAARWYAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/v8AAAUAAgAA AAAAAAAAAAAAAAAAAAAAAQAAAALVzdWcLhsQk5cIACss+a4wAAAA+AAAAAwAAAABAAAAaAAAAA8A AABwAAAABQAAAIwAAAAGAAAAlAAAABEAAACcAAAAFwAAAKQAAAALAAAArAAAABAAAAC0AAAAEwAA ALwAAAAWAAAAxAAAAA0AAADMAAAADAAAANkAAAACAAAA5AQAAB4AAAAUAAAAQ2lzY28gU3lzdGVt cywgSW5jLgADAAAA2gAAAAMAAAA9AAAAAwAAAPl3AAADAAAARxYLAAsAAAAAAAAACwAAAAAAAAAL AAAAAAAAAAsAAAAAAAAAHhAAAAEAAAABAAAAAAwQAAACAAAAHgAAAAYAAABUaXRsZQADAAAAAQAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAACAAAAAwAAAAQAAAAF AAAABgAAAAcAAAAIAAAACQAAAAoAAAALAAAADAAAAA0AAAAOAAAADwAAABAAAAARAAAAEgAAABMA AAAUAAAAFQAAABYAAAAXAAAAGAAAABkAAAAaAAAAGwAAABwAAAAdAAAAHgAAAB8AAAAgAAAAIQAA ACIAAAAjAAAAJAAAACUAAAAmAAAAJwAAACgAAAApAAAAKgAAACsAAAAsAAAALQAAAC4AAAAvAAAA MAAAADEAAAAyAAAAMwAAADQAAAA1AAAANgAAADcAAAA4AAAAOQAAADoAAAA7AAAAPAAAAD0AAAA+ AAAAPwAAAEAAAABBAAAAQgAAAEMAAABEAAAARQAAAEYAAABHAAAASAAAAEkAAABKAAAASwAAAEwA AABNAAAATgAAAE8AAABQAAAAUQAAAFIAAABTAAAAVAAAAFUAAABWAAAAVwAAAFgAAABZAAAAWgAA AFsAAABcAAAAXQAAAF4AAABfAAAAYAAAAGEAAABiAAAAYwAAAGQAAABlAAAAZgAAAGcAAABoAAAA aQAAAGoAAABrAAAAbAAAAG0AAABuAAAAbwAAAHAAAABxAAAAcgAAAP7///90AAAAdQAAAHYAAAB3 AAAAeAAAAHkAAAB6AAAAewAAAHwAAAB9AAAAfgAAAH8AAACAAAAAgQAAAIIAAACDAAAAhAAAAIUA AACGAAAAhwAAAIgAAACJAAAAigAAAIsAAACMAAAAjQAAAI4AAACPAAAAkAAAAJEAAACSAAAAkwAA AJQAAACVAAAAlgAAAJcAAACYAAAAmQAAAJoAAACbAAAAnAAAAJ0AAACeAAAAnwAAAKAAAAChAAAA ogAAAKMAAACkAAAApQAAAKYAAACnAAAAqAAAAKkAAACqAAAAqwAAAKwAAACtAAAArgAAAK8AAACw AAAAsQAAALIAAACzAAAAtAAAALUAAAC2AAAAtwAAALgAAAC5AAAAugAAALsAAAC8AAAAvQAAAL4A AAC/AAAAwAAAAMEAAADCAAAAwwAAAMQAAADFAAAAxgAAAMcAAADIAAAAyQAAAMoAAADLAAAAzAAA AM0AAADOAAAAzwAAANAAAADRAAAA0gAAANMAAADUAAAA1QAAANYAAADXAAAA2AAAANkAAADaAAAA 2wAAANwAAADdAAAA3gAAAN8AAADgAAAA4QAAAOIAAADjAAAA/v///+UAAADmAAAA5wAAAOgAAADp AAAA6gAAAOsAAAD+////7QAAAO4AAADvAAAA8AAAAPEAAADyAAAA8wAAAP7////9/////f////cA AAD+/////v////7///////////////////////////////////9SAG8AbwB0ACAARQBuAHQAcgB5 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFgAFAf////////// AwAAAAYJAgAAAAAAwAAAAAAAAEYAAAAAAAAAAAAAAADAEoBB0CPGAfkAAACAAAAAAAAAADEAVABh AGIAbABlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAOAAIB/////wUAAAD/////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcwAA AKvgAAAAAAAAVwBvAHIAZABEAG8AYwB1AG0AZQBuAHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAABoAAgEBAAAA//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAANOQAAAAAAAAFAFMAdQBtAG0AYQByAHkASQBuAGYAbwByAG0AYQB0AGkA bwBuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAACAQIAAAAEAAAA/////wAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOQAAAAAEAAAAAAAAAUARABvAGMAdQBtAGUAbgB0AFMA dQBtAG0AYQByAHkASQBuAGYAbwByAG0AYQB0AGkAbwBuAAAAAAAAAAAAAAA4AAIB//////////// ////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7AAAAAAQAAAAAAAAAQBDAG8A bQBwAE8AYgBqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ABIAAgD///////////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA cQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAP///////////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA////////////////AAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAP7///////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////8BAP7/AwoAAP////8GCQIAAAAAAMAA AAAAAABGHwAAAE1pY3Jvc29mdCBPZmZpY2UgV29yZCBEb2N1bWVudAAKAAAATVNXb3JkRG9jABAA AABXb3JkLkRvY3VtZW50LjgA9DmycQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFIAbwBvAHQAIABFAG4AdAByAHkAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWAAUB//////////8DAAAA BgkCAAAAAADAAAAAAAAARgAAAAAAAAAAAAAAAAD2fpHgKMYB/wAAAMADAAAAAAAAMQBUAGEAYgBs AGUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4A AgH/////BQAAAP////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABzAAAAq+AA AAAAAABXAG8AcgBkAEQAbwBjAHUAbQBlAG4AdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAGgACAQEAAAD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAA05AAAAAAAAAUAUwB1AG0AbQBhAHIAeQBJAG4AZgBvAHIAbQBhAHQAaQBvAG4A AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAIBAgAAAAQAAAD/////AAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAA5AAAAAAQAAAAAAAAgQAAAIIAAACDAAAAhAAAAIUAAACGAAAA hwAAAIgAAACJAAAAigAAAIsAAACMAAAAjQAAAI4AAACPAAAAkAAAAJEAAACSAAAAkwAAAJQAAACV AAAAlgAAAJcAAACYAAAAmQAAAJoAAACbAAAAnAAAAJ0AAACeAAAAnwAAAKAAAAChAAAAogAAAKMA AACkAAAApQAAAKYAAACnAAAAqAAAAKkAAACqAAAAqwAAAKwAAACtAAAArgAAAK8AAACwAAAAsQAA ALIAAACzAAAAtAAAALUAAAC2AAAAtwAAALgAAAC5AAAAugAAALsAAAC8AAAAvQAAAL4AAAC/AAAA wAAAAMEAAADCAAAAwwAAAMQAAADFAAAAxgAAAMcAAADIAAAAyQAAAMoAAADLAAAAzAAAAM0AAADO AAAAzwAAANAAAADRAAAA0gAAANMAAADUAAAA1QAAANYAAADXAAAA2AAAANkAAADaAAAA2wAAANwA AADdAAAA3gAAAN8AAADgAAAA4QAAAOIAAADjAAAA/v///+UAAADmAAAA5wAAAOgAAADpAAAA6gAA AOsAAAD+///////////////////////////////////////////////9//////////////////// ///////////+AAAA/f////7////+/////v////0AAAABAAAA/v///wMAAAAEAAAABQAAAAYAAAAH AAAACAAAAAkAAAAKAAAACwAAAAwAAAANAAAADgAAAP7///////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////7QBAAAFAAAAAgAAABQAAABfAEEAZABIAG8A YwBSAGUAdgBpAGUAdwBDAHkAYwBsAGUASQBEAAAAAwAAABAAAABfAE4AZQB3AFIAZQB2AGkAZQB3 AEMAeQBjAGwAZQAAAAQAAAAOAAAAXwBFAG0AYQBpAGwAUwB1AGIAagBlAGMAdAAAAAUAAAANAAAA XwBBAHUAdABoAG8AcgBFAG0AYQBpAGwAAAAAAAYAAAAYAAAAXwBBAHUAdABoAG8AcgBFAG0AYQBp AGwARABpAHMAcABsAGEAeQBOAGEAbQBlAAAAAgAAALAEAAATAAAACQQAAAMAAAAdSdKkHwAAAAEA AAAAAAAAHwAAABoAAABbAEMAYQBwAHcAYQBwAF0AIABsAHcAYQBwAHAALQBkAHQAbABzACAAZQBk AGkAdABzAAAAHwAAABMAAABuAGMAYQBtAHcAaQBuAGcAQABjAGkAcwBjAG8ALgBjAG8AbQAAAAAA HwAAABgAAABOAGEAbgBjAHkAIABXAGkAbgBnAGUAdAAgACgAbgBjAGEAbQB3AGkAbgBnACkAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQBEAG8AYwB1AG0AZQBuAHQAUwB1AG0AbQBh AHIAeQBJAG4AZgBvAHIAbQBhAHQAaQBvAG4AAAAAAAAAAAAAADgAAgH///////////////8AAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAKAMAAAAAAAABAEMAbwBtAHAATwBi AGoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgACAP// /////////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABxAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAA////////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD///////////////8AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAP7/AwoAAP////8GCQIAAAAAAMAAAAAAAABG HwAAAE1pY3Jvc29mdCBPZmZpY2UgV29yZCBEb2N1bWVudAAKAAAATVNXb3JkRG9jABAAAABXb3Jk LkRvY3VtZW50LjgA9DmycQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7/AAAFAAIAAAAAAAAA AAAAAAAAAAAAAAIAAAAC1c3VnC4bEJOXCAArLPmuRAAAAAXVzdWcLhsQk5cIACss+a48AQAA+AAA AAwAAAABAAAAaAAAAA8AAABwAAAABQAAAIwAAAAGAAAAlAAAABEAAACcAAAAFwAAAKQAAAALAAAA rAAAABAAAAC0AAAAEwAAALwAAAAWAAAAxAAAAA0AAADMAAAADAAAANkAAAACAAAA5AQAAB4AAAAU AAAAQ2lzY28gU3lzdGVtcywgSW5jLgADAAAA2gAAAAMAAAA9AAAAAwAAAPl3AAADAAAARxYLAAsA AAAAAAAACwAAAAAAAAALAAAAAAAAAAsAAAAAAAAAHhAAAAEAAAABAAAAAAwQAAACAAAAHgAAAAYA AABUaXRsZQADAAAAAQAAAADsAQAACAAAAAAAAABIAAAAAQAAACQBAAAAAACALAEAAAIAAAA0AQAA AwAAADwBAAAEAAAASAEAAAUAAACEAQAABgAAAA== ------_=_NextPart_001_01C628E0.9274BA91 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Disposition: inline Content-Transfer-Encoding: 7bit _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap ------_=_NextPart_001_01C628E0.9274BA91-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Fri Feb 03 18:30:06 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F5ANR-0006Bu-VS for capwap-archive@megatron.ietf.org; Fri, 03 Feb 2006 18:30:06 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA26434 for ; Fri, 3 Feb 2006 18:28:16 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 337EB4300C5 for ; Fri, 3 Feb 2006 15:29:48 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 6BF3343004F for ; Fri, 3 Feb 2006 15:29:23 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 544FB398031 for ; Fri, 3 Feb 2006 15:29:23 -0800 (PST) Received: from pop-satin.atl.sa.earthlink.net (pop-satin.atl.sa.earthlink.net [207.69.195.63]) by zoidberg.tigertech.net (Postfix) with ESMTP id 62DB7398061 for ; Fri, 3 Feb 2006 15:29:21 -0800 (PST) Received: from elwamui-karabash.atl.sa.earthlink.net ([209.86.224.37]) by pop-satin.atl.sa.earthlink.net with esmtp (Exim 3.36 #10) id 1F5AMe-0006hN-00; Fri, 03 Feb 2006 18:29:16 -0500 Message-ID: <11149739.1139009356690.JavaMail.root@elwamui-karabash.atl.sa.earthlink.net> Date: Fri, 3 Feb 2006 15:29:16 -0800 (GMT-08:00) From: "Scott G. Kelly" To: "Pat Calhoun (pacalhou)" , Capwap@frascone.com Subject: Re: FW: [Capwap] lwapp-dtls edits Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailer: EarthLink Zoo Mail 1.0 X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Scott G. Kelly" List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: 7bit Just wanted to ack Sue's and Nancy's comments - I've been slammed for the last week, and Eric and I expect to get to this over the weekend... -----Original Message----- >From: "Pat Calhoun (pacalhou)" >Sent: Feb 3, 2006 8:10 AM >To: Capwap@frascone.com >Subject: FW: [Capwap] lwapp-dtls edits > >Re-sending for Nancy. > >Pat Calhoun >CTO, Wireless Networking Business Unit >Cisco Systems > > > >> -----Original Message----- >> From: Nancy Winget (ncamwing) >> Sent: Saturday, January 28, 2006 3:15 PM >> To: Susan Hares; Scott G. Kelly; capwap >> Cc: Pat Calhoun (pacalhou) >> Subject: RE: [Capwap] lwapp-dtls edits >> >> Scott, >> >> I also could only do a cursory security review of the current >> draft as I need more clarification and elaboration on the >> authentication/authorization enforcement as well as how the >> rekey mechanisms work. Once I have a better understanding of >> those, I think we can close loop on the security review. I >> think my comments are along the same vein as Sue's. >> >> Attached are my comments embedded in the word-(re)formatted draft. >> >> Thanks, >> Nancy. >> >> -----Original Message----- >> From: Susan Hares [mailto:skh@nexthop.com] >> Sent: Friday, January 27, 2006 4:39 PM >> To: Scott G. Kelly; capwap >> Cc: Nancy Winget (ncamwing); Pat Calhoun (pacalhou) >> Subject: RE: [Capwap] lwapp-dtls edits >> >> Scott: >> >> My focus has been the interaction of the DTLS work with the >> LWAPP State machine. The >> draft-kelley-capwap-lwap-dtls-00.txt gave no state machine >> interactions. >> >> The draft-kelley-capwap-lwapp-dtls-01.txt draft gives some >> state machine interactions, and modifies the LWAPP state machine. >> >> However, these state machine interactions do not provide >> guidance on what to do in the DTLS handshake errors, >> fragmentation errors, or alert messages. >> >> I've attached very draft text to guide you in providing the >> next revision. >> (It's a word document - so let me know if that's a problem. >> I turned on the revision history and highlighted the suggested text.) >> >> I'll do a final DTLS and security review once you finalize >> your next revision. >> >> Pat and I went through a few rounds on the state machine of LWAPP to >> reach the current form. Glad to do an early review of your >> text prior >> to release to the working group. >> >> Cheers, >> >> Sue >> >> PS - I used (lwapp-03, dtls-05). >> >> I sent my comments from Nancy Winget (Cisco). She may find more >> issues with the state machine based on conversations we >> had at IEEE. >> >> _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Fri Feb 03 20:25:23 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F5CB1-0000UZ-QL for capwap-archive@megatron.ietf.org; Fri, 03 Feb 2006 20:25:23 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA16308 for ; Fri, 3 Feb 2006 20:23:40 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 83D68430067 for ; Fri, 3 Feb 2006 17:25:16 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 25B0443004F for ; Fri, 3 Feb 2006 17:24:48 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id D00D8398061 for ; Fri, 3 Feb 2006 17:24:47 -0800 (PST) Received: from smtpout1.bayarea.net (smtpout1.BAYAREA.NET [209.128.95.10]) by zoidberg.tigertech.net (Postfix) with ESMTP id C747A39804A for ; Fri, 3 Feb 2006 17:24:45 -0800 (PST) Received: from shell4.bayarea.net (shell4.bayarea.net [209.128.82.1]) by smtpout1.bayarea.net (8.12.10/8.12.10) with ESMTP id k141Ot1l013806 for ; Fri, 3 Feb 2006 17:24:55 -0800 Received: from shell4.bayarea.net (localhost [127.0.0.1]) by shell4.bayarea.net (8.12.11/8.12.11) with ESMTP id k141NqpS013819 for ; Fri, 3 Feb 2006 17:23:52 -0800 Received: from localhost (dperkins@localhost) by shell4.bayarea.net (8.12.11/8.12.11/Submit) with ESMTP id k141Nq8M013816 for ; Fri, 3 Feb 2006 17:23:52 -0800 X-Authentication-Warning: shell4.bayarea.net: dperkins owned process doing -bs Date: Fri, 3 Feb 2006 17:23:52 -0800 (PST) From: "David T. Perkins" X-Sender: dperkins@shell4.bayarea.net To: Capwap@frascone.com Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Subject: [Capwap] Problems with setting initial config X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com HI, In the state machine (figure 2 in LWAPP-02), the WTP in state "Join-Confirm" has set up a control channel and sends a "Configure Request" to transfer to state "Configure" (as described by label "2"). The "Configure Request" (described in section 7.2) contains message elements that describe the state and configuration of the WTP, plus a little bit of status and statistics. On receiving the "Configure Request" message, an AC responds with a "Configure Response" message (described in section 7.3). The "Configure Response" message may contain overrides of the configuration message elements that may be present in the the "Configuration Request" message. My concern is that a "Configuration Response" message tells the WTP to "change config" and the WTP may not be able to change the config to the specified values, and there is NO WAY for the WTP to tell the AC that the "config change" failed, and why it failed. The AC would implictly know that the "config change" failed because the WTP is suppose to transition to the "Run" state and send a "Change State Event Request" message. When the AC does not get this within the expected time interval, I'm guessing it could figure out what went wrong. The message and state descriptions don't appear to support a failure of the "Configuration Response" message. (Note: on success the WTP sends a "State Change Event Request" and transitions "Run" state. The AC will continue configuring the WTP (if needed) with "Configuration Update Request" messages. On success the message flow looks like: | in Configure state WTP -----Configuration Request------> AC WTP <------Configure Response-------- AC WTP ---Change State Event Request---> AC | to Run state v WTP <--Change State Event Response--- AC WTP <--Configuration Update Request-- AC --| as many as needed WTP --Configuration Update Reponse--> AC --| ...) I believe that the message contents and the causes of the state transitions should be changed to the following: In the "configure" state, the WTP should send a "Configuration Request" message (as currently) described. The AC should respond with a new version of the "Configuration Response" message, which contains no configuration message elements. On receiving the "Configuration Response" message, the WTP stays in the "Configure" state until it receives a "Configuration Update Request" that contains a message element to put it in the run state. Thus, the message flow would look like: | in Configure state WTP -----Configuration Request------> AC WTP <------Configure Response-------- AC WTP <--Configuration Update Request-- AC --| as many as needed WTP --Configuration Update Reponse--> AC --| with last telling WTP to go to Run state WTP ---Change State Event Request---> AC | to Run state v WTP <--Change State Event Response--- AC Regards, /david t. perkins _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Fri Feb 03 21:43:51 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F5DOp-0002AD-8R for capwap-archive@megatron.ietf.org; Fri, 03 Feb 2006 21:43:51 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA24308 for ; Fri, 3 Feb 2006 21:41:54 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 718C543007C for ; Fri, 3 Feb 2006 18:43:31 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id A93EE43004F for ; Fri, 3 Feb 2006 18:42:56 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 942F1398043 for ; Fri, 3 Feb 2006 18:42:56 -0800 (PST) Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [204.127.192.82]) by zoidberg.tigertech.net (Postfix) with ESMTP id 95109398031 for ; Fri, 3 Feb 2006 18:42:52 -0800 (PST) Received: from [192.168.0.3] (c-68-49-199-146.hsd1.md.comcast.net[68.49.199.146]) by comcast.net (rwcrmhc12) with ESMTP id <20060204024245m120077pcae>; Sat, 4 Feb 2006 02:42:51 +0000 Message-ID: <43E41520.5030902@cs.umd.edu> Date: Fri, 03 Feb 2006 21:44:48 -0500 From: Charles Clancy User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: mauricegoodf@aim.com Subject: Re: [Capwap] get WLAN Config message References: <20060203100708.r8y03fffkkgkgww8@webmail.u4eatech.com> <8C7F6C7F3553C1F-8DC-1F48@mblk-d40.sysops.aol.com> In-Reply-To: <8C7F6C7F3553C1F-8DC-1F48@mblk-d40.sysops.aol.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Cc: Philip.Rakity@u4eatech.com, capwap@frascone.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: 7bit Rather than reading back entire configurations, the AC could ask the WTP to send a hash of its configuration back. Perhaps these ACKs could include the hash automatically? Then someone trying to verify configurations could check consistence. If something didn't match, they could upload the correct configuration. Seems like a compromise? [ t. charles clancy ]--[ tcc@umd.edu ]--[ www.cs.umd.edu/~clancy ] [ computer science ]-----[ university of maryland | college park ] mauricegoodf@aim.com wrote: > I agree that NOT having the ability to read the configuration from the > AP is dangerous. While I accept the argument that the configuration on > both the AC and the AP SHOULD be the same, in practice humans are > fallible and bugs will occur. > > I would go so far as to suggest that the AC should not rely on what it > thinks that the AP has been programmed with, but should always read the > updated configuration from the AP. > > Sorry, but I have spent a lot of time in debugging other people's code. > I would sooner nip this bug in the bud. Especially as this will be > more of a problem when the AC and the AP come from different vendors. > And that is what CAPWAP is about. > > > Maurice > > -----Original Message----- > From: Philip.Rakity@u4eatech.com > To: zhaoyujin 31390 > Cc: Philip.Rakity@u4eatech.com; capwap@frascone.com > Sent: Fri, 03 Feb 2006 10:07:08 +0000 > Subject: Re:[Capwap] get WLAN Config message > > Michael, > > How is the AC supposed to know if some configuration error occurs if it > cannot read the configuration? > > Philip > > Quoting zhaoyujin 31390 : > > > Why LWAPP need this? > > > > LWAPP should maintain the consistent configuration between AP and AC. > > All configuration of AP is distributed with LWAPP with AC. If AP > > occurs some configuration error, LWAPP can know this problem and > > should do some operation for it (Maybe reboot AP). > > > > So that, AC does not need to check the AP configuration. > > > > Best regards > > Michael > > > > > >> > >> I would like to go back to my request for an additional message to > >> find > >> out the ssid. I think the spec could be enhanced to allow an > >> OPTIONAL > >> get_wlan_config message from the AC to the WTP. This would occur > >> after > >> the join. This would then allow the AC to know all the > >> information > >> that is configured in the AP since there already is a get_config > >> message. > >> > >> Opinions ? > >> > >> Philip > >> > >> _________________________________________________________________ > >> To unsubscribe or modify your subscription options, please visit: > >> http://lists.frascone.com/mailman/listinfo/capwap > >> > >> Archives: http://lists.frascone.com/pipermail/capwap > >> > > > > _________________________________________________________________ > > To unsubscribe or modify your subscription options, please visit: > > http://lists.frascone.com/mailman/listinfo/capwap > > > > Archives: http://lists.frascone.com/pipermail/capwap > > > > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap > > Archives: http://lists.frascone.com/pipermail/capwap > > > ________________________________________________________________________ > Check Out the new free AIM(R) Mail -- 2 GB of storage and > industry-leading spam and email virus protection. > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap > > Archives: http://lists.frascone.com/pipermail/capwap _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Fri Feb 03 21:52:59 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F5DXn-00051G-Rm for capwap-archive@megatron.ietf.org; Fri, 03 Feb 2006 21:52:59 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA24809 for ; Fri, 3 Feb 2006 21:50:57 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 8F1714300C5 for ; Fri, 3 Feb 2006 18:52:34 -0800 (PST) Received: from hermes.tigertech.net (hermes.tigertech.net [64.71.157.146]) by leela.tigertech.net (Postfix) with ESMTP id 4810C43004F for ; Fri, 3 Feb 2006 18:52:09 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 38F6F80C12F for ; Fri, 3 Feb 2006 18:52:09 -0800 (PST) Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [204.127.192.82]) by hermes.tigertech.net (Postfix) with ESMTP id 909B780C122 for ; Fri, 3 Feb 2006 18:52:05 -0800 (PST) Received: from [192.168.0.3] (c-68-49-199-146.hsd1.md.comcast.net[68.49.199.146]) by comcast.net (rwcrmhc12) with ESMTP id <20060204025204m12007d13ae>; Sat, 4 Feb 2006 02:52:04 +0000 Message-ID: <43E4174F.4070400@cs.umd.edu> Date: Fri, 03 Feb 2006 21:54:07 -0500 From: Charles Clancy User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Nancy Winget (ncamwing)" Subject: Re: [Capwap] lwapp-dtls edits References: <08A9A3213527A6428774900A80DBD8D80165C2CD@xmb-sjc-222.amer.cisco.com> In-Reply-To: <08A9A3213527A6428774900A80DBD8D80165C2CD@xmb-sjc-222.amer.cisco.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Cc: capwap X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: 7bit As far as the authentication/authorization, this came up in the original security review of LWAPP, with regard to the PKI authentication. The certificate itself serves to authenticate the party, and I recommended adding a certificate profile to explicitly include authorization. The certificate would say "this guy's allowed to be a WTP for domain BLAH.NET", for example. Note that this could also be done on a case-by-case basis, where certs for authorized WTPs were manually added to the AC, though I imagine this would generally be frowned upon for large deployments. You might need a manual blacklist though, unless you want to start mucking with CRLs. In any case the LWAPP draft itself includes the text on certificate profiles. It might be good to reference that in the DTLS draft. [ t. charles clancy ]--[ tcc@umd.edu ]--[ www.cs.umd.edu/~clancy ] [ computer science ]-----[ university of maryland | college park ] Nancy Winget (ncamwing) wrote: > Scott, > > I also could only do a cursory security review of the current draft as I > need more clarification and elaboration on the > authentication/authorization enforcement as well as how the rekey > mechanisms work. Once I have a better understanding of those, I think we > can close loop on the security review. I think my comments are along > the same vein as Sue's. > > Attached are my comments embedded in the word-(re)formatted draft. > > Thanks, > Nancy. > > -----Original Message----- > From: Susan Hares [mailto:skh@nexthop.com] > Sent: Friday, January 27, 2006 4:39 PM > To: Scott G. Kelly; capwap > Cc: Nancy Winget (ncamwing); Pat Calhoun (pacalhou) > Subject: RE: [Capwap] lwapp-dtls edits > > Scott: > > My focus has been the interaction of the DTLS work with the LWAPP State > machine. The draft-kelley-capwap-lwap-dtls-00.txt gave no state machine > interactions. > > The draft-kelley-capwap-lwapp-dtls-01.txt draft gives some state machine > interactions, and modifies the LWAPP state machine. > > However, these state machine interactions do not provide guidance on > what to do in the DTLS handshake errors, fragmentation errors, or alert > messages. > > I've attached very draft text to guide you in providing the next > revision. > (It's a word document - so let me know if that's a problem. I turned on > the revision history and highlighted the suggested text.) > > I'll do a final DTLS and security review once you finalize your next > revision. > > Pat and I went through a few rounds on the state machine of LWAPP to > reach the current form. Glad to do an early review of your text prior > to release to the working group. > > Cheers, > > Sue > > PS - I used (lwapp-03, dtls-05). > > I sent my comments from Nancy Winget (Cisco). She may find more > issues with the state machine based on conversations we had at > IEEE. > > > > ------------------------------------------------------------------------ > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap > > Archives: http://lists.frascone.com/pipermail/capwap _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Fri Feb 03 22:02:32 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F5Dgw-000082-9N for capwap-archive@megatron.ietf.org; Fri, 03 Feb 2006 22:02:32 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA25412 for ; Fri, 3 Feb 2006 22:00:39 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 17E614300F1 for ; Fri, 3 Feb 2006 19:02:17 -0800 (PST) Received: from hermes.tigertech.net (hermes.tigertech.net [64.71.157.146]) by leela.tigertech.net (Postfix) with ESMTP id 915FC43004F for ; Fri, 3 Feb 2006 19:01:57 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 816C680C128 for ; Fri, 3 Feb 2006 19:01:57 -0800 (PST) Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [216.148.227.151]) by hermes.tigertech.net (Postfix) with ESMTP id 56DC580C122 for ; Fri, 3 Feb 2006 19:01:51 -0800 (PST) Received: from [192.168.0.3] (c-68-49-199-146.hsd1.md.comcast.net[68.49.199.146]) by comcast.net (rwcrmhc11) with ESMTP id <20060204030150m11005u6n3e>; Sat, 4 Feb 2006 03:01:50 +0000 Message-ID: <43E41999.2030001@cs.umd.edu> Date: Fri, 03 Feb 2006 22:03:53 -0500 From: Charles Clancy User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Philip.Rakity@u4eatech.com Subject: Re: [Capwap] Radius References: <20060202191830.dnno3005c4kkg480@webmail.u4eatech.com> In-Reply-To: <20060202191830.dnno3005c4kkg480@webmail.u4eatech.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Cc: capwap@frascone.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: 7bit Are you suggesting the WTPs communicate directly with the AAA server, and the AC configures the WTPs with the appropriate connection information? Two thoughts: 1. AAA traffic is trivial compared to everything else the AC will be doing, so the performance increase would be minimal. 2. You've broken the keying/trust hierarchy. Now compromise of a single WTP would allow an attacker the ability to compromise all networks that AAA server manages. You can't contain attacks anymore. [ t. charles clancy ]--[ tcc@umd.edu ]--[ www.cs.umd.edu/~clancy ] [ computer science ]-----[ university of maryland | college park ] Philip.Rakity@u4eatech.com wrote: > > I was wondering if it really makes sense in the NON split MAC case to > require the AC handle radius requests. It seems this is over burdening > the AC. The LWAPP protocol should allow the AC to configure the radius > server. > > regards, > > Philip > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap > > Archives: http://lists.frascone.com/pipermail/capwap _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Fri Feb 03 22:23:51 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F5E1f-0006yZ-CS for capwap-archive@megatron.ietf.org; Fri, 03 Feb 2006 22:23:51 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA27351 for ; Fri, 3 Feb 2006 22:22:05 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id E12334300C0 for ; Fri, 3 Feb 2006 19:23:42 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 6003943004F for ; Fri, 3 Feb 2006 19:23:12 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id C0198398078 for ; Fri, 3 Feb 2006 19:23:11 -0800 (PST) Received: from smtpout1.bayarea.net (smtpout1.BAYAREA.NET [209.128.95.10]) by zoidberg.tigertech.net (Postfix) with ESMTP id 23038398031 for ; Fri, 3 Feb 2006 19:23:06 -0800 (PST) Received: from shell4.bayarea.net (shell4.bayarea.net [209.128.82.1]) by smtpout1.bayarea.net (8.12.10/8.12.10) with ESMTP id k143ND1l008567; Fri, 3 Feb 2006 19:23:13 -0800 Received: from shell4.bayarea.net (localhost [127.0.0.1]) by shell4.bayarea.net (8.12.11/8.12.11) with ESMTP id k143N29T007585; Fri, 3 Feb 2006 19:23:02 -0800 Received: from localhost (dperkins@localhost) by shell4.bayarea.net (8.12.11/8.12.11/Submit) with ESMTP id k143N25f007581; Fri, 3 Feb 2006 19:23:02 -0800 X-Authentication-Warning: shell4.bayarea.net: dperkins owned process doing -bs Date: Fri, 3 Feb 2006 19:23:01 -0800 (PST) From: "David T. Perkins" X-Sender: dperkins@shell4.bayarea.net To: Charles Clancy Subject: Re: [Capwap] get WLAN Config message In-Reply-To: <43E41520.5030902@cs.umd.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Cc: Philip.Rakity@u4eatech.com, capwap@frascone.com, mauricegoodf@aim.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com HI, There are issues: 1) as presently specified in the LWAPP-03 spec that if static blacklist entries are added (see 7.4.11) which persist across reboots, then there is no way to find out what they are (and you have to know what they are to delete one (see 7.4.12)). In general, if there should be no persistent config that an AC cannot determine because an AC may lose track, and a WTP may switch to another AC. 2) The Configuration Update message assumes no partial success (see section 7.4). That is, it assumes all or nothing. Some WTPs may not work like this. The responses does not indicate which config element was applied, which failed, and which were aborted. Thus, an AC may not know the configuration after a failed Configuration Update message 3) Failure of Configue Response 4) Modification of the configuration on the WTP via another management interface. In the original example, I believe that it said via debugging the WTP. (I classify this as "out of scope".) However, the WTP may have a console, or contain an SNMP agent. So far, these haven't been classified as "out of scope". Note that solving this issue doesn't look too difficult or costly to me. I'd just add a Retrieve Config Request and Retrieve Config Response. (There are a few details to work out.) On Fri, 3 Feb 2006, Charles Clancy wrote: > Rather than reading back entire configurations, the AC could ask the WTP > to send a hash of its configuration back. Perhaps these ACKs could > include the hash automatically? Then someone trying to verify > configurations could check consistence. If something didn't match, they > could upload the correct configuration. Seems like a compromise? > > [ t. charles clancy ]--[ tcc@umd.edu ]--[ www.cs.umd.edu/~clancy ] > [ computer science ]-----[ university of maryland | college park ] > > mauricegoodf@aim.com wrote: > > I agree that NOT having the ability to read the configuration from the > > AP is dangerous. While I accept the argument that the configuration on > > both the AC and the AP SHOULD be the same, in practice humans are > > fallible and bugs will occur. > > > > I would go so far as to suggest that the AC should not rely on what it > > thinks that the AP has been programmed with, but should always read the > > updated configuration from the AP. > > > > Sorry, but I have spent a lot of time in debugging other people's code. > > I would sooner nip this bug in the bud. Especially as this will be > > more of a problem when the AC and the AP come from different vendors. > > And that is what CAPWAP is about. > > > > > > Maurice > > > > -----Original Message----- > > From: Philip.Rakity@u4eatech.com > > To: zhaoyujin 31390 > > Cc: Philip.Rakity@u4eatech.com; capwap@frascone.com > > Sent: Fri, 03 Feb 2006 10:07:08 +0000 > > Subject: Re:[Capwap] get WLAN Config message > > > > Michael, > > > > How is the AC supposed to know if some configuration error occurs if it > > cannot read the configuration? > > > > Philip > > > > Quoting zhaoyujin 31390 : > > > > > Why LWAPP need this? > > > > > > LWAPP should maintain the consistent configuration between AP and AC. > > > All configuration of AP is distributed with LWAPP with AC. If AP > > > occurs some configuration error, LWAPP can know this problem and > > > should do some operation for it (Maybe reboot AP). > > > > > > So that, AC does not need to check the AP configuration. > > > > > > Best regards > > > Michael > > > > > > > > >> > > >> I would like to go back to my request for an additional message to > > >> find > > >> out the ssid. I think the spec could be enhanced to allow an > > >> OPTIONAL > > >> get_wlan_config message from the AC to the WTP. This would occur > > >> after > > >> the join. This would then allow the AC to know all the > > >> information > > >> that is configured in the AP since there already is a get_config > > >> message. > > >> > > >> Opinions ? > > >> > > >> Philip Regards, /david t. perkins _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Sat Feb 04 05:54:23 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F5L3e-0002QO-H0 for capwap-archive@megatron.ietf.org; Sat, 04 Feb 2006 05:54:23 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA25724 for ; Sat, 4 Feb 2006 05:52:42 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 5EFCF4300E4 for ; Sat, 4 Feb 2006 02:54:20 -0800 (PST) Received: from hermes.tigertech.net (hermes.tigertech.net [64.71.157.146]) by leela.tigertech.net (Postfix) with ESMTP id 7C1EA43004F for ; Sat, 4 Feb 2006 02:53:54 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 6B42980C118 for ; Sat, 4 Feb 2006 02:53:54 -0800 (PST) Received: from alpha.it.teithe.gr (alpha.it.teithe.gr [195.251.240.232]) by hermes.tigertech.net (Postfix) with ESMTP id A0FFA80C10E for ; Sat, 4 Feb 2006 02:53:47 -0800 (PST) Received: from [195.251.123.108] ([195.251.123.108]) by alpha.it.teithe.gr (8.13.4/8.13.4) with ESMTP id k14As2b2000617 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sat, 4 Feb 2006 12:54:04 +0200 (EET) Message-ID: <43E48833.5050808@it.teithe.gr> Date: Sat, 04 Feb 2006 12:55:47 +0200 From: Periklis Chatzimisios Organization: TEI of Thessaloniki User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: capwap@frascone.com Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Subject: [Capwap] mediaWiN 2006 -- Deadline extension X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list Reply-To: pchatzimisios@ieee.org List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: 7bit (Apologies if you receive multiple copies of this message) Due to many requests, the submission deadline for mediaWiN 2006 Workshop has been extended to February 8, 2006 (hard deadline). C A L L F O R P A P E R S ============================= 1st Workshop on multiMedia Applications over Wireless Networks (MediaWiN 2006) (http://mediaWiN.it.teithe.gr) April 2, 2006 Athens, Greece In conjunction with 12th European Wireless Conference (EW 2006) (http://www.telecom.ece.ntua.gr/EW2006) Scope The purpose of the MediaWiN 2006 Workshop is to provide a forum for presenting and discussing recent advances in multimedia systems, services and applications over wireless networks. In particular, the Workshop will bring together leading researchers, industry professionals and academics from companies, governmental agencies, and universities around the world to exchange information and new findings as well as to study the special problems and challenges of the multimedia mobile and wireless environments. Topics of Interest The workshop will only accept for review original papers that have not been previously published and are not currently under review by another conference or journal. Topics of particular interest include, but are not limited to the following: Quality and Reliability of Wireless Multimedia * Providing QoS over wireless networks (Scheduling, Call admission Control and Rate control,packetization schemes, prioritization schemes) * Cross-Layer techniques for multimedia communications over wireless networks * Provisioning, monitoring, and management of IP services for WPANs/WLANs * Traffic charging and accounting of integrated systems and services * Multimedia support over multi-hop wireless networks (mesh, ad-hoc, sensor networks) Performance Modeling and Analysis of High-speed Wireless PANs and LANs * Performance evaluation of multimedia services via analysis, simulation and experiments (voice, video, interactive gaming) * Design, implementation and testbed/experimental results for wireless multimedia systems * Energy efficiency in wireless multimedia protocols Emerging Standards and Technologies for Wireless Multimedia Communications * Performance of VoIP, VoD services and related protocols (IPv4, IPv6, H.323, SIP,RTP,RTCP) * Standardization activities in emerging standards: IEEE 802.11, 802.15, 802.16 * New network architectures and management solutions for WLANs (IEEE 802.11v,CAPWAP) * Emerging and visionary multimedia applications for wireless mobile networks * Authentication and security issues in wireless multimedia systems Important dates Submission of research papers: February 8, 2006 (extended!) Notification of paper acceptance: February 25, 2006 (extended!) Submission of camera-ready papers: March 6, 2006 Workshop date: April 2, 2006 Submission Guidelines We encourage submission of high-quality technical papers reporting original work and previously unpublished research in the above theoretical and experimental research areas. Submitted papers must be submitted to any of the Chairs as a .PDF file and must not exceed 7 A4 pages, double columned, single-spaced format, using 12-point font size. All submissions must also contain full contact information of the authors along with an abstract no more than 150 words describing the presented research content. Organizing Committee Workshop Co-Chairs Periklis Chatzimisios, TEI of Thessaloniki, Greece Vasileios Vitsas, TEI of Thessaloniki, Greece Program Co-Chairs Ilenia Tinnirello, University of Palermo, Italy Andrea Zanella, University of Padova, Italy Technical Program Committee Dimitrios Amanatiadis (TEI of Thessaloniki, Greece) Leonardo Badia (University of Ferrara, Italy) Frank Ball (Bournemouth University, UK) Paolo Bellavista (University of Bologna, Italy) Giuseppe Bianchi (University of Rome Tor Vergata, Italy) Anthony Boucouvalas (Bournemouth University, UK) David Everitt (University of Sydney, Australia) Fary Z. Ghassemlooy (Northumbria University, UK) Fabrizio Granelli (University of Trento, Italy) Ibrahim Habib (City University of New York, USA) Pi Huang (Bournemouth University, UK) Christos Ilioudis (TEI of Larissa, Greece) Alexandros Kaloxylos (University of Peloponnese, Greece) Michael Logothetis (University of Patras, Greece) Vasileios Lourdas (TEI of Thessaloniki, Greece) Stefan Mangold (Swisscom Innovations, Switzerland) Ioannis Mavridis (University of Macedonia, Greece) Georgios Papadimitriou (Aristotle University, Greece) Kostas Pentikousis (VTT Tech. Research Centre, Finland) Luca Scalia (University of Palermo, Italy) Antonio Servetti (Politecnico di Torino, Italy) Yang Xiao (University of Memphis, USA) Michele Zorzi (University of Padova, Italy) -- Dr. Periklis Chatzimisios Researcher in Wireless Communications & Multimedia Networks Department of Informatics, TEI of Thessaloniki, GR-574 00 Thessaloniki, Greece E-mail: pchatzimisios@ieee.org URL: http://decweb.bournemouth.ac.uk/staff/pchatzimisios Tel: +30 2310-791604 Fax: +30 2310-791290 URL of Workshop: http://mediawin.it.teithe.gr/ _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From odellpelh@gfk.de Sat Feb 04 06:46:50 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F5LsQ-00005S-BN for capwap-archive@megatron.ietf.org; Sat, 04 Feb 2006 06:46:50 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA29319 for ; Sat, 4 Feb 2006 06:45:10 -0500 (EST) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1F5M4B-0005Hp-2H for capwap-archive@ietf.org; Sat, 04 Feb 2006 06:59:00 -0500 Received: from user-12ldhi9.cable.mindspring.com ([69.86.198.73] helo=gfk.de) by mx2.foretec.com with smtp (Exim 4.24) id 1F5Ls9-0002Sn-N9 for capwap-archive@ietf.org; Sat, 04 Feb 2006 06:46:33 -0500 Message-ID: <000001c62980$992131c0$4b16a8c0@mountebank> Reply-To: "Odell Pelham" From: "Odell Pelham" To: "Grisha Accardi" Subject: Re: F D S Date: Sat, 4 Feb 2006 06:46:12 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C62956.B04B29C0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: 2.6 (++) X-Scan-Signature: 7e439b86d3292ef5adf93b694a43a576 This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C62956.B04B29C0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hello, =20 Do you want to OVER P A Y for your MED ? =20 Nothing like you need it, S AVE your self over 50% http://www.kankrupo.com =20 V=20 C=20 V=20 l.=20 l=20 A=20 A=20 A=20 L=20 G=20 L=20 l.=20 R=20 I=20 U=20 A=20 S.=20 M=20 =20 =20 =20 $=20 $=20 $=20 6=20 6=20 8=20 9=20 7=20 5=20 ,=20 ,=20 ,=20 8=20 4=20 5=20 5=20 9=20 5=20 ------=_NextPart_000_0001_01C62956.B04B29C0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Hello,
 
Do you want to OVER P A Y for your MED ?
 
Nothing like you need it, S AVE=20 your self over 50% http://www.kankrupo.com
=
 
V
C
V
l.
l
A
A
A
L
G
L
l.
R
I
U
A
S.
M
 
 
 
$
$
$
6
6
8
9
7
5
,
,
,
8
4
5
5
9
5
------=_NextPart_000_0001_01C62956.B04B29C0-- From jutteytomei@chanto.com.tw Sat Feb 04 12:37:22 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F5RLe-0005PW-Gq for capwap-archive@megatron.ietf.org; Sat, 04 Feb 2006 12:37:22 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA24291 for ; Sat, 4 Feb 2006 12:35:42 -0500 (EST) Received: from gdln-d9b80ea3.pool.mediaways.net ([217.184.14.163] helo=chanto.com.tw) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1F5RXR-0005F2-6w for capwap-archive@ietf.org; Sat, 04 Feb 2006 12:49:35 -0500 Message-ID: <000001c629b1$95da9c00$6446a8c0@tripe> Reply-To: "Jutte Tomei" From: "Jutte Tomei" To: "Emmie Colburn" Subject: Re: d ad Date: Sat, 4 Feb 2006 12:36:52 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C62987.AD049400" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: 2.8 (++) X-Scan-Signature: 2beba50d0fcdeee5f091c59f204d4365 This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C62987.AD049400 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hello, =20 http://www.canindi.com =20 C a=20 I t=20 A a=20 L f=20 I a=20 S b=20 =20 k=20 $ y=20 3 j=20 , x=20 7 t=20 5 u=20 V f=20 I y=20 A s=20 G l=20 R l=20 A j=20 =20 n=20 $ m=20 3 p=20 , r=20 3 m=20 3 y=20 V c=20 A u=20 L m=20 I w=20 U l=20 M w=20 =20 j=20 $ q=20 1 m=20 , i=20 2 x=20 1 l=20 ------=_NextPart_000_0001_01C62987.AD049400 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Hello,
 
 
C
a
I
t =
A
a
L
= f
I
a
S
b
 
k =
$
y
3
= j
,
x
7
t
5
u =
V
f
I
y =
A
s
G
= l
R
l
A
j
 
n =
$
m
3
= p
,
r
3
m
3
y =
V
c
A
u =
L
m
I
= w
U
l
M
w
 
j =
$
q
1
= m
,
i
2
x
1
l =
------=_NextPart_000_0001_01C62987.AD049400-- From willoitruong@elc.net Sun Feb 05 06:16:10 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F5hsI-00085I-O6 for capwap-archive@megatron.ietf.org; Sun, 05 Feb 2006 06:16:10 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA29445 for ; Sun, 5 Feb 2006 06:14:17 -0500 (EST) Received: from [85.218.144.118] (helo=elc.net) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1F5i3v-00036p-EV for capwap-archive@ietf.org; Sun, 05 Feb 2006 06:28:19 -0500 Message-ID: <000001c62a45$6d22e030$c634a8c0@wellgroomed> Reply-To: "Willow Truong" From: "Willow Truong" To: "Patxi Dorothy" Subject: Re: 9 AX Date: Sun, 5 Feb 2006 06:15:09 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C62A1B.844CD830" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: 0.1 (/) X-Scan-Signature: 7a0494a0224ca59418dd8f92694c1fdb This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C62A1B.844CD830 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, =20 Do you want to O V E R P A Y for your MED ? Nothing like you need it, visit http://www.sporthailer.com and S A V E over 50% =20 C c=20 I m=20 A g=20 L o=20 I w=20 S a=20 =20 i=20 $ g=20 3 z=20 , t=20 7 b=20 5 y=20 V w=20 A g=20 L s=20 I r=20 U h=20 M y=20 =20 r=20 $ q=20 1 o=20 , n=20 2 c=20 1 p=20 V l=20 I l=20 A v=20 G i=20 R q=20 A f=20 =20 v=20 $ i=20 3 f=20 , y=20 3 a=20 3 y=20 ------=_NextPart_000_0001_01C62A1B.844CD830 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Hi,
 
Do you want to O V E R P A Y for your MED ?
Nothing=20 like you need it, visit http://www.sporthailer.com and S A V E over=20 50%
 
C
c
I
m
A
g
L
o
I
w
S
a
 
i
$
g
3
z
,
t
7
b
5
y
V
w
A
g
L
s
I
r
U
h
M
y
 
r
$
q
1
o
,
n
2
c
1
p
V
l
I
l
A
v
G
i
R
q
A
f
 
v
$
i
3
f
,
y
3
a
3
y
------=_NextPart_000_0001_01C62A1B.844CD830-- From faysal@sawb.co.za Sun Feb 05 15:49:48 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F5qpQ-0000pT-AI for capwap-archive@megatron.ietf.org; Sun, 05 Feb 2006 15:49:48 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA11640 for ; Sun, 5 Feb 2006 15:47:52 -0500 (EST) Received: from dyn-83-156-188-226.ppp.tiscali.fr ([83.156.188.226] helo=sawb.co.za) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1F5r1E-0006kM-TE for capwap-archive@ietf.org; Sun, 05 Feb 2006 16:02:01 -0500 Message-ID: <000001c62a95$a0a799f0$8ddaa8c0@curtsey> Reply-To: "Faysal Newton" From: "Faysal Newton" To: "Indigo Steinhoff" Subject: Re: i news 9890 Date: Sun, 5 Feb 2006 15:49:16 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C62A6B.B7D191F0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: 0.1 (/) X-Scan-Signature: ded6070f7eed56e10c4f4d0d5043d9c7 This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C62A6B.B7D191F0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, =20 http://www.visieworl.com =20 V i=20 I x=20 A l=20 G r=20 R j=20 A t=20 =20 s=20 $ c=20 3 u=20 , m=20 3 l=20 3 p=20 C e=20 I v=20 A m=20 L s=20 I o=20 S o=20 =20 j=20 $ k=20 3 j=20 , i=20 7 o=20 5 q=20 V a=20 A h=20 L i=20 I n=20 U j=20 M z=20 =20 l=20 $ r=20 1 y=20 , n=20 2 o=20 1 h=20 ------=_NextPart_000_0001_01C62A6B.B7D191F0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Hi,
 
 
V
i
I
x
A
l
G
r
R
j
A
t
 
s
$
c
3
u
,
m
3
l
3
p
C
e
I
v
A
m
L
s
I
o
S
o
 
j
$
k
3
j
,
i
7
o
5
q
V
a
A
h
L
i
I
n
U
j
M
z
 
l
$
r
1
y
,
n
2
o
1
h
------=_NextPart_000_0001_01C62A6B.B7D191F0-- From gunn@cwjamaica.com Sun Feb 05 21:42:40 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F5wKu-00034m-61 for capwap-archive@megatron.ietf.org; Sun, 05 Feb 2006 21:42:40 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA05722 for ; Sun, 5 Feb 2006 21:40:48 -0500 (EST) Received: from [210.69.149.175] (helo=cwjamaica.com) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1F5wWo-0001qS-5c for capwap-archive@ietf.org; Sun, 05 Feb 2006 21:54:59 -0500 Message-ID: <000001c62ac6$d66767b0$dc8ca8c0@calif> Reply-To: "Gunnvor Valderas" From: "Gunnvor Valderas" To: "Ebele Tenaglia" Subject: Re: S news 2941 Date: Sun, 5 Feb 2006 21:41:31 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C62A9C.ED915FB0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: 3.8 (+++) X-Scan-Signature: ded6070f7eed56e10c4f4d0d5043d9c7 This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C62A9C.ED915FB0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, =20 http://www.mosextrava.com =20 V e=20 I a=20 A r=20 G t=20 R y=20 A h=20 =20 s=20 $ t=20 3 o=20 , u=20 3 r=20 3 j=20 V k=20 A j=20 L z=20 I f=20 U m=20 M l=20 =20 g=20 $ o=20 1 p=20 , c=20 2 y=20 1 q=20 C p=20 I o=20 A a=20 L x=20 I m=20 S y=20 =20 c=20 $ b=20 3 m=20 , b=20 7 w=20 5 q=20 ------=_NextPart_000_0001_01C62A9C.ED915FB0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Hi,
 
 
V
e
I
a
A
r
G
t
R
y
A
h
 
s
$
t
3
o
,
u
3
r
3
j
V
k
A
j
L
z
I
f
U
m
M
l
 
g
$
o
1
p
,
c
2
y
1
q
C
p
I
o
A
a
L
x
I
m
S
y
 
c
$
b
3
m
,
b
7
w
5
q
------=_NextPart_000_0001_01C62A9C.ED915FB0-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 06 00:38:45 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F5z5J-0007gr-Jj for capwap-archive@megatron.ietf.org; Mon, 06 Feb 2006 00:38:45 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA16505 for ; Mon, 6 Feb 2006 00:36:52 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id A75D64300E4 for ; Sun, 5 Feb 2006 21:38:19 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 6CE2143004F for ; Sun, 5 Feb 2006 21:37:53 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 6056939805B for ; Sun, 5 Feb 2006 21:37:53 -0800 (PST) Received: from sj-iport-4.cisco.com (sj-iport-4.cisco.com [171.68.10.86]) by zoidberg.tigertech.net (Postfix) with ESMTP id 2AD2B398048 for ; Sun, 5 Feb 2006 21:37:49 -0800 (PST) Received: from sj-core-4.cisco.com ([171.68.223.138]) by sj-iport-4.cisco.com with ESMTP; 05 Feb 2006 21:37:49 -0800 X-IronPort-AV: i="4.02,91,1139212800"; d="scan'208"; a="1773615505:sNHT43346896" Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-4.cisco.com (8.12.10/8.12.6) with ESMTP id k165bmQJ021645; Sun, 5 Feb 2006 21:37:48 -0800 (PST) Received: from xmb-sjc-222.amer.cisco.com ([128.107.191.106]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Sun, 5 Feb 2006 21:37:48 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [Capwap] lwapp-dtls edits Date: Sun, 5 Feb 2006 21:37:47 -0800 Message-ID: <08A9A3213527A6428774900A80DBD8D8016D8DA2@xmb-sjc-222.amer.cisco.com> Thread-Topic: [Capwap] lwapp-dtls edits thread-index: AcYpNf4npoBm+/W7SUOjoL0VnQJJeQBqK0oA From: "Nancy Winget (ncamwing)" To: "Charles Clancy" X-OriginalArrivalTime: 06 Feb 2006 05:37:48.0374 (UTC) FILETIME=[76ACAF60:01C62ADF] X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.374 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE Cc: capwap X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable Hi Charles, Thanks for the clarification, I had not implied that the profiles would carry to the DTLS draft; so I agree, its addition or intent should be noted in the DTLS draft as well. Thanks, Nancy. =20 -----Original Message----- From: Charles Clancy [mailto:clancy@cs.umd.edu]=20 Sent: Friday, February 03, 2006 6:54 PM To: Nancy Winget (ncamwing) Cc: Susan Hares; Scott G. Kelly; capwap Subject: Re: [Capwap] lwapp-dtls edits As far as the authentication/authorization, this came up in the original security review of LWAPP, with regard to the PKI authentication. The certificate itself serves to authenticate the party, and I recommended adding a certificate profile to explicitly include authorization. The certificate would say "this guy's allowed to be a WTP for domain BLAH.NET", for example. Note that this could also be done on a case-by-case basis, where certs for authorized WTPs were manually added to the AC, though I imagine this would generally be frowned upon for large deployments. You might need a manual blacklist though, unless you want to start mucking with CRLs. In any case the LWAPP draft itself includes the text on certificate profiles. It might be good to reference that in the DTLS draft. [ t. charles clancy ]--[ tcc@umd.edu ]--[ www.cs.umd.edu/~clancy ] [ computer science ]-----[ university of maryland | college park ] Nancy Winget (ncamwing) wrote: > Scott, >=20 > I also could only do a cursory security review of the current draft as > I need more clarification and elaboration on the=20 > authentication/authorization enforcement as well as how the rekey=20 > mechanisms work. Once I have a better understanding of those, I think=20 > we can close loop on the security review. I think my comments are=20 > along the same vein as Sue's. >=20 > Attached are my comments embedded in the word-(re)formatted draft. >=20 > Thanks, > Nancy. =20 >=20 > -----Original Message----- > From: Susan Hares [mailto:skh@nexthop.com] > Sent: Friday, January 27, 2006 4:39 PM > To: Scott G. Kelly; capwap > Cc: Nancy Winget (ncamwing); Pat Calhoun (pacalhou) > Subject: RE: [Capwap] lwapp-dtls edits >=20 > Scott: >=20 > My focus has been the interaction of the DTLS work with the LWAPP=20 > State machine. The draft-kelley-capwap-lwap-dtls-00.txt gave no state > machine interactions. >=20 > The draft-kelley-capwap-lwapp-dtls-01.txt draft gives some state=20 > machine interactions, and modifies the LWAPP state machine. >=20 > However, these state machine interactions do not provide guidance on=20 > what to do in the DTLS handshake errors, fragmentation errors, or=20 > alert messages. >=20 > I've attached very draft text to guide you in providing the next=20 > revision. > (It's a word document - so let me know if that's a problem. I turned=20 > on the revision history and highlighted the suggested text.) > =20 > I'll do a final DTLS and security review once you finalize your next=20 > revision. >=20 > Pat and I went through a few rounds on the state machine of LWAPP to > reach the current form. Glad to do an early review of your text prior > to release to the working group.=20 >=20 > Cheers, >=20 > Sue >=20 > PS - I used (lwapp-03, dtls-05). >=20 > I sent my comments from Nancy Winget (Cisco). She may find more > issues with the state machine based on conversations we had at IEEE. > =20 >=20 >=20 > ---------------------------------------------------------------------- > -- >=20 > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap >=20 > Archives: http://lists.frascone.com/pipermail/capwap _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From co@btinternet.com Mon Feb 06 08:21:47 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F66JL-0005No-HI; Mon, 06 Feb 2006 08:21:47 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA17589; Mon, 6 Feb 2006 08:19:54 -0500 (EST) Received: from [222.88.102.174] (helo=174.102.88.222.in-addr.arpa) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1F66VK-0001Af-19; Mon, 06 Feb 2006 08:34:11 -0500 Received: by 10.11.98.0 with HTTP; Mon, 06 Feb 2006 07:20:11 -0600 Message-ID: <277d070i.7337814@yahoo.com> Date: Mon, 06 Feb 2006 07:20:11 -0600 From: "Gabrielle Ashley" User-Agent: Apple Mail (2.728) X-PGP-Key: 1vIjiMcEzxtR3b2b65jAij52oPaSpC3R8KRXwSchvlLJU1FPtHP3CdD51fnFvZyb== X-Load: 86% MIME-Version: 1.0 To: bridge-mib-admin@ietf.org Subject: Notification: Loww ratess Content-Type: multipart/related; boundary="------------AttPart_04237163==.OLA" X-Spam-Score: 4.4 (++++) X-Scan-Signature: d890c9ddd0b0a61e8c597ad30c1c2176 This is a multi-part message in MIME format. --------------AttPart_04237163==.OLA Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit
may elijah may cardiac , divisional try birthright on infantry , paperbound but portal or monic some salesgirl it's ehrlich ! catalysis the eerie and constantinople , gladiator Or maybe not

--------------AttPart_04237163==.OLA Content-Type: image/gif; name="cezanne.8.gif" Content-ID: <5.0.0.61.0.25238084745612.08075255@radiophysics.yahoo.com.0> Content-Disposition: inline; filename="cezanne.8.gif" Content-Transfer-Encoding: base64 R0lGODlh5gHOAMQAAP/////MzP+Zmf9mZv8zZv8zM/8AM/8AAMzM/8zMzMyZ/5mZ/5mZzJmZ mZlmzGZmzGZmZmYzzDMzMzMAzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ACH5BAAAAAAALAAAAADmAc4AAAX/ICCOZGmeaKqubOu+cCzPdG3feK7vfO//wKBwSCwaj8ik cslsOp/QqHRKrfIalKw2K9FCINkEaVuCSMpeVPc8SmjZIrBXDMButxI5BdLWSxoidncUVoWG h4iJQglgeV8Uf10UDQ2SdHVrJWEklZCAJ3ZwAHKfbnuPWYBYX41fEpGpgVmsWgmMkLSiiru8 vb67kCOUAG6fAFwkbpejsyXFKqGchCKvy3KMfMSTwtqlwSRdn3sj37/m5+jpRuVt29TIIspj cs7uKWmysstxew10z8ncgTnxR8S4QMbUKVzIsCGLb2DEAGTWiNylgeECJjyxJ2Odaa9QsJsY z93BEv4M/2Yb6LCly5fpBpU0hvEghUvjsIgiyRFCgoxYqOka0UVjPXHZ7t0RNhSm06dQl+Ci 120Ey4w3+d0xxtPEOFMJggIoSnCnvZkGm45xRHZs1qhw48r98a1BtoksTWGhM9VMua6astkR C2ajSqOI23LKdtBuG8NzI0uevIId2nfCajHjuqmqipN6ZL21epYnwIrJCh5L6kYt5dewJ1v+ yObnNNG2sqBhg4WmhGU6wel+d9B2UlnHaRP1JFoc7y58KsWeTj3uFmOCbl4nbapz90mD2GUX TkIPPtLNRG+yvdVgeDFd9lWfT18dK599WI1iZW3/l/L83ffFRtj895gJ94HCCv9XCeYHQUIC fvEPZPVVaOGFGGao4YYcdujhhyCGKOKIJJZo4okopqjiiiy26OKLMOKgWokGplBjEj9RWMhP 8sUYRXd2caGFe67pEAuNJxGUJBJHKgKWjzvWddNeJfXowoyf6biEdL7caNVKyTGpZRXy3IAl lDlQOZYrwoQJw5lqjJkEl714GQeYTcB5SJk26IlmDW4IBsklv60QloxyxnAoDG7W2eiXeSaq wqM+8CkEpTJg2iFLx8DBCAt+vinpC6GCUqQidpahaRClsuDGEZYC8aoOdJZ42m2FsreRIGfo lFWhH5Ujh0epxcIesD8Nq16vXPwjiT9bhFVbHvAwM07/UnagQokkK21jigndhZUKMoOZ8axV nxhoG7DCfbNuWIAMa1i41PhVnCSFFqYNSFoYU8uQggDy7WayxBcQHQG79Ucs1VJDh7lHSjKJ rgXfRDF7uWlWYkhuCcxGQTyWoJoko3QiBpf/mXFZG4VWI9CUxuZBTSkfewxfr7wFMxgxMlOp r1VsmFGJRByrNusYd45yRo71Kn1yVj//F3KtdQj8Kx/fyvzRRtMYyHFht8LnTUngejuJGURH hysgJD94sNM8+7QNl5YanMlHZM/MM3slg/ybyj2f6mFvdg3k9ndnjYWdKFAvNdqZN9YK8m0q K95HLF7SSTflzIpReTts25XQ/69jI5iJPBxDnZQ7qv2X3WiBXLNaN0crbfo3M+Yheeh51w40 JsdcEtTRqlFdZfCZ7ffRyWG+NWNWsyKuSm1bhXKy4B5C8lsx1KswY62qa2IM5Mftrg1TeldV UOZwbI4+e4k7fcaNpOcjcnRBP5gHNkmn3zr+KagEILLCK20ITxeBS99+zFe8afhuJm6zx6uI 9wnjGfAYnDHgJH4DO4PQ4XkSceBt0Hc+Z9DDgiNaxTvGV6hhgANbjFOFt85Qja2hZG7ayVkI f7emQCwtJziUFgmPprIHaqIgKrQd3BRzQY6B5UnKM8gntFbEg7BLeb2JIlFyhSXUfYx6udHh EkXYo//gEKyHz0iiBZ/xM629Yn5LkmLT5FimGg6DTnasBLOAp6K31IpiN9wDveSgtkHxLBXQ CSQXm+WeiZFrFutSofX2xUHd9MsUlWxY8pblLE8MZzkL++Ico0GKUAjikFfc1yOC1K9DNgmU wYEEI12JrDXY4R2pxCB6QJMKMMitM8vZhh5YQ8AOWutByCCFwmxxLnpRDF8hNOSf6PM8w7hQ IWJRYhWwN81uVuEgEalHQ6iULCukypvo3BE0TaA1hgzTCrFKpzznSc962vOe+MynPvfJz376 858aEuAPyukEgf7AoEpalazaCVASjecYrZTBznpgCoUCYaI9wKjI7qaEijb/1ES3kJI0FUWs HdzCogMt6Q46ARnpoNQHvmwIQz96BDO2xgZZpMtLfZBTnsavh1CI4zkCBaWd9sComeBYDXra A6EigakscFsLoHqYoBr1BVKdQVZZkJIYGRFWI3yTLK30Aqoa6aor/SkKAAOKnzo1CW/FAVtd pdYQ6RGRTUpYHN4IP0o0q5DAetanCAmuV2wDX8SZ2LkMldc3eG44r6yYNNnDh35FA7FeMexJ MOuWcrwxslqZ1pFyqtdjdVY3pcVX4rLjE4mxEJg+5IIMf3UvjpLjLq7tLGIt28pnkiE1p+NW YgkxLPkwjRmcRY9mW3skysbDsMwaaRVkpy+fcbGy/8HYnghl+JuaKTE+XkuIHcLyIKvtUG8h W0FbdOIXnHUtftlCzSv8covthQM6MdXEKZqB33H0F7v77WBrMjJfoJgtD0VpDSlaAS0ET2MW fiFQK4xDiu78rCQBZmYxAWuwebxDWzrpBB8awd6iQCcYDJaG9m5S4MbpbhWoGcNhuRDhQPp1 gw5mm4PFteIBx/UJ7vMg8uw3o+gFkRjKrJzM7qCL2rHyvNKLKq7aJ8ztmiCnZIEYbcOIuLDO ThuZ/NdSUAPV79w4DVk0z9mg55NbXYe08SNqT4tSkY1wSs5v+Up1vaK28RGiKJJc83Uk9sN5 7VnLIZziHfZRXbIQFQ0DRP/mFkasWVvsedKHCDLyJAiSDCYWa4e1GiPrejSBQk+EMeDUX6q8 ssyki1+GfVqsFTwgPm+R1g/CNVJarZV+nKLWaf61T8IJOn7c5xYIizMQafJgN3FqdmoqjlqX TZqtWQLFwtZwGAAzkTUYDCB9CdOtbssR8Pj1PmzrsWeCNZspaLrKU8xGO+so3h8CsDy5Sk6Z XGe2D7YwXo9qSyI7RjCV2pAZYsiu89ITi2ySo4XjaDghJJ4WXhNOkIZUWaA/hkxmcVBQHNcJ fJQNaiR+o90i/4jaRuwuod60NdwlTidwyPFBxefR9VgdDU8t76+cadwVvzIyWuO5Myg8hHcZ lG7/6O1DJnSnsxR7J7tBCT/7elLS6SGsfs2233RbXSAUita+8PG6JXlBEF2ebWYi2g48qAeH rQyNcNeOObGngdDDzZhu8H7a8zQSjmLXg3wk1nImn5adQ1Jzsj0ezGC4/TsiGxJEr/Od74QJ XwFTFuJfrZlBzJwQlidYEju8kM/N9ILLa0KD7rTVwu2H0QMqEJKjg5+qJUNCJ3hQrfNzCWwg TD+FS0iBhFejBcVOvDVy/fEXA/Bd7b5w2NKPgrbqe9HVYfeLkSr0y5Au4Ggf+8rPfilch5/w Y1/8ww9+7kURfv7ZhbxSNX4guBGPUaEqZ/NiHTdpyv+l1lVDfYUCvEJW//1XgDbwSQaYgAZ4 TQrYgA74gBAYgRI4gRRYgRZ4geiQXuBgf06HVjhCehm1f3yUURyIKh7IIYLAGJpEBFBEDv8X BXpVHhfRMO9yAjX4XCN1gwiigVfQbgLogzYgL+ykYuy3gqonVKdHIrYBDiJoUsb0gkD2N76j JodzL4dUWFfIM1n4E1mIEiUYA5tDgCOoA69ACY5RHrfhGDd1fWA2BanSKiDyaFy4BPEEh07w B59SD8ZkILXHE30oTP8AiLw2FmKIA2G4AihUA1NiTZ9EZfCRGYVoBG/4hRmSRblkBHX4hYsy BBJyeWpSHuKAb5ogiiOkMqU4FMYUgrlXHiS0A/+TwIA8Ixbgoz8epnqQwk6UmCG+lItyZUx2 iItFgEnIN2Tg8FzSkBrSMIf6UIT1EIk4NRRHU2pNyFWzNDOzcoZ3go1apAR0kiq1xyIncSyy 9g7ygXa09FiidjzWYnCCxXJApEniuDPNsljmkkuaN4cd5EIOt48j1Bv9CB7HSHeEkFq2FSyL lI/Tklifty04CF+MhEnGtVhq2DXHYQY38jmiYY/QNXPCE1E/sU6Vp2U04YwgYjQvU3QWgRJL sz8naTklJA+V44cfcxPh5ZKIERFaowx+g0mECC5ywzZ8oY3Y0o/MyBT7uDCc0GRQc116oYxa aDmAkxzSMTDRmIbexYP/c1gQLNlSfsVMVcImX4KRN5KVG3E3NZRlTJkeHNONEPcwL1I8ooBE cNBBZ8FApSMPj2NnHDd5yAAnu8NG0LIdoTJYWHceXbVu2jgR72cPi4kd+pYVoyEWqRhSs5VK QVaV79Met1d30iUMoaNmr1iKfgWKJgRacGk/kflgydZ0/aNLMXKaRDE9KTkG9baBLikWeDk+ BOJYrhmbVxaX8bIHoOdlgzliyTEamxh0JXNE6NIpzSksu5lwnmZMz2A0VDFEqJY3wPNV6lNB +eWFvfmS9mAx47kM1WkYsDkrnCZkJdSNSfGLJJKTUvI06IgGN7OG1jVyaGFHq6ULaINkQBUQ /2KkF0JxMmzjJhODTPswGtgiQ/e2ljmRM/cmSdDYOPEmRyqpDXwQEg6XekYWiMl2n7aXmZVl nKkBL0qlnfrCh8IklfbGToIhRm3EGBU0De5JDlNEktkDD+IYTASKhobUo6h0S4L1LAP3dt3S GOnBMtX4ORRzSoHUmUNmHlQ2WX5UjZOUkfIRd/igeUy6MPZyReFyLmswcguzbYv1pavAm0Da mbXjpetYWFdHhE+nGVInXLUgjMkUC5eIgWt1pToqK42Siox1IrConX46GQCRok2Qh2TIi9Vx qIlKHQM4qZZ6qZiaqZq6qZzaqZ76qaAKqgFAAAPgA6Naqk4gAAUgAP8FmIgMYRuBCiBQ4aou MAAHcKu3agCsygIBcKuougO9egC/GgMFgKu3uqoyIAC3uqtHEADFegDMKgLKaqwHUADD6gPK GgC7YEZO0Vqx+mFPwa0wYA8CQADVOgDmCq28aqvXigMBwK4i0KvRugKqegCk+qzaCgPlqq5I 8K62agAlMKrnOgC2egAGkK/Yyq+KQKvq4ELx1AJJ6BAMyxHL0KuoqqztigLC+gMbCwDKOq/0 yq+2CrIs8LFMUAAFcAIdKwLmmrI/IK+8MLHogCyEugLnNE7TSIwi0LEm2wIrywMr+6sCkLEl 0LO2irAv0LNJoLQk8LMAYK4kmwMHkK8uqwP/Q0sCVbtUOStR33oDNYtVJ4gDFamKU4UTJkCt BYC0KuC0OsC2AGCtJUutBDADTHsEcKuy12qxQLCrAwCwO3C3ANC3hri1MfC1A2W4LXCzwWiV ZPsQZlsC9kqwxeqy06qwBVusGVuvG+uskwsAzrqsI3C5PHuwgWusaksCGEuwBmCvInC5+SoA BvCsaSut0Fq5AcC51Tqt2oq50loA6aqr8ZquBFC5BaurWQu57Rq7rYurQru6wPu5Iluttzq3 qGus89q3z4quvhq6x6qtBbus1vu00zsCBFAABkC6pqJcXiePI2FYlflYzUBYGOMMi/WRcKcL 48GF/XJJZZqRp5cs/9UipElppM21WK4VLTdYj4TiSdsgW7JUDpP0TkMRtNBqsdgrApirve2q rKQKvtVqrpyrvayaweZaqrrrsbE7AFFLu8xarAEAuwS7sZervdT7sbZqrdPqu1MLwihswrka w1MbACm8rJhbrypMtADAtr4rvvfKur16rwBbwtX6ttM7AMUarapqAARbAsLbt+e6uqwKw/AK uzicxVtcwuwarMKqsBkKVL2RRmC0duRFluwZXlEpMk8TLOSFMo8ZTeQ4NFODMx8klTEDaq9m DZtQXb+SxyXER4EMUTTUe3MDRuQ0Q+nDoGf7qxbrr87ruSurxJQ7AO+qrgJQub6qtztbqv8C m69aHLfM+rHlWrAmzMNv67eVu6ujHMYeO7Ui0MoCu6s2zMvv+sKsW76eu8JOu8krC8Lfu6zp OsVZHK9OK7gmEM27rK0mG8vbCwCt3Lp+q8a5GrgGMLcrPJWniEUE9JibaRJ8gQdZmpTDQURL 8TaNbEavc1zbqKI4Y5tJqZ1+RDL1nDNipyf8xjwjqC7KpLOZPALyKsTCar67zKxsq7wkALO7 TLAEW8oKy7O8zM1IPAJKm63T2rcX29HUrKyTm68Wfc29XNK4DK1HWwJX7LbIWwJHi8rXzK4Y fbvPysvU7NE27bcmcNLCTMq+2s3dLM7STKoZ3dKI+EMHpEFDI2D/t3Ge7Jk4IVUG2qWij1Im 0QgUCJQUdiKNY3gm71Z0uaGdXGI8eqIMGyQPN2rVCl3RrOu5LmyyEN2rwAuvXCzDworKvTq7 VqzXrMrX2drLVQvR1cyvZFy6t1vXh/20tgytLcuqOI2xpVvDHQvCHLzLKRus34y+AVutr1vC vayuzgqwnf202Pu53ivU4xzUKEDU2qq3N13XFK3UvQy8yorYkHhDInpcb0QRZYMwL+qa/8kI HBpW60NGsuAxzZg3EZEsj/YbWYRz7fA7+ImQ/sw7efHPJSFv8NEow51f2eQ6x+0OTpnE1Ira 7V26uXqsAbu68v2sfvu9pIvf8o2rI4yr/79ctO1NuqZM2sxru7havsdq39Kcq6ubsgOOqj2N vobttu0NurQbvlQs3/QNzfx9uSTwvVjs3/xN3yqMthk+tSBuyoXt3wo0dtrGafTpFTEzp0nG X9XYHPERUe/cSOn2wJXUXdJESDHG4zwpwBj2Z2HwLINhN4MCkTUIpdFdyWFgPbZ0LanAgxiN 0airwoF7sVs8tCTb1B4r5mM+rENrwlyO0ZZNsNjMxp6b5VwO0ir8roWd0f5aqmrur6VM5v76 wlyeuqK85Wbe0R4723AOsneOtGAurWKe6Gd+vXHO0Du9048+5gJA528e6F2Oy2zO6Fvc4qFa IbldBXWLAs760f8Woo2hXiGXbgi4erwnMLKrPutwoeYlu8K0nuu6vuu83uu+/uvAHuzCPuzE XuzGfuzInuzKvuzM3uzO/uzQHu3SPu3UXu3Wfu3Ynu3avu3c3u3e/u3gHu7iPu7kXu7mfu7o nu7qvu79tAARMAHwHgELMALwXu/1vgAOYO/6Pu8noAAToAL6HvD1Lu8jsAAC/+8PIPAPgAIO 8O7xzu8AYO8k4PATgAAFT/ERoAAi4O8HHwEJH/ALTwLwHvIiYPDw7gAjgAD5Xu8oDwAfPwEr r+8AsPIPgAAwXwIjTwImf/MjEPMwb/Ep4O4sD/Q9b+8OAPQrT/QRX+8l7/Atv/MtDwD/HD8B DzD1ETACFB/wRN/wE3/wE7Dz/37xA6/xUg/vEO/y9a7xBk/2JZLvEeAADc/0ACD0cB/3+P72 cV/3b48C7372JSD0DwD3fZ/wb+/wQI8AhA/3hD/374737x71XY/3LF/yOV/w8Y71E+D4Jz/3 MA/3mS/48t74gs/zRU/6iA/vZG/yih/vCCD0EaDyJ//4AIAAfW/zfr/yUX/6E0D2Nt/5Mc/2 JSD6cU/1ItD7dZ/2Um/4Yn/1Bv/29Y4AtJ/5bB/9X6/7EB8Bmn/8bA/vRI/9o3/8Qk/6wu/0 s+/wEO/6Fm/wSi8iBg/5HA/06k/5CpDxlH/4wD8CHH/1Qb/7/8UPAg4CTA8AONNyniU7RSei ypPDstGk4MtEoyaj3u6k47F8KscNMFudVs9aE5cCGk1OGA6gi82EwVTMCMayrtBsLjI8Xd+s B9pXjritv+GvXBvR5YiRVL34ubzMTSQNXVUtngRGjXAZFSX9QOkMtkD5yHWFio6Slpqeoqaq 4uCFzgx9ytysxZZGPByR+iDhIE69aAEsQP2igM4URlWmgO5urWFGKAwV16yJuP5gOWi1huqs 6DRpExfN8LKEbWvV6iUjh/oIc6bZWFZuAV76QCH2HgYTpkiUjR9JBnbxhUZZGSWcIniCtGoi xYoWL3apxkjZCHhEQHVRIMRHwC7OZv9oQaRDDiJJz8zEoydoBDOTRdqxkvgSxy9vGQsO4tYi 2QmRN0RCIjOnzKtsceB085NQ6jyQAn1OjVTw0AglEURgI1GSBMBRLut5WQjgbAt2Mi0pU2ok Isa6du/aFYkurcF52ux9tFVmzyiHP8b9BfW375a/VINYrVmTCI8UhTlpVNdH1BOkNFMSbWtJ SqVibzsTFurlMVw9gkfp0Jp2XKO/j8bi89eFLSEAIh/zRmRZVKxPciEWZY13OfPmvhcuEBeX G2BMVosurm7zgQPpZNVMZRK7xle5eqzGmoyp8tuq6RbOKI+PJw07KFIqB2xfyYruvTjXx4Vq 431DlXrf6MT/ShmSgEOCHN0dJlpWEobC1hV/7RWcFgda594XXkChgHLOkVjiRPHFBEtQe+HU hThM0JHgenAg4cJTwERRxS/DxDRWEBzZ1JVubdAHzU48ZgMFGQO+JdIaP4j4YR0AKgmDaikY SWFcoriBJUFaSBJGLP6gKFYoufm4VoJWijefmme65aM3tYiDnBNZmpinnqY0GJh7cFzyZyhG 5YSnMwl1Mx+ZXBTjQzIR0ueWkSu1AJ12mWHh6E9rbLKhm2npAeUXMlIpCCKedZHCXiQECuhz Mqna2qtiUAoTqETcZpZOsdZAj4YvWNpELQhsgueexyL7Uwkq+lETAjG+QYexuUQj/4qX9DG1 WQsNSeckoJbCgIR9wBKjQzBKPFAbVZri4G0QC6VQiLmC2BkdGmHEoEQhIoEUb07BbNIEsUMq A9jAd0A6sBYDEyEGGTQB9nDB1OATnSaDhJHqfLWSh8mygPpBbWNKjpisySUi9dc12VW3iVou P6nNg9pIpbJfKrAsRMqOcZldHiyIuNi6Pmv8QzA701w0Piil4zI5FQJBWD1GXugH04osFlrB jkWb3SPa8OKs0DjEaHNj2VVKWGK99rX22UAYpi1f1fFjyXUn4+3cAkwkowDffEOzNxMgCR6W MHzL4TcT0Pw9hOIo/D24E5EzAWAJSROHeGGahwR4OpQTpf+4A9AoYCQCnnNWBZI9DIp6UVn+ jUrhkfGdKudw9MDEqpCPbnvkadTOeyGxC2/F7YdLngTf6CxAjbF5Qx+99M3VPTAMd0+fvfbb c9+99xYhEL7445Nfvvnno5+++uuzX/7e4194ffvz01+//ffjn7/++/Pfv//ify+AOGAAAQto wAMiMIEKXCADG+jAB0IQDxGAIAUraMELYjCDGtwgBzvowQ8eUIAiHCEJS2jCE6IwhSpcIQtb 6MIXwjCGMpwhDWtowxviMIc63CEPe+jDHwIxiEIcIhGLaMQjIjGJSlwiE5voxCdCMYpSnCIV q2jFK2Ixi1rcIhe76MUvgjGMYhz/IxnLaMYzojGNalwjG9voxjfCMY5ynCMd62jHO+Ixj3rc Ix/76Mc/AjKQghwkIQtpyEMiMpEYSYAEEqDIRwoRAhSY5CQbWRdKUrIBJWrAJB0JyU/6kJOO ZCQF7CIBCQCAlJokUQIo4ElQwjKHrXylK+vSAFSeQAKrdM4sY+nLG/YSAA2AgCoa8Eoc3JIF uixRMH/pzBi2kpLLTEUtQ5FMYeKSldV8JjdbGExOElOYlczlJDUpyUmGkwWcHCcy2UnKRjbA mJT0JCcl4EpSUsCejlxnNrvpzxE2k5PYPAEEICBKSZ5gm8hEJTjVicuCAkACxIwmAEoJAIja s5QGlegJ/0RZ0Xgq9J8i7V4zW3lRTLoykwk9pkPJucpzUrKiE6XAS+2Jy2sK9AS9zGg6R+rT 7QVUoz1NJQT0WVGWdhSX0XQkRNvJTo7i9KYWTWU1i0rTn2I1e61cJSM1yUlNMlKSCejlVUNx SnXmMwFfTSUqm6rTWp51oAm1pFjXStOwZjWvJoumNHfJT7Wq9KRlJWhg1wnStAq2nBHNZz35 OkqbRnOdFAhnTvVqWR1WtqjLueZlO2tDj+IVLyH1LGlhCNOhlja1ql0ta1vr2tfCNrayna33 murWU1yTkUilLW/zBNNKItWexBRuFySLSZCicqm9Xe6xQGtPFtg2nLd9qye3Kv/XYE6Tudpd TjOrKt3vimKbV81tNbO73fMusprDFEV0w4tU8u4WvfKlCF8Zy17whqK8lFXqaOfrX1V8c7IE fSl+u4DS/VI3l57MqFJPCdz/+jeoJyUwQVF71FwimKqONGo8NRzNcMYVwugtqUWn2d78vpe/ nlTvOVdMz6mKeLsSjiiFL2rhbW4VvivFpiarWU2Txvi81mXrKjl60Yf2862rXKc4R1nWq0J0 rR/tKIyD3Nv62lecjM1kTFZQmG46NqPDROeHJXlLdFa0k1ZeM5vLxJ83wznOcp4znets5zvj Oc963jOf++znPwM60IIeNKq9TnhDIzrRiIwvXxvt6EcGQzrShAwBADs= --------------AttPart_04237163==.OLA-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 06 10:03:54 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F67uE-0005iQ-JI for capwap-archive@megatron.ietf.org; Mon, 06 Feb 2006 10:03:54 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA25244 for ; Mon, 6 Feb 2006 10:02:07 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 1B91E43011B for ; Mon, 6 Feb 2006 07:03:39 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id E1434430077 for ; Mon, 6 Feb 2006 07:02:58 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id C5B4C398086 for ; Mon, 6 Feb 2006 07:02:58 -0800 (PST) X-Greylist-Status: Sender first seen 11 days 23:15:11 ago Received: from nj300815-ier2.net.avaya.com (nj300815-ier2.net.avaya.com [198.152.12.103]) by zoidberg.tigertech.net (Postfix) with ESMTP id 01B8439803F for ; Mon, 6 Feb 2006 07:02:54 -0800 (PST) Received: from tiere.net.avaya.com (tiere.net.avaya.com [198.152.12.100]) by nj300815-ier2.net.avaya.com (Switch-3.1.7/Switch-3.1.7) with ESMTP id k16Ex0f0012429 for ; Mon, 6 Feb 2006 09:59:01 -0500 Received: from cof110avexu1.global.avaya.com (h135-9-6-16.avaya.com [135.9.6.16]) by tiere.net.avaya.com (Switch-3.1.2/Switch-3.1.0) with ESMTP id k16ExoQH005860 for ; Mon, 6 Feb 2006 09:59:51 -0500 (EST) Content-Class: urn:content-classes:message MIME-Version: 1.0 X-MIMEOLE: Produced By Microsoft Exchange V6.0.6603.0 Date: Mon, 6 Feb 2006 08:02:53 -0700 Message-ID: Thread-Topic: CAPWAP protocol Security Thread-index: AcYrLmaNKjDFKRRqRb+Y5bKYZ9k2GQ== From: "Mani, Mahalingam (Mani)" To: X-Scanner: InterScan AntiVirus for Sendmail X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.19 tagged_above=-999 required=7 tests=HTML_90_100, HTML_MESSAGE Subject: [Capwap] CAPWAP protocol Security X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============0739395129==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com This is a multi-part message in MIME format. --===============0739395129== Content-Class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C62B2E.678A3A5A" This is a multi-part message in MIME format. ------_=_NextPart_001_01C62B2E.678A3A5A Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable On suggestion from our AD, Bert, we have approached the security ADs regarding our current deliberations related to securing CAPWAP; and seek a security area advisor for the WG. =20 We have received a response from security area ADs asking for a presentation at SAAG (security area directorate meeting) during IETF65 - on background, problem to be solved and solution(s) proposed hitherto. =20 One of us will be discussing this at SAAG. Volunteers welcome too. =20 Regards, -mani & Dorothy =3D=3D=3D=3D=3D=3D =20 ------_=_NextPart_001_01C62B2E.678A3A5A Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

On suggestion from our AD, Bert, we have approached = the security ADs regarding our current deliberations related to = securing

CAPWAP; and seek a security area advisor for the = WG.

 

We have received a response from security area ADs = asking for a presentation at SAAG (security area directorate meeting) during = IETF65 – on background, problem to be solved and solution(s) proposed = hitherto.

 

One of us will be discussing this at SAAG. Volunteers = welcome too.

 

Regards,

-mani & Dorothy

=3D=3D=3D=3D=3D=3D

 

------_=_NextPart_001_01C62B2E.678A3A5A-- --===============0739395129== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline Content-Transfer-Encoding: 7bit _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============0739395129==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 06 10:09:20 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F67zU-0007rA-CE for capwap-archive@megatron.ietf.org; Mon, 06 Feb 2006 10:09:20 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA25743 for ; Mon, 6 Feb 2006 10:07:14 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 035B443010B for ; Mon, 6 Feb 2006 07:08:55 -0800 (PST) Received: from bender.tigertech.net (bender.tigertech.net [64.71.157.153]) by leela.tigertech.net (Postfix) with ESMTP id AD8E0430063 for ; Mon, 6 Feb 2006 07:08:13 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by bender.tigertech.net (Postfix) with ESMTP id 7BE5E1CD8712 for ; Mon, 6 Feb 2006 07:08:13 -0800 (PST) Received: from [10.25.120.204] (sj-natpool-220.cisco.com [128.107.248.220]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by bender.tigertech.net (Postfix) with ESMTP id 99FBE1CD8119 for ; Mon, 6 Feb 2006 07:08:12 -0800 (PST) Message-ID: <43E7665B.5080102@frascone.com> Date: Mon, 06 Feb 2006 09:08:11 -0600 From: David Frascone User-Agent: Thunderbird 1.5 (X11/20051201) MIME-Version: 1.0 To: capwap@frascone.com Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on bender.tigertech.net X-Spam-Status: No, hits=0.0 tagged_above=-999.0 required=7.0 tests= Subject: [Capwap] Administrivia X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: 7bit The message body cap has been increased from 40kb to 150kb. That should allow most drafts + edits to post successfully. If you have a large document, presentation, etc, please do not post it to the list. Instead, please send it to capwap-admin@frascone.com, and ask for it to be posted to the website. Then you can post the link to the mailing list. Thanks for your understanding, -Dave P.S. Since most rejected mails are triggered by spam, please send capwap-admin a mail if you think your message is being held. It will help to speed the approval . . . -- David Frascone Cause of crash: Inadvertent contact with the ground. _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 06 10:24:42 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F68EI-0003W0-3N for capwap-archive@megatron.ietf.org; Mon, 06 Feb 2006 10:24:42 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA26767 for ; Mon, 6 Feb 2006 10:22:48 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 81DEE430105 for ; Mon, 6 Feb 2006 07:24:28 -0800 (PST) Received: from hermes.tigertech.net (hermes.tigertech.net [64.71.157.146]) by leela.tigertech.net (Postfix) with ESMTP id 63BBA43004F for ; Mon, 6 Feb 2006 07:24:06 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 4CACB80C0F6 for ; Mon, 6 Feb 2006 07:24:06 -0800 (PST) Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.192.81]) by hermes.tigertech.net (Postfix) with ESMTP id 2BDDC80C151 for ; Mon, 6 Feb 2006 07:24:03 -0800 (PST) Received: from [192.168.128.4] (c-24-6-207-154.hsd1.ca.comcast.net[24.6.207.154]) by comcast.net (rwcrmhc11) with ESMTP id <20060206151900m11005tnj5e>; Mon, 6 Feb 2006 15:19:00 +0000 Message-ID: <43E768E3.9030409@hyperthought.com> Date: Mon, 06 Feb 2006 07:18:59 -0800 From: Scott G Kelly User-Agent: Mozilla Thunderbird 1.0.7-1.1.fc4 (X11/20050929) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Mani, Mahalingam (Mani)" Subject: Re: [Capwap] CAPWAP protocol Security References: In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Cc: capwap@frascone.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by ietf.org id KAA26767 Having been involved with this from the beginning, I'd be happy to=20 contribute to this. --Scott Mani, Mahalingam (Mani) wrote: > On suggestion from our AD, Bert, we have approached the security ADs=20 > regarding our current deliberations related to securing >=20 > CAPWAP; and seek a security area advisor for the WG. >=20 > =20 >=20 > We have received a response from security area ADs asking for a=20 > presentation at SAAG (security area directorate meeting) during IETF65 = =96=20 > on background, problem to be solved and solution(s) proposed hitherto. >=20 > =20 >=20 > One of us will be discussing this at SAAG. Volunteers welcome too. >=20 > =20 >=20 > Regards, >=20 > -mani & Dorothy >=20 > =3D=3D=3D=3D=3D=3D >=20 > =20 >=20 >=20 > -----------------------------------------------------------------------= - >=20 > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap >=20 > Archives: http://lists.frascone.com/pipermail/capwap _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 06 11:49:13 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F69Y6-0001JP-KB for capwap-archive@megatron.ietf.org; Mon, 06 Feb 2006 11:49:13 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA02882 for ; Mon, 6 Feb 2006 11:47:19 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id D3A1E430107 for ; Mon, 6 Feb 2006 08:48:55 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id D825443005F for ; Mon, 6 Feb 2006 08:48:30 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 714CC398093 for ; Mon, 6 Feb 2006 08:48:30 -0800 (PST) Received: from sj-iport-4.cisco.com (sj-iport-4.cisco.com [171.68.10.86]) by zoidberg.tigertech.net (Postfix) with ESMTP id C9F78398074 for ; Mon, 6 Feb 2006 08:48:22 -0800 (PST) Received: from sj-core-1.cisco.com ([171.71.177.237]) by sj-iport-4.cisco.com with ESMTP; 06 Feb 2006 08:48:22 -0800 X-IronPort-AV: i="4.02,92,1139212800"; d="scan'208"; a="1773759566:sNHT32272180" Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id k16GmLKT008614; Mon, 6 Feb 2006 08:48:21 -0800 (PST) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Mon, 6 Feb 2006 08:48:21 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [Capwap] Join to Image Data Date: Mon, 6 Feb 2006 08:48:20 -0800 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A201561C6D@xmb-sjc-235.amer.cisco.com> Thread-Topic: [Capwap] Join to Image Data Thread-Index: AcYnfk36B6Jp2QuSTQCXZisczGfc+gDvokeQ From: "Pat Calhoun (pacalhou)" To: "David T. Perkins" , X-OriginalArrivalTime: 06 Feb 2006 16:48:21.0109 (UTC) FILETIME=[2340DA50:01C62B3D] X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.374 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable I disagree. I believe that the best state transition to get firmware downloaded is post join. My main concern is pushing the firmware download in the Run state is that it minimizes the impact of protocol changes to Discovery and Join. So if an AC is running code that is drastically different from what's on the WTP, you really only need to worry about backward compatibility in those two messages, vs. possibly every message defined in the protocol.=20 This was my main objection to the evaluation team's request to allow the Run->Image Data state transition. Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems =20 > -----Original Message----- > From: David T. Perkins [mailto:dperkins@dsperkins.com]=20 > Sent: Wednesday, February 01, 2006 2:00 PM > To: capwap@frascone.com > Subject: [Capwap] Join to Image Data >=20 > HI, >=20 > The LWAPP State Machine in figure 2 has the transition=20 > labelled "m" that is Join to Image Data. This transition is=20 > not described, and it seems inappropriate. > I believe that it should be removed. >=20 > Regards, > /david t. perkins=20 >=20 > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap >=20 > Archives: http://lists.frascone.com/pipermail/capwap >=20 _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 06 11:55:55 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F69ec-0002b7-Qs for capwap-archive@megatron.ietf.org; Mon, 06 Feb 2006 11:55:55 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA03410 for ; Mon, 6 Feb 2006 11:54:14 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 8B26E4300EF for ; Mon, 6 Feb 2006 08:55:53 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 8743543005F for ; Mon, 6 Feb 2006 08:55:29 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 6A6C73980A6; Mon, 6 Feb 2006 08:55:29 -0800 (PST) Received: from gateout02.mbox.net (gateout02.mbox.net [165.212.64.22]) by zoidberg.tigertech.net (Postfix) with ESMTP id BC081398043; Mon, 6 Feb 2006 08:55:20 -0800 (PST) Received: from gateout02.mbox.net (gateout02.mbox.net [165.212.64.22]) by gateout02.mbox.net (Postfix) with ESMTP id D2832265D; Mon, 6 Feb 2006 16:55:15 +0000 (GMT) Received: from gateout02.mbox.net [127.0.0.1] by gateout02.mbox.net via mtad (C8.MAIN.3.27E) with ESMTP id 994kBFq4N0169Mo2; Mon, 06 Feb 2006 16:55:14 GMT Received: from gateout02.mbox.net [127.0.0.1] by gateout02.mbox.net via mtad (C8.MAIN.3.27E) with ESMTP id 987kBFq4m0417Mo2; Mon, 06 Feb 2006 16:55:12 GMT X-USANET-Routed: 2 gwsout-vs R:localhost:1825 Received: from GW2.EXCHPROD.USA.NET [165.212.116.254] by gateout02.mbox.net via smtad (C8.MAIN.3.27I); Mon, 06 Feb 2006 16:55:12 GMT X-USANET-Source: 165.212.116.254 IN skh@nexthop.com GW2.EXCHPROD.USA.NET X-USANET-MsgId: XID679kBFq4m5118Xo2 Received: from VS4.EXCHPROD.USA.NET ([10.116.208.142]) by GW2.EXCHPROD.USA.NET with Microsoft SMTPSVC(6.0.3790.211); Mon, 6 Feb 2006 09:55:11 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Subject: RE: [Capwap] Administrivia Date: Mon, 6 Feb 2006 09:55:10 -0700 Message-ID: <6F44D7F6B24A8F4DA0AB46C9BE924F0203392379@VS4.EXCHPROD.USA.NET> Thread-Topic: [Capwap] Administrivia Thread-Index: AcYrLzYfYDpP6PtnQi6YjGfisk4sjwADtrrg From: "Susan Hares" To: "David Frascone" , X-OriginalArrivalTime: 06 Feb 2006 16:55:11.0785 (UTC) FILETIME=[18090990:01C62B3E] X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable Dave: I'll re-post in text document. Sue -----Original Message----- From: David Frascone [mailto:dave@frascone.com]=20 Sent: Monday, February 06, 2006 10:08 AM To: capwap@frascone.com Subject: [Capwap] Administrivia The message body cap has been increased from 40kb to 150kb. That should allow most drafts + edits to post successfully. If you have a large document, presentation, etc, please do not post it=20 to the list. Instead, please send it to capwap-admin@frascone.com, and=20 ask for it to be posted to the website. Then you can post the link to=20 the mailing list. Thanks for your understanding, -Dave P.S. Since most rejected mails are triggered by spam, please send=20 capwap-admin a mail if you think your message is being held. It will=20 help to speed the approval . . . --=20 David Frascone Cause of crash: Inadvertent contact with the ground. _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 06 12:25:02 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6A6o-0003oa-L5 for capwap-archive@megatron.ietf.org; Mon, 06 Feb 2006 12:25:02 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA05716 for ; Mon, 6 Feb 2006 12:23:14 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 0494E4300F8 for ; Mon, 6 Feb 2006 09:24:54 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id EBEE143005F for ; Mon, 6 Feb 2006 09:24:32 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 3D29C398074 for ; Mon, 6 Feb 2006 09:24:32 -0800 (PST) Received: from pop-satin.atl.sa.earthlink.net (pop-satin.atl.sa.earthlink.net [207.69.195.63]) by zoidberg.tigertech.net (Postfix) with ESMTP id 61D65398037 for ; Mon, 6 Feb 2006 09:24:24 -0800 (PST) Received: from elwamui-rubis.atl.sa.earthlink.net ([209.86.224.47]) by pop-satin.atl.sa.earthlink.net with esmtp (Exim 3.36 #10) id 1F6A69-00000e-00; Mon, 06 Feb 2006 12:24:21 -0500 Message-ID: <20351332.1139246661002.JavaMail.root@elwamui-rubis.atl.sa.earthlink.net> Date: Mon, 6 Feb 2006 09:24:20 -0800 (GMT-08:00) From: "Scott G. Kelly" To: "Pat Calhoun (pacalhou)" , "David T. Perkins" , capwap@frascone.com Subject: RE: [Capwap] Join to Image Data Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailer: EarthLink Zoo Mail 1.0 X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Scott G. Kelly" List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: 7bit This touches on one of the questions Nancy raised about the dtls draft, so now's as good a time as any to bring this up. Nancy wanted to know why there was a similar transition proposed there. I put it there because it seemed to me that to upgrade from the current lwapp to an lwapp-dtls system without a manual reflash, the ability to upgrade the firmware without explicitly joining would be required. Of course, I assumed the image would be signed, but now I'm not so sure such a requirement belongs in the capwap protocol. How do you deal with this issue if you don't require signing? Do you (a) require a manual re-flash if the join transaction becomes incompatible? Seems like the only other alternatives are (b) require firmware signing, or (c) require a compatibility mode. Seems like (c) imposes undue economic pressure on people who are implementing from scratch, and it's not clear to me that (b) would be appropriate. I'm thinking (a) is the only reasonable path forward. Thoughts? -----Original Message----- >From: "Pat Calhoun (pacalhou)" >Sent: Feb 6, 2006 8:48 AM >To: "David T. Perkins" , capwap@frascone.com >Subject: RE: [Capwap] Join to Image Data > >I disagree. I believe that the best state transition to get firmware >downloaded is post join. My main concern is pushing the firmware >download in the Run state is that it minimizes the impact of protocol >changes to Discovery and Join. So if an AC is running code that is >drastically different from what's on the WTP, you really only need to >worry about backward compatibility in those two messages, vs. possibly >every message defined in the protocol. > >This was my main objection to the evaluation team's request to allow the >Run->Image Data state transition. > >Pat Calhoun >CTO, Wireless Networking Business Unit >Cisco Systems > > > >> -----Original Message----- >> From: David T. Perkins [mailto:dperkins@dsperkins.com] >> Sent: Wednesday, February 01, 2006 2:00 PM >> To: capwap@frascone.com >> Subject: [Capwap] Join to Image Data >> >> HI, >> >> The LWAPP State Machine in figure 2 has the transition >> labelled "m" that is Join to Image Data. This transition is >> not described, and it seems inappropriate. >> I believe that it should be removed. >> >> Regards, >> /david t. perkins >> >> _________________________________________________________________ >> To unsubscribe or modify your subscription options, please visit: >> http://lists.frascone.com/mailman/listinfo/capwap >> >> Archives: http://lists.frascone.com/pipermail/capwap >> >_________________________________________________________________ >To unsubscribe or modify your subscription options, please visit: >http://lists.frascone.com/mailman/listinfo/capwap > >Archives: http://lists.frascone.com/pipermail/capwap _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 06 12:54:00 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6AYq-00025q-DL for capwap-archive@megatron.ietf.org; Mon, 06 Feb 2006 12:54:00 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA07665 for ; Mon, 6 Feb 2006 12:52:11 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 8BC914300BF for ; Mon, 6 Feb 2006 09:53:46 -0800 (PST) Received: from he84-x.tigertech.net (he84-x.tigertech.net [64.62.142.84]) by leela.tigertech.net (Postfix) with ESMTP id D60B043005F for ; Mon, 6 Feb 2006 09:53:09 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id C2C2280C108 for ; Mon, 6 Feb 2006 09:53:09 -0800 (PST) Received: from sj-iport-4.cisco.com (sj-iport-4.cisco.com [171.68.10.86]) by hermes.tigertech.net (Postfix) with ESMTP id 032BF80C0F6 for ; Mon, 6 Feb 2006 09:53:07 -0800 (PST) Received: from sj-core-2.cisco.com ([171.71.177.254]) by sj-iport-4.cisco.com with ESMTP; 06 Feb 2006 09:53:02 -0800 X-IronPort-AV: i="4.02,92,1139212800"; d="scan'208"; a="1773799838:sNHT1832821032" Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id k16Hr1WF028899; Mon, 6 Feb 2006 09:53:01 -0800 (PST) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Mon, 6 Feb 2006 09:53:01 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [Capwap] Join to Image Data Date: Mon, 6 Feb 2006 09:53:00 -0800 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A2015C370F@xmb-sjc-235.amer.cisco.com> Thread-Topic: [Capwap] Join to Image Data Thread-Index: AcYrQixBp5guAm2zSOmki3IhvyjySQAA/Ibw From: "Pat Calhoun (pacalhou)" To: "Scott G. Kelly" , "David T. Perkins" , X-OriginalArrivalTime: 06 Feb 2006 17:53:01.0501 (UTC) FILETIME=[2C25AED0:01C62B46] X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.374 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable That's my thinking as well. Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems =20 > -----Original Message----- > From: Scott G. Kelly [mailto:s.kelly@ix.netcom.com]=20 > Sent: Monday, February 06, 2006 9:24 AM > To: Pat Calhoun (pacalhou); David T. Perkins; capwap@frascone.com > Subject: RE: [Capwap] Join to Image Data >=20 > This touches on one of the questions Nancy raised about the=20 > dtls draft, so now's as good a time as any to bring this up.=20 > Nancy wanted to know why there was a similar transition=20 > proposed there. I put it there because it seemed to me that=20 > to upgrade from the current lwapp to an lwapp-dtls system=20 > without a manual reflash, the ability to upgrade the firmware=20 > without explicitly joining would be required. Of course, I=20 > assumed the image would be signed, but now I'm not so sure=20 > such a requirement belongs in the capwap protocol. >=20 > How do you deal with this issue if you don't require signing?=20 > Do you (a) require a manual re-flash if the join transaction=20 > becomes incompatible? Seems like the only other alternatives=20 > are (b) require firmware signing, or (c) require a=20 > compatibility mode.=20 >=20 > Seems like (c) imposes undue economic pressure on people who=20 > are implementing from scratch, and it's not clear to me that=20 > (b) would be appropriate. I'm thinking (a) is the only=20 > reasonable path forward. Thoughts? >=20 > -----Original Message----- > >From: "Pat Calhoun (pacalhou)" > >Sent: Feb 6, 2006 8:48 AM > >To: "David T. Perkins" , capwap@frascone.com > >Subject: RE: [Capwap] Join to Image Data > > > >I disagree. I believe that the best state transition to get firmware=20 > >downloaded is post join. My main concern is pushing the firmware=20 > >download in the Run state is that it minimizes the impact of=20 > protocol=20 > >changes to Discovery and Join. So if an AC is running code that is=20 > >drastically different from what's on the WTP, you really=20 > only need to=20 > >worry about backward compatibility in those two messages,=20 > vs. possibly=20 > >every message defined in the protocol. > > > >This was my main objection to the evaluation team's request to allow=20 > >the > >Run->Image Data state transition. > > > >Pat Calhoun > >CTO, Wireless Networking Business Unit > >Cisco Systems > > > >=20 > > > >> -----Original Message----- > >> From: David T. Perkins [mailto:dperkins@dsperkins.com] > >> Sent: Wednesday, February 01, 2006 2:00 PM > >> To: capwap@frascone.com > >> Subject: [Capwap] Join to Image Data > >>=20 > >> HI, > >>=20 > >> The LWAPP State Machine in figure 2 has the transition=20 > labelled "m"=20 > >> that is Join to Image Data. This transition is not=20 > described, and it=20 > >> seems inappropriate. > >> I believe that it should be removed. > >>=20 > >> Regards, > >> /david t. perkins > >>=20 > >> _________________________________________________________________ > >> To unsubscribe or modify your subscription options, please visit: > >> http://lists.frascone.com/mailman/listinfo/capwap > >>=20 > >> Archives: http://lists.frascone.com/pipermail/capwap > >>=20 > >_________________________________________________________________ > >To unsubscribe or modify your subscription options, please visit: > >http://lists.frascone.com/mailman/listinfo/capwap > > > >Archives: http://lists.frascone.com/pipermail/capwap >=20 _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 06 13:09:07 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6AnT-0005u9-JG for capwap-archive@megatron.ietf.org; Mon, 06 Feb 2006 13:09:07 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA09312 for ; Mon, 6 Feb 2006 13:07:16 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 1DAA043010E for ; Mon, 6 Feb 2006 10:08:56 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id F1331430063 for ; Mon, 6 Feb 2006 10:08:29 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id D4CCE39807F for ; Mon, 6 Feb 2006 10:08:29 -0800 (PST) Received: from smtpout1.bayarea.net (smtpout1.BAYAREA.NET [209.128.95.10]) by zoidberg.tigertech.net (Postfix) with ESMTP id BF816398074 for ; Mon, 6 Feb 2006 10:08:17 -0800 (PST) Received: from shell4.bayarea.net (shell4.bayarea.net [209.128.82.1]) by smtpout1.bayarea.net (8.12.10/8.12.10) with ESMTP id k16I8Q1l026539; Mon, 6 Feb 2006 10:08:26 -0800 Received: from shell4.bayarea.net (localhost [127.0.0.1]) by shell4.bayarea.net (8.12.11/8.12.11) with ESMTP id k16I8GX7018032; Mon, 6 Feb 2006 10:08:16 -0800 Received: from localhost (dperkins@localhost) by shell4.bayarea.net (8.12.11/8.12.11/Submit) with ESMTP id k16I8FVI018027; Mon, 6 Feb 2006 10:08:16 -0800 X-Authentication-Warning: shell4.bayarea.net: dperkins owned process doing -bs Date: Mon, 6 Feb 2006 10:08:15 -0800 (PST) From: "David T. Perkins" X-Sender: dperkins@shell4.bayarea.net To: "Pat Calhoun (pacalhou)" Subject: RE: [Capwap] Join to Image Data In-Reply-To: <4FF84B0BC277FF45AA27FE969DD956A201561C6D@xmb-sjc-235.amer.cisco.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Cc: capwap@frascone.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com HI, I'm confused. I'm looking at the LWAPP-03 draft and the state diagram in figure 2 and the descriptions of the states transitions that follow. The join state has a transition labeled "m" that goes to the image data state. I couldn't find a description of that transition. It also has a transition labeled "z" that goes to the Join-Confirm state. In the descriptions, it didn't seem like the "m" transition would ever occur. What I'm I missing? In general, it seems like that there are many different understandings, instead of a single one as to what resources and boot model is supported by the CAPWAP protocol. I'll follow up later today on this with details. However, I was confused whether or not a WTP is always running the "boot loader" code in the Discovery, Join, Image Data, and Join-Confirm states, and when is a switch made to the "system image" code. I was assuming that happened in the transition from Join-Confirm to Configure. As Pat points out, and which I agree, one certainly wants to minimize the ammount of "knowledge" in the boot loader so that 1) it's complexity and memory footprint are minimized, 2) to isolate it from changes in the CAPWAP protocol (so support going from a very old CAPWAP version to a very new CAPWAP version). On Mon, 6 Feb 2006, Pat Calhoun (pacalhou) wrote: > I disagree. I believe that the best state transition to get firmware > downloaded is post join. My main concern is pushing the firmware > download in the Run state is that it minimizes the impact of protocol > changes to Discovery and Join. So if an AC is running code that is > drastically different from what's on the WTP, you really only need to > worry about backward compatibility in those two messages, vs. possibly > every message defined in the protocol. > > This was my main objection to the evaluation team's request to allow the > Run->Image Data state transition. > > Pat Calhoun > CTO, Wireless Networking Business Unit > Cisco Systems > > > > > -----Original Message----- > > From: David T. Perkins [mailto:dperkins@dsperkins.com] > > Sent: Wednesday, February 01, 2006 2:00 PM > > To: capwap@frascone.com > > Subject: [Capwap] Join to Image Data > > > > HI, > > > > The LWAPP State Machine in figure 2 has the transition > > labelled "m" that is Join to Image Data. This transition is > > not described, and it seems inappropriate. > > I believe that it should be removed. > > > > Regards, > > /david t. perkins Regards, /david t. perkins _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 06 13:44:36 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6BLm-00070h-4j for capwap-archive@megatron.ietf.org; Mon, 06 Feb 2006 13:44:36 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA11530 for ; Mon, 6 Feb 2006 13:42:52 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 5DE1B430101 for ; Mon, 6 Feb 2006 10:44:32 -0800 (PST) Received: from he84-x.tigertech.net (he84-x.tigertech.net [64.62.142.84]) by leela.tigertech.net (Postfix) with ESMTP id 4560043005F for ; Mon, 6 Feb 2006 10:43:58 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 39AB980C147 for ; Mon, 6 Feb 2006 10:43:58 -0800 (PST) Received: from gateout02.mbox.net (gateout02.mbox.net [165.212.64.22]) by hermes.tigertech.net (Postfix) with ESMTP id 7912B80C13E for ; Mon, 6 Feb 2006 10:43:56 -0800 (PST) Received: from gateout02.mbox.net (gateout02.mbox.net [165.212.64.22]) by gateout02.mbox.net (Postfix) with ESMTP id E4B731FF6; Mon, 6 Feb 2006 18:43:54 +0000 (GMT) Received: from gateout02.mbox.net [127.0.0.1] by gateout02.mbox.net via mtad (C8.MAIN.3.27E) with ESMTP id 271kBFsr20257Mo2; Mon, 06 Feb 2006 18:43:54 GMT Received: from gateout02.mbox.net [127.0.0.1] by gateout02.mbox.net via mtad (C8.MAIN.3.27E) with ESMTP id 263kBFsrz0014Mo2; Mon, 06 Feb 2006 18:43:51 GMT X-USANET-Routed: 2 gwsout-vs R:localhost:1825 Received: from GW1.EXCHPROD.USA.NET [165.212.116.254] by gateout02.mbox.net via smtad (C8.MAIN.3.27I); Mon, 06 Feb 2006 18:43:51 GMT X-USANET-Source: 165.212.116.254 IN skh@nexthop.com GW1.EXCHPROD.USA.NET X-USANET-MsgId: XID846kBFsrz4277Xo2 Received: from VS4.EXCHPROD.USA.NET ([10.116.208.142]) by GW1.EXCHPROD.USA.NET with Microsoft SMTPSVC(6.0.3790.211); Mon, 6 Feb 2006 11:43:50 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Subject: RE: [Capwap] Join to Image Data Date: Mon, 6 Feb 2006 11:43:52 -0700 Message-ID: <6F44D7F6B24A8F4DA0AB46C9BE924F020339252A@VS4.EXCHPROD.USA.NET> Thread-Topic: [Capwap] Join to Image Data Thread-Index: AcYrQjigEkX9B7+2TneqVvivg0ysEgACAH2A From: "Susan Hares" To: "Scott G. Kelly" , "Pat Calhoun (pacalhou)" , "David T. Perkins" , X-OriginalArrivalTime: 06 Feb 2006 18:43:50.0981 (UTC) FILETIME=[45C76750:01C62B4D] X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable Scott: Did you get my comments on the DTLS state machine? I'm assuming you did based on these comments. Sue Hares -----Original Message----- From: Scott G. Kelly [mailto:s.kelly@ix.netcom.com]=20 Sent: Monday, February 06, 2006 12:24 PM To: Pat Calhoun (pacalhou); David T. Perkins; capwap@frascone.com Subject: RE: [Capwap] Join to Image Data This touches on one of the questions Nancy raised about the dtls draft, so now's as good a time as any to bring this up. Nancy wanted to know why there was a similar transition proposed there. I put it there because it seemed to me that to upgrade from the current lwapp to an lwapp-dtls system without a manual reflash, the ability to upgrade the firmware without explicitly joining would be required. Of course, I assumed the image would be signed, but now I'm not so sure such a requirement belongs in the capwap protocol. How do you deal with this issue if you don't require signing? Do you (a) require a manual re-flash if the join transaction becomes incompatible? Seems like the only other alternatives are (b) require firmware signing, or (c) require a compatibility mode.=20 Seems like (c) imposes undue economic pressure on people who are implementing from scratch, and it's not clear to me that (b) would be appropriate. I'm thinking (a) is the only reasonable path forward. Thoughts? -----Original Message----- >From: "Pat Calhoun (pacalhou)" >Sent: Feb 6, 2006 8:48 AM >To: "David T. Perkins" , capwap@frascone.com >Subject: RE: [Capwap] Join to Image Data > >I disagree. I believe that the best state transition to get firmware >downloaded is post join. My main concern is pushing the firmware >download in the Run state is that it minimizes the impact of protocol >changes to Discovery and Join. So if an AC is running code that is >drastically different from what's on the WTP, you really only need to >worry about backward compatibility in those two messages, vs. possibly >every message defined in the protocol.=20 > >This was my main objection to the evaluation team's request to allow the >Run->Image Data state transition. > >Pat Calhoun >CTO, Wireless Networking Business Unit >Cisco Systems > >=20 > >> -----Original Message----- >> From: David T. Perkins [mailto:dperkins@dsperkins.com]=20 >> Sent: Wednesday, February 01, 2006 2:00 PM >> To: capwap@frascone.com >> Subject: [Capwap] Join to Image Data >>=20 >> HI, >>=20 >> The LWAPP State Machine in figure 2 has the transition=20 >> labelled "m" that is Join to Image Data. This transition is=20 >> not described, and it seems inappropriate. >> I believe that it should be removed. >>=20 >> Regards, >> /david t. perkins=20 >>=20 >> _________________________________________________________________ >> To unsubscribe or modify your subscription options, please visit: >> http://lists.frascone.com/mailman/listinfo/capwap >>=20 >> Archives: http://lists.frascone.com/pipermail/capwap >>=20 >_________________________________________________________________ >To unsubscribe or modify your subscription options, please visit: >http://lists.frascone.com/mailman/listinfo/capwap > >Archives: http://lists.frascone.com/pipermail/capwap _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 06 13:53:23 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6BUJ-0000Lq-DP for capwap-archive@megatron.ietf.org; Mon, 06 Feb 2006 13:53:23 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA12050 for ; Mon, 6 Feb 2006 13:51:34 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 201C94300DC for ; Mon, 6 Feb 2006 10:53:14 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 6EC4543005F for ; Mon, 6 Feb 2006 10:52:25 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 3A04939807A for ; Mon, 6 Feb 2006 10:52:25 -0800 (PST) Received: from gateout02.mbox.net (gateout02.mbox.net [165.212.64.22]) by zoidberg.tigertech.net (Postfix) with ESMTP id D8EAB398037 for ; Mon, 6 Feb 2006 10:52:19 -0800 (PST) Received: from gateout02.mbox.net (gateout02.mbox.net [165.212.64.22]) by gateout02.mbox.net (Postfix) with ESMTP id 996982702; Mon, 6 Feb 2006 18:52:17 +0000 (GMT) Received: from gateout02.mbox.net [127.0.0.1] by gateout02.mbox.net via mtad (C8.MAIN.3.27E) with ESMTP id 505kBFs1P0437Mo2; Mon, 06 Feb 2006 18:52:16 GMT Received: from gateout02.mbox.net [127.0.0.1] by gateout02.mbox.net via mtad (C8.MAIN.3.27E) with ESMTP id 500kBFs1o0007Mo2; Mon, 06 Feb 2006 18:52:14 GMT X-USANET-Routed: 2 gwsout-vs R:localhost:1825 Received: from gw3.EXCHPROD.USA.NET [165.212.116.254] by gateout02.mbox.net via smtad (C8.MAIN.3.27I); Mon, 06 Feb 2006 18:52:14 GMT X-USANET-Source: 165.212.116.254 IN skh@nexthop.com gw3.EXCHPROD.USA.NET X-USANET-MsgId: XID608kBFs1o4469Xo2 Received: from VS4.EXCHPROD.USA.NET ([10.116.208.142]) by gw3.EXCHPROD.USA.NET with Microsoft SMTPSVC(6.0.3790.211); Mon, 6 Feb 2006 11:52:14 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Subject: RE: FW: [Capwap] lwapp-dtls edits Date: Mon, 6 Feb 2006 11:52:13 -0700 Message-ID: <6F44D7F6B24A8F4DA0AB46C9BE924F020339255C@VS4.EXCHPROD.USA.NET> Thread-Topic: FW: [Capwap] lwapp-dtls edits Thread-Index: AcYpGbOimpB9RUomSFq3U/3TIc3SMACNLF+A From: "Susan Hares" To: "Scott G. Kelly" , "Pat Calhoun (pacalhou)" , X-OriginalArrivalTime: 06 Feb 2006 18:52:14.0015 (UTC) FILETIME=[719C4CF0:01C62B4E] X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable Scott: Found this message indicating you got the document. Glad to review your next revision before it comes out. Sue -----Original Message----- From: Scott G. Kelly [mailto:s.kelly@ix.netcom.com]=20 Sent: Friday, February 03, 2006 6:29 PM To: Pat Calhoun (pacalhou); Capwap@frascone.com Subject: Re: FW: [Capwap] lwapp-dtls edits Just wanted to ack Sue's and Nancy's comments - I've been slammed for the last week, and Eric and I expect to get to this over the weekend... -----Original Message----- >From: "Pat Calhoun (pacalhou)" >Sent: Feb 3, 2006 8:10 AM >To: Capwap@frascone.com >Subject: FW: [Capwap] lwapp-dtls edits > >Re-sending for Nancy. > >Pat Calhoun >CTO, Wireless Networking Business Unit >Cisco Systems > >=20 > >> -----Original Message----- >> From: Nancy Winget (ncamwing)=20 >> Sent: Saturday, January 28, 2006 3:15 PM >> To: Susan Hares; Scott G. Kelly; capwap >> Cc: Pat Calhoun (pacalhou) >> Subject: RE: [Capwap] lwapp-dtls edits >>=20 >> Scott, >>=20 >> I also could only do a cursory security review of the current=20 >> draft as I need more clarification and elaboration on the=20 >> authentication/authorization enforcement as well as how the=20 >> rekey mechanisms work. Once I have a better understanding of=20 >> those, I think we can close loop on the security review. I=20 >> think my comments are along the same vein as Sue's. =20 >>=20 >> Attached are my comments embedded in the word-(re)formatted draft. >>=20 >> Thanks, >> Nancy. =20 >>=20 >> -----Original Message----- >> From: Susan Hares [mailto:skh@nexthop.com] >> Sent: Friday, January 27, 2006 4:39 PM >> To: Scott G. Kelly; capwap >> Cc: Nancy Winget (ncamwing); Pat Calhoun (pacalhou) >> Subject: RE: [Capwap] lwapp-dtls edits >>=20 >> Scott: >>=20 >> My focus has been the interaction of the DTLS work with the=20 >> LWAPP State machine. The=20 >> draft-kelley-capwap-lwap-dtls-00.txt gave no state machine=20 >> interactions. >>=20 >> The draft-kelley-capwap-lwapp-dtls-01.txt draft gives some=20 >> state machine interactions, and modifies the LWAPP state machine.=20 >>=20 >> However, these state machine interactions do not provide=20 >> guidance on what to do in the DTLS handshake errors,=20 >> fragmentation errors, or alert messages. >>=20 >> I've attached very draft text to guide you in providing the=20 >> next revision. >> (It's a word document - so let me know if that's a problem. =20 >> I turned on the revision history and highlighted the suggested text.) >> =20 >> I'll do a final DTLS and security review once you finalize=20 >> your next revision. =20 >>=20 >> Pat and I went through a few rounds on the state machine of LWAPP to >> reach the current form. Glad to do an early review of your=20 >> text prior >> to release to the working group.=20 >>=20 >> Cheers,=20 >>=20 >> Sue >>=20 >> PS - I used (lwapp-03, dtls-05). >>=20 >> I sent my comments from Nancy Winget (Cisco). She may find more >> issues with the state machine based on conversations we=20 >> had at IEEE. >> =20 >>=20 _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From birzamb@mail.hl.cn Mon Feb 06 14:06:37 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6Bh7-0003Xx-JE for capwap-archive@megatron.ietf.org; Mon, 06 Feb 2006 14:06:37 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA13173 for ; Mon, 6 Feb 2006 14:04:43 -0500 (EST) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1F6Bt8-0007Vr-Rc for capwap-archive@ietf.org; Mon, 06 Feb 2006 14:19:04 -0500 Received: from 65.107.43.172.ptr.us.xo.net ([65.107.43.172] helo=mail.hl.cn) by mx2.foretec.com with smtp (Exim 4.24) id 1F6Bgs-0000pS-HT for capwap-archive@ietf.org; Mon, 06 Feb 2006 14:06:22 -0500 Message-ID: <000001c62b50$612635f0$2499a8c0@spitfire> Reply-To: "Birthe Zambrano" From: "Birthe Zambrano" To: "Devnet Renegar" Subject: Re: f news 8615 Date: Mon, 6 Feb 2006 14:06:05 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C62B26.78502DF0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: 0.1 (/) X-Scan-Signature: a069a8e8835d39ce36e425c148267a7b This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C62B26.78502DF0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, =20 http://www.befordinne.com =20 =20 V o=20 I b=20 A y=20 G w=20 R j=20 A s=20 =20 p=20 $ x=20 3 t=20 , m=20 3 r=20 3 k=20 V c=20 A m=20 L k=20 I q=20 U o=20 M b=20 =20 f=20 $ n=20 1 v=20 , d=20 2 x=20 1 c=20 C q=20 I y=20 A q=20 L q=20 I l=20 S x=20 =20 m=20 $ m=20 3 g=20 , u=20 7 i=20 5 x=20 ------=_NextPart_000_0001_01C62B26.78502DF0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Hi,
 
 
V
o
I
b
A
y
G
w
R
j
A
s
 
p
$
x
3
t
,
m
3
r
3
k
V
c
A
m
L
k
I
q
U
o
M
b
 
f
$
n
1
v
,
d
2
x
1
c
C
q
I
y
A
q
L
q
I
l
S
x
 
m
$
m
3
g
,
u
7
i
5
x
------=_NextPart_000_0001_01C62B26.78502DF0-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 06 15:18:29 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6Cod-0005L9-8t for capwap-archive@megatron.ietf.org; Mon, 06 Feb 2006 15:18:29 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA19329 for ; Mon, 6 Feb 2006 15:16:43 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 1E7CC43011A for ; Mon, 6 Feb 2006 12:18:23 -0800 (PST) Received: from he84-x.tigertech.net (he84-x.tigertech.net [64.62.142.84]) by leela.tigertech.net (Postfix) with ESMTP id 06C5C43005F for ; Mon, 6 Feb 2006 12:17:59 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id EA7F380C13C for ; Mon, 6 Feb 2006 12:17:58 -0800 (PST) Received: from pop-scotia.atl.sa.earthlink.net (pop-scotia.atl.sa.earthlink.net [207.69.195.65]) by hermes.tigertech.net (Postfix) with ESMTP id 39D4380C108 for ; Mon, 6 Feb 2006 12:17:57 -0800 (PST) Received: from elwamui-sweet.atl.sa.earthlink.net ([209.86.224.49]) by pop-scotia.atl.sa.earthlink.net with esmtp (Exim 3.36 #10) id 1F6Co5-00028n-00; Mon, 06 Feb 2006 15:17:53 -0500 Message-ID: <1764833.1139257072942.JavaMail.root@elwamui-sweet.atl.sa.earthlink.net> Date: Mon, 6 Feb 2006 12:17:52 -0800 (GMT-08:00) From: "Scott G. Kelly" To: Susan Hares , "Pat Calhoun (pacalhou)" , "David T. Perkins" , "capwap@frascone.com\"capwap\"" Subject: RE: [Capwap] Join to Image Data Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailer: EarthLink Zoo Mail 1.0 X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Scott G. Kelly" List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: 7bit Yes, I received your edits in the .doc file. I may have confused you and Nancy in my comments below, but either way, one (or perhaps both) of you noted this issue, and it is being addressed. We hope to finish up edits based on both of your comments within the next few days. -----Original Message----- >From: Susan Hares >Sent: Feb 6, 2006 10:43 AM >To: "Scott G. Kelly" , "Pat Calhoun (pacalhou)" , "David T. Perkins" , capwap@frascone.com >Subject: RE: [Capwap] Join to Image Data > >Scott: > >Did you get my comments on the DTLS state machine? >I'm assuming you did based on these comments. > >Sue Hares > >-----Original Message----- >From: Scott G. Kelly [mailto:s.kelly@ix.netcom.com] >Sent: Monday, February 06, 2006 12:24 PM >To: Pat Calhoun (pacalhou); David T. Perkins; capwap@frascone.com >Subject: RE: [Capwap] Join to Image Data > >This touches on one of the questions Nancy raised about the dtls draft, >so now's as good a time as any to bring this up. Nancy wanted to know >why there was a similar transition proposed there. I put it there >because it seemed to me that to upgrade from the current lwapp to an >lwapp-dtls system without a manual reflash, the ability to upgrade the >firmware without explicitly joining would be required. Of course, I >assumed the image would be signed, but now I'm not so sure such a >requirement belongs in the capwap protocol. > >How do you deal with this issue if you don't require signing? Do you (a) >require a manual re-flash if the join transaction becomes incompatible? >Seems like the only other alternatives are (b) require firmware signing, >or (c) require a compatibility mode. > > >Seems like (c) imposes undue economic pressure on people who are >implementing from scratch, and it's not clear to me that (b) would be >appropriate. I'm thinking (a) is the only reasonable path forward. >Thoughts? > >-----Original Message----- >>From: "Pat Calhoun (pacalhou)" >>Sent: Feb 6, 2006 8:48 AM >>To: "David T. Perkins" , capwap@frascone.com >>Subject: RE: [Capwap] Join to Image Data >> >>I disagree. I believe that the best state transition to get firmware >>downloaded is post join. My main concern is pushing the firmware >>download in the Run state is that it minimizes the impact of protocol >>changes to Discovery and Join. So if an AC is running code that is >>drastically different from what's on the WTP, you really only need to >>worry about backward compatibility in those two messages, vs. possibly >>every message defined in the protocol. >> >>This was my main objection to the evaluation team's request to allow >the >>Run->Image Data state transition. >> >>Pat Calhoun >>CTO, Wireless Networking Business Unit >>Cisco Systems >> >> >> >>> -----Original Message----- >>> From: David T. Perkins [mailto:dperkins@dsperkins.com] >>> Sent: Wednesday, February 01, 2006 2:00 PM >>> To: capwap@frascone.com >>> Subject: [Capwap] Join to Image Data >>> >>> HI, >>> >>> The LWAPP State Machine in figure 2 has the transition >>> labelled "m" that is Join to Image Data. This transition is >>> not described, and it seems inappropriate. >>> I believe that it should be removed. >>> >>> Regards, >>> /david t. perkins >>> >>> _________________________________________________________________ >>> To unsubscribe or modify your subscription options, please visit: >>> http://lists.frascone.com/mailman/listinfo/capwap >>> >>> Archives: http://lists.frascone.com/pipermail/capwap >>> >>_________________________________________________________________ >>To unsubscribe or modify your subscription options, please visit: >>http://lists.frascone.com/mailman/listinfo/capwap >> >>Archives: http://lists.frascone.com/pipermail/capwap > >_________________________________________________________________ >To unsubscribe or modify your subscription options, please visit: >http://lists.frascone.com/mailman/listinfo/capwap > >Archives: http://lists.frascone.com/pipermail/capwap > > > > _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 06 15:36:27 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6D62-0004A2-SM for capwap-archive@megatron.ietf.org; Mon, 06 Feb 2006 15:36:27 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA20882 for ; Mon, 6 Feb 2006 15:34:44 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id CEF404300F0 for ; Mon, 6 Feb 2006 12:36:24 -0800 (PST) Received: from he84-x.tigertech.net (he84-x.tigertech.net [64.62.142.84]) by leela.tigertech.net (Postfix) with ESMTP id 4B81A43005F for ; Mon, 6 Feb 2006 12:35:58 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 35BC580C0F2 for ; Mon, 6 Feb 2006 12:35:58 -0800 (PST) Received: from gateout01.mbox.net (gateout01.mbox.net [165.212.64.21]) by hermes.tigertech.net (Postfix) with ESMTP id 1C39680C102 for ; Mon, 6 Feb 2006 12:35:56 -0800 (PST) Received: from gateout01.mbox.net (gateout01.mbox.net [165.212.64.21]) by gateout01.mbox.net (Postfix) with ESMTP id 5809B22BD; Mon, 6 Feb 2006 20:35:53 +0000 (GMT) Received: from gateout01.mbox.net [127.0.0.1] by gateout01.mbox.net via mtad (C8.MAIN.3.27E) with ESMTP id 289kBFujz0142Mo1; Mon, 06 Feb 2006 20:35:52 GMT Received: from gateout01.mbox.net [127.0.0.1] by gateout01.mbox.net via mtad (C8.MAIN.3.27E) with ESMTP id 285kBFujx0363Mo1; Mon, 06 Feb 2006 20:35:49 GMT X-USANET-Routed: 2 gwsout-vs R:localhost:1825 Received: from GW1.EXCHPROD.USA.NET [165.212.116.254] by gateout01.mbox.net via smtad (C8.MAIN.3.27I); Mon, 06 Feb 2006 20:35:49 GMT X-USANET-Source: 165.212.116.254 IN skh@nexthop.com GW1.EXCHPROD.USA.NET X-USANET-MsgId: XID095kBFujx1389Xo1 Received: from VS4.EXCHPROD.USA.NET ([10.116.208.142]) by GW1.EXCHPROD.USA.NET with Microsoft SMTPSVC(6.0.3790.211); Mon, 6 Feb 2006 13:35:49 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Subject: RE: [Capwap] Join to Image Data Date: Mon, 6 Feb 2006 13:35:47 -0700 Message-ID: <6F44D7F6B24A8F4DA0AB46C9BE924F02033926AC@VS4.EXCHPROD.USA.NET> Thread-Topic: [Capwap] Join to Image Data Thread-Index: AcYrWmyNbMBabRvoStKdUcHOYaogzgAAmo6w From: "Susan Hares" To: "Scott G. Kelly" , "Pat Calhoun (pacalhou)" , "David T. Perkins" , X-OriginalArrivalTime: 06 Feb 2006 20:35:49.0535 (UTC) FILETIME=[EA5962F0:01C62B5C] X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable Scott: My issues were a bit more far reaching in the word document. Please check that you have the word document. I will resend to list in non-word document format. Sue -----Original Message----- From: Scott G. Kelly [mailto:s.kelly@ix.netcom.com]=20 Sent: Monday, February 06, 2006 3:18 PM To: Susan Hares; Pat Calhoun (pacalhou); David T. Perkins; capwap@frascone.com"capwap" Subject: RE: [Capwap] Join to Image Data Yes, I received your edits in the .doc file. I may have confused you and Nancy in my comments below, but either way, one (or perhaps both) of you noted this issue, and it is being addressed. We hope to finish up edits based on both of your comments within the next few days. -----Original Message----- >From: Susan Hares >Sent: Feb 6, 2006 10:43 AM >To: "Scott G. Kelly" , "Pat Calhoun (pacalhou)" , "David T. Perkins" , capwap@frascone.com >Subject: RE: [Capwap] Join to Image Data > >Scott: > >Did you get my comments on the DTLS state machine? >I'm assuming you did based on these comments. > >Sue Hares > >-----Original Message----- >From: Scott G. Kelly [mailto:s.kelly@ix.netcom.com]=20 >Sent: Monday, February 06, 2006 12:24 PM >To: Pat Calhoun (pacalhou); David T. Perkins; capwap@frascone.com >Subject: RE: [Capwap] Join to Image Data > >This touches on one of the questions Nancy raised about the dtls draft, >so now's as good a time as any to bring this up. Nancy wanted to know >why there was a similar transition proposed there. I put it there >because it seemed to me that to upgrade from the current lwapp to an >lwapp-dtls system without a manual reflash, the ability to upgrade the >firmware without explicitly joining would be required. Of course, I >assumed the image would be signed, but now I'm not so sure such a >requirement belongs in the capwap protocol. > >How do you deal with this issue if you don't require signing? Do you (a) >require a manual re-flash if the join transaction becomes incompatible? >Seems like the only other alternatives are (b) require firmware signing, >or (c) require a compatibility mode.=20 > > >Seems like (c) imposes undue economic pressure on people who are >implementing from scratch, and it's not clear to me that (b) would be >appropriate. I'm thinking (a) is the only reasonable path forward. >Thoughts? > >-----Original Message----- >>From: "Pat Calhoun (pacalhou)" >>Sent: Feb 6, 2006 8:48 AM >>To: "David T. Perkins" , capwap@frascone.com >>Subject: RE: [Capwap] Join to Image Data >> >>I disagree. I believe that the best state transition to get firmware >>downloaded is post join. My main concern is pushing the firmware >>download in the Run state is that it minimizes the impact of protocol >>changes to Discovery and Join. So if an AC is running code that is >>drastically different from what's on the WTP, you really only need to >>worry about backward compatibility in those two messages, vs. possibly >>every message defined in the protocol.=20 >> >>This was my main objection to the evaluation team's request to allow >the >>Run->Image Data state transition. >> >>Pat Calhoun >>CTO, Wireless Networking Business Unit >>Cisco Systems >> >>=20 >> >>> -----Original Message----- >>> From: David T. Perkins [mailto:dperkins@dsperkins.com]=20 >>> Sent: Wednesday, February 01, 2006 2:00 PM >>> To: capwap@frascone.com >>> Subject: [Capwap] Join to Image Data >>>=20 >>> HI, >>>=20 >>> The LWAPP State Machine in figure 2 has the transition=20 >>> labelled "m" that is Join to Image Data. This transition is=20 >>> not described, and it seems inappropriate. >>> I believe that it should be removed. >>>=20 >>> Regards, >>> /david t. perkins=20 >>>=20 >>> _________________________________________________________________ >>> To unsubscribe or modify your subscription options, please visit: >>> http://lists.frascone.com/mailman/listinfo/capwap >>>=20 >>> Archives: http://lists.frascone.com/pipermail/capwap >>>=20 >>_________________________________________________________________ >>To unsubscribe or modify your subscription options, please visit: >>http://lists.frascone.com/mailman/listinfo/capwap >> >>Archives: http://lists.frascone.com/pipermail/capwap > >_________________________________________________________________ >To unsubscribe or modify your subscription options, please visit: >http://lists.frascone.com/mailman/listinfo/capwap > >Archives: http://lists.frascone.com/pipermail/capwap > > > > _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 06 15:58:15 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6DR0-0001FJ-Pm for capwap-archive@megatron.ietf.org; Mon, 06 Feb 2006 15:58:15 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA23827 for ; Mon, 6 Feb 2006 15:56:16 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 535524300D7 for ; Mon, 6 Feb 2006 12:57:56 -0800 (PST) Received: from he84-x.tigertech.net (he84-x.tigertech.net [64.62.142.84]) by leela.tigertech.net (Postfix) with ESMTP id 2B5F443005F for ; Mon, 6 Feb 2006 12:57:28 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 0EA2480C12E for ; Mon, 6 Feb 2006 12:57:28 -0800 (PST) Received: from pop-scotia.atl.sa.earthlink.net (pop-scotia.atl.sa.earthlink.net [207.69.195.65]) by hermes.tigertech.net (Postfix) with ESMTP id 140FA80C0F6 for ; Mon, 6 Feb 2006 12:57:26 -0800 (PST) Received: from elwamui-darkeyed.atl.sa.earthlink.net ([209.86.224.33]) by pop-scotia.atl.sa.earthlink.net with esmtp (Exim 3.36 #10) id 1F6DPU-0001Hf-00; Mon, 06 Feb 2006 15:56:32 -0500 Message-ID: <25874818.1139259392131.JavaMail.root@elwamui-darkeyed.atl.sa.earthlink.net> Date: Mon, 6 Feb 2006 12:56:32 -0800 (GMT-08:00) From: "Scott G. Kelly" To: Susan Hares , "Scott G. Kelly" , "Pat Calhoun (pacalhou)" , "David T. Perkins" , capwap@frascone.com Subject: RE: [Capwap] Join to Image Data Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailer: EarthLink Zoo Mail 1.0 X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Scott G. Kelly" List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: 7bit Yes, I have it. -----Original Message----- >From: Susan Hares >Sent: Feb 6, 2006 12:35 PM >To: "Scott G. Kelly" , "Pat Calhoun (pacalhou)" , "David T. Perkins" , capwap@frascone.com >Subject: RE: [Capwap] Join to Image Data > >Scott: > >My issues were a bit more far reaching in the word document. >Please check that you have the word document. >I will resend to list in non-word document format. > >Sue > >-----Original Message----- >From: Scott G. Kelly [mailto:s.kelly@ix.netcom.com] >Sent: Monday, February 06, 2006 3:18 PM >To: Susan Hares; Pat Calhoun (pacalhou); David T. Perkins; >capwap@frascone.com"capwap" >Subject: RE: [Capwap] Join to Image Data > >Yes, I received your edits in the .doc file. I may have confused you and >Nancy in my comments below, but either way, one (or perhaps both) of you >noted this issue, and it is being addressed. > >We hope to finish up edits based on both of your comments within the >next few days. > >-----Original Message----- >>From: Susan Hares >>Sent: Feb 6, 2006 10:43 AM >>To: "Scott G. Kelly" , "Pat Calhoun (pacalhou)" >, "David T. Perkins" , >capwap@frascone.com >>Subject: RE: [Capwap] Join to Image Data >> >>Scott: >> >>Did you get my comments on the DTLS state machine? >>I'm assuming you did based on these comments. >> >>Sue Hares >> >>-----Original Message----- >>From: Scott G. Kelly [mailto:s.kelly@ix.netcom.com] >>Sent: Monday, February 06, 2006 12:24 PM >>To: Pat Calhoun (pacalhou); David T. Perkins; capwap@frascone.com >>Subject: RE: [Capwap] Join to Image Data >> >>This touches on one of the questions Nancy raised about the dtls draft, >>so now's as good a time as any to bring this up. Nancy wanted to know >>why there was a similar transition proposed there. I put it there >>because it seemed to me that to upgrade from the current lwapp to an >>lwapp-dtls system without a manual reflash, the ability to upgrade the >>firmware without explicitly joining would be required. Of course, I >>assumed the image would be signed, but now I'm not so sure such a >>requirement belongs in the capwap protocol. >> >>How do you deal with this issue if you don't require signing? Do you >(a) >>require a manual re-flash if the join transaction becomes incompatible? >>Seems like the only other alternatives are (b) require firmware >signing, >>or (c) require a compatibility mode. >> >> >>Seems like (c) imposes undue economic pressure on people who are >>implementing from scratch, and it's not clear to me that (b) would be >>appropriate. I'm thinking (a) is the only reasonable path forward. >>Thoughts? >> >>-----Original Message----- >>>From: "Pat Calhoun (pacalhou)" >>>Sent: Feb 6, 2006 8:48 AM >>>To: "David T. Perkins" , capwap@frascone.com >>>Subject: RE: [Capwap] Join to Image Data >>> >>>I disagree. I believe that the best state transition to get firmware >>>downloaded is post join. My main concern is pushing the firmware >>>download in the Run state is that it minimizes the impact of protocol >>>changes to Discovery and Join. So if an AC is running code that is >>>drastically different from what's on the WTP, you really only need to >>>worry about backward compatibility in those two messages, vs. possibly >>>every message defined in the protocol. >>> >>>This was my main objection to the evaluation team's request to allow >>the >>>Run->Image Data state transition. >>> >>>Pat Calhoun >>>CTO, Wireless Networking Business Unit >>>Cisco Systems >>> >>> >>> >>>> -----Original Message----- >>>> From: David T. Perkins [mailto:dperkins@dsperkins.com] >>>> Sent: Wednesday, February 01, 2006 2:00 PM >>>> To: capwap@frascone.com >>>> Subject: [Capwap] Join to Image Data >>>> >>>> HI, >>>> >>>> The LWAPP State Machine in figure 2 has the transition >>>> labelled "m" that is Join to Image Data. This transition is >>>> not described, and it seems inappropriate. >>>> I believe that it should be removed. >>>> >>>> Regards, >>>> /david t. perkins >>>> >>>> _________________________________________________________________ >>>> To unsubscribe or modify your subscription options, please visit: >>>> http://lists.frascone.com/mailman/listinfo/capwap >>>> >>>> Archives: http://lists.frascone.com/pipermail/capwap >>>> >>>_________________________________________________________________ >>>To unsubscribe or modify your subscription options, please visit: >>>http://lists.frascone.com/mailman/listinfo/capwap >>> >>>Archives: http://lists.frascone.com/pipermail/capwap >> >>_________________________________________________________________ >>To unsubscribe or modify your subscription options, please visit: >>http://lists.frascone.com/mailman/listinfo/capwap >> >>Archives: http://lists.frascone.com/pipermail/capwap >> >> >> >> > > > > > _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 06 17:59:55 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6FKa-00061y-Ub for capwap-archive@megatron.ietf.org; Mon, 06 Feb 2006 17:59:55 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA18447 for ; Mon, 6 Feb 2006 17:57:46 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 186504300B0 for ; Mon, 6 Feb 2006 14:59:23 -0800 (PST) Received: from he84-x.tigertech.net (he84-x.tigertech.net [64.62.142.84]) by leela.tigertech.net (Postfix) with ESMTP id B67D843005F for ; Mon, 6 Feb 2006 14:58:54 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id A146480C0F6 for ; Mon, 6 Feb 2006 14:58:54 -0800 (PST) Received: from sj-iport-1.cisco.com (sj-iport-1-in.cisco.com [171.71.176.70]) by hermes.tigertech.net (Postfix) with ESMTP id A54D280C104 for ; Mon, 6 Feb 2006 14:58:51 -0800 (PST) Received: from sj-core-2.cisco.com ([171.71.177.254]) by sj-iport-1.cisco.com with ESMTP; 06 Feb 2006 14:58:51 -0800 Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id k16MwoWF007775; Mon, 6 Feb 2006 14:58:51 -0800 (PST) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Mon, 6 Feb 2006 14:58:50 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [Capwap] get WLAN Config message Date: Mon, 6 Feb 2006 14:58:49 -0800 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A2015C398F@xmb-sjc-235.amer.cisco.com> Thread-Topic: [Capwap] get WLAN Config message Thread-Index: AcYpOmnMUisjpk7EQNqKHFMIPyBAOwCNnAsw From: "Pat Calhoun (pacalhou)" To: "David T. Perkins" , "Charles Clancy" X-OriginalArrivalTime: 06 Feb 2006 22:58:50.0513 (UTC) FILETIME=[E502B810:01C62B70] X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.374 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE Cc: Philip.Rakity@u4eatech.com, capwap@frascone.com, mauricegoodf@aim.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable While I still disagree, I did create tracker 72 for this issue. Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems =20 > -----Original Message----- > From: David T. Perkins [mailto:dperkins@dsperkins.com]=20 > Sent: Friday, February 03, 2006 7:23 PM > To: Charles Clancy > Cc: Philip.Rakity@u4eatech.com; capwap@frascone.com;=20 > mauricegoodf@aim.com > Subject: Re: [Capwap] get WLAN Config message >=20 > HI, >=20 > There are issues: > 1) as presently specified in the LWAPP-03 spec that if > static blacklist entries are added (see 7.4.11) > which persist across reboots, then there is no > way to find out what they are (and you have to > know what they are to delete one (see 7.4.12)). > In general, if there should be no persistent > config that an AC cannot determine because an > AC may lose track, and a WTP may switch to=20 > another AC. > 2) The Configuration Update message assumes no partial > success (see section 7.4). That is, it assumes all > or nothing. Some WTPs may not work like this. The > responses does not indicate which config element > was applied, which failed, and which were aborted. > Thus, an AC may not know the configuration after > a failed Configuration Update message > 3) Failure of Configue Response > 4) Modification of the configuration on the WTP > via another management interface. In the original > example, I believe that it said via debugging > the WTP. (I classify this as "out of scope".) > However, the WTP may have a console, or contain > an SNMP agent. So far, these haven't been classified > as "out of scope". >=20 > Note that solving this issue doesn't look too difficult or=20 > costly to me. I'd just add a Retrieve Config Request and=20 > Retrieve Config Response. (There are a few details to work out.) >=20 > On Fri, 3 Feb 2006, Charles Clancy wrote: > > Rather than reading back entire configurations, the AC=20 > could ask the=20 > > WTP to send a hash of its configuration back. Perhaps these ACKs=20 > > could include the hash automatically? Then someone trying=20 > to verify=20 > > configurations could check consistence. If something didn't match,=20 > > they could upload the correct configuration. Seems like a=20 > compromise? > >=20 > > [ t. charles clancy ]--[ tcc@umd.edu ]--[=20 > www.cs.umd.edu/~clancy ] [=20 > > computer science ]-----[ university of maryland | college park ] > >=20 > > mauricegoodf@aim.com wrote: > > > I agree that NOT having the ability to read the=20 > configuration from=20 > > > the AP is dangerous. While I accept the argument that the=20 > > > configuration on both the AC and the AP SHOULD be the same, in=20 > > > practice humans are fallible and bugs will occur. > > >=20 > > > I would go so far as to suggest that the AC should not=20 > rely on what=20 > > > it thinks that the AP has been programmed with, but should always=20 > > > read the updated configuration from the AP. > > >=20 > > > Sorry, but I have spent a lot of time in debugging other=20 > people's code.=20 > > > I would sooner nip this bug in the bud. Especially as=20 > this will be=20 > > > more of a problem when the AC and the AP come from=20 > different vendors. > > > And that is what CAPWAP is about. > > >=20 > > >=20 > > > Maurice > > >=20 > > > -----Original Message----- > > > From: Philip.Rakity@u4eatech.com > > > To: zhaoyujin 31390 > > > Cc: Philip.Rakity@u4eatech.com; capwap@frascone.com > > > Sent: Fri, 03 Feb 2006 10:07:08 +0000 > > > Subject: Re:[Capwap] get WLAN Config message > > >=20 > > > Michael, > > >=20 > > > How is the AC supposed to know if some configuration=20 > error occurs=20 > > > if it cannot read the configuration? > > >=20 > > > Philip > > >=20 > > > Quoting zhaoyujin 31390 : > > >=20 > > > > Why LWAPP need this? > > > > > > > > LWAPP should maintain the consistent configuration=20 > between AP and AC.=20 > > > > All configuration of AP is distributed with LWAPP with=20 > AC. If AP=20 > > > > occurs some configuration error, LWAPP can know this=20 > problem and >=20 > > > should do some operation for it (Maybe reboot AP). > > > > > > > > So that, AC does not need to check the AP configuration. > > > > > > > > Best regards > > > > Michael > > > > > > > > > > > >> > > > >> I would like to go back to my request for an=20 > additional message=20 > > > to >> find >> out the ssid. I think the spec could be=20 > enhanced to=20 > > > allow an >> OPTIONAL >> get_wlan_config message from=20 > the AC to the=20 > > > WTP. This would occur >> after >> the join. This would=20 > then allow=20 > > > the AC to know all the >> information >> that is=20 > configured in the=20 > > > AP since there already is a get_config >> message. > > > >> > > > >> Opinions ? > > > >> > > > >> Philip > Regards, > /david t. perkins >=20 > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap >=20 > Archives: http://lists.frascone.com/pipermail/capwap >=20 _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 06 18:01:38 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6FMY-0006V5-1x for capwap-archive@megatron.ietf.org; Mon, 06 Feb 2006 18:01:38 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA18710 for ; Mon, 6 Feb 2006 17:59:48 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 98ADA430107 for ; Mon, 6 Feb 2006 15:01:27 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 4DCA743005F for ; Mon, 6 Feb 2006 15:01:00 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 3226A398015 for ; Mon, 6 Feb 2006 15:01:00 -0800 (PST) Received: from sj-iport-3.cisco.com (sj-iport-3-in.cisco.com [171.71.176.72]) by zoidberg.tigertech.net (Postfix) with ESMTP id DEC6E398023 for ; Mon, 6 Feb 2006 15:00:56 -0800 (PST) Received: from sj-core-5.cisco.com ([171.71.177.238]) by sj-iport-3.cisco.com with ESMTP; 06 Feb 2006 15:00:38 -0800 X-IronPort-AV: i="4.02,93,1139212800"; d="scan'208"; a="401415185:sNHT2188048108" Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id k16N0bjt016196; Mon, 6 Feb 2006 15:00:37 -0800 (PST) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Mon, 6 Feb 2006 15:00:37 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [Capwap] Problems with setting initial config Date: Mon, 6 Feb 2006 15:00:36 -0800 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A2015C3995@xmb-sjc-235.amer.cisco.com> Thread-Topic: [Capwap] Problems with setting initial config Thread-Index: AcYpKd8tJpN7ZY0xRPK999VcsNosSwCRz3iQ From: "Pat Calhoun (pacalhou)" To: "David T. Perkins" , X-OriginalArrivalTime: 06 Feb 2006 23:00:37.0400 (UTC) FILETIME=[24B86180:01C62B71] X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.374 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable I've created tracker entry 73 for this issue. Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems =20 > -----Original Message----- > From: David T. Perkins [mailto:dperkins@dsperkins.com]=20 > Sent: Friday, February 03, 2006 5:24 PM > To: Capwap@frascone.com > Subject: [Capwap] Problems with setting initial config >=20 > HI, >=20 > In the state machine (figure 2 in LWAPP-02), the WTP in state=20 > "Join-Confirm" has set up a control channel and sends a=20 > "Configure Request" to transfer to state "Configure" (as=20 > described by label "2"). The "Configure Request" (described=20 > in section 7.2) contains message elements that describe the=20 > state and configuration of the WTP, plus a little bit of=20 > status and statistics. > On receiving the "Configure Request" message, an AC responds=20 > with a "Configure Response" > message (described in section 7.3). > The "Configure Response" message may contain overrides of the=20 > configuration message elements that may be present in the the=20 > "Configuration Request" message. >=20 > My concern is that a "Configuration Response" > message tells the WTP to "change config" and the WTP may not=20 > be able to change the config to the specified values, and=20 > there is NO WAY for the WTP to tell the AC that the "config=20 > change" failed, and why it failed. The AC would implictly=20 > know that the "config change" > failed because the WTP is suppose to > transition to the "Run" state and send > a "Change State Event Request" message. > When the AC does not get this within > the expected time interval, I'm guessing it could figure out=20 > what went wrong. > The message and state descriptions don't appear to support a=20 > failure of the "Configuration Response" message. >=20 > (Note: on success the WTP sends a > "State Change Event Request" and > transitions "Run" state. The AC > will continue configuring the WTP > (if needed) with "Configuration > Update Request" messages. On success > the message flow looks like: >=20 > | in Configure state > WTP -----Configuration Request------> AC WTP =20 > <------Configure Response-------- AC WTP ---Change State=20 > Event Request---> AC | to Run state v WTP <--Change State=20 > Event Response--- AC WTP <--Configuration Update Request--=20 > AC --| as many as needed WTP --Configuration Update Reponse--> AC --| > ...) >=20 > I believe that the message contents > and the causes of the state transitions > should be changed to the following: >=20 > In the "configure" state, the WTP > should send a "Configuration Request" > message (as currently) described. > The AC should respond with a new > version of the "Configuration Response" > message, which contains no configuration message elements. On=20 > receiving the "Configuration Response" message, the WTP stays=20 > in the "Configure" > state until it receives a "Configuration Update Request" that=20 > contains a message element to put it in the run state. Thus,=20 > the message flow would look like: > | in Configure state > WTP -----Configuration Request------> AC WTP =20 > <------Configure Response-------- AC WTP <--Configuration=20 > Update Request-- AC --| as many as needed WTP =20 > --Configuration Update Reponse--> AC --| with last telling > WTP to go to Run > state WTP =20 > ---Change State Event Request---> AC | to Run state v WTP =20 > <--Change State Event Response--- AC >=20 > Regards, > /david t. perkins >=20 > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap >=20 > Archives: http://lists.frascone.com/pipermail/capwap >=20 _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From rafswo@pulsen.se Tue Feb 07 08:59:12 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6TNA-0003fD-Qi for capwap-archive@megatron.ietf.org; Tue, 07 Feb 2006 08:59:12 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA27356 for ; Tue, 7 Feb 2006 08:57:31 -0500 (EST) Received: from [203.170.116.228] (helo=pulsen.se) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1F6TZY-0000pD-IV for capwap-archive@ietf.org; Tue, 07 Feb 2006 09:12:02 -0500 Message-ID: <000001c62bee$8dc5f750$0a73a8c0@bucket> Reply-To: "Rafiqa Sword" From: "Rafiqa Sword" To: "Aspasia Plumer" Subject: Re: X notice 51 96 Date: Tue, 7 Feb 2006 08:58:20 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C62BC4.A4F26050" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: 0.0 (/) X-Scan-Signature: ded6070f7eed56e10c4f4d0d5043d9c7 This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C62BC4.A4F26050 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, =20 http://www.acrositeem.com =20 =20 V v A g L g l w U g M j w $ s 1 j , w 2 h 1 f=20 C l i v a o l n i s s e j S t O e F a T c j T n a v b l s e=20 C a l r A x L r I d S b n $ i 3 o , f 3 t 3 x=20 V j I h A a G d R r A j k $ k 3 a , r 7 b 5 v=20 V m i f a g g o r i a o s S w O u F v T b e T s a a b d s s=20 ------=_NextPart_000_0001_01C62BC4.A4F26050 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Hi,
 
 
V v A g L g l w U g M j   w $ s 1 j , w 2 h 1 f
C l i v a o l n i s s e   j S t O e F a T c   j T n a v b l s e
C a l r A x L r I d S b   n $ i 3 o , f 3 t 3 x
V j I h A a G d R r A j   k $ k 3 a , r 7 b 5 v
V m i f a g g o r i a o   s S w O u F v T b   e T s a a b d s s
------=_NextPart_000_0001_01C62BC4.A4F26050-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Feb 07 12:21:41 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6WX7-0003XI-8a for capwap-archive@megatron.ietf.org; Tue, 07 Feb 2006 12:21:41 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA13780 for ; Tue, 7 Feb 2006 12:19:59 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 6F943430077 for ; Tue, 7 Feb 2006 09:21:34 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id D0CA9430058 for ; Tue, 7 Feb 2006 09:21:10 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id C54BE398034 for ; Tue, 7 Feb 2006 09:21:10 -0800 (PST) Received: from huawei.com (usaga01-in.huawei.com [12.129.211.51]) by zoidberg.tigertech.net (Postfix) with ESMTP id CC24A39803D for ; Tue, 7 Feb 2006 09:21:07 -0800 (PST) Received: from huawei.com (usaga01-in [172.18.4.6]) by usaga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IUB000QUUO696@usaga01-in.huawei.com> for capwap@frascone.com; Tue, 07 Feb 2006 09:16:54 -0800 (PST) Received: from huawei.com ([172.17.1.188]) by usaga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IUB00EHXUO5S2@usaga01-in.huawei.com> for capwap@frascone.com; Tue, 07 Feb 2006 09:16:54 -0800 (PST) Received: from [172.24.1.3] (Forwarded-For: [10.18.4.151]) by szxmc01-in.huawei.com (mshttpd); Tue, 07 Feb 2006 22:20:08 +0500 Date: Tue, 07 Feb 2006 22:20:08 +0500 From: zhaoyujin 31390 To: capwap@frascone.com Message-id: <2704922720c0.2720c0270492@huawei.com> MIME-version: 1.0 X-Mailer: iPlanet Messenger Express 5.2 HotFix 1.25 (built Mar 3 2004) Content-type: text/plain; charset=us-ascii Content-language: zh-CN Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: zh-CN Priority: normal X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Subject: [Capwap] I recommend LWAPP add a new notification message "Gratuitous disconnect notification" X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: 7BIT Hi: Many protocol defines "Gratuitous notification message". Based on this message, the peer device can avoid to wait timeout for detecting the protocol is down and release the system resource. At present, LWAPP defines "Reset AP", I think it is not enough. Can LWAPP add a same message. Before AP reboots, it try to send a "Gratuitous notification message" to AC. And same for AC. Best regards Micheal _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Feb 07 12:30:10 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6WfK-0001gV-9F for capwap-archive@megatron.ietf.org; Tue, 07 Feb 2006 12:30:10 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA14470 for ; Tue, 7 Feb 2006 12:28:28 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 17CA04300DC for ; Tue, 7 Feb 2006 09:30:08 -0800 (PST) Received: from hermes.tigertech.net (hermes.tigertech.net [64.71.157.146]) by leela.tigertech.net (Postfix) with ESMTP id D5B1C430058 for ; Tue, 7 Feb 2006 09:29:44 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id CB27C80C10F for ; Tue, 7 Feb 2006 09:29:44 -0800 (PST) Received: from sj-iport-4.cisco.com (sj-iport-4.cisco.com [171.68.10.86]) by hermes.tigertech.net (Postfix) with ESMTP id 2077480C119 for ; Tue, 7 Feb 2006 09:29:42 -0800 (PST) Received: from sj-core-3.cisco.com ([171.68.223.137]) by sj-iport-4.cisco.com with ESMTP; 07 Feb 2006 09:29:42 -0800 X-IronPort-AV: i="4.02,95,1139212800"; d="scan'208"; a="1774204631:sNHT31919838" Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-3.cisco.com (8.12.10/8.12.6) with ESMTP id k17HTgc1010858; Tue, 7 Feb 2006 09:29:42 -0800 (PST) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Tue, 7 Feb 2006 09:29:42 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [Capwap] I recommend LWAPP add a new notification message "Gratuitous disconnect notification" Date: Tue, 7 Feb 2006 09:29:41 -0800 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A2015C3BF6@xmb-sjc-235.amer.cisco.com> Thread-Topic: [Capwap] I recommend LWAPP add a new notification message "Gratuitous disconnect notification" Thread-Index: AcYsCvUeB7AFmYn7ReGxzpasuWzD7wAAQ/0g From: "Pat Calhoun (pacalhou)" To: "zhaoyujin 31390" , X-OriginalArrivalTime: 07 Feb 2006 17:29:42.0505 (UTC) FILETIME=[14B19590:01C62C0C] X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.374 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable If I understand properly, you are asking for a response to the Reboot request, to allow the AC to immediately clear out its state? Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems =20 > -----Original Message----- > From: zhaoyujin 31390 [mailto:zhaoyujin@huawei.com]=20 > Sent: Tuesday, February 07, 2006 9:20 AM > To: capwap@frascone.com > Subject: [Capwap] I recommend LWAPP add a new notification=20 > message "Gratuitous disconnect notification" >=20 > Hi: >=20 > Many protocol defines "Gratuitous notification message".=20 > Based on this message, the peer device can avoid to wait=20 > timeout for detecting the protocol is down and release the=20 > system resource.=20 >=20 > At present, LWAPP defines "Reset AP", I think it is not enough. >=20 > Can LWAPP add a same message. Before AP reboots, it try to=20 > send a "Gratuitous notification message" to AC. And same for AC. >=20 > Best regards > Micheal >=20 > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap >=20 > Archives: http://lists.frascone.com/pipermail/capwap >=20 _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Feb 07 13:00:33 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6X8i-0003yb-OT for capwap-archive@megatron.ietf.org; Tue, 07 Feb 2006 13:00:33 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA16345 for ; Tue, 7 Feb 2006 12:58:48 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id DE13D4300B0 for ; Tue, 7 Feb 2006 10:00:27 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id F2567430058 for ; Tue, 7 Feb 2006 10:00:02 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 9398C398041 for ; Tue, 7 Feb 2006 10:00:02 -0800 (PST) Received: from mail.u4eatech.com (blackhole.u4eatech.com [195.188.241.2]) by zoidberg.tigertech.net (Postfix) with ESMTP id 67BB8398036 for ; Tue, 7 Feb 2006 09:59:59 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.u4eatech.com (Postfix) with ESMTP id CA58536075B; Tue, 7 Feb 2006 17:41:37 +0000 (GMT) Received: FROM mail.u4eatech.com ([127.0.0.1]) BY localhost WITH ESMTP ; Tue, 7 Feb 2006 17:41:37 +0000 Received: from localhost (localhost [127.0.0.1]) by mail.u4eatech.com (Postfix) with ESMTP id 8EF51360765; Tue, 7 Feb 2006 17:41:37 +0000 (GMT) Received: from mail.u4eatech.com ([127.0.0.1]) by localhost (mail.u4eatech.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 18562-09; Tue, 7 Feb 2006 17:41:34 +0000 (GMT) Received: from u4eatech.com (unknown [172.28.1.2]) by mail.u4eatech.com (Postfix) with ESMTP id 3CF0E36075B; Tue, 7 Feb 2006 17:41:34 +0000 (GMT) Received: from swissco010169-1-2.clients.easynet.fr (swissco010169-1-2.clients.easynet.fr [195.114.94.26]) by webmail.u4eatech.com (Horde MIME library) with HTTP; Tue, 07 Feb 2006 17:59:54 +0000 Message-ID: <20060207175954.6febnsa08okgo800@webmail.u4eatech.com> Date: Tue, 07 Feb 2006 17:59:54 +0000 From: Philip.Rakity@u4eatech.com To: Charles Clancy Subject: Re: [Capwap] Radius References: <20060202191830.dnno3005c4kkg480@webmail.u4eatech.com> <43E41999.2030001@cs.umd.edu> In-Reply-To: <43E41999.2030001@cs.umd.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.0.4) X-Virus-Scanned: amavisd-new at u4eatech.com X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.178 tagged_above=-999 required=7 tests=NO_REAL_NAME Cc: Philip.Rakity@u4eatech.com, capwap@frascone.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: 7bit My reading of the draft indicates there are 2 modes of operation. a) Combined MAC (where the AP does everything) b) Split MAC (where the AC does most of the work) in case b) it is clear that the AC must act as the radius relay. in case a) where the AC is just configuring the WTP, it is not clear WHY the AC has to 'proxy' as the radius server. I think the restriction on REQUIRING that the AC act as the radius server (in base a) is too strong. Philip Quoting Charles Clancy : > Are you suggesting the WTPs communicate directly with the AAA server, > and the AC configures the WTPs with the appropriate connection > information? Two thoughts: > > 1. AAA traffic is trivial compared to everything else the AC will be > doing, so the performance increase would be minimal. > > 2. You've broken the keying/trust hierarchy. Now compromise of a > single WTP would allow an attacker the ability to compromise all > networks that AAA server manages. You can't contain attacks anymore. > > [ t. charles clancy ]--[ tcc@umd.edu ]--[ www.cs.umd.edu/~clancy ] > [ computer science ]-----[ university of maryland | college park ] > > Philip.Rakity@u4eatech.com wrote: >> >> I was wondering if it really makes sense in the NON split MAC case >> to require the AC handle radius requests. It seems this is over >> burdening the AC. The LWAPP protocol should allow the AC to >> configure the radius server. >> >> regards, >> >> Philip >> >> _________________________________________________________________ >> To unsubscribe or modify your subscription options, please visit: >> http://lists.frascone.com/mailman/listinfo/capwap >> >> Archives: http://lists.frascone.com/pipermail/capwap > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap > > Archives: http://lists.frascone.com/pipermail/capwap > _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Feb 07 13:19:25 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6XQt-0002sC-1T for capwap-archive@megatron.ietf.org; Tue, 07 Feb 2006 13:19:25 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA17746 for ; Tue, 7 Feb 2006 13:17:29 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 8D83A430108 for ; Tue, 7 Feb 2006 10:19:09 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 50EF0430058 for ; Tue, 7 Feb 2006 10:18:39 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 3C8C9398071 for ; Tue, 7 Feb 2006 10:18:39 -0800 (PST) Received: from smtpout1.bayarea.net (smtpout1.bayarea.net [209.128.95.10]) by zoidberg.tigertech.net (Postfix) with ESMTP id DEA16398070 for ; Tue, 7 Feb 2006 10:18:34 -0800 (PST) Received: from shell4.bayarea.net (shell4.bayarea.net [209.128.82.1]) by smtpout1.bayarea.net (8.12.10/8.12.10) with ESMTP id k17IIh1l020915; Tue, 7 Feb 2006 10:18:43 -0800 Received: from shell4.bayarea.net (localhost [127.0.0.1]) by shell4.bayarea.net (8.12.11/8.12.11) with ESMTP id k17IIWZX025740; Tue, 7 Feb 2006 10:18:32 -0800 Received: from localhost (dperkins@localhost) by shell4.bayarea.net (8.12.11/8.12.11/Submit) with ESMTP id k17IIVjN025730; Tue, 7 Feb 2006 10:18:32 -0800 X-Authentication-Warning: shell4.bayarea.net: dperkins owned process doing -bs Date: Tue, 7 Feb 2006 10:18:31 -0800 (PST) From: "David T. Perkins" X-Sender: dperkins@shell4.bayarea.net To: Philip.Rakity@u4eatech.com Subject: Re: [Capwap] Radius In-Reply-To: <20060207175954.6febnsa08okgo800@webmail.u4eatech.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Cc: capwap@frascone.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com HI, Where do you draw the line between: 1) a collection of stand-alone APs that have a management application apply a consistent configuration 2) a collection an AC and connected WTPs that act together as a system. I believe that this is an important issue, because #1 does not need the CAPWAP protocol. It can use the existing mangement interfaces (be they CLI, SNMP, or proprietary) found on standalone APs. And these interfaces can be different. That is, AP #1 could be managed via scripted CLI commands, and AP #2 could be managed via SNMP operations. Regards, /david t. perkins On Tue, 7 Feb 2006 Philip.Rakity@u4eatech.com wrote: > My reading of the draft indicates there are 2 modes of operation. > > a) Combined MAC (where the AP does everything) > b) Split MAC (where the AC does most of the work) > > in case b) it is clear that the AC must act as the radius relay. > > in case a) where the AC is just configuring the WTP, it is not clear > WHY the AC has to 'proxy' as the radius server. I think the > restriction on REQUIRING that the AC act as the radius server (in base > a) is too strong. > > Philip > > Quoting Charles Clancy : > > > Are you suggesting the WTPs communicate directly with the AAA server, > > and the AC configures the WTPs with the appropriate connection > > information? Two thoughts: > > > > 1. AAA traffic is trivial compared to everything else the AC will be > > doing, so the performance increase would be minimal. > > > > 2. You've broken the keying/trust hierarchy. Now compromise of a > > single WTP would allow an attacker the ability to compromise all > > networks that AAA server manages. You can't contain attacks anymore. > > > > [ t. charles clancy ]--[ tcc@umd.edu ]--[ www.cs.umd.edu/~clancy ] > > [ computer science ]-----[ university of maryland | college park ] > > > > Philip.Rakity@u4eatech.com wrote: > >> > >> I was wondering if it really makes sense in the NON split MAC case > >> to require the AC handle radius requests. It seems this is over > >> burdening the AC. The LWAPP protocol should allow the AC to > >> configure the radius server. > >> > >> regards, > >> > >> Philip > >> > >> _________________________________________________________________ > >> To unsubscribe or modify your subscription options, please visit: > >> http://lists.frascone.com/mailman/listinfo/capwap > >> > >> Archives: http://lists.frascone.com/pipermail/capwap > > _________________________________________________________________ > > To unsubscribe or modify your subscription options, please visit: > > http://lists.frascone.com/mailman/listinfo/capwap > > > > Archives: http://lists.frascone.com/pipermail/capwap > > > > > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap > > Archives: http://lists.frascone.com/pipermail/capwap > _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Feb 07 14:10:29 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6YEL-00008j-76 for capwap-archive@megatron.ietf.org; Tue, 07 Feb 2006 14:10:29 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA21823 for ; Tue, 7 Feb 2006 14:08:33 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 72E1D4300E3 for ; Tue, 7 Feb 2006 11:10:11 -0800 (PST) Received: from hermes.tigertech.net (hermes.tigertech.net [64.71.157.146]) by leela.tigertech.net (Postfix) with ESMTP id 35F0B430073 for ; Tue, 7 Feb 2006 11:09:40 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 2466D80C12E for ; Tue, 7 Feb 2006 11:09:40 -0800 (PST) Received: from sj-iport-4.cisco.com (sj-iport-4.cisco.com [171.68.10.86]) by hermes.tigertech.net (Postfix) with ESMTP id 91B7B80C139 for ; Tue, 7 Feb 2006 11:09:36 -0800 (PST) Received: from sj-core-3.cisco.com ([171.68.223.137]) by sj-iport-4.cisco.com with ESMTP; 07 Feb 2006 11:09:37 -0800 X-IronPort-AV: i="4.02,95,1139212800"; d="scan'208"; a="1774239384:sNHT41005284" Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-3.cisco.com (8.12.10/8.12.6) with ESMTP id k17J9Zc1000416; Tue, 7 Feb 2006 11:09:35 -0800 (PST) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Tue, 7 Feb 2006 11:09:35 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [Capwap] Radius Date: Tue, 7 Feb 2006 11:09:33 -0800 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A2015C3CA8@xmb-sjc-235.amer.cisco.com> Thread-Topic: [Capwap] Radius Thread-Index: AcYsEwC+xaWkZtg4QB2JwGOpFpi9JQABu6Dg From: "Pat Calhoun (pacalhou)" To: "David T. Perkins" , X-OriginalArrivalTime: 07 Feb 2006 19:09:35.0262 (UTC) FILETIME=[08A7BBE0:01C62C1A] X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.374 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE Cc: capwap@frascone.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable I concur with David, and therefore having RADIUS in the AP implies that it is a standalone AP, and therefore not governed by the CAPWAP work. Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems =20 > -----Original Message----- > From: David T. Perkins [mailto:dperkins@dsperkins.com]=20 > Sent: Tuesday, February 07, 2006 10:19 AM > To: Philip.Rakity@u4eatech.com > Cc: capwap@frascone.com > Subject: Re: [Capwap] Radius >=20 > HI, >=20 > Where do you draw the line between: > 1) a collection of stand-alone APs that have a management > application apply a consistent configuration > 2) a collection an AC and connected WTPs that > act together as a system. >=20 > I believe that this is an important issue, because #1 does=20 > not need the CAPWAP protocol. It can use the existing=20 > mangement interfaces (be they CLI, SNMP, or proprietary)=20 > found on standalone APs. And these interfaces can be different. > That is, AP #1 could be managed via scripted CLI commands,=20 > and AP #2 could be managed via SNMP operations. >=20 > Regards, > /david t. perkins >=20 > On Tue, 7 Feb 2006 Philip.Rakity@u4eatech.com wrote:=20 > > My reading of the draft indicates there are 2 modes of operation. > >=20 > > a) Combined MAC (where the AP does everything) > > b) Split MAC (where the AC does most of the work) > >=20 > > in case b) it is clear that the AC must act as the radius relay. > >=20 > > in case a) where the AC is just configuring the WTP, it is=20 > not clear=20 > > WHY the AC has to 'proxy' as the radius server. I think the=20 > > restriction on REQUIRING that the AC act as the radius=20 > server (in base > > a) is too strong. > >=20 > > Philip > >=20 > > Quoting Charles Clancy : > >=20 > > > Are you suggesting the WTPs communicate directly with the AAA=20 > > > server, and the AC configures the WTPs with the appropriate=20 > > > connection information? Two thoughts: > > > > > > 1. AAA traffic is trivial compared to everything else the=20 > AC will be=20 > > > doing, so the performance increase would be minimal. > > > > > > 2. You've broken the keying/trust hierarchy. Now compromise of a=20 > > > single WTP would allow an attacker the ability to compromise all=20 > > > networks that AAA server manages. You can't contain=20 > attacks anymore. > > > > > > [ t. charles clancy ]--[ tcc@umd.edu ]--[=20 > www.cs.umd.edu/~clancy ] [=20 > > > computer science ]-----[ university of maryland | college park ] > > > > > > Philip.Rakity@u4eatech.com wrote: > > >> > > >> I was wondering if it really makes sense in the NON=20 > split MAC case=20 > > >> to require the AC handle radius requests. It seems this is over=20 > > >> burdening the AC. The LWAPP protocol should allow the AC to=20 > > >> configure the radius server. > > >> > > >> regards, > > >> > > >> Philip > > >> > > >> _________________________________________________________________ > > >> To unsubscribe or modify your subscription options, please visit: > > >> http://lists.frascone.com/mailman/listinfo/capwap > > >> > > >> Archives: http://lists.frascone.com/pipermail/capwap > > > _________________________________________________________________ > > > To unsubscribe or modify your subscription options, please visit: > > > http://lists.frascone.com/mailman/listinfo/capwap > > > > > > Archives: http://lists.frascone.com/pipermail/capwap > > > > >=20 > >=20 > >=20 > > _________________________________________________________________ > > To unsubscribe or modify your subscription options, please visit: > > http://lists.frascone.com/mailman/listinfo/capwap > >=20 > > Archives: http://lists.frascone.com/pipermail/capwap > >=20 >=20 > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap >=20 > Archives: http://lists.frascone.com/pipermail/capwap >=20 _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From vestero@segue.com Tue Feb 07 15:33:27 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6ZWh-0006VC-FR for capwap-archive@megatron.ietf.org; Tue, 07 Feb 2006 15:33:27 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA27320 for ; Tue, 7 Feb 2006 15:31:45 -0500 (EST) Received: from [86.61.121.122] (helo=segue.com) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1F6Zj8-00066P-DZ for capwap-archive@ietf.org; Tue, 07 Feb 2006 15:46:20 -0500 Message-ID: <000001c62c25$ab673e40$fcbfa8c0@habitation> Reply-To: "Vester Sturrock" From: "Vester Sturrock" To: "Shiloh Rodiguez" Subject: Re: N notice 75 93 Date: Tue, 7 Feb 2006 15:32:52 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C62BFB.C2913640" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: 0.0 (/) X-Scan-Signature: ded6070f7eed56e10c4f4d0d5043d9c7 This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C62BFB.C2913640 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, =20 http://www.asbiltasa.com =20 =20 C i i f a w l b i l s b n S x O j F z T p p T n a b b q s p=20 V u A x L m l i U i M z b $ p 1 m , e 2 y 1 k=20 V r i z a c g n r g a k h S b O g F k T f l T p a s b h s r=20 C a l d A e L l I z S j g $ c 3 o , y 3 d 3 g=20 V c I w A u G a R s A r w $ l 3 a , y 7 h 5 l=20 ------=_NextPart_000_0001_01C62BFB.C2913640 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Hi,
 
 
C i i f a w l b i l s b   n S x O j F z T p   p T n a b b q s p
V u A x L m l i U i M z   b $ p 1 m , e 2 y 1 k
V r i z a c g n r g a k   h S b O g F k T f   l T p a s b h s r
C a l d A e L l I z S j   g $ c 3 o , y 3 d 3 g
V c I w A u G a R s A r   w $ l 3 a , y 7 h 5 l
------=_NextPart_000_0001_01C62BFB.C2913640-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Wed Feb 08 01:14:52 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6ibI-0006eU-5u for capwap-archive@megatron.ietf.org; Wed, 08 Feb 2006 01:14:52 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA18683 for ; Wed, 8 Feb 2006 01:13:05 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 99FB44300B3 for ; Tue, 7 Feb 2006 22:14:35 -0800 (PST) Received: from hermes.tigertech.net (hermes.tigertech.net [64.71.157.146]) by leela.tigertech.net (Postfix) with ESMTP id 4C867430063 for ; Tue, 7 Feb 2006 22:13:40 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 4059B80C10A for ; Tue, 7 Feb 2006 22:13:40 -0800 (PST) Received: from smtp1.mei.co.jp (smtp.mei.co.jp [133.183.129.25]) by hermes.tigertech.net (Postfix) with ESMTP id 0111C80C0FE for ; Tue, 7 Feb 2006 22:13:38 -0800 (PST) Received: from mail-gw.jp.panasonic.com (dodgers.mei.co.jp [157.8.1.150]) by smtp1.mei.co.jp (8.12.10/3.7W/bulls) with ESMTP id k186DOcO004150 for ; Wed, 8 Feb 2006 15:13:24 +0900 (JST) Received: by mail-gw.jp.panasonic.com (8.11.6p2/3.7W/somlx1) with ESMTP id k186DNx09389 for ; Wed, 8 Feb 2006 15:13:23 +0900 (JST) Received: from localhost (localhost [127.0.0.1]) by mail.jp.panasonic.com (8.11.6p2/3.7W/mariners) with SMTP id k186DO619759 for ; Wed, 8 Feb 2006 15:13:24 +0900 (JST) Content-class: urn:content-classes:message MIME-Version: 1.0 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Date: Wed, 8 Feb 2006 14:14:57 +0800 Message-ID: <5F09D220B62F79418461A978CA0921BDAC5D6C@pslexc01.psl.local> Thread-Topic: Proposal - Issue43 IEEE 802.11i Considerations Thread-Index: AcYsdUkTwRq+izyUSVqnstsk1NT+QQ== From: "Saravanan Govindan" To: X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.425 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE, FORGED_RCVD_HELO, HTML_MESSAGE Subject: [Capwap] Proposal - Issue43 IEEE 802.11i Considerations X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1670632278==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com This is a multi-part message in MIME format. --===============1670632278== Content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C62C76.A1307A95" This is a multi-part message in MIME format. ------_=_NextPart_001_01C62C76.A1307A95 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable All, Regarding Issue 43 dealing with cases of IEEE 802.11i authenticator and cryptography functions being handled separately by the AC and WTP, the following is proposed text based on LWAPP-03.=20 =20 =20 Note: Include 2 additional message types in (Section 4.2.1.1 Message Type) =20 Description Value Key Configuration 41 Key Configuration Response 42 -----------------------XXXX------------------------------------------ =20 =20 Note: Include additional sub-sections in (Section 7 WTP Configuration Management) =20 Section 7.8 WTP Key Configuration =20 The Key Configuration message is used in WTP designs in which IEEE 802.11i authenticator functions are performed by the AC and IEEE 802.11i cryptographic functions (encryption/decryption) are performed by the WTPs.=20 =20 Section 7.8.1 4-way Handshake For the 4-way handshake, the AC does not calculate the KeyMIC for Message-3 as it is unaware of the prevailing KeyRSC sequence counter. In this case, Message-1, Message-2 and Message-4 of the 4-way handshake are transported within CAPWAP data packets between AC and WTP. Message-3 is sent within the Key Configuration message to the WTP.=20 =20 The payload of the Key Configuration message is Message-3 of the 4-way handshake. The payload of Key Configuration is listed below: =20 GTK-Flag =20 Encryption-Data=20 =20 EAPoL-Frame=20 =20 GTK-Flag: Determines type of KeyMIC calculation 0 - New GTK, KeyMIC is calculated with KeyRSC =3D 0 1 - Existing GTK, KeyMIC is calculated with prevailing KeyRSC value =20 Encryption-Data: PTK and/or GTK =20 EAPoL-Frame: Message-3 of 4-way handshake with unassigned fields =20 =20 Upon receipt of the Key Configuration message from AC, the WTP performs the following operations: i. Assigns the corresponding value to the KeyRSC field of the EAPoL-Frame=20 ii. Calculates KeyMIC with Encrytion-Data and KeyRSC iii. Updates Message-3 of 4-way handshake iv. Continues regular 4-way handshake with wireless terminals =20 =20 Section 7.8.2 Group Key Handshake =20 For the group key handshake, the AC does not calculate the KeyMIC for Message-1 as it is unaware of the prevailing KeyRSC sequence counter. In such case, Message-2 of the group key handshake is transported within CAPWAP data packets between AC and WTP. Message-1 is sent within the Key Configuration message to the WTP.=20 =20 The payload of the Key Configuration message is Message-1 of the group key handshake. The format of Key Configuration: =20 GTK-Flag =20 Encryption-Data=20 =20 EAPoL-Frame=20 =20 GTK-Flag: Determines type of KeyMIC calculation 0 - New GTK, KeyMIC is calculated with KeyRSC =3D 0 1 - Existing GTK, KeyMIC is calculated with prevailing KeyRSC value =20 Encryption-Data: GTK =20 EAPoL-Frame: Message-1 of group key handshake with unassigned fields =20 =20 Upon receipt of the Key Configuration message from AC, the WTP performs the following operations: i. Assigns the corresponding value to the KeyRSC field of the EAPoL-Frame=20 ii. Calculates KeyMIC with Encrytion-Data and KeyRSC iii. Updates Message-1 of group key handshake iv. Continues regular group handshake with wireless terminals ----------------------XXXX--------------------------------------- =20 I look forward to comments. =20 Saravanan ------_=_NextPart_001_01C62C76.A1307A95 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

All,


Regarding Issue 43 dealing with cases of IEEE 802.11i authenticator and cryptography functions being handled separately by the AC and WTP, the following is proposed text based on LWAPP-03. =

 

 

Note: Include 2 additional message types in (Section = 4.2.1.1 Message Type)

 

Description       &= nbsp;           &n= bsp;           &nb= sp;  Value

Key Configuration          =             &= nbsp;  41

Key Configuration Response         = 42

-----------------------XXXX---------------------------= ---------------

 

 

Note: Include additional sub-sections in (Section 7 = WTP Configuration Management)

 

Section 7.8 WTP Key = Configuration

 

The Key Configuration = message is used in WTP designs in which IEEE 802.11i authenticator functions are = performed by the AC and IEEE 802.11i cryptographic functions = (encryption/decryption) are performed by the WTPs.

 

Section 7.8.1 4-way = Handshake

For the 4-way handshake, = the AC does not calculate the KeyMIC for Message-3 as it is unaware of the = prevailing KeyRSC sequence counter. In this case, Message-1, Message-2 and = Message-4 of the 4-way handshake are transported within CAPWAP data packets between = AC and WTP. Message-3 is sent within the Key Configuration message to the WTP. =

 

The payload of the Key = Configuration message is Message-3 of the 4-way handshake. The payload of Key = Configuration is listed below:

 

GTK-Flag

 

Encryption-Data =

 

EAPoL-Frame =

 

GTK-Flag: Determines type = of KeyMIC calculation

    &nbs= p;           0 – New GTK, KeyMIC is calculated with KeyRSC =3D = 0

    &nbs= p;           1 – Existing GTK, KeyMIC is calculated with prevailing KeyRSC = value

 

Encryption-Data: PTK and/or = GTK

 

EAPoL-Frame: Message-3 of = 4-way handshake with unassigned fields

 

 

Upon receipt of the Key Configuration message from AC, the WTP performs the following = operations:

         i.           = ; Assigns the corresponding = value to the KeyRSC field of the EAPoL-Frame

       ii.           = ; Calculates KeyMIC with Encrytion-Data and KeyRSC

      iii.           = ; Updates Message-3 of 4-way = handshake

      iv.           = ; Continues regular 4-way = handshake with wireless terminals

 

 

Section 7.8.2 Group Key = Handshake

 

For the group key = handshake, the AC does not calculate the KeyMIC for Message-1 as it is unaware of the = prevailing KeyRSC sequence counter. In such case, Message-2 of the group key = handshake is transported within CAPWAP data packets between AC and WTP. Message-1 is = sent within the Key Configuration message to the WTP. =

 

The payload of the Key = Configuration message is Message-1 of the group key handshake. The format of Key Configuration:

 

GTK-Flag

 

Encryption-Data =

 

EAPoL-Frame =

 

GTK-Flag: Determines type = of KeyMIC calculation

    &nbs= p;           0 – New GTK, KeyMIC is calculated with KeyRSC =3D = 0

    &nbs= p;           1 – Existing GTK, KeyMIC is calculated with prevailing KeyRSC = value

 

Encryption-Data: = GTK

 

EAPoL-Frame: Message-1 of = group key handshake with unassigned fields

 

 

Upon receipt of the Key Configuration message from AC, the WTP performs the following = operations:

         i.           = ; Assigns the corresponding = value to the KeyRSC field of the EAPoL-Frame

       ii.           = ; Calculates KeyMIC with Encrytion-Data and KeyRSC

      iii.           = ; Updates Message-1 of group = key handshake

      iv.           = ; Continues regular group = handshake with wireless terminals

----------------------XXXX----------------------------= -----------

 

I look forward to = comments.

 

Saravanan

------_=_NextPart_001_01C62C76.A1307A95-- --===============1670632278== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline Content-Transfer-Encoding: 7bit _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============1670632278==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Wed Feb 08 03:15:09 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6kTk-0007ur-TW for capwap-archive@megatron.ietf.org; Wed, 08 Feb 2006 03:15:08 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA26987 for ; Wed, 8 Feb 2006 03:13:26 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 11A094300E4 for ; Wed, 8 Feb 2006 00:15:03 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 60A4E430063 for ; Wed, 8 Feb 2006 00:14:40 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 41F30398032 for ; Wed, 8 Feb 2006 00:14:40 -0800 (PST) Received: from huawei.com (usaga01-in.huawei.com [12.129.211.51]) by zoidberg.tigertech.net (Postfix) with ESMTP id EA3E0398018 for ; Wed, 8 Feb 2006 00:14:35 -0800 (PST) Received: from huawei.com (usaga01-in [172.18.4.6]) by usaga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IUD007T002QKT@usaga01-in.huawei.com> for capwap@frascone.com; Wed, 08 Feb 2006 00:11:14 -0800 (PST) Received: from huawei.com ([172.17.1.188]) by usaga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IUD00K6002P27@usaga01-in.huawei.com> for capwap@frascone.com; Wed, 08 Feb 2006 00:11:14 -0800 (PST) Received: from [172.24.1.3] (Forwarded-For: [10.18.4.151]) by szxmc01-in.huawei.com (mshttpd); Wed, 08 Feb 2006 13:14:26 +0500 Date: Wed, 08 Feb 2006 13:14:26 +0500 From: zhaoyujin 31390 Subject: Re:RE: [Capwap] I recommend LWAPP add a new notification message "Gratuitous disconnect notification" To: "Pat Calhoun (pacalhou)" Message-id: <2bdf2b2bb7c4.2bb7c42bdf2b@huawei.com> MIME-version: 1.0 X-Mailer: iPlanet Messenger Express 5.2 HotFix 1.25 (built Mar 3 2004) Content-type: text/plain; charset=us-ascii Content-language: zh-CN Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: zh-CN Priority: normal X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Cc: capwap@frascone.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: 7BIT > If I understand properly, you are asking for a response to the Reboot > request, to allow the AC to immediately clear out its state? This is only one application. Aother scenario: Because AP occurs some fatal error, it maybe restart the system of AP. Before this operation, I recommend AP need try to notify AC this information. Based on this, AC can immediately clear out its state. Best regards Michael > > Pat Calhoun > CTO, Wireless Networking Business Unit > Cisco Systems > > > > > -----Original Message----- > > From: zhaoyujin 31390 [zhaoyujin@huawei.com] > > Sent: Tuesday, February 07, 2006 9:20 AM > > To: capwap@frascone.com > > Subject: [Capwap] I recommend LWAPP add a new notification > > message "Gratuitous disconnect notification" > > > > Hi: > > > > Many protocol defines "Gratuitous notification message". > > Based on this message, the peer device can avoid to wait > > timeout for detecting the protocol is down and release the > > system resource. > > > > At present, LWAPP defines "Reset AP", I think it is not enough. > > > > Can LWAPP add a same message. Before AP reboots, it try to > > send a "Gratuitous notification message" to AC. And same for AC. > > > > Best regards > > Micheal > > > > _________________________________________________________________ > > To unsubscribe or modify your subscription options, please visit: > > http://lists.frascone.com/mailman/listinfo/capwap > > > > Archives: http://lists.frascone.com/pipermail/capwap > > > _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From 5janny@4tel.no Wed Feb 08 07:48:41 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6okT-0003AV-9O for capwap-archive@megatron.ietf.org; Wed, 08 Feb 2006 07:48:41 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA18456 for ; Wed, 8 Feb 2006 07:46:59 -0500 (EST) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1F6owx-0002zc-Bu for capwap-archive@ietf.org; Wed, 08 Feb 2006 08:01:42 -0500 Received: from [218.55.28.177] (helo=218.55.28.177) by mx2.foretec.com with smtp (Exim 4.24) id 1F6okF-0006l7-Qs for capwap-archive@ietf.org; Wed, 08 Feb 2006 07:48:29 -0500 Message-ID: From: "Carol A. Ross" <5janny@4tel.no> To: capwap-archive@ietf.org Subject: =?iso-8859-1?B?V2luZG93cyBYUCAtIDc1JSBPRkY=?= Date: Wed, 08 Feb 2006 12:37:57 +0000 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0000_14FF96E2.81C4AD4E" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express V6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Spam-Score: 3.4 (+++) X-Scan-Signature: 0fa76816851382eb71b0a882ccdc29ac This is a multi-part message in MIME format. ------=_NextPart_000_0000_14FF96E2.81C4AD4E Content-Type: multipart/alternative; boundary="----=_NextPart_001_0001_DBDD2FB3.A18401E4" ------=_NextPart_001_0001_DBDD2FB3.A18401E4 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Get all the software you ever imagined for unbelievably low prices! We sell software 2-6 times cheaper than retail price. Examples: $79.95 Windows XP Professional (Including: Service Pack 2) $89.95 Microsoft Office 2003 Professional / $79.95 Office XP Professional $69.95 Dreamweaver MX 2004 / Flash MX 2004 / Fireworks MX $149.95 Adobe Creative Suite Premium (5 CD) $89.95 Corel Draw Graphics Suite 12 Special offers: $89.95 Windows XP Pro + Office XP Pro $95.95 Adobe Photoshop 8.0 + Adobe Acrobat 6.0 Professional $109.95 Dreamweaver MX 2004 + Flash MX 2004 All main products from Microsoft, Adobe, Macromedia, Corel, etc. And lots more... Enter here: http://www.allsoftpossible.com Best, Carol A. Ross __________________ To be taken out, go here ------=_NextPart_001_0001_DBDD2FB3.A18401E4 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: 7bit
Get all the software you ever imagined for unbelievably low prices!
We sell software 2-6 times cheaper than retail price.

Examples:
$79.95 Windows XP Professional (Including: Service Pack 2)
$89.95 Microsoft Office 2003 Professional / $79.95 Office XP Professional
$69.95 Dreamweaver MX 2004 / Flash MX 2004 / Fireworks MX
$149.95 Adobe Creative Suite Premium (5 CD)
$89.95 Corel Draw Graphics Suite 12

Special offers:
$89.95 Windows XP Pro + Office XP Pro
$95.95 Adobe Photoshop 8.0 + Adobe Acrobat 6.0 Professional
$109.95 Dreamweaver MX 2004 + Flash MX 2004

All main products from Microsoft, Adobe, Macromedia, Corel, etc.
And lots more... Enter here:

http://www.allsoftpossible.com

Best,
Carol A. Ross


__________________
To be taken out, go here

------=_NextPart_001_0001_DBDD2FB3.A18401E4-- ------=_NextPart_000_0000_14FF96E2.81C4AD4E-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Wed Feb 08 08:29:15 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6pNj-0007hF-Je for capwap-archive@megatron.ietf.org; Wed, 08 Feb 2006 08:29:15 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA22151 for ; Wed, 8 Feb 2006 08:27:32 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 64FBE43010F for ; Wed, 8 Feb 2006 05:29:13 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id B2D9D430048 for ; Wed, 8 Feb 2006 05:28:46 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id D049F39800B for ; Wed, 8 Feb 2006 05:28:45 -0800 (PST) Received: from huawei.com (usaga01-in.huawei.com [12.129.211.51]) by zoidberg.tigertech.net (Postfix) with ESMTP id 42E4039802E for ; Wed, 8 Feb 2006 05:28:41 -0800 (PST) Received: from huawei.com (usaga01-in [172.18.4.6]) by usaga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IUD00DJUEM6YF@usaga01-in.huawei.com> for Capwap@frascone.com; Wed, 08 Feb 2006 05:25:18 -0800 (PST) Received: from huawei.com ([172.17.1.101]) by usaga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IUD00BVDEM52D@usaga01-in.huawei.com> for Capwap@frascone.com; Wed, 08 Feb 2006 05:25:18 -0800 (PST) Received: from [172.24.1.3] (Forwarded-For: [10.18.4.151]) by szxmc01-in.huawei.com (mshttpd); Wed, 08 Feb 2006 18:28:31 +0500 Date: Wed, 08 Feb 2006 18:28:31 +0500 From: zhaoyujin 31390 To: Capwap@frascone.com Message-id: <2e547c2e6a51.2e6a512e547c@huawei.com> MIME-version: 1.0 X-Mailer: iPlanet Messenger Express 5.2 HotFix 1.25 (built Mar 3 2004) Content-type: text/plain; charset=us-ascii Content-language: zh-CN Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: zh-CN Priority: normal X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Subject: [Capwap] Issue39 agree "Remove AC address" and recommend "remove hardware version" form "5.2.2 AC Descriptor" X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: 7BIT Hi: In issue39 give next recommend: >Page 35 -- 5.2.1 AC address > I do not understand this. It is not useful with a layer 3 > transport. If using a layer 2 transport then I would assume > the broadcast or multicast from the Discovery Message would > have been heard by any other AC's -- so rather than respond > -- would it not be best to stay silent? I also agree with this recommend: We change "5.2.2 AC descriptor" as following 5.2.2 AC Descriptor The AC payload message element is used by the AC to communicate it's current state. The value contains the following fields. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reserved | Software Version ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | SW Ver | Stations | Limit | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Limit | Radios | Max Radio | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Max Radio | Security | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 6 for AC Descriptor Length: 14 Reserved: MUST be set to zero Software Version: A 32-bit integer representing the corresponding AP's Firmware version number which is supported by AC. Stations: A 16-bit integer representing number of mobile stations currently associated with the AC Limit: A 16-bit integer representing the maximum number of stations supported by the AC Radios: A 16-bit integer representing the number of WTPs currently attached to the AC Max Radio: A 16-bit integer representing the maximum number of WTPs supported by the AC Security: A 8 bit bit mask specifying the security schemes supported by the AC. The following values are supported (see Section 10): 1 - X.509 Certificate Based 2 - Pre-Shared Secret Best regards Michael _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From jaflorette@evstudienwerk.de Wed Feb 08 14:39:27 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6v9z-0005Fx-80 for capwap-archive@megatron.ietf.org; Wed, 08 Feb 2006 14:39:27 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA25114 for ; Wed, 8 Feb 2006 14:37:44 -0500 (EST) Received: from i577acc4a.versanet.de ([87.122.204.74] helo=evstudienwerk.de) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1F6vMc-0002CI-2p for capwap-archive@ietf.org; Wed, 08 Feb 2006 14:52:31 -0500 Message-ID: <000001c62ce7$484e8210$113ea8c0@grillage> Reply-To: "Lorette Jaffe" From: "Lorette Jaffe" To: "Enok Mclane" Subject: Re: Q w news 297 Date: Wed, 8 Feb 2006 14:38:48 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C62CBD.5F787A10" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: 0.0 (/) X-Scan-Signature: 200d029292fbb60d25b263122ced50fc This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C62CBD.5F787A10 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, http://www.lationous.com =20 V r I f A z G s R b A k k $ w 3 m , p 7 r 5 k=20 V v A q L w l j U f M s i $ d 1 l , g 2 l 1 l=20 C s I c A t L l I c S h m $ z 3 d , r 3 e 3 b=20 ------=_NextPart_000_0001_01C62CBD.5F787A10 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Hi,
 
V r I f A z G s R b A k   k $ w 3 m , p 7 r 5 k
V v A q L w l j U f M s   i $ d 1 l , g 2 l 1 l
C s I c A t L l I c S h   m $ z 3 d , r 3 e 3 b
------=_NextPart_000_0001_01C62CBD.5F787A10-- From acbride@huntconstructiongroup.com Wed Feb 08 15:33:57 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6w0j-0005n1-2R; Wed, 08 Feb 2006 15:33:57 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA29984; Wed, 8 Feb 2006 15:32:01 -0500 (EST) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1F6wD4-0004I8-Aw; Wed, 08 Feb 2006 15:46:49 -0500 Received: from [200.89.234.95] (helo=cable-baq-co-95.234.89.200.dinanet.net.co) by mx2.foretec.com with smtp (Exim 4.24) id 1F6w0E-0008MG-Sq; Wed, 08 Feb 2006 15:33:27 -0500 Received: (from tomcat@localhost) by 200.89.234.95 (8.12.8/8.12.8/Submit) id j4CHmn6V804164 for bridge-mib-admin@ietf.org; Tue, 11 May 2004 00:01:58 -0600 Message-ID: <699f754u.9553411@65.246.255.50> Date: Tue, 11 May 2004 00:01:58 -0600 From: "Nelda Blake" X-Mailer: MIME-tools 5.475 (Entity 5.405) MIME-Version: 1.0 To: bridge-mib-admin@ietf.org X-Spam-Score: (-2.159) BAYES_00 X-Scanned-By: MIMEDefang 2.52 on 200.89.234.95 X-Scanned-By: SpamAssassin 3.263341, File::Scan 0.54, Archive::Zip 1.23 X-Recipient: Subject: Low mortagge ratee approvall Content-Type: multipart/related; boundary="------------AttPart_44511239==.OLA" X-Spam-Score: 3.1 (+++) X-Scan-Signature: 7da5a831c477fb6ef97f379a05fb683c This is a multi-part message in MIME format. --------------AttPart_44511239==.OLA Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit
and broody on lenin in dugan may ripoff be scenario try candela be annunciate in collegian in spencer a bicarbonate try confect it rhetorician try quezon some prophylactic Or maybe not

--------------AttPart_44511239==.OLA Content-Type: image/gif; name="assort.3.gif" Content-ID: <1.0.0.42.0.16135701092710.06658035@boucher.msn.com.5> Content-Disposition: inline; filename="assort.3.gif" Content-Transfer-Encoding: base64 R0lGODlh5gHOALMAAP/////MzP+Zmf9mZv8zM/8AAMzM/8zMzMyZ/5mZ/5mZmZlmzGYzzDMz MzMAzAAAACH5BAAAAAAALAAAAADmAc4AAAT/EMhJq7046827/2AojmRpnmiqrmzrvnAsz3Rt 33iu73zv/8CgcEgsGo/IpHLJbDqf0Kh0Sq2CDo+sIvs4ZLaPCthKLpvP6BPWu95sLe+0fE6v T9ttTZyyt/v/gIE4eF0AWFyFEn2KYRMNiA2CkpOUlRiHXAd5homLAHsNkY6ilqWmp2iEmoiZ jHCNAKEUsqi1trdMqptisBOgpLHAuMPExTm6iZxen72uErTPwsbT1NVqXGBdmFle2VmMiM+Q s9LW5ufoO9Dp7O3u7/Dx8vP09fb3+Pn6+/z9/v8AAwocSLCgwYMI02DKtgzGug1apOyqMubC okflhmCcE5GFJz+q/0R8VPFAgYyHIUr+GYkBZRGXIFQWkakDZouJLEKGYImC5gubHXzS4WkB aBCjHIQGUWoDaQqcK0JuS/aKi7gHobBeBcbKJICuGaZ2Y8Ws5LerWtGSAvsVmwRMyw6BWebt bNEsWbU+4hIpYscL29hgy7SlYtlmwWaNy4DI61RtrBpWtbsXL1qtfmU2DjuYW92yoPdmzUjB Z9eFrSxaBWe4MqnKmLV0BCuWU+qbZresagjVmeJI0KCZLjyBqbIJWPq8GfMrg6zhEpRuOrR7 D09astY992q8gtRCzHt5Cg7Mack8a6ZTxRCHvPa+3L1+lc9Z8AHlYeKA0ks6uvzhOn0h3v83 zY1CTnQq5VaabsgV0ttTuUHGynp8IOaScBMS598l6+HHjG8PwQYfBtIlo4p1iB2Y2Hvzbcgh IoIVBl4jHlYQ3ISknZZIeiZSCM5q7pU3YosuanDigB8mmZgHNAEYoWSqVQhieTgW2ZaO3FDw IArJmbXbB+OVIxx9RRo3kYf6wcJiNERaUCJvDnaB4gahYCckkWbuGKeMY/mmpIFsBvWfAuhB BieUvrX3Wp0HajZoB1326Ut+NKrZXwVN0nfek24gqeSabmpKppZZHhdDpKam+sqnYq4laqYc wolmpQZmt2ibeJpEk3r2HWZXS4wuyWaCecalJ4NJ1qiisMwuWJz/SWLxGqUzQTaqK6zdccLg rKAFKuizzqLaqZSsrngnrsP1aN+WJYhbmx5niejIYmxl+GIrn2WTzbyv8fXcZsXJFG1nVBHF rLwIgjHqW43tOaNsBJIVy2IIkzgYfYTAKOBgsKVVMcT/ZctwQ5+xhtdijAHMlrjskaXvahP3 y9eVf9EWWYM+JtSCwU7Zwe4RP+ss9KQwt5QWJYFFQd3QTDft9NNQRy311FRXbfXVWGet9dZc d+31PQQvDIJhp5ZKxF8zbASRyECgjZDBQcAdU3wpyH0NokuJzYHd3pKo90x/q8A3k4E/MTgP h0NENwqJixC0Dmy3HIJRkedNQ+MaVC4D/2rGwvhypTB3DNzMCG7GlgWoPWyXN/OSnpKGA0uI NyOtkS6aaDR3V1tt+UJMJ70AF7n7zaz/GC/KFwSPpVk5+0rp8xNjpXbmmjaWuoT4Sly80dKn pbxbtt02Q5e6SRuen+QVNWSL0L345aTwA9o34SrxGmBVfwZqJ7piF6rerJRyjpDaRyReqetP +Ekf9ZwFLupAhVuf4o/iwPUsZMjKU3LbyENgNbIGzQ43fDIfYvqgQHlhy16xqlA40FclEQhM XffjBbUoJop/nc47enoM81xGK+dYpnTKc8yEuuAj/ODoVguk4IbYBcECfctKmwrhEO9TtPwJ EFNBxNnNaEA+Q/950IokvFX6sFW4LyYKFmFMwQsPFUNyvUGBwaBF5fzXoRSlqQMb6c4acYg3 ZcmPcqIKV/P8tJweNiuJ/Ovi+1SDxhRdYB0cbNPjQOglEa6qPeNQIFgIiLpkzMkVbzzX6zo4 Mh41745wrJMoOEkqY/0PSXcEFjkIuMeRHbCQCJSe/PzGwCUOMpcfas2legkdVL3SjQHUACQf taFNHYqLspmLWEpGtEfW0F/C0EzwcKgxX6FITcgzT0feJRezqXCH0ZMeEoGYp5vxjocQc2Q6 vaeyzQyvm91y3mWO5ibw5Y5QW2zZCssChopZDHwr8xLDNEbNfD4SZQ0LmRDxSYaeae7/axil h2vW5raMevSjIA2pSEdK0pKa9KQoTalKV8pSQEyypTCNqUxnStOaCg0uC53LxtCJsI1eSWHs LKNNh7q5HnlRch8Clbf8oiErEfWpNpDWg1BZpY+RyZ9QzWpUD7glGc1PWGOymFC1StZ2cXWQ Xj1YsITFyYuW9a0ciN0OP/innmLzdKebyJnkCde+lgBzfg2sEsgm2MIa9rCITaxiF8vYxjr2 sZCNrGQnK4EAFOCyBLhsAQYQhMwS4AKe/QMBPlsBy3K2spo9LQAEoFkBbIC1l3WtBAag2QBM gLaXte0GQisE3Or2tgX4bQh4uwPWypYCtP0tboM7gcwWgLRH//DtBZLrAtYSIADWFW4PBDDa C3AXuicwbhGcC17Lbha1BBAAazm7XgHQ9rgWaO97AfBe7jK3vpnVbgVGq94hBCC/pYUvfZlL ge5W4Ls8gG0B4CvdAasXwPxFcBDEW1kAW4C6LTAtADQsBANbwMPhXTARIuxh86pWALbVsHgp 7F0Ri5e6ML4vgTEA4t7OOAMYbi54dVzczbpXxLPNbZBtS10D13i7QB7ydG+8Aus+N8WavewA YKve2OI4yjKOcgB822AAgNi5mM2AeaM8gDFLebVRFvCBsfxjzNZ2ubklL3FBS9r+bvi55y3t eVec5Pi6WMQxJrKM9dtczUIXzE829P+ZMWDm0yrYyhrI8XKVq2UJgHnHJcayai3QaAk8us9r di12dUtbCwfay6Q9coENLWZFO5rNsHWubB8t21ILGbiERoFlM8vZXau3ygR475ZBDdxf2zez xs5vfv87Yw9HWMKcfu6vE53eaZeZtlPONZqnrN73IpvZP072go8N7fiSdwK7zjO6n4xm17LY z+4G9KAHLGhtf9fOz753rNebAWP72MfdJjZyZ4xdC28Y2cfV935J62tr99va7Q24miu73OPa mtTzNvKOD/xrVXsaz7yOeLhxO4D5DjvbQV6wwXPcguzeWbWm5fPE6Y3uH1N62PXmsaUPvXHU nta0Zk5tu1//m2TjBhrOtUW1u2fu6Qd/1tfqvvN1Px5vpsuc5qdm+YfB++WnsxvFjNb0sGM7 6kgzmeVaV7WBg77oaJN57AsuO6Ml7mAMn1rjGkB0z9GL5ykXfdybxS6Q3z1fSTN5BRzm8Muv vmTtGh7nNN+5zlEd9p8HXtrGtu27W5zwuHtW3sbG994XLvmgW37qVB86Bq6e9XlnoOsF9vqm L9BwfmO3zUxX8sCFm/aerx3zvyZ07c97e9xa/c+uRXrOi5zq0T/b41LvO4uNy3jCuz7yLki8 umMOeIFj/+K4Tm6Xnc3zfot9+3sG/MynL28AP57yHLCvtJvu8l0Ll/GcH3rrc/56/677/+Ub oH1+J2rhZnaOd2PiR2DdBXsA6HO0l2fcR4DzRXvLVWYb9mBAdnfN13+TF22fN4ATQH3IR3Uv dn3YBQNj9mpRdl1jJ2u0h2iex2YH52bBpXerBYOj52/shWVTN3YWSIFiN4OyxWxpZoOvxV8U kIJ3RmYbVoG/xWJwZ4FECGRTmHuX5ml692mzt2aKFmxBuGSVpnwVBmk3OH9etoJotoK59mie hXQ/CIRvOGBCVoVYiFlWd2mqZl6f91xuqGBgJmokB3dghnHaFl7q9YSZV1mHeIhzZ2yK6IiP eHurFXr0B4kawGGh91u3V4i3F3w1l4SUGHq5F4Jq5omTaP+KnfiEgQeKjPiI8NWJr2WJoniK rfhwixgAnViLnEaJF2iJvchxCceLmagBmYdiuQh2l4iMNWdnvQhfvuhdswiNo3aIx4iLwYeK jJiKv/aJ52BmqIcKckdZWpOI4liO5niO6JiO6riO7NiO7viO9/AYdAUONfAXL6VMrDBMWDRW P/FDB9VRLtAzVgCQxDA9ThUCS4MbrrQ3fMUC2XKPf6SPvVQTNdQfjpI2wiCQHrBXN+BWK6CR PQCSHwCRcZVDDGkDD/lLV/RVEwQEQBFJP5GREjmSddSR/MgCIqkOM4mQKuk4OZQ0+uRDM3M7 9IRQ9nQbQAkC6eNTIAMuWpA6qyD/O3UBOlZBlPx0SMQEUBrzTuGgML/yUP6YPNG0UKUClNvz GUS5k70kVwzBSMyjFq1zNPWyTdyUJZ9jPHzlUz8VMDukla3wLlVRO65DKhSlDJ9kTSqiQY/w KsykKiQ5T9IgRwlCN7vCDTzSKyjiIfuzLLzkH+rSIwBkRTaijxFCJv4jQ/EzQ8Chli5iP3FC V+ezLMu0IKwEGJ0QMX6kPskTSPNhQAspUEklSmZkSoTRSCupm3wZUUq0C4+5lPSyOApiRh3U BpmZIpvJkpgyKJ85IVT0K7F0nNSjIORUk0QjMTnJQK7JJ/BiIygDSfaCVbbZTUYkMbIUKlhU P1NkkkgV/0qcSUprkEOHiZwCiitlIh/M2ZOIGQ2aBJ1oc6CY2UgjoUqjmRTaeSindBbfWZ+K kxunqSrAlKAlUEvKoEjrGZG7lC0E2aG5SSflIBRuoVf6OS38uUv+SUSuFKATCiiz+SyR5KD3 WC2BcpHsY6BUYUqSwgw1IqEuFB++2SBN1JC2Ep6F0aGXCUrJRC2smZ2kdBwsg1TespTrMx+1 aSp54EfX0aK86UweFKOrEpz9KY/h4yVTKZSW8TH1ZD0BlZB+Apa2c1fxBFRtURdwwjzduRoN hRKUAzD3lD1dSTC/Y5ERsimD0TmSYRhoiTxYeZ8RMZ7I4paUgU38kpzaBJ+EGf9N9NlQd+GP m/Sniyo+5bkvBrUSDRk3s9qf+nCe8FgH+8IBBpmrvvqrwBqswjqsxFqsxnqsyJqsT6WnJABY yjo0nuCskIKgHyGtz5oQ0Vqrd+MB1aqt1woQnEOWtwkz2yMvaZkyfdklepIa27On35oQJNpK 7ppGOipBnYmfR2VG3fquTEOi75KtipGP2Jmd4vmacXqb08KvOqNIKjpCvQAT5iEj0PKaDZuw CosQDKufuGSlajWwBCtE66KxV3qxQ1NO0tQwdPGVglmnmLqb+DpX24AshGWtJFuzNnuzOJuz OruzPNuzPvuzQBu0Qju0RFu0Rnu0SJu0Sru0TNu0Tvv/tFAbtVI7tVRbtVZ7tVibtVq7tVzb tV67WAbgAGLrAAsQtmN7tmgrtgmQAQsgtgagAW2btmnLAADAAHNrt2hLtx6QAGrLt2oLAH7r AGsLt2f7tgAQtw7wtnZLt3jLuGfruA7AAHibtgsAAGaLtpXrt4MbuGebAJwruBKAuG8btwYg uhnQuBLQuKh7uZV7uY8rt5V7AZ+bAKRruhZAuofrtpMbuXXLu7srtpP7u8ALu7M7AXw7uP8Q tgzguXy7AHy7vJ47tgvQttMLuhhgAHZruNdrt8zLvZLbvQyAAN/ruZIrvtCbAJL7AaUruOtb ts1Lu9Z7AW3bvYk7v+ibuOYL/wDma77Mi77hW777G73L+7bK+7zNa7nzKwHNS73zawDw67yj K7j3awDYm7gVjLwWML7pu7/7W8DNW8CR+74hHL2xawEOTL0JQMHZe8Hbm7i5u7YI4L8JgAD6 u8Hl+7wOHLkgvLxka8DRK7bO67kJDLjx2w/Kq70pHLYlnMJMzL4pTLjaiwFta7gOXLd6a8VY LAEIQMPpq8U0/AGae7wfjMBFPAFDbLnwO7gVXMGM28YUsMVZ3MVKTAFJTLaAa7jHKwEOnMNM jMfWO8RrXLsufAHlq8Xp28WSe8QK3MMUbMd1vMRRbAF5HLpuO8VsO7yDnMWp67t0O8dz/Mh3 PMcKPP/JaOzHGMwPokwBSpzKRHzK8hu5mfzK62u4XYzFh3zFtywCYSzB8UvKFGDJv5zJU7y4 tnzFFIDIesvKemzHxgvLGOzLrUzJ2jvFghzJE1DLxZy6DJDKoszNZKvMshu/1XzJsJzJ2EzM 6evJzGy567zKjlzGzezK+gDOrlvC0bwBbZu9hDu2tPy4XDy2uAzQugzL3EvK0CzNFQDMuYu9 ktvQNfy42hzR7GzPy2zPz1vE0DzJCk3NBB3Lx2zMuWzF3hy73iy9HEDK+QzL1mzGHa2959zQ 6WzHIz0B9UzGnRvPAKHOQAzCFg3PCc2++izFghvU31vIVuy/17y82Ly3ghv/t9GLvAe90D89 zYlbvsSsv/0b0nK8zjS9zh98xhn9x8Jcvw4gvm6LAS8dx9vczszszTxM0eGMvG1r1h4dzItr ziD9v7yrziXs1geMxsw7xFGdD6JMwp8cxYPN0oV7yRSMvCGNxXAc0ZENAmLct73s0wqN0NJ8 yLybwW6cxfTs1WgL1WWs0WM9y7hLyHmt1jM90V2duStdAShN1nXN0jGs0GlNzHz92rz9xJJs vYmND3/tziTNzMH9whPM2BVgw3pby4+91BtwvOubwgk8xiYc1MPswgnM3JqczaAt020t2s4L 1qVtvWv8wgt93heQv1bMxc1NtwesyK5d0fSdAbOt/8K1jdC4vdr5u9v1Pd+XS9pq7NsAwblr TblE/LdCjcm1jbiDjLqLK7ySO7f/Hc6Wvbbru9MZUMFji+GTu7YQTrd0Dbw0TNfh67omzboJ Xs6gG7ibO9qW++G5W8n5/dCR+8Um/sWBu83LDMTsjOAW3uGim9nBzOAcDry9y8mLDLxUnOJy ywAO/s2LLM/80L9v27/MS8BZvuFZzrzX278TEMMzjNVbjOUzLOb9S8Py/eWe29hUvOUa4MBe rsdzLuYljuNpHuaeq+NmjsdtDthM/Ody7tuD/ueATueei8YbEOGdbed0bOij7NtmTuAVUOhJ 7OVVzOaBDsN57uiTDeeR7v/nWN7YVk7TlL5Ypz4QMVzmX/y1rs40MB3rsj7rtF7rtn7ruJ7r ur7rvN7rvv7rwB7swj7sxF7sxm7rcP3qyr7szN7szv7s0B7t0j7t1F7t1n7t2J7t2r7t3N7t 3v7t4B7u4j7u5F7u5n7u6A60cNqPLesChJXuSsOmHQA3cBQDNAvvO9ChYFKr9Q4D947vx/CT xKM9A6WhNjQbyxMnEDMWK4SqAG8EA3NByIRH45AujVmjkDEnK/rwQ0BH3LmrqalMq8lOY+lL 3bQJnwTyHI8EdPRBlsrvI0+gbaKmZOpJxqlCK8/yOQSaGDSyyLkdzqIjv4nyxrnxOe8DcMqV RfPV7gE7On1Bly0Ss0QknxMSlB579LfgkUqZpVgfCFDf9WAf9mI/9mRf9mZ/9u+YlP14KQSJ 9mbwmFtPoSbw726fEwhqAkih9SFf9x2/royKob7DopJ5LdxxlDAClb7C90QQILuQJj6vPmGV Kzz6TA40djv7BBkTGSWToT+/StnYMRzpoXR/+SPwHVCS8obEp97NzkDvm6fvraQPA6bvpDfP +TkqR4RfoGfCs1rZ+zWAU+KqOpGKTmCZyWpFPFM5sYcfUA7l+89Q1PAf/dI//dRf/dZPUhEA ADs= --------------AttPart_44511239==.OLA-- From spencer@kyabakura.com Wed Feb 08 21:07:40 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F71Df-0007nG-6X; Wed, 08 Feb 2006 21:07:40 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA03257; Wed, 8 Feb 2006 21:05:41 -0500 (EST) Received: from 142-217-126-84.telebecinternet.net ([142.217.126.84]) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1F71Pz-0001zB-Ol; Wed, 08 Feb 2006 21:20:28 -0500 Received: by 10.11.98.9 with HTTP; Wed, 08 Feb 2006 20:06:51 -0600 Message-ID: <708d374p.1865424@hotmail.com> Date: Wed, 08 Feb 2006 20:06:51 -0600 From: "Rene Solis" User-Agent: Apple Mail (2.728) X-PGP-Key: CfBb7Gfe3FxvA9vDKr3qkakYJx4JyzgzK1Y5Q5o4DodulT1qg9RlXt5Vw08qMmTE== X-Load: 25% MIME-Version: 1.0 To: bridge-mib-admin@ietf.org Cc: business@ietf.org, calsch@ietf.org, cancer@ietf.org, capwap-archive@ietf.org, casandra.boykin@ietf.org, cats@ietf.org, ccamp-archive@ietf.org, ccips@ietf.org, cclark@ietf.org, cdi-archive@ietf.org, cdir-admin@ietf.org, cfrg@ietf.org, cfrg-admin@ietf.org, cfrg-archive@ietf.org Subject: Notification: Loww ratess Content-Type: multipart/related; boundary="------------AttPart_54315882==.OLA" X-Spam-Score: 4.1 (++++) X-Scan-Signature: d890c9ddd0b0a61e8c597ad30c1c2176 This is a multi-part message in MIME format. --------------AttPart_54315882==.OLA Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit
try albanian a impress not chest not tutu it ambulatory some bursitis in broadcast some letterman a bribery try reject , passage and usc be juliet may anabaptist Or maybe not

--------------AttPart_54315882==.OLA Content-Type: image/gif; name="dozen.0.gif" Content-ID: <6.0.0.37.0.35133350736117.76537733@larceny.yahoo.com.5> Content-Disposition: inline; filename="dozen.0.gif" Content-Transfer-Encoding: base64 R0lGODlh5gHOAMQAAP/////MzP+Zmf9mZv8zZv8zM/8AM/8AAMzM/8zMzMyZ/5mZ/5mZzJmZ mZlmzGZmzGZmZmYzzDMzMzMAzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ACH5BAAAAAAALAAAAADmAc4AAAX/ICCOZGmeaKqubOu+cCzPdG3feK7vfO//wKBwSCwaj8ik cslsOp/QqHRKrfIalKw2K9FCINkEaVuCSMpeVPc8SmjZIrBXDMButxI5BdLWSxoidncUVoWG h4iJQglgeV8Uf10UDQ2SdHVrJWEklZCAJ3ZwAHKfbnuPWYBYX41fEpGpgVmsWgmMkLSiiru8 vb67kCOUAG6fAFwkbpejsyXFKqGchCKvy3KMfMSTwtqlwSRdn3sj37/m5+jpRuVt29TIIspj cs7uKWmysstxew10z8ncgTnxR8S4QMbUKVzIsCGLb2DEAGTWiNylgeECJjyxJ2Odaa9QsJsY z93BEv4M/2Yb6LCly5fpBpU0hvEghUvjsIgiyRFCgoxYqOka0UVjPXHZ7t0RNhSm06dQl+Ci 120Ey4w3+d0xxtPEOFMJggIoSnCnvZkGm45xRHZs1qhw48r98a1BtoksTWGhM9VMua6astkR C2ajSqOI23LKdtBuG8NzI0uevIId2nfCajHjuqmqipN6ZL21epYnwIrJCh5L6kYt5dewJ1v+ yObnNNG2sqBhg4WmhGU6wel+d9B2UlnHaRP1JFoc7y58KsWeTj3uFmOCbl4nbapz90mD2GUX TkIPPtLNRG+yvdVgeDFd9lWfT18dK599WI1iZW3/l/L83ffFRtj895gJ94HCCv9XCeYHQUIC fvEPZPVVaOGFGGao4YYcdujhhyCGKOKIJJZo4okopqjiiiy26OKLMOKgWokGplBjEj9RWMhP 8sUYRXd2caGFe67pEAuNJxGUJBJHKgKWjzvWddNeJfXowoyf6biEdL7caNVKyTGpZRXy3IAl lDlQOZYrwoQJw5lqjJkEl714GQeYTcB5SJk26IlmDW4IBsklv60QloxyxnAoDG7W2eiXeSaq wqM+8CkEpTJg2iFLx8DBCAt+vinpC6GCUqQidpahaRClsuDGEZYC8aoOdJZ42m2FsreRIGfo lFWhH5Ujh0epxcIesD8Nq16vXPwjiT9bhFVbHvAwM07/UnagQokkK21jigndhZUKMoOZ8axV nxhoG7DCfbNuWIAMa1i41PhVnCSFFqYNSFoYU8uQggDy7WayxBcQHQG79Ucs1VJDh7lHSjKJ rgXfRDF7uWlWYkhuCcxGQTyWoJoko3QiBpf/mXFZG4VWI9CUxuZBTSkfewxfr7wFMxgxMlOp r1VsmFGJRByrNusYd45yRo71Kn1yVj//F3KtdQj8Kx/fyvzRRtMYyHFht8LnTUngejuJGURH hysgJD94sNM8+7QNl5YanMlHZM/MM3slg/ybyj2f6mFvdg3k9ndnjYWdKFAvNdqZN9YK8m0q K95HLF7SSTflzIpReTts25XQ/69jI5iJPBxDnZQ7qv2X3WiBXLNaN0crbfo3M+Yheeh51w40 JsdcEtTRqlFdZfCZ7ffRyWG+NWNWsyKuSm1bhXKy4B5C8lsx1KswY62qa2IM5Mftrg1TeldV UOZwbI4+e4k7fcaNpOcjcnRBP5gHNkmn3zr+KagEILLCK20ITxeBS99+zFe8afhuJm6zx6uI 9wnjGfAYnDHgJH4DO4PQ4XkSceBt0Hc+Z9DDgiNaxTvGV6hhgANbjFOFt85Qja2hZG7ayVkI f7emQCwtJziUFgmPprIHaqIgKrQd3BRzQY6B5UnKM8gntFbEg7BLeb2JIlFyhSXUfYx6udHh EkXYo//gEKyHz0iiBZ/xM629Yn5LkmLT5FimGg6DTnasBLOAp6K31IpiN9wDveSgtkHxLBXQ CSQXm+WeiZFrFutSofX2xUHd9MsUlWxY8pblLE8MZzkL++Ico0GKUAjikFfc1yOC1K9DNgmU wYEEI12JrDXY4R2pxCB6QJMKMMitM8vZhh5YQ8AOWutByCCFwmxxLnpRDF8hNOSf6PM8w7hQ IWJRYhWwN81uVuEgEalHQ6iULCukypvo3BE0TaA1hgzTCrFKpzznSc962vOe+MynPvfJz376 858aEuAPyukEgf7AoEpalazaCVASjecYrZTBznpgCoUCYaI9wKjI7qaEijb/1ES3kJI0FUWs HdzCogMt6Q46ARnpoNQHvmwIQz96BDO2xgZZpMtLfZBTnsavh1CI4zkCBaWd9sComeBYDXra A6EigakscFsLoHqYoBr1BVKdQVZZkJIYGRFWI3yTLK30Aqoa6aor/SkKAAOKnzo1CW/FAVtd pdYQ6RGRTUpYHN4IP0o0q5DAetanCAmuV2wDX8SZ2LkMldc3eG44r6yYNNnDh35FA7FeMexJ MOuWcrwxslqZ1pFyqtdjdVY3pcVX4rLjE4mxEJg+5IIMf3UvjpLjLq7tLGIt28pnkiE1p+NW YgkxLPkwjRmcRY9mW3skysbDsMwaaRVkpy+fcbGy/8HYnghl+JuaKTE+XkuIHcLyIKvtUG8h W0FbdOIXnHUtftlCzSv8covthQM6MdXEKZqB33H0F7v77WBrMjJfoJgtD0VpDSlaAS0ET2MW fiFQK4xDiu78rCQBZmYxAWuwebxDWzrpBB8awd6iQCcYDJaG9m5S4MbpbhWoGcNhuRDhQPp1 gw5mm4PFteIBx/UJ7vMg8uw3o+gFkRjKrJzM7qCL2rHyvNKLKq7aJ8ztmiCnZIEYbcOIuLDO ThuZ/NdSUAPV79w4DVk0z9mg55NbXYe08SNqT4tSkY1wSs5v+Up1vaK28RGiKJJc83Uk9sN5 7VnLIZziHfZRXbIQFQ0DRP/mFkasWVvsedKHCDLyJAiSDCYWa4e1GiPrejSBQk+EMeDUX6q8 ssyki1+GfVqsFTwgPm+R1g/CNVJarZV+nKLWaf61T8IJOn7c5xYIizMQafJgN3FqdmoqjlqX TZqtWQLFwtZwGAAzkTUYDCB9CdOtbssR8Pj1PmzrsWeCNZspaLrKU8xGO+so3h8CsDy5Sk6Z XGe2D7YwXo9qSyI7RjCV2pAZYsiu89ITi2ySo4XjaDghJJ4WXhNOkIZUWaA/hkxmcVBQHNcJ fJQNaiR+o90i/4jaRuwuod60NdwlTidwyPFBxefR9VgdDU8t76+cadwVvzIyWuO5Myg8hHcZ lG7/6O1DJnSnsxR7J7tBCT/7elLS6SGsfs2233RbXSAUita+8PG6JXlBEF2ebWYi2g48qAeH rQyNcNeOObGngdDDzZhu8H7a8zQSjmLXg3wk1nImn5adQ1Jzsj0ezGC4/TsiGxJEr/Od74QJ XwFTFuJfrZlBzJwQlidYEju8kM/N9ILLa0KD7rTVwu2H0QMqEJKjg5+qJUNCJ3hQrfNzCWwg TD+FS0iBhFejBcVOvDVy/fEXA/Bd7b5w2NKPgrbqe9HVYfeLkSr0y5Au4Ggf+8rPfilch5/w Y1/8ww9+7kURfv7ZhbxSNX4guBGPUaEqZ/NiHTdpyv+l1lVDfYUCvEJW//1XgDbwSQaYgAZ4 TQrYgA74gBAYgRI4gRRYgRZ4geiQXuBgf06HVjhCehm1f3yUURyIKh7IIYLAGJpEBFBEDv8X BXpVHhfRMO9yAjX4XCN1gwiigVfQbgLogzYgL+ykYuy3gqonVKdHIrYBDiJoUsb0gkD2N76j JodzL4dUWFfIM1n4E1mIEiUYA5tDgCOoA69ACY5RHrfhGDd1fWA2BanSKiDyaFy4BPEEh07w B59SD8ZkILXHE30oTP8AiLw2FmKIA2G4AihUA1NiTZ9EZfCRGYVoBG/4hRmSRblkBHX4hYsy BBJyeWpSHuKAb5ogiiOkMqU4FMYUgrlXHiS0A/+TwIA8Ixbgoz8epnqQwk6UmCG+lItyZUx2 iItFgEnIN2Tg8FzSkBrSMIf6UIT1EIk4NRRHU2pNyFWzNDOzcoZ3go1apAR0kiq1xyIncSyy 9g7ygXa09FiidjzWYnCCxXJApEniuDPNsljmkkuaN4cd5EIOt48j1Bv9CB7HSHeEkFq2FSyL lI/Tklifty04CF+MhEnGtVhq2DXHYQY38jmiYY/QNXPCE1E/sU6Vp2U04YwgYjQvU3QWgRJL sz8naTklJA+V44cfcxPh5ZKIERFaowx+g0mECC5ywzZ8oY3Y0o/MyBT7uDCc0GRQc116oYxa aDmAkxzSMTDRmIbexYP/c1gQLNlSfsVMVcImX4KRN5KVG3E3NZRlTJkeHNONEPcwL1I8ooBE cNBBZ8FApSMPj2NnHDd5yAAnu8NG0LIdoTJYWHceXbVu2jgR72cPi4kd+pYVoyEWqRhSs5VK QVaV79Met1d30iUMoaNmr1iKfgWKJgRacGk/kflgydZ0/aNLMXKaRDE9KTkG9baBLikWeDk+ BOJYrhmbVxaX8bIHoOdlgzliyTEamxh0JXNE6NIpzSksu5lwnmZMz2A0VDFEqJY3wPNV6lNB +eWFvfmS9mAx47kM1WkYsDkrnCZkJdSNSfGLJJKTUvI06IgGN7OG1jVyaGFHq6ULaINkQBUQ /2KkF0JxMmzjJhODTPswGtgiQ/e2ljmRM/cmSdDYOPEmRyqpDXwQEg6XekYWiMl2n7aXmZVl nKkBL0qlnfrCh8IklfbGToIhRm3EGBU0De5JDlNEktkDD+IYTASKhobUo6h0S4L1LAP3dt3S GOnBMtX4ORRzSoHUmUNmHlQ2WX5UjZOUkfIRd/igeUy6MPZyReFyLmswcguzbYv1pavAm0Da mbXjpetYWFdHhE+nGVInXLUgjMkUC5eIgWt1pToqK42Siox1IrConX46GQCRok2Qh2TIi9Vx qIlKHQM4qZZ6qZiaqZq6qZzaqZ76qaAKqgFAAAPgA6Naqk4gAAUgAP8FmIgMYRuBCiBQ4aou MAAHcKu3agCsygIBcKuougO9egC/GgMFgKu3uqoyIAC3uqtHEADFegDMKgLKaqwHUADD6gPK GgC7YEZO0Vqx+mFPwa0wYA8CQADVOgDmCq28aqvXigMBwK4i0KvRugKqegCk+qzaCgPlqq5I 8K62agAlMKrnOgC2egAGkK/Yyq+KQKvq4ELx1AJJ6BAMyxHL0KuoqqztigLC+gMbCwDKOq/0 yq+2CrIs8LFMUAAFcAIdKwLmmrI/IK+8MLHogCyEugLnNE7TSIwi0LEm2wIrywMr+6sCkLEl 0LO2irAv0LNJoLQk8LMAYK4kmwMHkK8uqwP/Q0sCVbtUOStR33oDNYtVJ4gDFamKU4UTJkCt BYC0KuC0OsC2AGCtJUutBDADTHsEcKuy12qxQLCrAwCwO3C3ANC3hri1MfC1A2W4LXCzwWiV ZPsQZlsC9kqwxeqy06qwBVusGVuvG+uskwsAzrqsI3C5PHuwgWusaksCGEuwBmCvInC5+SoA BvCsaSut0Fq5AcC51Tqt2oq50loA6aqr8ZquBFC5BaurWQu57Rq7rYurQru6wPu5Iluttzq3 qGus89q3z4quvhq6x6qtBbus1vu00zsCBFAABkC6pqJcXiePI2FYlflYzUBYGOMMi/WRcKcL 48GF/XJJZZqRp5cs/9UipElppM21WK4VLTdYj4TiSdsgW7JUDpP0TkMRtNBqsdgrApirve2q rKQKvtVqrpyrvayaweZaqrrrsbE7AFFLu8xarAEAuwS7sZervdT7sbZqrdPqu1MLwihswrka w1MbACm8rJhbrypMtADAtr4rvvfKur16rwBbwtX6ttM7AMUarapqAARbAsLbt+e6uqwKw/AK uzicxVtcwuwarMKqsBkKVL2RRmC0duRFluwZXlEpMk8TLOSFMo8ZTeQ4NFODMx8klTEDaq9m DZtQXb+SxyXER4EMUTTUe3MDRuQ0Q+nDoGf7qxbrr87ruSurxJQ7AO+qrgJQub6qtztbqv8C m69aHLfM+rHlWrAmzMNv67eVu6ujHMYeO7Ui0MoCu6s2zMvv+sKsW76eu8JOu8krC8Lfu6zp OsVZHK9OK7gmEM27rK0mG8vbCwCt3Lp+q8a5GrgGMLcrPJWniEUE9JibaRJ8gQdZmpTDQURL 8TaNbEavc1zbqKI4Y5tJqZ1+RDL1nDNipyf8xjwjqC7KpLOZPALyKsTCar67zKxsq7wkALO7 TLAEW8oKy7O8zM1IPAJKm63T2rcX29HUrKyTm68Wfc29XNK4DK1HWwJX7LbIWwJHi8rXzK4Y fbvPysvU7NE27bcmcNLCTMq+2s3dLM7STKoZ3dKI+EMHpEFDI2D/t3Ge7Jk4IVUG2qWij1Im 0QgUCJQUdiKNY3gm71Z0uaGdXGI8eqIMGyQPN2rVCl3RrOu5LmyyEN2rwAuvXCzDworKvTq7 VqzXrMrX2drLVQvR1cyvZFy6t1vXh/20tgytLcuqOI2xpVvDHQvCHLzLKRus34y+AVutr1vC vayuzgqwnf202Pu53ivU4xzUKEDU2qq3N13XFK3UvQy8yorYkHhDInpcb0QRZYMwL+qa/8kI HBpW60NGsuAxzZg3EZEsj/YbWYRz7fA7+ImQ/sw7efHPJSFv8NEow51f2eQ6x+0OTpnE1Ira 7V26uXqsAbu68v2sfvu9pIvf8o2rI4yr/79ctO1NuqZM2sxru7havsdq39Kcq6ubsgOOqj2N vobttu0NurQbvlQs3/QNzfx9uSTwvVjs3/xN3yqMthk+tSBuyoXt3wo0dtrGafTpFTEzp0nG X9XYHPERUe/cSOn2wJXUXdJESDHG4zwpwBj2Z2HwLINhN4MCkTUIpdFdyWFgPbZ0LanAgxiN 0airwoF7sVs8tCTb1B4r5mM+rENrwlyO0ZZNsNjMxp6b5VwO0ir8roWd0f5aqmrur6VM5v76 wlyeuqK85Wbe0R4723AOsneOtGAurWKe6Gd+vXHO0Du9048+5gJA528e6F2Oy2zO6Fvc4qFa IbldBXWLAs760f8Woo2hXiGXbgi4erwnMLKrPutwoeYlu8K0nuu6vuu83uu+/uvAHuzCPuzE XuzGfuzInuzKvuzM3uzO/uzQHu3SPu3UXu3Wfu3Ynu3avu3c3u3e/u3gHu7iPu7kXu7mfu7o nu7qvu79tAARMAHwHgELMALwXu/1vgAOYO/6Pu8noAAToAL6HvD1Lu8jsAAC/+8PIPAPgAIO 8O7xzu8AYO8k4PATgAAFT/ERoAAi4O8HHwEJH/ALTwLwHvIiYPDw7gAjgAD5Xu8oDwAfPwEr r+8AsPIPgAAwXwIjTwImf/MjEPMwb/Ep4O4sD/Q9b+8OAPQrT/QRX+8l7/Atv/MtDwD/HD8B DzD1ETACFB/wRN/wE3/wE7Dz/37xA6/xUg/vEO/y9a7xBk/2JZLvEeAADc/0ACD0cB/3+P72 cV/3b48C7372JSD0DwD3fZ/wb+/wQI8AhA/3hD/374737x71XY/3LF/yOV/w8Y71E+D4Jz/3 MA/3mS/48t74gs/zRU/6iA/vZG/yih/vCCD0EaDyJ//4AIAAfW/zfr/yUX/6E0D2Nt/5Mc/2 JSD6cU/1ItD7dZ/2Um/4Yn/1Bv/29Y4AtJ/5bB/9X6/7EB8Bmn/8bA/vRI/9o3/8Qk/6wu/0 s+/wEO/6Fm/wSi8iBg/5HA/06k/5CpDxlH/4wD8CHH/1Qb/7/8UPAg4CTA8AONNyniU7RSei ypPDstGk4MtEoyaj3u6k47F8KscNMFudVs9aE5cCGk1OGA6gi82EwVTMCMayrtBsLjI8Xd+s B9pXjritv+GvXBvR5YiRVL34ubzMTSQNXVUtngRGjXAZFSX9QOkMtkD5yHWFio6Slpqeoqaq 4uCFzgx9ytysxZZGPByR+iDhIE69aAEsQP2igM4URlWmgO5urWFGKAwV16yJuP5gOWi1huqs 6DRpExfN8LKEbWvV6iUjh/oIc6bZWFZuAV76QCH2HgYTpkiUjR9JBnbxhUZZGSWcIniCtGoi xYoWL3apxkjZCHhEQHVRIMRHwC7OZv9oQaRDDiJJz8zEoydoBDOTRdqxkvgSxy9vGQsO4tYi 2QmRN0RCIjOnzKtsceB085NQ6jyQAn1OjVTw0AglEURgI1GSBMBRLut5WQjgbAt2Mi0pU2ok Isa6du/aFYkurcF52ux9tFVmzyiHP8b9BfW375a/VINYrVmTCI8UhTlpVNdH1BOkNFMSbWtJ SqVibzsTFurlMVw9gkfp0Jp2XKO/j8bi89eFLSEAIh/zRmRZVKxPciEWZY13OfPmvhcuEBeX G2BMVosurm7zgQPpZNVMZRK7xle5eqzGmoyp8tuq6RbOKI+PJw07KFIqB2xfyYruvTjXx4Vq 431DlXrf6MT/ShmSgEOCHN0dJlpWEobC1hV/7RWcFgda594XXkChgHLOkVjiRPHFBEtQe+HU hThM0JHgenAg4cJTwERRxS/DxDRWEBzZ1JVubdAHzU48ZgMFGQO+JdIaP4j4YR0AKgmDaikY SWFcoriBJUFaSBJGLP6gKFYoufm4VoJWijefmme65aM3tYiDnBNZmpinnqY0GJh7cFzyZyhG 5YSnMwl1Mx+ZXBTjQzIR0ueWkSu1AJ12mWHh6E9rbLKhm2npAeUXMlIpCCKedZHCXiQECuhz Mqna2qtiUAoTqETcZpZOsdZAj4YvWNpELQhsgueexyL7Uwkq+lETAjG+QYexuUQj/4qX9DG1 WQsNSeckoJbCgIR9wBKjQzBKPFAbVZri4G0QC6VQiLmC2BkdGmHEoEQhIoEUb07BbNIEsUMq A9jAd0A6sBYDEyEGGTQB9nDB1OATnSaDhJHqfLWSh8mygPpBbWNKjpisySUi9dc12VW3iVou P6nNg9pIpbJfKrAsRMqOcZldHiyIuNi6Pmv8QzA701w0Piil4zI5FQJBWD1GXugH04osFlrB jkWb3SPa8OKs0DjEaHNj2VVKWGK99rX22UAYpi1f1fFjyXUn4+3cAkwkowDffEOzNxMgCR6W MHzL4TcT0Pw9hOIo/D24E5EzAWAJSROHeGGahwR4OpQTpf+4A9AoYCQCnnNWBZI9DIp6UVn+ jUrhkfGdKudw9MDEqpCPbnvkadTOeyGxC2/F7YdLngTf6CxAjbF5Qx+99M3VPTAMd0+fvfbb c9+99xYhEL7445Nfvvnno5+++uuzX/7e4194ffvz01+//ffjn7/++/Pfv//ify+AOGAAAQto wAMiMIEKXCADG+jAB0IQDxGAIAUraMELYjCDGtwgBzvowQ8eUIAiHCEJS2jCE6IwhSpcIQtb 6MIXwjCGMpwhDWtowxviMIc63CEPe+jDHwIxiEIcIhGLaMQjIjGJSlwiE5voxCdCMYpSnCIV q2jFK2Ixi1rcIhe76MUvgjGMYhz/IxnLaMYzojGNalwjG9voxjfCMY5ynCMd62jHO+Ixj3rc Ix/76Mc/AjKQghwkIQtpyEMiMpEYSYAEEqDIRwoRAhSY5CQbWRdKUrIBJWrAJB0JyU/6kJOO ZCQF7CIBCQCAlJokUQIo4ElQwjKHrXylK+vSAFSeQAKrdM4sY+nLG/YSAA2AgCoa8Eoc3JIF uixRMH/pzBi2kpLLTEUtQ5FMYeKSldV8JjdbGExOElOYlczlJDUpyUmGkwWcHCcy2UnKRjbA mJT0JCcl4EpSUsCejlxnNrvpzxE2k5PYPAEEICBKSZ5gm8hEJTjVicuCAkACxIwmAEoJAIja s5QGlegJ/0RZ0Xgq9J8i7V4zW3lRTLoykwk9pkPJucpzUrKiE6XAS+2Jy2sK9AS9zGg6R+rT 7QVUoz1NJQT0WVGWdhSX0XQkRNvJTo7i9KYWTWU1i0rTn2I1e61cJSM1yUlNMlKSCejlVUNx SnXmMwFfTSUqm6rTWp51oAm1pFjXStOwZjWvJoumNHfJT7Wq9KRlJWhg1wnStAq2nBHNZz35 OkqbRnOdFAhnTvVqWR1WtqjLueZlO2tDj+IVLyH1LGlhCNOhlja1ql0ta1vr2tfCNrayna33 murWU1yTkUilLW/zBNNKItWexBRuFySLSZCicqm9Xe6xQGtPFtg2nLd9qye3Kv/XYE6Tudpd TjOrKt3vimKbV81tNbO73fMusprDFEV0w4tU8u4WvfKlCF8Zy17whqK8lFXqaOfrX1V8c7IE fSl+u4DS/VI3l57MqFJPCdz/+jeoJyUwQVF71FwimKqONGo8NRzNcMYVwugtqUWn2d78vpe/ nlTvOVdMz6mKeLsSjiiFL2rhbW4VvivFpiarWU2Txvi81mXrKjl60Yf2862rXKc4R1nWq0J0 rR/tKIyD3Nv62lecjM1kTFm5O846NqPDROeHJXlLdFa0k1ZeM5vKfLW3wznOcp4znets5zvj Oc963jOf++znPwM60IIeNKOIB0hDIzrRiYwumxvt6EcGQzrShAwBADs= --------------AttPart_54315882==.OLA-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Wed Feb 08 23:43:25 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F73eO-0007Cl-Gs for capwap-archive@megatron.ietf.org; Wed, 08 Feb 2006 23:43:25 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA14492 for ; Wed, 8 Feb 2006 23:41:40 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 1AFEB4300C6 for ; Wed, 8 Feb 2006 20:43:19 -0800 (PST) Received: from hermes.tigertech.net (hermes.tigertech.net [64.71.157.146]) by leela.tigertech.net (Postfix) with ESMTP id 01881430048 for ; Wed, 8 Feb 2006 20:42:41 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id E253F80C105 for ; Wed, 8 Feb 2006 20:42:41 -0800 (PST) Received: from huawei.com (usaga01-in.huawei.com [12.129.211.51]) by hermes.tigertech.net (Postfix) with ESMTP id 3F78080C0EE for ; Wed, 8 Feb 2006 20:42:40 -0800 (PST) Received: from huawei.com (usaga01-in [172.18.4.6]) by usaga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IUE009I3KXDRJ@usaga01-in.huawei.com> for Capwap@frascone.com; Wed, 08 Feb 2006 20:39:13 -0800 (PST) Received: from huawei.com ([172.17.1.101]) by usaga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IUE00LI9KXCIH@usaga01-in.huawei.com> for Capwap@frascone.com; Wed, 08 Feb 2006 20:39:13 -0800 (PST) Received: from [172.24.1.3] (Forwarded-For: [10.18.4.151]) by szxmc01-in.huawei.com (mshttpd); Thu, 09 Feb 2006 09:42:25 +0500 Date: Thu, 09 Feb 2006 09:42:25 +0500 From: zhaoyujin 31390 Subject: Re:[Capwap] Issue39 agree "Remove AC address" and recommend "remove hardware version" form "5.2.2 AC Descriptor" To: zhaoyujin 31390 Message-id: <31b46d3173fc.3173fc31b46d@huawei.com> MIME-version: 1.0 X-Mailer: iPlanet Messenger Express 5.2 HotFix 1.25 (built Mar 3 2004) Content-type: text/plain; charset=us-ascii Content-language: zh-CN Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: zh-CN Priority: normal X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Cc: Capwap@frascone.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: 7BIT Hi: I forget to give the reason. Because AP does not use the "AC Hardware Version", I suggest LWAPP can delete it. Another AP does not need the "AC software Version", because "AP firmware version" maybe is not same as "AC software version". In this description, "AP firmware" is provided by AC. So that I suggest to change the description of "Software Version". Best regards Michael > Hi: > > In issue39 give next recommend: > > > >Page 35 -- 5.2.1 AC address > > I do not understand this. It is not useful with a layer 3 > > transport. If using a layer 2 transport then I would assume > > the broadcast or multicast from the Discovery Message would > > have been heard by any other AC's -- so rather than respond > > -- would it not be best to stay silent? > > I also agree with this recommend: We change "5.2.2 AC descriptor" > as following > > > 5.2.2 AC Descriptor > > The AC payload message element is used by the AC to communicate > it's current state. The value contains the following fields. > > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 > 0 1 > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > | Reserved | Software Version ... > | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > | SW Ver | Stations | Limit > | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > | Limit | Radios | Max Radio > | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > | Max Radio | Security | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > > Type: 6 for AC Descriptor > > Length: 14 > > Reserved: MUST be set to zero > > Software Version: A 32-bit integer representing the > corresponding AP's > Firmware version number which is supported by AC. > > Stations: A 16-bit integer representing number of mobile stations > currently associated with the AC > > Limit: A 16-bit integer representing the maximum number of > stations supported by the AC > > Radios: A 16-bit integer representing the number of WTPs currently > attached to the AC > > Max Radio: A 16-bit integer representing the maximum number of > WTPs supported by the AC > > Security: A 8 bit bit mask specifying the security schemes > supported by the AC. The following values are supported (see > Section 10): > > 1 - X.509 Certificate Based > > 2 - Pre-Shared Secret > > > Best regards > Michael > > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap > > Archives: http://lists.frascone.com/pipermail/capwap > _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From chipo@grotek.net Thu Feb 09 12:39:11 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F7Fl9-0002BJ-DG for capwap-archive@megatron.ietf.org; Thu, 09 Feb 2006 12:39:11 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA12381 for ; Thu, 9 Feb 2006 12:37:27 -0500 (EST) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1F7Fxy-0000Ii-1r for capwap-archive@ietf.org; Thu, 09 Feb 2006 12:52:27 -0500 Received: from c-71-57-154-105.hsd1.fl.comcast.net ([71.57.154.105] helo=grotek.net) by mx2.foretec.com with smtp (Exim 4.24) id 1F7Fl2-0007Fm-5X for capwap-archive@ietf.org; Thu, 09 Feb 2006 12:39:04 -0500 Message-ID: <000001c62d9f$b1f85610$6daaa8c0@obedient> Reply-To: "Chipo Dionisio" From: "Chipo Dionisio" To: "Nita Ramero" Subject: Re: nz B news Date: Thu, 9 Feb 2006 12:38:53 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C62D75.C9224E10" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: 0.0 (/) X-Scan-Signature: e8c5db863102a3ada84e0cd52a81a79e This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C62D75.C9224E10 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, http://www.tevisied.com =20 CnIkAlLxIySm h$e3x,x3u3f VmAmLrluUgMq c$j1m,u2p1x ViIsAiGnRgAd o$s3y,b7d5h ------=_NextPart_000_0001_01C62D75.C9224E10 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Hi,
 
CnIkAlLxIySh$e3x,x3u3f
VmAmLrluUgMc$j1m,u2p1x
ViIsAiGnRgAo$s3y,b7d5h
------=_NextPart_000_0001_01C62D75.C9224E10-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Feb 09 15:56:47 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F7IqM-0003dT-On for capwap-archive@megatron.ietf.org; Thu, 09 Feb 2006 15:56:47 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA29767 for ; Thu, 9 Feb 2006 15:55:02 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 1F7A54300AB for ; Thu, 9 Feb 2006 12:56:42 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 4543343008C for ; Thu, 9 Feb 2006 12:56:02 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 30EA5398066 for ; Thu, 9 Feb 2006 12:56:02 -0800 (PST) X-Greylist-Status: Sender first seen 7 days 16:21:15 ago Received: from co300216-ier2.net.avaya.com (co300216-ier2.net.avaya.com [198.152.13.103]) by zoidberg.tigertech.net (Postfix) with ESMTP id 3ED6C398031 for ; Thu, 9 Feb 2006 12:55:57 -0800 (PST) Received: from tierw.net.avaya.com (h198-152-13-100.avaya.com [198.152.13.100]) by co300216-ier2.net.avaya.com (Switch-3.1.7/Switch-3.1.7) with ESMTP id k19JqgSW028076 for ; Thu, 9 Feb 2006 14:52:42 -0500 Received: from cof110avexu1.global.avaya.com (h135-9-6-16.avaya.com [135.9.6.16]) by tierw.net.avaya.com (Switch-3.1.2/Switch-3.1.0) with ESMTP id k19KeUYj021073 for ; Thu, 9 Feb 2006 15:40:30 -0500 (EST) X-MIMEOLE: Produced By Microsoft Exchange V6.0.6603.0 Content-Class: urn:content-classes:message MIME-Version: 1.0 Date: Thu, 9 Feb 2006 13:55:56 -0700 Message-ID: Thread-Topic: The status of Objectives & Evaluation Drafts Thread-index: AcYtuzfOBvPops77RhKIMzMaJ+GzBQ== X-Priority: 1 Priority: Urgent Importance: high From: "Mani, Mahalingam (Mani)" To: X-Scanner: InterScan AntiVirus for Sendmail X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.283 tagged_above=-999 required=7 tests=HTML_90_100, HTML_MESSAGE, X_PRIORITY_HIGH Subject: [Capwap] The status of Objectives & Evaluation Drafts X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1823116779==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com This is a multi-part message in MIME format. --===============1823116779== Content-Class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C62DBB.3903DAF0" This is a multi-part message in MIME format. ------_=_NextPart_001_01C62DBB.3903DAF0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable The Objectives (http://www.ietf.org/internet-drafts/draft-ietf-capwap-objectives-04.txt ) and Evaluation (http://www.ietf.org/internet-drafts/draft-ietf-capwap-eval-00.txt) drafts =20 were submitted to the ADs and IESG on 6th Feb 2006 (pacific). =20 They have been since moved from "Publication Requested" to "AD evaluation" early today (9 feb 2006, Pacific). =20 They have both now passed that stage and advanced to "IESG evaluation" state from "AD evaluation" stage. =20 Regards, -mani =3D=3D=3D=3D=3D=3D =20 ------_=_NextPart_001_01C62DBB.3903DAF0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

The Objectives (http://www.ietf.org/internet-drafts/draft-ietf-capwap-objectives-= 04.txt) and

Evaluation (http://www.ietf.org/internet-drafts/draft-ietf-capwap-eval-00.txt) drafts

 

were submitted to the ADs and IESG on 6th = Feb 2006 (pacific).

 

They have been since moved from “Publication = Requested” to “AD evaluation” early today (9 feb 2006, = Pacific).

 

They have both now passed that stage and advanced to = “IESG evaluation” state from “AD evaluation” = stage.

 

Regards,

-mani

=3D=3D=3D=3D=3D=3D

 

------_=_NextPart_001_01C62DBB.3903DAF0-- --===============1823116779== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline Content-Transfer-Encoding: 7bit _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============1823116779==-- From tedea@sahara.com.sa Fri Feb 10 09:53:05 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F7Zdx-00011C-1n for capwap-archive@megatron.ietf.org; Fri, 10 Feb 2006 09:53:05 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA25267 for ; Fri, 10 Feb 2006 09:51:07 -0500 (EST) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1F7Zqi-0003Il-Kn for capwap-archive@ietf.org; Fri, 10 Feb 2006 10:06:18 -0500 Received: from cm-81-9-170-124.telecable.es ([81.9.170.124] helo=sahara.com.sa) by mx2.foretec.com with smtp (Exim 4.24) id 1F7Zdf-0002X0-TN for capwap-archive@ietf.org; Fri, 10 Feb 2006 09:52:48 -0500 Message-ID: <000001c62e51$9bd0f830$255ea8c0@girlish> Reply-To: "Aileen Tedesco" From: "Aileen Tedesco" To: "Leokadia Dunstan" Subject: Re: zx p news Date: Fri, 10 Feb 2006 09:52:26 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C62E27.B2FAF030" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: 3.5 (+++) X-Scan-Signature: 2bf730a014b318fd3efd65b39b48818c This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C62E27.B2FAF030 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, http://www.seewete.com =20 CqIhAoLgIfSn a$n3n,b3p3i VaIhAvGqRyAd y$x3c,o7e5s VoAxLolzUoMc t$p1y,l2h1b ------=_NextPart_000_0001_01C62E27.B2FAF030 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Hi,
 
CqIhAoLgIfSa$n3n,b3p3i
VaIhAvGqRyAy$x3c,o7e5s
VoAxLolzUoMt$p1y,l2h1b
------=_NextPart_000_0001_01C62E27.B2FAF030-- From aieytakara@dvstest.net.ua Sat Feb 11 07:05:06 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F7tUw-0002id-Oq for capwap-archive@megatron.ietf.org; Sat, 11 Feb 2006 07:05:06 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA00030 for ; Sat, 11 Feb 2006 07:03:21 -0500 (EST) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1F7ti2-0003NV-J8 for capwap-archive@ietf.org; Sat, 11 Feb 2006 07:18:45 -0500 Received: from [221.127.11.67] (helo=dvstest.net.ua) by mx2.foretec.com with smtp (Exim 4.24) id 1F7tUj-0002VA-SK for capwap-archive@ietf.org; Sat, 11 Feb 2006 07:04:54 -0500 Message-ID: <000001c62f03$5ad98510$cb67a8c0@southing> Reply-To: "Takara Aiello" From: "Takara Aiello" To: "Teofilo Estabrook" Subject: Re: 3p K news Date: Sat, 11 Feb 2006 07:04:48 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C62ED9.72037D10" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: 2.3 (++) X-Scan-Signature: e8c5db863102a3ada84e0cd52a81a79e This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C62ED9.72037D10 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, http://www.mitrigia.com =20 VkIfAgGtRzAl w$f3l,v7x5y CiIsAnLqIySb f$s3y,b3u3p ViAwLmllUbMk e$r1c,c2d1b ------=_NextPart_000_0001_01C62ED9.72037D10 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Hi,
 
VkIfAgGtRzAw$f3l,v7x5y
CiIsAnLqIySf$s3y,b3u3p
ViAwLmllUbMe$r1c,c2d1b
------=_NextPart_000_0001_01C62ED9.72037D10-- From nezbayerl@ut.ee Sun Feb 12 20:01:06 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F8S5S-0007wR-HJ for capwap-archive@megatron.ietf.org; Sun, 12 Feb 2006 20:01:06 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA28577 for ; Sun, 12 Feb 2006 19:59:20 -0500 (EST) Received: from [211.196.223.130] (helo=ut.ee) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1F8SIq-000406-E6 for capwap-archive@ietf.org; Sun, 12 Feb 2006 20:15:04 -0500 Message-ID: <000001c63038$e61b79e0$dd17a8c0@Kentish> Reply-To: "Neza Bayerl" From: "Neza Bayerl" To: "Claus Ewalt" Subject: H news 143I Date: Sun, 12 Feb 2006 20:00:36 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C6300E.FD4571E0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: 0.0 (/) X-Scan-Signature: e8c5db863102a3ada84e0cd52a81a79e This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C6300E.FD4571E0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, http://www.itecamethe.com =20 CjInAqLbIrSz g$e3j,z3k3k VgIyAkGeRqAn d$w3x,u7r5i VnAbLelzUlMw g$h1o,p2q1i ------=_NextPart_000_0001_01C6300E.FD4571E0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Hi,
 
CjInAqLbIrSg$e3j,z3k3k
VgIyAkGeRqAd$w3x,u7r5i
VnAbLelzUlMg$h1o,p2q1i
------=_NextPart_000_0001_01C6300E.FD4571E0-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 13 06:54:53 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F8cI9-0003ge-9M for capwap-archive@megatron.ietf.org; Mon, 13 Feb 2006 06:54:53 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA12104 for ; Mon, 13 Feb 2006 06:53:06 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id AEA5C4300D1 for ; Mon, 13 Feb 2006 03:54:50 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id C49FC430063 for ; Mon, 13 Feb 2006 03:54:13 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id A3CFB39801E for ; Mon, 13 Feb 2006 03:54:13 -0800 (PST) Received: from gateout02.mbox.net (gateout02.mbox.net [165.212.64.22]) by zoidberg.tigertech.net (Postfix) with ESMTP id 97329398074 for ; Mon, 13 Feb 2006 03:54:07 -0800 (PST) Received: from gateout02.mbox.net (gateout02.mbox.net [165.212.64.22]) by gateout02.mbox.net (Postfix) with ESMTP id 837C916C8 for ; Mon, 13 Feb 2006 11:54:04 +0000 (GMT) Received: from gateout02.mbox.net [127.0.0.1] by gateout02.mbox.net via mtad (C8.MAIN.3.27E) with ESMTP id 203kBmL3c0310Mo2; Mon, 13 Feb 2006 11:54:03 GMT Received: from gateout02.mbox.net [127.0.0.1] by gateout02.mbox.net via mtad (C8.MAIN.3.27E) with ESMTP id 200kBmL3B0310Mo2; Mon, 13 Feb 2006 11:54:00 GMT X-USANET-Routed: 2 gwsout-vs R:localhost:1825 Received: from GW2.EXCHPROD.USA.NET [165.212.116.254] by gateout02.mbox.net via smtad (C8.MAIN.3.27I); Mon, 13 Feb 2006 11:54:00 GMT X-USANET-Source: 165.212.116.254 IN skh@nexthop.com GW2.EXCHPROD.USA.NET X-USANET-MsgId: XID597kBmL3B9274Xo2 Received: from VS4.EXCHPROD.USA.NET ([10.116.208.141]) by GW2.EXCHPROD.USA.NET with Microsoft SMTPSVC(6.0.3790.211); Mon, 13 Feb 2006 04:54:00 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Mon, 13 Feb 2006 04:53:58 -0700 Message-ID: <6F44D7F6B24A8F4DA0AB46C9BE924F02035224E6@VS4.EXCHPROD.USA.NET> Thread-Topic: Comments on the DTLS text Thread-index: AcYwlCtm7l0Oh5iaTdm3XSLw4yokMA== From: "Susan Hares" To: X-OriginalArrivalTime: 13 Feb 2006 11:54:00.0730 (UTC) FILETIME=[2DBD1FA0:01C63094] X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.001 tagged_above=-999 required=7 tests=HTML_MESSAGE Subject: [Capwap] Comments on the DTLS text X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1616428123==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com This is a multi-part message in MIME format. --===============1616428123== Content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C63094.2D8F45E7" This is a multi-part message in MIME format. ------_=_NextPart_001_01C63094.2D8F45E7 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Scott: =20 Please consider the following changes to the DTLS draft:=20 =20 2.1.1) DTLS error statements=20 =20 From a high level, simple replacement of the LWAPP security mechanisms with DTLS amounts to something like this: =20 1. Replace the JOIN phase with DTLS session establishment 2. Replace LWAPP re-key functionality with a DTLS re-key 3. Remove the existing LWAPP security scheme =20 This amounts to employing DTLS as a tightly-integrated secure wrapper =20 Have you completed the next version of the draft?=20 I have not seen any update to the draft. =20 Thank-you,=20 =20 =20 Sue Hares =20 =20 ------_=_NextPart_001_01C63094.2D8F45E7 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Scott:

 

Please consider the following changes to the DTLS draft: =

 

2.1.1) DTLS error statements

 

   From a high level, simple replacement of the LWAPP = security

   mechanisms with DTLS amounts to something like = this:

 

   1.  Replace the JOIN phase with DTLS session = establishment

   2.  Replace LWAPP re-key functionality with a = DTLS re-key

   3.  Remove the existing LWAPP security = scheme

 

   This amounts to employing DTLS as a = tightly-integrated secure

   wrapper

 

Have you completed the next version of the draft? =

I have not seen any update to the = draft.

 

Thank-you,

 

 

Sue Hares  

 

------_=_NextPart_001_01C63094.2D8F45E7-- --===============1616428123== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline Content-Transfer-Encoding: 7bit _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============1616428123==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 13 08:17:55 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F8daS-0004fn-Rm for capwap-archive@megatron.ietf.org; Mon, 13 Feb 2006 08:17:55 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA18717 for ; Mon, 13 Feb 2006 08:16:05 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 06D354300F9 for ; Mon, 13 Feb 2006 05:17:50 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 9E4EC4302D6 for ; Mon, 13 Feb 2006 05:15:53 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 8D648398073 for ; Mon, 13 Feb 2006 05:15:53 -0800 (PST) Received: from rwcrmhc14.comcast.net (rwcrmhc14.comcast.net [204.127.192.84]) by zoidberg.tigertech.net (Postfix) with ESMTP id 7E836398010 for ; Mon, 13 Feb 2006 05:15:49 -0800 (PST) Received: from [192.168.128.4] (c-24-6-207-154.hsd1.ca.comcast.net[24.6.207.154]) by comcast.net (rwcrmhc14) with ESMTP id <20060213131548m1400dgm3ee>; Mon, 13 Feb 2006 13:15:49 +0000 Message-ID: <43F08684.1010003@hyperthought.com> Date: Mon, 13 Feb 2006 05:15:48 -0800 From: Scott G Kelly User-Agent: Mozilla Thunderbird 1.0.7-1.1.fc4 (X11/20050929) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Susan Hares Subject: Re: [Capwap] Comments on the DTLS text References: <6F44D7F6B24A8F4DA0AB46C9BE924F02035224E6@VS4.EXCHPROD.USA.NET> In-Reply-To: <6F44D7F6B24A8F4DA0AB46C9BE924F02035224E6@VS4.EXCHPROD.USA.NET> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Cc: capwap@frascone.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: 7bit Hi Sue, I think something was lost in the translation below. 2.1.1 is currently "Separate Control/Data Channel Ports", but I'm not sure what you're recommending below; please clarify. As for the edits, Eric I spent a fair amount of time reviewing and discussing the suggested updates, and I started to edit the text, in some cases dropping in your text with minor editing. A short way into this exercise it ocurred to me that in the interest of efficiency, it might be better to take a slightly different approach. Both you and Nancy have raised a number of questions/concerns. Some are answered very simply, and may or may not require new text (or if they do, we should be careful to make sure it's the *right* text). Some can be addressed with text you provided. Others require some discussion. And some seem to be due to misunderstandings about how dtls works and how it would be integrated. In any event, rather than release another rev of the draft which may not adequately address your and Nancy's concerns, wait for inlined comments, and then repeating this exercise again, I'm thinking we should just discuss the issues individually here on the list, and once they are taken to closure, roll in the corresponding text. To that end, I'll follow this email with a series of emails opening threads on each discussion point. Let's try to get this rapidly closed so we can get to final text asap. Scott Susan Hares wrote: > Scott: > > > > Please consider the following changes to the DTLS draft: > > > > 2.1.1) DTLS error statements > > > > From a high level, simple replacement of the LWAPP security > > mechanisms with DTLS amounts to something like this: > > > > 1. Replace the JOIN phase with DTLS session establishment > > 2. Replace LWAPP re-key functionality with a DTLS re-key > > 3. Remove the existing LWAPP security scheme > > > > This amounts to employing DTLS as a tightly-integrated secure > > wrapper > > > > Have you completed the next version of the draft? > > I have not seen any update to the draft. > > > > Thank-you, > > > > > > Sue Hares > > > > > ------------------------------------------------------------------------ > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap > > Archives: http://lists.frascone.com/pipermail/capwap _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 13 08:53:04 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F8e8U-0006VG-31 for capwap-archive@megatron.ietf.org; Mon, 13 Feb 2006 08:53:03 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA21127 for ; Mon, 13 Feb 2006 08:51:15 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 688DA43010C for ; Mon, 13 Feb 2006 05:53:00 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id AE6ED43006D for ; Mon, 13 Feb 2006 05:52:35 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 98075398043 for ; Mon, 13 Feb 2006 05:52:35 -0800 (PST) Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.192.81]) by zoidberg.tigertech.net (Postfix) with ESMTP id 52415398073 for ; Mon, 13 Feb 2006 05:52:33 -0800 (PST) Received: from [192.168.128.4] (c-24-6-207-154.hsd1.ca.comcast.net[24.6.207.154]) by comcast.net (rwcrmhc11) with ESMTP id <20060213135232m1100o3810e>; Mon, 13 Feb 2006 13:52:32 +0000 Message-ID: <43F08F20.3010701@hyperthought.com> Date: Mon, 13 Feb 2006 05:52:32 -0800 From: Scott G Kelly User-Agent: Mozilla Thunderbird 1.0.7-1.1.fc4 (X11/20050929) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Susan Hares , capwap Content-Type: text/plain; charset=UTF-8; format=flowed X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Subject: [Capwap] lwapp-dtls: section 2 - dtls potential errors X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by ietf.org id IAA21127 This is the first in a series of email threads discussing issues Sue raised with the current lwapp-dtls draft. A minor point of clarification. DTLS/TLS refers to session establishment=20 as the "handshake", and rekeying as a "rehandshake". We should use that=20 terminology from now on to avoid confusion. In section 2, "Inserting DTLS", you point out that dtls can encounter errors or receive "Alert" messages due to errors encountered by a peer, and ask how these errors will be handled. Here is the text you inlined in the draft, with my comments inlined.... > DTLS can encounter errors or cause Alert messages. This section descri= bes > the interface between DTLS and LWAPP to process the errors and alerts. >=20 > 2.1) DTLS potential errors=20 >=20 > DTLS uses all of the same handshake messages and flows as TLS, > with three principal changes: >=20 > 1. A stateless cookie exchange has been added to prevent > denial of service attacks. >=20 > 2. Modifications to the handshake header to handle message > loss, reordering and fragmentation. >=20 > 3. Retransmission timers to handle message loss. >=20 > Each of these new features can cause the DTLS connection to fail.=20 >=20 >=20 > 2.1.1) DTLS Cookie Exchange Failure causes dropping of DTLS session =20 > Sequence (per DTLS):=20 >=20 > Client (WTP) Server (AC) > ------ ------ > ClientHello ------> >=20 > <----- HelloVerifyRequest > (contains cookie) >=20 > ClientHello ------> > (with cookie) > (Bad cookie determination)=20 > [please fill in DTLS action]=20 >=20 >=20 > Detection:=20 >=20 > Once the client has transmitted the ClientHello message with the cookie > the server validates the cookie. If the cookie is bad, the server > a)disconnects the client [option a] > b)allows the client another n tries by sending > HelloVerifyRequest(cookie)=20 > c)Awaits a retransmission of the ClientHello >=20 > (note: DTLS needs to specify the action here)=20 > > Signal to LWAPP: > > Error action State in LWAPP Action > a) Disconnect DTLS-init ??? > DTLS-rekey > > b)Another retry DTLS-init ??? > After send DTLS-rekey ??? > the DTLS message > HelloVerifyRequest > > c) Wait ClientHello DTLS-init ??? > DTLS-rekey > > New Action by LWAPP: > > Discovery state: > 1) Drop DTLS connection in discovery state > 2) Keep LWAPP in Discovery state while awaiting DTLS drop. > > DTLS Rekey state: > (please specify) > > (please follow through to check all interaction with other states). > An important point here: in many (if not all) cases, dtls will not be a=20 black box that is dropped into capwap implementations. In some cases,=20 folks may choose to implement from scratch, and in others, they might=20 choose to use openssl or some other library. Different libraries may=20 implement APIs in their own idiosyncratic way, so we need to be careful=20 about overspecification here (and not specify APIs). That said, assuming a UDP transport and openssl, each end will open a=20 socket from which they read and write, and errors will be returned by=20 read and write operations. In openssl, the application calls=20 SSL_get_error() to determine the particular error. Arguably, bad cookies=20 should be ignored (due to the DoS implications), but the application is=20 completely free to define its own behavior. Since DTLS hello exchange is stateless, option (a) is not possible, and=20 likewise, since (b) would require statefulness I don't think that's a=20 good idea. I would suggest ignoring (or at most, logging) invalid=20 cookies (option c). > 2.1.2) DTLS Fragmentation errors >=20 > a) Description in DTLS of fragmentation requirements:=20 >=20 > =E2=80=9CWhen transmitting the handshake message, the sender divides > the message into a series of N contiguous data ranges. These > range MUST NOT be larger than the maximum handshake fragment > size and MUST jointly contain the entire handshake message. > The ranges SHOULD NOT overlap.=E2=80=9D >=20 > Action upon Failure:=20 > If a fragmented messages should fail the above constrains, > LWAPP will be signaled with: xxx (fill in blank)=20 Again, this may be an API issue. Keep in mind that dtls implements=20 reliable delivery during the handshake phase (and only then). So,=20 there's a timer set on both sides. Also, record layer fragmentation may=20 *only* occur during the handshake, and not afterwards. DTLS fragmentation (in the Handshake only, described in 4.2.3) is=20 subject to automatic fragmentation and reassembly. Only complete=20 Handshake Messages are processed by the Handshake layer, so incomplete=20 messages are treated as if the message was never received. > b) DTLS client reception of handshake problems with recombining=20 fragments of messages >=20 > DTLS Text: =20 > =E2=80=9CWhen a DTLS implementation receives a handshake message > fragment, it MUST buffer it until it has the entire handshake > message. DTLS implementations MUST be able to handle > overlapping fragment ranges. This allows senders to retransmit > handshake messages with smaller fragment sizes during path MTU > discovery.=E2=80=9D=20 >=20 > Failures:=20 > 1)Buffer overflow with all message=20 > 2)DTLS timeout with messages still pending > 3)LWAPP timeout with DTLS still waiting for messages. >=20 > Action upon Failure:=20 > Please specify=20 >=20 > LWAPP action upon signal:=20 > (please fill in) for the DTLS init and re-keying states >=20 > Signal to LWAPP for fragmentation=20 >=20 > Error action State in LWAPP Action=20 > a) Fragmentation DTLS-init ??? > error DTLS-rekey >=20 > b)fragment DTLS-init ??? > recombine error DTLS-rekey ??? > 1)buffer overflow > 2)DTLS timeout=20 > 3)LWAPP timeout=20 >=20 > (please specify errorsO=20 This is pretty much the same discussion as above, and the dtls return=20 value depends on the implementation. In openssl, the socket read will=20 return an error, and lwapp could use SSL_get_error() to determine the=20 particular error. I would assume that upon any of these errors, AC lwapp=20 would either return to the discovery state, and WTP would choose the=20 next suitable AC and try again. This is no different than errors=20 encountered during session establishment by the current lwapp=20 implementations. >=20 > 2.1.3a) DTLS Message Lost Fail causes delayed success=20 >=20 > Sequence per DTLS doc:=20 >=20 > Client (WTP) Server (AC)=20 > ------ ------ > ClientHello ------> >=20 > X<-- HelloVerifyRequest > (lost) >=20 > [Timer Expires]=20 >=20 > ClientHello ------> > (retransmit) >=20 > [LWAPP Wait Join timer expires]=20 > =EF=83=9F-----HelloVerifyRequest > (OK) >=20 > Detection:=20 >=20 > Once the client has transmitted the ClientHello message, it > expects to see a HelloVerifyRequest from the server. However, > if the server's message is lost the client knows that either > the ClientHello or the HelloVerifyRequest has been lost and > retransmits. When the server receives the retransmission, it > knows to retransmit. The server also maintains a > retransmission timer and retransmits when that timer expires. >=20 >=20 > Signal to LWAPP: Signal that Hello Verify has been received in=20 > =09 > Action by LWAPP: Drop DTLS connection in discovery state.=20 > Keep LWAPP in Discovery state while awaiting DTLS drop. >=20 Again, there are API issues here. Openssl can call a client callback=20 function once the session is established, and lwapp has the option to=20 abort the session establishment at any point using a function call. Why=20 should dtls signal each step in its protocol, rather than just session=20 establishment? > 2.2) Alert messages >=20 >=20 > DTLS Alert Message Generation (from DTLS)=20 >=20 > Note that Alert messages are not retransmitted at all, even > when they occur in the context of a handshake. However, a DTLS > implementation SHOULD generate a new alert message if the > offending record is received again (e.g., as a retransmitted > handshake message). Implementations SHOULD detect when a peer > is persistently sending bad messages and terminate the local > connection state after such misbehavior is detected. >=20 > Indication to LWAPP that Alert message has been sent:=20 > (please fill in)=20 >=20 > Impact on LWAPP state machine: (please fill in)=20 Again, API issues. Openssl will return a read/write error, which lwapp=20 can obtain using SSL_get_error() - other implementations would do=20 something similar. Scott _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 13 08:56:54 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F8eCE-0007xf-CW for capwap-archive@megatron.ietf.org; Mon, 13 Feb 2006 08:56:54 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA21336 for ; Mon, 13 Feb 2006 08:55:07 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 281B54300B2 for ; Mon, 13 Feb 2006 05:56:53 -0800 (PST) Received: from he84-x.tigertech.net (he84-x.tigertech.net [64.62.142.84]) by leela.tigertech.net (Postfix) with ESMTP id 83A6843008F for ; Mon, 13 Feb 2006 05:56:33 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 6A41580C15A for ; Mon, 13 Feb 2006 05:56:33 -0800 (PST) Received: from rwcrmhc14.comcast.net (rwcrmhc14.comcast.net [216.148.227.154]) by hermes.tigertech.net (Postfix) with ESMTP id A734E80C155 for ; Mon, 13 Feb 2006 05:56:29 -0800 (PST) Received: from [192.168.128.4] (c-24-6-207-154.hsd1.ca.comcast.net[24.6.207.154]) by comcast.net (rwcrmhc14) with ESMTP id <20060213135629m1400de0dce>; Mon, 13 Feb 2006 13:56:29 +0000 Message-ID: <43F0900C.5050209@hyperthought.com> Date: Mon, 13 Feb 2006 05:56:28 -0800 From: Scott G Kelly User-Agent: Mozilla Thunderbird 1.0.7-1.1.fc4 (X11/20050929) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Susan Hares , capwap Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Subject: [Capwap] lwapp-dtls: section 2.3, State Machine Modifications to LWAPP X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: 7bit In section 2.3, you suggest the following text: ------------ Discovery to Discovery (b): WTP: DTLS Negotiation Failure shall be ignored when received in Discovery phase. DTLS Success indications shall require that LWAPP drop the DLTS connection and await confirmation from DTLS machine. ------------ I don't understand how the WTP could receive a DTLS negotiation failure when in discovery phase. Since the WTP must act as the client in such negotiations (just like the current lwapp implementation), no negotation will be in progress until it transitions to dtls-init. --Scott _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 13 09:01:41 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F8eGr-0008Mc-Eh for capwap-archive@megatron.ietf.org; Mon, 13 Feb 2006 09:01:41 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA21563 for ; Mon, 13 Feb 2006 08:59:54 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 341124300BF for ; Mon, 13 Feb 2006 06:01:40 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 5295643006D for ; Mon, 13 Feb 2006 06:01:19 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 404463980A4 for ; Mon, 13 Feb 2006 06:01:19 -0800 (PST) Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [216.148.227.151]) by zoidberg.tigertech.net (Postfix) with ESMTP id 1EA1B3980A0 for ; Mon, 13 Feb 2006 06:01:13 -0800 (PST) Received: from [192.168.128.4] (c-24-6-207-154.hsd1.ca.comcast.net[24.6.207.154]) by comcast.net (rwcrmhc11) with ESMTP id <20060213140112m1100od92ee>; Mon, 13 Feb 2006 14:01:12 +0000 Message-ID: <43F09128.7000504@hyperthought.com> Date: Mon, 13 Feb 2006 06:01:12 -0800 From: Scott G Kelly User-Agent: Mozilla Thunderbird 1.0.7-1.1.fc4 (X11/20050929) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "'Nancy Winget (ncamwing)'" , capwap Content-Type: text/plain; charset=windows-1252; format=flowed X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Subject: [Capwap] lwapp-dtls: section 2 - Inserting DTLS X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by ietf.org id IAA21563 Here is your inserted text: > 1.Replace the JOIN phase with DTLS session establishment >=20 > 2.Replace LWAPP re-key functionality with a DTLS re-key >=20 > 3.Remove the existing LWAPP security scheme >=20 > [NCW] How will we be able to distinguish and thus enable appropriate > authorization policies that the DTLS session establishment, rekey and > reset are specific to this application (e.g. LWAPP)? While (D)TLS > enables authentication, how does it=92s use in this application enforce > that the TLS =93client=94 is authorized to act as a WTP and conversely > the TLS =93server=94 is an authorized=20 This is precisely the problem faced by the current lwapp scheme. One=20 option would be to cut/paste the text from section 10.4 of the current=20 lwapp doc. Your thoughts? Scott _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 13 09:04:27 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F8eJX-0001Lb-Mv for capwap-archive@megatron.ietf.org; Mon, 13 Feb 2006 09:04:27 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA21878 for ; Mon, 13 Feb 2006 09:02:41 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 79BBF4300C1 for ; Mon, 13 Feb 2006 06:04:26 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 20BAB43009F for ; Mon, 13 Feb 2006 06:03:59 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 10C84398071 for ; Mon, 13 Feb 2006 06:03:59 -0800 (PST) Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [216.148.227.151]) by zoidberg.tigertech.net (Postfix) with ESMTP id 0CDE7398010 for ; Mon, 13 Feb 2006 06:03:56 -0800 (PST) Received: from [192.168.128.4] (c-24-6-207-154.hsd1.ca.comcast.net[24.6.207.154]) by comcast.net (rwcrmhc11) with ESMTP id <20060213140356m1100o7lqbe>; Mon, 13 Feb 2006 14:03:56 +0000 Message-ID: <43F091CC.8050606@hyperthought.com> Date: Mon, 13 Feb 2006 06:03:56 -0800 From: Scott G Kelly User-Agent: Mozilla Thunderbird 1.0.7-1.1.fc4 (X11/20050929) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "'Nancy Winget (ncamwing)'" , capwap Content-Type: text/plain; charset=windows-1252; format=flowed X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Subject: [Capwap] lwapp-dtls: state machine question 1 X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by ietf.org id JAA21878 Here's your inline text: > Discovery to DTLS-Init (f): This state is used by the WTP to confirm > its commitment to an AC that it wishes to be provided service, and t= o > simultaneously establish a secure control channel. >=20 > WTP: The WTP selects the best AC based on the information it > gathered during the Discovery Phase. It then initiates a DTLS > connection with its preferred AC. The WTP starts the WaitJoin > Timer. > [NCW] By this, I believe you are implying that the WTP acts as the TLS=20 >"client=94 while the AC acts as the TLS =93server=94? This will have t= o be a > hard requirement to ensure the roles are explicitly defined and allow > for appropriate authorization policies to be employed. Yes, the WTP is a dtls client and the AC is the server - just like the=20 current lwapp implementation. We can add explicit text to make this=20 clear - will that address the question? Scott _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 13 09:09:45 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F8eOf-0002pp-0p for capwap-archive@megatron.ietf.org; Mon, 13 Feb 2006 09:09:45 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA22309 for ; Mon, 13 Feb 2006 09:07:58 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id A3E5A4300AF for ; Mon, 13 Feb 2006 06:09:43 -0800 (PST) Received: from he84-x.tigertech.net (he84-x.tigertech.net [64.62.142.84]) by leela.tigertech.net (Postfix) with ESMTP id 72BDC43006D for ; Mon, 13 Feb 2006 06:09:20 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 60DA080C149 for ; Mon, 13 Feb 2006 06:09:20 -0800 (PST) Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net [216.148.227.153]) by hermes.tigertech.net (Postfix) with ESMTP id C124280C103 for ; Mon, 13 Feb 2006 06:09:19 -0800 (PST) Received: from [192.168.128.4] (c-24-6-207-154.hsd1.ca.comcast.net[24.6.207.154]) by comcast.net (rwcrmhc13) with ESMTP id <20060213140918m1300rj7vje>; Mon, 13 Feb 2006 14:09:19 +0000 Message-ID: <43F0930E.20605@hyperthought.com> Date: Mon, 13 Feb 2006 06:09:18 -0800 From: Scott G Kelly User-Agent: Mozilla Thunderbird 1.0.7-1.1.fc4 (X11/20050929) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "'Nancy Winget (ncamwing)'" , capwap Content-Type: text/plain; charset=windows-1252; format=flowed X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Subject: [Capwap] lwapp-dtls: state machine question 2 X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by ietf.org id JAA22309 > AC: The AC enters this state for the given WTP upon reception of = a > DTLS initialization request. The AC processes the request and > responds by engaging in DTLS negotiation with the WTP. > [NCW] What is a DTLS initialization request? I can=92t quite seem to m= ap > the state machines defined in the draft-rescola-dtls-05.txt to the >DTLS-Init and DTLS-Complete states above. Can you please elaborate=20 further > on these? How are the DTLS/TLS state machine and packet flow map=20 into the > 2 boxes as you state above? Sorry, poor choice of language. From now on, I'll use the TLS/DTLS=20 terminology, rather than trying to map onto the exising lwapp exchange=20 language. The dtls "initialization request" is actually the ClientHello. The=20 dtls-complete state is entered when the "Finish" message is received,=20 and the session is established. The successful completion of the dtls=20 handshake triggers the transition. One option would be to explicitly add=20 these states to the diagram, but then if dtls changes, this must too. --Scott _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 13 09:16:12 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F8eUt-0005EK-U7 for capwap-archive@megatron.ietf.org; Mon, 13 Feb 2006 09:16:12 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA22639 for ; Mon, 13 Feb 2006 09:14:25 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id AFC4E43006D for ; Mon, 13 Feb 2006 06:16:10 -0800 (PST) Received: from he84-x.tigertech.net (he84-x.tigertech.net [64.62.142.84]) by leela.tigertech.net (Postfix) with ESMTP id 4057F43006D for ; Mon, 13 Feb 2006 06:15:50 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 2A01880C14D for ; Mon, 13 Feb 2006 06:15:50 -0800 (PST) Received: from rwcrmhc14.comcast.net (rwcrmhc14.comcast.net [204.127.192.84]) by hermes.tigertech.net (Postfix) with ESMTP id 9240680C103 for ; Mon, 13 Feb 2006 06:15:49 -0800 (PST) Received: from [192.168.128.4] (c-24-6-207-154.hsd1.ca.comcast.net[24.6.207.154]) by comcast.net (rwcrmhc14) with ESMTP id <20060213141548m1400di9bke>; Mon, 13 Feb 2006 14:15:48 +0000 Message-ID: <43F09494.8050207@hyperthought.com> Date: Mon, 13 Feb 2006 06:15:48 -0800 From: Scott G Kelly User-Agent: Mozilla Thunderbird 1.0.7-1.1.fc4 (X11/20050929) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "'Nancy Winget (ncamwing)'" , capwap Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Subject: [Capwap] lwapp-dtls: state machine question 3 X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: 7bit > DTLS-Init to DTLS-Complete (z): This state is used to indicate DTLS > session establishment. > > WTP: This state is entered when the WTP and AC complete DTLS > negotiation. > > AC: This state is entered when the WTP and AC complete DTLS > negotiation. > [NCW] Under what conditions does DTLS-Init return to the idle state? > This needs to be described. There are error conditions that have > to be reflected and described for DTLS as TLS records may fail and > in general, the authentication may fail for different reasons which > should also be described in this draft. Any handshake failure returns the lwapp to the idle state. General record failures result in dropped messages, and how lwapp finds out about this is probably implementation specific (as described in a response to one of Sue's questions). Should we add text here describing how lwapp responds to errors, or does that belong in lwapp proper? > [NCW] Why does the state diagram show a DTLS-Init to Image data? > It appears that the DTLS session establishment has not completed > until the DTLS-Complete state is reached. Jumping to Image Data > from DTLS-Init is a security violation as that allows WTP > image updates without a proper security association. This was intended to provide an upgrade path (and signed images was assumed), but per an earlier list discussion, this will be removed. Scott _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 13 09:19:17 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F8eXt-0005rU-L0 for capwap-archive@megatron.ietf.org; Mon, 13 Feb 2006 09:19:17 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA22868 for ; Mon, 13 Feb 2006 09:17:30 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 124F04300EB for ; Mon, 13 Feb 2006 06:19:16 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 6698B43006D for ; Mon, 13 Feb 2006 06:18:42 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 4C42D39809C for ; Mon, 13 Feb 2006 06:18:42 -0800 (PST) Received: from rwcrmhc14.comcast.net (rwcrmhc14.comcast.net [204.127.192.84]) by zoidberg.tigertech.net (Postfix) with ESMTP id 292A7398043 for ; Mon, 13 Feb 2006 06:18:39 -0800 (PST) Received: from [192.168.128.4] (c-24-6-207-154.hsd1.ca.comcast.net[24.6.207.154]) by comcast.net (rwcrmhc14) with ESMTP id <20060213141838m1400dca8ve>; Mon, 13 Feb 2006 14:18:38 +0000 Message-ID: <43F0953E.2000406@hyperthought.com> Date: Mon, 13 Feb 2006 06:18:38 -0800 From: Scott G Kelly User-Agent: Mozilla Thunderbird 1.0.7-1.1.fc4 (X11/20050929) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "'Nancy Winget (ncamwing)'" , capwap Content-Type: text/plain; charset=windows-1252; format=flowed X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Subject: [Capwap] dtls-lwapp: question 4 X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by ietf.org id JAA22868 > Run to DTLS-Reset (u): This state is used to when the AC or WTP wish > to tear down the connection. >=20 >=20 > WTP: The WTP enters this state when it wishes to initiate orderly > termination of the DTLS connection; the WTP sends the a TLS > Finished message. >=20 >=20 > AC: The AC enters this state upon receipt of TLS Finished message > from the WTP. >=20 > [NCW] How does LWAPP as an application would trigger the TLS finished? >From a security standpoint, the AC must effectively block all LWAPP=20 traffic > as well, isn=92t that what the original Reset state was intended for? > What is the distinction between the DTLS-Reset and Reset state? LWAPP cannot trigger a dtls-finished, it is part of the handshake. Since=20 the protocol is connectionless, the session may be torn down before the=20 application realizes it (the app may have to attempt a read/write to=20 determine there is an error). The dtls-reset state indicates this. Scott _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 13 09:47:14 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F8eyw-0006FQ-T5 for capwap-archive@megatron.ietf.org; Mon, 13 Feb 2006 09:47:14 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA25977 for ; Mon, 13 Feb 2006 09:45:29 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 7D9B84300D5 for ; Mon, 13 Feb 2006 06:47:11 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id BD7B8430063 for ; Mon, 13 Feb 2006 06:46:50 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id AC6C53980A6 for ; Mon, 13 Feb 2006 06:46:50 -0800 (PST) Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [204.127.192.82]) by zoidberg.tigertech.net (Postfix) with ESMTP id 0B4CD3980A5 for ; Mon, 13 Feb 2006 06:46:45 -0800 (PST) Received: from [192.168.128.4] (c-24-6-207-154.hsd1.ca.comcast.net[24.6.207.154]) by comcast.net (rwcrmhc12) with ESMTP id <20060213144644m1200d69khe>; Mon, 13 Feb 2006 14:46:44 +0000 Message-ID: <43F09BD3.2090103@hyperthought.com> Date: Mon, 13 Feb 2006 06:46:43 -0800 From: Scott G Kelly User-Agent: Mozilla Thunderbird 1.0.7-1.1.fc4 (X11/20050929) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "'Nancy Winget (ncamwing)'" , capwap Content-Type: text/plain; charset=windows-1252; format=flowed X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Subject: [Capwap] lwapp-dtls: state machine question 5 X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by ietf.org id JAA25977 > Image-data to DTLS-Reset (o): This state is used to reset the > connection prior to restarting the WTP after an image download. >=20 >=20 > WTP: The WTP enters this state when image download completes >=20 > AC: The AC enters this state upon receipt of TLS Finished message > from the WTP. > [NCW] This doesn=92t seem quite right=85the WTP =93should=94 reboot or = refresh > itself to ensure it=92s using the latest update. But that aside, how = does > the AC receive a TLS Finished message from the WTP? It seems more >determinate to have the AC enter the Reset state after it has successfu= lly > completed the image download or on a link error. This is a typo - again, the "Finished" message is part of the dtls=20 handshake. This transition was meant to be part of a reboot sequence,=20 i.e. tear down the dtls connection (dtls-reset), and then lwapp=20 transitions through reset-reboot phases. We can add clarifying text. Scott _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 13 09:51:05 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F8f2e-0007HG-PI for capwap-archive@megatron.ietf.org; Mon, 13 Feb 2006 09:51:04 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA26429 for ; Mon, 13 Feb 2006 09:49:19 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 77F06430101 for ; Mon, 13 Feb 2006 06:51:03 -0800 (PST) Received: from he84-x.tigertech.net (he84-x.tigertech.net [64.62.142.84]) by leela.tigertech.net (Postfix) with ESMTP id 2AFEA430063 for ; Mon, 13 Feb 2006 06:50:42 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 1BBE480C157 for ; Mon, 13 Feb 2006 06:50:42 -0800 (PST) Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [204.127.192.82]) by hermes.tigertech.net (Postfix) with ESMTP id 7B0FE80C103 for ; Mon, 13 Feb 2006 06:50:40 -0800 (PST) Received: from [192.168.128.4] (c-24-6-207-154.hsd1.ca.comcast.net[24.6.207.154]) by comcast.net (rwcrmhc12) with ESMTP id <20060213145039m1200d5iase>; Mon, 13 Feb 2006 14:50:39 +0000 Message-ID: <43F09CBF.4000902@hyperthought.com> Date: Mon, 13 Feb 2006 06:50:39 -0800 From: Scott G Kelly User-Agent: Mozilla Thunderbird 1.0.7-1.1.fc4 (X11/20050929) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "'Nancy Winget (ncamwing)'" , capwap Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Subject: [Capwap] lwapp-dtls: state machine question 6 X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: 7bit > > DTLS-Reset to Reset (v): This state is used to complete DTLS session > tear-down > > WTP: The WTP enters this state when it has completed DTLS session > cleanup, and it is ready to finish LWAPP session clean-up. > > [NCW] Please provide more elaboration on what DTLS session cleanup means. > Also, under what conditions does WTP and AC go from Reset to DTLS-Reset? > I would suggest merging Reset and DTLS-Reset as being the same state and > include the security considerations in its description. We can add text about session clean-up. As for your question, I don't see any way to go from reset to dtls-reset. Also, as noted in another thread, it is useful to distinguish between reset and dtls-reset, as lwapp may not know the dtls session has been torn down (depending on the API). Do others think we should collapse these? Scott _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 13 09:55:52 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F8f7I-0007pC-PY for capwap-archive@megatron.ietf.org; Mon, 13 Feb 2006 09:55:52 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA26879 for ; Mon, 13 Feb 2006 09:54:07 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 0931B4300C6 for ; Mon, 13 Feb 2006 06:55:51 -0800 (PST) Received: from he84-x.tigertech.net (he84-x.tigertech.net [64.62.142.84]) by leela.tigertech.net (Postfix) with ESMTP id 6E88E430063 for ; Mon, 13 Feb 2006 06:55:29 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 57C5A80C10A for ; Mon, 13 Feb 2006 06:55:29 -0800 (PST) Received: from rwcrmhc14.comcast.net (rwcrmhc14.comcast.net [216.148.227.154]) by hermes.tigertech.net (Postfix) with ESMTP id 9AEE580C15A for ; Mon, 13 Feb 2006 06:55:28 -0800 (PST) Received: from [192.168.128.4] (c-24-6-207-154.hsd1.ca.comcast.net[24.6.207.154]) by comcast.net (rwcrmhc14) with ESMTP id <20060213145527m1400dd4g1e>; Mon, 13 Feb 2006 14:55:28 +0000 Message-ID: <43F09DDF.4020507@hyperthought.com> Date: Mon, 13 Feb 2006 06:55:27 -0800 From: Scott G Kelly User-Agent: Mozilla Thunderbird 1.0.7-1.1.fc4 (X11/20050929) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "'Nancy Winget (ncamwing)'" , capwap Content-Type: text/plain; charset=windows-1252; format=flowed X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Subject: [Capwap] lwapp-dtls: state machine question 7 X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by ietf.org id JAA26879 > Run to DTLS-Rekey (x): This state is used to initiate a new DTLS > handshake. Either the WTP or AC may initiate the state transition. > It is important to note that this might more accurately be termed a > "meta-state", as the DTLS re-handshake is transparent to the LWAPP > protocol, and may even be interpersed with other LWAPP control > messages. >=20 > WTP: The WTP enters this state when either (1) a rekey is > required, or (2) the AC initiates a DTLS handshake. >=20 > AC: The AC enters this state when either (1) a rekey is required, > or (2) the WTP initiates a DTLS handshake. > [NCW] Please elaborate on the rekey protocol used in DTLS as it is not > explicitly described in the draft-rescorla-dtls-05.txt draft. Also, > there are security implications in key synchronization and other LWAPP > traffic during this key exchange as this draft is allowing it to happe= n >=93interspersed=94 in LWAPP. I am assuming that by the use of the epo= ch, > the system may define a replay window by which more than one key can >be live to allow for the rekeys to work. However, security considerati= ons > must be described to better analyze the security implications for this > application. DTLS uses the standard tls rehandshake - to avoid confusion, we should=20 use that term (rather than rekey) going forward. This is fully described=20 in the TLS 1.0 RFC. Regarding your other comments, Eric summed this up=20 pretty well in an email to me: The rekey protocol is of course just TLS rehandshaking, so the reference shold be to HelloRequest and the sending of a new ClientHello during an existing connection. There's no concern about multiple keys co-existing at once. As Nancy says, that's what the epoch is for. How about: "DTLS data may continue to flow while a new handshake is being performed. Because packets may be reordered, records encrypted under the new cipher suite may be received before one side receives the ChangeCipherSpec from the other side. The epoch value in the DTLS record header allows the data from the two associations/cryptographic states to be distinguished. Implementations SHOULD retain the state for the old association until it is likely that all old records have been received or dropped, e.g., for the maximum packet lifetime. If the state is dropped too early, the only effect will be that some data is lost, which is a condition that systems running over unreliable protocols need to consider in any case. Because the new handshake is performed over the existing DTLS association, both sides can be confident that the handshake was properly initiated and was not tampered with. All data is protected under either the old or new keys--and these can be distinguished by both the epoch and the MAC verification. Thus, there is no period during which data is unprotected." ----------------- Comments? Scott _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 13 09:58:07 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F8f9T-00009N-Nw for capwap-archive@megatron.ietf.org; Mon, 13 Feb 2006 09:58:07 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA27226 for ; Mon, 13 Feb 2006 09:56:22 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 69A7E4300E3 for ; Mon, 13 Feb 2006 06:58:06 -0800 (PST) Received: from he84-x.tigertech.net (he84-x.tigertech.net [64.62.142.84]) by leela.tigertech.net (Postfix) with ESMTP id 29F3C430063 for ; Mon, 13 Feb 2006 06:57:46 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 12E5680C10A for ; Mon, 13 Feb 2006 06:57:46 -0800 (PST) Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.192.81]) by hermes.tigertech.net (Postfix) with ESMTP id 7765080C103 for ; Mon, 13 Feb 2006 06:57:44 -0800 (PST) Received: from [192.168.128.4] (c-24-6-207-154.hsd1.ca.comcast.net[24.6.207.154]) by comcast.net (rwcrmhc11) with ESMTP id <20060213145744m1100o672pe>; Mon, 13 Feb 2006 14:57:44 +0000 Message-ID: <43F09E67.10402@hyperthought.com> Date: Mon, 13 Feb 2006 06:57:43 -0800 From: Scott G Kelly User-Agent: Mozilla Thunderbird 1.0.7-1.1.fc4 (X11/20050929) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "'Nancy Winget (ncamwing)'" , capwap Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Subject: [Capwap] lwapp-dtls: state machine question 8 X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: 7bit > > DTLS-Rekey to Reset (z): This state is used to clean up when a DTLS > handshake fails. > > WTP: The WTP enters this state when a DTLS handshake fails. > > AC: The AC enters this state when a DTLS handshake fails. > [NCW] As noted above, the rekey protocol and mechanism needs to be > described and by this description, it seems that the Reset and > DTLS-Reset are equivalent states? This text should be cleaned up. I think we actually should transition to dtls-reset and *then* to reset, but this depends on what the group thinks about the question you've raised as to whether these two states should actually be one. Scott _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 13 10:01:44 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F8fCx-0001ST-RX for capwap-archive@megatron.ietf.org; Mon, 13 Feb 2006 10:01:44 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA27720 for ; Mon, 13 Feb 2006 09:59:58 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 057B54300A5 for ; Mon, 13 Feb 2006 07:01:42 -0800 (PST) Received: from he84-x.tigertech.net (he84-x.tigertech.net [64.62.142.84]) by leela.tigertech.net (Postfix) with ESMTP id 7F189430063 for ; Mon, 13 Feb 2006 07:01:21 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 6FE5880C15B for ; Mon, 13 Feb 2006 07:01:21 -0800 (PST) Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [216.148.227.151]) by hermes.tigertech.net (Postfix) with ESMTP id D673280C158 for ; Mon, 13 Feb 2006 07:01:20 -0800 (PST) Received: from [192.168.128.4] (c-24-6-207-154.hsd1.ca.comcast.net[24.6.207.154]) by comcast.net (rwcrmhc11) with ESMTP id <20060213150120m1100obff6e>; Mon, 13 Feb 2006 15:01:20 +0000 Message-ID: <43F09F40.90603@hyperthought.com> Date: Mon, 13 Feb 2006 07:01:20 -0800 From: Scott G Kelly User-Agent: Mozilla Thunderbird 1.0.7-1.1.fc4 (X11/20050929) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "'Nancy Winget (ncamwing)'" , capwap Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Subject: [Capwap] lwapp-dtls: section 2.1 X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: 7bit > A direct consequence of this is that with DTLS encapsulation, we > cannot distinguish between control traffic and data without first > decrypting the packet - this means we must establish separate > channels if we do not wish to encrypt data channel traffic. Two > methods for accomplishing this are discussed below. > [NCW] For clarity, it would be useful to precede this section with a > description of the DTLS encapsulation as LWAPP over DTLS as I believe > the above description has instantiated (up until this section, it was > unclear as to how the transport layering was being invoked). With >this encapsulation, there must be some mechanism by which during the > DTLS authentication the roles of each must be asserted to ensure > that the keys resulting from a successful DTLS authentication are > used to only protect LWAPP. Okay, we can add little more text explicitly describing the dtls record layer encapulation. As for roles, this is the same problem lwapp currently contends with (section 10.4), so again, we can leave that where it is or cut/paste it here. Scott _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 13 10:03:39 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F8fEp-00036A-MG for capwap-archive@megatron.ietf.org; Mon, 13 Feb 2006 10:03:39 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA27946 for ; Mon, 13 Feb 2006 10:01:54 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 6504D43011D for ; Mon, 13 Feb 2006 07:03:38 -0800 (PST) Received: from he84-x.tigertech.net (he84-x.tigertech.net [64.62.142.84]) by leela.tigertech.net (Postfix) with ESMTP id 647F943008F for ; Mon, 13 Feb 2006 07:03:19 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 59FB080C15A for ; Mon, 13 Feb 2006 07:03:19 -0800 (PST) Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net [216.148.227.153]) by hermes.tigertech.net (Postfix) with ESMTP id BAEC780C103 for ; Mon, 13 Feb 2006 07:03:18 -0800 (PST) Received: from [192.168.128.4] (c-24-6-207-154.hsd1.ca.comcast.net[24.6.207.154]) by comcast.net (rwcrmhc13) with ESMTP id <20060213150317m1300ru86pe>; Mon, 13 Feb 2006 15:03:17 +0000 Message-ID: <43F09FB4.2000303@hyperthought.com> Date: Mon, 13 Feb 2006 07:03:16 -0800 From: Scott G Kelly User-Agent: Mozilla Thunderbird 1.0.7-1.1.fc4 (X11/20050929) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "'Nancy Winget (ncamwing)'" , capwap Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.098 tagged_above=-999 required=7 tests=EXCUSE_3 Subject: [Capwap] lwapp-dtls: section 2.1.1 X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: 7bit > > 2.1.1. Separate Control/Data Channel Ports > > The simplest solution entails using separate ports for LWAPP control > and data traffic, with DTLS securing only the control channel. The > control traffic could continue to utilize the current well-known > LWAPP port. For the data channel, a new port could be assigned by > IANA, or it could instead be specified by the AC after the DTLS > session is established, providing some additional flexibility. Note > that this solution will not work for layer 2 LWAPP encapsulation. > However, if L2 support is to be removed from LWAPP, this point is > moot. > [NCW] I do not understand how this proposed scheme would work as the > entire lwap construction is encrypted? Not sure what the question is here. One port is control, the other is data, the traffic on the control port is either the handshake or the subsequent encrypted control traffic. Am I missing something here? Scott _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 13 10:04:53 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F8fG1-0003uG-G6 for capwap-archive@megatron.ietf.org; Mon, 13 Feb 2006 10:04:53 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA28027 for ; Mon, 13 Feb 2006 10:03:08 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 43411430120 for ; Mon, 13 Feb 2006 07:04:52 -0800 (PST) Received: from he84-x.tigertech.net (he84-x.tigertech.net [64.62.142.84]) by leela.tigertech.net (Postfix) with ESMTP id 0FE2E430097 for ; Mon, 13 Feb 2006 07:04:32 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 03EA980C158 for ; Mon, 13 Feb 2006 07:04:32 -0800 (PST) Received: from rwcrmhc14.comcast.net (rwcrmhc14.comcast.net [204.127.192.84]) by hermes.tigertech.net (Postfix) with ESMTP id 729FF80C10A for ; Mon, 13 Feb 2006 07:04:31 -0800 (PST) Received: from [192.168.128.4] (c-24-6-207-154.hsd1.ca.comcast.net[24.6.207.154]) by comcast.net (rwcrmhc14) with ESMTP id <20060213150430m1400djun9e>; Mon, 13 Feb 2006 15:04:30 +0000 Message-ID: <43F09FFE.3000805@hyperthought.com> Date: Mon, 13 Feb 2006 07:04:30 -0800 From: Scott G Kelly User-Agent: Mozilla Thunderbird 1.0.7-1.1.fc4 (X11/20050929) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "'Nancy Winget (ncamwing)'" , capwap Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Subject: [Capwap] lwapp-dtls: section 2.1.2 X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: 7bit > 2.1.2. Adding a Protocol Mux > > An alternative solution entails adding a protocol multiplexer module > between the packet input/output and the DTLS modules, and adding an > additional small associated LWAPP header between the UDP header and > the DTLS record layer header. While this LWAPP header need only > contain a single bit to differentiate between control/data traffic, > alignment concerns suggest the header would most likely be either 32 > or 64 bits in length. > [NCW] Is the intent to allow for an authenticated but unencrypted header > to be transported? No, it would be unauthenticated. I think the consensus so far is to go with ports, so this is probably a non-issue. Scott _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 13 10:07:25 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F8fIS-0004is-AN for capwap-archive@megatron.ietf.org; Mon, 13 Feb 2006 10:07:25 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA28267 for ; Mon, 13 Feb 2006 10:05:38 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 70C2E430134 for ; Mon, 13 Feb 2006 07:07:22 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id E4016430097 for ; Mon, 13 Feb 2006 07:06:59 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id D1325398099 for ; Mon, 13 Feb 2006 07:06:59 -0800 (PST) Received: from rwcrmhc14.comcast.net (rwcrmhc14.comcast.net [204.127.192.84]) by zoidberg.tigertech.net (Postfix) with ESMTP id 9BE4739806E for ; Mon, 13 Feb 2006 07:06:56 -0800 (PST) Received: from [192.168.128.4] (c-24-6-207-154.hsd1.ca.comcast.net[24.6.207.154]) by comcast.net (rwcrmhc14) with ESMTP id <20060213150655m1400dfdjoe>; Mon, 13 Feb 2006 15:06:55 +0000 Message-ID: <43F0A08F.5050202@hyperthought.com> Date: Mon, 13 Feb 2006 07:06:55 -0800 From: Scott G Kelly User-Agent: Mozilla Thunderbird 1.0.7-1.1.fc4 (X11/20050929) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "'Nancy Winget (ncamwing)'" , capwap Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Subject: [Capwap] lwapp-dtls: section 3 X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: 7bit > 1.Endpoint Authentication using DTLS > > [NCW] I would like to see a security considerations sections for the > different authentication methods using DTLS. The current LWAPP > specification enforces mutual authentication through Join > request/response exchange requiring each participant to present a > credential. This is not enforced in TLS and thus can lead to > different security threat considerations. > > Currently, LWAPP supports authentication using either public key > certificates or shared secrets (pre-shared keys). DTLS support > implies no changes in this regard. Certificate-based authentication > is natively supported, and support for preshared keys is currently > progressing toward standardization (see [TLS-PSK]). Below we > describe supported TLS algorithm suites for each endpoint We've assumed so far that we're requiring client authentication, although I know of at least one person who wants support for server-side auth only in some cases. If we state this explicitly, then the security considerations are the same as for the existing lwapp mechanisms. Does this address your concern? Scott _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From risopotti@sbceo.org Mon Feb 13 21:51:31 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F8qHr-0001p8-HD for capwap-archive@megatron.ietf.org; Mon, 13 Feb 2006 21:51:31 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA19470 for ; Mon, 13 Feb 2006 21:49:45 -0500 (EST) Received: from [219.95.37.174] (helo=sbceo.org) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1F8qVY-0001Hh-Ju for capwap-archive@ietf.org; Mon, 13 Feb 2006 22:05:42 -0500 Message-ID: <000001c63111$77286960$7629a8c0@selfservice> Reply-To: "Risto Pottinger" From: "Risto Pottinger" To: capwap-archive@ietf.org Subject: Re: P4 405 good news Date: Mon, 13 Feb 2006 21:50:50 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C630E7.8E526160" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: 0.0 (/) X-Scan-Signature: 29dc808194f5fb921c09d0040806d6eb This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C630E7.8E526160 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, http://www.einesombe.com =20 =20 V m I g A x G n R g A x a $ g 3 e , v 7 v 5 v=20 C g I d A n L x I d S y g $ a 3 k , s 3 z 3 v=20 V x A x L j l z U x M x d $ l 1 q , y 2 t 1 w=20 ------=_NextPart_000_0001_01C630E7.8E526160 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Hi,
 
V m I g A x G n R g A x   a $ g 3 e , v 7 v 5 v
C g I d A n L x I d S y   g $ a 3 k , s 3 z 3 v
V x A x L j l z U x M x   d $ l 1 q , y 2 t 1 w
------=_NextPart_000_0001_01C630E7.8E526160-- From 504dominic@aptco.com Mon Feb 13 22:07:41 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F8qXV-0000gA-7Z for capwap-archive@megatron.ietf.org; Mon, 13 Feb 2006 22:07:41 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA20362 for ; Mon, 13 Feb 2006 22:05:56 -0500 (EST) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1F8ql1-0001gM-Kx for capwap-archive@ietf.org; Mon, 13 Feb 2006 22:21:53 -0500 Received: from [220.91.201.150] (helo=220.91.201.150) by mx2.foretec.com with smtp (Exim 4.24) id 1F8qXF-00062F-DN for capwap-archive@ietf.org; Mon, 13 Feb 2006 22:07:27 -0500 Message-ID: From: "Steven A. Norman" <504dominic@aptco.com> To: capwap-archive@ietf.org Subject: =?iso-8859-1?B?U3dpc3Mgd2F0Y2hlcyAtIHJlcGxpY2E=?= Date: Tue, 14 Feb 2006 14:52:39 +0000 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0000_79E892C4.94961432" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express V6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Spam-Score: 3.4 (+++) X-Scan-Signature: 25620135586de10c627e3628c432b04a This is a multi-part message in MIME format. ------=_NextPart_000_0000_79E892C4.94961432 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0001_DE490CA9.AE52CCBE" ------=_NextPart_001_0001_DE490CA9.AE52CCBE Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit REPLICA WATCH MODELS - exact copies of V.I.P. watches - perfect as a gift for your colleagues and friends - free gift box Rolex, Patek Philippe, Omega Cartier, Bvlgari, Franck Muller .. and 15 other most famous manufacturers. http://www.swiss-time.net All watches are for only $239.95 - $279.95! ________________________________ To change your mail preferences, go here ------=_NextPart_001_0001_DE490CA9.AE52CCBE Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: 7bit
REPLICA WATCH MODELS

- exact copies of V.I.P. watches
- perfect as a gift for your colleagues and friends
- free gift box

Rolex, Patek Philippe, Omega
Cartier, Bvlgari, Franck Muller

.. and 15 other most famous manufacturers.

http://www.swiss-time.net

All watches are for only $239.95 - $279.95!


________________________________
To change your mail preferences, go here

------=_NextPart_001_0001_DE490CA9.AE52CCBE-- ------=_NextPart_000_0000_79E892C4.94961432-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Wed Feb 15 11:55:02 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F9Pvi-0002Sp-BW for capwap-archive@megatron.ietf.org; Wed, 15 Feb 2006 11:55:02 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA11326 for ; Wed, 15 Feb 2006 11:53:15 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 0FD274300B3 for ; Wed, 15 Feb 2006 08:55:00 -0800 (PST) Received: from hermes.tigertech.net (hermes.tigertech.net [64.71.157.146]) by leela.tigertech.net (Postfix) with ESMTP id 1FCDF43006B for ; Wed, 15 Feb 2006 08:54:29 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 0EDFD80C110 for ; Wed, 15 Feb 2006 08:54:29 -0800 (PST) Received: from sj-iport-1.cisco.com (sj-iport-1-in.cisco.com [171.71.176.70]) by hermes.tigertech.net (Postfix) with ESMTP id 2655E80C10C for ; Wed, 15 Feb 2006 08:54:27 -0800 (PST) Received: from sj-core-5.cisco.com ([171.71.177.238]) by sj-iport-1.cisco.com with ESMTP; 15 Feb 2006 08:54:27 -0800 Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id k1FGsQjt018924; Wed, 15 Feb 2006 08:54:26 -0800 (PST) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Wed, 15 Feb 2006 08:54:26 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: RE: [Capwap] About "IEEE 802.11 Binding" Date: Wed, 15 Feb 2006 08:54:25 -0800 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A2016986B4@xmb-sjc-235.amer.cisco.com> Thread-Topic: RE: [Capwap] About "IEEE 802.11 Binding" Thread-Index: AcYj8s83IRD9ZxleQWO6rZvrt8kHcQOXaeBg From: "Pat Calhoun (pacalhou)" To: "zhaoyujin 31390" X-OriginalArrivalTime: 15 Feb 2006 16:54:26.0706 (UTC) FILETIME=[7AE24720:01C63250] X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=3.374 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE, RCVD_IN_BL_SPAMCOP_NET X-Spam-Level: *** Cc: capwap@frascone.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable Issue 74 has been created. Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems =20 > -----Original Message----- > From: zhaoyujin 31390 [mailto:zhaoyujin@huawei.com]=20 > Sent: Saturday, January 28, 2006 2:09 AM > To: Pat Calhoun (pacalhou) > Cc: capwap@frascone.com > Subject: Re:RE: [Capwap] About "IEEE 802.11 Binding" >=20 > Because deifferent product has different process mechanism,=20 > LWAPP need give clear description about process. >=20 > I suggest: >=20 > >11.8.2 IEEE 802.11 WLAN Config Response > > > > The IEEE 802.11 WLAN Configuration Response is sent by=20 > the WTP to the > > AC as an acknowledgement of the receipt of an IEEE 802.11 WLAN > > Configuration Request. > > This LWAPP control message does not include any message elements. >=20 > change to: > 11.8.2 IEEE 802.11 WLAN Config Response > The IEEE 802.11 WLAN Configuration Response is sent by=20 > the WTP to the > AC as an acknowledgement of the receipt of an IEEE 802.11 WLAN > Configuration Request. >=20 > Before this LWAPP control message is sent, the IEEE 802.11 WLAN=20 > Cofiguration should be successfully implemented. >=20 > This LWAPP control message does not include any message elements. >=20 > >9.2 Mobile Config Response > > > > The Mobile Configuration Response is used to acknowledge=20 > a previously > > received Mobile Configuration Request, and includes a Result Code > > message element which indicates whether an error occured=20 > on the WTP. > > > > This message requires no special processing, and is only used to > > acknowledge the Mobile Configuration Request. > > > > The data transfer request message MUST contain the=20 > message elements > > described in the next subsection. >=20 > change to: > 9.2 Mobile Config Response >=20 > The Mobile Configuration Response is used to acknowledge a=20 > previously > received Mobile Configuration Request, and includes a Result Code > message element which indicates whether an error occured=20 > on the WTP. >=20 > Before this message is sent, the Mobile Cofiguration=20 > should be implemented. > The Result Code indicate if Mobile Cofiguration is=20 > successfully on WTP. >=20 > This message requires no special processing, and is only used to > acknowledge the Mobile Configuration Request. >=20 > The data transfer request message MUST contain the message elements > described in the next subsection. >=20 > And if "IEEE 802.11 WLAN Configuration Response" also has a=20 > Result Code message element as "Mobile Config Response",=20 > 802.11 protocol may be better to control WLAN configuration. >=20 > Best regards > Michael >=20 >=20 > > They do have to be processed prior to responding. What=20 > would you like=20 > > to see changed to make this clearer? > >=20 > > Pat Calhoun > > CTO, Wireless Networking Business Unit Cisco Systems > >=20 > >=20 > >=20 > > > -----Original Message----- > > > From: zhaoyujin 31390 [zhaoyujin@huawei.com] > > > Sent: Thursday, January 26, 2006 9:47 PM > > > To: capwap@frascone.com > > > Subject: [Capwap] About "IEEE 802.11 Binding" > > >=20 > > > Hi all: > > >=20 > > > I have a doubt about AP configuration. > > >=20 > > > All WLAN configurations are on AC. When LWAPP transmits WLAN=20 > > > configuration using "11.8.1.1 IEEE 802.11 Add WLAN". > > >=20 > > > But on AP device, configuration process may be=20 > asynchronous. This=20 > > > means AP responses the "11.8.1.1 IEEE > > > 802.11 Add WLAN" message before finishing configuration=20 > process. If=20 > > > configuration is fail (For example memory is not enough), how to=20 > > > notify AC about this error. > > >=20 > > > Can LWAPP defines notification message for "11. IEEE > > > 802.11 Binding". Or LWAPP appends mention that all "11. IEEE > > > 802.11 Binding" message should firstly be processed=20 > before AP sends=20 > > > corresponding response. > > >=20 > > > Best regards > > > Michael > > >=20 > > > _________________________________________________________________ > > > To unsubscribe or modify your subscription options, please visit: > > > http://lists.frascone.com/mailman/listinfo/capwap > > >=20 > > > Archives: http://lists.frascone.com/pipermail/capwap > > >=20 > >=20 >=20 _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Wed Feb 15 12:00:26 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F9Q0w-0003gP-L2 for capwap-archive@megatron.ietf.org; Wed, 15 Feb 2006 12:00:26 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA11912 for ; Wed, 15 Feb 2006 11:58:39 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 509094300B3 for ; Wed, 15 Feb 2006 09:00:25 -0800 (PST) Received: from hermes.tigertech.net (hermes.tigertech.net [64.71.157.146]) by leela.tigertech.net (Postfix) with ESMTP id 19C3643006C for ; Wed, 15 Feb 2006 08:59:38 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 07EA280C128 for ; Wed, 15 Feb 2006 08:59:38 -0800 (PST) Received: from sj-iport-1.cisco.com (sj-iport-1-in.cisco.com [171.71.176.70]) by hermes.tigertech.net (Postfix) with ESMTP id 01FB580C10C for ; Wed, 15 Feb 2006 08:59:36 -0800 (PST) Received: from sj-core-5.cisco.com ([171.71.177.238]) by sj-iport-1.cisco.com with ESMTP; 15 Feb 2006 08:59:37 -0800 Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id k1FGxajv023725; Wed, 15 Feb 2006 08:59:36 -0800 (PST) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Wed, 15 Feb 2006 08:59:36 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: RE: [Capwap] I recommend LWAPP add a new notification message "Gratuitous disconnect notification" Date: Wed, 15 Feb 2006 08:59:35 -0800 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A2016986B8@xmb-sjc-235.amer.cisco.com> Thread-Topic: RE: [Capwap] I recommend LWAPP add a new notification message "Gratuitous disconnect notification" Thread-Index: AcYsh6/q78DcYI1tRNyRLDUkcI0EiwFyXuuw From: "Pat Calhoun (pacalhou)" To: "zhaoyujin 31390" X-OriginalArrivalTime: 15 Feb 2006 16:59:36.0547 (UTC) FILETIME=[33904330:01C63251] X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=3.374 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE, RCVD_IN_BL_SPAMCOP_NET X-Spam-Level: *** Cc: capwap@frascone.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable Issue 75 has been created to track this issue. Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems =20 > -----Original Message----- > From: zhaoyujin 31390 [mailto:zhaoyujin@huawei.com]=20 > Sent: Wednesday, February 08, 2006 12:14 AM > To: Pat Calhoun (pacalhou) > Cc: capwap@frascone.com > Subject: Re:RE: [Capwap] I recommend LWAPP add a new=20 > notification message "Gratuitous disconnect notification" >=20 >=20 >=20 > > If I understand properly, you are asking for a response to=20 > the Reboot=20 > > request, to allow the AC to immediately clear out its state? >=20 > This is only one application. > Aother scenario: >=20 > Because AP occurs some fatal error, it maybe restart the=20 > system of AP. Before this operation, I recommend AP need try=20 > to notify AC this information. Based on this, AC can=20 > immediately clear out its state. >=20 > Best regards > Michael >=20 >=20 >=20 >=20 > >=20 > > Pat Calhoun > > CTO, Wireless Networking Business Unit Cisco Systems > >=20 > >=20 > >=20 > > > -----Original Message----- > > > From: zhaoyujin 31390 [zhaoyujin@huawei.com] > > > Sent: Tuesday, February 07, 2006 9:20 AM > > > To: capwap@frascone.com > > > Subject: [Capwap] I recommend LWAPP add a new=20 > notification message=20 > > > "Gratuitous disconnect notification" > > >=20 > > > Hi: > > >=20 > > > Many protocol defines "Gratuitous notification message".=20 > > > Based on this message, the peer device can avoid to wait=20 > timeout for=20 > > > detecting the protocol is down and release the system resource. > > >=20 > > > At present, LWAPP defines "Reset AP", I think it is not enough. > > >=20 > > > Can LWAPP add a same message. Before AP reboots, it try=20 > to send a=20 > > > "Gratuitous notification message" to AC. And same for AC. > > >=20 > > > Best regards > > > Micheal > > >=20 > > > _________________________________________________________________ > > > To unsubscribe or modify your subscription options, please visit: > > > http://lists.frascone.com/mailman/listinfo/capwap > > >=20 > > > Archives: http://lists.frascone.com/pipermail/capwap > > >=20 > >=20 >=20 _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Feb 16 09:34:11 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F9kCx-0002a2-FX for capwap-archive@megatron.ietf.org; Thu, 16 Feb 2006 09:34:11 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA28124 for ; Thu, 16 Feb 2006 09:32:22 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 642704300E3 for ; Thu, 16 Feb 2006 06:34:09 -0800 (PST) Received: from hermes.tigertech.net (hermes.tigertech.net [64.71.157.146]) by leela.tigertech.net (Postfix) with ESMTP id 307B143004F for ; Thu, 16 Feb 2006 06:33:27 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 1961E80C131 for ; Thu, 16 Feb 2006 06:33:27 -0800 (PST) Received: from huawei.com (usaga01-in.huawei.com [12.129.211.51]) by hermes.tigertech.net (Postfix) with ESMTP id 8B82880C136 for ; Thu, 16 Feb 2006 06:33:25 -0800 (PST) Received: from huawei.com (usaga01-in [172.18.4.6]) by usaga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IUS00M6WAYAL5@usaga01-in.huawei.com> for capwap@frascone.com; Thu, 16 Feb 2006 06:30:10 -0800 (PST) Received: from huawei.com ([172.17.1.101]) by usaga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IUS00L3EAY8VL@usaga01-in.huawei.com> for capwap@frascone.com; Thu, 16 Feb 2006 06:30:09 -0800 (PST) Received: from [172.24.1.3] (Forwarded-For: [10.18.4.151]) by szxmc01-in.huawei.com (mshttpd); Thu, 16 Feb 2006 19:33:21 +0500 Date: Thu, 16 Feb 2006 19:33:21 +0500 From: zhaoyujin 31390 To: capwap@frascone.com Message-id: <631e796349d1.6349d1631e79@huawei.com> MIME-version: 1.0 X-Mailer: iPlanet Messenger Express 5.2 HotFix 1.25 (built Mar 3 2004) Content-type: text/plain; charset=us-ascii Content-language: zh-CN Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: zh-CN Priority: normal X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Subject: [Capwap] I recommend "Change MAC address to IP adderss in 10.3 Authenticated Key Exchange" X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: 7BIT Hi all: LWAPP will delete Layer 2 Tunnel mode. I think the LWAPP protocol should not use the MAC address of AC and AP, so that I recommend we need think to change or delete all MAC address about AP and AC. Best regards Yujin Zhao H3Com _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Feb 16 10:41:01 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F9lFd-0005Pn-Gs for capwap-archive@megatron.ietf.org; Thu, 16 Feb 2006 10:41:01 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA04516 for ; Thu, 16 Feb 2006 10:39:12 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id F1EB94300B2 for ; Thu, 16 Feb 2006 07:40:58 -0800 (PST) Received: from hermes.tigertech.net (hermes.tigertech.net [64.71.157.146]) by leela.tigertech.net (Postfix) with ESMTP id 6E48343008C for ; Thu, 16 Feb 2006 07:40:08 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 545AB80C12E for ; Thu, 16 Feb 2006 07:40:08 -0800 (PST) X-Greylist-Status: Sender first seen 14 days 11:05:24 ago Received: from co300216-ier2.net.avaya.com (co300216-ier2.net.avaya.com [198.152.13.103]) by hermes.tigertech.net (Postfix) with ESMTP id B1BEE80C126 for ; Thu, 16 Feb 2006 07:40:06 -0800 (PST) Received: from tierw.net.avaya.com (h198-152-13-100.avaya.com [198.152.13.100]) by co300216-ier2.net.avaya.com (Switch-3.1.7/Switch-3.1.7) with ESMTP id k1GEaVWO007180 for ; Thu, 16 Feb 2006 09:36:31 -0500 Received: from cof110avexu1.global.avaya.com (h135-9-6-16.avaya.com [135.9.6.16]) by tierw.net.avaya.com (Switch-3.1.2/Switch-3.1.0) with ESMTP id k1GFOWYj002914 for ; Thu, 16 Feb 2006 10:24:32 -0500 (EST) X-MIMEOLE: Produced By Microsoft Exchange V6.0.6603.0 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Thu, 16 Feb 2006 08:40:05 -0700 Message-ID: Thread-Topic: COMMENT: draft-ietf-capwap-objectives Thread-index: AcYy4tFiRiZz/7nwQXSwqV0yRpyNsgAK07Tw X-Priority: 1 Priority: Urgent Importance: high From: "Mani, Mahalingam (Mani)" To: X-Scanner: InterScan AntiVirus for Sendmail X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.093 tagged_above=-999 required=7 tests=X_PRIORITY_HIGH Subject: [Capwap] FW: COMMENT: draft-ietf-capwap-objectives X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable Comments streaming in from IESG on Objectives draft... -mani =3D=3D=3D=3D=3D=3D -----Original Message----- From: Brian Carpenter [mailto:brc@zurich.ibm.com]=20 Sent: Thursday, February 16, 2006 2:22 AM To: iesg@ietf.org Cc: Mani, Mahalingam (Mani); dorothy.gellert@nokia.com; saravanan.govindan@sg.panasonic.com; yaoth@huawei.com; zhouwenhui@chinamobile.com; lily.l.yang@intel.com; hong.cheng@sg.panasonic.com Subject: COMMENT: draft-ietf-capwap-objectives=20 Comment: > Protocol Requirement: > > The CAPWAP protocol MUST support mutual authentication of WTPs and > the centralized controller. It must also ensure that information > exchanges between them are secured. Does that mean encrypted or only integrity-protected? > Protocol Requirement: > > The design of the CAPWAP protocol MUST NOT allow for any compromises > to the WLAN system by external entities. Strange phrasing. Suggestion: The design of the CAPWAP protocol MUST protect against any compromises of the WLAN system by external entities. > Protocol Requirement: > > Any WTP or WLAN controller vendor or any person MUST be able to > implement the CAPWAP protocol from the specification itself and by > that it is required that all such implementations do interoperate. Since this is a basic requirement of all IETF standards, why is it listed? > 5.2. Desirable Objectives Why aren't the items in this section listed as SHOULD instead of MUST? _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Feb 16 10:42:12 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F9lGm-0005kv-DD for capwap-archive@megatron.ietf.org; Thu, 16 Feb 2006 10:42:12 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA04641 for ; Thu, 16 Feb 2006 10:40:23 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 3738E4300E0 for ; Thu, 16 Feb 2006 07:42:11 -0800 (PST) Received: from hermes.tigertech.net (hermes.tigertech.net [64.71.157.146]) by leela.tigertech.net (Postfix) with ESMTP id A6CB04300D5 for ; Thu, 16 Feb 2006 07:41:03 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 699E480C131 for ; Thu, 16 Feb 2006 07:41:03 -0800 (PST) X-Greylist-Status: Sender first seen 14 days 11:06:19 ago Received: from co300216-ier2.net.avaya.com (co300216-ier2.net.avaya.com [198.152.13.103]) by hermes.tigertech.net (Postfix) with ESMTP id F101680C135 for ; Thu, 16 Feb 2006 07:41:01 -0800 (PST) Received: from tierw.net.avaya.com (h198-152-13-100.avaya.com [198.152.13.100]) by co300216-ier2.net.avaya.com (Switch-3.1.7/Switch-3.1.7) with ESMTP id k1GEbRhV008152 for ; Thu, 16 Feb 2006 09:37:27 -0500 Received: from cof110avexu1.global.avaya.com (h135-9-6-16.avaya.com [135.9.6.16]) by tierw.net.avaya.com (Switch-3.1.2/Switch-3.1.0) with ESMTP id k1GFPSYj003264 for ; Thu, 16 Feb 2006 10:25:28 -0500 (EST) X-MIMEOLE: Produced By Microsoft Exchange V6.0.6603.0 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Thu, 16 Feb 2006 08:41:01 -0700 Message-ID: Thread-Topic: DISCUSS and COMMENT: draft-ietf-capwap-objectives Thread-index: AcYzDHOOWUfjulmaRtma3IOHK4YISQAAtMDw From: "Mani, Mahalingam (Mani)" To: X-Scanner: InterScan AntiVirus for Sendmail X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Subject: [Capwap] FW: DISCUSS and COMMENT: draft-ietf-capwap-objectives X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable More comments on objectives... -mani =3D=3D=3D=3D=3D=3D -----Original Message----- From: Sam Hartman [mailto:hartmans-ietf@mit.edu]=20 Sent: Thursday, February 16, 2006 7:20 AM To: iesg@ietf.org Cc: Mani, Mahalingam (Mani); dorothy.gellert@nokia.com; saravanan.govindan@sg.panasonic.com; yaoth@huawei.com; zhouwenhui@chinamobile.com; lily.l.yang@intel.com; hong.cheng@sg.panasonic.com Subject: DISCUSS and COMMENT: draft-ietf-capwap-objectives=20 Discuss: Section 5.1.8 implies that an authenticated key exchange is optional. I think that BCP 107 will require an authenticated key exchange for this protocol. In the following text, please describe what security services are meant; probable services include integrity and confidentiality. >Once WTPs and WLAN controller have been mutually authenticated, > information exchanges between them must be secured against various > security threats. Comment: The introduction to section 5 implies that operator requirements are valued less than non-objectives. I don't think that is the message the IETF wants to send to the operator community. > The priorities are; > i. Mandatory and Accepted Objectives > ii. Desirable Objectives > iii. Non-Objectives > iv. Operator Requirements _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Feb 16 11:05:11 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F9ld1-0002Dp-Hk for capwap-archive@megatron.ietf.org; Thu, 16 Feb 2006 11:05:11 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA07758 for ; Thu, 16 Feb 2006 11:03:22 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 152A14300D7 for ; Thu, 16 Feb 2006 08:05:10 -0800 (PST) Received: from hermes.tigertech.net (hermes.tigertech.net [64.71.157.146]) by leela.tigertech.net (Postfix) with ESMTP id 91AE143008C for ; Thu, 16 Feb 2006 08:04:39 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 8514880C0F6 for ; Thu, 16 Feb 2006 08:04:39 -0800 (PST) Received: from flyer.cs.umd.edu (flyer.cs.umd.edu [128.8.128.178]) by hermes.tigertech.net (Postfix) with ESMTP id AFCD480C10C for ; Thu, 16 Feb 2006 08:04:36 -0800 (PST) Received: from ismene (ismene.cs.umd.edu [128.8.126.62]) by flyer.cs.umd.edu (8.12.11/8.12.5) with ESMTP id k1GG4YL9016003; Thu, 16 Feb 2006 11:04:34 -0500 Date: Thu, 16 Feb 2006 11:02:08 -0500 (EST) From: "T. Charles Clancy" X-X-Sender: clancy@ismene To: "Mani, Mahalingam (Mani)" Subject: Re: [Capwap] FW: COMMENT: draft-ietf-capwap-objectives In-Reply-To: Message-ID: References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Cc: capwap@frascone.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com >> Protocol Requirement: >> >> The CAPWAP protocol MUST support mutual authentication of WTPs and >> the centralized controller. It must also ensure that information >> exchanges between them are secured. > > Does that mean encrypted or only integrity-protected? I think we meant at least integrity protected. Suggest: The CAPWAP protocol MUST support mutual authentication of WTPs and the centralized controller. It also MUST ensure that information exchanges are integrity protected, and SHOULD ensure confidentiality through encryption." >> Protocol Requirement: >> >> The design of the CAPWAP protocol MUST NOT allow for any compromises >> to the WLAN system by external entities. > > Strange phrasing. Suggestion: > > The design of the CAPWAP protocol MUST protect against any > compromises of the WLAN system by external entities. Seems reasonable to me. [ t. charles clancy ]--[ tcc@umd.edu ]--[ www.cs.umd.edu/~clancy ] [ computer science ]-----[ university of maryland | college park ] _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Feb 16 11:38:20 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F9m96-0001kA-AF for capwap-archive@megatron.ietf.org; Thu, 16 Feb 2006 11:38:20 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA10395 for ; Thu, 16 Feb 2006 11:36:32 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id D1D6E4300E8 for ; Thu, 16 Feb 2006 08:38:17 -0800 (PST) Received: from hermes.tigertech.net (hermes.tigertech.net [64.71.157.146]) by leela.tigertech.net (Postfix) with ESMTP id 0661843008F for ; Thu, 16 Feb 2006 08:37:57 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id E9E4D80C144 for ; Thu, 16 Feb 2006 08:37:56 -0800 (PST) Received: from sj-iport-1.cisco.com (sj-iport-1-in.cisco.com [171.71.176.70]) by hermes.tigertech.net (Postfix) with ESMTP id 6076A80C0FD for ; Thu, 16 Feb 2006 08:37:55 -0800 (PST) Received: from sj-core-5.cisco.com ([171.71.177.238]) by sj-iport-1.cisco.com with ESMTP; 16 Feb 2006 08:37:55 -0800 Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id k1GGbsjx015075; Thu, 16 Feb 2006 08:37:54 -0800 (PST) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Thu, 16 Feb 2006 08:37:54 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [Capwap] I recommend "Change MAC address to IP adderss in 10.3 Authenticated Key Exchange" Date: Thu, 16 Feb 2006 08:37:53 -0800 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A201698ADD@xmb-sjc-235.amer.cisco.com> Thread-Topic: [Capwap] I recommend "Change MAC address to IP adderss in 10.3 Authenticated Key Exchange" Thread-Index: AcYzBhBVjUY+TmEmTZuK6PiwBNTWOQAETg2A From: "Pat Calhoun (pacalhou)" To: "zhaoyujin 31390" , X-OriginalArrivalTime: 16 Feb 2006 16:37:54.0676 (UTC) FILETIME=[56004340:01C63317] X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=3.374 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE, RCVD_IN_BL_SPAMCOP_NET X-Spam-Level: *** X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable I disagree, especially since the WTP's BSSID must be known to the AC. Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems =20 > -----Original Message----- > From: zhaoyujin 31390 [mailto:zhaoyujin@huawei.com]=20 > Sent: Thursday, February 16, 2006 6:33 AM > To: capwap@frascone.com > Subject: [Capwap] I recommend "Change MAC address to IP=20 > adderss in 10.3 Authenticated Key Exchange" >=20 > Hi all: >=20 > LWAPP will delete Layer 2 Tunnel mode. >=20 > I think the LWAPP protocol should not use the MAC address=20 > of AC and AP, so that I recommend we need think to change or=20 > delete all MAC address about AP and AC. >=20 > Best regards > Yujin Zhao > H3Com >=20 > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap >=20 > Archives: http://lists.frascone.com/pipermail/capwap >=20 _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Feb 16 11:39:56 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F9mAd-0002SX-Rj for capwap-archive@megatron.ietf.org; Thu, 16 Feb 2006 11:39:56 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA10503 for ; Thu, 16 Feb 2006 11:38:08 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 9A39A4300C5 for ; Thu, 16 Feb 2006 08:39:54 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 407754300B2 for ; Thu, 16 Feb 2006 08:39:33 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 31CF9398055 for ; Thu, 16 Feb 2006 08:39:33 -0800 (PST) Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87]) by zoidberg.tigertech.net (Postfix) with ESMTP id 2A8F939804A for ; Thu, 16 Feb 2006 08:39:28 -0800 (PST) Received: from sj-core-4.cisco.com ([171.68.223.138]) by sj-iport-5.cisco.com with ESMTP; 16 Feb 2006 08:39:29 -0800 X-IronPort-AV: i="4.02,120,1139212800"; d="scan'208"; a="255932040:sNHT33057188" Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-4.cisco.com (8.12.10/8.12.6) with ESMTP id k1GGdRQJ018496; Thu, 16 Feb 2006 08:39:27 -0800 (PST) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Thu, 16 Feb 2006 08:39:23 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [Capwap] FW: COMMENT: draft-ietf-capwap-objectives Date: Thu, 16 Feb 2006 08:39:22 -0800 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A201698ADF@xmb-sjc-235.amer.cisco.com> Thread-Topic: [Capwap] FW: COMMENT: draft-ietf-capwap-objectives Thread-Index: AcYzEsWvrfDZA46wQs2NWMMtxlU9agABL6WA From: "Pat Calhoun (pacalhou)" To: "T. Charles Clancy" , "Mani, Mahalingam (Mani)" X-OriginalArrivalTime: 16 Feb 2006 16:39:23.0978 (UTC) FILETIME=[8B3AAAA0:01C63317] X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.374 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE Cc: capwap@frascone.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable I agree with all of the proposals below. Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems =20 > -----Original Message----- > From: T. Charles Clancy [mailto:clancy@cs.umd.edu]=20 > Sent: Thursday, February 16, 2006 8:02 AM > To: Mani, Mahalingam (Mani) > Cc: capwap@frascone.com > Subject: Re: [Capwap] FW: COMMENT: draft-ietf-capwap-objectives >=20 > >> Protocol Requirement: > >> > >> The CAPWAP protocol MUST support mutual authentication=20 > of WTPs and > >> the centralized controller. It must also ensure that information > >> exchanges between them are secured. > > > > Does that mean encrypted or only integrity-protected? >=20 > I think we meant at least integrity protected. Suggest: >=20 > The CAPWAP protocol MUST support mutual authentication of=20 > WTPs and the centralized controller. It also MUST ensure=20 > that information exchanges are integrity protected, and=20 > SHOULD ensure confidentiality through encryption." >=20 > >> Protocol Requirement: > >> > >> The design of the CAPWAP protocol MUST NOT allow for any=20 > compromises > >> to the WLAN system by external entities. > > > > Strange phrasing. Suggestion: > > > > The design of the CAPWAP protocol MUST protect against any > > compromises of the WLAN system by external entities. >=20 > Seems reasonable to me. >=20 > [ t. charles clancy ]--[ tcc@umd.edu ]--[=20 > www.cs.umd.edu/~clancy ] [ computer science ]-----[=20 > university of maryland | college park ]=20 > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap >=20 > Archives: http://lists.frascone.com/pipermail/capwap >=20 _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Feb 16 11:42:25 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F9mD3-00047F-8N for capwap-archive@megatron.ietf.org; Thu, 16 Feb 2006 11:42:25 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA10735 for ; Thu, 16 Feb 2006 11:40:37 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 72EF1430108 for ; Thu, 16 Feb 2006 08:42:23 -0800 (PST) Received: from hermes.tigertech.net (hermes.tigertech.net [64.71.157.146]) by leela.tigertech.net (Postfix) with ESMTP id 4DBD943008C for ; Thu, 16 Feb 2006 08:42:04 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 3862F80C10C for ; Thu, 16 Feb 2006 08:42:04 -0800 (PST) Received: from circular.cs.umd.edu (circular.cs.umd.edu [128.8.128.176]) by hermes.tigertech.net (Postfix) with ESMTP id 6519580C126 for ; Thu, 16 Feb 2006 08:42:02 -0800 (PST) Received: from ismene (ismene.cs.umd.edu [128.8.126.62]) by circular.cs.umd.edu (8.12.11/8.12.5) with ESMTP id k1GGg0fA024155; Thu, 16 Feb 2006 11:42:00 -0500 Date: Thu, 16 Feb 2006 11:39:34 -0500 (EST) From: "T. Charles Clancy" X-X-Sender: clancy@ismene To: "Mani, Mahalingam (Mani)" Subject: Re: [Capwap] FW: DISCUSS and COMMENT: draft-ietf-capwap-objectives In-Reply-To: Message-ID: References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Cc: capwap@frascone.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com > Section 5.1.8 implies that an authenticated key exchange is optional. I > think that BCP 107 will require an authenticated key exchange for this > protocol. We require mutual authentication, but don't necessarily specify the use of an AKE. BCP 107 describes the process of "Automated Key Management", which may or may not be required, depending on exactly how the CAPWAP protocol operates. Certainly LWAPP (sans DTLS) would require automated key management, because it uses AES-CCM. Does "Automated Key Management" == "Authenticated Key Exchange"? I can't think of a reasonable way to do AKM without an AKE. We could essentially restate BCP 107 in section 5.1.8. Suggested text: "If the CAPWAP protocol meets the criteria to require automated key management per BCP 107, then mutual authentication MUST be accomplished via an authenticated key exchange." [ t. charles clancy ]--[ tcc@umd.edu ]--[ www.cs.umd.edu/~clancy ] [ computer science ]-----[ university of maryland | college park ] _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Feb 16 14:46:20 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F9p52-0004oU-O2 for capwap-archive@megatron.ietf.org; Thu, 16 Feb 2006 14:46:20 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA28137 for ; Thu, 16 Feb 2006 14:44:28 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 66C124300D5 for ; Thu, 16 Feb 2006 11:46:14 -0800 (PST) Received: from hermes.tigertech.net (hermes.tigertech.net [64.71.157.146]) by leela.tigertech.net (Postfix) with ESMTP id A7436430067 for ; Thu, 16 Feb 2006 11:45:47 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 99B0480C135 for ; Thu, 16 Feb 2006 11:45:47 -0800 (PST) Received: from smtpout1.bayarea.net (smtpout1.bayarea.net [209.128.95.10]) by hermes.tigertech.net (Postfix) with ESMTP id EDEDA80C138 for ; Thu, 16 Feb 2006 11:45:44 -0800 (PST) Received: from shell4.bayarea.net (shell4.bayarea.net [209.128.82.1]) by smtpout1.bayarea.net (8.12.10/8.12.10) with ESMTP id k1GJjp1l025748; Thu, 16 Feb 2006 11:45:51 -0800 Received: from shell4.bayarea.net (localhost [127.0.0.1]) by shell4.bayarea.net (8.12.11/8.12.11) with ESMTP id k1GJjfBX025983; Thu, 16 Feb 2006 11:45:41 -0800 Received: from localhost (dperkins@localhost) by shell4.bayarea.net (8.12.11/8.12.11/Submit) with ESMTP id k1GJjeHr025974; Thu, 16 Feb 2006 11:45:40 -0800 X-Authentication-Warning: shell4.bayarea.net: dperkins owned process doing -bs Date: Thu, 16 Feb 2006 11:45:40 -0800 (PST) From: "David T. Perkins" X-Sender: dperkins@shell4.bayarea.net To: "T. Charles Clancy" Subject: Re: [Capwap] FW: COMMENT: draft-ietf-capwap-objectives In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Cc: capwap@frascone.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com HI, Sorry if this is answered by context.... CAPWAP consists of 1) control messages (actions, configuration, status, and statistics) 2) tunneling of WLAN client traffic 3) system image transfer from an AC to WTPs Are the same security services needed for all operations? And can there be different security services provided for, say, CAPWAP control messages than tunnelled WLAN client traffic? On Thu, 16 Feb 2006, T. Charles Clancy wrote: > >> Protocol Requirement: > >> > >> The CAPWAP protocol MUST support mutual authentication of WTPs and > >> the centralized controller. It must also ensure that information > >> exchanges between them are secured. > > > > Does that mean encrypted or only integrity-protected? > > I think we meant at least integrity protected. Suggest: > > The CAPWAP protocol MUST support mutual authentication of WTPs and the > centralized controller. It also MUST ensure that information exchanges > are integrity protected, and SHOULD ensure confidentiality through > encryption." > > >> Protocol Requirement: > >> > >> The design of the CAPWAP protocol MUST NOT allow for any compromises > >> to the WLAN system by external entities. > > > > Strange phrasing. Suggestion: > > > > The design of the CAPWAP protocol MUST protect against any > > compromises of the WLAN system by external entities. > > Seems reasonable to me. > > [ t. charles clancy ]--[ tcc@umd.edu ]--[ www.cs.umd.edu/~clancy ] > [ computer science ]-----[ university of maryland | college park ] Regards, /david t. perkins _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Fri Feb 17 06:21:31 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1FA3g1-0005AU-IS for capwap-archive@megatron.ietf.org; Fri, 17 Feb 2006 06:21:30 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA20456 for ; Fri, 17 Feb 2006 06:19:41 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 75C884300F3 for ; Fri, 17 Feb 2006 01:11:31 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 6EA6A43004F for ; Fri, 17 Feb 2006 01:11:07 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 0DABA398046 for ; Fri, 17 Feb 2006 01:11:07 -0800 (PST) Received: from smtp1.mei.co.jp (smtp.mei.co.jp [133.183.129.25]) by zoidberg.tigertech.net (Postfix) with ESMTP id 28E8339803B for ; Fri, 17 Feb 2006 01:11:04 -0800 (PST) Received: from mail-gw.jp.panasonic.com (dodgers.mei.co.jp [157.8.1.150]) by smtp1.mei.co.jp (8.12.10/3.7W/jazz) with ESMTP id k1H9AevY029222; Fri, 17 Feb 2006 18:10:40 +0900 (JST) Received: by mail-gw.jp.panasonic.com (8.11.6p2/3.7W/somlx3) with ESMTP id k1H9AhH05725; Fri, 17 Feb 2006 18:10:43 +0900 (JST) Received: from localhost (localhost [127.0.0.1]) by mail.jp.panasonic.com (8.11.6p2/3.7W/astros) with SMTP id k1H9Ah416917; Fri, 17 Feb 2006 18:10:43 +0900 (JST) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Subject: RE: [Capwap] FW: COMMENT: draft-ietf-capwap-objectives Date: Fri, 17 Feb 2006 17:12:40 +0800 Message-ID: <5F09D220B62F79418461A978CA0921BDAC6AFC@pslexc01.psl.local> Thread-Topic: [Capwap] FW: COMMENT: draft-ietf-capwap-objectives Thread-Index: AcYzMYfRoShT1kaETDyDoBT2DSai9AAb8U0g From: "Saravanan Govindan" To: "David T. Perkins" , "T. Charles Clancy" X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.424 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE, FORGED_RCVD_HELO Cc: capwap@frascone.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable Hi Dave, I think it would be best to provide the same level of security services to all the three types of exchanges you mention below.=20 In particular, for WLAN client traffic, there are cases where 11i terminates at the WTP. And since WLAN client traffic is tunneled in CAPWAP data frames to the AC, these CAPWAP data will have to be secured also. So all types of exchanges will require the same security services. The mirror case also exists. When 11i terminates at the AC, WLAN client traffic will continue to be secured between the WTP and AC. So in this case, CAPWAP data exchanges may not require the same level of security services as CAPWAP control exchanges.=20 Saravanan -----Original Message----- From: David T. Perkins [mailto:dperkins@dsperkins.com]=20 Sent: Friday, February 17, 2006 3:46 AM To: T. Charles Clancy Cc: capwap@frascone.com Subject: Re: [Capwap] FW: COMMENT: draft-ietf-capwap-objectives HI, Sorry if this is answered by context.... CAPWAP consists of 1) control messages (actions, configuration, status, and statistics) 2) tunneling of WLAN client traffic 3) system image transfer from an AC to WTPs Are the same security services needed for all operations? And can there be different security services provided for, say, CAPWAP control messages than tunnelled WLAN client traffic? On Thu, 16 Feb 2006, T. Charles Clancy wrote: > >> Protocol Requirement: > >> > >> The CAPWAP protocol MUST support mutual authentication of WTPs and > >> the centralized controller. It must also ensure that information > >> exchanges between them are secured. > > > > Does that mean encrypted or only integrity-protected? >=20 > I think we meant at least integrity protected. Suggest: >=20 > The CAPWAP protocol MUST support mutual authentication of WTPs and the > centralized controller. It also MUST ensure that information exchanges=20 > are integrity protected, and SHOULD ensure confidentiality through=20 > encryption." >=20 > >> Protocol Requirement: > >> > >> The design of the CAPWAP protocol MUST NOT allow for any compromises > >> to the WLAN system by external entities. > > > > Strange phrasing. Suggestion: > > > > The design of the CAPWAP protocol MUST protect against any > > compromises of the WLAN system by external entities. >=20 > Seems reasonable to me. >=20 > [ t. charles clancy ]--[ tcc@umd.edu ]--[ www.cs.umd.edu/~clancy ] > [ computer science ]-----[ university of maryland | college park ] Regards, /david t. perkins _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Fri Feb 17 06:54:48 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1FA4CG-0005ra-81 for capwap-archive@megatron.ietf.org; Fri, 17 Feb 2006 06:54:48 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA21302 for ; Fri, 17 Feb 2006 06:53:00 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 51A064300D8 for ; Thu, 16 Feb 2006 23:30:56 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 3840043004F for ; Thu, 16 Feb 2006 23:30:25 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 1A9D8398043 for ; Thu, 16 Feb 2006 23:30:25 -0800 (PST) Received: from huawei.com (usaga01-in.huawei.com [12.129.211.51]) by zoidberg.tigertech.net (Postfix) with ESMTP id 88B41398021 for ; Thu, 16 Feb 2006 23:30:23 -0800 (PST) Received: from huawei.com (usaga01-in [172.18.4.6]) by usaga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IUT00AWAM17JO@usaga01-in.huawei.com> for capwap@frascone.com; Thu, 16 Feb 2006 23:27:08 -0800 (PST) Received: from huawei.com ([172.17.1.101]) by usaga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IUT00MOLM1676@usaga01-in.huawei.com> for capwap@frascone.com; Thu, 16 Feb 2006 23:27:07 -0800 (PST) Received: from [172.24.1.3] (Forwarded-For: [10.18.4.151]) by szxmc01-in.huawei.com (mshttpd); Fri, 17 Feb 2006 12:30:18 +0500 Date: Fri, 17 Feb 2006 12:30:18 +0500 From: zhaoyujin 31390 Subject: =?gb2312?B?u9i4tA==?=:RE: [Capwap] I recommend "Change MAC address to IP adderss in 10.3 Authenticated Key Exchange" To: "Pat Calhoun (pacalhou)" Message-id: <67f94568156a.68156a67f945@huawei.com> MIME-version: 1.0 X-Mailer: iPlanet Messenger Express 5.2 HotFix 1.25 (built Mar 3 2004) Content-type: text/plain; charset=us-ascii Content-language: zh-CN Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: zh-CN Priority: normal X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= Cc: capwap@frascone.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: 7BIT Hi: This is different MAC address. In authentication process, the MAC address is "AP's uplink interface MAC address" or "AC MAC address", and is not the WTP's BSSID. For example: o WTP-MAC - The WTP's MAC Address. o AC-MAC - The AC's MAC Address. Best regards Yujin Zhao H3Com > I disagree, especially since the WTP's BSSID must be known to the AC. > > Pat Calhoun > CTO, Wireless Networking Business Unit > Cisco Systems > > > > > -----Original Message----- > > From: zhaoyujin 31390 [zhaoyujin@huawei.com] > > Sent: Thursday, February 16, 2006 6:33 AM > > To: capwap@frascone.com > > Subject: [Capwap] I recommend "Change MAC address to IP > > adderss in 10.3 Authenticated Key Exchange" > > > > Hi all: > > > > LWAPP will delete Layer 2 Tunnel mode. > > > > I think the LWAPP protocol should not use the MAC address > > of AC and AP, so that I recommend we need think to change or > > delete all MAC address about AP and AC. > > > > Best regards > > Yujin Zhao > > H3Com > > > > _________________________________________________________________ > > To unsubscribe or modify your subscription options, please visit: > > http://lists.frascone.com/mailman/listinfo/capwap > > > > Archives: http://lists.frascone.com/pipermail/capwap > > > _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Fri Feb 17 06:54:49 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1FA4CG-0005rZ-7D for capwap-archive@megatron.ietf.org; Fri, 17 Feb 2006 06:54:49 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA21303 for ; Fri, 17 Feb 2006 06:53:00 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 9CFEF4300AE for ; Thu, 16 Feb 2006 17:50:46 -0800 (PST) Received: from hermes.tigertech.net (hermes.tigertech.net [64.71.157.146]) by leela.tigertech.net (Postfix) with ESMTP id E139743004F for ; Thu, 16 Feb 2006 17:40:00 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 2703680C10C for ; Thu, 16 Feb 2006 17:39:55 -0800 (PST) Received: from smtp1.mei.co.jp (smtp.mei.co.jp [133.183.129.25]) by hermes.tigertech.net (Postfix) with ESMTP id 4714880C0FD for ; Thu, 16 Feb 2006 17:39:53 -0800 (PST) Received: from mail-gw.jp.panasonic.com (dodgers.mei.co.jp [157.8.1.150]) by smtp1.mei.co.jp (8.12.10/3.7W/bulls) with ESMTP id k1H1dkcO027359; Fri, 17 Feb 2006 10:39:46 +0900 (JST) Received: by mail-gw.jp.panasonic.com (8.11.6p2/3.7W/somlx2) with ESMTP id k1H1dm524698; Fri, 17 Feb 2006 10:39:48 +0900 (JST) Received: from localhost (localhost [127.0.0.1]) by mail.jp.panasonic.com (8.11.6p2/3.7W/indians) with SMTP id k1H1dld14037; Fri, 17 Feb 2006 10:39:47 +0900 (JST) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Date: Fri, 17 Feb 2006 09:41:52 +0800 Message-ID: <5F09D220B62F79418461A978CA0921BDAC6963@pslexc01.psl.local> Thread-Topic: Operator requirements [Was RE: DISCUSS and COMMENT: draft-ietf-capwap-objectives ] Thread-Index: AcYzFMUno2RFCDZ6TviuS1Uaw1rmbAAS68ig From: "Saravanan Govindan" To: "Wijnen, Bert (Bert)" , "Sam Hartman" , X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.424 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE, FORGED_RCVD_HELO X-Mailman-Approved-At: Thu, 16 Feb 2006 17:50:10 -0800 Cc: yaoth@huawei.com, Cheng Hong , capwap@frascone.com, zhouwenhui@chinamobile.com Subject: [Capwap] Operator requirements [Was RE: DISCUSS and COMMENT: draft-ietf-capwap-objectives ] X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable All, I agree that the current text does not accurately portray the IETF's intentions. The intent was not to give low priority to operators' concerns. How about the following reorganized text? Suggested change: The objectives described in this document have been prioritized based on their immediate significance in the development and evaluation of a control and provisioning protocol for large-scale WLAN deployments. The priorities are; i. Mandatory and Accepted Objectives ii. Desirable Objectives iii. Non-Objectives The priorities have been assigned to individual objectives in accordance with working group discussions. Furthermore, a distinct category of objectives is provided based on requirements gathered from network service operators. These are specific need that arise from operators' experiencese [Note: Should be "experiences"] in deploying and managing large-scale WLANs. a. Operator Requirements ---XXX--- Does this seem better? Saravanan > Comment: > The introduction to section 5 implies that operator requirements are > valued less than non-objectives. I don't think that is the=20 > message the IETF wants to send to the operator community. >=20 > > The priorities are; >=20 > > i. Mandatory and Accepted Objectives > > ii. Desirable Objectives > > iii. Non-Objectives > > iv. Operator Requirements >=20 >=20 I guess the wording is somewhat unfortunate that one could indeed get the impression that Sam depicts. Maybe we can just leave out "the priorities are:". Mmm... even then one could see them as low priority, even though the one requirement in that category is listed as MUST. Maybe we need to change "prioritized" into "categorized" ?=20 Editors/authors? Bert _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Fri Feb 17 07:11:28 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1FA4SO-0001dc-4S for capwap-archive@megatron.ietf.org; Fri, 17 Feb 2006 07:11:28 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA21564 for ; Fri, 17 Feb 2006 07:09:40 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 603C64300E1 for ; Thu, 16 Feb 2006 19:11:33 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id D07964300AF for ; Thu, 16 Feb 2006 19:10:41 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id B9F37398047 for ; Thu, 16 Feb 2006 19:10:41 -0800 (PST) Received: from smtp1.mei.co.jp (smtp.mei.co.jp [133.183.129.25]) by zoidberg.tigertech.net (Postfix) with ESMTP id ECA23398046 for ; Thu, 16 Feb 2006 19:10:39 -0800 (PST) Received: from mail-gw.jp.panasonic.com (dodgers.mei.co.jp [157.8.1.150]) by smtp1.mei.co.jp (8.12.10/3.7W/kings) with ESMTP id k1H3AcxJ008032 for ; Fri, 17 Feb 2006 12:10:38 +0900 (JST) Received: by mail-gw.jp.panasonic.com (8.11.6p2/3.7W/somlx1) with ESMTP id k1H3Aex21866 for ; Fri, 17 Feb 2006 12:10:40 +0900 (JST) Received: from localhost (localhost [127.0.0.1]) by mail.jp.panasonic.com (8.11.6p2/3.7W/indians) with SMTP id k1H3Add20552 for ; Fri, 17 Feb 2006 12:10:39 +0900 (JST) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Date: Fri, 17 Feb 2006 11:12:41 +0800 Message-ID: <5F09D220B62F79418461A978CA0921BDAC69D9@pslexc01.psl.local> Thread-Topic: Security services [Was RE: DISCUSS and COMMENT: draft-ietf-capwap-objectives ] Thread-Index: AcYzDGYosKCemTcpQPWfsJtR5C5HeAAYv2FQ From: "Saravanan Govindan" To: X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.424 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE, FORGED_RCVD_HELO Subject: [Capwap] Security services [Was RE: DISCUSS and COMMENT: draft-ietf-capwap-objectives ] X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable All, >From the IESG, In the following text, please describe what security services are meant; probable services include integrity and confidentiality. >Once WTPs and WLAN controller have been mutually authenticated, > information exchanges between them must be secured against various > security threats. My suggestion: "Once WTPs and WLAN controller have been mutually authenticated, information exchanges between them must be secured against various security threats by providing confidentiality and integrity protection." Saravanan _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Fri Feb 17 07:11:28 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1FA4SO-0001dd-8B for capwap-archive@megatron.ietf.org; Fri, 17 Feb 2006 07:11:28 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA21565 for ; Fri, 17 Feb 2006 07:09:40 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 48F0D4300E2 for ; Thu, 16 Feb 2006 19:01:06 -0800 (PST) Received: from hermes.tigertech.net (hermes.tigertech.net [64.71.157.146]) by leela.tigertech.net (Postfix) with ESMTP id 6538243004F for ; Thu, 16 Feb 2006 19:00:28 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 30A5A80C128 for ; Thu, 16 Feb 2006 19:00:28 -0800 (PST) Received: from smtp1.mei.co.jp (smtp.mei.co.jp [133.183.129.25]) by hermes.tigertech.net (Postfix) with ESMTP id 300A680C10E for ; Thu, 16 Feb 2006 19:00:25 -0800 (PST) Received: from mail-gw.jp.panasonic.com (dodgers.mei.co.jp [157.8.1.150]) by smtp1.mei.co.jp (8.12.10/3.7W/kings) with ESMTP id k1H30OxJ027776 for ; Fri, 17 Feb 2006 12:00:24 +0900 (JST) Received: by mail-gw.jp.panasonic.com (8.11.6p2/3.7W/somlx1) with ESMTP id k1H30Px17921 for ; Fri, 17 Feb 2006 12:00:25 +0900 (JST) Received: from localhost (localhost [127.0.0.1]) by mail.jp.panasonic.com (8.11.6p2/3.7W/indians) with SMTP id k1H30Pd13521 for ; Fri, 17 Feb 2006 12:00:25 +0900 (JST) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Date: Fri, 17 Feb 2006 11:02:20 +0800 Message-ID: <5F09D220B62F79418461A978CA0921BDAC69D1@pslexc01.psl.local> Thread-Topic: Desirable Objectives [Was COMMENT: draft-ietf-capwap-objectives ] Thread-Index: AcYy4s4oNIHrYiRXRISuyJSii28OlgAgR+tQAAJYUJA= From: "Saravanan Govindan" To: X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.424 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE, FORGED_RCVD_HELO Subject: [Capwap] Desirable Objectives [Was COMMENT: draft-ietf-capwap-objectives ] X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable All, >From the IESG,=20 > 5.2. Desirable Objectives Why aren't the items in this section listed as SHOULD instead of MUST? I would like to get the group's views on this. In my opinion, the Desirable Objectives as a category is to be listed as 'SHOULD'. However, the individual objectives that make up the category are still 'MUST', because they represent mandatory operations for the protocol - provided that the protocol chooses to realize a Desirable Objective. =20 Saravanan _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From rabutreasa@thn.ne.jp Fri Feb 17 09:00:32 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1FA64d-0003TI-Sx for capwap-archive@megatron.ietf.org; Fri, 17 Feb 2006 08:55:04 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA26791 for ; Fri, 17 Feb 2006 08:52:53 -0500 (EST) Received: from adsl196-247-196-206-196.adsl196-7.iam.net.ma ([196.206.196.247] helo=thn.ne.jp) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1FA47n-00079T-UR for capwap-archive@ietf.org; Fri, 17 Feb 2006 06:50:18 -0500 Message-ID: <000001c633b6$2a335730$b493a8c0@epigram> Reply-To: "Treasa Rabon" From: "Treasa Rabon" To: capwap-archive@ietf.org Subject: Re: eyewas h news Date: Fri, 17 Feb 2006 06:34:51 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C6338C.415D4F30" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: 2.6 (++) X-Scan-Signature: 0fa76816851382eb71b0a882ccdc29ac This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C6338C.415D4F30 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi =20 VwAvL y leUwMi j$v1 o ,r2z1t V s I c AwGgRsAl s $a3h,n7d5c C u IxA f L z IaSi s $a3o,b3o3v =20 http://www.daintegra.com =20 ------=_NextPart_000_0001_01C6338C.415D4F30 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Hi
 
VwAvL y leUwMi j$v1 o ,r2z1t
V s I c AwGgRsAl  s $a3h,n7d5c
C u IxA f L z IaSi  s $a3o,b3o3v
 
------=_NextPart_000_0001_01C6338C.415D4F30-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Fri Feb 17 10:28:54 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1FA7XS-0006ZC-CF for capwap-archive@megatron.ietf.org; Fri, 17 Feb 2006 10:28:54 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA24906 for ; Fri, 17 Feb 2006 10:27:04 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id CB610430122 for ; Fri, 17 Feb 2006 07:28:51 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 8461D430067 for ; Fri, 17 Feb 2006 07:28:23 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 7123539803B for ; Fri, 17 Feb 2006 07:28:23 -0800 (PST) Received: from ihemail2.lucent.com (ihemail2.lucent.com [192.11.222.163]) by zoidberg.tigertech.net (Postfix) with ESMTP id 7FB1A39805A for ; Fri, 17 Feb 2006 07:28:20 -0800 (PST) Received: from nl0006exch001h.wins.lucent.com (h135-85-76-62.lucent.com [135.85.76.62]) by ihemail2.lucent.com (8.12.11/8.12.11) with ESMTP id k1HFSH36010609; Fri, 17 Feb 2006 09:28:18 -0600 (CST) Received: by nl0006exch001h.nl.lucent.com with Internet Mail Service (5.5.2657.72) id ; Fri, 17 Feb 2006 16:28:16 +0100 Message-ID: <7D5D48D2CAA3D84C813F5B154F43B1550956C0BA@nl0006exch001u.nl.lucent.com> From: "Wijnen, Bert (Bert)" To: Saravanan Govindan , capwap@frascone.com Subject: RE: [Capwap] Desirable Objectives [Was COMMENT: draft-ietf-capwap -objectives ] Date: Fri, 17 Feb 2006 16:28:11 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com I think that keeping the MUST language is fine. For every one of the desirable objectives that the WG decides to address, the requirement then becomes a MUST (I think). So I agree with Saravan here. Note that it was a non-blocking comment from one AD, so we only need to change it if the WG decides that such a change would make a lot of sense. Bert > -----Original Message----- > From: Saravanan Govindan [mailto:Saravanan.Govindan@sg.panasonic.com] > Sent: Friday, February 17, 2006 04:02 > To: capwap@frascone.com > Subject: [Capwap] Desirable Objectives [Was COMMENT: > draft-ietf-capwap-objectives ] > > > All, > > >From the IESG, > > > 5.2. Desirable Objectives > > Why aren't the items in this section listed as SHOULD instead of MUST? > > > I would like to get the group's views on this. > > In my opinion, the Desirable Objectives as a category is to > be listed as > 'SHOULD'. However, the individual objectives that make up the category > are still 'MUST', because they represent mandatory operations for the > protocol - provided that the protocol chooses to realize a Desirable > Objective. > > > Saravanan > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap > > Archives: http://lists.frascone.com/pipermail/capwap > _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Fri Feb 17 10:29:21 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1FA7Xt-0006rw-6E for capwap-archive@megatron.ietf.org; Fri, 17 Feb 2006 10:29:21 -0500 Received: from leela.tigertech.net (leela.tigertech.net [64.71.157.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA25090 for ; Fri, 17 Feb 2006 10:27:31 -0500 (EST) Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 3151C4300D8 for ; Fri, 17 Feb 2006 07:29:19 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 78E50430067 for ; Fri, 17 Feb 2006 07:28:24 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 6EAB639803B for ; Fri, 17 Feb 2006 07:28:24 -0800 (PST) Received: from ihemail2.lucent.com (ihemail2.lucent.com [192.11.222.163]) by zoidberg.tigertech.net (Postfix) with ESMTP id 7FF8E39805D for ; Fri, 17 Feb 2006 07:28:20 -0800 (PST) Received: from nl0006exch001h.wins.lucent.com (h135-85-76-62.lucent.com [135.85.76.62]) by ihemail2.lucent.com (8.12.11/8.12.11) with ESMTP id k1HFSHUn010607; Fri, 17 Feb 2006 09:28:18 -0600 (CST) Received: by nl0006exch001h.nl.lucent.com with Internet Mail Service (5.5.2657.72) id ; Fri, 17 Feb 2006 16:28:16 +0100 Message-ID: <7D5D48D2CAA3D84C813F5B154F43B1550956C0B9@nl0006exch001u.nl.lucent.com> From: "Wijnen, Bert (Bert)" To: Saravanan Govindan , capwap@frascone.com Subject: RE: [Capwap] Security services [Was RE: DISCUSS and COMMENT: draf t-ietf-capwap-objectives ] Date: Fri, 17 Feb 2006 16:28:11 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Once you guys agree on the text (I hope that to be real soon) then pls send the text to me and Sam Hartman, so Sam can respond if such would address his concern. Based on the size of the change(s), I will decide if we want a new revision or if I can pass it on to RFC-Editor with a (small) list of edits to be made. Bert > -----Original Message----- > From: Saravanan Govindan [mailto:Saravanan.Govindan@sg.panasonic.com] > Sent: Friday, February 17, 2006 04:13 > To: capwap@frascone.com > Subject: [Capwap] Security services [Was RE: DISCUSS and COMMENT: > draft-ietf-capwap-objectives ] > > > All, > > >From the IESG, > > In the following text, please describe what security services are > meant; probable services include integrity and confidentiality. > >Once WTPs and WLAN controller have been mutually authenticated, > > information exchanges between them must be secured against various > > security threats. > > > My suggestion: > > "Once WTPs and WLAN controller have been mutually authenticated, > information exchanges between them must be secured against various > security threats by providing confidentiality and integrity > protection." > > > > Saravanan > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap > > Archives: http://lists.frascone.com/pipermail/capwap > _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From hepsiegea@qu.org Sat Feb 18 03:45:51 2006 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1FANix-0005XM-TN for capwap-archive@megatron.ietf.org; Sat, 18 Feb 2006 03:45:51 -0500 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA00165 for ; Sat, 18 Feb 2006 03:44:03 -0500 (EST) Received: from 183.red-80-59-103.staticip.rima-tde.net ([80.59.103.183] helo=qu.org) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1FANxU-0004mV-Pf for capwap-archive@ietf.org; Sat, 18 Feb 2006 04:00:57 -0500 Message-ID: <000001c63467$a672e020$690aa8c0@delve> Reply-To: "Hepsie Gearing" From: "Hepsie Gearing" To: capwap-archive@ietf.org Subject: Re: mi sappropriate news Date: Sat, 18 Feb 2006 03:45:20 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C6343D.BD9CD820" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: 2.4 (++) X-Scan-Signature: 00e94c813bef7832af255170dca19e36 This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C6343D.BD9CD820 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi =20 VeAxLolsU n Mv a$y1 n ,h2t1s VaIlApGnR x An v$ f 3 f ,v7h5k CiIsAbLxIdS g p $f3o, m 3f3s =20 http://www.difancy.com =20 ------=_NextPart_000_0001_01C6343D.BD9CD820 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Hi
 
VeAxLolsU n Mv a$y1 n ,h2t1s
VaIlApGnR x An v$ f 3 f ,v7h5k
CiIsAbLxIdS g   p $f3o, m 3f3s
 
------=_NextPart_000_0001_01C6343D.BD9CD820-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Sun Feb 19 17:35:52 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FAx9k-0003L7-EJ for capwap-archive@lists.ietf.org; Sun, 19 Feb 2006 17:35:52 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FAx9h-000855-HH for capwap-archive@lists.ietf.org; Sun, 19 Feb 2006 17:35:52 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 8A0314300B7 for ; Sun, 19 Feb 2006 14:35:48 -0800 (PST) Received: from hermes.tigertech.net (hermes.tigertech.net [64.71.157.146]) by leela.tigertech.net (Postfix) with ESMTP id C7369430054 for ; Sun, 19 Feb 2006 14:34:48 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id B251B80C150 for ; Sun, 19 Feb 2006 14:34:48 -0800 (PST) Received: from smtp110.plus.mail.mud.yahoo.com (smtp110.plus.mail.mud.yahoo.com [68.142.206.243]) by hermes.tigertech.net (Postfix) with SMTP id E4EB280C14F for ; Sun, 19 Feb 2006 14:34:44 -0800 (PST) Received: (qmail 40355 invoked from network); 19 Feb 2006 22:34:44 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Received:Message-ID:Date:From:Reply-To:User-Agent:X-Accept-Language:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type; b=wiijnlgJOjKmiw+3tA97950dB8AMtblpheI4kO6xh9o5TKPs1E/SfpmbM+pY3XDIvU3HPPQBFvwVghVfhNb1VaRq/4XCur5RhKmnHlXOCLdEUZkRsfqPbif6I7fI/D6wdOiilKCY0JHCbHdo1FtCp5lLd5v/TXouFbIWMgcT/Ko= ; Received: from unknown (HELO ?130.34.189.45?) (behcetsarikaya@216.74.250.138 with plain) by smtp110.plus.mail.mud.yahoo.com with SMTP; 19 Feb 2006 22:34:43 -0000 Message-ID: <43F8F282.4080404@yahoo.com> Date: Sun, 19 Feb 2006 16:34:42 -0600 From: Behcet Sarikaya User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Pat Calhoun (pacalhou)" Subject: Re: [Capwap] Radius References: <4FF84B0BC277FF45AA27FE969DD956A2015C3CA8@xmb-sjc-235.amer.cisco.com> In-Reply-To: <4FF84B0BC277FF45AA27FE969DD956A2015C3CA8@xmb-sjc-235.amer.cisco.com> X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.998 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE, DNS_FROM_RFC_WHOIS, HTML_40_50, HTML_MESSAGE, HTML_TITLE_EMPTY X-Spam-Level: Cc: capwap@frascone.com, Philip.Rakity@u4eatech.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list Reply-To: sarikaya@ieee.org List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============0301452936==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.1 (/) X-Scan-Signature: f4e722e9456ead69ba4cdd21dd3d3600 This is a multi-part message in MIME format. --===============0301452936== Content-Type: multipart/alternative; boundary="------------060404030003010003080803" This is a multi-part message in MIME format. --------------060404030003010003080803 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit I am confused, are you saying that local MAC WTPs (with a Radius client) are not governed by CAPWAP work? Behcet Pat Calhoun (pacalhou) wrote: >I concur with David, and therefore having RADIUS in the AP implies that >it is a standalone AP, and therefore not governed by the CAPWAP work. > >Pat Calhoun >CTO, Wireless Networking Business Unit >Cisco Systems > > > > > >>-----Original Message----- >>From: David T. Perkins [mailto:dperkins@dsperkins.com] >>Sent: Tuesday, February 07, 2006 10:19 AM >>To: Philip.Rakity@u4eatech.com >>Cc: capwap@frascone.com >>Subject: Re: [Capwap] Radius >> >>HI, >> >>Where do you draw the line between: >>1) a collection of stand-alone APs that have a management >> application apply a consistent configuration >>2) a collection an AC and connected WTPs that >> act together as a system. >> >>I believe that this is an important issue, because #1 does >>not need the CAPWAP protocol. It can use the existing >>mangement interfaces (be they CLI, SNMP, or proprietary) >>found on standalone APs. And these interfaces can be different. >>That is, AP #1 could be managed via scripted CLI commands, >>and AP #2 could be managed via SNMP operations. >> >>Regards, >>/david t. perkins >> >>On Tue, 7 Feb 2006 Philip.Rakity@u4eatech.com wrote: >> >> >>>My reading of the draft indicates there are 2 modes of operation. >>> >>>a) Combined MAC (where the AP does everything) >>>b) Split MAC (where the AC does most of the work) >>> >>>in case b) it is clear that the AC must act as the radius relay. >>> >>>in case a) where the AC is just configuring the WTP, it is >>> >>> >>not clear >> >> >>>WHY the AC has to 'proxy' as the radius server. I think the >>>restriction on REQUIRING that the AC act as the radius >>> >>> >>server (in base >> >> >>>a) is too strong. >>> >>>Philip >>> >>>Quoting Charles Clancy : >>> >>> >>> >>>>Are you suggesting the WTPs communicate directly with the AAA >>>>server, and the AC configures the WTPs with the appropriate >>>>connection information? Two thoughts: >>>> >>>>1. AAA traffic is trivial compared to everything else the >>>> >>>> >>AC will be >> >> >>>>doing, so the performance increase would be minimal. >>>> >>>>2. You've broken the keying/trust hierarchy. Now compromise of a >>>>single WTP would allow an attacker the ability to compromise all >>>>networks that AAA server manages. You can't contain >>>> >>>> >>attacks anymore. >> >> >>>>[ t. charles clancy ]--[ tcc@umd.edu ]--[ >>>> >>>> >>www.cs.umd.edu/~clancy ] [ >> >> >>>>computer science ]-----[ university of maryland | college park ] >>>> >>>>Philip.Rakity@u4eatech.com wrote: >>>> >>>> >>>>>I was wondering if it really makes sense in the NON >>>>> >>>>> >>split MAC case >> >> >>>>>to require the AC handle radius requests. It seems this is over >>>>>burdening the AC. The LWAPP protocol should allow the AC to >>>>>configure the radius server. >>>>> >>>>>regards, >>>>> >>>>>Philip >>>>> >>>>>_________________________________________________________________ >>>>>To unsubscribe or modify your subscription options, please visit: >>>>>http://lists.frascone.com/mailman/listinfo/capwap >>>>> >>>>>Archives: http://lists.frascone.com/pipermail/capwap >>>>> >>>>> >>>>_________________________________________________________________ >>>>To unsubscribe or modify your subscription options, please visit: >>>>http://lists.frascone.com/mailman/listinfo/capwap >>>> >>>>Archives: http://lists.frascone.com/pipermail/capwap >>>> >>>> >>>> >>> >>>_________________________________________________________________ >>>To unsubscribe or modify your subscription options, please visit: >>>http://lists.frascone.com/mailman/listinfo/capwap >>> >>>Archives: http://lists.frascone.com/pipermail/capwap >>> >>> >>> >>_________________________________________________________________ >>To unsubscribe or modify your subscription options, please visit: >>http://lists.frascone.com/mailman/listinfo/capwap >> >>Archives: http://lists.frascone.com/pipermail/capwap >> >> >> >_________________________________________________________________ >To unsubscribe or modify your subscription options, please visit: >http://lists.frascone.com/mailman/listinfo/capwap > >Archives: http://lists.frascone.com/pipermail/capwap > > > > --------------060404030003010003080803 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit I am confused, are you saying that local MAC WTPs (with a Radius client) are not governed by CAPWAP work?

Behcet

Pat Calhoun (pacalhou) wrote: 
I concur with David, and therefore having RADIUS in the AP implies that
it is a standalone AP, and therefore not governed by the CAPWAP work.

Pat Calhoun
CTO, Wireless Networking Business Unit
Cisco Systems

 

  
-----Original Message-----
From: David T. Perkins [mailto:dperkins@dsperkins.com] 
Sent: Tuesday, February 07, 2006 10:19 AM
To: Philip.Rakity@u4eatech.com
Cc: capwap@frascone.com
Subject: Re: [Capwap] Radius

HI,

Where do you draw the line between:
1) a collection of stand-alone APs that have a management
   application apply a consistent configuration
2) a collection an AC and connected WTPs that
   act together as a system.

I believe that this is an important issue, because #1 does 
not need the CAPWAP protocol. It can use the existing 
mangement interfaces (be they CLI, SNMP, or proprietary) 
found on standalone APs. And these interfaces can be different.
That is, AP #1 could be managed via scripted CLI commands, 
and AP #2 could be managed via SNMP operations.

Regards,
/david t. perkins

On Tue, 7 Feb 2006 Philip.Rakity@u4eatech.com wrote: 
    
My reading of the draft indicates there are 2 modes of operation.

a) Combined MAC (where the AP does everything)
b) Split MAC (where the AC does most of the work)

in case b) it is clear that the AC must act as the radius relay.

in case a) where the AC is just configuring the WTP, it is 
      
not clear 
    
WHY the AC has to 'proxy' as the radius server.  I think the 
restriction on REQUIRING that the AC act as the radius 
      
server (in base
    
a) is too strong.

Philip

Quoting Charles Clancy <clancy@cs.umd.edu>:

      
Are you suggesting the WTPs communicate directly with the AAA 
server, and the AC configures the WTPs with the appropriate 
connection information?  Two thoughts:

1. AAA traffic is trivial compared to everything else the 
        
AC will be 
    
doing, so the performance increase would be minimal.

2. You've broken the keying/trust hierarchy.  Now compromise of a 
single WTP would allow an attacker the ability to compromise all 
networks that AAA server manages.  You can't contain 
        
attacks anymore.
    
[ t. charles clancy ]--[ tcc@umd.edu ]--[ 
        
www.cs.umd.edu/~clancy ] [ 
    
computer science ]-----[ university of maryland | college park ]

Philip.Rakity@u4eatech.com wrote:
        
I was wondering if it really makes sense in the NON 
          
split MAC case 
    
to require the AC handle radius requests.  It seems this is over 
burdening the AC.  The LWAPP protocol should allow the AC to 
configure the radius server.

regards,

Philip

_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/capwap

Archives: http://lists.frascone.com/pipermail/capwap
          
_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/capwap

Archives: http://lists.frascone.com/pipermail/capwap

        

_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/capwap

Archives: http://lists.frascone.com/pipermail/capwap

      
_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/capwap

Archives: http://lists.frascone.com/pipermail/capwap

    
_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/capwap

Archives: http://lists.frascone.com/pipermail/capwap
--------------060404030003010003080803-- --===============0301452936== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============0301452936==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 20 01:40:14 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FB4iU-0006Fh-23 for capwap-archive@lists.ietf.org; Mon, 20 Feb 2006 01:40:14 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FB4iS-00043Z-1Y for capwap-archive@lists.ietf.org; Mon, 20 Feb 2006 01:40:14 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id F3B9743009A for ; Sun, 19 Feb 2006 22:40:10 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 8ECC5430054 for ; Sun, 19 Feb 2006 22:39:22 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 786E9398025 for ; Sun, 19 Feb 2006 22:39:22 -0800 (PST) Received: from smtp1.mei.co.jp (smtp.mei.co.jp [133.183.129.25]) by zoidberg.tigertech.net (Postfix) with ESMTP id 4014939800E for ; Sun, 19 Feb 2006 22:39:20 -0800 (PST) Received: from mail-gw.jp.panasonic.com (dodgers.mei.co.jp [157.8.1.150]) by smtp1.mei.co.jp (8.12.10/3.7W/jazz) with ESMTP id k1K6dFQU008525; Mon, 20 Feb 2006 15:39:15 +0900 (JST) Received: by mail-gw.jp.panasonic.com (8.11.6p2/3.7W/somlx1) with ESMTP id k1K6dHp01092; Mon, 20 Feb 2006 15:39:17 +0900 (JST) Received: from localhost (localhost [127.0.0.1]) by mail.jp.panasonic.com (8.11.6p2/3.7W/bluejays) with SMTP id k1K6dHf15922; Mon, 20 Feb 2006 15:39:17 +0900 (JST) Content-class: urn:content-classes:message MIME-Version: 1.0 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Date: Mon, 20 Feb 2006 14:41:29 +0800 Message-ID: <5F09D220B62F79418461A978CA0921BDB23451@pslexc01.psl.local> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: IESG Review Thread-Index: AcY1zQWS1wilaKvOSnCfEXAEw/y4swAGmBbg From: "Saravanan Govindan" To: X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.425 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE, FORGED_RCVD_HELO, HTML_MESSAGE X-Spam-Level: Cc: yaoth@huawei.com, Cheng Hong , zhouwenhui@chinamobile.com Subject: [Capwap] IESG Review X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============0387071142==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.1 (/) X-Scan-Signature: 8949cc4fd406a34204d26327803246d1 This is a multi-part message in MIME format. --===============0387071142== Content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C635E8.3CE7D6B3" This is a multi-part message in MIME format. ------_=_NextPart_001_01C635E8.3CE7D6B3 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi All, =20 This is a list of comments from the IESG and suggested responses. Feedback would be appreciated. =20 Saravanan =20 =20 =20 =20 =20 Brian Carpenter's Review: =20 1. Section: 5.1.8 CAPWAP Protocol Security, Protocol Requirement =20 Comment: "Does that [secured] mean encrypted or integrity-protected?" =20 Original text: "The CAPWAP protocol MUST support mutual authentication of WTPs and the centralized controller. It must also ensure that information exchanges between them are secured." =20 Suggestion: From Charles Clancy - "The CAPWAP protocol MUST support mutual authentication of WTPs and the centralized controller. It also MUST ensure that information exchanges are integrity protected, and SHOULD ensure confidentiality through encryption." --XX-- =20 2. Section: 5.1.9 System-wide Security, Protocol Requirement =20 Comment: "Strange phrasing" of requirement =20 Original text: "The design of the CAPWAP protocol MUST NOT allow for any compromises to the WLAN system by external entities." =20 Clarification: From Mani - "the intent was to emphasize that the protocol MUST not introduce additional threats weakening the security of WLAN system. CAPWAP protocol by itself is not intended to and cannot protect against all compromises to the WLAN system which is broader than the scope of the protocol." --XX- =20 3. Section: 5.1.12 Protocol Specifications =20 Comment: "Since this is a basic requirement of all IETF standards, why is it listed?" =20 Original text: "Any WTP or WLAN controller vendor or any person MUST be able to implement the CAPWAP protocol from the specification itself and by that it is required that all such implementations do interoperate." =20 Clarification: From Saravanan - "This objective arose during discussions on the scope of the CAPWAP protocol in managing WLAN systems. The intent was to highlight the 'completeness' of protocol in terms of achieving its interoperability goals." --XX- =20 4. Section: 5.2 Desirable Objectives =20 Comment: "Why aren't the items in this section listed as SHOULD instead of MUST?" =20 Clarification: From Saravanan - "The Desirable Objectives as a category can be listed as 'SHOULD'. However, the individual objectives that make up the category are still 'MUST', because they represent mandatory operations for the protocol - provided that the protocol chooses to realize a Desirable Objective." --XX- =20 =20 Sam Hartman's Review =20 5. Section: 5.1.8 CAPWAP Protocol Security =20 Comment: "Section 5.1.8 implies that an authenticated key exchange is optional. I think that BCP 107 will require an authenticated key exchange for this protocol." =20 Suggestion: From Charles Clancy [To be inserted as last paragraph of Description] - "If the CAPWAP protocol meets the criteria to require automated key management per BCP 107, then mutual authentication MUST be accomplished via an authenticated key exchange." =20 [Reference to BCP 107 to be included.] --XX- =20 6. Section: 5.1.8 CAPWAP Protocol Security, Description, Paragraph 5 =20 Comment: In the following text, please describe what security services are meant; probable services include integrity and confidentiality. =20 > Once WTPs and WLAN controller have been mutually authenticated, information exchanges between them > must be secured against various security threats. =20 Suggestion: From Saravanan - "Once WTPs and WLAN controller have been mutually authenticated, information exchanges between them must be secured against various security threats by providing confidentiality and integrity protection." --XX- =20 7. Section: 5 Objectives, Introduction =20 Comment: "The introduction to section 5 implies that operator requirements are valued less than non-objectives. I don't think that is the message the IETF wants to send to the operator community." =20 Suggestion: From Saravanan, Reorganize introduction paragraph.=20 =20 "The objectives described in this document have been prioritized based on their immediate significance in the development and evaluation of a control and provisioning protocol for large-scale WLAN deployments. =20 The priorities are; =20 i. Mandatory and Accepted Objectives ii. Desirable Objectives iii. Non-Objectives =20 The priorities have been assigned to individual objectives in accordance with working group discussions. =20 Furthermore, a distinct category of objectives is provided based on requirements gathered from network service operators. These are specific need that arise from operators' experiencese [Note: Should be "experiences"] in deploying and managing large-scale WLANs. =20 a. Operator Requirements" --XX- =20 =20 =20 =20 =20 =20 ------_=_NextPart_001_01C635E8.3CE7D6B3 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi All,

 

This is a list of comments from the IESG and = suggested responses. Feedback would be appreciated.

 

Saravanan

 

 

 

 

 

Brian Carpenter’s = Review:

 

1. Section: 5.1.8 CAPWAP Protocol Security, Protocol Requirement

 

Comment: “Does that [secured] mean encrypted or integrity-protected?”

 

Original text: "The CAPWAP protocol MUST support = mutual authentication of WTPs and the centralized controller.  It must = also ensure that information exchanges between them are = secured."

 

Suggestion: From Charles Clancy – “The = CAPWAP protocol MUST support mutual authentication of WTPs and the centralized controller. It also MUST ensure that information exchanges are integrity = protected, and SHOULD ensure confidentiality through = encryption."

--XX--

 

2. Section: 5.1.9 System-wide Security, Protocol = Requirement

 

Comment: “Strange phrasing” of = requirement

 

Original text: “The =
design of the CAPWAP protocol MUST NOT allow for any compromises to the =
WLAN system by external entities.”

 

Clarification: From Mani – “the intent = was to emphasize that the protocol MUST not introduce additional threats = weakening the security of WLAN system. CAPWAP protocol by itself is not intended to = and cannot protect against all compromises to the WLAN system which is = broader than the scope of the protocol.”

--XX—

 

3. Section: 5.1.12 Protocol = Specifications

 

Comment: “Since this is a basic requirement of = all IETF standards, why is it listed?”

 

Original text: “Any =
WTP or WLAN controller vendor or any person MUST be able to implement =
the CAPWAP protocol from the specification itself and by that it is =
required that all such implementations do =
interoperate.”
 
Clarification: From =
Saravanan – “This objective arose during discussions on the =
scope of the CAPWAP protocol in managing WLAN systems. The intent was to =
highlight the 'completeness' of protocol in terms of achieving its =
interoperability goals.”
--XX—
 
4. Section: 5.2 Desirable =
Objectives
 
Comment: “Why aren't =
the items in this section listed as SHOULD instead of =
MUST?”
 
Clarification: From =
Saravanan – “The Desirable Objectives as a category can be =
listed as 'SHOULD'. However, the individual objectives that make up the =
category are still 'MUST', because they represent mandatory operations =
for the protocol - provided that the protocol chooses to realize a =
Desirable Objective.”
--XX—
 
 
Sam Hartman’s =
Review
 
5. Section: 5.1.8 CAPWAP =
Protocol Security
 
Comment: “Section =
5.1.8 implies that an authenticated key exchange is optional. I think =
that BCP 107 will require an authenticated key exchange for this =
protocol.”
 
Suggestion: From Charles =
Clancy [To be inserted as last paragraph of Description] – =
“If the CAPWAP protocol meets the criteria to require automated =
key management per BCP 107, then mutual authentication MUST be =
accomplished via an authenticated key =
exchange."
 
[Reference to BCP 107 to be =
included.]
--XX—
 
6. Section: 5.1.8 CAPWAP =
Protocol Security, Description, Paragraph =
5
 
Comment: In the following =
text, please describe what security services are meant; probable =
services include integrity and =
confidentiality.
 
> Once WTPs and WLAN =
controller have been mutually authenticated, information exchanges =
between them
> must be secured =
against various security =
threats.
 
Suggestion: From Saravanan =
- "Once WTPs and WLAN controller have been mutually authenticated, =
information exchanges between them must be secured against various =
security threats by providing confidentiality and integrity =
protection."
--XX—
 
7. Section: 5 Objectives, =
Introduction
 
Comment: “The =
introduction to section 5 implies that operator requirements are valued =
less than non-objectives.  I don't think that is the message the =
IETF wants to send to the operator =
community.”
 
Suggestion: From Saravanan, =
Reorganize introduction paragraph. =

 
“The objectives =
described in this document have been prioritized based on their =
immediate significance in the development and evaluation of a control =
and provisioning protocol for large-scale WLAN =
deployments.
 
The priorities =
are;
 
i.  Mandatory and =
Accepted Objectives
ii.  Desirable =
Objectives
iii.  =
Non-Objectives
 
The priorities have been =
assigned to individual objectives in accordance with working group =
discussions.
 
Furthermore, a distinct =
category of objectives is provided based on requirements gathered from =
network service operators.  These are specific need that arise from =
operators' experiencese [Note: Should be "experiences"] in =
deploying and managing large-scale =
WLANs.
 
a. Operator =
Requirements”
--XX—
 
 
 

 

 

 

------_=_NextPart_001_01C635E8.3CE7D6B3-- --===============0387071142== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============0387071142==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Feb 21 03:09:30 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FBSaQ-0005Y5-S4 for capwap-archive@lists.ietf.org; Tue, 21 Feb 2006 03:09:30 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FBSaN-0007rZ-AS for capwap-archive@lists.ietf.org; Tue, 21 Feb 2006 03:09:30 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 10576430075 for ; Tue, 21 Feb 2006 00:09:26 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 868FA430071 for ; Tue, 21 Feb 2006 00:08:22 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 7B735398028 for ; Tue, 21 Feb 2006 00:08:22 -0800 (PST) Received: from webmail.rp.edu.sg (webmail.rp.sg [202.21.158.83]) by zoidberg.tigertech.net (Postfix) with ESMTP id DB7DD39801F for ; Tue, 21 Feb 2006 00:08:18 -0800 (PST) Received: from staff-mail.rp.edu.sg ([202.21.158.80]) by webmail.rp.edu.sg with Microsoft SMTPSVC(6.0.3790.1830); Tue, 21 Feb 2006 16:08:15 +0800 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830 Importance: normal Priority: normal Content-Class: urn:content-classes:message MIME-Version: 1.0 Subject: RE: [Capwap] IESG Review Date: Tue, 21 Feb 2006 16:08:12 +0800 Message-ID: <9C374CF75527504394E573E1937136C40261D738@staff-mail.rp.edu.sg> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] IESG Review thread-index: AcY1zQWS1wilaKvOSnCfEXAEw/y4swAGmBbgADTeREA= From: "Richard Gwee" To: "Saravanan Govindan" , X-OriginalArrivalTime: 21 Feb 2006 08:08:15.0729 (UTC) FILETIME=[F797FE10:01C636BD] X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.462 tagged_above=-999 required=7 tests=FORGED_RCVD_HELO, HTML_60_70, HTML_MESSAGE, HTML_TAG_EXIST_TBODY, HTML_TEXT_AFTER_BODY X-Spam-Level: Cc: yaoth@huawei.com, Cheng Hong , zhouwenhui@chinamobile.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============0987399802==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.5 (/) X-Scan-Signature: d8506cd99a2b34fd8177504aff14605e This is a multi-part message in MIME format. --===============0987399802== Content-Transfer-Encoding: 7bit Content-Class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C636BD.F6200686" This is a multi-part message in MIME format. ------_=_NextPart_001_01C636BD.F6200686 X-EC0D2A8E-5CB7-4969-9C36-46D859D137BE-PartID: D5D8CB65-EFE5-4BEA-9FD1-D4FD07E4A722 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Hi,=20 =20 My two cents' worth of thought. =20 I understand that there may exist a need to change some of the text in the CAPWAP objectives. In any cases, I feel that the changes will have to be carefully thought through, especially since we have evaluated the four proposals based on these objectives. We do not certainly want to see some efforts wasted. =20 My feedback are inline. =20 Thanks and regards Richard Gwee=20 =20 ________________________________ From: Saravanan Govindan [mailto:Saravanan.Govindan@sg.panasonic.com]=20 Sent: Monday, February 20, 2006 2:41 PM To: capwap@frascone.com Cc: yaoth@huawei.com; Cheng Hong; zhouwenhui@chinamobile.com Subject: [Capwap] IESG Review =20 Hi All, =20 This is a list of comments from the IESG and suggested responses. Feedback would be appreciated. =20 Saravanan =20 =20 =20 =20 =20 Brian Carpenter's Review: =20 1. Section: 5.1.8 CAPWAP Protocol Security, Protocol Requirement =20 Comment: "Does that [secured] mean encrypted or integrity-protected?" =20 Original text: "The CAPWAP protocol MUST support mutual authentication of WTPs and the centralized controller. It must also ensure that information exchanges between them are secured." =20 Suggestion: From Charles Clancy - "The CAPWAP protocol MUST support mutual authentication of WTPs and the centralized controller. It also MUST ensure that information exchanges are integrity protected, and SHOULD ensure confidentiality through encryption." =20 I agree with the suggestion though we may have to see if the base CAPWAP protocol does have a specification for this. =20 --XX-- =20 2. Section: 5.1.9 System-wide Security, Protocol Requirement =20 Comment: "Strange phrasing" of requirement =20 Original text: "The design of the CAPWAP protocol MUST NOT allow for any compromises to the WLAN system by external entities." =20 Clarification: From Mani - "the intent was to emphasize that the protocol MUST not introduce additional threats weakening the security of WLAN system. CAPWAP protocol by itself is not intended to and cannot protect against all compromises to the WLAN system which is broader than the scope of the protocol." =20 May I boldly suggest that we change the text to be "The design of the CAPWAP protocol MUST NOT introduce new security threats that can weaken existing security measures of WLAN system." Feel free to discuss more on this one. =20 --XX- =20 3. Section: 5.1.12 Protocol Specifications =20 Comment: "Since this is a basic requirement of all IETF standards, why is it listed?" =20 Original text: "Any WTP or WLAN controller vendor or any person MUST be able to implement the CAPWAP protocol from the specification itself and by that it is required that all such implementations do interoperate." =20 Clarification: From Saravanan - "This objective arose during discussions on the scope of the CAPWAP protocol in managing WLAN systems. The intent was to highlight the 'completeness' of protocol in terms of achieving its interoperability goals." =20 I will certainly think that this objective may not be necessary to a certain extent based on the comments from IESG.=20 =20 --XX- =20 4. Section: 5.2 Desirable Objectives =20 Comment: "Why aren't the items in this section listed as SHOULD instead of MUST?" =20 Clarification: From Saravanan - "The Desirable Objectives as a category can be listed as 'SHOULD'. However, the individual objectives that make up the category are still 'MUST', because they represent mandatory operations for the protocol - provided that the protocol chooses to realize a Desirable Objective." =20 I agree with the clarification. --XX- =20 =20 Sam Hartman's Review =20 5. Section: 5.1.8 CAPWAP Protocol Security =20 Comment: "Section 5.1.8 implies that an authenticated key exchange is optional. I think that BCP 107 will require an authenticated key exchange for this protocol." =20 Suggestion: From Charles Clancy [To be inserted as last paragraph of Description] - "If the CAPWAP protocol meets the criteria to require automated key management per BCP 107, then mutual authentication MUST be accomplished via an authenticated key exchange." =20 [Reference to BCP 107 to be included.] =20 No comments on this one. --XX- =20 6. Section: 5.1.8 CAPWAP Protocol Security, Description, Paragraph 5 =20 Comment: In the following text, please describe what security services are meant; probable services include integrity and confidentiality. =20 > Once WTPs and WLAN controller have been mutually authenticated, information exchanges between them > must be secured against various security threats. =20 Suggestion: From Saravanan - "Once WTPs and WLAN controller have been mutually authenticated, information exchanges between them must be secured against various security threats by providing confidentiality and integrity protection." =20 I agree with the suggestion. - -XX- =20 7. Section: 5 Objectives, Introduction =20 Comment: "The introduction to section 5 implies that operator requirements are valued less than non-objectives. I don't think that is the message the IETF wants to send to the operator community." =20 Suggestion: From Saravanan, Reorganize introduction paragraph.=20 =20 "The objectives described in this document have been prioritized based on their immediate significance in the development and evaluation of a control and provisioning protocol for large-scale WLAN deployments. =20 The priorities are; =20 i. Mandatory and Accepted Objectives ii. Desirable Objectives iii. Non-Objectives =20 The priorities have been assigned to individual objectives in accordance with working group discussions. =20 Furthermore, a distinct category of objectives is provided based on requirements gathered from network service operators. These are specific need that arise from operators' experiencese [Note: Should be "experiences"] in deploying and managing large-scale WLANs. =20 a. Operator Requirements" --XX- I agree with the suggestion. =20 =20 Thanks and regards Richard Gwee =20 =20 Republic Polytechnic, Tanglin Campus, 1 Kay Siang Road, Singapore 248922 . www.rp.sg . Fax: +65 6415-1310 .=20 >From March 2006, we will be located in our new home at 9 Woodlands = Avenue 9, Singapore 738964. Republic Polytechnic, the first Institute of = Higher Learning to fully adopt the Problem-Based Learning approach in = Singapore, continues to strive towards best practices and maintain = excellence in service standards with the following certifications: = Singapore Innovation Class (SIC), Singapore Quality Class (SQC), People = Developer Standards and QEHS (ISO 9001, 14001 and OHSAS 18001) -------------------------------------------------------------------------= ------- CONFIDENTIALITY CAUTION: This message is intended only for the use of = the individual or entity to whom it is addressed and contains = information that is privileged and confidential. If you, the reader of = this message, are not the intended recipient, you should not = disseminate, distribute or copy this communication. If you have received = this communication in error, please notify us immediately by return = email and delete the original message. Thank you. =20 ------_=_NextPart_001_01C636BD.F6200686 X-EC0D2A8E-5CB7-4969-9C36-46D859D137BE-PartID: 83A7C551-6AFB-40A8-903E-4398420F05C9 Content-Type: text/html; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable

Hi,

 

My two cents’ worth of = thought.

 

I understand that there may exist a = need to change some of the text in the CAPWAP objectives. In any cases, I = feel that the changes will have to be carefully thought through, especially since = we have evaluated the four proposals based on these objectives. We do not = certainly want to see some efforts wasted.

 

My feedback are = inline.

 

Thanks and = regards

Richard Gwee

 

From: Saravanan Govindan [mailto:Saravanan.Govindan@sg.panasonic.com]
Sent: Monday, February = 20, 2006 2:41 PM
To: = capwap@frascone.com
Cc: yaoth@huawei.com; = Cheng Hong; zhouwenhui@chinamobile.com
Subject: [Capwap] IESG = Review

 

Hi All,

 

This is a list of comments from the IESG and = suggested responses. Feedback would be appreciated.

 

Saravanan

 

 

 

 

 

Brian Carpenter’s Review:

 

1. Section: 5.1.8 CAPWAP Protocol Security, Protocol Requirement

 

Comment: “Does that [secured] mean encrypted or integrity-protected?”

 

Original text: "The CAPWAP protocol MUST support = mutual authentication of WTPs and the centralized controller.  It must = also ensure that information exchanges between them are = secured."

 

Suggestion: From Charles Clancy – “The = CAPWAP protocol MUST support mutual authentication of WTPs and the centralized controller. It also MUST ensure that information exchanges are integrity protected, and SHOULD ensure confidentiality through = encryption."

 

<RG> I agree with the = suggestion though we may have to see if the base CAPWAP protocol does have a = specification for this.

 

--XX--

 

2. Section: 5.1.9 System-wide Security, Protocol = Requirement

 

Comment: “Strange phrasing” of = requirement

 

Original text: “The =
design of the CAPWAP protocol MUST NOT allow for any compromises to the =
WLAN system by external entities.”

 

Clarification: From Mani – “the intent = was to emphasize that the protocol MUST not introduce additional threats = weakening the security of WLAN system. CAPWAP protocol by itself is not intended to = and cannot protect against all compromises to the WLAN system which is = broader than the scope of the protocol.”

 

<RG> May I boldly suggest = that we change the text to be “The design of the CAPWAP protocol MUST NOT = introduce new security threats that can weaken existing security measures of WLAN = system.” Feel free to discuss more on this one.

 

--XX—

 

3. Section: 5.1.12 Protocol = Specifications

 

Comment: “Since this is a basic requirement of = all IETF standards, why is it listed?”

 

Original text: “Any =
WTP or WLAN controller vendor or any person MUST be able to implement =
the CAPWAP protocol from the specification itself and by that it is =
required that all such implementations do =
interoperate.”
 
Clarification: From = Saravanan – “This objective arose during discussions on the = scope of the CAPWAP protocol in managing WLAN systems. The intent was to = highlight the 'completeness' of protocol in terms of achieving its = interoperability goals.”
 
<RG> I =
will certainly think that this objective may not be necessary to a =
certain extent based on the comments from IESG. =

 
--XX—
 
4. Section: 5.2 Desirable =
Objectives
 
Comment: “Why aren't = the items in this section listed as SHOULD instead of = MUST?”
 
Clarification: From = Saravanan – “The Desirable Objectives as a category can be = listed as 'SHOULD'. However, the individual objectives that make up the = category are still 'MUST', because they represent mandatory operations = for the protocol - provided that the protocol chooses to realize a = Desirable Objective.”
 
<RG> I =
agree with the clarification.
--XX—
 
 
Sam Hartman’s = Review
 
5. Section: 5.1.8 CAPWAP = Protocol Security
 
Comment: “Section = 5.1.8 implies that an authenticated key exchange is optional. I think = that BCP 107 will require an authenticated key exchange for this = protocol.”
 
Suggestion: From Charles = Clancy [To be inserted as last paragraph of Description] – = “If the CAPWAP protocol meets the criteria to require automated = key management per BCP 107, then mutual authentication MUST be = accomplished via an authenticated key = exchange."
 
[Reference to BCP 107 to be = included.]
 
<RG> No =
comments on this one.
--XX—
 
6. Section: 5.1.8 CAPWAP =
Protocol Security, Description, Paragraph =
5
 
Comment: In the following = text, please describe what security services are meant; probable = services include integrity and = confidentiality.
 
> Once WTPs and WLAN = controller have been mutually authenticated, information exchanges = between them
> must be secured =
against various security threats.
 
Suggestion: From Saravanan = - "Once WTPs and WLAN controller have been mutually authenticated, = information exchanges between them must be secured against various = security threats by providing confidentiality and integrity = protection."
 
<RG> I =
agree with the suggestion.
-
-XX—
 
7. Section: 5 Objectives, =
Introduction
 
Comment: “The = introduction to section 5 implies that operator requirements are valued = less than non-objectives.  I don't think that is the message the = IETF wants to send to the operator = community.”
 
Suggestion: From Saravanan, = Reorganize introduction paragraph. 
 
“The objectives = described in this document have been prioritized based on their = immediate significance in the development and evaluation of a control = and provisioning protocol for large-scale WLAN = deployments.
 
The priorities = are;
 
i.  Mandatory and = Accepted Objectives
ii.  Desirable =
Objectives
iii.  =
Non-Objectives
 
The priorities have been = assigned to individual objectives in accordance with working group = discussions.
 
Furthermore, a distinct = category of objectives is provided based on requirements gathered from = network service operators.  These are specific need that arise from = operators' experiencese [Note: Should be "experiences"] in = deploying and managing large-scale WLANs.
 
a. Operator = Requirements”
--XX—
 <RG> I agree with the =
suggestion.
 
 

 Thanks and regards

Richard Gwee

 

 

Republic Polytechnic, = Tanglin Campus, 1 Kay Siang Road, Singapore 248922
. www.rp.sg . Fax: +65 6415-1310 . =
 From March 2006, we will be located in our new = home at 9 Woodlands Avenue 9, Singapore 738964.

Republic Polytechnic, = the first Institute of Higher Learning to fully adopt the Problem-Based = Learning approach in Singapore, continues to strive towards best = practices and maintain excellence in service standards with the = following certifications: Singapore Innovation Class (SIC), Singapore = Quality Class (SQC), People Developer Standards and QEHS (ISO 9001, = 14001 and OHSAS 18001)

CONFIDENTIALITY CAUTION: = This message is intended only for the use of the individual or entity to = whom it is addressed and contains information that is privileged and = confidential. If you, the reader of this message, are not the intended = recipient, you should not disseminate, distribute or copy this = communication. If you have received this communication in error, please = notify us immediately by return email and delete the original message. = Thank you.
------_=_NextPart_001_01C636BD.F6200686-- --===============0987399802== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============0987399802==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Feb 21 10:23:41 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FBZMb-0004I4-0y for capwap-archive@lists.ietf.org; Tue, 21 Feb 2006 10:23:41 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FBZMY-0007fS-Pr for capwap-archive@lists.ietf.org; Tue, 21 Feb 2006 10:23:41 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id DF7814300CD for ; Tue, 21 Feb 2006 07:23:37 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 58BAD430067 for ; Tue, 21 Feb 2006 07:22:29 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 30799398008 for ; Tue, 21 Feb 2006 07:22:29 -0800 (PST) Received: from mgw-ext01.nokia.com (mgw-ext01.nokia.com [131.228.20.93]) by zoidberg.tigertech.net (Postfix) with ESMTP id 734EA39801D for ; Tue, 21 Feb 2006 07:22:21 -0800 (PST) Received: from esebh106.NOE.Nokia.com (esebh106.ntc.nokia.com [172.21.138.213]) by mgw-ext01.nokia.com (Switch-3.1.7/Switch-3.1.7) with ESMTP id k1LFMDhw020849 for ; Tue, 21 Feb 2006 17:22:15 +0200 Received: from daebh101.NOE.Nokia.com ([10.241.35.111]) by esebh106.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 21 Feb 2006 17:22:10 +0200 Received: from mvebe101.NOE.Nokia.com ([172.19.64.23]) by daebh101.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 21 Feb 2006 09:21:54 -0600 x-mimeole: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C636FA.8B742961" Subject: FW: [Capwap] IESG Review Date: Tue, 21 Feb 2006 07:21:52 -0800 Message-ID: <893AE265F4ADF94AB7FB26D31A788E4101ABBF6C@mvebe101.NOE.Nokia.com> X-MS-Has-Attach: yes X-MS-TNEF-Correlator: Thread-Topic: [Capwap] IESG Review Thread-Index: AcY1zQWS1wilaKvOSnCfEXAEw/y4swAGmBbgADTeREAAD8BKUA== From: To: X-OriginalArrivalTime: 21 Feb 2006 15:21:54.0417 (UTC) FILETIME=[8BF0B610:01C636FA] X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.439 tagged_above=-999 required=7 tests=HTML_60_70, HTML_MESSAGE, HTML_TAG_EXIST_TBODY, NO_REAL_NAME X-Spam-Level: X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.4 (/) X-Scan-Signature: 86df8ce7a29490312557c74a439f90f8 This is a multi-part message in MIME format. ------_=_NextPart_001_01C636FA.8B742961 Content-Type: multipart/alternative; boundary="----_=_NextPart_002_01C636FA.8B742961" ------_=_NextPart_002_01C636FA.8B742961 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable If there are no futher objections from the WG to the proposed responses to the IESG Review for the CAPWAP Objectives draft, we will respond to the IESG with the text provided by Saravanan and Richard. =20 Thanks, Dorothy =20 ________________________________ From: ext Richard Gwee [mailto:richard_gwee@rp.sg]=20 Sent: Tuesday, February 21, 2006 12:08 AM To: Saravanan Govindan; capwap@frascone.com Cc: yaoth@huawei.com; Cheng Hong; zhouwenhui@chinamobile.com Subject: RE: [Capwap] IESG Review Hi,=20 =20 My two cents' worth of thought. =20 I understand that there may exist a need to change some of the text in the CAPWAP objectives. In any cases, I feel that the changes will have to be carefully thought through, especially since we have evaluated the four proposals based on these objectives. We do not certainly want to see some efforts wasted. =20 My feedback are inline. =20 Thanks and regards Richard Gwee=20 =20 ________________________________ From: Saravanan Govindan [mailto:Saravanan.Govindan@sg.panasonic.com]=20 Sent: Monday, February 20, 2006 2:41 PM To: capwap@frascone.com Cc: yaoth@huawei.com; Cheng Hong; zhouwenhui@chinamobile.com Subject: [Capwap] IESG Review =20 Hi All, =20 This is a list of comments from the IESG and suggested responses. Feedback would be appreciated. =20 Saravanan =20 =20 =20 =20 =20 Brian Carpenter's Review: =20 1. Section: 5.1.8 CAPWAP Protocol Security, Protocol Requirement =20 Comment: "Does that [secured] mean encrypted or integrity-protected?" =20 Original text: "The CAPWAP protocol MUST support mutual authentication of WTPs and the centralized controller. It must also ensure that information exchanges between them are secured." =20 Suggestion: From Charles Clancy - "The CAPWAP protocol MUST support mutual authentication of WTPs and the centralized controller. It also MUST ensure that information exchanges are integrity protected, and SHOULD ensure confidentiality through encryption." =20 I agree with the suggestion though we may have to see if the base CAPWAP protocol does have a specification for this. =20 --XX-- =20 2. Section: 5.1.9 System-wide Security, Protocol Requirement =20 Comment: "Strange phrasing" of requirement =20 Original text: "The design of the CAPWAP protocol MUST NOT allow for any compromises to the WLAN system by external entities." =20 Clarification: From Mani - "the intent was to emphasize that the protocol MUST not introduce additional threats weakening the security of WLAN system. CAPWAP protocol by itself is not intended to and cannot protect against all compromises to the WLAN system which is broader than the scope of the protocol." =20 May I boldly suggest that we change the text to be "The design of the CAPWAP protocol MUST NOT introduce new security threats that can weaken existing security measures of WLAN system." Feel free to discuss more on this one. =20 --XX- =20 3. Section: 5.1.12 Protocol Specifications =20 Comment: "Since this is a basic requirement of all IETF standards, why is it listed?" =20 Original text: "Any WTP or WLAN controller vendor or any person MUST be able to implement the CAPWAP protocol from the specification itself and by that it is required that all such implementations do interoperate." =20 Clarification: From Saravanan - "This objective arose during discussions on the scope of the CAPWAP protocol in managing WLAN systems. The intent was to highlight the 'completeness' of protocol in terms of achieving its interoperability goals." =20 I will certainly think that this objective may not be necessary to a certain extent based on the comments from IESG.=20 =20 --XX- =20 4. Section: 5.2 Desirable Objectives =20 Comment: "Why aren't the items in this section listed as SHOULD instead of MUST?" =20 Clarification: From Saravanan - "The Desirable Objectives as a category can be listed as 'SHOULD'. However, the individual objectives that make up the category are still 'MUST', because they represent mandatory operations for the protocol - provided that the protocol chooses to realize a Desirable Objective." =20 I agree with the clarification. --XX- =20 =20 Sam Hartman's Review =20 5. Section: 5.1.8 CAPWAP Protocol Security =20 Comment: "Section 5.1.8 implies that an authenticated key exchange is optional. I think that BCP 107 will require an authenticated key exchange for this protocol." =20 Suggestion: From Charles Clancy [To be inserted as last paragraph of Description] - "If the CAPWAP protocol meets the criteria to require automated key management per BCP 107, then mutual authentication MUST be accomplished via an authenticated key exchange." =20 [Reference to BCP 107 to be included.] =20 No comments on this one. --XX- =20 6. Section: 5.1.8 CAPWAP Protocol Security, Description, Paragraph 5 =20 Comment: In the following text, please describe what security services are meant; probable services include integrity and confidentiality. =20 > Once WTPs and WLAN controller have been mutually authenticated, information exchanges between them > must be secured against various security threats. =20 Suggestion: From Saravanan - "Once WTPs and WLAN controller have been mutually authenticated, information exchanges between them must be secured against various security threats by providing confidentiality and integrity protection." =20 I agree with the suggestion. - -XX- =20 7. Section: 5 Objectives, Introduction =20 Comment: "The introduction to section 5 implies that operator requirements are valued less than non-objectives. I don't think that is the message the IETF wants to send to the operator community." =20 Suggestion: From Saravanan, Reorganize introduction paragraph.=20 =20 "The objectives described in this document have been prioritized based on their immediate significance in the development and evaluation of a control and provisioning protocol for large-scale WLAN deployments. =20 The priorities are; =20 i. Mandatory and Accepted Objectives ii. Desirable Objectives iii. Non-Objectives =20 The priorities have been assigned to individual objectives in accordance with working group discussions. =20 Furthermore, a distinct category of objectives is provided based on requirements gathered from network service operators. These are specific need that arise from operators' experiencese [Note: Should be "experiences"] in deploying and managing large-scale WLANs. =20 a. Operator Requirements" --XX- I agree with the suggestion. =20 =20 Thanks and regards Richard Gwee =20 =20 ________________________________ Republic Polytechnic, Tanglin Campus, 1 Kay Siang Road, Singapore 248922 . www.rp.sg . Fax: +65 6415-1310 .=20 From March 2006, we will be located in our new home at 9 Woodlands Avenue 9, Singapore 738964. Republic Polytechnic, the first Institute of Higher Learning to fully adopt the Problem-Based Learning approach in Singapore, continues to strive towards best practices and maintain excellence in service standards with the following certifications: Singapore Innovation Class (SIC), Singapore Quality Class (SQC), People Developer Standards and QEHS (ISO 9001, 14001 and OHSAS 18001) ________________________________ CONFIDENTIALITY CAUTION: This message is intended only for the use of the individual or entity to whom it is addressed and contains information that is privileged and confidential. If you, the reader of this message, are not the intended recipient, you should not disseminate, distribute or copy this communication. If you have received this communication in error, please notify us immediately by return email and delete the original message. Thank you. =09 ------_=_NextPart_002_01C636FA.8B742961 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
If there are no futher objections from the WG = to the=20 proposed responses to the IESG Review for the CAPWAP Objectives draft, = we will=20 respond to the IESG with the  text provided by Saravanan and=20 Richard.
 
Thanks,
Dorothy
 
From: = ext Richard Gwee=20 [mailto:richard_gwee@rp.sg]
Sent: Tuesday, February 21, 2006 = 12:08=20 AM
To: Saravanan Govindan; capwap@frascone.com
Cc:=20 yaoth@huawei.com; Cheng Hong; = zhouwenhui@chinamobile.com
Subject: RE:=20 [Capwap] IESG Review

Hi, =

 

My two = cents’ worth of=20 thought.

 

I understand = that there=20 may exist a need to change some of the text in the CAPWAP objectives. In = any=20 cases, I feel that the changes will have to be carefully thought = through,=20 especially since we have evaluated the four proposals based on these = objectives.=20 We do not certainly want to see some efforts wasted.

 

My feedback = are=20 inline.

 

Thanks and=20 regards

Richard Gwee=20

 

From: Saravanan=20 Govindan [mailto:Saravanan.Govindan@sg.panasonic.com]
Sent: Monday, February 20, 2006 = 2:41=20 PM
To:=20 capwap@frascone.com
Cc:=20 yaoth@huawei.com; Cheng Hong; zhouwenhui@chinamobile.com
Subject: [Capwap] IESG=20 Review

 

Hi All,

 

This is a list of comments = from the=20 IESG and suggested responses. Feedback would be = appreciated.

 

Saravanan

 

 

 

 

 

Brian Carpenter’s=20 Review:

 

1. Section: 5.1.8 CAPWAP = Protocol=20 Security, Protocol Requirement

 

Comment: “Does that = [secured] mean=20 encrypted or integrity-protected?”

 

Original text: "The CAPWAP = protocol=20 MUST support mutual authentication of WTPs and the centralized = controller. =20 It must also ensure that information exchanges between them are=20 secured."

 

Suggestion: From Charles = Clancy –=20 “The CAPWAP protocol MUST support mutual authentication of WTPs = and the=20 centralized controller. It also MUST ensure that information exchanges = are=20 integrity protected, and SHOULD ensure confidentiality through=20 encryption."

 

<RG> I = agree with=20 the suggestion though we may have to see if the base CAPWAP protocol = does have a=20 specification for this.

 

--XX--

 

2. Section: 5.1.9 = System-wide=20 Security, Protocol Requirement

 

Comment: “Strange = phrasing” of=20 requirement

 

Original text: “The =
design of the CAPWAP protocol MUST NOT allow for any compromises to the =
WLAN system by external entities.”

 

Clarification: From Mani = – “the=20 intent was to emphasize that the protocol MUST not introduce additional = threats=20 weakening the security of WLAN system. CAPWAP protocol by itself is not = intended=20 to and cannot protect against all compromises to the WLAN system which = is=20 broader than the scope of the protocol.”

 

<RG> = May I boldly=20 suggest that we change the text to be “The design of the CAPWAP = protocol MUST=20 NOT introduce new security threats that can weaken existing security = measures of=20 WLAN system.” Feel free to discuss more on this = one.

 

--XX—

 

3. Section: 5.1.12 = Protocol=20 Specifications

 

Comment: “Since this = is a basic=20 requirement of all IETF standards, why is it = listed?”

 

Original text: “Any =
WTP or WLAN controller vendor or any person MUST be able to implement =
the CAPWAP protocol from the specification itself and by that it is =
required that all such implementations do =
interoperate.”
 
Clarification: From =
Saravanan – “This objective arose during discussions on the =
scope of the CAPWAP protocol in managing WLAN systems. The intent was to =
highlight the 'completeness' of protocol in terms of achieving its =
interoperability goals.”
 
<RG> I will certainly think that =
this objective may not be necessary to a certain extent based on the =
comments from IESG. 
 
--XX—
 
4. Section: 5.2 Desirable =
Objectives
 
Comment: “Why aren't =
the items in this section listed as SHOULD instead of =
MUST?”
 
Clarification: From =
Saravanan – “The Desirable Objectives as a category can be =
listed as 'SHOULD'. However, the individual objectives that make up the =
category are still 'MUST', because they represent mandatory operations =
for the protocol - provided that the protocol chooses to realize a =
Desirable Objective.”
 
<RG> I agree with the =
clarification.
--XX—
 
 
Sam Hartman’s =
Review
 
5. Section: 5.1.8 CAPWAP =
Protocol Security
 
Comment: “Section =
5.1.8 implies that an authenticated key exchange is optional. I think =
that BCP 107 will require an authenticated key exchange for this =
protocol.”
 
Suggestion: From Charles =
Clancy [To be inserted as last paragraph of Description] – =
“If the CAPWAP protocol meets the criteria to require automated =
key management per BCP 107, then mutual authentication MUST be =
accomplished via an authenticated key =
exchange."
 
[Reference to BCP 107 to =
be included.]
 
<RG> No comments on this one.
--XX—
 
6. Section: 5.1.8 CAPWAP =
Protocol Security, Description, Paragraph =
5
 
Comment: In the following =
text, please describe what security services are meant; probable =
services include integrity and =
confidentiality.
 
> Once WTPs and WLAN =
controller have been mutually authenticated, information exchanges =
between them
> must be secured =
against various security threats.
 
Suggestion: From Saravanan =
- "Once WTPs and WLAN controller have been mutually authenticated, =
information exchanges between them must be secured against various =
security threats by providing confidentiality and integrity =
protection."
 
<RG> I agree with the =
suggestion.
-
-XX—
 
7. Section: 5 Objectives, =
Introduction
 
Comment: “The =
introduction to section 5 implies that operator requirements are valued =
less than non-objectives.  I don't think that is the message the =
IETF wants to send to the operator =
community.”
 
Suggestion: From =
Saravanan, Reorganize introduction paragraph. =

 
“The objectives =
described in this document have been prioritized based on their =
immediate significance in the development and evaluation of a control =
and provisioning protocol for large-scale WLAN =
deployments.
 
The priorities =
are;
 
i.  Mandatory and =
Accepted Objectives
ii.  =
Desirable Objectives
iii.  =
Non-Objectives
 
The priorities have been =
assigned to individual objectives in accordance with working group =
discussions.
 
Furthermore, a distinct =
category of objectives is provided based on requirements gathered from =
network service operators.  These are specific need that arise from =
operators' experiencese [Note: Should be "experiences"] in deploying and =
managing large-scale WLANs.
 
a. Operator =
Requirements”
--XX—
 <RG> I agree with the =
suggestion.
 
 

 Thanks and regards

Richard=20 Gwee

 

 

Republic = Polytechnic, Tanglin=20 Campus, 1 Kay Siang Road, Singapore 248922
. www.rp.sg . Fax: +65 6415-1310 .
 From March = 2006,=20 we will be located in our new home at 9 Woodlands Avenue 9, = Singapore=20 738964.

Republic = Polytechnic, the=20 first Institute of Higher Learning to fully adopt the = Problem-Based=20 Learning approach in Singapore, continues to strive towards best = practices=20 and maintain excellence in service standards with the following=20 certifications: Singapore Innovation Class (SIC), Singapore = Quality Class=20 (SQC), People Developer Standards and QEHS (ISO 9001, 14001 and = OHSAS=20 18001)

CONFIDENTIALITY = CAUTION: This=20 message is intended only for the use of the individual or entity = to whom=20 it is addressed and contains information that is privileged and=20 confidential. If you, the reader of this message, are not the = intended=20 recipient, you should not disseminate, distribute or copy this=20 communication. If you have received this communication in error, = please=20 notify us immediately by return email and delete the original = message.=20 Thank you. =
------_=_NextPart_002_01C636FA.8B742961-- ------_=_NextPart_001_01C636FA.8B742961 Content-Type: text/plain; name="ATT2261967.txt" Content-Transfer-Encoding: base64 Content-Description: ATT2261967.txt Content-Disposition: inline; filename="ATT2261967.txt" X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX18NClRvIHVuc3Vic2NyaWJlIG9yIG1vZGlmeSB5b3VyIHN1YnNjcmlwdGlvbiBvcHRp b25zLCBwbGVhc2UgdmlzaXQ6DQpodHRwOi8vbGlzdHMuZnJhc2NvbmUuY29tL21haWxtYW4vbGlz dGluZm8vY2Fwd2FwDQoNCkFyY2hpdmVzOiBodHRwOi8vbGlzdHMuZnJhc2NvbmUuY29tL3BpcGVy bWFpbC9jYXB3YXA= ------_=_NextPart_001_01C636FA.8B742961 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap ------_=_NextPart_001_01C636FA.8B742961-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Feb 21 16:07:46 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FBeja-0001eD-62 for capwap-archive@lists.ietf.org; Tue, 21 Feb 2006 16:07:46 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FBejY-00012p-9s for capwap-archive@lists.ietf.org; Tue, 21 Feb 2006 16:07:46 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 8524A4300BC for ; Tue, 21 Feb 2006 13:07:43 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id A69EE430075 for ; Tue, 21 Feb 2006 13:06:50 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 9319039802B for ; Tue, 21 Feb 2006 13:06:50 -0800 (PST) Received: from sj-iport-1.cisco.com (sj-iport-1-in.cisco.com [171.71.176.70]) by zoidberg.tigertech.net (Postfix) with ESMTP id 5F6CA398010 for ; Tue, 21 Feb 2006 13:06:48 -0800 (PST) Received: from sj-core-1.cisco.com ([171.71.177.237]) by sj-iport-1.cisco.com with ESMTP; 21 Feb 2006 13:06:45 -0800 Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id k1LL6DGl016480; Tue, 21 Feb 2006 13:06:37 -0800 (PST) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Tue, 21 Feb 2006 13:06:37 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Subject: RE: [Capwap] Radius Date: Tue, 21 Feb 2006 13:06:36 -0800 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A2017125B6@xmb-sjc-235.amer.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] Radius Thread-Index: AcY1pLEe0mbok01aQFifWyhuPfJeDQBcVQ6A From: "Pat Calhoun (pacalhou)" To: X-OriginalArrivalTime: 21 Feb 2006 21:06:37.0038 (UTC) FILETIME=[B3BE38E0:01C6372A] X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.506 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE, HTML_40_50, HTML_MESSAGE, HTML_TITLE_EMPTY X-Spam-Level: Cc: capwap@frascone.com, Philip.Rakity@u4eatech.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1452674976==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.1 (/) X-Scan-Signature: 089da5e32269fece1072c9ff54523f20 This is a multi-part message in MIME format. --===============1452674976== Content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C6372A.B37DCC39" This is a multi-part message in MIME format. ------_=_NextPart_001_01C6372A.B37DCC39 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I believe that having CAPWAP focus on creating what we essentially have today, via autonomous or standalone APs, is not necessarily a worthwhile exercise. Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems =20 ________________________________ From: Behcet Sarikaya [mailto:behcetsarikaya@yahoo.com]=20 Sent: Sunday, February 19, 2006 2:35 PM To: Pat Calhoun (pacalhou) Cc: David T. Perkins; Philip.Rakity@u4eatech.com; capwap@frascone.com Subject: Re: [Capwap] Radius =09 =09 I am confused, are you saying that local MAC WTPs (with a Radius client) are not governed by CAPWAP work? =09 Behcet =09 Pat Calhoun (pacalhou) wrote:=20 I concur with David, and therefore having RADIUS in the AP implies that it is a standalone AP, and therefore not governed by the CAPWAP work. =09 Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems =09 =20 =09 =20 -----Original Message----- From: David T. Perkins [mailto:dperkins@dsperkins.com]=20 Sent: Tuesday, February 07, 2006 10:19 AM To: Philip.Rakity@u4eatech.com Cc: capwap@frascone.com Subject: Re: [Capwap] Radius =09 HI, =09 Where do you draw the line between: 1) a collection of stand-alone APs that have a management application apply a consistent configuration 2) a collection an AC and connected WTPs that act together as a system. =09 I believe that this is an important issue, because #1 does=20 not need the CAPWAP protocol. It can use the existing=20 mangement interfaces (be they CLI, SNMP, or proprietary)=20 found on standalone APs. And these interfaces can be different. That is, AP #1 could be managed via scripted CLI commands,=20 and AP #2 could be managed via SNMP operations. =09 Regards, /david t. perkins =09 On Tue, 7 Feb 2006 Philip.Rakity@u4eatech.com wrote:=20 =20 My reading of the draft indicates there are 2 modes of operation. =09 a) Combined MAC (where the AP does everything) b) Split MAC (where the AC does most of the work) =09 in case b) it is clear that the AC must act as the radius relay. =09 in case a) where the AC is just configuring the WTP, it is=20 =20 not clear=20 =20 WHY the AC has to 'proxy' as the radius server. I think the=20 restriction on REQUIRING that the AC act as the radius=20 =20 server (in base =20 a) is too strong. =09 Philip =09 Quoting Charles Clancy : =09 =20 Are you suggesting the WTPs communicate directly with the AAA=20 server, and the AC configures the WTPs with the appropriate=20 connection information? Two thoughts: =09 1. AAA traffic is trivial compared to everything else the=20 =20 AC will be=20 =20 doing, so the performance increase would be minimal. =09 2. You've broken the keying/trust hierarchy. Now compromise of a=20 single WTP would allow an attacker the ability to compromise all=20 networks that AAA server manages. You can't contain=20 =20 attacks anymore. =20 [ t. charles clancy ]--[ tcc@umd.edu ]--[=20 =20 www.cs.umd.edu/~clancy ] [=20 =20 computer science ]-----[ university of maryland | college park ] =09 Philip.Rakity@u4eatech.com wrote: =20 I was wondering if it really makes sense in the NON=20 =20 split MAC case=20 =20 to require the AC handle radius requests. It seems this is over=20 burdening the AC. The LWAPP protocol should allow the AC to=20 configure the radius server. =09 regards, =09 Philip =09 =09 _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: =09 http://lists.frascone.com/mailman/listinfo/capwap =09 Archives: http://lists.frascone.com/pipermail/capwap =20 =09 _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: =09 http://lists.frascone.com/mailman/listinfo/capwap =09 Archives: http://lists.frascone.com/pipermail/capwap =09 =20 =09 =09 _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: =09 http://lists.frascone.com/mailman/listinfo/capwap =09 Archives: http://lists.frascone.com/pipermail/capwap =09 =20 =09 _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: =09 http://lists.frascone.com/mailman/listinfo/capwap =09 Archives: http://lists.frascone.com/pipermail/capwap =09 =20 =09 _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap =09 Archives: http://lists.frascone.com/pipermail/capwap =09 =09 =20 ------_=_NextPart_001_01C6372A.B37DCC39 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
I=20 believe that having CAPWAP focus on creating what we essentially have = today, via=20 autonomous or standalone APs, is not necessarily a worthwhile=20 exercise.

Pat Calhoun
CTO, Wireless Networking = Business=20 Unit
Cisco Systems

 

From: Behcet Sarikaya=20 [mailto:behcetsarikaya@yahoo.com]
Sent: Sunday, February = 19, 2006=20 2:35 PM
To: Pat Calhoun (pacalhou)
Cc: David T. = Perkins;=20 Philip.Rakity@u4eatech.com; capwap@frascone.com
Subject: Re: = [Capwap] Radius

I am confused, are you saying that local MAC WTPs (with a = Radius=20 client) are not governed by CAPWAP work?

Behcet

Pat = Calhoun=20 (pacalhou) wrote:=20 
I concur with David, and therefore having =
RADIUS in the AP implies that
it is a standalone AP, and therefore not governed by the CAPWAP work.

Pat Calhoun
CTO, Wireless Networking Business Unit
Cisco Systems

=20

  
-----Original Message-----
From: David T. Perkins [mailto:dperkins@dsperkins.com]=
=20
Sent: Tuesday, February 07, 2006 10:19 AM
To: Philip.Rakity@u4eatech.com=

Cc: capwap@frascone.com
Subject: Re: [Capwap] Radius

HI,

Where do you draw the line between:
1) a collection of stand-alone APs that have a management
   application apply a consistent configuration
2) a collection an AC and connected WTPs that
   act together as a system.

I believe that this is an important issue, because #1 does=20
not need the CAPWAP protocol. It can use the existing=20
mangement interfaces (be they CLI, SNMP, or proprietary)=20
found on standalone APs. And these interfaces can be different.
That is, AP #1 could be managed via scripted CLI commands,=20
and AP #2 could be managed via SNMP operations.

Regards,
/david t. perkins

On Tue, 7 Feb 2006 Philip.Rakity@u4eatech.com=
 wrote:=20
    
My reading of the draft =
indicates there are 2 modes of operation.

a) Combined MAC (where the AP does everything)
b) Split MAC (where the AC does most of the work)

in case b) it is clear that the AC must act as the radius relay.

in case a) where the AC is just configuring the WTP, it is=20
      
not clear=20
    
WHY the AC has to 'proxy' =
as the radius server.  I think the=20
restriction on REQUIRING that the AC act as the radius=20
      
server (in base
    
a) is too strong.

Philip

Quoting Charles Clancy <clancy@cs.umd.edu>:

      
Are you suggesting the =
WTPs communicate directly with the AAA=20
server, and the AC configures the WTPs with the appropriate=20
connection information?  Two thoughts:

1. AAA traffic is trivial compared to everything else the=20
        
AC will be=20
    
doing, so the =
performance increase would be minimal.

2. You've broken the keying/trust hierarchy.  Now compromise of a=20
single WTP would allow an attacker the ability to compromise all=20
networks that AAA server manages.  You can't contain=20
        
attacks anymore.
    
[ t. charles clancy =
]--[ tcc@umd.edu ]--[=20
        
www.cs.umd.edu/~clancy ] [=20
    
computer science =
]-----[ university of maryland | college park ]

Philip.Rakity@u4eatech.com=
 wrote:
        
I was wondering if it =
really makes sense in the NON=20
          
split MAC case=20
    
to require the AC =
handle radius requests.  It seems this is over=20
burdening the AC.  The LWAPP protocol should allow the AC to=20
configure the radius server.

regards,

Philip

_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.f=
rascone.com/mailman/listinfo/capwap

Archives: http://lists.frascone=
.com/pipermail/capwap
          
_______________________________________________________________=
__
To unsubscribe or modify your subscription options, please visit:
http://lists.f=
rascone.com/mailman/listinfo/capwap

Archives: http://lists.frascone=
.com/pipermail/capwap

        
_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.f=
rascone.com/mailman/listinfo/capwap

Archives: http://lists.frascone=
.com/pipermail/capwap

      
_______________________________________________________________=
__
To unsubscribe or modify your subscription options, please visit:
http://lists.f=
rascone.com/mailman/listinfo/capwap

Archives: http://lists.frascone=
.com/pipermail/capwap

    
________________________________________________________=
_________
To unsubscribe or modify your subscription options, please visit:
http://lists.f=
rascone.com/mailman/listinfo/capwap

Archives: http://lists.frascone=
.com/pipermail/capwap
------_=_NextPart_001_01C6372A.B37DCC39-- --===============1452674976== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============1452674976==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Feb 21 16:32:53 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FBf7t-0003oQ-H3 for capwap-archive@lists.ietf.org; Tue, 21 Feb 2006 16:32:53 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FBf7s-0002lm-2a for capwap-archive@lists.ietf.org; Tue, 21 Feb 2006 16:32:53 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 7B5514300BF for ; Tue, 21 Feb 2006 13:32:51 -0800 (PST) Received: from hermes.tigertech.net (hermes.tigertech.net [64.71.157.146]) by leela.tigertech.net (Postfix) with ESMTP id 85992430067 for ; Tue, 21 Feb 2006 13:32:25 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 7583880C0EC for ; Tue, 21 Feb 2006 13:32:25 -0800 (PST) Received: from sj-iport-4.cisco.com (sj-iport-4.cisco.com [171.68.10.86]) by hermes.tigertech.net (Postfix) with ESMTP id 7B3BC80C121 for ; Tue, 21 Feb 2006 13:32:23 -0800 (PST) Received: from sj-core-4.cisco.com ([171.68.223.138]) by sj-iport-4.cisco.com with ESMTP; 21 Feb 2006 13:32:23 -0800 X-IronPort-AV: i="4.02,135,1139212800"; d="scan'208"; a="1778394757:sNHT33246568" Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-4.cisco.com (8.12.10/8.12.6) with ESMTP id k1LLWIud000143 for ; Tue, 21 Feb 2006 13:32:21 -0800 (PST) Received: from xmb-sjc-237.amer.cisco.com ([128.107.191.123]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Tue, 21 Feb 2006 13:32:20 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Tue, 21 Feb 2006 13:32:18 -0800 Message-ID: <17B8C6DE4E228348B4939BDA6B05A9DC012E0620@xmb-sjc-237.amer.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Bindings issue Thread-Index: AcY3LkmFUlWT88zWRei2huW1M0Odtw== From: "Bob O'Hara (boohara)" To: X-OriginalArrivalTime: 21 Feb 2006 21:32:20.0575 (UTC) FILETIME=[4BC346F0:01C6372E] X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.374 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE X-Spam-Level: Subject: [Capwap] Bindings issue X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 4adaf050708fb13be3316a9eee889caa I believe there is an issue we need to address before the -00 draft is produced. This relates to the decision by the working group that the original CAPWAP protocol would restrict itself to supporting only 802.11, but would provide extensibility to support other wireless protocols. This support for extensibility is insufficient in the LWAPP draft and, without direction from the working group, from the -00 CAPWAP draft as well. In the current draft of the LWAPP proposal, all message element identifiers in the protocol are drawn from a single, 16-bit, number space. This does not provide for parallel development of bindings for different protocols or an unambiguous way to allocate these identifiers without some central administration of the entire message identifier number space. I propose that we add a binding identifier to each message element. This identifier would, in the -00 draft, place each message element into either the "base protocol" number space or the "IEEE 802.11" number space. It would also allow for reuse of the values in the message identifier field. =20 Alternatively, we could create a "Binding Separator" message element. This element would separate message elements in the base portion of the protocol from those defined in a binding. The value carried by the separator would identify the specific binding for the elements that follow the separator, either to the next separator element or to the end of the packet. Either alternative for this proposal would require administration of the binding identifier number space. But, that number space would most likely last much longer than the message identifier space, itself, if left as a single common number space for all bindings to share. -Bob Bob O'Hara Cisco Systems - WNBU Phone: +1 408 853 5513 Mobile: +1 408 218 4025 =20 _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Feb 21 17:03:16 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FBfbI-0006PN-KE for capwap-archive@lists.ietf.org; Tue, 21 Feb 2006 17:03:16 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FBfbH-0003pg-7A for capwap-archive@lists.ietf.org; Tue, 21 Feb 2006 17:03:16 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 71293430097 for ; Tue, 21 Feb 2006 14:03:14 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 07AC9430067 for ; Tue, 21 Feb 2006 14:02:48 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id E5F6039801D for ; Tue, 21 Feb 2006 14:02:47 -0800 (PST) Received: from mgw-ext02.nokia.com (mgw-ext02.nokia.com [131.228.20.94]) by zoidberg.tigertech.net (Postfix) with ESMTP id 44EF539802B for ; Tue, 21 Feb 2006 14:02:43 -0800 (PST) Received: from esebh106.NOE.Nokia.com (esebh106.ntc.nokia.com [172.21.138.213]) by mgw-ext02.nokia.com (Switch-3.1.7/Switch-3.1.7) with ESMTP id k1LM2aR1031414; Wed, 22 Feb 2006 00:02:39 +0200 Received: from daebh102.NOE.Nokia.com ([10.241.35.112]) by esebh106.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 22 Feb 2006 00:02:16 +0200 Received: from mvebe101.NOE.Nokia.com ([172.19.64.23]) by daebh102.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 21 Feb 2006 16:02:09 -0600 x-mimeole: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [Capwap] Bindings issue Date: Tue, 21 Feb 2006 14:02:08 -0800 Message-ID: <893AE265F4ADF94AB7FB26D31A788E4101ABC254@mvebe101.NOE.Nokia.com> In-Reply-To: <17B8C6DE4E228348B4939BDA6B05A9DC012E0620@xmb-sjc-237.amer.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] Bindings issue Thread-Index: AcY3LkmFUlWT88zWRei2huW1M0OdtwAAz8aQ From: To: , X-OriginalArrivalTime: 21 Feb 2006 22:02:09.0885 (UTC) FILETIME=[764650D0:01C63732] X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.178 tagged_above=-999 required=7 tests=NO_REAL_NAME X-Spam-Level: Cc: X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.2 (/) X-Scan-Signature: c0bedb65cce30976f0bf60a0a39edea4 I don't see why this issue needs to hold up the CAPWAP -00 draft. I don't expect the -00 draft to solve all open issues. At this point, its sufficient to add this to the issues database and address the WG as you have done. Thanks, Dorothy -----Original Message----- From: ext Bob O'Hara (boohara) [mailto:boohara@cisco.com]=20 Sent: Tuesday, February 21, 2006 1:32 PM To: capwap@frascone.com Subject: [Capwap] Bindings issue I believe there is an issue we need to address before the -00 draft is produced. This relates to the decision by the working group that the original CAPWAP protocol would restrict itself to supporting only 802.11, but would provide extensibility to support other wireless protocols. This support for extensibility is insufficient in the LWAPP draft and, without direction from the working group, from the -00 CAPWAP draft as well. In the current draft of the LWAPP proposal, all message element identifiers in the protocol are drawn from a single, 16-bit, number space. This does not provide for parallel development of bindings for different protocols or an unambiguous way to allocate these identifiers without some central administration of the entire message identifier number space. I propose that we add a binding identifier to each message element. This identifier would, in the -00 draft, place each message element into either the "base protocol" number space or the "IEEE 802.11" number space. It would also allow for reuse of the values in the message identifier field. =20 Alternatively, we could create a "Binding Separator" message element. This element would separate message elements in the base portion of the protocol from those defined in a binding. The value carried by the separator would identify the specific binding for the elements that follow the separator, either to the next separator element or to the end of the packet. Either alternative for this proposal would require administration of the binding identifier number space. But, that number space would most likely last much longer than the message identifier space, itself, if left as a single common number space for all bindings to share. -Bob Bob O'Hara Cisco Systems - WNBU Phone: +1 408 853 5513 Mobile: +1 408 218 4025 =20 _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Feb 21 17:07:28 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FBffM-0006is-Cp for capwap-archive@lists.ietf.org; Tue, 21 Feb 2006 17:07:28 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FBffK-0004Dn-HB for capwap-archive@lists.ietf.org; Tue, 21 Feb 2006 17:07:28 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 1190F430097 for ; Tue, 21 Feb 2006 14:07:26 -0800 (PST) Received: from hermes.tigertech.net (hermes.tigertech.net [64.71.157.146]) by leela.tigertech.net (Postfix) with ESMTP id B5E61430071 for ; Tue, 21 Feb 2006 14:06:25 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 76CD680C125 for ; Tue, 21 Feb 2006 14:06:25 -0800 (PST) Received: from smtp105.plus.mail.mud.yahoo.com (smtp105.plus.mail.mud.yahoo.com [68.142.206.238]) by hermes.tigertech.net (Postfix) with SMTP id C4B8080C111 for ; Tue, 21 Feb 2006 14:06:21 -0800 (PST) Received: (qmail 91653 invoked from network); 21 Feb 2006 22:06:21 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Received:Message-ID:Date:From:Reply-To:User-Agent:X-Accept-Language:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type; b=i05WYStQhJTxY54f+nyqDGX6+gIckSBT1yoMf9zNwbQXRqSi7YrlEF++Wq7kUp1R3ib2rMItAE5puf5LM5ralP6KttH1MAdlJGaDA/Ywjl/qtuL8sloQZN4JAofbv0F6v+ocFrufLDmRceGziT7NKbm/SCaJ4ovx98RdXE8ka40= ; Received: from unknown (HELO ?192.168.1.107?) (behcetsarikaya@71.97.233.135 with plain) by smtp105.plus.mail.mud.yahoo.com with SMTP; 21 Feb 2006 22:06:20 -0000 Message-ID: <43FB8EDC.4030806@yahoo.com> Date: Tue, 21 Feb 2006 16:06:20 -0600 From: Behcet Sarikaya User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Pat Calhoun (pacalhou)" Subject: Re: [Capwap] Radius References: <4FF84B0BC277FF45AA27FE969DD956A2017125B6@xmb-sjc-235.amer.cisco.com> In-Reply-To: <4FF84B0BC277FF45AA27FE969DD956A2017125B6@xmb-sjc-235.amer.cisco.com> X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=1.007 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE, DNS_FROM_RFC_WHOIS, HTML_50_60, HTML_MESSAGE, HTML_TITLE_EMPTY X-Spam-Level: * Cc: capwap@frascone.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list Reply-To: sarikaya@ieee.org List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============0164764194==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.1 (/) X-Scan-Signature: 054490fec19f6a94c68e63428d06db69 This is a multi-part message in MIME format. --===============0164764194== Content-Type: multipart/alternative; boundary="------------030405000101010900010103" This is a multi-part message in MIME format. --------------030405000101010900010103 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit If others agree, I also agree but reducing the scope to Split MAC only, this is a big change! Pat Calhoun (pacalhou) wrote: > I believe that having CAPWAP focus on creating what we essentially > have today, via autonomous or standalone APs, is not necessarily a > worthwhile exercise. > > Pat Calhoun > CTO, Wireless Networking Business Unit > Cisco Systems > > > > ------------------------------------------------------------------------ > From: Behcet Sarikaya [mailto:behcetsarikaya@yahoo.com] > Sent: Sunday, February 19, 2006 2:35 PM > To: Pat Calhoun (pacalhou) > Cc: David T. Perkins; Philip.Rakity@u4eatech.com; capwap@frascone.com > Subject: Re: [Capwap] Radius > > I am confused, are you saying that local MAC WTPs (with a Radius > client) are not governed by CAPWAP work? > > Behcet > > Pat Calhoun (pacalhou) wrote: > >>I concur with David, and therefore having RADIUS in the AP implies that >>it is a standalone AP, and therefore not governed by the CAPWAP work. >> >>Pat Calhoun >>CTO, Wireless Networking Business Unit >>Cisco Systems >> >> >> >> >> >>>-----Original Message----- >>>From: David T. Perkins [mailto:dperkins@dsperkins.com] >>>Sent: Tuesday, February 07, 2006 10:19 AM >>>To: Philip.Rakity@u4eatech.com >>>Cc: capwap@frascone.com >>>Subject: Re: [Capwap] Radius >>> >>>HI, >>> >>>Where do you draw the line between: >>>1) a collection of stand-alone APs that have a management >>> application apply a consistent configuration >>>2) a collection an AC and connected WTPs that >>> act together as a system. >>> >>>I believe that this is an important issue, because #1 does >>>not need the CAPWAP protocol. It can use the existing >>>mangement interfaces (be they CLI, SNMP, or proprietary) >>>found on standalone APs. And these interfaces can be different. >>>That is, AP #1 could be managed via scripted CLI commands, >>>and AP #2 could be managed via SNMP operations. >>> >>>Regards, >>>/david t. perkins >>> >>>On Tue, 7 Feb 2006 Philip.Rakity@u4eatech.com wrote: >>> >>> >>>>My reading of the draft indicates there are 2 modes of operation. >>>> >>>>a) Combined MAC (where the AP does everything) >>>>b) Split MAC (where the AC does most of the work) >>>> >>>>in case b) it is clear that the AC must act as the radius relay. >>>> >>>>in case a) where the AC is just configuring the WTP, it is >>>> >>>> >>>not clear >>> >>> >>>>WHY the AC has to 'proxy' as the radius server. I think the >>>>restriction on REQUIRING that the AC act as the radius >>>> >>>> >>>server (in base >>> >>> >>>>a) is too strong. >>>> >>>>Philip >>>> >>>>Quoting Charles Clancy : >>>> >>>> >>>> >>>>>Are you suggesting the WTPs communicate directly with the AAA >>>>>server, and the AC configures the WTPs with the appropriate >>>>>connection information? Two thoughts: >>>>> >>>>>1. AAA traffic is trivial compared to everything else the >>>>> >>>>> >>>AC will be >>> >>> >>>>>doing, so the performance increase would be minimal. >>>>> >>>>>2. You've broken the keying/trust hierarchy. Now compromise of a >>>>>single WTP would allow an attacker the ability to compromise all >>>>>networks that AAA server manages. You can't contain >>>>> >>>>> >>>attacks anymore. >>> >>> >>>>>[ t. charles clancy ]--[ tcc@umd.edu ]--[ >>>>> >>>>> >>>www.cs.umd.edu/~clancy ] [ >>> >>> >>>>>computer science ]-----[ university of maryland | college park ] >>>>> >>>>>Philip.Rakity@u4eatech.com wrote: >>>>> >>>>> >>>>>>I was wondering if it really makes sense in the NON >>>>>> >>>>>> >>>split MAC case >>> >>> >>>>>>to require the AC handle radius requests. It seems this is over >>>>>>burdening the AC. The LWAPP protocol should allow the AC to >>>>>>configure the radius server. >>>>>> >>>>>>regards, >>>>>> >>>>>>Philip >>>>>> >>>>>>_________________________________________________________________ >>>>>>To unsubscribe or modify your subscription options, please visit: >>>>>>http://lists.frascone.com/mailman/listinfo/capwap >>>>>> >>>>>>Archives: http://lists.frascone.com/pipermail/capwap >>>>>> >>>>>> >>>>>_________________________________________________________________ >>>>>To unsubscribe or modify your subscription options, please visit: >>>>>http://lists.frascone.com/mailman/listinfo/capwap >>>>> >>>>>Archives: http://lists.frascone.com/pipermail/capwap >>>>> >>>>> >>>>> >>>>_________________________________________________________________ >>>>To unsubscribe or modify your subscription options, please visit: >>>>http://lists.frascone.com/mailman/listinfo/capwap >>>> >>>>Archives: http://lists.frascone.com/pipermail/capwap >>>> >>>> >>>> >>>_________________________________________________________________ >>>To unsubscribe or modify your subscription options, please visit: >>>http://lists.frascone.com/mailman/listinfo/capwap >>> >>>Archives: http://lists.frascone.com/pipermail/capwap >>> >>> >>> >>_________________________________________________________________ >>To unsubscribe or modify your subscription options, please visit: >>http://lists.frascone.com/mailman/listinfo/capwap >> >>Archives: http://lists.frascone.com/pipermail/capwap >> >> >> >> --------------030405000101010900010103 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit If others agree, I also agree but reducing the scope to Split MAC only, this is a big change!

Pat Calhoun (pacalhou) wrote:
I believe that having CAPWAP focus on creating what we essentially have today, via autonomous or standalone APs, is not necessarily a worthwhile exercise.

Pat Calhoun
CTO, Wireless Networking Business Unit
Cisco Systems

 

From: Behcet Sarikaya [mailto:behcetsarikaya@yahoo.com]
Sent: Sunday, February 19, 2006 2:35 PM
To: Pat Calhoun (pacalhou)
Cc: David T. Perkins; Philip.Rakity@u4eatech.com; capwap@frascone.com
Subject: Re: [Capwap] Radius

I am confused, are you saying that local MAC WTPs (with a Radius client) are not governed by CAPWAP work?

Behcet

Pat Calhoun (pacalhou) wrote: 
I concur with David, and therefore having RADIUS in the AP implies that
it is a standalone AP, and therefore not governed by the CAPWAP work.

Pat Calhoun
CTO, Wireless Networking Business Unit
Cisco Systems

 

  
-----Original Message-----
From: David T. Perkins [mailto:dperkins@dsperkins.com] 
Sent: Tuesday, February 07, 2006 10:19 AM
To: Philip.Rakity@u4eatech.com
Cc: capwap@frascone.com
Subject: Re: [Capwap] Radius

HI,

Where do you draw the line between:
1) a collection of stand-alone APs that have a management
   application apply a consistent configuration
2) a collection an AC and connected WTPs that
   act together as a system.

I believe that this is an important issue, because #1 does 
not need the CAPWAP protocol. It can use the existing 
mangement interfaces (be they CLI, SNMP, or proprietary) 
found on standalone APs. And these interfaces can be different.
That is, AP #1 could be managed via scripted CLI commands, 
and AP #2 could be managed via SNMP operations.

Regards,
/david t. perkins

On Tue, 7 Feb 2006 Philip.Rakity@u4eatech.com wrote: 
    
My reading of the draft indicates there are 2 modes of operation.

a) Combined MAC (where the AP does everything)
b) Split MAC (where the AC does most of the work)

in case b) it is clear that the AC must act as the radius relay.

in case a) where the AC is just configuring the WTP, it is 
      
not clear 
    
WHY the AC has to 'proxy' as the radius server.  I think the 
restriction on REQUIRING that the AC act as the radius 
      
server (in base
    
a) is too strong.

Philip

Quoting Charles Clancy <clancy@cs.umd.edu>:

      
Are you suggesting the WTPs communicate directly with the AAA 
server, and the AC configures the WTPs with the appropriate 
connection information?  Two thoughts:

1. AAA traffic is trivial compared to everything else the 
        
AC will be 
    
doing, so the performance increase would be minimal.

2. You've broken the keying/trust hierarchy.  Now compromise of a 
single WTP would allow an attacker the ability to compromise all 
networks that AAA server manages.  You can't contain 
        
attacks anymore.
    
[ t. charles clancy ]--[ tcc@umd.edu ]--[ 
        
www.cs.umd.edu/~clancy ] [ 
    
computer science ]-----[ university of maryland | college park ]

Philip.Rakity@u4eatech.com wrote:
        
I was wondering if it really makes sense in the NON 
          
split MAC case 
    
to require the AC handle radius requests.  It seems this is over 
burdening the AC.  The LWAPP protocol should allow the AC to 
configure the radius server.

regards,

Philip

_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/capwap

Archives: http://lists.frascone.com/pipermail/capwap
          
_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/capwap

Archives: http://lists.frascone.com/pipermail/capwap

        
_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/capwap

Archives: http://lists.frascone.com/pipermail/capwap

      
_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/capwap

Archives: http://lists.frascone.com/pipermail/capwap

    
_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/capwap

Archives: http://lists.frascone.com/pipermail/capwap
--------------030405000101010900010103-- --===============0164764194== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============0164764194==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Feb 21 17:16:35 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FBfoB-0007Is-VM for capwap-archive@lists.ietf.org; Tue, 21 Feb 2006 17:16:35 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FBfoB-00056n-FA for capwap-archive@lists.ietf.org; Tue, 21 Feb 2006 17:16:35 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 0A2E84300DD for ; Tue, 21 Feb 2006 14:16:35 -0800 (PST) Received: from hermes.tigertech.net (hermes.tigertech.net [64.71.157.146]) by leela.tigertech.net (Postfix) with ESMTP id A1107430067 for ; Tue, 21 Feb 2006 14:16:03 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 8CEC780C0F6 for ; Tue, 21 Feb 2006 14:16:03 -0800 (PST) Received: from sj-iport-2.cisco.com (sj-iport-2-in.cisco.com [171.71.176.71]) by hermes.tigertech.net (Postfix) with ESMTP id 9BE5380C125 for ; Tue, 21 Feb 2006 14:16:02 -0800 (PST) Received: from sj-core-1.cisco.com ([171.71.177.237]) by sj-iport-2.cisco.com with ESMTP; 21 Feb 2006 14:16:02 -0800 Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id k1LMFxGP000245; Tue, 21 Feb 2006 14:16:00 -0800 (PST) Received: from xmb-sjc-237.amer.cisco.com ([128.107.191.123]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Tue, 21 Feb 2006 14:15:56 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [Capwap] Bindings issue Date: Tue, 21 Feb 2006 14:15:55 -0800 Message-ID: <17B8C6DE4E228348B4939BDA6B05A9DC012E0678@xmb-sjc-237.amer.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] Bindings issue Thread-Index: AcY3LkmFUlWT88zWRei2huW1M0OdtwAAz8aQAACHD/A= From: "Bob O'Hara (boohara)" To: , X-OriginalArrivalTime: 21 Feb 2006 22:15:56.0493 (UTC) FILETIME=[62F8AFD0:01C63734] X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.374 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE X-Spam-Level: Cc: X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 32b73d73e8047ed17386f9799119ce43 Dorothy, The reason I think this should be addressed before the -00 draft is, as much as we would like to avoid it, people will begin implementing and claiming conformance (right or wrong) to "CAPWAP". If the protocol is later modified to incorporate either of these proposals, it is very likely to completely change values for all the binding message identifiers. This will lead to exactly the opposite of what we are trying to accomplish with this protocol. Rather than consolidating around a single CAPWAP protocol, the market will fragment around different draft versions of the protocol. =20 I don't think that this will take much time to resolve, though it might take a bit more time to edit into the draft. It will certainly better serve our market, if we do this now, rather than later. -Bob =20 -----Original Message----- From: Dorothy.Gellert@nokia.com [mailto:Dorothy.Gellert@nokia.com]=20 Sent: Tuesday, February 21, 2006 2:02 PM To: Bob O'Hara (boohara); capwap@frascone.com Subject: RE: [Capwap] Bindings issue I don't see why this issue needs to hold up the CAPWAP -00 draft. I don't expect the -00 draft to solve all open issues. At this point, its sufficient to add this to the issues database and address the WG as you have done. Thanks, Dorothy -----Original Message----- From: ext Bob O'Hara (boohara) [mailto:boohara@cisco.com]=20 Sent: Tuesday, February 21, 2006 1:32 PM To: capwap@frascone.com Subject: [Capwap] Bindings issue I believe there is an issue we need to address before the -00 draft is produced. This relates to the decision by the working group that the original CAPWAP protocol would restrict itself to supporting only 802.11, but would provide extensibility to support other wireless protocols. This support for extensibility is insufficient in the LWAPP draft and, without direction from the working group, from the -00 CAPWAP draft as well. In the current draft of the LWAPP proposal, all message element identifiers in the protocol are drawn from a single, 16-bit, number space. This does not provide for parallel development of bindings for different protocols or an unambiguous way to allocate these identifiers without some central administration of the entire message identifier number space. I propose that we add a binding identifier to each message element. This identifier would, in the -00 draft, place each message element into either the "base protocol" number space or the "IEEE 802.11" number space. It would also allow for reuse of the values in the message identifier field. =20 Alternatively, we could create a "Binding Separator" message element. This element would separate message elements in the base portion of the protocol from those defined in a binding. The value carried by the separator would identify the specific binding for the elements that follow the separator, either to the next separator element or to the end of the packet. Either alternative for this proposal would require administration of the binding identifier number space. But, that number space would most likely last much longer than the message identifier space, itself, if left as a single common number space for all bindings to share. -Bob Bob O'Hara Cisco Systems - WNBU Phone: +1 408 853 5513 Mobile: +1 408 218 4025 =20 _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Feb 21 18:21:16 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FBgom-0001hd-Ls for capwap-archive@lists.ietf.org; Tue, 21 Feb 2006 18:21:16 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FBgol-0007sK-7R for capwap-archive@lists.ietf.org; Tue, 21 Feb 2006 18:21:16 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 40DC44300AA for ; Tue, 21 Feb 2006 15:21:14 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id F1CB0430067 for ; Tue, 21 Feb 2006 15:20:50 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id D1A8C398028 for ; Tue, 21 Feb 2006 15:20:50 -0800 (PST) Received: from smtpout1.bayarea.net (smtpout1.BAYAREA.NET [209.128.95.10]) by zoidberg.tigertech.net (Postfix) with ESMTP id 19ED5398008 for ; Tue, 21 Feb 2006 15:20:48 -0800 (PST) Received: from shell4.bayarea.net (shell4.bayarea.net [209.128.82.1]) by smtpout1.bayarea.net (8.12.10/8.12.10) with ESMTP id k1LNJU6T017186; Tue, 21 Feb 2006 15:20:58 -0800 Received: from shell4.bayarea.net (localhost [127.0.0.1]) by shell4.bayarea.net (8.12.11/8.12.11) with ESMTP id k1LMMia4005298; Tue, 21 Feb 2006 14:22:44 -0800 Received: from localhost (dperkins@localhost) by shell4.bayarea.net (8.12.11/8.12.11/Submit) with ESMTP id k1LMMhOl005294; Tue, 21 Feb 2006 14:22:44 -0800 X-Authentication-Warning: shell4.bayarea.net: dperkins owned process doing -bs Date: Tue, 21 Feb 2006 14:22:43 -0800 (PST) From: "David T. Perkins" X-Sender: dperkins@shell4.bayarea.net To: "Bob O'Hara (boohara)" Subject: Re: [Capwap] Bindings issue In-Reply-To: <17B8C6DE4E228348B4939BDA6B05A9DC012E0620@xmb-sjc-237.amer.cisco.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= X-Spam-Level: Cc: capwap@frascone.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 10d3e4e3c32e363f129e380e644649be HI, Glad to see you bring up this topic. The eval report suggested that the numbering space of the attributes (called information elements in the LWAPP spec) be increased from 8 bits (see section 9.1.1). Note that also that it appears to me that numbering space for message types is limited to 8 bits and there is not a way to add vendor extensions. (And it looks to be an oversight that there was no mention of who (such as IANA) that manages this space.) The LWAPP spec for attributes does allow vendor additions (see section 4.2.2.1.1). However, it is quite wasteful of space, and suprisingly has a 16-bit space for vendor attributes (element IDs). Note LWAPP identifies vendors by the IANA enterprise number, which is also used by SNMP. In the SNMPv3 RFCs, the enterprise number is used in one case for a security model identifier, which is a 32-bit integer in range (0 .. 2147483647). (See RFC 3411, section 5, discussion of textual convention SnmpSecurityModel). The identifier is the enterprise number multiplied by 256 (that is, shifted left by 8 bits), plus an enterprise specific value. Since there is no assignment of 0 as an enterprise number, values less than 256 are IANA controlled. This scheme supports enterprise number of upto 23 bits (that is values upto 8,388,608 enterprises). Given the suggestion of the eval team, and Bob's input below, I suggest that the number space for message types and information element types be encoded as the following: 1) it be a 32 bit unsigned number 2) it is encoded as enterprise number times 256 plus enterprise value. 3) the values less than 256 be managed by IANA 4) an appropriate enterprise value be choosen for each technology and managed either by an IEEE group (or IANA) On Tue, 21 Feb 2006, Bob O'Hara (boohara) wrote: > I believe there is an issue we need to address before the -00 draft is > produced. This relates to the decision by the working group that the > original CAPWAP protocol would restrict itself to supporting only > 802.11, but would provide extensibility to support other wireless > protocols. This support for extensibility is insufficient in the LWAPP > draft and, without direction from the working group, from the -00 CAPWAP > draft as well. > > In the current draft of the LWAPP proposal, all message element > identifiers in the protocol are drawn from a single, 16-bit, number > space. This does not provide for parallel development of bindings for > different protocols or an unambiguous way to allocate these identifiers > without some central administration of the entire message identifier > number space. > > I propose that we add a binding identifier to each message element. > This identifier would, in the -00 draft, place each message element into > either the "base protocol" number space or the "IEEE 802.11" number > space. It would also allow for reuse of the values in the message > identifier field. > > Alternatively, we could create a "Binding Separator" message element. > This element would separate message elements in the base portion of the > protocol from those defined in a binding. The value carried by the > separator would identify the specific binding for the elements that > follow the separator, either to the next separator element or to the end > of the packet. > > Either alternative for this proposal would require administration of the > binding identifier number space. But, that number space would most > likely last much longer than the message identifier space, itself, if > left as a single common number space for all bindings to share. > > -Bob > > Bob O'Hara > Cisco Systems - WNBU > > Phone: +1 408 853 5513 > Mobile: +1 408 218 4025 Regards, /david t. perkins _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Feb 21 18:29:33 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FBgwn-000274-MT for capwap-archive@lists.ietf.org; Tue, 21 Feb 2006 18:29:33 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FBgwn-000801-6Q for capwap-archive@lists.ietf.org; Tue, 21 Feb 2006 18:29:33 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id C56EB4300CC for ; Tue, 21 Feb 2006 15:29:32 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 71983430067 for ; Tue, 21 Feb 2006 15:29:05 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 5E19F398024 for ; Tue, 21 Feb 2006 15:29:05 -0800 (PST) Received: from ihemail2.lucent.com (ihemail2.lucent.com [192.11.222.163]) by zoidberg.tigertech.net (Postfix) with ESMTP id 85E32398008 for ; Tue, 21 Feb 2006 15:29:02 -0800 (PST) Received: from nl0006exch001h.wins.lucent.com (h135-85-76-62.lucent.com [135.85.76.62]) by ihemail2.lucent.com (8.12.11/8.12.11) with ESMTP id k1LNSvWI007754; Tue, 21 Feb 2006 17:28:58 -0600 (CST) Received: by nl0006exch001h.nl.lucent.com with Internet Mail Service (5.5.2657.72) id ; Wed, 22 Feb 2006 00:28:56 +0100 Message-ID: <7D5D48D2CAA3D84C813F5B154F43B155095F847B@nl0006exch001u.nl.lucent.com> From: "Wijnen, Bert (Bert)" To: "Bob O'Hara (boohara)" , Dorothy.Gellert@nokia.com, capwap@frascone.com Subject: RE: [Capwap] Bindings issue Date: Wed, 22 Feb 2006 00:28:49 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= X-Spam-Level: Cc: X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 5d7a7e767f20255fce80fa0b77fb2433 Mmm... I can see (and in fact appreciate) if people start implementing as soon as they see revision 00 of the CAPWAP doc. I would assume (or urge) that such implementations do not yet get shipped in/as products (not even as beta I think), but that they rather are preparations to create a product on a CAPWAP revision that gets WG consensus at WG Last Call time. Bert > -----Original Message----- > From: Bob O'Hara (boohara) [mailto:boohara@cisco.com] > Sent: Tuesday, February 21, 2006 23:16 > To: Dorothy.Gellert@nokia.com; capwap@frascone.com > Subject: RE: [Capwap] Bindings issue > > > Dorothy, > > The reason I think this should be addressed before the -00 > draft is, as > much as we would like to avoid it, people will begin implementing and > claiming conformance (right or wrong) to "CAPWAP". If the protocol is > later modified to incorporate either of these proposals, it is very > likely to completely change values for all the binding message > identifiers. This will lead to exactly the opposite of what we are > trying to accomplish with this protocol. Rather than consolidating > around a single CAPWAP protocol, the market will fragment around > different draft versions of the protocol. > > I don't think that this will take much time to resolve, > though it might > take a bit more time to edit into the draft. It will certainly better > serve our market, if we do this now, rather than later. > > -Bob > > -----Original Message----- > From: Dorothy.Gellert@nokia.com [mailto:Dorothy.Gellert@nokia.com] > Sent: Tuesday, February 21, 2006 2:02 PM > To: Bob O'Hara (boohara); capwap@frascone.com > Subject: RE: [Capwap] Bindings issue > > I don't see why this issue needs to hold up the CAPWAP -00 draft. I > don't expect the -00 draft to solve all open issues. > > At this point, its sufficient to add this to the issues database and > address the WG as you have done. > > Thanks, > Dorothy > > > -----Original Message----- > From: ext Bob O'Hara (boohara) [mailto:boohara@cisco.com] > Sent: Tuesday, February 21, 2006 1:32 PM > To: capwap@frascone.com > Subject: [Capwap] Bindings issue > > I believe there is an issue we need to address before the -00 draft is > produced. This relates to the decision by the working group that the > original CAPWAP protocol would restrict itself to supporting only > 802.11, but would provide extensibility to support other wireless > protocols. This support for extensibility is insufficient in > the LWAPP > draft and, without direction from the working group, from the > -00 CAPWAP > draft as well. > > In the current draft of the LWAPP proposal, all message element > identifiers in the protocol are drawn from a single, 16-bit, number > space. This does not provide for parallel development of bindings for > different protocols or an unambiguous way to allocate these > identifiers > without some central administration of the entire message identifier > number space. > > I propose that we add a binding identifier to each message element. > This identifier would, in the -00 draft, place each message > element into > either the "base protocol" number space or the "IEEE 802.11" number > space. It would also allow for reuse of the values in the message > identifier field. > > Alternatively, we could create a "Binding Separator" message element. > This element would separate message elements in the base > portion of the > protocol from those defined in a binding. The value carried by the > separator would identify the specific binding for the elements that > follow the separator, either to the next separator element or > to the end > of the packet. > > Either alternative for this proposal would require > administration of the > binding identifier number space. But, that number space would most > likely last much longer than the message identifier space, itself, if > left as a single common number space for all bindings to share. > > -Bob > > Bob O'Hara > Cisco Systems - WNBU > > Phone: +1 408 853 5513 > Mobile: +1 408 218 4025 > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap > > Archives: http://lists.frascone.com/pipermail/capwap > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap > > Archives: http://lists.frascone.com/pipermail/capwap > _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Feb 21 19:47:36 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FBiAK-0006Ly-D9 for capwap-archive@lists.ietf.org; Tue, 21 Feb 2006 19:47:36 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FBiAH-0005bt-Pj for capwap-archive@lists.ietf.org; Tue, 21 Feb 2006 19:47:36 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id E41A04300B6 for ; Tue, 21 Feb 2006 16:47:32 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id E6B1F430067 for ; Tue, 21 Feb 2006 16:46:56 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id CD55239802C for ; Tue, 21 Feb 2006 16:46:56 -0800 (PST) Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.192.81]) by zoidberg.tigertech.net (Postfix) with ESMTP id 9DFBE398026 for ; Tue, 21 Feb 2006 16:46:53 -0800 (PST) Received: from [192.168.0.3] (c-68-49-199-146.hsd1.md.comcast.net[68.49.199.146]) by comcast.net (rwcrmhc11) with ESMTP id <20060222004651m11009sli6e>; Wed, 22 Feb 2006 00:46:52 +0000 Message-ID: <43FBB47F.8080906@cs.umd.edu> Date: Tue, 21 Feb 2006 19:46:55 -0500 From: Charles Clancy User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: sarikaya@ieee.org Subject: Re: [Capwap] Radius References: <4FF84B0BC277FF45AA27FE969DD956A2017125B6@xmb-sjc-235.amer.cisco.com> <43FB8EDC.4030806@yahoo.com> In-Reply-To: <43FB8EDC.4030806@yahoo.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= X-Spam-Level: Cc: capwap@frascone.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 501044f827b673024f6a4cb1d46e67d2 I don't think Pat's comments imply having only a split MAC. For example, local MAC with RADIUS client on the AC gives the added functionality of fast handoff between WTPs. [ t. charles clancy ]--[ tcc@umd.edu ]--[ www.cs.umd.edu/~clancy ] [ computer science ]-----[ university of maryland | college park ] Behcet Sarikaya wrote: > If others agree, I also agree but reducing the scope to Split MAC only, > this is a big change! > > Pat Calhoun (pacalhou) wrote: > >> I believe that having CAPWAP focus on creating what we essentially >> have today, via autonomous or standalone APs, is not necessarily a >> worthwhile exercise. >> >> Pat Calhoun >> CTO, Wireless Networking Business Unit >> Cisco Systems >> >> >> >> ------------------------------------------------------------------------ >> *From:* Behcet Sarikaya [mailto:behcetsarikaya@yahoo.com] >> *Sent:* Sunday, February 19, 2006 2:35 PM >> *To:* Pat Calhoun (pacalhou) >> *Cc:* David T. Perkins; Philip.Rakity@u4eatech.com; >> capwap@frascone.com >> *Subject:* Re: [Capwap] Radius >> >> I am confused, are you saying that local MAC WTPs (with a Radius >> client) are not governed by CAPWAP work? >> >> Behcet >> >> Pat Calhoun (pacalhou) wrote: >> >>>I concur with David, and therefore having RADIUS in the AP implies that >>>it is a standalone AP, and therefore not governed by the CAPWAP work. >>> >>>Pat Calhoun >>>CTO, Wireless Networking Business Unit >>>Cisco Systems >>> >>> >>> >>> >>> >>>>-----Original Message----- >>>>From: David T. Perkins [mailto:dperkins@dsperkins.com] >>>>Sent: Tuesday, February 07, 2006 10:19 AM >>>>To: Philip.Rakity@u4eatech.com >>>>Cc: capwap@frascone.com >>>>Subject: Re: [Capwap] Radius >>>> >>>>HI, >>>> >>>>Where do you draw the line between: >>>>1) a collection of stand-alone APs that have a management >>>> application apply a consistent configuration >>>>2) a collection an AC and connected WTPs that >>>> act together as a system. >>>> >>>>I believe that this is an important issue, because #1 does >>>>not need the CAPWAP protocol. It can use the existing >>>>mangement interfaces (be they CLI, SNMP, or proprietary) >>>>found on standalone APs. And these interfaces can be different. >>>>That is, AP #1 could be managed via scripted CLI commands, >>>>and AP #2 could be managed via SNMP operations. >>>> >>>>Regards, >>>>/david t. perkins >>>> >>>>On Tue, 7 Feb 2006 Philip.Rakity@u4eatech.com wrote: >>>> >>>> >>>>>My reading of the draft indicates there are 2 modes of operation. >>>>> >>>>>a) Combined MAC (where the AP does everything) >>>>>b) Split MAC (where the AC does most of the work) >>>>> >>>>>in case b) it is clear that the AC must act as the radius relay. >>>>> >>>>>in case a) where the AC is just configuring the WTP, it is >>>>> >>>>> >>>>not clear >>>> >>>> >>>>>WHY the AC has to 'proxy' as the radius server. I think the >>>>>restriction on REQUIRING that the AC act as the radius >>>>> >>>>> >>>>server (in base >>>> >>>> >>>>>a) is too strong. >>>>> >>>>>Philip >>>>> >>>>>Quoting Charles Clancy : >>>>> >>>>> >>>>> >>>>>>Are you suggesting the WTPs communicate directly with the AAA >>>>>>server, and the AC configures the WTPs with the appropriate >>>>>>connection information? Two thoughts: >>>>>> >>>>>>1. AAA traffic is trivial compared to everything else the >>>>>> >>>>>> >>>>AC will be >>>> >>>> >>>>>>doing, so the performance increase would be minimal. >>>>>> >>>>>>2. You've broken the keying/trust hierarchy. Now compromise of a >>>>>>single WTP would allow an attacker the ability to compromise all >>>>>>networks that AAA server manages. You can't contain >>>>>> >>>>>> >>>>attacks anymore. >>>> >>>> >>>>>>[ t. charles clancy ]--[ tcc@umd.edu ]--[ >>>>>> >>>>>> >>>>www.cs.umd.edu/~clancy ] [ >>>> >>>> >>>>>>computer science ]-----[ university of maryland | college park ] >>>>>> >>>>>>Philip.Rakity@u4eatech.com wrote: >>>>>> >>>>>> >>>>>>>I was wondering if it really makes sense in the NON >>>>>>> >>>>>>> >>>>split MAC case >>>> >>>> >>>>>>>to require the AC handle radius requests. It seems this is over >>>>>>>burdening the AC. The LWAPP protocol should allow the AC to >>>>>>>configure the radius server. >>>>>>> >>>>>>>regards, >>>>>>> >>>>>>>Philip >>>>>>> >>>>>>>_________________________________________________________________ >>>>>>>To unsubscribe or modify your subscription options, please visit: >>>>>>>http://lists.frascone.com/mailman/listinfo/capwap >>>>>>> >>>>>>>Archives: http://lists.frascone.com/pipermail/capwap >>>>>>> >>>>>>> >>>>>>_________________________________________________________________ >>>>>>To unsubscribe or modify your subscription options, please visit: >>>>>>http://lists.frascone.com/mailman/listinfo/capwap >>>>>> >>>>>>Archives: http://lists.frascone.com/pipermail/capwap >>>>>> >>>>>> >>>>>> >>>>>_________________________________________________________________ >>>>>To unsubscribe or modify your subscription options, please visit: >>>>>http://lists.frascone.com/mailman/listinfo/capwap >>>>> >>>>>Archives: http://lists.frascone.com/pipermail/capwap >>>>> >>>>> >>>>> >>>>_________________________________________________________________ >>>>To unsubscribe or modify your subscription options, please visit: >>>>http://lists.frascone.com/mailman/listinfo/capwap >>>> >>>>Archives: http://lists.frascone.com/pipermail/capwap >>>> >>>> >>>> >>>_________________________________________________________________ >>>To unsubscribe or modify your subscription options, please visit: >>>http://lists.frascone.com/mailman/listinfo/capwap >>> >>>Archives: http://lists.frascone.com/pipermail/capwap >>> >>> >>> >>> > > ------------------------------------------------------------------------ > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap > > Archives: http://lists.frascone.com/pipermail/capwap _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Feb 21 19:55:26 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FBiHu-0006Wk-At for capwap-archive@lists.ietf.org; Tue, 21 Feb 2006 19:55:26 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FBiHt-0005mm-5B for capwap-archive@lists.ietf.org; Tue, 21 Feb 2006 19:55:26 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 8C274430093 for ; Tue, 21 Feb 2006 16:55:24 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 4A51A430067 for ; Tue, 21 Feb 2006 16:54:18 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 2E43939802E for ; Tue, 21 Feb 2006 16:54:18 -0800 (PST) Received: from smtp1.mei.co.jp (smtp.mei.co.jp [133.183.129.25]) by zoidberg.tigertech.net (Postfix) with ESMTP id 98D93398029 for ; Tue, 21 Feb 2006 16:54:14 -0800 (PST) Received: from mail-gw.jp.panasonic.com (dodgers.mei.co.jp [157.8.1.150]) by smtp1.mei.co.jp (8.12.10/3.7W/bulls) with ESMTP id k1M0sCxT009462; Wed, 22 Feb 2006 09:54:12 +0900 (JST) Received: by mail-gw.jp.panasonic.com (8.11.6p2/3.7W/somlx3) with ESMTP id k1M0sC222805; Wed, 22 Feb 2006 09:54:12 +0900 (JST) Received: from localhost (localhost [127.0.0.1]) by mail.jp.panasonic.com (8.11.6p2/3.7W/indians) with SMTP id k1M0sBo28477; Wed, 22 Feb 2006 09:54:11 +0900 (JST) Content-class: urn:content-classes:message MIME-Version: 1.0 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Subject: RE: [Capwap] Radius Date: Wed, 22 Feb 2006 08:56:22 +0800 Message-ID: <5F09D220B62F79418461A978CA0921BDB23702@pslexc01.psl.local> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] Radius Thread-Index: AcY3Mw4O/cmI0R2jQ3i3rwJ41f96GwAFy85w From: "Saravanan Govindan" To: , "Pat Calhoun (pacalhou)" X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.425 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE, FORGED_RCVD_HELO, HTML_MESSAGE X-Spam-Level: Cc: capwap@frascone.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1554750456==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.1 (/) X-Scan-Signature: 4214f59c4507d7175965807f52eb880f This is a multi-part message in MIME format. --===============1554750456== Content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C6374A.590B3134" This is a multi-part message in MIME format. ------_=_NextPart_001_01C6374A.590B3134 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Behcet, =20 I am not sure that the CAPWAP scope doesn't include local-MAC. CAPWAP will cover both local-MAC and split-MAC WTPs that require central control and management. I think the previous comment deals particularly with RADIUS and does not imply all control and management. Saravanan =20 =20 =20 =20 ________________________________ From: Behcet Sarikaya [mailto:behcetsarikaya@yahoo.com]=20 Sent: Wednesday, February 22, 2006 6:06 AM To: Pat Calhoun (pacalhou) Cc: capwap@frascone.com Subject: Re: [Capwap] Radius =20 If others agree, I also agree but reducing the scope to Split MAC only, this is a big change! Pat Calhoun (pacalhou) wrote: I believe that having CAPWAP focus on creating what we essentially have today, via autonomous or standalone APs, is not necessarily a worthwhile exercise. Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems =20 =20 =09 ________________________________ From: Behcet Sarikaya [mailto:behcetsarikaya@yahoo.com]=20 Sent: Sunday, February 19, 2006 2:35 PM To: Pat Calhoun (pacalhou) Cc: David T. Perkins; Philip.Rakity@u4eatech.com; capwap@frascone.com Subject: Re: [Capwap] Radius I am confused, are you saying that local MAC WTPs (with a Radius client) are not governed by CAPWAP work? =09 Behcet =09 Pat Calhoun (pacalhou) wrote:=20 I concur with David, and therefore having RADIUS in the AP implies that it is a standalone AP, and therefore not governed by the CAPWAP work. =20 Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems =20 =20 =20 =20 -----Original Message----- From: David T. Perkins [mailto:dperkins@dsperkins.com]=20 Sent: Tuesday, February 07, 2006 10:19 AM To: Philip.Rakity@u4eatech.com Cc: capwap@frascone.com Subject: Re: [Capwap] Radius =20 HI, =20 Where do you draw the line between: 1) a collection of stand-alone APs that have a management application apply a consistent configuration 2) a collection an AC and connected WTPs that act together as a system. =20 I believe that this is an important issue, because #1 does=20 not need the CAPWAP protocol. It can use the existing=20 mangement interfaces (be they CLI, SNMP, or proprietary) found on standalone APs. And these interfaces can be different. That is, AP #1 could be managed via scripted CLI commands,=20 and AP #2 could be managed via SNMP operations. =20 Regards, /david t. perkins =20 On Tue, 7 Feb 2006 Philip.Rakity@u4eatech.com wrote:=20 =20 My reading of the draft indicates there are 2 modes of operation. =20 a) Combined MAC (where the AP does everything) b) Split MAC (where the AC does most of the work) =20 in case b) it is clear that the AC must act as the radius relay. =20 in case a) where the AC is just configuring the WTP, it is=20 =20 not clear=20 =20 WHY the AC has to 'proxy' as the radius server. I think the=20 restriction on REQUIRING that the AC act as the radius=20 =20 server (in base =20 a) is too strong. =20 Philip =20 Quoting Charles Clancy : =20 =20 Are you suggesting the WTPs communicate directly with the AAA=20 server, and the AC configures the WTPs with the appropriate=20 connection information? Two thoughts: =20 1. AAA traffic is trivial compared to everything else the=20 =20 AC will be=20 =20 doing, so the performance increase would be minimal. =20 2. You've broken the keying/trust hierarchy. Now compromise of a=20 single WTP would allow an attacker the ability to compromise all=20 networks that AAA server manages. You can't contain=20 =20 attacks anymore. =20 [ t. charles clancy ]--[ tcc@umd.edu ]--[=20 =20 www.cs.umd.edu/~clancy ] [=20 =20 computer science ]-----[ university of maryland | college park ] =20 Philip.Rakity@u4eatech.com wrote: =20 I was wondering if it really makes sense in the NON=20 =20 split MAC case=20 =20 to require the AC handle radius requests. It seems this is over=20 burdening the AC. The LWAPP protocol should allow the AC to=20 configure the radius server. =20 regards, =20 Philip =20 =09 _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: =09 http://lists.frascone.com/mailman/listinfo/capwap =20 Archives: http://lists.frascone.com/pipermail/capwap =20 =09 _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: =09 http://lists.frascone.com/mailman/listinfo/capwap =20 Archives: http://lists.frascone.com/pipermail/capwap =20 =20 =09 _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: =09 http://lists.frascone.com/mailman/listinfo/capwap =20 Archives: http://lists.frascone.com/pipermail/capwap =20 =20 =09 _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap =20 Archives: http://lists.frascone.com/pipermail/capwap =20 =20 =09 _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap =20 Archives: http://lists.frascone.com/pipermail/capwap =20 =20 =20 ------_=_NextPart_001_01C6374A.590B3134 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi = Behcet,

 

I am not sure that the CAPWAP = scope doesn’t include local-MAC. CAPWAP will cover both local-MAC and = split-MAC WTPs that require central control and management. I think the previous = comment deals particularly with RADIUS and does not imply all control and = management.


Saravanan

 

 

 

 

From: Behcet Sarikaya [mailto:behcetsarikaya@yahoo.com] =
Sent: Wednesday, February = 22, 2006 6:06 AM
To: Pat Calhoun = (pacalhou)
Cc: = capwap@frascone.com
Subject: Re: [Capwap] = Radius

 

If others agree, I also agree but reducing = the scope to Split MAC only, this is a big change!

Pat Calhoun (pacalhou) wrote:

I believe that having CAPWAP focus = on creating what we essentially have today, via autonomous or standalone APs, is not necessarily a worthwhile = exercise.

Pat Calhoun
CTO, Wireless Networking Business Unit
Cisco Systems

 

 

From: Behcet Sarikaya [mailto:behcetsarikaya@yahoo.com<= /a>]
Sent: Sunday, February = 19, 2006 2:35 PM
To: Pat Calhoun = (pacalhou)
Cc: David T. Perkins; Philip.Rakity@u4eatech.com= ; capwap@frascone.com
Subject: Re: [Capwap] = Radius

I am confused, are you saying that local MAC = WTPs (with a Radius client) are not governed by CAPWAP work?

Behcet

Pat Calhoun (pacalhou) wrote: 

I concur with David, and therefore having =
RADIUS in the AP implies that
it is a standalone AP, and therefore not =
governed by the CAPWAP work.
 
Pat =
Calhoun
CTO, Wireless Networking Business =
Unit
Cisco =
Systems
 
 
 
  
-----Original =
Message-----
From: David T. Perkins [mailto:dperkins@dsperkins.com]=
 
Sent: Tuesday, February 07, 2006 10:19 =
AM
To: Philip.Rakity@u4eatech.com=

Cc: capwap@frascone.com
Subject: Re: [Capwap] =
Radius
 
HI,
 
Where do you draw the line =
between:
1) a collection of stand-alone APs that have =
a management
   application apply a consistent =
configuration
2) a collection an AC and connected WTPs =
that
   act together as a =
system.
 
I believe that this is an important issue, =
because #1 does 
not need the CAPWAP protocol. It can use the =
existing 
mangement interfaces (be they CLI, SNMP, or =
proprietary) 
found on standalone APs. And these interfaces =
can be different.
That is, AP #1 could be managed via scripted =
CLI commands, 
and AP #2 could be managed via SNMP =
operations.
 
Regards,
/david t. =
perkins
 
On Tue, 7 Feb 2006 Philip.Rakity@u4eatech.com=
 wrote: 
    
My reading of the draft indicates there are 2 =
modes of operation.
 
a) Combined MAC (where the AP does =
everything)
b) Split MAC (where the AC does most of the =
work)
 
in case b) it is clear that the AC must act =
as the radius relay.
 
in case a) where the AC is just configuring =
the WTP, it is 
      
not clear =

    
WHY the AC has to 'proxy' as the radius =
server.  I think the 
restriction on REQUIRING that the AC act as =
the radius 
      
server (in =
base
    =

a) is too =
strong.
 
Philip
 
Quoting Charles Clancy <clancy@cs.umd.edu>:
 
      =

Are you suggesting the WTPs communicate =
directly with the AAA 
server, and the AC configures the WTPs with =
the appropriate 
connection information?  Two =
thoughts:
 
1. AAA traffic is trivial compared to =
everything else the 
       &nbs=
p;
AC will be =

    
doing, so the performance increase would be =
minimal.
 
2. You've broken the keying/trust =
hierarchy.  Now compromise of a =

single WTP would allow an attacker the =
ability to compromise all 
networks that AAA server manages.  You =
can't contain 
       &nbs=
p;
attacks =
anymore.
    =

[ t. charles clancy ]--[ tcc@umd.edu ]--[ =

       &nbs=
p;
www.cs.umd.edu/~clancy ] [ =

    
computer science ]-----[ university of maryland | college park =
]
 
Philip.Rakity@u4eatech.com=
 wrote:
        =

I was wondering if it really makes sense in =
the NON 
       &nbs=
p;  
split MAC case =

    
to require the AC handle radius =
requests.  It seems this is over =

burdening the AC.  The LWAPP protocol =
should allow the AC to 
configure the radius =
server.
 
regards,
 
Philip
 
______________________________________________=
___________________
To unsubscribe or modify your subscription =
options, please visit:
http://lists.f=
rascone.com/mailman/listinfo/capwap
 
Archives: http://lists.frascone=
.com/pipermail/capwap
       &nbs=
p;  
______________________________________________=
___________________
To unsubscribe or modify your subscription =
options, please visit:
http://lists.f=
rascone.com/mailman/listinfo/capwap
 
Archives: http://lists.frascone=
.com/pipermail/capwap
 
        =

______________________________________________=
___________________
To unsubscribe or modify your subscription =
options, please visit:
http://lists.f=
rascone.com/mailman/listinfo/capwap
 
Archives: http://lists.frascone=
.com/pipermail/capwap
 
      =

______________________________________________=
___________________
To unsubscribe or modify your subscription =
options, please visit:
http://lists.f=
rascone.com/mailman/listinfo/capwap
 
Archives: http://lists.frascone=
.com/pipermail/capwap
 
    =

______________________________________________=
___________________
To unsubscribe or modify your subscription =
options, please visit:
http://lists.f=
rascone.com/mailman/listinfo/capwap
 
Archives: http://lists.frascone=
.com/pipermail/capwap
 
 
  =
------_=_NextPart_001_01C6374A.590B3134-- --===============1554750456== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============1554750456==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Wed Feb 22 17:00:48 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FC22S-0005Kq-1X for capwap-archive@lists.ietf.org; Wed, 22 Feb 2006 17:00:48 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FC22Q-00051w-Bc for capwap-archive@lists.ietf.org; Wed, 22 Feb 2006 17:00:48 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id E841C430102 for ; Wed, 22 Feb 2006 14:00:44 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 1260C43004F for ; Wed, 22 Feb 2006 14:00:15 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id F168D398039 for ; Wed, 22 Feb 2006 14:00:14 -0800 (PST) Received: from sj-iport-2.cisco.com (sj-iport-2-in.cisco.com [171.71.176.71]) by zoidberg.tigertech.net (Postfix) with ESMTP id 1DA5D398009 for ; Wed, 22 Feb 2006 14:00:12 -0800 (PST) Received: from sj-core-2.cisco.com ([171.71.177.254]) by sj-iport-2.cisco.com with ESMTP; 22 Feb 2006 14:00:12 -0800 Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id k1MM0BtX011649; Wed, 22 Feb 2006 14:00:12 -0800 (PST) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Wed, 22 Feb 2006 14:00:12 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [Capwap] Radius Date: Wed, 22 Feb 2006 14:00:10 -0800 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A201712AB9@xmb-sjc-235.amer.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] Radius Thread-Index: AcY3SX7UD0uyOj1fSGq7jbTOWxYxSQAsdAsA From: "Pat Calhoun (pacalhou)" To: "Charles Clancy" , X-OriginalArrivalTime: 22 Feb 2006 22:00:12.0141 (UTC) FILETIME=[5A81C1D0:01C637FB] X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.374 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE X-Spam-Level: Cc: capwap@frascone.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: f2728948111f2edaaf8980b5b9de55af Charles correctly interpreted my comment - and said it even better than I did :) Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems =20 > -----Original Message----- > From: Charles Clancy [mailto:clancy@cs.umd.edu]=20 > Sent: Tuesday, February 21, 2006 4:47 PM > To: sarikaya@ieee.org > Cc: Pat Calhoun (pacalhou); capwap@frascone.com > Subject: Re: [Capwap] Radius >=20 > I don't think Pat's comments imply having only a split MAC. =20 > For example, local MAC with RADIUS client on the AC gives the=20 > added functionality of fast handoff between WTPs. >=20 > [ t. charles clancy ]--[ tcc@umd.edu ]--[=20 > www.cs.umd.edu/~clancy ] [ computer science ]-----[=20 > university of maryland | college park ] >=20 > Behcet Sarikaya wrote: > > If others agree, I also agree but reducing the scope to Split MAC=20 > > only, this is a big change! > >=20 > > Pat Calhoun (pacalhou) wrote: > >=20 > >> I believe that having CAPWAP focus on creating what we essentially=20 > >> have today, via autonomous or standalone APs, is not necessarily a=20 > >> worthwhile exercise. > >> > >> Pat Calhoun > >> CTO, Wireless Networking Business Unit Cisco Systems > >> > >> =20 > >> > >> =20 > -------------------------------------------------------------- > ---------- > >> *From:* Behcet Sarikaya [mailto:behcetsarikaya@yahoo.com] > >> *Sent:* Sunday, February 19, 2006 2:35 PM > >> *To:* Pat Calhoun (pacalhou) > >> *Cc:* David T. Perkins; Philip.Rakity@u4eatech.com; > >> capwap@frascone.com > >> *Subject:* Re: [Capwap] Radius > >> > >> I am confused, are you saying that local MAC WTPs=20 > (with a Radius > >> client) are not governed by CAPWAP work? > >> > >> Behcet > >> > >> Pat Calhoun (pacalhou) wrote: > >> > >>>I concur with David, and therefore having RADIUS in the AP implies=20 > >>>that it is a standalone AP, and therefore not governed by=20 > the CAPWAP work. > >>> > >>>Pat Calhoun > >>>CTO, Wireless Networking Business Unit Cisco Systems > >>> > >>>=20 > >>> > >>> =20 > >>> > >>>>-----Original Message----- > >>>>From: David T. Perkins [mailto:dperkins@dsperkins.com] > >>>>Sent: Tuesday, February 07, 2006 10:19 AM > >>>>To: Philip.Rakity@u4eatech.com > >>>>Cc: capwap@frascone.com > >>>>Subject: Re: [Capwap] Radius > >>>> > >>>>HI, > >>>> > >>>>Where do you draw the line between: > >>>>1) a collection of stand-alone APs that have a management > >>>> application apply a consistent configuration > >>>>2) a collection an AC and connected WTPs that > >>>> act together as a system. > >>>> > >>>>I believe that this is an important issue, because #1=20 > does not need=20 > >>>>the CAPWAP protocol. It can use the existing mangement interfaces=20 > >>>>(be they CLI, SNMP, or proprietary) found on standalone APs. And=20 > >>>>these interfaces can be different. > >>>>That is, AP #1 could be managed via scripted CLI=20 > commands, and AP #2=20 > >>>>could be managed via SNMP operations. > >>>> > >>>>Regards, > >>>>/david t. perkins > >>>> > >>>>On Tue, 7 Feb 2006 Philip.Rakity@u4eatech.com wrote:=20 > >>>> =20 > >>>> > >>>>>My reading of the draft indicates there are 2 modes of operation. > >>>>> > >>>>>a) Combined MAC (where the AP does everything) > >>>>>b) Split MAC (where the AC does most of the work) > >>>>> > >>>>>in case b) it is clear that the AC must act as the radius relay. > >>>>> > >>>>>in case a) where the AC is just configuring the WTP, it is > >>>>> =20 > >>>>> > >>>>not clear > >>>> =20 > >>>> > >>>>>WHY the AC has to 'proxy' as the radius server. I think the=20 > >>>>>restriction on REQUIRING that the AC act as the radius > >>>>> =20 > >>>>> > >>>>server (in base > >>>> =20 > >>>> > >>>>>a) is too strong. > >>>>> > >>>>>Philip > >>>>> > >>>>>Quoting Charles Clancy : > >>>>> > >>>>> =20 > >>>>> > >>>>>>Are you suggesting the WTPs communicate directly with the AAA=20 > >>>>>>server, and the AC configures the WTPs with the appropriate=20 > >>>>>>connection information? Two thoughts: > >>>>>> > >>>>>>1. AAA traffic is trivial compared to everything else the > >>>>>> =20 > >>>>>> > >>>>AC will be > >>>> =20 > >>>> > >>>>>>doing, so the performance increase would be minimal. > >>>>>> > >>>>>>2. You've broken the keying/trust hierarchy. Now=20 > compromise of a=20 > >>>>>>single WTP would allow an attacker the ability to=20 > compromise all=20 > >>>>>>networks that AAA server manages. You can't contain > >>>>>> =20 > >>>>>> > >>>>attacks anymore. > >>>> =20 > >>>> > >>>>>>[ t. charles clancy ]--[ tcc@umd.edu ]--[ > >>>>>> =20 > >>>>>> > >>>>www.cs.umd.edu/~clancy ] [ > >>>> =20 > >>>> > >>>>>>computer science ]-----[ university of maryland | college park ] > >>>>>> > >>>>>>Philip.Rakity@u4eatech.com wrote: > >>>>>> =20 > >>>>>> > >>>>>>>I was wondering if it really makes sense in the NON > >>>>>>> =20 > >>>>>>> > >>>>split MAC case > >>>> =20 > >>>> > >>>>>>>to require the AC handle radius requests. It seems=20 > this is over=20 > >>>>>>>burdening the AC. The LWAPP protocol should allow the AC to=20 > >>>>>>>configure the radius server. > >>>>>>> > >>>>>>>regards, > >>>>>>> > >>>>>>>Philip > >>>>>>> > >>>>>>>_______________________________________________________ > __________ > >>>>>>>To unsubscribe or modify your subscription options,=20 > please visit: > >>>>>>>http://lists.frascone.com/mailman/listinfo/capwap > >>>>>>> > >>>>>>>Archives: http://lists.frascone.com/pipermail/capwap > >>>>>>> =20 > >>>>>>> > >>>>>>________________________________________________________ > _________ > >>>>>>To unsubscribe or modify your subscription options,=20 > please visit: > >>>>>>http://lists.frascone.com/mailman/listinfo/capwap > >>>>>> > >>>>>>Archives: http://lists.frascone.com/pipermail/capwap > >>>>>> > >>>>>> =20 > >>>>>> > >>>>>_________________________________________________________________ > >>>>>To unsubscribe or modify your subscription options, please visit: > >>>>>http://lists.frascone.com/mailman/listinfo/capwap > >>>>> > >>>>>Archives: http://lists.frascone.com/pipermail/capwap > >>>>> > >>>>> =20 > >>>>> > >>>>_________________________________________________________________ > >>>>To unsubscribe or modify your subscription options, please visit: > >>>>http://lists.frascone.com/mailman/listinfo/capwap > >>>> > >>>>Archives: http://lists.frascone.com/pipermail/capwap > >>>> > >>>> =20 > >>>> > >>>_________________________________________________________________ > >>>To unsubscribe or modify your subscription options, please visit: > >>>http://lists.frascone.com/mailman/listinfo/capwap > >>> > >>>Archives: http://lists.frascone.com/pipermail/capwap > >>> > >>> > >>> =20 > >>> > >=20 > >=20 > ---------------------------------------------------------------------- > > -- > >=20 > > _________________________________________________________________ > > To unsubscribe or modify your subscription options, please visit: > > http://lists.frascone.com/mailman/listinfo/capwap > >=20 > > Archives: http://lists.frascone.com/pipermail/capwap >=20 _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Feb 23 00:40:38 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FC9DS-0000Ny-AP for capwap-archive@lists.ietf.org; Thu, 23 Feb 2006 00:40:38 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FC9DO-00088N-SR for capwap-archive@lists.ietf.org; Thu, 23 Feb 2006 00:40:38 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id C89C24300D1 for ; Wed, 22 Feb 2006 21:40:33 -0800 (PST) Received: from hermes.tigertech.net (hermes.tigertech.net [64.71.157.146]) by leela.tigertech.net (Postfix) with ESMTP id 9734C43004F for ; Wed, 22 Feb 2006 21:39:30 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 7A47B80C117 for ; Wed, 22 Feb 2006 21:39:30 -0800 (PST) Received: from huawei.com (usaga01-in.huawei.com [12.129.211.51]) by hermes.tigertech.net (Postfix) with ESMTP id 8FE6080C0F0 for ; Wed, 22 Feb 2006 21:39:21 -0800 (PST) Received: from huawei.com (usaga01-in [172.18.4.6]) by usaga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IV400C9YKPW0N@usaga01-in.huawei.com> for capwap@frascone.com; Wed, 22 Feb 2006 21:32:20 -0800 (PST) Received: from huawei.com ([172.17.1.101]) by usaga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IV4009EPKPT8V@usaga01-in.huawei.com> for capwap@frascone.com; Wed, 22 Feb 2006 21:32:20 -0800 (PST) Received: from [172.24.1.3] (Forwarded-For: [10.18.4.151]) by szxmc01-in.huawei.com (mshttpd); Thu, 23 Feb 2006 10:35:31 +0500 Date: Thu, 23 Feb 2006 10:35:31 +0500 From: zhaoyujin 31390 Subject: Re:FW: [Capwap] IESG Review (CAPWAP protocol should support NULL-Authentication) To: Dorothy.Gellert@nokia.com Message-id: <8e6f818e409a.8e409a8e6f81@huawei.com> MIME-version: 1.0 X-Mailer: iPlanet Messenger Express 5.2 HotFix 1.25 (built Mar 3 2004) Content-type: multipart/mixed; boundary="Boundary_(ID_ekQ+2mwGh0Wnxhm5BiMQ4w)" Content-language: zh-CN X-Accept-Language: zh-CN Priority: normal X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.546 tagged_above=-999 required=7 tests=HTML_60_70, HTML_MESSAGE, HTML_TAG_EXIST_TBODY, MIME_HTML_MOSTLY X-Spam-Level: Cc: capwap@frascone.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.5 (/) X-Scan-Signature: 23e0dc5390f90c078cbc69ce4ec79f98 This is a multi-part message in MIME format. --Boundary_(ID_ekQ+2mwGh0Wnxhm5BiMQ4w) Content-type: text/plain; charset=gb2312 Content-transfer-encoding: quoted-printable Content-disposition: inline Hi all=3A I agree =22The CAPWAP must support mutual authentication=22=2E And I also recommend that =22The CAPWAP need support one authenticatio= n method-NULL Authentication=22=2E Based on this feature=2C CAPWAP can s= atisfy some small customers simple scenario=2E Best regards Yujin Zhao =3E1=2E Section=3A 5=2E1=2E8 CAPWAP Protocol Security=2C Protocol Require= ment =3E =3EComment=3A =A1=B0Does that =5Bsecured=5D mean encrypted or integrity-p= rotected=3F=A1=B1 =3E =3EOriginal text=3A =22The CAPWAP protocol MUST support mutual authentica= tion of WTPs and the =3Ecentralized controller=2E It must also ensure th= at information exchanges between them are =3Esecured=2E=22 =3E =3ESuggestion=3A From Charles Clancy =A8C =A1=B0The CAPWAP protocol MUST = support mutual =3Eauthentication of WTPs and the centralized controller=2E= It also MUST ensure that =3Einformation exchanges are integrity protecte= d=2C and SHOULD ensure confidentiality through =3Eencryption=2E=22 =3E =3E=3CRG=3E I agree with the suggestion though we may have to see if the = base CAPWAP protocol =3Edoes have a specification for this=2E --Boundary_(ID_ekQ+2mwGh0Wnxhm5BiMQ4w) Content-type: multipart/alternative; boundary="Boundary_(ID_p2whcLsDvK5wvc8eKBaYXw)" --Boundary_(ID_p2whcLsDvK5wvc8eKBaYXw) Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT If there are no futher objections from the WG to the proposed responses to the IESG Review for the CAPWAP Objectives draft, we will respond to the IESG with the text provided by Saravanan and Richard. Thanks, Dorothy ________________________________ From: ext Richard Gwee [mailto:richard_gwee@rp.sg] Sent: Tuesday, February 21, 2006 12:08 AM To: Saravanan Govindan; capwap@frascone.com Cc: yaoth@huawei.com; Cheng Hong; zhouwenhui@chinamobile.com Subject: RE: [Capwap] IESG Review Hi, My two cents' worth of thought. I understand that there may exist a need to change some of the text in the CAPWAP objectives. In any cases, I feel that the changes will have to be carefully thought through, especially since we have evaluated the four proposals based on these objectives. We do not certainly want to see some efforts wasted. My feedback are inline. Thanks and regards Richard Gwee ________________________________ From: Saravanan Govindan [mailto:Saravanan.Govindan@sg.panasonic.com] Sent: Monday, February 20, 2006 2:41 PM To: capwap@frascone.com Cc: yaoth@huawei.com; Cheng Hong; zhouwenhui@chinamobile.com Subject: [Capwap] IESG Review Hi All, This is a list of comments from the IESG and suggested responses. Feedback would be appreciated. Saravanan Brian Carpenter's Review: 1. Section: 5.1.8 CAPWAP Protocol Security, Protocol Requirement Comment: "Does that [secured] mean encrypted or integrity-protected?" Original text: "The CAPWAP protocol MUST support mutual authentication of WTPs and the centralized controller. It must also ensure that information exchanges between them are secured." Suggestion: From Charles Clancy - "The CAPWAP protocol MUST support mutual authentication of WTPs and the centralized controller. It also MUST ensure that information exchanges are integrity protected, and SHOULD ensure confidentiality through encryption." I agree with the suggestion though we may have to see if the base CAPWAP protocol does have a specification for this. --XX-- 2. Section: 5.1.9 System-wide Security, Protocol Requirement Comment: "Strange phrasing" of requirement Original text: "The design of the CAPWAP protocol MUST NOT allow for any compromises to the WLAN system by external entities." Clarification: From Mani - "the intent was to emphasize that the protocol MUST not introduce additional threats weakening the security of WLAN system. CAPWAP protocol by itself is not intended to and cannot protect against all compromises to the WLAN system which is broader than the scope of the protocol." May I boldly suggest that we change the text to be "The design of the CAPWAP protocol MUST NOT introduce new security threats that can weaken existing security measures of WLAN system." Feel free to discuss more on this one. --XX- 3. Section: 5.1.12 Protocol Specifications Comment: "Since this is a basic requirement of all IETF standards, why is it listed?" Original text: "Any WTP or WLAN controller vendor or any person MUST be able to implement the CAPWAP protocol from the specification itself and by that it is required that all such implementations do interoperate." Clarification: From Saravanan - "This objective arose during discussions on the scope of the CAPWAP protocol in managing WLAN systems. The intent was to highlight the 'completeness' of protocol in terms of achieving its interoperability goals." I will certainly think that this objective may not be necessary to a certain extent based on the comments from IESG. --XX- 4. Section: 5.2 Desirable Objectives Comment: "Why aren't the items in this section listed as SHOULD instead of MUST?" Clarification: From Saravanan - "The Desirable Objectives as a category can be listed as 'SHOULD'. However, the individual objectives that make up the category are still 'MUST', because they represent mandatory operations for the protocol - provided that the protocol chooses to realize a Desirable Objective." I agree with the clarification. --XX- Sam Hartman's Review 5. Section: 5.1.8 CAPWAP Protocol Security Comment: "Section 5.1.8 implies that an authenticated key exchange is optional. I think that BCP 107 will require an authenticated key exchange for this protocol." Suggestion: From Charles Clancy [To be inserted as last paragraph of Description] - "If the CAPWAP protocol meets the criteria to require automated key management per BCP 107, then mutual authentication MUST be accomplished via an authenticated key exchange." [Reference to BCP 107 to be included.] No comments on this one. --XX- 6. Section: 5.1.8 CAPWAP Protocol Security, Description, Paragraph 5 Comment: In the following text, please describe what security services are meant; probable services include integrity and confidentiality. > Once WTPs and WLAN controller have been mutually authenticated, information exchanges between them > must be secured against various security threats. Suggestion: From Saravanan - "Once WTPs and WLAN controller have been mutually authenticated, information exchanges between them must be secured against various security threats by providing confidentiality and integrity protection." I agree with the suggestion. - -XX- 7. Section: 5 Objectives, Introduction Comment: "The introduction to section 5 implies that operator requirements are valued less than non-objectives. I don't think that is the message the IETF wants to send to the operator community." Suggestion: From Saravanan, Reorganize introduction paragraph. "The objectives described in this document have been prioritized based on their immediate significance in the development and evaluation of a control and provisioning protocol for large-scale WLAN deployments. The priorities are; i. Mandatory and Accepted Objectives ii. Desirable Objectives iii. Non-Objectives The priorities have been assigned to individual objectives in accordance with working group discussions. Furthermore, a distinct category of objectives is provided based on requirements gathered from network service operators. These are specific need that arise from operators' experiencese [Note: Should be "experiences"] in deploying and managing large-scale WLANs. a. Operator Requirements" --XX- I agree with the suggestion. Thanks and regards Richard Gwee ________________________________ Republic Polytechnic, Tanglin Campus, 1 Kay Siang Road, Singapore 248922 . www.rp.sg . Fax: +65 6415-1310 . From March 2006, we will be located in our new home at 9 Woodlands Avenue 9, Singapore 738964. Republic Polytechnic, the first Institute of Higher Learning to fully adopt the Problem-Based Learning approach in Singapore, continues to strive towards best practices and maintain excellence in service standards with the following certifications: Singapore Innovation Class (SIC), Singapore Quality Class (SQC), People Developer Standards and QEHS (ISO 9001, 14001 and OHSAS 18001) ________________________________ CONFIDENTIALITY CAUTION: This message is intended only for the use of the individual or entity to whom it is addressed and contains information that is privileged and confidential. If you, the reader of this message, are not the intended recipient, you should not disseminate, distribute or copy this communication. If you have received this communication in error, please notify us immediately by return email and delete the original message. Thank you. --Boundary_(ID_p2whcLsDvK5wvc8eKBaYXw) Content-type: text/html; charset=us-ascii Content-transfer-encoding: quoted-printable
If there are no futher objections from the WG = to the=20 proposed responses to the IESG Review for the CAPWAP Objectives draft, = we will=20 respond to the IESG with the  text provided by Saravanan and=20 Richard.
 
Thanks,
Dorothy
 
From: = ext Richard Gwee=20 [mailto:richard_gwee@rp.sg]
Sent: Tuesday, February 21, 2006 = 12:08=20 AM
To: Saravanan Govindan; capwap@frascone.com
Cc:=20 yaoth@huawei.com; Cheng Hong; = zhouwenhui@chinamobile.com
Subject: RE:=20 [Capwap] IESG Review

Hi, =

 

My two = cents’ worth of=20 thought.

 

I understand = that there=20 may exist a need to change some of the text in the CAPWAP objectives. In = any=20 cases, I feel that the changes will have to be carefully thought = through,=20 especially since we have evaluated the four proposals based on these = objectives.=20 We do not certainly want to see some efforts wasted.

 

My feedback = are=20 inline.

 

Thanks and=20 regards

Richard Gwee=20

 

From: Saravanan=20 Govindan [mailto:Saravanan.Govindan@sg.panasonic.com]
Sent: Monday, February 20, 2006 = 2:41=20 PM
To:=20 capwap@frascone.com
Cc:=20 yaoth@huawei.com; Cheng Hong; zhouwenhui@chinamobile.com
Subject: [Capwap] IESG=20 Review

 

Hi All,

 

This is a list of comments = from the=20 IESG and suggested responses. Feedback would be = appreciated.

 

Saravanan

 

 

 

 

 

Brian Carpenter’s=20 Review:

 

1. Section: 5.1.8 CAPWAP = Protocol=20 Security, Protocol Requirement

 

Comment: “Does that = [secured] mean=20 encrypted or integrity-protected?”

 

Original text: "The CAPWAP = protocol=20 MUST support mutual authentication of WTPs and the centralized = controller. =20 It must also ensure that information exchanges between them are=20 secured."

 

Suggestion: From Charles = Clancy –=20 “The CAPWAP protocol MUST support mutual authentication of WTPs = and the=20 centralized controller. It also MUST ensure that information exchanges = are=20 integrity protected, and SHOULD ensure confidentiality through=20 encryption."

 

<RG> I = agree with=20 the suggestion though we may have to see if the base CAPWAP protocol = does have a=20 specification for this.

 

--XX--

 

2. Section: 5.1.9 = System-wide=20 Security, Protocol Requirement

 

Comment: “Strange = phrasing” of=20 requirement

 

Original text: “The =
design of the CAPWAP protocol MUST NOT allow for any compromises to the =
WLAN system by external entities.”

 

Clarification: From Mani = – “the=20 intent was to emphasize that the protocol MUST not introduce additional = threats=20 weakening the security of WLAN system. CAPWAP protocol by itself is not = intended=20 to and cannot protect against all compromises to the WLAN system which = is=20 broader than the scope of the protocol.”

 

<RG> = May I boldly=20 suggest that we change the text to be “The design of the CAPWAP = protocol MUST=20 NOT introduce new security threats that can weaken existing security = measures of=20 WLAN system.” Feel free to discuss more on this = one.

 

--XX—

 

3. Section: 5.1.12 = Protocol=20 Specifications

 

Comment: “Since this = is a basic=20 requirement of all IETF standards, why is it = listed?”

 

Original text: “Any =
WTP or WLAN controller vendor or any person MUST be able to implement =
the CAPWAP protocol from the specification itself and by that it is =
required that all such implementations do =
interoperate.”
 
Clarification: From =
Saravanan – “This objective arose during discussions on the =
scope of the CAPWAP protocol in managing WLAN systems. The intent was to =
highlight the 'completeness' of protocol in terms of achieving its =
interoperability goals.”
 
<RG> I will certainly think that =
this objective may not be necessary to a certain extent based on the =
comments from IESG. 
 
--XX—
 
4. Section: 5.2 Desirable =
Objectives
 
Comment: “Why aren't =
the items in this section listed as SHOULD instead of =
MUST?”
 
Clarification: From =
Saravanan – “The Desirable Objectives as a category can be =
listed as 'SHOULD'. However, the individual objectives that make up the =
category are still 'MUST', because they represent mandatory operations =
for the protocol - provided that the protocol chooses to realize a =
Desirable Objective.”
 
<RG> I agree with the =
clarification.
--XX—
 
 
Sam Hartman’s =
Review
 
5. Section: 5.1.8 CAPWAP =
Protocol Security
 
Comment: “Section =
5.1.8 implies that an authenticated key exchange is optional. I think =
that BCP 107 will require an authenticated key exchange for this =
protocol.”
 
Suggestion: From Charles =
Clancy [To be inserted as last paragraph of Description] – =
“If the CAPWAP protocol meets the criteria to require automated =
key management per BCP 107, then mutual authentication MUST be =
accomplished via an authenticated key =
exchange."
 
[Reference to BCP 107 to =
be included.]
 
<RG> No comments on this one.
--XX—
 
6. Section: 5.1.8 CAPWAP =
Protocol Security, Description, Paragraph =
5
 
Comment: In the following =
text, please describe what security services are meant; probable =
services include integrity and =
confidentiality.
 
> Once WTPs and WLAN =
controller have been mutually authenticated, information exchanges =
between them
> must be secured =
against various security threats.
 
Suggestion: From Saravanan =
- "Once WTPs and WLAN controller have been mutually authenticated, =
information exchanges between them must be secured against various =
security threats by providing confidentiality and integrity =
protection."
 
<RG> I agree with the =
suggestion.
-
-XX—
 
7. Section: 5 Objectives, =
Introduction
 
Comment: “The =
introduction to section 5 implies that operator requirements are valued =
less than non-objectives.  I don't think that is the message the =
IETF wants to send to the operator =
community.”
 
Suggestion: From =
Saravanan, Reorganize introduction paragraph. =

 
“The objectives =
described in this document have been prioritized based on their =
immediate significance in the development and evaluation of a control =
and provisioning protocol for large-scale WLAN =
deployments.
 
The priorities =
are;
 
i.  Mandatory and =
Accepted Objectives
ii.  =
Desirable Objectives
iii.  =
Non-Objectives
 
The priorities have been =
assigned to individual objectives in accordance with working group =
discussions.
 
Furthermore, a distinct =
category of objectives is provided based on requirements gathered from =
network service operators.  These are specific need that arise from =
operators' experiencese [Note: Should be "experiences"] in deploying and =
managing large-scale WLANs.
 
a. Operator =
Requirements”
--XX—
 <RG> I agree with the =
suggestion.
 
 

 Thanks and regards

Richard=20 Gwee

 

 

Republic = Polytechnic, Tanglin=20 Campus, 1 Kay Siang Road, Singapore 248922
. www.rp.sg . Fax: +65 6415-1310 .
 From March = 2006,=20 we will be located in our new home at 9 Woodlands Avenue 9, = Singapore=20 738964.

Republic = Polytechnic, the=20 first Institute of Higher Learning to fully adopt the = Problem-Based=20 Learning approach in Singapore, continues to strive towards best = practices=20 and maintain excellence in service standards with the following=20 certifications: Singapore Innovation Class (SIC), Singapore = Quality Class=20 (SQC), People Developer Standards and QEHS (ISO 9001, 14001 and = OHSAS=20 18001)

CONFIDENTIALITY = CAUTION: This=20 message is intended only for the use of the individual or entity = to whom=20 it is addressed and contains information that is privileged and=20 confidential. If you, the reader of this message, are not the = intended=20 recipient, you should not disseminate, distribute or copy this=20 communication. If you have received this communication in error, = please=20 notify us immediately by return email and delete the original = message.=20 Thank you. =
--Boundary_(ID_p2whcLsDvK5wvc8eKBaYXw)-- --Boundary_(ID_ekQ+2mwGh0Wnxhm5BiMQ4w) MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Content-disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --Boundary_(ID_ekQ+2mwGh0Wnxhm5BiMQ4w) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --Boundary_(ID_ekQ+2mwGh0Wnxhm5BiMQ4w)-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Feb 23 07:51:44 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FCFwe-0000JY-Mb for capwap-archive@lists.ietf.org; Thu, 23 Feb 2006 07:51:44 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FCFwd-0007x5-8Q for capwap-archive@lists.ietf.org; Thu, 23 Feb 2006 07:51:44 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 097134300D1 for ; Thu, 23 Feb 2006 04:51:42 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 6539B43004F for ; Thu, 23 Feb 2006 04:51:09 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 4B8DB398039 for ; Thu, 23 Feb 2006 04:51:09 -0800 (PST) Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.192.81]) by zoidberg.tigertech.net (Postfix) with ESMTP id 9EDFA398030 for ; Thu, 23 Feb 2006 04:51:06 -0800 (PST) Received: from [192.168.0.3] (c-68-49-199-146.hsd1.md.comcast.net[68.49.199.146]) by comcast.net (rwcrmhc11) with ESMTP id <20060223125105m11009v07se>; Thu, 23 Feb 2006 12:51:06 +0000 Message-ID: <43FDAFB9.9030100@cs.umd.edu> Date: Thu, 23 Feb 2006 07:51:05 -0500 From: Charles Clancy User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: zhaoyujin 31390 , capwap@frascone.com Subject: Re: FW: [Capwap] IESG Review (CAPWAP protocol should support NULL-Authentication) References: <8e6f818e409a.8e409a8e6f81@huawei.com> In-Reply-To: <8e6f818e409a.8e409a8e6f81@huawei.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= X-Spam-Level: Cc: X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 52e1467c2184c31006318542db5614d5 I think "NULL authentication" is too vague. Do you still want packet encryption? This could one of many different possibilities: 1. key exchange with manufacturer-signed certs (either DH or RSA-based) 2. key exchange with unsigned keys (either DH or RSA-based) 3. key exchange with SSH-style key caching 4. nonce exchange with unkeyed PRF acting as KDF for session keys 5. for DTLS, simply not use the DTLS tunnel Regardless, I don't think the requirement for NULL authentication should be part of the objectives draft. There's nothing in the objectives draft that explicitly forbids it, so it can be added later if there is consensus on its necessity. IMHO, DTLS with an RSA key exchange using SSH-style key caching might be something potentially useful, and better than turning security off completely. [ t. charles clancy ]--[ tcc@umd.edu ]--[ www.cs.umd.edu/~clancy ] [ computer science ]-----[ university of maryland | college park ] zhaoyujin 31390 wrote: > Hi all: > > I agree "The CAPWAP must support mutual authentication". > > And I also recommend that "The CAPWAP need support one authentication method-NULL Authentication". Based on this feature, CAPWAP can satisfy some small customers simple scenario. > > Best regards > Yujin Zhao > _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Feb 23 08:02:56 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FCG7U-0007kL-8l for capwap-archive@lists.ietf.org; Thu, 23 Feb 2006 08:02:56 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FCG7R-0008PH-DZ for capwap-archive@lists.ietf.org; Thu, 23 Feb 2006 08:02:56 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id E5F464300D8 for ; Thu, 23 Feb 2006 05:02:52 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id BE34443004F for ; Thu, 23 Feb 2006 05:02:26 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id A75E3398039 for ; Thu, 23 Feb 2006 05:02:26 -0800 (PST) Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [216.148.227.151]) by zoidberg.tigertech.net (Postfix) with ESMTP id C748B398030 for ; Thu, 23 Feb 2006 05:02:23 -0800 (PST) Received: from [192.168.128.4] (c-24-6-207-154.hsd1.ca.comcast.net[24.6.207.154]) by comcast.net (rwcrmhc11) with ESMTP id <20060223130221m11009u7jqe>; Thu, 23 Feb 2006 13:02:21 +0000 Message-ID: <43FDB25C.3060907@hyperthought.com> Date: Thu, 23 Feb 2006 05:02:20 -0800 From: Scott G Kelly User-Agent: Mozilla Thunderbird 1.0.7-1.1.fc4 (X11/20050929) X-Accept-Language: en-us, en MIME-Version: 1.0 To: zhaoyujin 31390 Subject: Re: FW: [Capwap] IESG Review (CAPWAP protocol should support NULL-Authentication) References: <8e6f818e409a.8e409a8e6f81@huawei.com> In-Reply-To: <8e6f818e409a.8e409a8e6f81@huawei.com> Content-Type: text/plain; charset=windows-1252; format=flowed X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= X-Spam-Level: Cc: capwap@frascone.com, Dorothy.Gellert@nokia.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Scan-Signature: 562cdc9baa87554b29d950396a30cf75 zhaoyujin 31390 wrote: > Hi all: >=20 > I agree "The CAPWAP must support mutual authentication". >=20 > And I also recommend that "The CAPWAP need support one authentication > method-NULL Authentication". Based on this feature, CAPWAP can > satisfy some small customers simple scenario. >=20 > Best regards Yujin Zhao Like Charles, I'm not sure exactly what you're looking for. So far,=20 we've considered control channel security (endpoint authentication,=20 confidentiality, and data integrity) to be required. My guess is you'd=20 like to turn *all* of this off (make security optional), but you could=20 also be asking to simply turn off endpoint authencation, since that's=20 what the text regarding "mutual authentication" below refers to. Please clarify your intent. >=20 >> 1. Section: 5.1.8 CAPWAP Protocol Security, Protocol Requirement >>=20 >> Comment: =93Does that [secured] mean encrypted or >> integrity-protected?=94 >>=20 >> Original text: "The CAPWAP protocol MUST support mutual >> authentication of WTPs and the >centralized controller. It must >> also ensure that information exchanges between them are >secured." >>=20 >> Suggestion: From Charles Clancy =96 =93The CAPWAP protocol MUST suppor= t >> mutual >authentication of WTPs and the centralized controller. It >> also MUST ensure that >information exchanges are integrity >> protected, and SHOULD ensure confidentiality through >encryption." >>=20 >> I agree with the suggestion though we may have to see if the >> base CAPWAP protocol >does have a specification for this. >=20 >=20 >=20 >=20 > -----------------------------------------------------------------------= - >=20 >=20 > If there are no futher objections from the WG to the proposed > responses to the IESG Review for the CAPWAP Objectives draft, we will > respond to the IESG with the text provided by Saravanan and Richard. >=20 >=20 > Thanks, Dorothy >=20 > -----------------------------------------------------------------------= - > *From:* ext Richard Gwee [mailto:richard_gwee@rp.sg] *Sent:* > Tuesday, February 21, 2006 12:08 AM *To:* Saravanan Govindan; > capwap@frascone.com *Cc:* yaoth@huawei.com; Cheng Hong; > zhouwenhui@chinamobile.com *Subject:* RE: [Capwap] IESG Review >=20 > Hi, >=20 >=20 >=20 > My two cents=92 worth of thought. >=20 >=20 >=20 > I understand that there may exist a need to change some of the text > in the CAPWAP objectives. In any cases, I feel that the changes will > have to be carefully thought through, especially since we have > evaluated the four proposals based on these objectives. We do not > certainly want to see some efforts wasted. >=20 >=20 >=20 > My feedback are inline. >=20 >=20 >=20 > Thanks and regards >=20 > Richard Gwee >=20 >=20 >=20 > -----------------------------------------------------------------------= - >=20 >=20 > *From:* Saravanan Govindan > [mailto:Saravanan.Govindan@sg.panasonic.com] *Sent:* Monday, February > 20, 2006 2:41 PM *To:* capwap@frascone.com *Cc:* yaoth@huawei.com; > Cheng Hong; zhouwenhui@chinamobile.com *Subject:* [Capwap] IESG > Review >=20 >=20 >=20 > Hi All, >=20 >=20 >=20 > This is a list of comments from the IESG and suggested responses.=20 > Feedback would be appreciated. >=20 >=20 >=20 > Saravanan >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 > Brian Carpenter=92s Review: >=20 >=20 >=20 > 1. Section: 5.1.8 CAPWAP Protocol Security, Protocol Requirement >=20 >=20 >=20 > Comment: =93Does that [secured] mean encrypted or integrity-protected?=94 >=20 >=20 >=20 >=20 > Original text: "The CAPWAP protocol MUST support mutual > authentication of WTPs and the centralized controller. It must also > ensure that information exchanges between them are secured." >=20 >=20 >=20 > Suggestion: From Charles Clancy =96 =93The CAPWAP protocol MUST support= =20 > mutual authentication of WTPs and the centralized controller. It also > MUST ensure that information exchanges are integrity protected, and > SHOULD ensure confidentiality through encryption." >=20 >=20 >=20 > I agree with the suggestion though we may have to see if the > base CAPWAP protocol does have a specification for this. >=20 >=20 >=20 > --XX-- >=20 >=20 >=20 > 2. Section: 5.1.9 System-wide Security, Protocol Requirement >=20 >=20 >=20 > Comment: =93Strange phrasing=94 of requirement >=20 >=20 >=20 > Original text: =93The design of the CAPWAP protocol MUST NOT allow for > any compromises to the WLAN system by external entities.=94 >=20 >=20 >=20 > Clarification: From Mani =96 =93the intent was to emphasize that the=20 > protocol MUST not introduce additional threats weakening the security > of WLAN system. CAPWAP protocol by itself is not intended to and > cannot protect against all compromises to the WLAN system which is > broader than the scope of the protocol.=94 >=20 >=20 >=20 > May I boldly suggest that we change the text to be =93The design > of the CAPWAP protocol MUST NOT introduce new security threats that > can weaken existing security measures of WLAN system.=94 Feel free to > discuss more on this one. >=20 >=20 >=20 > --XX=97 >=20 >=20 >=20 > 3. Section: 5.1.12 Protocol Specifications >=20 >=20 >=20 > Comment: =93Since this is a basic requirement of all IETF standards, > why is it listed?=94 >=20 >=20 >=20 > Original text: =93Any WTP or WLAN controller vendor or any person MUST > be able to implement the CAPWAP protocol from the specification > itself and by that it is required that all such implementations do > interoperate.=94 >=20 >=20 >=20 > Clarification: From Saravanan =96 =93This objective arose during > discussions on the scope of the CAPWAP protocol in managing WLAN > systems. The intent was to highlight the 'completeness' of protocol > in terms of achieving its interoperability goals.=94 >=20 >=20 >=20 > I will certainly think that this objective may not be necessary > to a certain extent based on the comments from IESG. >=20 >=20 >=20 > --XX=97 >=20 >=20 >=20 > 4. Section: 5.2 Desirable Objectives >=20 >=20 >=20 > Comment: =93Why aren't the items in this section listed as SHOULD > instead of MUST?=94 >=20 >=20 >=20 > Clarification: From Saravanan =96 =93The Desirable Objectives as a > category can be listed as 'SHOULD'. However, the individual > objectives that make up the category are still 'MUST', because they > represent mandatory operations for the protocol - provided that the > protocol chooses to realize a Desirable Objective.=94 >=20 >=20 >=20 > I agree with the clarification. >=20 > --XX=97 >=20 >=20 >=20 >=20 >=20 > Sam Hartman=92s Review >=20 >=20 >=20 > 5. Section: 5.1.8 CAPWAP Protocol Security >=20 >=20 >=20 > Comment: =93Section 5.1.8 implies that an authenticated key exchange is > optional. I think that BCP 107 will require an authenticated key > exchange for this protocol.=94 >=20 >=20 >=20 > Suggestion: From Charles Clancy [To be inserted as last paragraph of > Description] =96 =93If the CAPWAP protocol meets the criteria to requir= e > automated key management per BCP 107, then mutual authentication MUST > be accomplished via an authenticated key exchange." >=20 >=20 >=20 > [Reference to BCP 107 to be included.] >=20 >=20 >=20 > No comments on this one. >=20 > --XX=97 >=20 >=20 >=20 > 6. Section: 5.1.8 CAPWAP Protocol Security, Description, Paragraph 5 >=20 >=20 >=20 > Comment: In the following text, please describe what security > services are meant; probable services include integrity and > confidentiality. >=20 >=20 >=20 >> Once WTPs and WLAN controller have been mutually authenticated, >> information exchanges between them >=20 >> must be secured against various security threats. >=20 >=20 >=20 > Suggestion: From Saravanan - "Once WTPs and WLAN controller have been > mutually authenticated, information exchanges between them must be > secured against various security threats by providing confidentiality > and integrity protection." >=20 >=20 >=20 > I agree with the suggestion. >=20 > - >=20 > -XX=97 >=20 >=20 >=20 > 7. Section: 5 Objectives, Introduction >=20 >=20 >=20 > Comment: =93The introduction to section 5 implies that operator > requirements are valued less than non-objectives. I don't think that > is the message the IETF wants to send to the operator community.=94 >=20 >=20 >=20 > Suggestion: From Saravanan, Reorganize introduction paragraph. >=20 >=20 >=20 > =93The objectives described in this document have been prioritized > based on their immediate significance in the development and > evaluation of a control and provisioning protocol for large-scale > WLAN deployments. >=20 >=20 >=20 > The priorities are; >=20 >=20 >=20 > i. Mandatory and Accepted Objectives >=20 > ii. Desirable Objectives >=20 > iii. Non-Objectives >=20 >=20 >=20 > The priorities have been assigned to individual objectives in > accordance with working group discussions. >=20 >=20 >=20 > Furthermore, a distinct category of objectives is provided based on > requirements gathered from network service operators. These are > specific need that arise from operators' experiencese [Note: Should > be "experiences"] in deploying and managing large-scale WLANs. >=20 >=20 >=20 > a. Operator Requirements=94 >=20 > --XX=97 >=20 > I agree with the suggestion. >=20 >=20 >=20 >=20 >=20 > Thanks and regards >=20 > Richard Gwee >=20 >=20 >=20 >=20 >=20 > -----------------------------------------------------------------------= - >=20 >=20 > Republic Polytechnic, Tanglin Campus, 1 Kay Siang Road, Singapore > 248922 . _www.rp.sg_ . Fax: +65 6415-1310 . / From > _March 2006_, we will be located in our new home at 9 Woodlands=20 > Avenue 9, Singapore 738964./ >=20 > /Republic Polytechnic, the first Institute of Higher Learning to > fully adopt the Problem-Based Learning approach in Singapore, > continues to strive towards best practices and maintain excellence in > service standards with the following certifications: Singapore > Innovation Class (SIC), Singapore Quality Class (SQC), People > Developer Standards and QEHS (ISO 9001, 14001 and OHSAS 18001)/ >=20 > -----------------------------------------------------------------------= - >=20 >=20 > CONFIDENTIALITY CAUTION: This message is intended only for the use of > the individual or entity to whom it is addressed and contains=20 > information that is privileged and confidential. If you, the reader > of this message, are not the intended recipient, you should not=20 > disseminate, distribute or copy this communication. If you have > received this communication in error, please notify us immediately by > return email and delete the original message. Thank you. >=20 >=20 > -----------------------------------------------------------------------= - >=20 >=20 > _________________________________________________________________ To > unsubscribe or modify your subscription options, please visit:=20 > http://lists.frascone.com/mailman/listinfo/capwap >=20 > Archives: http://lists.frascone.com/pipermail/capwap >=20 >=20 > -----------------------------------------------------------------------= - >=20 >=20 > _________________________________________________________________ To > unsubscribe or modify your subscription options, please visit:=20 > http://lists.frascone.com/mailman/listinfo/capwap >=20 > Archives: http://lists.frascone.com/pipermail/capwap _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Fri Feb 24 05:19:59 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FCa3L-00010G-20 for capwap-archive@lists.ietf.org; Fri, 24 Feb 2006 05:19:59 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FCa3J-0005Xh-GP for capwap-archive@lists.ietf.org; Fri, 24 Feb 2006 05:19:59 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 615414300C9 for ; Fri, 24 Feb 2006 02:19:56 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id E2CD443007C for ; Fri, 24 Feb 2006 02:19:17 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id BD1ED39807B for ; Fri, 24 Feb 2006 02:19:17 -0800 (PST) Received: from huawei.com (lhrga01-in.huawei.com [57.66.76.5]) by zoidberg.tigertech.net (Postfix) with ESMTP id B2E3B39807A for ; Fri, 24 Feb 2006 02:19:15 -0800 (PST) Received: from huawei.com ([172.24.2.3]) by lhrga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IV600MEDRDGFY@lhrga01-in.huawei.com> for capwap@frascone.com; Fri, 24 Feb 2006 09:51:16 +0000 (GMT) Received: from huawei.com (szxga01-in [172.24.2.3]) by szxga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IV600731SK2QY@szxga01-in.huawei.com> for capwap@frascone.com; Fri, 24 Feb 2006 18:16:50 +0800 (CST) Received: from szxml01-in ([172.24.1.3]) by szxga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IV6007SLSK161@szxga01-in.huawei.com> for capwap@frascone.com; Fri, 24 Feb 2006 18:16:49 +0800 (CST) Received: from dell60 ([10.18.7.98]) by szxml01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTPA id <0IV600M0RSTK4L@szxml01-in.huawei.com>; Fri, 24 Feb 2006 18:22:33 +0800 (CST) Date: Fri, 24 Feb 2006 15:36:28 +0530 From: sujay To: capwap@frascone.com Message-id: <000001c63929$fb316ac0$6207120a@china.huawei.com> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1506 X-Mailer: Microsoft Outlook, Build 10.0.4024 Importance: Normal X-Priority: 3 (Normal) X-MSMail-priority: Normal X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.001 tagged_above=-999 required=7 tests=HTML_MESSAGE X-Spam-Level: Cc: Subject: [Capwap] doubt-admin and change state tlv. X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============0313411622==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: ccfb4541e989aa743998098cd315d0fd This is a multi-part message in MIME format. --===============0313411622== Content-type: multipart/alternative; boundary="Boundary_(ID_buc434Rz6fM8T2ZfV1GnHg)" This is a multi-part message in MIME format. --Boundary_(ID_buc434Rz6fM8T2ZfV1GnHg) Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Hi Group, There is a slight confusion w.r.t draft-lwappp-03. As per; 7.2.1 Administrative State +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | Admin State | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The Admin State TLV is used to change the Admin State of one or ALL radios in a WTP. the possible states being; 1- Enabled 2- Disabled Compare to; 7.3.2 Change State Event +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | State | Cause | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Here the State holds value of; 1 - for Disabled 2 - for Enabled *BOTH* the above TLV's can be send by the AC to the AP in Configuration Update Request Message. What should be AP's(rather Radio's) expected behaviour with these TLV's?? Thanks, Sujay My Location; http://maps.google.com/maps?ll=14.626109,76.959229&spn=4.724852,7.525085 &t=h&hl=en --Boundary_(ID_buc434Rz6fM8T2ZfV1GnHg) Content-type: text/html; charset=us-ascii Content-transfer-encoding: 7BIT Message
Hi Group,
 
There is a slight confusion w.r.t draft-lwappp-03.
 
As per;

7.2.1 Administrative State

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Radio ID | Admin State |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

The Admin State TLV is used to change the Admin State of
one or ALL radios in a WTP.
 
the possible states being;
1- Enabled
2- Disabled
 
 
Compare to;

7.3.2 Change State Event

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Radio ID | State | Cause |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Here the State holds value of;
 
1 - for Disabled
 
2 - for Enabled
 
 
*BOTH* the above TLV's can be send by the AC to the AP in
Configuration Update Request Message.
 
 
 
 
 
What should be AP's(rather Radio's) expected behaviour with these TLV's??
 
 
Thanks,
Sujay
 
 
 
 
My Location;
 
--Boundary_(ID_buc434Rz6fM8T2ZfV1GnHg)-- --===============0313411622== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============0313411622==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Fri Feb 24 05:57:47 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FCadv-0000oY-LY for capwap-archive@lists.ietf.org; Fri, 24 Feb 2006 05:57:47 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FCadt-0006l2-Sv for capwap-archive@lists.ietf.org; Fri, 24 Feb 2006 05:57:47 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 58D864300A5 for ; Fri, 24 Feb 2006 02:57:45 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 13BE443007C for ; Fri, 24 Feb 2006 02:56:58 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id F3D3C398031 for ; Fri, 24 Feb 2006 02:56:57 -0800 (PST) Received: from huawei-3com.com (smtp.huawei-3com.com [210.21.230.51]) by zoidberg.tigertech.net (Postfix) with ESMTP id 90CB139801B for ; Fri, 24 Feb 2006 02:56:54 -0800 (PST) Received: from huawei-3com.com (localhost [127.0.0.1]) by h3cml01-in.huawei-3com.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IV60024VUJJD8@h3cml01-in.huawei-3com.com> for capwap@frascone.com; Fri, 24 Feb 2006 18:59:43 +0800 (CST) Received: from RichardYoung ([10.18.7.90]) by h3cml01-in.huawei-3com.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTPA id <0IV60042WUJHR4@h3cml01-in.huawei-3com.com> for capwap@frascone.com; Fri, 24 Feb 2006 18:59:43 +0800 (CST) Date: Fri, 24 Feb 2006 16:26:49 +0530 From: young Subject: FW: [Capwap] doubt-admin and change state tlv. To: capwap@frascone.com Message-id: <001901c63931$041566d0$5a07120a@china.huawei.com> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Mailer: Microsoft Outlook, Build 10.0.6626 Importance: Normal X-Priority: 3 (Normal) X-MSMail-priority: Normal X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.375 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE, HTML_MESSAGE X-Spam-Level: X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1931484482==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 8949cc4fd406a34204d26327803246d1 This is a multi-part message in MIME format. --===============1931484482== Content-type: multipart/alternative; boundary="Boundary_(ID_h/pQw8L7BOGamrxZU8eAUw)" This is a multi-part message in MIME format. --Boundary_(ID_h/pQw8L7BOGamrxZU8eAUw) Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Hi Group: I thought the "Admin TLV" idea is to help AC to control AP's radio status, the "Change state event" TLV is to help AP to inform AC about its radio Operation status. If it is this ideal, I think Change state event TLV should always come from AP to AC, never from AC to AP. So Configure response should take "Admin TLV", not to take "change state event" TLV. But in the standard, it suggest to use "Change state event" in the configure response. BTW, Configure request is special case: In order to inform AC about a AP's old configuration, AP send use "Admin TLV" . In other case, "Admin TLV" is always from AC to AP. How do you think? Richard -----Original Message----- From: sujay [mailto:sujayg@huawei.com] Sent: Friday, February 24, 2006 4:08 PM To: young@huawei-3com.com Subject: FW: [Capwap] doubt-admin and change state tlv. -----Original Message----- From: sujay [mailto:sujayg@huawei.com] Sent: Friday, February 24, 2006 3:36 PM To: capwap@frascone.com Subject: [Capwap] doubt-admin and change state tlv. Hi Group, There is a slight confusion w.r.t draft-lwappp-03. As per; 7.2.1 Administrative State +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | Admin State | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The Admin State TLV is used to change the Admin State of one or ALL radios in a WTP. the possible states being; 1- Enabled 2- Disabled Compare to; 7.3.2 Change State Event +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | State | Cause | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Here the State holds value of; 1 - for Disabled 2 - for Enabled *BOTH* the above TLV's can be send by the AC to the AP in Configuration Update Request Message. What should be AP's(rather Radio's) expected behaviour with these TLV's?? Thanks, Sujay My Location; http://maps.google.com/maps?ll=14.626109,76.959229&spn=4.724852,7.525085&t=h &hl=en --Boundary_(ID_h/pQw8L7BOGamrxZU8eAUw) Content-type: text/html; charset=us-ascii Content-transfer-encoding: 7BIT Message

Hi Group:

 

I thought the “Admin TLV” idea is to help AC to control AP’s radio status, the “Change state event”  TLV is to help AP to inform AC about its radio Operation status.

If  it is this ideal, I think Change state event TLV should always come from AP to AC, never from AC to AP.

So  Configure response should take “Admin TLV”, not to take “change state event” TLV. But  in the standard, it suggest to use “Change state event” in the configure response.

 

BTW,  Configure request  is special case: In order to inform AC about a AP’s old configuration, AP send use “Admin TLV” .

In other case, “Admin TLV”  is always from AC to AP.

 

How do you think?

 

 Richard

 

-----Original Message-----
From: sujay [mailto:sujayg@huawei.com]
Sent: Friday, February 24, 2006 4:08 PM
To: young@huawei-3com.com
Subject: FW: [Capwap] doubt-admin and change state tlv.

 

 

-----Original Message-----
From: sujay [mailto:sujayg@huawei.com]
Sent: Friday, February 24, 2006 3:36 PM
To: capwap@frascone.com
Subject: [Capwap] doubt-admin and change state tlv.

Hi Group,

 

There is a slight confusion w.r.t draft-lwappp-03.

 

As per;

7.2.1 Administrative State

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Radio ID | Admin State |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

The Admin State TLV is used to change the Admin State of

one or ALL radios in a WTP.

 

the possible states being;

1- Enabled

2- Disabled

 

 

Compare to;

7.3.2 Change State Event

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Radio ID | State | Cause |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Here the State holds value of;

 

1 - for Disabled

 

2 - for Enabled

 

 

*BOTH* the above TLV's can be send by the AC to the AP in

Configuration Update Request Message.

 

 

 

 

 

What should be AP's(rather Radio's) expected behaviour with these TLV's??

 

 

Thanks,

Sujay

 

 

 

 

My Location;

http://maps.google.com/maps?ll=14.626109,76.959229&spn=4.724852,7.525085&t=h&hl=en

 

--Boundary_(ID_h/pQw8L7BOGamrxZU8eAUw)-- --===============1931484482== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============1931484482==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Fri Feb 24 07:20:57 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FCbwP-0000oJ-KB for capwap-archive@lists.ietf.org; Fri, 24 Feb 2006 07:20:57 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FCbwN-0000Va-No for capwap-archive@lists.ietf.org; Fri, 24 Feb 2006 07:20:57 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id D5E1843009A for ; Fri, 24 Feb 2006 04:20:54 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 70BB843006D for ; Fri, 24 Feb 2006 04:20:07 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 5655239807D for ; Fri, 24 Feb 2006 04:20:07 -0800 (PST) Received: from huawei.com (usaga01-in.huawei.com [12.129.211.51]) by zoidberg.tigertech.net (Postfix) with ESMTP id 70A8D398083 for ; Fri, 24 Feb 2006 04:20:03 -0800 (PST) Received: from huawei.com ([172.24.2.6]) by usaga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IV6008P6XMKWD@usaga01-in.huawei.com> for capwap@frascone.com; Fri, 24 Feb 2006 04:06:21 -0800 (PST) Received: from huawei.com (szxga02-in [172.24.2.6]) by szxga02-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IV600CGLYCT7B@szxga02-in.huawei.com> for capwap@frascone.com; Fri, 24 Feb 2006 20:22:06 +0800 (CST) Received: from szxml02-in ([172.24.1.6]) by szxga02-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IV6008EVYCTPG@szxga02-in.huawei.com> for capwap@frascone.com; Fri, 24 Feb 2006 20:22:05 +0800 (CST) Received: from archana ([10.18.7.105]) by szxml02-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTPA id <0IV600616YCKOG@szxml02-in.huawei.com> for capwap@frascone.com; Fri, 24 Feb 2006 20:21:58 +0800 (CST) Date: Fri, 24 Feb 2006 17:39:27 +0530 From: ArchanaSuresh Subject: FW: [Capwap] doubt-admin and change state tlv. To: capwap@frascone.com Message-id: <000001c6393b$295667a0$6907120a@china.huawei.com> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1506 X-Mailer: Microsoft Outlook, Build 10.0.6626 Content-type: multipart/mixed; boundary="Boundary_(ID_qYLRab4er4jB6sXESn1miw)" Importance: Normal X-Priority: 3 (Normal) X-MSMail-priority: Normal X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.001 tagged_above=-999 required=7 tests=HTML_MESSAGE X-Spam-Level: Cc: X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: fd911903d9eb33179d1ec28b0417afe8 This is a multi-part message in MIME format. --Boundary_(ID_qYLRab4er4jB6sXESn1miw) Content-type: multipart/alternative; boundary="Boundary_(ID_MvnmdPTvs7fr10yBrTjZng)" --Boundary_(ID_MvnmdPTvs7fr10yBrTjZng) Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Hi, As per draft CfgReq (ap- to ac), sends only Admin tlv. Why admin tlv from ap to ac to inform the operating state of the radio?? As per draft CfgResp (ac- to AP), sends only Change state tlv. Why change state tlv from ac to AP?? All Administrative configurations from ac to ap for the radio state should get into the admin tlv IT SHOULD BE Admin state TLV As per draft CfgUpdReq (ac- to ap), sends both Change state tlv & admin tlv. Why both are required from ac to ap?? Only one can be used as like CfgResp either admin or chgstate tlv. Regards, Archana Suresh -----Original Message----- From: sujay [mailto:sujayg@huawei.com] Sent: Friday, February 24, 2006 3:36 PM To: capwap@frascone.com Subject: [Capwap] doubt-admin and change state tlv. Hi Group, There is a slight confusion w.r.t draft-lwappp-03. As per; 7.2.1 Administrative State +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | Admin State | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The Admin State TLV is used to change the Admin State of one or ALL radios in a WTP. the possible states being; 1- Enabled 2- Disabled Compare to; 7.3.2 Change State Event +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | State | Cause | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Here the State holds value of; 1 - for Disabled 2 - for Enabled *BOTH* the above TLV's can be send by the AC to the AP in Configuration Update Request Message. What should be AP's(rather Radio's) expected behaviour with these TLV's?? Thanks, Sujay My Location; http://maps.google.com/maps?ll=14.626109,76.959229&spn=4.724852,7.525085&t=h &hl=en --Boundary_(ID_MvnmdPTvs7fr10yBrTjZng) Content-type: text/html; charset=us-ascii Content-transfer-encoding: 7BIT Message

Hi,

 

As per draft CfgReq (ap- to ac), sends only Admin tlv.

Why admin tlv from ap to ac to inform the operating state of the radio??

 

 

As per draft CfgResp (ac- to AP), sends only Change state tlv.

Why change state tlv from ac to AP??   All Administrative configurations from ac to ap for the radio state should get into the admin tlv

IT SHOULD BE Admin state TLV

 

 

As per draft CfgUpdReq (ac- to ap), sends both Change state tlv & admin tlv.

Why both are required from ac to ap??  

Only one can be used as like CfgResp either admin or chgstate tlv.

 

 

Regards,

Archana Suresh

 

 

 

-----Original Message-----
From: sujay [mailto:sujayg@huawei.com]
Sent: Friday, February 24, 2006 3:36 PM
To: capwap@frascone.com
Subject: [Capwap] doubt-admin and change state tlv.

 

Hi Group,

 

There is a slight confusion w.r.t draft-lwappp-03.

 

As per;

7.2.1 Administrative State

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Radio ID | Admin State |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

The Admin State TLV is used to change the Admin State of

one or ALL radios in a WTP.

 

the possible states being;

1- Enabled

2- Disabled

 

 

Compare to;

7.3.2 Change State Event

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Radio ID | State | Cause |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Here the State holds value of;

 

1 - for Disabled

 

2 - for Enabled

 

 

*BOTH* the above TLV's can be send by the AC to the AP in

Configuration Update Request Message.

 

 

 

 

 

What should be AP's(rather Radio's) expected behaviour with these TLV's??

 

 

Thanks,

Sujay

 

 

 

 

My Location;

http://maps.google.com/maps?ll=14.626109,76.959229&spn=4.724852,7.525085&t=h&hl=en

 

--Boundary_(ID_MvnmdPTvs7fr10yBrTjZng)-- --Boundary_(ID_qYLRab4er4jB6sXESn1miw) Content-type: text/plain; name=ATT00003.txt Content-transfer-encoding: 7BIT Content-disposition: attachment; filename=ATT00003.txt _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --Boundary_(ID_qYLRab4er4jB6sXESn1miw) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --Boundary_(ID_qYLRab4er4jB6sXESn1miw)-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Fri Feb 24 13:37:40 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FChoy-0000Aq-Ox for capwap-archive@lists.ietf.org; Fri, 24 Feb 2006 13:37:40 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FChox-0005Ap-6p for capwap-archive@lists.ietf.org; Fri, 24 Feb 2006 13:37:40 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 507304300EF for ; Fri, 24 Feb 2006 10:37:38 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 17E7A43006D for ; Fri, 24 Feb 2006 10:37:02 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 06C57398022 for ; Fri, 24 Feb 2006 10:37:02 -0800 (PST) Received: from mgw-ext03.nokia.com (mgw-ext03.nokia.com [131.228.20.95]) by zoidberg.tigertech.net (Postfix) with ESMTP id 6754C39803C for ; Fri, 24 Feb 2006 10:36:59 -0800 (PST) Received: from esebh106.NOE.Nokia.com (esebh106.ntc.nokia.com [172.21.138.213]) by mgw-ext03.nokia.com (Switch-3.1.7/Switch-3.1.7) with ESMTP id k1OIaCkS027042; Fri, 24 Feb 2006 20:36:16 +0200 Received: from daebh101.NOE.Nokia.com ([10.241.35.111]) by esebh106.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 24 Feb 2006 20:36:50 +0200 Received: from mvebe101.NOE.Nokia.com ([172.19.64.23]) by daebh101.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 24 Feb 2006 12:36:48 -0600 x-mimeole: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Fri, 24 Feb 2006 10:36:46 -0800 Message-ID: <893AE265F4ADF94AB7FB26D31A788E4101B114AF@mvebe101.NOE.Nokia.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Updates on the CAPWAP protocol WG Item going forward Thread-Index: AcY5cUQPttm0p7LPQGWqktMCKkLB0g== From: To: X-OriginalArrivalTime: 24 Feb 2006 18:36:48.0518 (UTC) FILETIME=[45682A60:01C63971] X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.683 tagged_above=-999 required=7 tests=HTML_20_30, HTML_MESSAGE, NO_REAL_NAME X-Spam-Level: Cc: Dorothy.Gellert@nokia.com Subject: [Capwap] Updates on the CAPWAP protocol WG Item going forward X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============0822963292==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.7 (/) X-Scan-Signature: 6ffdee8af20de249c24731d8414917d3 This is a multi-part message in MIME format. --===============0822963292== Content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C63971.44DC414B" This is a multi-part message in MIME format. ------_=_NextPart_001_01C63971.44DC414B Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Dear CAPWAP WG,=20 The -00 version of the new CAPWAP protocol, draft-ietf-capwap-protocol-specification is about to be published. I'd like to update the WG on role of Authors and Editors going forward with this draft, so we can properly acknowledge the contributions of the input drafts and future CAPWAP authors. This process was initiated so that the CAPWAP protocol would be representative of the entire WG, distinct from the input draft protocols we have had so far. The following procedures have been discussed among the Chairs, ADs and authors of the baseline LWAPP protocol draft. The WG Chairs and ADs believe this is the best way to progress the CAPWAP protocol forward as a new WG Item. =20 1. We have put an EDITORs team in place consisting of Pat Calhoun, Dorothy Stanley and Mike Montemurro. An EDITOR documents the WG consensus of the protocol specification, but does not necessarily have to have to create or author the text. The Editors will be listed on front page and they will be clearly marked as EDITORs. 2. We will have a prominent CONTRIBUTING AUTHORS section in the beginning of the CAPWAP protocol specification that recognizes major contributions of text by authors. We expect members of the WG to contribute to the CAPWAP protocol specification as authors via the CAPWAP mailing list as is IETF procedure.=20 3. The individual input protocol drafts that have been submitted for evaluation by the CAPWAP WG can be submitted as is (unchanged from the evaluation versions) directly to the rfc-editor for independent publication as Informational RFCs, so we can document this work for later reference and acknowledge the authors of these drafts. =20 We would like to thank the WG for all the work done so far and encourage the group to continue to support and contribute to the protocol work going forward. Best Regards,=20 Dorothy and Mani=20 ------_=_NextPart_001_01C63971.44DC414B Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Updates on the CAPWAP protocol WG Item going forward

Dear CAPWAP WG,=20
The -00 version of the new CAPWAP = protocol, draft-ietf-capwap-protocol-specification is about to be = published. I'd like to update the WG on role of Authors and Editors = going forward with this draft, so we can properly acknowledge the = contributions of the input drafts and future CAPWAP authors. This = process was initiated so that the CAPWAP protocol would be = representative of the entire WG, distinct from the input draft protocols = we have had so far. The following procedures have been discussed among = the Chairs, ADs and authors of the baseline LWAPP protocol draft.  = The WG Chairs and ADs believe this is the best way to progress the = CAPWAP protocol forward as a new WG Item. 

1. We have put an EDITORs team in place = consisting of Pat Calhoun, Dorothy Stanley and Mike Montemurro. An = EDITOR documents the WG consensus of the protocol specification, but = does not necessarily have to have to create or author the text. The = Editors will be listed on front page and they will be clearly marked as = EDITORs.

2. We will have a prominent = CONTRIBUTING AUTHORS section in the beginning of the CAPWAP protocol = specification that recognizes major contributions of text by authors. We = expect members of the WG to contribute to the CAPWAP protocol = specification as authors via the CAPWAP mailing list as is IETF = procedure.

3. The individual input protocol drafts = that have been submitted for evaluation by the CAPWAP WG can be = submitted as is (unchanged from the evaluation versions) directly to the = rfc-editor for independent publication as Informational RFCs, so we can = document this work for later reference and acknowledge the authors of = these drafts.  

We would like to thank the WG for all = the work done so far and encourage the group to continue to support and = contribute to the protocol work going forward.

Best Regards,
Dorothy and Mani

------_=_NextPart_001_01C63971.44DC414B-- --===============0822963292== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============0822963292==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Fri Feb 24 19:36:20 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FCnQ4-0005wz-D7 for capwap-archive@lists.ietf.org; Fri, 24 Feb 2006 19:36:20 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FCnQ2-0002mu-TP for capwap-archive@lists.ietf.org; Fri, 24 Feb 2006 19:36:20 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 8EC684300CC for ; Fri, 24 Feb 2006 16:36:17 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id E6ECE43006D for ; Fri, 24 Feb 2006 16:35:50 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id C6D6F39807D for ; Fri, 24 Feb 2006 16:35:50 -0800 (PST) Received: from sj-iport-3.cisco.com (sj-iport-3-in.cisco.com [171.71.176.72]) by zoidberg.tigertech.net (Postfix) with ESMTP id 9A80F39804B for ; Fri, 24 Feb 2006 16:35:48 -0800 (PST) Received: from sj-core-5.cisco.com ([171.71.177.238]) by sj-iport-3.cisco.com with ESMTP; 24 Feb 2006 16:35:48 -0800 X-IronPort-AV: i="4.02,145,1139212800"; d="scan'208"; a="409785731:sNHT44736856" Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id k1P0ZmVb007666 for ; Fri, 24 Feb 2006 16:35:48 -0800 (PST) Received: from xmb-sjc-237.amer.cisco.com ([128.107.191.123]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Fri, 24 Feb 2006 16:35:48 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [Capwap] Bindings issue Date: Fri, 24 Feb 2006 16:35:46 -0800 Message-ID: <17B8C6DE4E228348B4939BDA6B05A9DC01330447@xmb-sjc-237.amer.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] Bindings issue Thread-Index: AcY3PX09ypZcCRK/RaC+lnwuMtJcZwCZbGMA From: "Bob O'Hara (boohara)" To: X-OriginalArrivalTime: 25 Feb 2006 00:35:48.0018 (UTC) FILETIME=[6BF30920:01C639A3] X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.374 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE X-Spam-Level: X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 287c806b254c6353fcb09ee0e53bbc5e David, I agree with your points about how this might be addressed. However, I have just looked at eh issue tracker and find that the editors have not added this as an issue. Would the editors please add this as an issue in the "bug" category? -Bob =20 -----Original Message----- From: David T. Perkins [mailto:dperkins@dsperkins.com]=20 Sent: Tuesday, February 21, 2006 2:23 PM To: Bob O'Hara (boohara) Cc: capwap@frascone.com Subject: Re: [Capwap] Bindings issue HI, Glad to see you bring up this topic. The eval report suggested that the numbering space of the attributes (called information elements in the LWAPP spec) be increased from 8 bits (see section 9.1.1). Note that also that it appears to me that numbering space for message types is limited to 8 bits and there is not a way to add vendor extensions. (And it looks to be an oversight that there was no mention of who (such as IANA) that manages this space.) The LWAPP spec for attributes does allow vendor additions (see section 4.2.2.1.1). However, it is quite wasteful of space, and suprisingly has a 16-bit space for vendor attributes (element IDs). Note LWAPP identifies vendors by the IANA enterprise number, which is also used by SNMP. In the SNMPv3 RFCs, the enterprise number is used in one case for a security model identifier, which is a 32-bit integer in range (0 .. 2147483647).=20 (See RFC 3411, section 5, discussion of textual convention SnmpSecurityModel). The identifier is the enterprise number multiplied by 256 (that is, shifted left by 8 bits), plus an enterprise specific value. Since there is no assignment of 0 as an enterprise number, values less than 256 are IANA controlled. This scheme supports enterprise number of upto 23 bits (that is values upto 8,388,608 enterprises). Given the suggestion of the eval team, and Bob's input below, I suggest that the number space for message types and information element types be encoded as the following: 1) it be a 32 bit unsigned number 2) it is encoded as enterprise number times 256 plus enterprise value. 3) the values less than 256 be managed by IANA 4) an appropriate enterprise value be choosen for each technology and managed either by an IEEE group (or IANA) On Tue, 21 Feb 2006, Bob O'Hara (boohara) wrote: > I believe there is an issue we need to address before the -00 draft is > produced. This relates to the decision by the working group that the > original CAPWAP protocol would restrict itself to supporting only > 802.11, but would provide extensibility to support other wireless > protocols. This support for extensibility is insufficient in the LWAPP > draft and, without direction from the working group, from the -00 CAPWAP > draft as well. >=20 > In the current draft of the LWAPP proposal, all message element > identifiers in the protocol are drawn from a single, 16-bit, number > space. This does not provide for parallel development of bindings for > different protocols or an unambiguous way to allocate these identifiers > without some central administration of the entire message identifier > number space. >=20 > I propose that we add a binding identifier to each message element. > This identifier would, in the -00 draft, place each message element into > either the "base protocol" number space or the "IEEE 802.11" number > space. It would also allow for reuse of the values in the message > identifier field. =20 >=20 > Alternatively, we could create a "Binding Separator" message element. > This element would separate message elements in the base portion of the > protocol from those defined in a binding. The value carried by the > separator would identify the specific binding for the elements that > follow the separator, either to the next separator element or to the end > of the packet. >=20 > Either alternative for this proposal would require administration of the > binding identifier number space. But, that number space would most > likely last much longer than the message identifier space, itself, if > left as a single common number space for all bindings to share. >=20 > -Bob >=20 > Bob O'Hara > Cisco Systems - WNBU >=20 > Phone: +1 408 853 5513 > Mobile: +1 408 218 4025 Regards, /david t. perkins _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Sun Feb 26 17:00:49 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FDTwf-0000lz-GO for capwap-archive@lists.ietf.org; Sun, 26 Feb 2006 17:00:49 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FDTwe-0008LU-0c for capwap-archive@lists.ietf.org; Sun, 26 Feb 2006 17:00:49 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id AD8D44300CE for ; Sun, 26 Feb 2006 14:00:46 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id BECAD430063 for ; Sun, 26 Feb 2006 14:00:05 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id A508A398079 for ; Sun, 26 Feb 2006 14:00:05 -0800 (PST) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.199]) by zoidberg.tigertech.net (Postfix) with ESMTP id 9E277398067 for ; Sun, 26 Feb 2006 14:00:03 -0800 (PST) Received: by wproxy.gmail.com with SMTP id 69so1025228wri for ; Sun, 26 Feb 2006 14:00:02 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=QOK7RJu4pxcPhOakcW7mDZRWixn4fKNK8UX1J39a5ivJ0cpUstZbQ9GjRguUnAE5AUAvqpFRn7he9ajFuT4478l884FuhYEqeivxzPE/60F2zf2aYiMC1Du4mWzbI6RH9klKTqcO47a0kBU+v9CuPh67wkuT23WLZLW336Mgtfc= Received: by 10.65.220.6 with SMTP id x6mr2538684qbq; Sun, 26 Feb 2006 14:00:02 -0800 (PST) Received: by 10.65.61.12 with HTTP; Sun, 26 Feb 2006 14:00:02 -0800 (PST) Message-ID: <5bfe7a820602261400t7f6021aesb77865671eb74053@mail.gmail.com> Date: Sun, 26 Feb 2006 16:00:02 -0600 From: "Dorothy Stanley" To: capwap@frascone.com MIME-Version: 1.0 X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=1.958 tagged_above=-999 required=7 tests=FROM_ENDS_IN_NUMS, HTML_10_20, HTML_MESSAGE, RCVD_BY_IP, SUBJ_HAS_UNIQ_ID X-Spam-Level: * Subject: [Capwap] capwap-protocol-specification-00 X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1998357354==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 2.0 (++) X-Scan-Signature: 5d7a7e767f20255fce80fa0b77fb2433 --===============1998357354== Content-Type: multipart/alternative; boundary="----=_Part_2795_26509869.1140991202067" ------=_Part_2795_26509869.1140991202067 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline CAPWAP WG members: The capwap-protocol-specification-00 draft has been submitted for publication as a working group item. I did copy the WG on the submission yesterday, but for some reason, that mail did not appear on the list. I have asked Dorothy G and Mani to post it to capwap.org, for earlier access. PLEASE NOTE THAT THIS IS A -00 DRAFT - It is NOT final. It is subject to WG review. There are many tracker issues still to be resolved, and new ones are being added. Changes in this -00 draft include the following: 1. Protocol name change to "CAPWAP", per list discussion 2. Addition of the three editors 3. Addition of a "Contributing Author"section, with the known contributing authors to date. 4. Inclusion of DTLS as the CAPWAP protocol security mechanism, replacing the LWAPP mechanism. Inserted and modified text reflects Eric and Scott's latest dtls spec, and the list comment discussion to address Sue and Nancy's questions to date. Note that the DTLS entry in the issues tracker remains open. Inclusion of the text at this point is intended to facilitate resolution of any remaining issues. Major changes to sections 2,6,10,15, and smaller changes throughout. 5. Wording changes to clarify that the message types are messages--changes sections 5,6,7,8. Also re-numbered the message type values to remove gaps. 6 Addition of a section for WaitJoin Timer, which was not defined. Need to determine a default value. 7. Wording changes in the intro and abstract partly due to DTLS changes, partly changing from passive to active voice, clarity. 8. Removed "gold, platinum, bronze" and the like QOS descriptions, retainin= g the technical terms only The "metal" terms were used inconsistently in two places - one had uranium but the other didn't, and one included the technical terms and the other didn't. 9. Inserted "IEEE" prior to "802.11" in reference - various sections Thanks, Dorothy Stanley 630-363-1389 ------=_Part_2795_26509869.1140991202067 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline CAPWAP WG members:

The capwap-protocol-specification-00 draft has be= en submitted for publication as a working group item. I did copy the WG on = the submission yesterday, but for some reason, that mail did not appear on = the list.
I have asked Dorothy G and Mani to post it to capwap.org, for earlier access.

PLEASE NOTE THAT THIS IS A= -00 DRAFT - It is NOT final. It is subject to WG review.
There are many tracker issues still to be resolved, and new ones are be= ing added.

Changes in this -00 draft include the following:

1= . Protocol name change to "CAPWAP", per list discussion

2. Addition of the three editors

3. Addition of a "Contributing= Author"section, with the known contributing authors to date.

4= . Inclusion of DTLS as the CAPWAP protocol security mechanism, replacing th= e LWAPP
mechanism. Inserted and modified text reflects Eric and Scott's latest = dtls spec, and the list comment discussion to address Sue and Nancy's = questions to date.
Note that the DTLS entry in the issues tracker r= emains open. Inclusion of the text at this point is intended
to facilitate resolution of any remaining issues. Major changes to sect= ions 2,6,10,15, and smaller changes throughout.

5. Wordi= ng changes to clarify that the message types are messages--changes
secti= ons 5,6,7,8. Also re-numbered the message type values to remove gaps.

6 Addition of a section for WaitJoin Time= r, which was not defined. Need to determine a default value.<= br>
7. Wording changes in the intr= o and abstract partly due to DTLS changes, partly changing from passive to = active voice,
clarity.

8. Removed "gold, platin= um, bronze" and the like QOS descriptions, retaining the technical ter= ms only
The "metal" terms were used inconsistently in two plac= es - one had uranium but the other didn't, and one included the technical t= erms
and the other didn't.

9. Inserted "IEEE" prior to &quo= t;802.11" in reference - various sections


Thanks,

Do= rothy Stanley
630-363-1389=20 ------=_Part_2795_26509869.1140991202067-- --===============1998357354== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============1998357354==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 27 00:13:17 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FDahB-0006os-Mc for capwap-archive@lists.ietf.org; Mon, 27 Feb 2006 00:13:17 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FDahA-0003EH-9x for capwap-archive@lists.ietf.org; Mon, 27 Feb 2006 00:13:17 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 6EBBA4300B6 for ; Sun, 26 Feb 2006 21:13:15 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 133C1430063 for ; Sun, 26 Feb 2006 21:12:55 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id E35A739802F for ; Sun, 26 Feb 2006 21:12:54 -0800 (PST) Received: from huawei.com (usaga01-in.huawei.com [12.129.211.51]) by zoidberg.tigertech.net (Postfix) with ESMTP id 6D793398028 for ; Sun, 26 Feb 2006 21:12:48 -0800 (PST) Received: from huawei.com (usaga01-in [172.18.4.6]) by usaga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IVB00BTWXPPWX@usaga01-in.huawei.com> for capwap@frascone.com; Sun, 26 Feb 2006 20:56:13 -0800 (PST) Received: from huawei.com ([172.17.1.101]) by usaga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IVB0066IXPOOF@usaga01-in.huawei.com> for capwap@frascone.com; Sun, 26 Feb 2006 20:56:13 -0800 (PST) Received: from [172.24.1.3] (Forwarded-For: [10.18.7.115]) by szxmc01-in.huawei.com (mshttpd); Mon, 27 Feb 2006 09:59:28 +0500 Date: Mon, 27 Feb 2006 09:59:28 +0500 From: zhaoyujin 31390 To: capwap@frascone.com Message-id: MIME-version: 1.0 X-Mailer: iPlanet Messenger Express 5.2 HotFix 1.25 (built Mar 3 2004) Content-type: text/plain; charset=us-ascii Content-language: zh-CN Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: zh-CN Priority: normal X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= X-Spam-Level: Subject: [Capwap] One issue "In order to support NAT, I recommend that LWAPP only support one UDP port for Control tunnel and Data Tunnel" X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 93238566e09e6e262849b4f805833007 Dear all: I recommend that LWAPP only support one UDP port for Control tunnel and Data Tunnel. LWAPP protocol uses UDP packets, so that it can directly support NAT passthrough. One basic scenario is that WTP is behind NAT device and AC is in public network. For control tunnel, there are no problem. Because it is initiated by WTP, NAT device can create corresponding table for LWAPP control tunnel packets. The problems is: 1. The data packets can not be firstly sent from AC to WTP. 2. Even if WTP firstly sends pacekts, AC can get the corresponding control tunnel with this LWAPP data tunnel based on the packets. Because in one NAT device, there may be multiple WTP. All WTP's IP addresses are same which is NAT device global IP address, and AC can not know the data packets belonging to which AP. Best regards Yujin Zhao H3Com _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 27 08:35:35 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FDiXH-0001p3-Lt for capwap-archive@lists.ietf.org; Mon, 27 Feb 2006 08:35:35 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FDiXA-00029w-IA for capwap-archive@lists.ietf.org; Mon, 27 Feb 2006 08:35:35 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 5BA7D4300A4 for ; Mon, 27 Feb 2006 05:35:27 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id B704743004F for ; Sat, 25 Feb 2006 18:23:24 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 9FBE0398055 for ; Sat, 25 Feb 2006 18:23:24 -0800 (PST) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.196]) by zoidberg.tigertech.net (Postfix) with ESMTP id E926039804C for ; Sat, 25 Feb 2006 18:23:22 -0800 (PST) Received: by zproxy.gmail.com with SMTP id z31so622591nzd for ; Sat, 25 Feb 2006 18:23:21 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:mime-version:content-type; b=PsQ4PZdFbJSxd4vomCpBvyq9OR+3bWDNO5U9AN/45Nr9mNWmE10F0x/F64jUcZAQZsaw3ce2V/DC2P85xUlRyniadOJyqeXxjZS1QGVP/ybHIMedhQ8d2xl4YTX49wjrIQ+JTw/5g94j0a1F3DfHTRvJqt8B+ofFkFv4IX1qJH4= Received: by 10.64.213.14 with SMTP id l14mr1948590qbg; Sat, 25 Feb 2006 18:23:21 -0800 (PST) Received: by 10.65.61.12 with HTTP; Sat, 25 Feb 2006 18:23:20 -0800 (PST) Message-ID: <5bfe7a820602251823s38378fb5j3ff9f91efa11041b@mail.gmail.com> Date: Sat, 25 Feb 2006 18:23:20 -0800 From: "Dorothy Stanley" To: internet-drafts@ietf.org MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_18068_31811829.1140920600904" X-Virus-Scanned: by amavisd-new at tigertech.net X-Mailman-Approved-At: Mon, 27 Feb 2006 05:33:16 -0800 Cc: capwap@frascone.com Subject: [Capwap] draft-ietf-capwap-protocol-specification-00.txt for publication as a new CAWWAP WG Item. X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 1.0 (+) X-Scan-Signature: 180d47dddfafdec3e22120c9801a4c95 ------=_Part_18068_31811829.1140920600904 Content-Type: multipart/alternative; boundary="----=_Part_18069_5098642.1140920600904" ------=_Part_18069_5098642.1140920600904 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hello, Attached is the capwap-protocol-specification-00 draft, submitted for publication as a new CAPWAP WG item. Thank you, Dorothy Stanley ---------------------------------------------------------------------------= ---------------------------------------------------------------------------= ----- CAPWAP WG members: Please note that this is a -00 draft, it is not final, it is subject to WG review. Changes in this -00 draft include the following: 1. Protocol name change to "CAPWAP", per list discussion 2. Addition of the three editors 3. Addition of a "Contributing Author"section, with the known contributing authors to date. 4. Inclusion of DTLS as the CAPWAP protocol security mechanism, replacing the LWAPP mechanism. Inserted and modified text reflects Eric and Scott's latest dtls spec, and the list comment discussion to date. Note that the DTLS entry in the issues tracker remains open. Inclusion of the text at this point is intended to facilitate resolution of any remaining issues. Major changes to sections 2,6,10,15, and smaller changes throughout. 5. Wording changes to clarify that the message types are messages--changes sections 5,6,7,8. Also re-numbered the message type values to remove gaps. 6 Addition of a section for WaitJoin Timer, which was not defined. Need to determine a default value. 7. Wording changes in the intro and abstract partly due to DTLS changes, partly changing from passive to active voice, clarity. 8. Removed "gold, platinum, bronze" and the like QOS descriptions, retainin= g the technical terms only The "metal" terms were used inconsistently in two places - one had uranium but the other didn't, and one included the technical terms and the other didn't. 9. Inserted "IEEE" prior to "802.11" in reference - various sections Thanks, Dorothy Stanley 630-363-1389 ------=_Part_18069_5098642.1140920600904 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hello,

Attached is the capwap-protocol-specification-00 draft, submitted for publi= cation as a new CAPWAP WG item.

Thank you,

Dorothy Stanley
---------------------------------------------------------------------------= ---------------------------------------------------------------------------= -----

CAPWAP WG members:

Please note that this is a -00 draft, it is not final, it is subject to WG = review.

Changes in this -00 draft include the following:

1. Protocol name change to "CAPWAP", per list discussion

2. Addition of the three editors

3. Addition of a "Contributing Author"section, with the known con= tributing authors to date.

4. Inclusion of DTLS as the CAPWAP protocol security mechanism, replacing t= he LWAPP
mechanism. Inserted and modified text reflects Eric and Scott's latest dtls= spec, and the list comment discussion to date.
Note that the DTLS entry in the issues tracker remains open. Inclusion of t= he text at this point is intended
to facilitate resolution of any remaining issues. Major changes to sections= 2,6,10,15, and smaller changes throughout.

5. Wording changes to c= larify that the message types are messages--changes
sections 5,6,7,8. Also re-numbered the message type values to remove=20 gaps.

6 Additio= n of a section for WaitJoin Timer, which was not defined. Need to determine= a default value.

7. Wordin= g changes in the intro and abstract partly due to=20 DTLS changes, partly changing from passive to active voice,
clarity.

8. Re= moved=20 "gold, platinum, bronze" and the like QOS descriptions, retaini= ng the=20 technical terms only
The "metal" terms were used inconsisten= tly in two places=20 - one had uranium but the other didn't, and one included the technical=20 terms
and the other didn't.

9. Inserted "IEEE" prior to "802.11" in reference - var= ious sections


Thanks,

Dorothy Stanley
630-363-1389
 ------=_Part_18069_5098642.1140920600904-- ------=_Part_18068_31811829.1140920600904 Content-Type: text/plain; name=draft-ietf-capwap-protocol-specification-00.txt; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Attachment-Id: f_ek4q5pfn Content-Disposition: attachment; filename="draft-ietf-capwap-protocol-specification-00.txt" Network Working Group P. Calhoun, Editor Internet-Draft Cisco Systems, Inc. Expires: August 28, 2006 M. Montemurro, Editor Chantry Networks D. Stanley, Editor Aruba Networks February 24, 2006 CAPWAP Protocol Specification draft-ietf-capwap-protocol-specification-00 Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on August 28, 2006. Copyright Notice Copyright (C) The Internet Society (2006). Abstract Wireless LAN product architectures have evolved from single autonomous access points to systems consisting of a centralized controller and Wireless Termination Points (WTPs). The general goal of centralized control architectures is to move access control, including user authentication and authorization, mobility management Calhoun, Editor, et al. Expires August 28, 2006 [Page 1] =0C Internet-Draft CAPWAP Protocol Specification February 2006 and radio management from the single access point to a centralized controller. This specification defines the Control And Provisioning of Wireless Access Points (CAPWAP) Protocol. The CAPWAP protocol meets the IETF CAPWAP working group protocol requirements. The CAPWAP protocol is designed to be flexible, allowing it to be used for a variety of wireless technologies. This document describes the base CAPWAP protocol, including an extension which supports the IEEE 802.11 wireless LAN protocol. Future extensions will enable support of additional wireless technologies. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 7 1.1. Conventions used in this document . . . . . . . . . . . 8 1.2. Contributing Authors . . . . . . . . . . . . . . . . . . 8 1.3. Acknowledgements . . . . . . . . . . . . . . . . . . . . 10 2. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 11 2.1. Wireless Binding Definition . . . . . . . . . . . . . . 12 2.2. CAPWAP State Machine Definition . . . . . . . . . . . . 12 2.3. Use of DTLS in the CAPWAP Protocol . . . . . . . . . . . 21 2.3.1. DTLS Error Handling Requirements . . . . . . . . . . 21 2.3.2. DTLS Cookie Exchange Failure . . . . . . . . . . . . 22 2.3.3. DTLS Re-Assembly Failure . . . . . . . . . . . . . . 23 3. CAPWAP Transport . . . . . . . . . . . . . . . . . . . . . . 24 3.1. UDP Transport . . . . . . . . . . . . . . . . . . . . . 24 3.2. AC Discovery . . . . . . . . . . . . . . . . . . . . . . 24 3.3. Fragmentation/Reassembly . . . . . . . . . . . . . . . . 25 4. CAPWAP Packet Formats . . . . . . . . . . . . . . . . . . . . 26 4.1. CAPWAP Transport Header . . . . . . . . . . . . . . . . 27 4.1.1. VER Field . . . . . . . . . . . . . . . . . . . . . 27 4.1.2. RID Field . . . . . . . . . . . . . . . . . . . . . 27 4.1.3. F Bit . . . . . . . . . . . . . . . . . . . . . . . 27 4.1.4. L Bit . . . . . . . . . . . . . . . . . . . . . . . 27 4.1.5. R Bit . . . . . . . . . . . . . . . . . . . . . . . 28 4.1.6. Fragment ID . . . . . . . . . . . . . . . . . . . . 28 4.1.7. Length . . . . . . . . . . . . . . . . . . . . . . . 28 4.1.8. Status and WLANS . . . . . . . . . . . . . . . . . . 28 4.1.9. Payload . . . . . . . . . . . . . . . . . . . . . . 28 4.2. CAPWAP Data Messages . . . . . . . . . . . . . . . . . . 28 4.3. CAPWAP Control Messages Overview . . . . . . . . . . . . 29 4.3.1. Control Message Format . . . . . . . . . . . . . . . 29 4.3.2. Message Element Format . . . . . . . . . . . . . . . 31 4.3.3. Quality of Service . . . . . . . . . . . . . . . . . 32 5. CAPWAP Discovery Operations . . . . . . . . . . . . . . . . . 33 5.1. Discovery Request . . . . . . . . . . . . . . . . . . . 33 Calhoun, Editor, et al. Expires August 28, 2006 [Page 2] =0C Internet-Draft CAPWAP Protocol Specification February 2006 5.1.1. Discovery Type . . . . . . . . . . . . . . . . . . . 34 5.1.2. WTP Descriptor . . . . . . . . . . . . . . . . . . . 34 5.1.3. WTP Radio Information . . . . . . . . . . . . . . . 35 5.1.4. WTP MAC Type . . . . . . . . . . . . . . . . . . . . 36 5.1.5. WTP Frame Type . . . . . . . . . . . . . . . . . . . 36 5.2. Discovery Response . . . . . . . . . . . . . . . . . . . 37 5.2.1. AC Address . . . . . . . . . . . . . . . . . . . . . 38 5.2.2. AC Descriptor . . . . . . . . . . . . . . . . . . . 38 5.2.3. AC Name . . . . . . . . . . . . . . . . . . . . . . 39 5.2.4. WTP Manager Control IPv4 Address . . . . . . . . . . 39 5.2.5. WTP Manager Control IPv6 Address . . . . . . . . . . 40 5.3. Primary Discovery Request . . . . . . . . . . . . . . . 41 5.3.1. Discovery Type . . . . . . . . . . . . . . . . . . . 41 5.3.2. WTP Descriptor . . . . . . . . . . . . . . . . . . . 41 5.3.3. WTP MAC Type . . . . . . . . . . . . . . . . . . . . 41 5.3.4. WTP Frame Type . . . . . . . . . . . . . . . . . . . 41 5.3.5. WTP Radio Information . . . . . . . . . . . . . . . 41 5.4. Primary Discovery Response . . . . . . . . . . . . . . . 41 5.4.1. AC Descriptor . . . . . . . . . . . . . . . . . . . 42 5.4.2. AC Name . . . . . . . . . . . . . . . . . . . . . . 42 5.4.3. WTP Manager Control IPv4 Address . . . . . . . . . . 42 5.4.4. WTP Manager Control IPv6 Address . . . . . . . . . . 42 6. Control Channel Management . . . . . . . . . . . . . . . . . 43 6.1. Echo Request . . . . . . . . . . . . . . . . . . . . . . 43 6.2. Echo Response . . . . . . . . . . . . . . . . . . . . . 43 7. WTP Configuration Management . . . . . . . . . . . . . . . . 44 7.1. Configuration Consistency . . . . . . . . . . . . . . . 44 7.1.1. Configuration Flexibility . . . . . . . . . . . . . 45 7.2. Configure Request . . . . . . . . . . . . . . . . . . . 45 7.2.1. Administrative State . . . . . . . . . . . . . . . . 45 7.2.2. AC Name . . . . . . . . . . . . . . . . . . . . . . 46 7.2.3. AC Name with Index . . . . . . . . . . . . . . . . . 46 7.2.4. WTP Board Data . . . . . . . . . . . . . . . . . . . 46 7.2.5. Statistics Timer . . . . . . . . . . . . . . . . . . 47 7.2.6. WTP Static IP Address Information . . . . . . . . . 48 7.2.7. WTP Reboot Statistics . . . . . . . . . . . . . . . 49 7.3. Configure Response . . . . . . . . . . . . . . . . . . . 50 7.3.1. Decryption Error Report Period . . . . . . . . . . . 50 7.3.2. Change State Event . . . . . . . . . . . . . . . . . 50 7.3.3. CAPWAP Timers . . . . . . . . . . . . . . . . . . . 51 7.3.4. AC IPv4 List . . . . . . . . . . . . . . . . . . . . 52 7.3.5. AC IPv6 List . . . . . . . . . . . . . . . . . . . . 52 7.3.6. WTP Fallback . . . . . . . . . . . . . . . . . . . . 53 7.3.7. Idle Timeout . . . . . . . . . . . . . . . . . . . . 53 7.4. Configuration Update Request . . . . . . . . . . . . . . 54 7.4.1. WTP Name . . . . . . . . . . . . . . . . . . . . . . 54 7.4.2. Change State Event . . . . . . . . . . . . . . . . . 54 7.4.3. Administrative State . . . . . . . . . . . . . . . . 54 Calhoun, Editor, et al. Expires August 28, 2006 [Page 3] =0C Internet-Draft CAPWAP Protocol Specification February 2006 7.4.4. Statistics Timer . . . . . . . . . . . . . . . . . . 55 7.4.5. Location Data . . . . . . . . . . . . . . . . . . . 55 7.4.6. Decryption Error Report Period . . . . . . . . . . . 55 7.4.7. AC IPv4 List . . . . . . . . . . . . . . . . . . . . 55 7.4.8. AC IPv6 List . . . . . . . . . . . . . . . . . . . . 55 7.4.9. Add MAC ACL Entry . . . . . . . . . . . . . . . . . 55 7.4.10. Delete MAC ACL Entry . . . . . . . . . . . . . . . . 56 7.4.11. Add Static MAC ACL Entry . . . . . . . . . . . . . . 56 7.4.12. Delete Static MAC ACL Entry . . . . . . . . . . . . 57 7.4.13. CAPWAP Timers . . . . . . . . . . . . . . . . . . . 57 7.4.14. AC Name with Index . . . . . . . . . . . . . . . . . 57 7.4.15. WTP Fallback . . . . . . . . . . . . . . . . . . . . 58 7.4.16. Idle Timeout . . . . . . . . . . . . . . . . . . . . 58 7.4.17. Timestamp . . . . . . . . . . . . . . . . . . . . . 58 7.5. Configuration Update Response . . . . . . . . . . . . . 58 7.5.1. Result Code . . . . . . . . . . . . . . . . . . . . 58 7.6. Change State Event Request . . . . . . . . . . . . . . . 59 7.6.1. Change State Event . . . . . . . . . . . . . . . . . 59 7.7. Change State Event Response . . . . . . . . . . . . . . 59 7.8. Clear Config Indication . . . . . . . . . . . . . . . . 60 8. Device Management Operations . . . . . . . . . . . . . . . . 61 8.1. Image Data Request . . . . . . . . . . . . . . . . . . . 61 8.1.1. Image Download . . . . . . . . . . . . . . . . . . . 61 8.1.2. Image Data . . . . . . . . . . . . . . . . . . . . . 61 8.2. Image Data Response . . . . . . . . . . . . . . . . . . 62 8.3. Reset Request . . . . . . . . . . . . . . . . . . . . . 62 8.4. Reset Response . . . . . . . . . . . . . . . . . . . . . 63 8.5. WTP Event Request . . . . . . . . . . . . . . . . . . . 63 8.5.1. Decryption Error Report . . . . . . . . . . . . . . 63 8.5.2. Duplicate IPv4 Address . . . . . . . . . . . . . . . 64 8.5.3. Duplicate IPv6 Address . . . . . . . . . . . . . . . 64 8.6. WTP Event Response . . . . . . . . . . . . . . . . . . . 65 8.7. Data Transfer Request . . . . . . . . . . . . . . . . . 65 8.7.1. Data Transfer Mode . . . . . . . . . . . . . . . . . 66 8.7.2. Data Transfer Data . . . . . . . . . . . . . . . . . 66 8.8. Data Transfer Response . . . . . . . . . . . . . . . . . 67 9. Mobile Session Management . . . . . . . . . . . . . . . . . . 68 9.1. Mobile Config Request . . . . . . . . . . . . . . . . . 68 9.1.1. Add Mobile . . . . . . . . . . . . . . . . . . . . . 68 9.1.2. Delete Mobile . . . . . . . . . . . . . . . . . . . 69 9.2. Mobile Config Response . . . . . . . . . . . . . . . . . 69 9.2.1. Result Code . . . . . . . . . . . . . . . . . . . . 70 10. CAPWAP Security . . . . . . . . . . . . . . . . . . . . . . . 71 10.1. Endpoint Authentication using DTLS . . . . . . . . . . . 71 10.1.1. Authenticating with Certificates . . . . . . . . . . 71 10.1.2. Authenticating with Preshared Keys . . . . . . . . . 72 10.2. Refreshing Cryptographic Keys . . . . . . . . . . . . . 73 10.3. Certificate Usage . . . . . . . . . . . . . . . . . . . 73 Calhoun, Editor, et al. Expires August 28, 2006 [Page 4] =0C Internet-Draft CAPWAP Protocol Specification February 2006 11. IEEE 802.11 Binding . . . . . . . . . . . . . . . . . . . . . 74 11.1. Division of labor . . . . . . . . . . . . . . . . . . . 74 11.1.1. Split MAC . . . . . . . . . . . . . . . . . . . . . 74 11.1.2. Local MAC . . . . . . . . . . . . . . . . . . . . . 76 11.2. Roaming Behavior and 802.11 security . . . . . . . . . . 79 11.3. Transport specific bindings . . . . . . . . . . . . . . 80 11.3.1. Payload encapsulation . . . . . . . . . . . . . . . 80 11.3.2. Status and WLANS field . . . . . . . . . . . . . . . 80 11.4. BSSID to WLAN ID Mapping . . . . . . . . . . . . . . . . 81 11.5. Quality of Service for Control Messages . . . . . . . . 81 11.6. Data Message bindings . . . . . . . . . . . . . . . . . 82 11.7. Control Message bindings . . . . . . . . . . . . . . . . 82 11.7.1. Mobile Config Request . . . . . . . . . . . . . . . 82 11.7.2. WTP Event Request . . . . . . . . . . . . . . . . . 86 11.8. 802.11 Control Messages . . . . . . . . . . . . . . . . 88 11.8.1. IEEE 802.11 WLAN Config Request . . . . . . . . . . 88 11.8.2. IEEE 802.11 WLAN Config Response . . . . . . . . . . 94 11.8.3. IEEE 802.11 WTP Event . . . . . . . . . . . . . . . 94 11.9. Message Element Bindings . . . . . . . . . . . . . . . . 96 11.9.1. IEEE 802.11 WTP WLAN Radio Configuration . . . . . . 96 11.9.2. IEEE 802.11 Rate Set . . . . . . . . . . . . . . . . 98 11.9.3. IEEE 802.11 Multi-domain Capability . . . . . . . . 98 11.9.4. IEEE 802.11 MAC Operation . . . . . . . . . . . . . 99 11.9.5. IEEE 802.11 Tx Power . . . . . . . . . . . . . . . . 101 11.9.6. IEEE 802.11 Tx Power Level . . . . . . . . . . . . . 101 11.9.7. IEEE 802.11 Direct Sequence Control . . . . . . . . 102 11.9.8. IEEE 802.11 OFDM Control . . . . . . . . . . . . . . 103 11.9.9. IEEE 802.11 Antenna . . . . . . . . . . . . . . . . 104 11.9.10. IEEE 802.11 Supported Rates . . . . . . . . . . . . 105 11.9.11. IEEE 802.11 CFP Status . . . . . . . . . . . . . . . 105 11.9.12. IEEE 802.11 Broadcast Probe Mode . . . . . . . . . . 106 11.9.13. IEEE 802.11 WTP Quality of Service . . . . . . . . . 106 11.9.14. IEEE 802.11 MIC Error Report From Mobile . . . . . . 108 11.10. IEEE 802.11 Message Element Values . . . . . . . . . . . 108 12. CAPWAP Protocol Timers . . . . . . . . . . . . . . . . . . . 109 12.1. MaxDiscoveryInterval . . . . . . . . . . . . . . . . . . 109 12.2. SilentInterval . . . . . . . . . . . . . . . . . . . . . 109 12.3. NeighborDeadInterval . . . . . . . . . . . . . . . . . . 109 12.4. WaitJoin . . . . . . . . . . . . . . . . . . . . . . . . 109 12.5. EchoInterval . . . . . . . . . . . . . . . . . . . . . . 109 12.6. DiscoveryInterval . . . . . . . . . . . . . . . . . . . 109 12.7. RetransmitInterval . . . . . . . . . . . . . . . . . . . 110 12.8. ResponseTimeout . . . . . . . . . . . . . . . . . . . . 110 12.9. KeyLifetime . . . . . . . . . . . . . . . . . . . . . . 110 13. CAPWAP Protocol Variables . . . . . . . . . . . . . . . . . . 111 13.1. MaxDiscoveries . . . . . . . . . . . . . . . . . . . . . 111 13.2. DiscoveryCount . . . . . . . . . . . . . . . . . . . . . 111 13.3. RetransmitCount . . . . . . . . . . . . . . . . . . . . 111 Calhoun, Editor, et al. Expires August 28, 2006 [Page 5] =0C Internet-Draft CAPWAP Protocol Specification February 2006 13.4. MaxRetransmit . . . . . . . . . . . . . . . . . . . . . 111 14. NAT Considerations . . . . . . . . . . . . . . . . . . . . . 112 15. Security Considerations . . . . . . . . . . . . . . . . . . . 114 15.1. PSK based Session Key establishment . . . . . . . . . . 114 16. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 115 17. References . . . . . . . . . . . . . . . . . . . . . . . . . 116 17.1. Normative References . . . . . . . . . . . . . . . . . . 116 17.2. Informational References . . . . . . . . . . . . . . . . 117 Editors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 118 Intellectual Property and Copyright Statements . . . . . . . . . 119 Calhoun, Editor, et al. Expires August 28, 2006 [Page 6] =0C Internet-Draft CAPWAP Protocol Specification February 2006 1. Introduction The emergence of centralized architectures, in which simple IEEE 802.11 WTPs are managed by an Access Controller (AC) suggests that a standards based, interoperable protocol could radically simplify the deployment and management of wireless networks. WTPs require a set of dynamic management and control functions related to their primary task of connecting the wireless and wired mediums. Traditional protocols for managing WTPs are either manual static configuration via HTTP, proprietary Layer 2 specific or non-existent (if the WTPs are self-contained). This document describes the CAPWAP Protocol, a standard, interoperable protocol which enables an AC to manage a collection of WTPs. The protocol is defined to be independent of layer 2 technology. An IEEE 802.11 binding is provided to support IEEE 802.11 wireless LAN networks. CAPWAP assumes a network configuration consisting of multiple WTPs communicating via the Internet Protocol (IP) to an AC. WTPs are viewed as remote RF interfaces controlled by the AC. The AC forwards all L2 frames to be transmitted by a WTP to that WTP via the CAPWAP protocol. L2 frames from mobile nodes (STAs) are forwarded by the WTP to the AC using the CAPWAP protocol. Both Split-MAC and Local MAC arhcitectures are supported. Figure 1 illustrates this arrangement as applied to an IEEE 802.11 binding. +-+ 802.11 frames +-+ | |--------------------------------| | | | +-+ | | | |--------------| |---------------| | | | 802.11 PHY/ | | CAPWAP | | | | MAC sublayer | | | | +-+ +-+ +-+ STA WTP AC Figure 1: Representative CAPWAP Architecture for Split MAC Provisioning WTPs with security credentials, and managing which WTPs are authorized to provide service are traditionally handled by proprietary solutions. Allowing these functions to be performed from a centralized AC in an interoperable fashion increases manageability and allows network operators to more tightly control their wireless network infrastructure. Goals Goals for the CAPWAP protocol are listed below: Calhoun, Editor, et al. Expires August 28, 2006 [Page 7] =0C Internet-Draft CAPWAP Protocol Specification February 2006 1. To centralize the bridging, forwarding, authentication and policy enforcement functions for a wireless network. Optionally, the AC may also provide centralized encryption of user traffic. Centralization of these functions will enable reduced cost and higher efficiency by applying the capabilities of network processing silicon to the wireless network, as in wired LANs. 2. To enable shifting of the higher level protocol processing from the WTP. This leaves the time critical applications of wireless control and access in the WTP, making efficient use of the computing power available in WTPs which are the subject to severe cost pressure. 3. To provide a generic encapsulation and transport mechanism, enabling the CAPWAP protocol to be applied to other access point types in the future, via a specific wireless binding. The CAPWAP protocol concerns itself solely with the interface between the WTP and the AC. Inter-AC, or mobile node (STA) to AC communication is strictly outside the scope of this document. 1.1. Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [1]. 1.2. Contributing Authors This section lists and acknowledges the authors of significant text and concepts included in this specification. [Note: This section needs work to accurately reflect the contribution of each author and this work will be done in revision 01 of this document.] The CAPWAP Working Group selected the Lightweight Access Point Protocol (LWAPP) [add reference, when available]to be used as the basis of the CAPWAP protocol specification. The following people are authors of the LWAPP document: Calhoun, Editor, et al. Expires August 28, 2006 [Page 8] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Bob O'Hara, Cisco Systems, Inc.,170 West Tasman Drive, San Jose, CA = 95134 Phone: +1 408-853-5513, Email: bob.ohara@cisco.com Pat Calhoun, Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA= 95134 Phone: +1 408-853-5269, Email: pcalhoun@cisco.com Rohit Suri, Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA = 95134 Phone: +1 408-853-5548, Email: rsuri@cisco.com Nancy Cam Winget, Cisco Systems, Inc., 170 West Tasman Drive, San Jos= e, CA 95134 Phone: +1 408-853-0532, Email: ncamwing@cisco.com Scott Kelly, Facetime Communications, 1159 Triton Dr, Foster City, CA= 94404 Phone: +1 650 572-5846, Email: scott@hyperthought.com Michael Glenn Williams, Nokia, Inc., 313 Fairchild Drive, Mountain Vi= ew, CA 94043 Phone: +1 650-714-7758, Email: Michael.G.Williams@Nokia.com Sue Hares, Nexthop Technologies, Inc., 825 Victors Way, Suite 100, An= n Arbor, MI 48108 Phone: +1 734 222 1610, Email: shares@nexthop.com DTLS is used as the security solution for the CAPWAP protocol. The following people are authors of significant DTLS-related text included in this document: Scott Kelly, Facetime Communications, 1159 Triton Dr, Foster City, CA= 94404 Phone: +1 650 572-5846, Email: scott@hyperthought.com Eric Rescorla, Network Resonance, 2483 El Camino Real, #212,Palo Alto= CA, 94303 Email: ekr@networkresonance.com The concept of using DTLS to secure the CAPWAP protocol was part of the Secure Light Access Point Protocol (SLAPP) proposal [add reference when available]. The following people are authors of the SLAPP proposal: Partha Narasimhan, Aruba Networks, 1322 Crossman Ave, Sunnyvale, CA = 94089 Phone: +1 408-480-4716, Email: partha@arubanetworks.com Dan Harkins, Tropos Networks, 555 Del Rey Avenue, Sunnyvale, CA, 9508= 5 Phone: +1 408 470 7372, Email: dharkins@tropos.com Subbu Ponnuswammy, Aruba Networks, 1322 Crossman Ave, Sunnyvale, CA = 94089 Phone: +1 408-754-1213, Email: subbu@arubanetworks.com [Ed note: Additional authors to be added as required.] Calhoun, Editor, et al. Expires August 28, 2006 [Page 9] =0C Internet-Draft CAPWAP Protocol Specification February 2006 1.3. Acknowledgements The authors thank Michael Vakulenko for contributing text that describes how CAPWAP can be used over a layer 3 (IP/UDP) network. The authors thank Russ Housley and Charles Clancy for their assistance in provide a security review of the LWAPP specification. Charles' review can be found at [14]. [Ed note: Additional acknowledgements to be added as required.] Calhoun, Editor, et al. Expires August 28, 2006 [Page 10] =0C Internet-Draft CAPWAP Protocol Specification February 2006 2. Protocol Overview The CAPWAP protocol is a generic protocol defining AC and WTP control and data plane communication via a CAPWAP protocol transport mechanism. CAPWAP control messages, and optionally CAPWAP data messages are secured using Datagram Transport Layer Security (DTLS). DTLS is a standards-track IETF protocol based upon TLS. The underlying security-related protocol mechanisms of TLS have been successfully deployed for many years. The CAPWAP protocol Transport layer carries two types of payload, CAPWAP Data messages and CAPWAP Control messages. CAPWAP Data messages are forwarded wireless frames. CAPWAP protocol Control messages are management messages exchanged between a WTP and an AC. The CAPWAP Data and Control packets are sent over separate UDP ports. Since both data and control frames can exceed the PMTU, the payload of a CAPWAP data or control message can be fragmented. The fragmentation behavior is highly dependent upon the lower layer transport and is defined in Section 3. The CAPWAP Protocol begins with a discovery phase. The WTPs send a Discovery Request message, causing any Access Controller (AC) receiving the message to respond with a Discovery Response message. From the Discovery Response messages received, a WTP will select an AC with which to establish a secure DTLS session, using the DTLS initialization request message. [MTU discovery mechanism? to determine the MTU supported by the network between the WTP and AC.] CAPWAP protocol messages will be fragmented to the maximum length discovered to be supported by the network. Once the WTP and the AC have completed DTLS session establishment, a configuration exchange occurs in which both devices to agree on version information. During this exchange the WTP may receive provisioning settings. For the IEEE 802.11 binding, this information typically includes a name (IEEE 802.11 Service Set Identifier, SSID) security parameters, the data rates to be advertised and the associated radio channel(s) to be used. The WTP is then enabled for operation. When the WTP and AC have completed the version and provision exchange and the WTP is enabled, the CAPWAP protocol is used to encapsulate the wireless data frames sent between the WTP and AC. The CAPWAP protocol will fragment the L2 frames if the size of the encapsulated wireless user data (Data) or protocol control (Management) frames causes the resultant CAPWAP protocol packet to exceed the MTU supported between the WTP and AC. Fragmented CAPWAP packets are reassembled to reconstitute the original encapsulated payload. Calhoun, Editor, et al. Expires August 28, 2006 [Page 11] =0C Internet-Draft CAPWAP Protocol Specification February 2006 The CAPWAP protocol provides for the delivery of commands from the AC to the WTP for the management of mobile units (STAs) that are communicating with the WTP. This may include the creation of local data structures in the WTP for the mobile units and the collection of statistical information about the communication between the WTP and the mobile units. The CAPWAP protocol provides a mechanism for the AC to obtain statistical information collected by the WTP. The CAPWAP protocol provides for a keep alive feature that preserves the communication channel between the WTP and AC. If the AC fails to appear alive, the WTP will try to discover a new AC. This Document uses terminology defined in [5]. 2.1. Wireless Binding Definition The CAPWAP protocol is independent of a specific WTP radio technology. Elements of the CAPWAP protocol are designed to accommodate the specific needs of each wireless technology in a standard way. Implementation of the CAPWAP protocol for a particular wireless technology must follow the binding requirements defined for that technology. This specification includes a binding for the IEEE 802.11 standard(see Section 11). When defining a binding for other wireless technologies, the authors MUST include any necessary definitions for technology-specific messages and all technology-specific message elements for those messages. At a minimum, a binding MUST provide the definition for a binding-specific Statistics message element, carried in the WTP Event Request message, and a Mobile message element, carried in the Mobile Configure Request. If technology specific message elements are required for any of the existing CAPWAP messages defined in this specification, they MUST also be defined in the technology binding document. The naming of binding-specific message elements MUST begin with the name of the technology type, e.g., the binding for IEEE 802.11, provided in this specification, begins with "IEEE 802.11"." 2.2. CAPWAP State Machine Definition The following state diagram represents the lifecycle of a WTP-AC session: Calhoun, Editor, et al. Expires August 28, 2006 [Page 12] =0C Internet-Draft CAPWAP Protocol Specification February 2006 /-------------\ | v | +------------+ | C| Idle |<---------------------------------------+ | +------------+ | | ^ |a ^ | | | | \----\ y | | | | | +-------------+------------+ | | | | | | | DTLS-rekey | | | | | | | +--------->+------------+ | | | | | | | |6 ^ | | | |t V | x V | | | | +--------+--+ +------------+ | | / | C| Run |------>| DTLS-Reset |<---|-= ---\ | / | r+-----------+ u +------------+ | = | | / | ^ ^ v| | = | | | v | | | | = | | | +--------------+ | /----/ V | = | | | C| Discovery | q| k| +-------+ | = | | | b+--------------+ +-------------+ | Reset |-+ = w | | | |d f| ^ | Configure | +-------+ = | | | | | | +-------------+ = | | |e v | | ^ = | | +---------+ v |i 2| = | | C| Sulking | +------------+ +--------------+ = | | +---------+ C| DTLS-Init |--->| DTLS-Complete| = | | +------------+ z +--------------+ = | | |h |4 = | | | v = o / \ | +------------+----= ---/ \-----------------/ | Image Data |C +------------+n Figure 2: CAPWAP State Machine The CAPWAP protocol state machine, depicted above, is used by both the AC and the WTP. For every state defined, only certain messages are permitted to be sent and received. In all of the CAPWAP control messages defined in this document, the state for which each command is valid is specified. Note that in the state diagram figure above, the 'C' character is used to represent a condition that causes the state to remain the same. The following text discusses the various state transitions, and the events that cause them. Calhoun, Editor, et al. Expires August 28, 2006 [Page 13] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Idle to Discovery (a): This is the initialization state. WTP: The WTP enters the Discovery state prior to transmitting the first Discovery Request message (see Section 5.1). Upon entering this state, the WTP sets the DiscoveryInterval timer (see Section 12). The WTP resets the DiscoveryCount counter to zero (0) (see Section 13). The WTP also clears all information from ACs (e.g., AC Addresses) it may have received during a previous Discovery phase. AC: The AC does not need to maintain state information for the WTP upon reception of the Discovery Request message, but it MUST respond with a Discovery Response message (see Section 5.2). Discovery to Discovery (b): This is the state in which the WTP determines which AC to connect to. WTP: This event occurs when the DiscoveryInterval timer expires. The WTP transmits a Discovery Request message to every AC from which the WTP has not received a Discovery Response message. For every transition to this event, the WTP increments the DiscoveryCount counter. See Section 5.1 for more information on how the WTP knows the ACs to which ACs it should transmit the Discovery Request messages. The WTP restarts the DiscoveryInterval timer. AC: This is a no-op. Discovery to Sulking (d): This state occurs on a WTP when Discovery or connectivity to the AC fails. WTP: The WTP enters this state when the DiscoveryInterval timer expires and the DiscoveryCount variable is equal to the MaxDiscoveries variable (see Section 13). Upon entering this state, the WTP shall start the SilentInterval timer. While in the Sulking state, all received CAPWAP protocol messages received shall be ignored. AC: This is a no-op. Sulking to Idle (e): This state occurs on a WTP when it must restart the discovery phase. WTP: The WTP enters this state when the SilentInterval timer (see Section 12) expires. Calhoun, Editor, et al. Expires August 28, 2006 [Page 14] =0C Internet-Draft CAPWAP Protocol Specification February 2006 AC: This is a no-op. Discovery to DTLS-Init (f): This state is used by the WTP to confirm its commitment to an AC that it wishes to be provided service and to simultaneously establish a secure channel with that AC. WTP: The WTP selects the best AC based on the information it gathered during the Discovery Phase. It then sends a ClientHello to its preferred AC, sets the WaitJoin timer, and awaits the outcome of the DTLS handshake. AC: The AC enters this state for the given WTP upon reception of a ClientHello. The AC responds by sending either the ServerHello or the HelloVerifyRequest to the WTP. For the AC, this is a meta-state; in actuality, it remains in the Discovery state. To do otherwise resuls in loss of the stateless nature of the cookie exchange. DTLS-Init to Idle (h): This state transition is used when the DTLS Initialization process failed. WTP: This state transition occurs if the WTP is unable to successfully establish a DTLS session. AC: This state transition occurs if the AC is unable to successfully establish a DTLS session. DTLS-Init to Discovery (i): This state transition is used to return the WTP to discovery mode when an unresponsive AC is encountered. WTP: The WTP enters the Discovery state when the DTLS handshake fails. AC: This state transition is invalid. DTLS-Init to DTLS-Complete (z): This state transition is used to indicate DTLS session establishment. WTP: The DTLS-Complete state is entered when the WTP receives the Finished message from the AC. AC: The DTLS-Complete state is entered when the AC receives the Finished mesage from the WTP. Calhoun, Editor, et al. Expires August 28, 2006 [Page 15] =0C Internet-Draft CAPWAP Protocol Specification February 2006 DTLS-Complete to Configure (2): This state transition is used by the WTP and the AC to exchange configuration information. WTP: The WTP enters the Configure state when it successfully completes DTLS session establishment and determines that its version number and the version number advertised by the AC are the same. The WTP transmits the Configure Request message(see Section 7.2) message to the AC with a snapshot of its current configuration. The WTP also starts the ResponseTimeout timer (see Section 12). AC: This state transition occurs when the AC receives the Configure Request message from the WTP. The AC must transmit a Configure Response message(see Section 7.3) to the WTP, and may include specific message elements to override the WTP's configuration. DTLS Complete to Image Data (4): This state transition is used by the WTP and the AC to download executable firmware. WTP: The WTP enters the Image Data state when it successfully comletes DTLS session establishment, and determines that its version number and the version number advertised by the AC are different. The WTP transmits the Image Data Request (see Section 8.1) message requesting that the AC's latest firmware be initiated. AC: This state transition occurs when the AC receives the Image Data Request message from the WTP. The AC must transmit an Image Data Response message(see Section 8.2) to the WTP, which includes a portion of the firmware. Image Data to Image Data (n): The Image Data state is used by WTP and the AC during the firmware download phase. WTP: The WTP enters the Image Data state when it receives a Image Data Response message indicating that the AC has more data to send. AC: This state transition occurs when the AC receives the Image Data Request message from the WTP while already in the Image Data state, and it detects that the firmware download has not completed. Calhoun, Editor, et al. Expires August 28, 2006 [Page 16] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Configure to DTLS-Reset (k): This state is used to reset the DTLS connection prior to restarting the WTP with a new configuration. WTP: The WTP enters the DTLS-Reset state when it determines that a new configuration is required. AC: The AC transitions to the DTLS-Reset state when the DTLS connection tear-down is complete. Image Data to DTLS-Reset (o): This state transition is used to reset the DTLS connection prior to restarting the WTP after an image download. WTP: The WTP enters the DTLS-Reset state when image download completes. AC: The AC enters the DTLS-Reset state upon receipt of TLS Finished message from the WTP. Configure to Run (q): This state transition occurs when the WTP and AC enter their normal state of operation. WTP: The WTP enters this state when it receives a successful Configure Response message from the AC. The WTP initializes the HeartBeat Timer (see Section 12), and transmits the Change State Event Request message (see Section 7.6). AC: This state transition occurs when the AC receives the Change State Event Request message (see Section 7.6) from the WTP. The AC responds with a Change State Event Response (see Section 7.7) message. The AC must start the NeighborDeadInterval timer (see Section 12). Run to Run (r): This is the normal state of operation. WTP: This is the WTP's normal state of operation. There are many events that result this state transition: Configuration Update: The WTP receives a Configuration Update Request message(see Section 7.4). The WTP MUST respond with a Configuration Update Response message (see Section 7.5). Change State Event: The WTP receives a Change State Event Response message, or determines that it must initiate a Change State Event Request message, as a result of a failure or change in the state of a radio. Calhoun, Editor, et al. Expires August 28, 2006 [Page 17] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Echo Request: The WTP receives an Echo Request message (see Section 6.1), to which it MUST respond with an Echo Response message(see Section 6.2). Clear Config Indication: The WTP receives a Clear Config Indication message (see Section 7.8). The WTP MUST reset its configuration back to manufacturer defaults. WTP Event: The WTP generates a WTP Event Request message to send information to the AC (see Section 8.5). The WTP receives a WTP Event Response message from the AC (see Section 8.6). Data Transfer: The WTP generates a Data Transfer Request message to the AC (see Section 8.7). The WTP receives a Data Transfer Response message from the AC (see Section 8.8). WLAN Config Request: The WTP receives a WLAN Config Request message (see Section 11.8.1), to which it MUST respond with a WLAN Config Response message (see Section 11.8.2). Mobile Config Request: The WTP receives a Mobile Config Request message (see Section 9.1), to which it MUST respond with a Mobile Config Response message (see Section 9.2). AC: This is the AC's normal state of operation: Configuration Update: The AC sends a Configuration Update Request message (see Section 7.4) to the WTP to update its configuration. The AC receives a Configuration Update Response message (see Section 7.5) from the WTP. Change State Event: The AC receives a Change State Event Request message (see Section 7.6), to which it MUST respond with the Change State Event Response message (see Section 7.7). Echo: The AC sends an Echo Request message Section 6.1) or receives the corresponding Echo Response message (see Section 6.2) from the WTP. Clear Config Indication: The AC sends a Clear Config Indication message (see Section 7.8). Calhoun, Editor, et al. Expires August 28, 2006 [Page 18] =0C Internet-Draft CAPWAP Protocol Specification February 2006 WLAN Config: The AC sends a WLAN Config Request message (see Section 11.8.1) or receives the corresponding WLAN Config Response message (see Section 11.8.2) from the WTP. Mobile Config: The AC sends a Mobile Config Request message (see Section 9.1) or receives the corresponding Mobile Config Response message (see Section 9.2) from the WTP. Data Transfer: The AC receives a Data Transfer Request message from the AC (see Section 8.7) and MUST generate a corresponding Data Transfer Response message (see Section 8.8). WTP Event: The AC receives a WTP Event Request message from the AC (see Section 8.5) and MUST generate a corresponding WTP Event Response message (see Section 8.6). Run to Idle (t): This event occurs when an error occurs in the communication between the WTP and the AC. WTP: The WTP enters the Idle state when the underlying reliable transport in unable to transmit a message within the RetransmitInterval timer (see Section 12), and the maximum number of RetransmitCount counter has reached the MaxRetransmit variable (see Section 13). AC: The AC enters the Idle state when the underlying reliable transport in unable to transmit a message within the RetransmitInterval timer (see Section 12), and the maximum number of RetransmitCount counter has reached the MaxRetransmit variable (see Section 13). Run to DTLS-Reset(u): This state transition is used to when the AC or WTP wish to tear down the connection. WTP: The WTP enters the DTLS-Reset state when it initiates orderly termination of the DTLS connection; The WTP sends a TLS Finished message to the AC. AC: The AC enters the DTLS-Reset state upon receipt of a TLS Finished message from the WTP. Run to DTLS-Rekey (x): This state is used to initiate a new DTLS handshake. Either the WTP or AC may initiate the state transition. DTLS protected CAPWAP packets may continue to flow while a new handshake is being performed. Because packets may be reordered, records encrypted under the new cipher suite may be received before one side receives the ChangeCipherSpec from the Calhoun, Editor, et al. Expires August 28, 2006 [Page 19] =0C Internet-Draft CAPWAP Protocol Specification February 2006 other side. The epoch value in the DTLS record header allows the data from the two associations/cryptographic states to be distinguished. Implementations SHOULD retain the state for the old association until it is likely that all old records have been received or dropped, e.g., for the maximum packet lifetime. If the state is dropped too early, the only effect will be that some data is lost, which is a condition that systems running over unreliable protocols need to consider in any case. Because the new handshake is performed over the existing DTLS association, both sides can be confident that the handshake was properly initiated and was not tampered with. All data is protected under either the old or new keys--and these can be distinguished by both the epoch and the authentication (MAC) verification. Thus, there is no period during which data is unprotected. WTP: The WTP enters the DTLS-Rekey state when either (1) a rekey is required, or (2) the AC initiates a DTLS handshake. AC: The AC enters the DTLS-Rekey state when either (1) a rekey is required, or (2) the WTP initiates a DTLS handshake. DTLS-rekey to Run (y): This event occurs when the DTLS rehandshake is completed. WTP: This state transition occurs when the WTP completes the DTLS rehandshake. AC: This state transition occurrs when the AC completed the DTLS rehandshake. DTLS-rekey to Reset (6): This event occurs when the DTLS rehandshake exchange phase times out. WTP: This state transition occurs when the WTP does not successfully complete the DTLS rehandshake phase. AC: This state transition occurs when the AC does not successfully complete the DTLS rehandshake phase. DTLS-Reset to Reset (v): This state transition is used to complete DTLS session tear-down. Calhoun, Editor, et al. Expires August 28, 2006 [Page 20] =0C Internet-Draft CAPWAP Protocol Specification February 2006 WTP: The WTP enters the Reset state when it has completed DTLS session clean-up, and it is ready to complete the CAPWAP protocol session clean-up. AC: The AC enters the Reset state when it has completed DTLS session clean-up, and it is ready to complete the CAPWAP protocol session clean-up. Reset to Idle (w): This event occurs when the state machine is restarted. WTP: The WTP reboots. After reboot the WTP will start its CAPWAP state machine in the Idle state. AC: The AC clears any state associated with the WTP. The AC generally does this as a result of the reliable link layer timing out. 2.3. Use of DTLS in the CAPWAP Protocol DTLS is used as a tightly-integrated secure wrapper for the CAPWAP protocol. Certain errors may occur during the DTLS negotiation and/or the resulting session; the following section describes those, along with handling requirements. It is important to note that the CAPWAP protocol, being the controlling entity for the DTLS session, must establish its own timers outside of DTLS (e.g. WaitJoin), and is responsible for terminating sessions which timeout. DTLS implements a retransmission backoff timer, but will not terminate a session unless instructed to do so. 2.3.1. DTLS Error Handling Requirements DTLS uses all of the same handshake messages and flows as TLS, with three principal changes: 1. A stateless cookie exchange has been added to prevent denial of service attacks. 2. Modifications to the handshake header have been made to handle message loss, reordering, and fragmentation 3. Retransmission timers to handle message loss have been added. Each of these features can cause the DTLS session to fail, as discussed below. For reference, an illustration of a normal DTLS session establishment (in this particular case, using certificates for authentication) is as follows: Calhoun, Editor, et al. Expires August 28, 2006 [Page 21] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Client (WTP) Server (AC) ------------ ------------ ClientHello ------> <----- HelloVerifyRequest (contains cookie) ClientHello ------> (with cookie) <------ ServerHello (seq=3D1) <------ Certificate (seq=3D2) <------ ServerHelloDone (seq=3D3) Certificate* ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished ------> [ChangeCipherSpec] <------ Finished 2.3.2. DTLS Cookie Exchange Failure The cookie exchange is optional in DTLS. For use with the CAPWAP protocol, it may not be required if the network on which the AC and WTP reside is entirely within the same administrative domain. However, if AC-WTP communications traverse multiple administrative domains, the cookie exchange SHOULD be supported. There are three potential points of failure in Hello exchange, assuming cookies are used: o The AC does not respond to the ClientHello (this may occur independently of cookie usage) o The WTP does not respond to the HelloVerifyRequest o The ClientHello contains an invalid cookie In determining appropriate error handling behavior for any of these cases, it is important to remember that the stateless cookie implements a defense mechanism from the point of view of the AC. That is, it is explictly designed to minimize AC-side processing prior to verifying that the WTP can receive and respond to packets at the specified address. Hence, any processing associated with this mechanism SHOULD be minimized. In the case of AC non-responsiveness to the ClientHello, the WaitJoin timer will eventually expire. When this occurs, the WTP SHOULD log Calhoun, Editor, et al. Expires August 28, 2006 [Page 22] =0C Internet-Draft CAPWAP Protocol Specification February 2006 an error message and choose an alternative AC if one exists, or return to the CAPWAP protocol Discovery state. In the case of WTP non-responsiveness to the HelloVerifyRequest, the DTLS implementation purposely does not set a timer (the HelloVerifyRequest is stateless by design). This means that DTLS itself will provide no indication of WTP non-responsiveness. To mitigate this, the AC MAY log a message when sending a HelloVerifyRequest, and SHOULD log a message upon receipt of a valid corresponding ClientHello. In this way, optional external detection of non-responsive WTP's can be used to troubleshoot such problems using data from the AC alone. In reality, administrators will typically have access to WTP logs as well, making detection of such problems straightforward. In case of an invalid cookie in the ClientHello, the AC MUST terminate the DTLS handshake, returing to Discovery state. A DTLS alert MAY be sent to the WTP indicating the failure. 2.3.3. DTLS Re-Assembly Failure Since DTLS handshake messages are potentially larger than the maximum record size, DTLS supports fragmenting of handshake messages across multiple records. There are several potential causes of re-assembly errors, including overlapping and/or lost fragments. The DTLS implementation should return an error to the CAPWAP protocol implementation when such errors occur. The precise error value is an API issue, and hence is beyond the scope of this document. Upon receipt of such an error, the CAPWAP protocol implementation SHOULD log an appropriate error message. Whether processing continues or the DTLS session is terminated is implementation dependent. Calhoun, Editor, et al. Expires August 28, 2006 [Page 23] =0C Internet-Draft CAPWAP Protocol Specification February 2006 3. CAPWAP Transport The CAPWAP protocol uses UDP as a transport, and can be used with IPv4 or IPv6. This section details the specifics of how the CAPWAP protocol works in conjunction with IP. 3.1. UDP Transport Communication between a WTP and an AC is established according to the standard UDP client/server model. One of the CAPWAP requirements is to allow a WTP to reside behind a firewall and/or Network Address Translation (NAT) device. Since the connection is initiated by the WTP (client) to the well-known UDP port of the AC (server), the use of UDP is a logical choice. CAPWAP protocol control packets sent between the WTP and the AC use well known UDP port 12222. CAPWAP protocol data packets sent between the WTP and the AC use UDP port [to be IANA assigned]. 3.2. AC Discovery A WTP and an AC will frequently not reside in the same IP subnet (broadcast domain). When this occurs, the WTP must be capable of discovering the AC, without requiring that multicast services are enabled in the network. This section describes how AC discovery is performed by WTPs. As the WTP attempts to establish communication with an AC, it sends the Discovery Request message and receives the corresponding response message from the AC(s). The WTP must send the Discovery Request message to either the limited broadcast IP address (255.255.255.255), a well known multicast address or to the unicast IP address of the AC. Upon receipt of the Discovery Request message, the AC issues a Discovery Response message to the unicast IP address of the WTP, regardless of whether the Discovery Request message was sent as a broadcast, multicast or unicast message. WTP use of a limited IP broadcast, multicast or unicast IP address is implementation dependent. When a WTP transmits a Discovery Request message to a unicast address, the WTP must first obtain the IP address of the AC. Any static configuration of an AC's IP address on the WTP non-volatile storage is implementation dependent. However, additional dynamic schemes are possible, for example: Calhoun, Editor, et al. Expires August 28, 2006 [Page 24] =0C Internet-Draft CAPWAP Protocol Specification February 2006 DHCP: A comma delimited ASCII encoded list of AC IP addresses is embedded in the DHCP vendor specific option 43 extension. An example of the actual format of the vendor specific payload for IPv4 is of the form "10.1.1.1, 10.1.1.2". DNS: The DNS name "CAPWAP-AC-Address" MAY be resolvable to one or more AC addresses. 3.3. Fragmentation/Reassembly While fragmentation and reassembly services are provided by IP, the CAPWAP protocol also provides such services. Environments where the CAPWAP protocol is used involve firewall, Network Address Translation (NAT) and "middle box" devices, which tend to drop IP fragments in order to minimize possible Denial of Service attacks. By providing fragmentation and reassembly at the application layer, any fragmentation required due to the tunneling component of the CAPWAP protocol becomes transparent to these intermediate devices. Consequently, the CAPWAP protocol is not impacted by any network configurations. Calhoun, Editor, et al. Expires August 28, 2006 [Page 25] =0C Internet-Draft CAPWAP Protocol Specification February 2006 4. CAPWAP Packet Formats This section contains the CAPWAP protocol packet formats. A CAPWAP protocol packet consists of a CAPWAP Transport Layer packet header followed by a CAPWAP message. The CAPWAP message can be either of type Control or Data, where Control packets carry signaling, and Data packets carry user payloads. The CAPWAP frame formats for CAPWAP Data packets, and for DTLS encapsulated CAPWAP Data and Control packets. are as shown below: CAPWAP Data Packet : +--------------------------------+ | IP |UDP | CAPWAP | Wireless | | Hdr |Hdr | Header | Payload | +--------------------------------+ CAPWAP + Optional DTLS Data Packet Security: +------------------------------------------------+ | IP |UDP | DTLS | CAPWAP | Wireless | DTLS | | Hdr |Hdr | Hdr | Hdr | Payload | Trailer| +------------------------------------------------+ \--authenticated-----------/ \--- encrypted-----------/ CAPWAP Control Packet (DTLS Security Required): +-----------------------------------------------------------+ | IP |UDP | DTLS | CAPWAP | Control | Message | DTLS | | Hdr |Hdr | Hdr | Header | Header | Element(s) | Trailer | +-----------------------------------------------------------+ \-------authenticated-----------------/ \------------encrypted-------------------/ UDP: All CAPWAP packets are encapsulated within UDP. Section Section 3.1 defines the specific UDP usage. CAPWAP Header: All CAPWAP protocol packets use a common header that immediately follows the UDP header. This header, is defined in Section 4.1. Wireless Payload: A CAPWAP protocol packet that contains a wireless payload is known as a data frame. The CAPWAP protocol does not dictate the format of the wireless payload, which is defined by the appropriate wireless standard. Additional information is in Section 4.2. Calhoun, Editor, et al. Expires August 28, 2006 [Page 26] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Control Header: The CAPWAP protocol includes a signalling component, known as the CAPWAP control protocol. All CAPWAP control packets include a Control Header, which is defined in Section 4.3.1. Message Elements: A CAPWAP Control packet includes one or more message elements, which are found immediately following the control header. These message elements are in a Type/Length/value style header, defined in Section 4.3.2. 4.1. CAPWAP Transport Header All CAPWAP protocol messages are encapsulated using a common header format, regardless of the CAPWAP control or CAPWAP Data transport used to carry the messages. However, certain flags are not applicable for a given transport. Refer to the specific transport section in order to determine which flags are valid. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |VER| RID |F|L|R| Frag ID | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Status/WLANs | Payload... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 4.1.1. VER Field A 2 bit field which contains the version of CAPWAP used in this packet. The value for this draft is 0. 4.1.2. RID Field A 3 bit field which contains the Radio ID number for this packet. WTPs with multiple radios but a single MAC Address use this field to indicate which radio is associated with the packet. 4.1.3. F Bit The Fragment 'F' bit indicates whether this packet is a fragment. When this bit is one (1), the packet is a fragment and MUST be combined with the other corresponding fragments to reassemble the complete information exchanged between the WTP and AC. 4.1.4. L Bit The Not Last 'L' bit is valid only if the 'F' bit is set and indicates whether the packet contains the last fragment of a fragmented exchange between WTP and AC. When this bit is 1, the Calhoun, Editor, et al. Expires August 28, 2006 [Page 27] =0C Internet-Draft CAPWAP Protocol Specification February 2006 packet is not the last fragment. When this bit is 0, the packet is the last fragment. 4.1.5. R Bit The R bit is reserved and set to 0 in this version of the CAPWAP protocol. 4.1.6. Fragment ID An 8 bit field whose value is assigned to each group of fragments making up a complete set. The fragment ID space is managed individually for every WTP/AC pair. The value of Fragment ID is incremented with each new set of fragments. The Fragment ID wraps to zero after the maximum value has been used to identify a set of fragments. The CAPWAP protocol only supports up to 2 fragments per frame. 4.1.7. Length The 16 bit length field contains the number of bytes in the Payload. The field is encoded as an unsigned number. 4.1.8. Status and WLANS The interpretation of this 16 bit field is binding specific. Refer to the transport portion of the binding for a specific wireless technology for the definition of this field. 4.1.9. Payload This field contains the header for a CAPWAP Data Message or CAPWAP Control Message, followed by the data associated with that message. 4.2. CAPWAP Data Messages A CAPWAP protocol data message is a forwarded wireless frame. The CAPWAP protocol defines two different modes of encapsulations; IEEE 802.3 and native wireless. IEEE 802.3 encapsulation requires that the bridging function be performed in the WTP. An IEEE 802.3 encapsulated user payload frame has the following format: +------------------------------------------------------+ | IP Header | UDP Header | CAPWAP Header | 802.3 Frame | +------------------------------------------------------+ The CAPWAP protocol also defines the native wireless encapsulation mode. The actual format of the encapsulated CAPWAP data frame is Calhoun, Editor, et al. Expires August 28, 2006 [Page 28] =0C Internet-Draft CAPWAP Protocol Specification February 2006 subject to the rules defined under the specific wireless technology binding. As a consequence, each wireless technology binding MUST define a section entitled "Payload encapsulation", which defines the format of the wireless payload that is encapsulated within the CAPWAP Data messages. In the event that the encapsulated frame would exceed the transport layer's MTU, the sender is responsible for the fragmentation of the frame, as specified in Section 3.3. 4.3. CAPWAP Control Messages Overview The CAPWAP Control protocol provides a control channel between the WTP and the AC. Control messages are divided into the following distinct message types: Discovery: CAPWAP Discovery messages are used to identify potential ACs, their load and capabilities. WTP Configuration: The WTP Configuration messages are used by the AC to push a specific configuration to the WTP it has a control channel with. Messages that deal with the retrieval of statistics from the WTP also fall in this category. Mobile Session Management: Mobile session management messages are used by the AC to push specific mobile policies to the WTP. Firmware Management: Messages in this category are used by the AC to push a new firmware image to the WTP. Discovery, WTP Configuration and Mobile Session Management messages MUST be implemented. Firmware Management MAY be implemented. In addition, technology specific bindings may introduce new control channel commands. 4.3.1. Control Message Format All CAPWAP control messages are sent encapsulated within the CAPWAP header (see Section 4.1). Immediately following the CAPWAP header, is the control header, which has the following format: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Message Type | Seq Num | Msg Element Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Msg Element [0..N] | Calhoun, Editor, et al. Expires August 28, 2006 [Page 29] =0C Internet-Draft CAPWAP Protocol Specification February 2006 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 4.3.1.1. Message Type The Message Type field identifies the function of the CAPWAP control message. The valid values for Message Type are the following: Description Value Discovery Request 1 Discovery Response 2 Configure Request 3 Configure Response 4 Configuration Update Request 5 Configuration Update Response 6 WTP Event Request 7 WTP Event Response 8 Change State Event Request 9 Change State Event Response 10 Echo Request 11 Echo Response 12 Unused 13 Image Data Request 14 Image Data Response 15 Reset Request 16 Reset Response 17 Primary Discovery Request 18 Primary Discovery Response 19 Data Transfer Request 20 Data Transfer Response 21 Clear Config Indication 22 WLAN Config Request 23 WLAN Config Response 24 Mobile Config Request 25 Mobile Config Response 26 4.3.1.2. Sequence Number The Sequence Number Field is an identifier value to match request/ response packet exchanges. When a CAPWAP packet with a request message type is received, the value of the sequence number field is copied into the corresponding response packet. When a CAPWAP control message is sent, its internal sequence number counter is monotonically incremented, ensuring that no two requests pending have the same sequence number. This field will wrap back to zero. Calhoun, Editor, et al. Expires August 28, 2006 [Page 30] =0C Internet-Draft CAPWAP Protocol Specification February 2006 4.3.1.3. Message Element Length The Length field indicates the number of bytes following the Sequence Num field. 4.3.1.4. Message Element[0..N] The message element(s) carry the information pertinent to each of the control message types. Every control message in this specification specifies which message elements are permitted. 4.3.2. Message Element Format The message element is used to carry information pertinent to a control message. Every message element is identified by the Type field, whose numbering space is managed via IANA (see Section 16). The total length of the message elements is indicated in the Message Element Length field. All of the message element definitions in this document use a diagram similar to the one below in order to depict its format. Note that in order to simplify this specification, these diagrams do not include the header fields (Type and Length). The header field values are defined in the Message element descriptions. Additional message elements may be defined in separate IETF documents. The format of a message element uses the TLV format shown here: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value ... | +-+-+-+-+-+-+-+-+ Where Type (16 bit) identifies the character of the information carried in the Value field and Length (16 bits) indicates the number of bytes in the Value field. 4.3.2.1. Generic Message Elements This section includes message elements that are not bound to a specific control message. Calhoun, Editor, et al. Expires August 28, 2006 [Page 31] =0C Internet-Draft CAPWAP Protocol Specification February 2006 4.3.2.1.1. Vendor Specific The Vendor Specific Payload is used to communicate vendor specific information between the WTP and the AC. The value contains the following format: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Vendor Identifier | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Element ID | Value... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 104 for Vendor Specific Length: >=3D 7 Vendor Identifier: A 32-bit value containing the IANA assigned "SMI Network Management Private Enterprise Codes" [17] Element ID: A 16-bit Element Identifier which is managed by the vendor. Value: The value associated with the vendor specific element. 4.3.3. Quality of Service It is recommended that CAPWAP control messages be sent by both the AC and the WTP with an appropriate Quality of Service precedence value, ensuring that congestion in the network minimizes occurrences of CAPWAP control channel disconnects. Therefore, a Quality of Service enabled CAPWAP device should use: 802.1P: The precedence value of 7 SHOULD be used. DSCP: The DSCP tag value of 46 SHOULD be used. Calhoun, Editor, et al. Expires August 28, 2006 [Page 32] =0C Internet-Draft CAPWAP Protocol Specification February 2006 5. CAPWAP Discovery Operations The Discovery messages are used by a WTP to determine which ACs are available to provide service, and the capabilities and load of the ACs. 5.1. Discovery Request The Discovery Request message is used by the WTP to automatically discover potential ACs available in the network. The Discovery Request message provides ACs with the primary capabilities of the WTP. A WTP must exchange this information to ensure subsequent exchanges with the ACs are consistent with the WTP's functional characteristics. A WTP must transmit this command even if it has a statically configured AC. Discovery Request messages MUST be sent by a WTP in the Discover state after waiting for a random delay less than MaxDiscoveryInterval, after a WTP first comes up or is (re)initialized. A WTP MUST send no more than the maximum of MaxDiscoveries Discovery Request messages, waiting for a random delay less than MaxDiscoveryInterval between each successive message. This is to prevent an explosion of WTP Discovery Request messages. An example of this occurring is when many WTPs are powered on at the same time. Discovery Request messages MUST be sent by a WTP when no Echo Response messages are received for NeighborDeadInterval and the WTP returns to the Idle state. Discovery Request messages are sent after NeighborDeadInterval. They MUST be sent after waiting for a random delay less than MaxDiscoveryInterval. A WTP MAY send up to a maximum of MaxDiscoveries Discovery Request messages, waiting for a random delay less than MaxDiscoveryInterval between each successive message. If a Discovery Response message is not received after sending the maximum number of Discovery Request messages, the WTP enters the Sulking state and MUST wait for an interval equal to SilentInterval before sending further Discovery Request messages. The Discovery Request message may be sent as a unicast, broadcast or multicast message. Upon receiving a Discovery Request message, the AC will respond with a Discovery Response message sent to the address in the source address of the received discovery request message. The following subsections define the message elements that MUST be Calhoun, Editor, et al. Expires August 28, 2006 [Page 33] =0C Internet-Draft CAPWAP Protocol Specification February 2006 included in the Discovery Request message. 5.1.1. Discovery Type The Discovery message element is used to configure a WTP to operate in a specific mode. 0 0 1 2 3 4 5 6 7 +-+-+-+-+-+-+-+-+ | Discovery Type| +-+-+-+-+-+-+-+-+ Type: 58 for Discovery Type Length: 1 Discovery Type: An 8-bit value indicating how the AC was discovered. The following values are supported: 0 - Broadcast 1 - Configured 5.1.2. WTP Descriptor The WTP descriptor message element is used by the WTP to communicate it's current hardware/firmware configuration. The value contains the following fields. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Hardware Version | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Software Version | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Boot Version | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Max Radios | Radios in use | Encryption Capabilities | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 3 for WTP Descriptor Length: 16 Calhoun, Editor, et al. Expires August 28, 2006 [Page 34] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Hardware Version: A 32-bit integer representing the WTP's hardware version number Software Version: A 32-bit integer representing the WTP's Firmware version number Boot Version: A 32-bit integer representing the WTP's boot loader's version number Max Radios: An 8-bit value representing the number of radios (where each radio is identified via the RID field) supported by the WTP Radios in use: An 8-bit value representing the number of radios present in the WTP Encryption Capabilities: This 16-bit field is used by the WTP to communicate it's capabilities to the AC. Since most WTP's support link layer encryption, the AC may make use of these services. There are binding dependent encryption capabilities. A WTP that does not have any encryption capabilities would set this field to zero (0). Refer to the specific binding for further specification of the Encryption Capabilities field. 5.1.3. WTP Radio Information The WTP radios information message element is used to communicate the radio information in a specific slot. The Discovery Request MUST include one such message element per radio in the WTP. The Radio- Type field is used by the AC in order to determine which technology specific binding is to be used with the WTP. The value contains two fields, as shown. 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | Radio Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 4 for WTP Radio Information Length: 3 Radio ID: The Radio Identifier, which typically refers to an interface index on the WTP Calhoun, Editor, et al. Expires August 28, 2006 [Page 35] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Radio Type: The type of radio present. Note this bitfield can be used to specify support for more than a single type of PHY/MAC. The following values are supported: 1 - 802.11b: An IEEE 802.11b radio. 2 - 802.11a: An IEEE 802.11a radio. 4 - 802.11g: An IEEE 802.11g radio. 8 - 802.11n: An IEEE 802.11n radio. 65535 - all: Used to specify all radios in the WTP. 5.1.4. WTP MAC Type The WTP MAC-Type message element allows the WTP to communicate its mode of operation to the AC. A WTP that advertises support for both modes allows the AC to select the mode to use, based on local policy. 0 0 1 2 3 4 5 6 7 +-+-+-+-+-+-+-+-+ | MAC Type | +-+-+-+-+-+-+-+-+ Type: TBD for WTP MAC Type Length: 1 MAC Type: The MAC mode of operation supported by the WTP. The following values are supported 0 - Local-MAC: Local-MAC is the default mode that MUST be supported by all WTPs. 1 - Split-MAC: Split-MAC support is optional, and allows the AC to receive and process native wireless frames. 2 - Both: WTP is capable of supporting both Local-MAC and Split- MAC. 5.1.5. WTP Frame Type The WTP Frame-Type message element allows the WTP to communicate the tunneling modes of operation which it supports to the AC. A WTP that advertises support for all modes allows the AC to select which mode will be used, based on its local policy. Calhoun, Editor, et al. Expires August 28, 2006 [Page 36] =0C Internet-Draft CAPWAP Protocol Specification February 2006 0 0 1 2 3 4 5 6 7 +-+-+-+-+-+-+-+-+ | Frame Type | +-+-+-+-+-+-+-+-+ Type: TBD for WTP Frame Type Length: 1 Frame Type: The Frame type specifies the encapsulation modes supported by the WTP. The following values are supported 1 - Local Bridging: Local Bridging allows the WTP to perform the bridging function. This value MUST NOT be used when the MAC Type is set to Split-MAC. 2 - 802.3 Bridging: 802.3 Bridging requires the WTP and AC to encapsulate all user payload as native IEEE 802.3 frames (see Section 4.2). This value MUST NOT be used when the MAC Type is set to Split-MAC. 4 - Native Bridging: Native Bridging requires the WTP and AC to encapsulate all user payloads as native wireless frames, as defined by the wireless binding (see Section 4.2). 7 - All: The WTP is capable of supporting all frame types. 5.2. Discovery Response The Discovery Response message provides a mechanism for an AC to advertise its services to requesting WTPs. Discovery Response messages are sent by an AC after receiving a Discovery Request message from a WTP. When a WTP receives a Discovery Response message, it MUST wait for an interval not less than DiscoveryInterval for receipt of additional Discovery Response messages. After the DiscoveryInterval elapses, the WTP enters the DTLS-Init state and selects one of the ACs that sent a Discovery Response message and send a DTLS Handshake to that AC. The following subsections define the message elements that MUST be included in the Discovery Response Message. Calhoun, Editor, et al. Expires August 28, 2006 [Page 37] =0C Internet-Draft CAPWAP Protocol Specification February 2006 5.2.1. AC Address The AC address message element is used to communicate the identity of the AC. The value contains two fields, as shown. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reserved | MAC Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 2 for AC Address Length: 7 Reserved: MUST be set to zero Mac Address: The MAC Address of the AC 5.2.2. AC Descriptor The AC payload message element is used by the AC to communicate it's current state. The value contains the following fields. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reserved | Hardware Version ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | HW Ver | Software Version ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | SW Ver | Stations | Limit | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Limit | Radios | Max Radio | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Max Radio | Security | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 6 for AC Descriptor Length: 18 Reserved: MUST be set to zero Calhoun, Editor, et al. Expires August 28, 2006 [Page 38] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Hardware Version: The AC's hardware version number Software Version: The AC's Firmware version number Stations: The number of mobile stations currently associated with the AC Limit: The maximum number of stations supported by the AC Radios: The number of WTPs currently attached to the AC Max Radio: The maximum number of WTPs supported by the AC Security: A 8 bit bit mask specifying the authentication credential type supported by the AC. The following values are supported (see Section 10): 1 - X.509 Certificate Based 2 - Pre-Shared Secret 5.2.3. AC Name The AC name message element contains an ASCII representation of the AC's identity. The value is a variable length byte string. The string is NOT zero terminated. 0 0 1 2 3 4 5 6 7 +-+-+-+-+-+-+-+-+ | Name ... +-+-+-+-+-+-+-+-+ Type: 31 for AC Name Length: > 0 Name: A variable length ASCII string containing the AC's name 5.2.4. WTP Manager Control IPv4 Address The WTP Manager Control IPv4 Address message element is sent by the AC to the WTP during the discovery process and is used by the AC to provide the interfaces available on the AC, and the current number of WTPs connected. In the event that multiple WTP Manager Control IPV4 Address message elements are returned, the WTP is expected to perform load balancing across the multiple interfaces. Calhoun, Editor, et al. Expires August 28, 2006 [Page 39] =0C Internet-Draft CAPWAP Protocol Specification February 2006 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | WTP Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 99 for WTP Manager Control IPv4 Address Length: 6 IP Address: The IP Address of an interface. WTP Count: The number of WTPs currently connected to the interface. 5.2.5. WTP Manager Control IPv6 Address The WTP Manager Control IPv6 Address message element is sent by the AC to the WTP during the discovery process and is used by the AC to provide the interfaces available on the AC, and the current number of WTPs connected. This message element is useful for the WTP to perform load balancing across multiple interfaces. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | WTP Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 142 for WTP Manager Control IPv6 Address Length: 18 IP Address: The IP Address of an interface. WTP Count: The number of WTPs currently connected to the interface. Calhoun, Editor, et al. Expires August 28, 2006 [Page 40] =0C Internet-Draft CAPWAP Protocol Specification February 2006 5.3. Primary Discovery Request The Primary Discovery Request message is sent by the WTP to determine whether its preferred (or primary) AC is available. A Primary Discovery Request message is sent by a WTP when it has a primary AC configured, and is connected to another AC. This generally occurs as a result of a failover, and is used by the WTP as a means to discover when its primary AC becomes available. As a consequence, this message is only sent by a WTP when it is in the Run state. The frequency of the Primary Discovery Request messages should be no more often than the sending of the Echo Request message. Upon receipt of a Discovery Request message, the AC responds with a Primary Discovery Response message sent to the address in the source address of the received Primary Discovery Request message. The following subsections define the message elements that MUST be included in the Primary Discovery message. 5.3.1. Discovery Type The Discovery Type message element is defined in Section 5.1.1. 5.3.2. WTP Descriptor The WTP Descriptor message element is defined in Section 5.1.2. 5.3.3. WTP MAC Type The Discovery Type message element is defined in Section 5.1.4. 5.3.4. WTP Frame Type The WTP Frame Type message element is defined in Section 5.1.5. 5.3.5. WTP Radio Information A WTP Radio Information message element must be present for every radio in the WTP. This message element is defined in Section 5.1.3. 5.4. Primary Discovery Response The Primary Discovery Response message enables an AC to advertise its availability and services to requesting WTPs that are configured to have the AC as its primary AC. Calhoun, Editor, et al. Expires August 28, 2006 [Page 41] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Primary Discovery Response messages are sent by an AC after receiving a Primary Discovery Request message. When a WTP receives a Primary Discovery Response message, it may establish a CAPWAP protocol connection to its primary AC, based on the configuration of the WTP Fallback Status message element on the WTP. The following subsections define the message elements that MUST be included in the Primary Discovery Request message. 5.4.1. AC Descriptor The Discovery Type message element is defined in Section 5.2.2. 5.4.2. AC Name The AC Name message element is defined in Section 5.2.3. 5.4.3. WTP Manager Control IPv4 Address A WTP Radio Information message element MAY be present for every radio in the WTP which are reachable via IPv4. This message element is defined in Section 5.2.4. 5.4.4. WTP Manager Control IPv6 Address A WTP Radio Information message element must be present for every radio in the WTP which are reachable via IPv6. This message element is defined in Section 5.2.5. Calhoun, Editor, et al. Expires August 28, 2006 [Page 42] =0C Internet-Draft CAPWAP Protocol Specification February 2006 6. Control Channel Management The Control Channel Management messages are used by the WTP and AC to maintain a control communication channel. 6.1. Echo Request The Echo Request message is a keep alive mechanism for CAPWAP control messages. Echo Request messages are sent periodically by a WTP in the Run state (see Section 2.2) to determine the state of the connection between the WTP and the AC. The Echo Request message is sent by the WTP when the Heartbeat timer expires. The WTP MUST start its NeighborDeadInterval timer when the Heartbeat timer expires. The Echo Request message carries no message elements. When an AC receives an Echo Request message it responds with an Echo Response message. 6.2. Echo Response The Echo Response message acknowledges the Echo Request message, and is only processed while in the Run state (see Section 2.2). An Echo Response message is sent by an AC after receiving an Echo Request message. After transmitting the Echo Response message, the AC SHOULD reset its Heartbeat timer to expire in the value configured for EchoInterval. If another Echo Request message is not received by the AC when the timer expires, the AC SHOULD consider the WTP to be no longer be reachable. The Echo Response message carries no message elements. When a WTP receives an Echo Response message it stops the NeighborDeadInterval timer, and initializes the Heartbeat timer to the EchoInterval. If the NeighborDeadInterval timer expires prior to receiving an Echo Response message, the WTP enters the Idle state. Calhoun, Editor, et al. Expires August 28, 2006 [Page 43] =0C Internet-Draft CAPWAP Protocol Specification February 2006 7. WTP Configuration Management Wireless Termination Point Configuration messages are used to exchange configuration information between the AC and the WTP. 7.1. Configuration Consistency The CAPWAP protocol provides flexibility in how WTP configuration is managed. A WTP has two options: 1. The WTP retains no configuration and accepts the configuration provided by the AC. 2. The WTP retains the configuration of parameters provided by the AC that are non-default values. If the WTP opts to save configuration locally, the CAPWAP protocol state machine defines the Configure state, which allows for configuration exchange. In the Configure state, the WTP sends its current configuration overrides to the AC via the Configure Request message. A configuration override is a parameter that is non- default. One example is that in the CAPWAP protocol, the default antenna configuration is internal omni antenna. A WTP that either has no internal antennas, or has been explicitly configured by the AC to use external antennas, sends its antenna configuration during the configure phase, allowing the AC to become aware of the WTP's current configuration. Once the WTP has provided its configuration to the AC, the AC sends its own configuration. This allows the WTP to inherit the configuration and policies from the AC. An AC maintains a copy of each active WTP's configuration. There is no need for versioning or other means to identify configuration changes. If a WTP becomes inactive, the AC MAY delete the configuration associated with it. If a WTP fails, and connects to a new AC, it provides its overridden configuration parameters, allowing the new AC to be aware of the WTP's configuration. This model allows for resiliency in case of an AC failure, that another AC can provide service to the WTP. In this scenario, the new AC would be automatically updated with WTP configuration changes, eliminating the need for inter-AC communication or the need for all ACs to be aware of the configuration of all WTPs in the network. Once the CAPWAP protocol enters the Run state, the WTPs begin to provide service. It is quite common for administrators to require that configuration changes be made while the network is operational. Calhoun, Editor, et al. Expires August 28, 2006 [Page 44] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Therefore, the Configuration Update Request is sent by the AC to the WTP to make these changes at run-time. 7.1.1. Configuration Flexibility The CAPWAP protocol provides the flexibility to configure and manage WTPs of varying design and functional characteristics. When a WTP first discovers an AC, it provides primary functional information relating to its type of MAC and to the nature of frames to be exchanged. The AC configures the WTP appropriately. The AC also establishes corresponding internal operations to deal with the WTP according to its functionalities. 7.2. Configure Request The Configure Request message is sent by a WTP to deliver its current configuration to its AC. Configure Request messages are sent by a WTP while in the Configure state. The Configure Request message carries binding specific message elements. Refer to the appropriate binding for the definition of this structure. When an AC receives a Configure Request message it will act upon the content of the packet and respond to the WTP with a Configure Response message. The Configure Request message includes multiple Administrative State message Elements. There is one such message element for the WTP, and one message element per radio in the WTP. The following subsections define the message elements that MUST be included in the Configure Request message. 7.2.1. Administrative State The administrative event message element is used to communicate the state of a particular radio. The value contains the following fields. 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | Admin State | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Calhoun, Editor, et al. Expires August 28, 2006 [Page 45] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Type: 27 for Administrative State Length: 2 Radio ID: An 8-bit value representing the radio to configure. The Radio ID field may also include the value of 0xff, which is used to identify the WTP itself. Therefore, if an AC wishes to change the administrative state of a WTP, it would include 0xff in the Radio ID field. Admin State: An 8-bit value representing the administrative state of the radio. The following values are supported: 1 - Enabled 2 - Disabled 7.2.2. AC Name The AC Name message element is defined in Section Section 5.2.3. 7.2.3. AC Name with Index The AC Name with Index message element is sent by the AC to the WTP to configure preferred ACs. The number of instances where this message element would be present is equal to the number of ACs configured on the WTP. 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Index | AC Name... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 90 for AC Name with Index Length: > 2 Index: The index of the preferred server (e.g., 1=3Dprimary, 2=3Dsecondary). AC Name: A variable length ASCII string containing the AC's name. 7.2.4. WTP Board Data The WTP Board Data message element is sent by the WTP to the AC and contains information about the hardware present. Calhoun, Editor, et al. Expires August 28, 2006 [Page 46] =0C Internet-Draft CAPWAP Protocol Specification February 2006 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Card ID | Card Revision | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | WTP Model | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | WTP Model | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | WTP Serial Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | WTP Serial Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | WTP Serial Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | WTP Serial Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | WTP Serial Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | WTP Serial Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Ethernet MAC Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Ethernet MAC Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 50 for WTP Board Data Length: 26 Card ID: A 2 byte hardware identifier. Card Revision: A 2 byte Revision of the card. WTP Model: 8 byte WTP Model Number. WTP Serial Number: 24 byte WTP Serial Number. Ethernet MAC Address: MAC Address of the WTP's Ethernet interface. 7.2.5. Statistics Timer The statistics timer message element value is used by the AC to inform the WTP of the frequency which it expects to receive updated statistics. Calhoun, Editor, et al. Expires August 28, 2006 [Page 47] =0C Internet-Draft CAPWAP Protocol Specification February 2006 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Statistics Timer | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 37 for Statistics Timer Length: 2 Statistics Timer: A 16-bit unsigned integer indicating the time, in seconds 7.2.6. WTP Static IP Address Information The WTP Static IP Address Information message element is used by an AC to configure or clear a previously configured static IP address on a WTP. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Netmask | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Gateway | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Static | +-+-+-+-+-+-+-+-+ Type: 82 for WTP Static IP Address Information Length: 13 IP Address: The IP Address to assign to the WTP. This field is only valid if the static field is set to one. Netmask: The IP Netmask. This field is only valid if the static field is set to one. Gateway: The IP address of the gateway. This field is only valid if the static field is set to one. Netmask: The IP Netmask. This field is only valid if the static field is set to one. Calhoun, Editor, et al. Expires August 28, 2006 [Page 48] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Static: An 8-bit boolean stating whether the WTP should use a static IP address or not. A value of zero disables the static IP address, while a value of one enables it. 7.2.7. WTP Reboot Statistics The WTP Reboot Statistics message element is sent by the WTP to the AC to communicate reasons why reboots have occurred. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Crash Count | CAPWAP Initiated Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Link Failure Count | Failure Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 67 for WTP Reboot Statistics Length: 7 Crash Count: The number of reboots that have occurred due to a WTP crash. A value of 65535 implies that this information is not available on the WTP. CAPWAP Initiated Count: The number of reboots that have occurred at the request of a CAPWAP protocol message, such as a change in configuration that required a reboot or an explicit CAPWAP reset request. A value of 65535 implies that this information is not available on the WTP. Link Failure Count: The number of times that a CAPWAP protocol connection with an AC has failed. Failure Type: The last WTP failure. The following values are supported: 0 - Link Failure 1 - CAPWAP Initiated (see Section 8.3) 2 - WTP Crash 255 - Unknown (e.g., WTP doesn't keep track of info) Calhoun, Editor, et al. Expires August 28, 2006 [Page 49] =0C Internet-Draft CAPWAP Protocol Specification February 2006 7.3. Configure Response The Configure Response message is sent by an AC and provides a mechanism for the AC to override a WTP's requested configuration. Configure Response messages are sent by an AC after receiving a Configure Request message. The Configure Response message carries binding specific message elements. Refer to the appropriate binding for the definition of this structure. When a WTP receives a Configure Response message it acts upon the content of the message, as appropriate. If the Configure Response message includes a Change State Event message element that causes a change in the operational state of one of the Radio, the WTP will transmit a Change State Event to the AC, as an acknowledgement of the change in state. The following subsections define the message elements that MUST be included in the Configure Response message. 7.3.1. Decryption Error Report Period The Decryption Error Report Period message element value is used by the AC to inform the WTP how frequently it should send decryption error report messages. 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | Report Interval | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 38 for Decryption Error Report Period Length: 3 Radio ID: The Radio Identifier, typically refers to some interface index on the WTP Report Interval: A 16-bit unsigned integer indicating the time, in seconds 7.3.2. Change State Event The Change State message element is used to communicate a change in the operational state of a radio. The value contains two fields, as Calhoun, Editor, et al. Expires August 28, 2006 [Page 50] =0C Internet-Draft CAPWAP Protocol Specification February 2006 shown. 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | State | Cause | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 26 for Change State Event Length: 3 Radio ID: The Radio Identifier, typically refers to some interface index on the WTP. State: An 8-bit boolean value representing the state of the radio. A value of one disables the radio, while a value of two enables it. Cause: In the event of a radio being inoperable, the cause field would contain the reason the radio is out of service. Cause: In the event of a radio being inoperable, the cause field would contain the reason the radio is out of service. The following values are supported: 0 - Normal 1 - Radio Failure 2 - Software Failure 7.3.3. CAPWAP Timers The CAPWAP Timers message element is used by an AC to configure CAPWAP timers on a WTP. 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Discovery | Echo Request | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 68 for CAPWAP Timers Calhoun, Editor, et al. Expires August 28, 2006 [Page 51] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Length: 2 Discovery: The number of seconds between CAPWAP Discovery packets, when the WTP is in the discovery mode. Echo Request: The number of seconds between WTP Echo Request CAPWAP messages. 7.3.4. AC IPv4 List The AC List message element is used to configure a WTP with the latest list of ACs in a cluster. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | AC IP Address[] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 59 for AC List Length: 4 The AC IP Address: An array of 32-bit integers containing an AC's IPv4 Address. 7.3.5. AC IPv6 List The AC List message element is used to configure a WTP with the latest list of ACs in a cluster. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | AC IP Address[] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | AC IP Address[] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | AC IP Address[] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | AC IP Address[] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Calhoun, Editor, et al. Expires August 28, 2006 [Page 52] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Type: 141 for AC IPV6 List Length: 16 The AC IP Address: An array of 32-bit integers containing an AC's IPv6 Address. 7.3.6. WTP Fallback The WTP Fallback message element is sent by the AC to the WTP to enable or disable automatic CAPWAP fallback in the event that a WTP detects its preferred AC, and is not currently connected to it. 0 0 1 2 3 4 5 6 7 +-+-+-+-+-+-+-+-+ | Mode | +-+-+-+-+-+-+-+-+ Type: 91 for WTP Fallback Length: 1 Mode: The 8-bit value indicates the status of automatic CAPWAP fallback on the WTP. A value of zero disables fallback, while a value of one enables it. When enabled, if the WTP detects that its primary AC is available, and it is not connected to it, it SHOULD automatically disconnect from its current AC and reconnect to its primary. If disabled, the WTP will only reconnect to its primary through manual intervention (e.g., through the Reset Request command). 7.3.7. Idle Timeout The Idle Timeout message element is sent by the AC to the WTP to provide it with the idle timeout that it should enforce on its active mobile station entries. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Timeout | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Calhoun, Editor, et al. Expires August 28, 2006 [Page 53] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Type: 97 for Idle Timeout Length: 4 Timeout: The current idle timeout to be enforced by the WTP. 7.4. Configuration Update Request Configure Update Request messages are sent by the AC to provision the WTP while in the Run state. This is used to modify the configuration of the WTP while it is operational. When an AC receives a Configuration Update Request message it will respond with a Configuration Update Response message, with the appropriate Result Code. The following subsections define the message elements included in the Configuration Update message. 7.4.1. WTP Name The WTP Name message element is a variable length bye string. The string is not zero terminated. 0 0 1 2 3 4 5 6 7 +-+-+-+-+-+-+-+-+- | WTP Name ... +-+-+-+-+-+-+-+-+- Type: 5 for WTP Name Length: 0 Timeout: A non-zero terminated string containing the WTP name. 7.4.2. Change State Event The Change State Event message element is defined in Section Section 7.3.2. 7.4.3. Administrative State The Administrative State message element is defined in Section Section 7.2.1. Calhoun, Editor, et al. Expires August 28, 2006 [Page 54] =0C Internet-Draft CAPWAP Protocol Specification February 2006 7.4.4. Statistics Timer The Statistics Timer message element is defined in Section Section 7.2.5. 7.4.5. Location Data The Location Data message elementis a variable length byte string containing user defined location information (e.g. "Next to Fridge"). This information is configurable by the network administrator, and allows for the WTP location to be determined through this field. The string is not zero terminated. 0 0 1 2 3 4 5 6 7 +-+-+-+-+-+-+-+-+- | Location ... +-+-+-+-+-+-+-+-+- Type: 35 for Location Data Length: 0 Timeout: A non-zero terminated string containing the WTP location. 7.4.6. Decryption Error Report Period The Decryption Error Report Period message element is defined in Section 7.3.1. 7.4.7. AC IPv4 List The AC List message element is defined in Section 7.3.4. 7.4.8. AC IPv6 List The AC List message element is defined in Section 7.3.5. 7.4.9. Add MAC ACL Entry The Add MAC Access Control List (ACL) Entry message element is used by an AC to add a MAC ACL list entry on a WTP, ensuring that the WTP no longer provides any service to the MAC addresses provided in the message. The MAC Addresses provided in this message element are not expected to be saved in non-volatile memory on the WTP. Calhoun, Editor, et al. Expires August 28, 2006 [Page 55] =0C Internet-Draft CAPWAP Protocol Specification February 2006 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Num of Entries| MAC Address[] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC Address[] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 65 for Add MAC ACL Entry Length: >=3D 7 Num of Entries: The number of MAC Addresses in the array. MAC Address: An array of MAC Addresses to add to the ACL. 7.4.10. Delete MAC ACL Entry The Delete MAC ACL Entry message element is used by an AC to delete a MAC ACL entry on a WTP, ensuring that the WTP provides service to the MAC addresses provided in the message. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Num of Entries| MAC Address[] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC Address[] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 66 for Delete MAC ACL Entry Length: >=3D 7 Num of Entries: The number of MAC Addresses in the array. MAC Address: An array of MAC Addresses to delete from the ACL. 7.4.11. Add Static MAC ACL Entry The Add Static MAC ACL Entry message element is used by an AC to add a permanent ACL entry on a WTP, ensuring that the WTP no longer provides any service to the MAC addresses provided in the message. The MAC Addresses provided in this message element are expected to be saved in non-volative memory on the WTP. Calhoun, Editor, et al. Expires August 28, 2006 [Page 56] =0C Internet-Draft CAPWAP Protocol Specification February 2006 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Num of Entries| MAC Address[] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC Address[] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 70 for Add Static MAC ACL Entry Length: >=3D 7 Num of Entries: The number of MAC Addresses in the array. MAC Address: An array of MAC Addresses to add to the permanent ACL. 7.4.12. Delete Static MAC ACL Entry The Delete Static MAC ACL Entry message element is used by an AC to delete a previously added static MAC ACL entry on a WTP, ensuring that the WTP provides service to the MAC addresses provided in the message. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Num of Entries| MAC Address[] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC Address[] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 71 for Delete MAC ACL Entry Length: >=3D 7 Num of Entries: The number of MAC Addresses in the array. MAC Address: An array of MAC Addresses to delete from the static MAC ACL entry. 7.4.13. CAPWAP Timers The CAPWAP Timers message element is defined in Section 7.3.3. 7.4.14. AC Name with Index The AC Name with Index message element is defined in Section 7.2.3. Calhoun, Editor, et al. Expires August 28, 2006 [Page 57] =0C Internet-Draft CAPWAP Protocol Specification February 2006 7.4.15. WTP Fallback The WTP Fallback message element is defined in Section 7.3.6. 7.4.16. Idle Timeout The Idle Timeout message element is defined in Section 7.3.7. 7.4.17. Timestamp The Timestamp message element is sent by the AC to to synchronize the WTP's clock. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Timestamp | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: TBD for Timestamp Length: 4 Timestamp: The AC's current time, allowing all of the WTPs to be time synchronized in the format defined by Network Time Protocol (NTP) in RFC 1305 [10]. 7.5. Configuration Update Response The Configuration Update Response message is the acknowledgement message for the Configuration Update Request message. The Configuration Update Response message is sent by a WTP after receiving a Configuration Update Request message. When an AC receives a Configure Update Response message the result code indicates if the WTP successfully accepted the configuration. The following subsections define the message elements that must be present in the Configuration Update message. 7.5.1. Result Code The Result Code message element value is a 32-bit integer value, indicating the result of the request operation corresponding to the sequence number in the message. Calhoun, Editor, et al. Expires August 28, 2006 [Page 58] =0C Internet-Draft CAPWAP Protocol Specification February 2006 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Result Code | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 2 for Result Code Length: 4 Result Code: The following values are defined: 0 Success 1 Failure (AC List message element MUST be present) 7.6. Change State Event Request The Change State Event Request message is used by the WTP to inform the AC of a change in the operational state. The Change State Event Request message is sent by the WTP when it receives a Configuration Response message that includes a Change State Event message element. It is also sent when the WTP detects an operational failure with a radio. The Change State Event Request message may be sent in either the Configure or Run state (see Section 2.2. When an AC receives a Change State Event message it will respond with a Change State Event Response message and make any necessary modifications to internal WTP data structures. The following subsections define the message elements that must be present in the Change State Event Request message. 7.6.1. Change State Event The Change State Event message element is defined in Section 7.3.2. 7.7. Change State Event Response The Change State Event Response message acknowledges the Change State Event Request message. A Change State Event Response message is by a WTP after receiving a Change State Event Request message. The Change State Event Response message carries no message elements. Calhoun, Editor, et al. Expires August 28, 2006 [Page 59] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Its purpose is to acknowledge the receipt of the Change State Event Request message. The WTP does not need to perform any special processing of the Change State Event Response message. 7.8. Clear Config Indication The Clear Config Indication message is used to reset a WTP's configuration. The Clear Config Indication message is sent by an AC to request that a WTP reset its configuration to the manufacturing default configuration. The Clear Config Indication message is sent while in the Run CAPWAP state. The Clear Config Indication message carries no message elements. When a WTP receives a Clear Config Indication message it resets its configuration to the manufacturing default configuration. Calhoun, Editor, et al. Expires August 28, 2006 [Page 60] =0C Internet-Draft CAPWAP Protocol Specification February 2006 8. Device Management Operations This section defines CAPWAP operations responsible for debugging, gathering statistics, logging, and firmware management. 8.1. Image Data Request The Image Data Request message is used to update firmware on the WTP. This message and its companion response message are used by the AC to ensure that the image being run on each WTP is appropriate. Image Data Request messages are exchanged between the WTP and the AC to download a new program image to the WTP. When a WTP or AC receives an Image Data Request message it will respond with an Image Data Response message. The format of the Image Data and Image Download message elements are described in the following subsections. 8.1.1. Image Download The image download message element is sent by the WTP to the AC and contains the image filename. The value is a variable length byte string. The string is NOT zero terminated. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Filename ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 32 for Image Download Length: >=3D 1 Filename: A variable length string containing the filename to download. 8.1.2. Image Data The image data message element is present in the Image Data Request message sent by the AC and contains the following fields. Calhoun, Editor, et al. Expires August 28, 2006 [Page 61] =0C Internet-Draft CAPWAP Protocol Specification February 2006 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Opcode | Checksum | Image Data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Image Data ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 33 for Image Data Length: >=3D 4 (allows 0 length element if last data unit is 1024 bytes) Opcode: An 8-bit value representing the transfer opcode. The following values are supported: 3 - Image data is included 5 - An error occurred. Transfer is aborted Checksum: A 16-bit value containing a checksum of the image data that follows Image Data: The Image Data field contains 1024 characters, unless the payload being sent is the last one (end of file). If the last block was 1024 in length, an Image Data with a zero length payload is sent. 8.2. Image Data Response The Image Data Response message acknowledges the Image Data Request message. An Image Data Response message is sent in response to a received Image Data Request message. Its purpose is to acknowledge the receipt of the Image Data Request message. The Image Data Response message carries no message elements. No action is necessary on receipt. 8.3. Reset Request The Reset Request message is used to cause a WTP to reboot. A Reset Request message is sent by an AC to cause a WTP to reinitialize its operation. Calhoun, Editor, et al. Expires August 28, 2006 [Page 62] =0C Internet-Draft CAPWAP Protocol Specification February 2006 The Reset Request carries no message elements. When a WTP receives a Reset Request it will respond with a Reset Response and then reinitialize itself. 8.4. Reset Response The Reset Response message acknowledges the Reset Request message. A Reset Response message is sent by the WTP after receiving a Reset Request message. The Reset Response message carries no message elements. Its purpose is to acknowledge the receipt of the Reset Request message. When an AC receives a Reset Response message, it is notified that the WTP will reinitialize its operation. 8.5. WTP Event Request WTP Event Request message is used by a WTP to send information to its AC. The WTP Event Request message may be sent periodically, or sent in response to an asynchronous event on the WTP. For example, a WTP MAY collect statistics and use the WTP Event Request message to transmit the statistics to the AC. When an AC receives a WTP Event Request message it will respond with a WTP Event Response message. The WTP Event Request message MUST contain one of the message elements described below, or a message element that is defined for a specific wireless technology. 8.5.1. Decryption Error Report The Decryption Error Report message element value is used by the WTP to inform the AC of decryption errors that have occurred since the last report. Note that this error reporting mechanism is not used if encryption and decryption services are provided via the AC. 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID |Num Of Entries | Mobile MAC Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Mobile MAC Address[] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Calhoun, Editor, et al. Expires August 28, 2006 [Page 63] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Type: 39 for Decryption Error Report Length: >=3D 8 Radio ID: The Radio Identifier, which typically refers to an interface index on the WTP Num Of Entries: An 8-bit unsigned integer indicating the number of mobile MAC addresses. Mobile MAC Address: An array of mobile station MAC addresses that have caused decryption errors. 8.5.2. Duplicate IPv4 Address The Duplicate IPv4 Address message element is used by a WTP to inform an AC that it has detected another IP device using the same IP address it is currently using. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 77 for Duplicate IPv4 Address Length: 10 IP Address: The IP Address currently used by the WTP. MAC Address: The MAC Address of the offending device. 8.5.3. Duplicate IPv6 Address The Duplicate IPv6 Address message element is used by a WTP to inform an AC that it has detected another host using the same IP address it is currently using. Calhoun, Editor, et al. Expires August 28, 2006 [Page 64] =0C Internet-Draft CAPWAP Protocol Specification February 2006 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 77 for Duplicate IPv6 Address Length: 22 IP Address: The IP Address currently used by the WTP. MAC Address: The MAC Address of the offending device. 8.6. WTP Event Response The WTP Event Response message acknowledges receipt of the WTP Event Request message. A WTP Event Response message issent by an AC after receiving a WTP Event Request message. The WTP Event Response message carries no message elements. 8.7. Data Transfer Request The Data Transfer Request message is used to deliver debug information from the WTP to the AC. Data Transfer Request messages are sent by the WTP to the AC when the WTP determines that it has important information to send to the AC. For instance, if the WTP detects that its previous reboot was caused by a system crash, it can send the crash file to the AC. The remote debugger function in the WTP also uses the Data Transfer Request message to send console output to the AC for debugging purposes. When the AC receives a Data Transfer Request message it responds to the WTP ith a Data Transfer Response message. The AC MAY log the Calhoun, Editor, et al. Expires August 28, 2006 [Page 65] =0C Internet-Draft CAPWAP Protocol Specification February 2006 information received. The Data Transfer Request message MUST contain one of the following message element listed below. 8.7.1. Data Transfer Mode The Data Transfer Mode message element is used by the AC to request information from the WTP for debugging purposes. 0 0 1 2 3 4 5 6 7 +-+-+-+-+-+-+-+-+ | Data Type | +-+-+-+-+-+-+-+-+ Type: 52 for Data Transfer Mode Length: 1 Data Type: An 8-bit value the type of information being requested. The following values are supported: 1 - WTP Crash Data 2 - WTP Memory Dump 8.7.2. Data Transfer Data The Data Transfer Data message element is used by the WTP to provide information to the AC for debugging purposes. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Data Type | Data Length | Data .... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 53 for Data Transfer Data Length: >=3D 3 Data Type: An 8-bit value the type of information being sent. The following values are supported: Calhoun, Editor, et al. Expires August 28, 2006 [Page 66] =0C Internet-Draft CAPWAP Protocol Specification February 2006 1 - WTP Crash Data 2 - WTP Memory Dump Data Length: Length of data field. Data: Debug information. 8.8. Data Transfer Response The Data Transfer Response message acknowledges the Data Transfer Request message. A Data Transfer Response message is sent in response to a received Data Transfer Request message. Its purpose is to acknowledge receipt of the Data Transfer Request message. The Data Transfer Response message carries no message elements. Upon receipt of a Data Transfer Response message, the WTP transmits more information, if more information is available. Calhoun, Editor, et al. Expires August 28, 2006 [Page 67] =0C Internet-Draft CAPWAP Protocol Specification February 2006 9. Mobile Session Management Messages in this section are used by the AC to create, modify or delete mobile station session state on the WTPs. 9.1. Mobile Config Request The Mobile Config Request message is used to create, modify or delete mobile session state on a WTP. The message is sent by the AC to the WTP, and may contain one or more message elements. The message elements for this CAPWAP control message include information that is generally highly technology specific. Therefore, please refer to the appropriate binding section or document for the definitions of the messages elements that may be used in this control message. 9.1.1. Add Mobile The Add Mobile message element is used by the AC to inform a WTP that it should forward traffic for a particular mobile station. The Add Mobile message element will be accompanied by technology specific binding information element which may include security parameters. Consequently, the security parameters must be applied by the WTP for the particular mobile. Once a mobile station's policy has been pushed to the WTP through this message element, an AC may change any policies by simply sending a modified Add Mobile message element. When a WTP receives an Add Mobile message element for an existing mobile station, it must override any existing state it may have for the mobile station in question. The latest Add Mobile overrides any previously received messages. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | MAC Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC Address | VLAN Name... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 29 for Add Mobile Length: >=3D 7 Radio ID: An 8-bit value representing the radio Calhoun, Editor, et al. Expires August 28, 2006 [Page 68] =0C Internet-Draft CAPWAP Protocol Specification February 2006 MAC Address: The mobile station's MAC Address VLAN Name: An optional variable string containing the VLAN Name on which the WTP is to locally bridge user data. Note this field is only valid with WTPs configured in Local MAC mode. 9.1.2. Delete Mobile The Delete Mobile message element is used by the AC to inform an WTP that it should no longer provide service to a particular mobile station. The WTP must terminate service immediately upon receiving this message element. The transmission of a Delete Mobile message element could occur for various reasons, including for administrative reasons, as a result of the fact that the mobile has roamed to another WTP, etc. Once access has been terminated for a given station, any future packets received from the mobile must result in a deauthenticate message, as specified in [6]. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | MAC Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 30 for Delete Mobile Length: 7 Radio ID: An 8-bit value representing the radio MAC Address: The mobile station's MAC Address 9.2. Mobile Config Response The Mobile Configuration Response message is used to acknowledge a previously received Mobile Configuration Request message, and includes a Result Code message element which indicates whether an error occurred on the WTP. This message requires no special processing, and is only used to acknowledge the Mobile Configuration Request message. Calhoun, Editor, et al. Expires August 28, 2006 [Page 69] =0C Internet-Draft CAPWAP Protocol Specification February 2006 9.2.1. Result Code The Result Code message element is defined in Section 7.5.1. Calhoun, Editor, et al. Expires August 28, 2006 [Page 70] =0C Internet-Draft CAPWAP Protocol Specification February 2006 10. CAPWAP Security This version of the CAPWAP protocol uses DTLS with both certificate and shared secret based credentials to secure CAPWAP protocol Control, and (optionally) Data packets. CAPWAP protocol Discovery Request and Discover Response messages are sent in the clear, as they are sent prior to esablishment of a secure DTLS session between the WTP and the AC. Once the DTLS session is established, and the CAPWAP state machine (see Section 2.2) is in the Configure state, all CAPWAP control frames are encrypted. An in-depth security analysis of threats and risks to AC-AP communication is beyond the scope of this document. The list below provides a summary of the assumptions made in the CAPWAP protocol security design: o WTP-AC communications may be accessible to a sophisticated attacker. o When authentication and/or privacy of end to end traffic for which the WTP and AC are intermediaries is required, IPSEC [19] or another end to end security protocol must be used. o Privacy and authentication for at least some WTP-AC control traffic is required, for example to enable secure delivery of user sessions keys from the AC to the WTP. 10.1. Endpoint Authentication using DTLS Certificate-based authentication is natively supported in DTLS, and support for preshared keys has been standardized (see [12]). The TLS algorithm suites for each endpoint authentication method are described below. 10.1.1. Authenticating with Certificates Note that only block ciphers are currently recommended for use with DTLS. To understand the reasoning behind this, see [23]. However,support for AES counter mode encryption is currently progressing in the TLS working group, and once protocol identifiers are available, they will be added below. At present, the following algorithms MUST be supported when using certificates for CAPWAP authentication: o TLS_RSA_WITH_AES_128_CBC_SHA o TLS_RSA_WITH_3DES_EDE_CBC_SHA Calhoun, Editor, et al. Expires August 28, 2006 [Page 71] =0C Internet-Draft CAPWAP Protocol Specification February 2006 The following algorithms SHOULD be supported when using certificates: o TLS_DH_RSA_WITH_AES_128_CBC_SHA o TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA The following algorithms MAY be supported when using certificates: o TLS_RSA_WITH_AES_256_CBC_SHA o TLS_DH_RSA_WITH_AES_256_CBC_SHA 10.1.2. Authenticating with Preshared Keys Pre-shared keys present significant challenges from a security perspective, and for that reason, their use is strongly discouraged. However, [12] defines 3 different methods for authenticating with preshared keys: o PSK key exchange algorithm - simplest method, ciphersuites use only symmetric key algorithms o DHE_PSK key exchange algorithm - use a PSK to authenticate a Diffie-Hellman exchange. These ciphersuites give some additional protection against dictionary attacks and also provide Perfect Forward Secrecy (PFS). o RSA_PSK key exchange algorithm - use RSA and certificates to authenticate the server, in addition to using a PSK. Not susceptible to passive attacks. The first approach (plain PSK) is susceptible to passive dictionary attacks; hence, while this alorithm MAY be supported, special care should be taken when choosing that method. In particular, user- readable passphrases SHOULD NOT be used, and use of short PSKs should be strongly discouraged. Additionally, DHE_PSK MUST be supported, and RSA_PSK MAY be supported. The following cryptographic algorithms MUST be supported when using preshared keys: o TLS_DHE_PSK_WITH_AES_128_CBC_SHA o TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA The following algorithms SHOULD be supported when using preshared keys: Calhoun, Editor, et al. Expires August 28, 2006 [Page 72] =0C Internet-Draft CAPWAP Protocol Specification February 2006 o TLS_DHE_PSK_WITH_AES_256_CBC_SHA The following algorithms MAY be supported when using preshared keys: o TLS_PSK_WITH_AES_128_CBC_SHA o TLS_PSK_WITH_AES_256_CBC_SHA o TLS_PSK_WITH_3DES_EDE_CBC_SHA o TLS_RSA_PSK_WITH_AES_128_CBC_SHA o TLS_RSA_PSK_WITH_AES_256_CBC_SHA o TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 10.2. Refreshing Cryptographic Keys Since AC-WTP associations will tend to be relatively long-lived, a mechanism is provided to periodically refresh the encryption and authentication keys; this is referred to as "rekeying". When the key lifetime reaches 95% of the configured value, identified in the KeyLifetime timer (see Section 12), a new DTLS seesion SHOULD be initiated (via a CAPWAP implementation API). 10.3. Certificate Usage Validation of the certificates by the AC and WTP is required so that only an AC may perform the functions of an AC and that only a WTP may perform the functions of a WTP. This restriction of functions to the AC or WTP requires that the certificates used by the AC MUST be distinguishable from the certificate used by the WTP. To accomplish this differentiation, the x.509v3 certificates MUST include the Extensions field [11] and MUST include the NetscapeComment [13] extension. For an AC, the value of the NetscapeComment extension MUST be the string "CAPWAP AC Device Certificate". For a WTP, the value of the NetscapeComment extension MUST be the string "CAPWAP WTP Device Certificate". Part of the CAPWAP certificate validation process includes ensuring that the proper string is included in the NetscapeComment extension, and only allowing the CAPWAP session to be established if the extension does not represent the same role as the device validating the certificate. For instance, a WTP MUST NOT accept a certificate whose NetscapeComment field is set to "CAPWAP WTP Device Certificate". Calhoun, Editor, et al. Expires August 28, 2006 [Page 73] =0C Internet-Draft CAPWAP Protocol Specification February 2006 11. IEEE 802.11 Binding This section defines the extensions required for the CAPWAP protocol to be used with the IEEE 802.11 protocol. 11.1. Division of labor The CAPWAP protocol, when used with IEEE 802.11 devices, requires a specific behavior from the WTP and the AC, specifically in terms of which IEEE 802.11 protocol functions are handled. For both the Split and Local MAC approaches, the CAPWAP functions, as defined in the taxonomy specification, reside in the AC. 11.1.1. Split MAC This section shows the division of labor between the WTP and the AC in a Split MAC architecture. Figure 4 shows the clear separation of functionality among CAPWAP components. Function Location Distribution Service AC Integration Service AC Beacon Generation WTP Probe Response WTP Power Mgmt/Packet Buffering WTP Fragmentation/Defragmentation WTP Assoc/Disassoc/Reassoc AC 802.11e Classifying AC Scheduling WTP/AC Queuing WTP 802.11i 802.1X/EAP AC Key Management AC 802.11 Encryption/Decryption WTP or AC Figure 4: Mapping of 802.11 Functions for Split MAC Architecture The Distribution and Integration services reside on the AC, and therefore all user data is tunneled between the WTP and the AC. As noted above, all real-time 802.11 services, including the control protocol and the beacon and probe response frames, are handled on the WTP. All remaining IEEE 802.11 MAC management frames are supported on the Calhoun, Editor, et al. Expires August 28, 2006 [Page 74] =0C Internet-Draft CAPWAP Protocol Specification February 2006 AC, including the Association Request which allows the AC to be involved in the access policy enforcement portion of the IEEE 802.11 protocol. The IEEE 802.1X and IEEE 802.11i key management function are also located on the AC. While the admission control component of IEEE 802.11e resides on the AC, the real time scheduling and queuing functions are on the WTP. Note this does not exclude the AC from providing additional policing and scheduling functionality. Note that in the following figure, the use of '( - )' indicates that processing of the frames is done on the WTP. Client WTP AC Beacon <----------------------------- Probe Request ----------------------------( - )-------------------------> Probe Response <----------------------------- 802.11 AUTH/Association <---------------------------------------------------------> Add Mobile (Clear Text, 802.1X Only) <-------------------------> 802.1X Authentication & 802.11i Key Exchange <---------------------------------------------------------> Add Mobile (AES-CCMP, PTK=3Dx) <-------------------------> 802.11 Action Frames <---------------------------------------------------------> 802.11 DATA (1) <---------------------------( - )-------------------------> Figure 5: Split MAC Message Flow Figure 5 provides an illustration of the division of labor in a Split MAC architecture. In this example, a WLAN has been created that is configured for IEEE 802.11i, using AES-CCMP for privacy. The following process occurs: o The WTP generates the IEEE 802.11 beacon frames, using information provided to it through the Add WLAN (see Section Section 11.8.1.1) message element. Calhoun, Editor, et al. Expires August 28, 2006 [Page 75] =0C Internet-Draft CAPWAP Protocol Specification February 2006 o The WTP processes the probe request and responds with a corresponding probe response. The probe request is then forwarded to the AC for optional processing. o The WTP forwards the IEEEE 802.11 Authentication and Association frames to the AC, which is responsible for responding to the client. o Once the association is complete, the AC transmits an CAPWAP Add Mobile request to the WTP (see Section Section 9.1.1. In the above example, the WLAN is configured for IEEE 802.1X, and therefore the '802.1X only' policy bit is enabled. o If the WTP is providing encryption/decryption services, once the client has completed the IEEE 802.11i key exchange, the AC transmits another Add Mobile request to the WTP, stating the security policy to enforce for the client (in this case AES-CCMP), as well as the encryption key to use. If encryption/decryption is handled in the AC, the Add Mobile request would have the encryption policy set to "Clear Text". o The WTP forwards any 802.11 Action frames received to the AC. o All client data frames are tunneled between the WTP and the AC. Note that the WTP is responsible for encrypting and decrypting frames, if it was indicated in the Add Mobile request. 11.1.2. Local MAC This section shows the division of labor between the WTP and the AC in a Local MAC architecture. Figure 6 shows the clear separation of functionality among CAPWAP components. Calhoun, Editor, et al. Expires August 28, 2006 [Page 76] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Function Location Distribution Service WTP Integration Service WTP Beacon Generation WTP Probe Response WTP Power Mgmt/Packet Buffering WTP Fragmentation/Defragmentation WTP Assoc/Disassoc/Reassoc WTP 802.11e Classifying WTP Scheduling WTP Queuing WTP 802.11i 802.1X/EAP AC Key Management AC 802.11 Encryption/Decryption WTP Figure 6: Mapping of 802.11 Functions for Local AP Architecture Given the Distribution and Integration Services exist on the WTP, client data frames are not forwarded to the AC, with the exception listed in the following paragraphs. While the MAC is terminated on the WTP, it is necessary for the AC to be aware of mobility events within the WTPs. As a consequence, the WTP MUST forward the IEEE 802.11 Association Requests to the AC, and the AC MAY reply with a failed Association Response if it deems it necessary. The IEEE 802.1X and IEEE 802.11i Key Management function resides in the AC. Therefore, the WTP MUST forward all IEEE 802.1X/Key Management frames to the AC and forward the associated responses to the station. Note that in the following figure, the use of '( - )' indicates that processing of the frames is done on the WTP. Calhoun, Editor, et al. Expires August 28, 2006 [Page 77] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Client WTP AC Beacon <----------------------------- Probe <----------------------------> 802.11 AUTH <----------------------------- 802.11 Association <---------------------------( - )-------------------------> Add Mobile (Clear Text, 802.1X Only) <-------------------------> 802.1X Authentication & 802.11i Key Exchange <---------------------------------------------------------> 802.11 Action Frames <---------------------------------------------------------> Add Mobile (AES-CCMP, PTK=3Dx) <-------------------------> 802.11 DATA <-----------------------------> Figure 7: Local MAC Message Flow Figure 7 provides an illustration of the division of labor in a Local MAC architecture. In this example, a WLAN has been created that is configured for IEEE 802.11i, using AES-CCMP for privacy. The following process occurs: o The WTP generates the IEEE 802.11 beacon frames, using information provided to it through the Add WLAN (see Section 11.8.1.1) message element. o The WTP processes the probe request and responds with a corresponding probe response. o The WTP forwards the IEEE 802.11 Authentication and Association frames to the AC, which is responsible for responding to the client. o Once the association is complete, the AC transmits an CAPWAP Add Mobile request to the WTP (see Section Section 9.1.1. In the above example, the WLAN is configured for IEEE 802.1X, and therefore the '802.1X only' policy bit is enabled. o The WTP forwards all IEEE 802.1X and IEEE 802.11i key exchange messages to the AC for processing. Calhoun, Editor, et al. Expires August 28, 2006 [Page 78] =0C Internet-Draft CAPWAP Protocol Specification February 2006 o The AC transmits another Add Mobile request to the WTP, stating the security policy to enforce for the client (in this case AES- CCMP), as well as the encryption key to use. The Add Mobile request MAY include a VLAN name, which when present is used by the WTP to identify the VLAN on which the user's data frames are to be bridged. o The WTP forwards any IEEE 802.11 Action frames received to the AC. o The WTP optionally may tunnel client data frames to the AC. If client data frames are locally bridged, the WTP will need to provide the necessary encryption and decryption services. 11.2. Roaming Behavior and 802.11 security It is important that CAPWAP implementations react properly to mobile devices associating to the networks in how they generate Add Mobile and Delete Mobile messages. This section expands upon the examples provided in the previous section, and describes how the CAPWAP control protocol is used in order to provide secure roaming. Once a client has successfully associated with the network in a secure fashion, it is likely to attempt to roam to another access point. Figure 8 shows an example of a currently associated station moving from its "Old WTP" to a new WTP. The figure is useful for multiple different security policies, including standard IEEE 802.1X and dynamic WEP keys, WPA or even WPA2 both with key caching (where the IEEE 802.1x exchange would be bypassed) and without. Client Old WTP WTP AC Association Request/Response <--------------------------------------( - )--------------> Add Mobile (Clear Text, 802.1X Only) <----------------> 802.1X Authentication (if no key cache entry exists) <--------------------------------------( - )--------------> 802.11i 4-way Key Exchange <--------------------------------------( - )--------------> Delete Mobile <----------------------------------> Add Mobile (AES-CCMP, PTK=3Dx) <----------------> Figure 8: Client Roaming Example Calhoun, Editor, et al. Expires August 28, 2006 [Page 79] =0C Internet-Draft CAPWAP Protocol Specification February 2006 11.3. Transport specific bindings All CAPWAP transports have the following IEEE 802.11 specific bindings: 11.3.1. Payload encapsulation The CAPWAP protocol defines the data frame, which allows a wireless payload to be encapsulated. For IEEE 802.11, the IEEE 802.11 header and payload is encapsulated (excluding the IEEE 802.11 FCS checksum). The IEEE 802.11 FCS checksum is handled by the WTP. This allows the WTP to validate a frame prior to sending it to the AC. Similarly, when an AC wishes to transmit a frame towards a station, the WTP computes and adds the FCS checksum. 11.3.2. Status and WLANS field The interpretation of this 16 bit field depends on the direction of transmission of the packet. Refer to the figure in Section 4.1. Status When a CAPWAP packet is transmitted from a WTP to an AC, this field is called the status field and indicates radio resource information associated with the frame. When the message is a CAPWAP control message this field is transmitted as zero. The status field is divided into the signal strength and signal to noise ratio with which an IEEE 802.11 frame was received, encoded in the following manner: 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | RSSI | SNR | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ RSSI: RSSI is a signed, 8-bit value. It is the received signal strength indication, in dBm. SNR: SNR is a signed, 8-bit value. It is the signal to noise ratio of the received IEEE 802.11 frame, in dB. WLANs field: When a CAPWAP data message is transmitted from an AC to a WTP, this 16 bit field indicates on which WLANs the encapsulated IEEE 802.11 frame is to be transmitted. For unicast packets, this field is not used by the WTP. For broadcast or multicast packets, Calhoun, Editor, et al. Expires August 28, 2006 [Page 80] =0C Internet-Draft CAPWAP Protocol Specification February 2006 the WTP might require this information if it provides encryption services. Given that a single broadcast or multicast packet might need to be sent to multiple wireless LANs (presumably each with a different broadcast key), this field is defined as a bit field. A bit set indicates a WLAN ID (see Section Section 11.8.1.1) which will be sent the data. The WLANS field is encoded in the following manner: 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | WLAN ID(s) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 11.4. BSSID to WLAN ID Mapping The CAPWAP protocol makes assumptions regarding the BSSIDs used on the WTP. It is a requirement for the WTP to use a contiguous block of BSSIDs. The WLAN Identifier field, which is managed by the AC, is used as an offset into the BSSID list. For instance, if a WTP had a base BSSID address of 00:01:02:00:00:00, and the AC sent an Add WLAN message with a WLAN Identifier of 2 (see Section Section 11.8.1.1), the BSSID for the specific WLAN on the WTP would be 00:01:02:00:00:02. The WTP communicates the maximum number of BSSIDs that it supports during the Config Request within the IEEE 802.11 WTP WLAN Radio Configuration message element (see Section 11.9.1). 11.5. Quality of Service for Control Messages It is recommended that IEEE 802.11 MAC management frames be sent by both the AC and the WTP with appropriate Quality of Service values, ensuring that congestion in the network minimizes occurrences of packet loss. Therefore, a Quality of Service enabled CAPWAP device should use: 802.1P: The precedence value of 6 SHOULD be used for all IEEE 802.11 MAC management frames, except for Probe Requests which SHOULD use 4. Calhoun, Editor, et al. Expires August 28, 2006 [Page 81] =0C Internet-Draft CAPWAP Protocol Specification February 2006 DSCP: The DSCP tag value of 46 SHOULD be used for all IEEE 802.11 MAC management frames, except for Probe Requests which SHOULD use 34. 11.6. Data Message bindings There are no CAPWAP Data Message bindings for IEEE 802.11. 11.7. Control Message bindings The IEEE 802.11 binding has the following Control Message definitions. 11.7.1. Mobile Config Request This section contains the IEEE 802.11 specific message elements that are used with the Mobile Config Request. 11.7.1.1. IEEE 802.11 Mobile The IEEE 802.11 Mobile message element accompanies the Add Mobile message element, and is used to push the IEEE 802.11 station policy. The latest IEEE 802.11 Mobile message element overrides any previously received message elements. If the IEEE 802.11 Mobile message element's EAP Only bit is set, the WTP MUST drop all IEEE 802.11 packets that do not contain EAP packets. Note that when EAP Only is set, the Encryption Policy field MAY be set, and therefore it is possible to inform a WTP to only accept encrypted EAP packets. Once the mobile station has successfully completed EAP authentication, the AC must send a new Add Mobile message element to remove the EAP Only restriction, and optionally push the session key down to the WTP. If the QoS field is set, the WTP MUST observe and provide policing of the 802.11e priority tag to ensure that it does not exceed the value provided by the AC. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | Association ID | Flags | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Capabilities | WLAN ID |Supported Rates +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Calhoun, Editor, et al. Expires August 28, 2006 [Page 82] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Type: TBD for Add IEEE 802.11 Mobile Length: >=3D 8 Radio ID: An 8-bit value representing the radio Association ID: A 16-bit value specifying the IEEE 802.11 Association Identifier MAC Address: The mobile station's MAC Address Capabilities: A 16-bit field containing the IEEE 802.11 capabilities to use with the mobile. WLAN ID: An 8-bit value specifying the WLAN Identifier Supported Rates: The variable length field containing the supported rates to be used with the mobile station. 11.7.1.2. IEEE 802.11 Mobile Session Key The Mobile Session Key Payload message element is sent when the AC determines that encryption of a mobile station must be performed in the WTP. This message element MUST NOT be present without the IEEE 802.11 Mobile (see Section 11.7.1.1) message element, and MUST NOT be sent if the WTP had not specifically advertised support for the requested encryption scheme. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC Address |E|C| Flags | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Encryption Policy | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Pairwise TSC | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Pairwise TSC | Pairwise RSC | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Pairwise RSC | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Session Key... +-+-+-+-+-+-+-+- Calhoun, Editor, et al. Expires August 28, 2006 [Page 83] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Type: 105 for IEEE 802.11 Mobile Session Key Length: >=3D 25 MAC Address: The mobile station's MAC Address Flags: A 16 bit field, whose unused bits MUST be set to zero. The following bits are defined: E: The one bit field is set by the AC to inform the WTP that is MUST NOT accept any 802.11 data frames, other than IEEE 802.1X frames. This is the equivalent of the WTP's IEEE 802.1X port for the mobile station to be in the closed state. When set, the WTP MUST drop any non-IEEE 802.1X packets it receives from the mobile station. C: The one bit field is set by the AC to inform the WTP that encryption services will be provided by the AC. When set, the WTP SHOULD police frames received from stations to ensure that they comply to the stated encryption policy, but does not need to take specific cryptographic action on the frame. Similarly, for transmitted frames, the WTP only needs to forward already encrypted frames. Encryption Policy: The policy field informs the WTP how to handle packets from/to the mobile station. The following values are supported: 0 - Encrypt WEP 104: All packets to/from the mobile station must be encrypted using standard 104 bit WEP. 1 - Clear Text: All packets to/from the mobile station do not require any additional crypto processing by the WTP. 2 - Encrypt WEP 40: All packets to/from the mobile station must be encrypted using standard 40 bit WEP. 3 - Encrypt WEP 128: All packets to/from the mobile station must be encrypted using standard 128 bit WEP. 4 - Encrypt AES-CCMP 128: All packets to/from the mobile station must be encrypted using 128 bit AES CCMP [7] 5 - Encrypt TKIP-MIC: All packets to/from the mobile station must be encrypted using TKIP and authenticated using Michael [21] Calhoun, Editor, et al. Expires August 28, 2006 [Page 84] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Pairwise TSC: The 6 byte Transmit Sequence Counter (TSC) field to use for unicast packets transmitted to the mobile. Pairwise RSC: The 6 byte Receive Sequence Counter (RSC) to use for unicast packets received from the mobile. Session Key: The session key the WTP is to use when encrypting traffic to/from the mobile station. For dynamically created keys, this is commonly known as a Pairwise Transient Key (PTK). 11.7.1.3. Station QoS Profile The Station QoS Profile Payload message element contains the maximum IEEE 802.11e priority tag that may be used by the station. Any packets received that exceeds the value encoded in this message element must either be dropped or tagged using the maximum value permitted by to the user. The priority tag must be between zero (0) and seven (7). 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC Address | 802.1P Precedence Tag | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 140 for IEEE 802.11 Station QOS Profile Length: 8 MAC Address: The mobile station's MAC Address 802.1P Precedence Tag: The maximum 802.1P precedence value that the WTP will allow in the TID field in the extended 802.11e QOS Data header. 11.7.1.4. IEEE 802.11 Update Mobile QoS The Update Mobile QoS message element is used to change the Quality of Service policy on the WTP for a given mobile station. 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | MAC Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC Address | DSCP Tag | 802.1P Tag | Calhoun, Editor, et al. Expires August 28, 2006 [Page 85] =0C Internet-Draft CAPWAP Protocol Specification February 2006 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 106 for IEEE 802.11 Update Mobile QoS Length: 14 Radio ID: The Radio Identifier, typically refers to some interface index on the WTP MAC Address: The mobile station's MAC Address. DSCP Tag: The DSCP label to use if packets are to be DSCP tagged. 802.1P Tag: The 802.1P precedence value to use if packets are to be IEEE 802.1P tagged. 11.7.2. WTP Event Request This section contains the 802.11 specific message elements that are used with the WTP Event Request message. 11.7.2.1. IEEE 802.11 Statistics The statistics message element is sent by the WTP to transmit it's current statistics. The value contains the following fields. Calhoun, Editor, et al. Expires August 28, 2006 [Page 86] =0C Internet-Draft CAPWAP Protocol Specification February 2006 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tx Fragment Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Multicast Tx Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Failed Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Retry Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Multiple Retry Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Frame Duplicate Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | RTS Success Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | RTS Failure Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ACK Failure Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Rx Fragment Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Multicast RX Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | FCS Error Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tx Frame Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Decryption Errors | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 38 for Statistics Length: 60 Radio ID: An 8-bit value representing the radio. Tx Fragment Count: A 32-bit value representing the number of fragmented frames transmitted. Multicast Tx Count: A 32-bit value representing the number of multicast frames transmitted. Calhoun, Editor, et al. Expires August 28, 2006 [Page 87] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Failed Count: A 32-bit value representing the transmit excessive retries. Retry Count: A 32-bit value representing the number of transmit retries. Multiple Retry Count: A 32-bit value representing the number of transmits that required more than one retry. Frame Duplicate Count: A 32-bit value representing the duplicate frames received. RTS Success Count: A 32-bit value representing the number of successfully transmitted Ready To Send (RTS). RTS Failure Count: A 32-bit value representing the failed transmitted RTS. ACK Failure Count: A 32-bit value representing the number of failed acknowledgements. Rx Fragment Count: A 32-bit value representing the number of fragmented frames received. Multicast RX Count: A 32-bit value representing the number of multicast frames received. FCS Error Count: A 32-bit value representing the number of FCS failures. Decryption Errors: A 32-bit value representing the number of Decryption errors that occurred on the WTP. Note that this field is only valid in cases where the WTP provides encryption/ decryption services. 11.8. 802.11 Control Messages This section defines CAPWAP Control Messages that are specific to the IEEE 802.11 binding. 11.8.1. IEEE 802.11 WLAN Config Request The IEEE 802.11 WLAN Configuration Request is sent by the AC to the WTP in order to change services provided by the WTP. This control message is used to either create, update or delete a WLAN on the WTP. The IEEE 802.11 WLAN Configuration Request is sent as a result of either some manual admistrative process (e.g., deleting a WLAN), or Calhoun, Editor, et al. Expires August 28, 2006 [Page 88] =0C Internet-Draft CAPWAP Protocol Specification February 2006 automatically to create a WLAN on a WTP. When sent automatically to create a WLAN, this control message is sent after the CAPWAP Configuration Request message has been received by the WTP. Upon receiving this control message, the WTP will modify the necessary services, and transmit an IEEE 802.11 WLAN Configuration Response. A WTP MAY provide service for more than one WLAN, therefore every WLAN is identified through a numerical index. For instance, a WTP that is capable of supporting up to 16 SSIDs, could accept up to 16 IEEE 802.11 WLAN Configuration Request messages that include the Add WLAN message element. Since the index is the primary identifier for a WLAN, an AC SHOULD attempt to ensure that the same WLAN is identified through the same index number on all of its WTPs. An AC that does not follow this approach MUST find some other means of maintaining a WLAN Identifier to SSID mapping table. The following subsections define the message elements that are value for this CAPWAP operation. Only one message MUST be present. 11.8.1.1. IEEE 802.11 Add WLAN The Add WLAN message element is used by the AC to define a wireless LAN on the WTP. The value contains the following format: Calhoun, Editor, et al. Expires August 28, 2006 [Page 89] =0C Internet-Draft CAPWAP Protocol Specification February 2006 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | WLAN Capability | WLAN ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Encryption Policy | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Key | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Key | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Key | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Key | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Key | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Key | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Key | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Key | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Key Index | Shared Key | WPA Data Len |WPA IE Data ...| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | RSN Data Len |RSN IE Data ...| WME Data Len |WME IE Data ...| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 11e Data Len |11e IE Data ...| QoS | Auth Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Suppress SSID | SSID ... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 7 for IEEE 802.11 Add WLAN Length: >=3D 49 Radio ID: An 8-bit value representing the radio. WLAN Capability: A 16-bit value containing the capabilities to be advertised by the WTP within the Probe and Beacon messages. WLAN ID: An 8-bit value specifying the WLAN Identifier. Encryption Policy: A 32-bit value specifying the encryption scheme to apply to traffic to and from the mobile station. Calhoun, Editor, et al. Expires August 28, 2006 [Page 90] =0C Internet-Draft CAPWAP Protocol Specification February 2006 The following values are supported: 0 - Encrypt WEP 104: All packets to/from the mobile station must be encrypted using standard 104 bit WEP. 1 - Clear Text: All packets to/from the mobile station do not require any additional crypto processing by the WTP. 2 - Encrypt WEP 40: All packets to/from the mobile station must be encrypted using standard 40 bit WEP. 3 - Encrypt WEP 128: All packets to/from the mobile station must be encrypted using standard 128 bit WEP. 4 - Encrypt AES-CCMP 128: All packets to/from the mobile station must be encrypted using 128 bit AES CCMP [7] 5 - Encrypt TKIP-MIC: All packets to/from the mobile station must be encrypted using TKIP and authenticated using Michael [21] 6 - Encrypt CKIP: All packets to/from the mobile station must be encrypted using Cisco TKIP. Key: A 32 byte Session Key to use with the encryption policy. Key-Index: The Key Index associated with the key. Shared Key: A 1 byte boolean that specifies whether the key included in the Key field is a shared WEP key. A value of zero is used to state that the key is not a shared WEP key, while a value of one is used to state that the key is a shared WEP key. WPA Data Len: Length of the WPA IE. WPA IE: A 32 byte field containing the WPA Information Element. RSN Data Len: Length of the RSN IE. RSN IE: A 64 byte field containing the RSN Information Element. WME Data Len: Length of the WME IE. WME IE: A 32 byte field containing the WME Information Element. DOT11E Data Len: Length of the 802.11e IE. Calhoun, Editor, et al. Expires August 28, 2006 [Page 91] =0C Internet-Draft CAPWAP Protocol Specification February 2006 DOT11E IE: A 32 byte field containing the 802.11e Information Element. QOS: An 8-bit value specifying the QoS policy to enforce for the station. The following values are supported: 0 - Best Effort 1 - Video 2 - Voice 3 - Background Auth Type: An 8-bit value specifying the station's authentication type. The following values are supported: 0 - Open System 1 - WEP Shared Key 2 - WPA/WPA2 802.1X 3 - WPA/WPA2 PSK Supress SSID: A boolean indicating whether the SSID is to be advertised by the WTP. A value of zero supresses the SSID in the 802.11 Beacon and Probe Response frames, while a value of one will cause the WTP to populate the field. SSID: The SSID attribute is the service set identifier that will be advertised by the WTP for this WLAN. 11.8.1.2. IEEE 802.11 Delete WLAN The delete WLAN message element is used to inform the WTP that a previously created WLAN is to be deleted. The value contains the following fields: 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | WLAN ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Calhoun, Editor, et al. Expires August 28, 2006 [Page 92] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Type: 28 for IEEE 802.11 Delete WLAN Length: 3 Radio ID: An 8-bit value representing the radio WLAN ID: A 16-bit value specifying the WLAN Identifier 11.8.1.3. IEEE 802.11 Update WLAN The Update WLAN message element is used by the AC to define a wireless LAN on the WTP. The value contains the following format: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | WLAN ID |Encrypt Policy | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Encryption Policy | Key... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Key ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Key Index | Shared Key | WLAN Capability | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 34 for IEEE 802.11 Update WLAN Length: 43 Radio ID: An 8-bit value representing the radio. WLAN ID: A 16-bit value specifying the WLAN Identifier. Encryption Policy: A 32-bit value specifying the encryption scheme to apply to traffic to and from the mobile station. The following values are supported: 0 - Encrypt WEP 104: All packets to/from the mobile station must be encrypted using standard 104 bit WEP. 1 - Clear Text: All packets to/from the mobile station do not require any additional crypto processing by the WTP. 2 - Encrypt WEP 40: All packets to/from the mobile station must be encrypted using standard 40 bit WEP. Calhoun, Editor, et al. Expires August 28, 2006 [Page 93] =0C Internet-Draft CAPWAP Protocol Specification February 2006 3 - Encrypt WEP 128: All packets to/from the mobile station must be encrypted using standard 128 bit WEP. 4 - Encrypt AES-CCMP 128: All packets to/from the mobile station must be encrypted using 128 bit AES CCMP [7] 5 - Encrypt TKIP-MIC: All packets to/from the mobile station must be encrypted using TKIP and authenticated using Michael [21] 6 - Encrypt CKIP: All packets to/from the mobile station must be encrypted using Cisco TKIP. Key: A 32 byte Session Key to use with the encryption policy. Key-Index: The Key Index associated with the key. Shared Key: A 1 byte boolean that specifies whether the key included in the Key field is a shared WEP key. A value of zero means that the key is not a shared WEP key, while a value of one is used to state that the key is a shared WEP key. WLAN Capability: A 16-bit value containing the capabilities to be advertised by the WTP within the Probe and Beacon messages. 11.8.2. IEEE 802.11 WLAN Config Response The IEEE 802.11 WLAN Configuration Response is sent by the AC to the WTP as an acknowledgement of the receipt of an IEEE 802.11 WLAN Configuration Request. This CAPWAP control message does not include any message elements. 11.8.3. IEEE 802.11 WTP Event The IEEE 802.11 WTP Event CAPWAP message is used by the WTP in order to report asynchronous events to the AC. There is no reply message expected from the AC, except that the message is acknowledged via the reliable transport. When the AC receives the IEEE 802.11 WTP Event, it will take whatever action is necessary, depending upon the message elements present in the message. The IEEE 802.11 WTP Event message MUST contain one of the following message element described in the next subsections. Calhoun, Editor, et al. Expires August 28, 2006 [Page 94] =0C Internet-Draft CAPWAP Protocol Specification February 2006 11.8.3.1. IEEE 802.11 MIC Countermeasures The MIC Countermeasures message element is sent by the WTP to the AC to indicate the occurrence of a MIC failure. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | WLAN ID | MAC Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 61 for IEEE 802.11 MIC Countermeasures Length: 8 Radio ID: The Radio Identifier, typically refers to some interface index on the WTP. WLAN ID: This 8-bit unsigned integer includes the WLAN Identifier, on which the MIC failure occurred. MAC Address: The MAC Address of the mobile station that caused the MIC failure. 11.8.3.2. IEEE 802.11 WTP Radio Fail Alarm Indication The WTP Radio Fail Alarm Indication message element is sent by the WTP to the AC when it detects a radio failure. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | Type | Status | Pad | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 95 for WTP Radio Fail Alarm Indication Length: 4 Radio ID: The Radio Identifier, typically refers to some interface index on the WTP Type: The type of radio failure detected. The following values are supported: Calhoun, Editor, et al. Expires August 28, 2006 [Page 95] =0C Internet-Draft CAPWAP Protocol Specification February 2006 1 - Receiver 2 - Transmitter Status: An 8-bit boolean indicating whether the radio failure is being reported or cleared. A value of zero is used to clear the event, while a value of one is used to report the event. Pad: Reserved field MUST be set to zero (0). 11.9. Message Element Bindings The IEEE 802.11 Message Element binding has the following definitions: Conf Conf Conf Add Req Resp Upd Mobile IEEE 802.11 WTP WLAN Radio Configuration X X X IEEE 802.11 Rate Set X X IEEE 802.11 Multi-domain Capability X X X IEEE 802.11 MAC Operation X X X IEEE 802.11 Tx Power X X X IEEE 802.11 Tx Power Level X IEEE 802.11 Direct Sequence Control X X X IEEE 802.11 OFDM Control X X X IEEE 802.11 Supported Rates X X IEEE 802.11 Antenna X X X IEEE 802.11 CFP Status X X IEEE 802.11 Broadcast Probe Mode X X IEEE 802.11 WTP Mode and Type X? X IEEE 802.11 WTP Quality of Service X X IEEE 802.11 MIC Error Report From Mobile X IEEE 802.11 Update Mobile QoS X IEEE 802.11 Mobile Session Key X 11.9.1. IEEE 802.11 WTP WLAN Radio Configuration The WTP WLAN radio configuration is used by the AC to configure a Radio on the WTP. The message element value contains the following Fields: Calhoun, Editor, et al. Expires August 28, 2006 [Page 96] =0C Internet-Draft CAPWAP Protocol Specification February 2006 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | Reserved | Occupancy Limit | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | CFP Per | CFP Maximum Duration | BSS ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | BSS ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | BSS ID | Beacon Period | DTIM Per | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Country String | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Num Of BSSIDs | +-+-+-+-+-+-+-+-+ Type: 8 for IEEE 802.11 WTP WLAN Radio Configuration Length: 20 Radio ID: An 8-bit value representing the radio to configure. Reserved: MUST be set to zero Occupancy Limit: This attribute indicates the maximum amount of time, in TU, that a point coordinator MAY control the usage of the wireless medium without relinquishing control for long enough to allow at least one instance of DCF access to the medium. The default value of this attribute SHOULD be 100, and the maximum value SHOULD be 1000. CFP Period: The attribute describes the number of DTIM intervals between the start of CFPs. CFP Maximum Duration: The attribute describes the maximum duration of the CFP in TU that MAY be generated by the PCF. BSSID: The WLAN Radio's base MAC Address. For WTPs that support more than a single WLAN, the value of the WLAN Identifier is added to the last octet of the BSSID. Therefore, a WTP that supports 16 WLANs MUST have 16 MAC Addresses reserved for it, and the last nibble is used to represent the WLAN ID. Beacon Period: This attribute specifies the number of TU that a station uses for scheduling Beacon transmissions. This value is transmitted in Beacon and Probe Response frames. Calhoun, Editor, et al. Expires August 28, 2006 [Page 97] =0C Internet-Draft CAPWAP Protocol Specification February 2006 DTIM Period: This attribute specifies the number of beacon intervals that elapses between transmission of Beacons frames containing a TIM element whose DTIM Count field is 0. This value is transmitted in the DTIM Period field of Beacon frames. Country Code: This attribute identifies the country in which the station is operating. The first two octets of this string is the two character country code as described in document ISO/IEC 3166- 1. The third octet MUST be one of the following: 1. an ASCII space character, if the regulations under which the station is operating encompass all environments in the country, 2. an ASCII 'O' character, if the regulations under which the station is operating are for an outdoor environment only, or 3. an ASCII 'I' character, if the regulations under which the station is operating are for an indoor environment only Number of BSSIDs: This attribute contains the maximum number of BSSIDs supported by the WTP. This value restricts the number of logical networks supported by the WTP, and is between 1 and 16. 11.9.2. IEEE 802.11 Rate Set The rate set message element value is sent by the AC and contains the supported operational rates. It contains the following fields. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | Rate Set... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 16 for IEEE 802.11 Rate Set Length: >=3D 3 Radio ID: An 8-bit value representing the radio to configure. Rate Set: The AC generates the Rate Set that the WTP is to include in it's Beacon and Probe messages. The length of this field is between 2 and 8 bytes. 11.9.3. IEEE 802.11 Multi-domain Capability The multi-domain capability message element is used by the AC to inform the WTP of regulatory limits. The value contains the Calhoun, Editor, et al. Expires August 28, 2006 [Page 98] =0C Internet-Draft CAPWAP Protocol Specification February 2006 following fields. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | Reserved | First Channel # | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Number of Channels | Max Tx Power Level | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 10 for IEEE 802.11 Multi-Domain Capability Length: 8 Radio ID: An 8-bit value representing the radio to configure. Reserved: MUST be set to zero First Channnel #: This attribute indicates the value of the lowest channel number in the subband for the associated domain country string. Number of Channels: This attribute indicates the value of the total number of channels allowed in the subband for the associated domain country string. Max Tx Power Level: This attribute indicates the maximum transmit power, in dBm, allowed in the subband for the associated domain country string. 11.9.4. IEEE 802.11 MAC Operation The MAC operation message element is sent by the AC to set the 802.11 MAC parameters on the WTP. The value contains the following fields. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | Reserved | RTS Threshold | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Short Retry | Long Retry | Fragmentation Threshold | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tx MSDU Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Rx MSDU Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Calhoun, Editor, et al. Expires August 28, 2006 [Page 99] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Type: 11 for IEEE 802.11 MAC Operation Length: 16 Radio ID: An 8-bit value representing the radio to configure. Reserved: MUST be set to zero RTS Threshold: This attribute indicates the number of octets in an MPDU, below which an RTS/CTS handshake MUST NOT be performed. An RTS/CTS handshake MUST be performed at the beginning of any frame exchange sequence where the MPDU is of type Data or Management, the MPDU has an individual address in the Address1 field, and the length of the MPDU is greater than this threshold. Setting this attribute to be larger than the maximum MSDU size MUST have the effect of turning off the RTS/CTS handshake for frames of Data or Management type transmitted by this STA. Setting this attribute to zero MUST have the effect of turning on the RTS/CTS handshake for all frames of Data or Management type transmitted by this STA. The default value of this attribute MUST be 2347. Short Retry: This attribute indicates the maximum number of transmission attempts of a frame, the length of which is less than or equal to RTSThreshold, that MUST be made before a failure condition is indicated. The default value of this attribute MUST be 7. Long Retry: This attribute indicates the maximum number of transmission attempts of a frame, the length of which is greater than dot11RTSThreshold, that MUST be made before a failure condition is indicated. The default value of this attribute MUST be 4. Fragmentation Threshold: This attribute specifies the current maximum size, in octets, of the MPDU that MAY be delivered to the PHY. An MSDU MUST be broken into fragments if its size exceeds the value of this attribute after adding MAC headers and trailers. An MSDU or MMPDU MUST be fragmented when the resulting frame has an individual address in the Address1 field, and the length of the frame is larger than this threshold. The default value for this attribute MUST be the lesser of 2346 or the aMPDUMaxLength of the attached PHY and MUST never exceed the lesser of 2346 or the aMPDUMaxLength of the attached PHY. The value of this attribute MUST never be less than 256. Calhoun, Editor, et al. Expires August 28, 2006 [Page 100] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Tx MSDU Lifetime: This attribute speficies the elapsed time in TU, after the initial transmission of an MSDU, after which further attempts to transmit the MSDU MUST be terminated. The default value of this attribute MUST be 512. Rx MSDU Lifetime: This attribute specifies the elapsed time in TU, after the initial reception of a fragmented MMPDU or MSDU, after which further attempts to reassemble the MMPDU or MSDU MUST be terminated. The default value MUST be 512. 11.9.5. IEEE 802.11 Tx Power The Tx power message element value is bi-directional. When sent by the WTP, it contains the current power level of the radio in question. When sent by the AC, it contains the power level the WTP MUST adhere to. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | Reserved | Current Tx Power | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 12 for IEEE 802.11 Tx Power Length: 4 Radio ID: An 8-bit value representing the radio to configure. Reserved: MUST be set to zero Current Tx Power: This attribute contains the transmit output power in mW. 11.9.6. IEEE 802.11 Tx Power Level The Tx power level message element is sent by the WTP and contains the different power levels supported. The value contains the following fields. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | Num Levels | Power Level [n] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Calhoun, Editor, et al. Expires August 28, 2006 [Page 101] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Type: 13 for IEEE 802.11 Tx Power Level Length: >=3D 4 Radio ID: An 8-bit value representing the radio to configure. Num Levels: The number of power level attributes. Power Level: Each power level fields contains a supported power level, in mW. 11.9.7. IEEE 802.11 Direct Sequence Control The direct sequence control message element is a bi-directional element. When sent by the WTP, it contains the current state. When sent by the AC, the WTP MUST adhere to the values. This element is only used for 802.11b radios. The value has the following fields. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | Reserved | Current Chan | Current CCA | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Energy Detect Threshold | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 14 for IEEE 802.11 Direct Sequence Control Length: 8 Radio ID: An 8-bit value representing the radio to configure. Reserved: MUST be set to zero Current Channel: This attribute contains the current operating frequency channel of the DSSS PHY. Current CCA: The current CCA method in operation. Valid values are: 1 - energy detect only (edonly) 2 - carrier sense only (csonly) 4 - carrier sense and energy detect (edandcs) Calhoun, Editor, et al. Expires August 28, 2006 [Page 102] =0C Internet-Draft CAPWAP Protocol Specification February 2006 8 - carrier sense with timer (cswithtimer) 16 - high rate carrier sense and energy detect (hrcsanded) Energy Detect Threshold: The current Energy Detect Threshold being used by the DSSS PHY. 11.9.8. IEEE 802.11 OFDM Control The OFDM control message element is a bi-directional element. When sent by the WTP, it contains the current state. When sent by the AC, the WTP MUST adhere to the values. This element is only used for 802.11a radios. The value contains the following fields: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | Reserved | Current Chan | Band Support | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TI Threshold | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 15 for IEEE 802.11 OFDM Control Length: 8 Radio ID: An 8-bit value representing the radio to configure. Reserved: MUST be set to zero Current Channel: This attribute contains the current operating frequency channel of the OFDM PHY. Band Supported: The capability of the OFDM PHY implementation to operate in the three U-NII bands. Coded as an integer value of a three bit field as follows: capable of operating in the lower (5.15-5.25 GHz) U-NII band capable of operating in the middle (5.25-5.35 GHz) U-NII band capable of operating in the upper (5.725-5.825 GHz) U-NII band For example, for an implementation capable of operating in the lower and mid bands this attribute would take the value Calhoun, Editor, et al. Expires August 28, 2006 [Page 103] =0C Internet-Draft CAPWAP Protocol Specification February 2006 TI Threshold: The Threshold being used to detect a busy medium (frequency). CCA MUST report a busy medium upon detecting the RSSI above this threshold. 11.9.9. IEEE 802.11 Antenna The antenna message element is communicated by the WTP to the AC to provide information on the antennas available. The AC MAY use this element to reconfigure the WTP's antennas. The value contains the following fields: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | Diversity | Combiner | Antenna Cnt | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Antenna Selection [0..N] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 41 for IEEE 802.11 Antenna Length: >=3D 5 Radio ID: An 8-bit value representing the radio to configure. Diversity: An 8-bit value specifying whether the antenna is to provide receive diversity. The following values are supported: 0 - Disabled 1 - Enabled (may only be true if the antenna can be used as a receive antenna) Combiner: An 8-bit value specifying the combiner selection. The following values are supported: 1 - Sectorized (Left) 2 - Sectorized (Right) 3 - Omni 4 - Mimo Calhoun, Editor, et al. Expires August 28, 2006 [Page 104] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Antenna Count: An 8-bit value specifying the number of Antenna Selection fields. Antenna Selection: One 8-bit antenna configuration value per antenna in the WTP. The following values are supported: 1 - Internal Antenna 2 - External Antenna 11.9.10. IEEE 802.11 Supported Rates The supported rates message element is sent by the WTP to indicate the rates that it supports. The value contains the following fields. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | Supported Rates... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 16 for IEEE 802.11 Supported Rates Length: >=3D 3 Radio ID: An 8-bit value representing the radio. Supported Rates: The WTP includes the Supported Rates that it's hardware supports. The format is identical to the Rate Set message element and is between 2 and 8 bytes in length. 11.9.11. IEEE 802.11 CFP Status The CFP Status message element is sent to provide the CF Polling configuration. 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | Status | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 48 for IEEE 802.11 CFP Status Length: 2 Calhoun, Editor, et al. Expires August 28, 2006 [Page 105] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Radio ID: The Radio Identifier, typically refers to some interface index on the WTP Status: An 8-bit boolean containing the status of the CF Polling feature. A value of zero disables CFP Status, while a value of one enables it. 11.9.12. IEEE 802.11 Broadcast Probe Mode The Broadcast Probe Mode message element indicates whether a WTP will respond to NULL SSID probe requests. Since broadcast NULL probes are not sent to a specific BSSID, the WTP cannot know which SSID the sending station is querying. Therefore, this behavior must be global to the WTP. 0 0 1 2 3 4 5 6 7 +-+-+-+-+-+-+-+-+ | Status | +-+-+-+-+-+-+-+-+ Type: 51 for IEEE 802.11 Broadcast Probe Mode Length: 1 Status: An 8-bit boolean indicating the status of whether a WTP shall response to a NULL SSID probe request. A value of zero disables NULL SSID probe response, while a value of one enables it. 11.9.13. IEEE 802.11 WTP Quality of Service The WTP Quality of Service message element value is sent by the AC to the WTP to communicate quality of service configuration information. 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | Tag Packets | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 57 for IEEE 802.11 WTP Quality of Service Length: >=3D 2 Calhoun, Editor, et al. Expires August 28, 2006 [Page 106] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Radio ID: The Radio Identifier, typically refers to some interface index on the WTP Tag Packets: An value indicating whether CAPWAP packets should be tagged with for QoS purposes. The following values are currently supported: 0 - Untagged 1 - 802.1P 2 - DSCP Immediately following the above header is the following data structure. This data structure will be repeated five times; once for every QoS profile. The order of the QoS profiles are Voice, Video, Best Effort and Background. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Queue Depth | CWMin | CWMax | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | CWMax | AIFS | CBR | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Dot1P Tag | DSCP Tag | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Queue Depth: The number of packets that can be on the specific QoS transmit queue at any given time. CWMin: The Contention Window minimum value for the QoS transmit queue. CWMax: The Contention Window maximum value for the QoS transmit queue. AIFS: The Arbitration Inter Frame Spacing to use for the QoS transmit queue. CBR: The CBR value to observe for the QoS transmit queue. Dot1P Tag: The 802.1P precedence value to use if packets are to be 802.1P tagged. Calhoun, Editor, et al. Expires August 28, 2006 [Page 107] =0C Internet-Draft CAPWAP Protocol Specification February 2006 DSCP Tag: The DSCP label to use if packets are to be DSCP tagged. 11.9.14. IEEE 802.11 MIC Error Report From Mobile The MIC Error Report From Mobile message element is sent by an AC to an WTP when it receives a MIC failure notification, via the Error bit in the EAPOL-Key frame. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Client MAC Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Client MAC Address | BSSID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | BSSID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Radio ID | WLAN ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 79 for IEEE 802.11 MIC Error Report From Mobile Length: 14 Client MAC Address: The Client MAC Address of the station reporting the MIC failure. BSSID: The BSSID on which the MIC failure is being reported. Radio ID: The Radio Identifier, typically refers to some interface index on the WTP WLAN ID: The WLAN ID on which the MIC failure is being reported. 11.10. IEEE 802.11 Message Element Values This section lists IEEE 802.11 specific values for any generic CAPWAP message elements which include fields whose values are technology specific. IEEE 802.11 uses the following values: 4 - Encrypt AES-CCMP 128: WTP supports AES-CCMP, as defined in [7]. 5 - Encrypt TKIP-MIC: WTP supports TKIP and Michael, as defined in [21]. Calhoun, Editor, et al. Expires August 28, 2006 [Page 108] =0C Internet-Draft CAPWAP Protocol Specification February 2006 12. CAPWAP Protocol Timers A WTP or AC that implements CAPWAP discovery MUST implement the following timers. 12.1. MaxDiscoveryInterval The maximum time allowed between sending discovery requests from the interface, in seconds. Must be no less than 2 seconds and no greater than 180 seconds. Default: 20 seconds. 12.2. SilentInterval The minimum time, in seconds, a WTP MUST wait after failing to receive any responses to its discovery requests, before it MAY again send discovery requests. Default: 30 12.3. NeighborDeadInterval The minimum time, in seconds, a WTP MUST wait without having received Echo Responses to its Echo Requests, before the destination for the Echo Request may be considered dead. Must be no less than 2*EchoInterval seconds and no greater than 240 seconds. Default: 60 12.4. WaitJoin The maximum time, in seconds, a WTP MUST wait without having received a DTLS Handshake message from an AC. This timer must be greater than TBD seconds. Default: TBD 12.5. EchoInterval The minimum time, in seconds, between sending echo requests to the AC with which the WTP has joined. Default: 30 12.6. DiscoveryInterval The minimum time, in seconds, that a WTP MUST wait after receiving a Calhoun, Editor, et al. Expires August 28, 2006 [Page 109] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Discovery Response, before initiating a DTLS handshake. Default: 5 12.7. RetransmitInterval The minimum time, in seconds, which a non-acknowledged CAPWAP packet will be retransmitted. Default: 3 12.8. ResponseTimeout The minimum time, in seconds, which the WTP or AC must respond to a CAPWAP Request message. Default: 1 12.9. KeyLifetime The maximum time, in seconds, which a CAPWAP DTLS session key is valid. Default: 28800 Calhoun, Editor, et al. Expires August 28, 2006 [Page 110] =0C Internet-Draft CAPWAP Protocol Specification February 2006 13. CAPWAP Protocol Variables A WTP or AC that implements CAPWAP discovery MUST allow for the following variables to be configured by system management; default values are specified so as to make it unnecessary to configure any of these variables in many cases. 13.1. MaxDiscoveries The maximum number of discovery requests that will be sent after a WTP boots. Default: 10 13.2. DiscoveryCount The number of discoveries transmitted by a WTP to a single AC. This is a monotonically increasing counter. 13.3. RetransmitCount The number of retransmissions for a given CAPWAP packet. This is a monotonically increasing counter. 13.4. MaxRetransmit The maximum number of retransmissions for a given CAPWAP packet before the link layer considers the peer dead. Default: 5 Calhoun, Editor, et al. Expires August 28, 2006 [Page 111] =0C Internet-Draft CAPWAP Protocol Specification February 2006 14. NAT Considerations There are two specific situations in which a NAT system may be used in conjunction with a CAPWAP-enabled system. The first consists of a configuration where the WTP is behind a NAT system. Given that all communication is initiated by the WTP, and all communication is performed over IP using two UDP ports, the protocol easily traverses NAT systems in this configuration. The second configuration is one where the AC sits behind a NAT. Two issues exist in this situation. First, an AC communicates its interfaces, and associated WTP load on these interfaces, through the WTP Manager Control IP Address. This message element is currently mandatory, and if NAT compliance became an issue, it would be possible to either: 1. Make the WTP Manager Control IP Address optional, allowing the WTP to simply use the known IP Address. However, note that this approach would eliminate the ability to perform load balancing of WTP across ACs, and therefore is not the recommended approach. 2. Allow an AC to be able to configure a NAT'ed address for every associated AC that would generally be communicated in the WTP Manager Control IP Address message element. 3. Require that if a WTP determines that the AC List message element consists of a set of IP Addresses that are different from the AC's IP Address it is currently communicating with, then assume that NAT is being enforced, and require that the WTP communicate with the original AC's IP Address (and ignore the WTP Manager Control IP Address message element(s)). Another issue related to having an AC behind a NAT system is CAPWAP's support for the CAPWAP Objective to allow the control and data plane to be separated. In order to support this requirement, the CAPWAP protocol defines the WTP Manager Data IP Address message element, which allows the AC to inform the WTP that the CAPWAP data frames are to be forwarded to a separate IP Address. This feature MUST be disabled when an AC is behind a NAT. However, there is no easy way to provide some default mechanism that satisfies both the data/ control separation and NAT objectives, as they directly conflict with each other. As a consequence, user intervention will be required to support such networks. The CAPWAP protocol allows for all of the ACs identities supporting a group of WTPs to be communicated through the AC List message element. This feature must be disabled when the AC is behind a NAT and the IP Address that is embedded would be invalid. Calhoun, Editor, et al. Expires August 28, 2006 [Page 112] =0C Internet-Draft CAPWAP Protocol Specification February 2006 The CAPWAP protocol has a feature that allows an AC to configure a static IP address on a WTP. The WTP Static IP Address Information message element provides such a function, however this feature SHOULD NOT be used in NAT'ed environments, unless the administrator is familiar with the internal IP addressing scheme within the WTP's private network, and does not rely on the public address seen by the AC. When a WTP detects the duplicate address condition, it generates a message to the AC, which includes the Duplicate IP Address message element. The IP Address embedded within this message element is different from the public IP address seen by the AC. Calhoun, Editor, et al. Expires August 28, 2006 [Page 113] =0C Internet-Draft CAPWAP Protocol Specification February 2006 15. Security Considerations The security of the CAPWAP protocol over DTLS is completely dependent on the security of DTLS. Any flaws in DTLS compromise the security of the CAPWAP protocol. In particular, it is critical that the communicating parties verify their peer's credentials. In the case of pre-shared keys, this happens automatically via the key. In the case of certificates, the parties must check the peer's certificate. The appropriate checks are described in Section 10.3. The use of parallel protected and unprotected channels deserves special consideration, but does not create a threat. There are two potential concerns: attempting to convert protected data into un- protected data and attempting to convert un-protected data into protected data. The use of message authentication makes it impossible for the attacker to forge protected records. The attacker can easily remove protected records from the stream (this is a consequence of unreliability), though not undetectably so. If a non- encrypted cipher suite is in use, the attacker can turn such a record into an un-protected record. However, this attack is really no different from simple injection into the unprotected stream. Perfect Forward Secrecy is not a requirement for the CAPWAP protocol. The CAPWAP protocol does not add any new vulnerabilities to IEEE 802.11 infrastructure which uses WEP for encryption. However, implementors SHOULD discourage the use of WEP to allow the market to move towards technically sound cryptographic solutions, such as IEEE 802.11i. 15.1. PSK based Session Key establishment Use of a fixed shared secret of limited entropy (for example, a PSK that is relatively short, or was chosen by a human and thus may contain less entropy than its length would imply) may allow an attacker to perform a brute-force or dictionary attack to recover the secret. It is RECOMMENDED that implementations that allow the administrator to manually configure the PSK also provide a functionality for generating a new random PSK, taking RFC 1750 [4] into account. Calhoun, Editor, et al. Expires August 28, 2006 [Page 114] =0C Internet-Draft CAPWAP Protocol Specification February 2006 16. IANA Considerations A separate UDP port for data channel communications is (currently) the selected demultiplexing mechanism, and a port must be assigned for this purpose. The Message element type fields must be IANA aassigned, see Section 4.3.2. Calhoun, Editor, et al. Expires August 28, 2006 [Page 115] =0C Internet-Draft CAPWAP Protocol Specification February 2006 17. References 17.1. Normative References [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [2] National Institute of Standards and Technology, "Advanced Encryption Standard (AES)", FIPS PUB 197, November 2001, . [3] Whiting, D., Housley, R., and N. Ferguson, "Counter with CBC- MAC (CCM)", RFC 3610, September 2003. [4] Eastlake, D., Crocker, S., and J. Schiller, "Randomness Recommendations for Security", RFC 1750, December 1994. [5] Manner, J. and M. Kojo, "Mobility Related Terminology", RFC 3753, June 2004. [6] "Information technology - Telecommunications and information exchange between systems - Local and metropolitan area networks - Specific requirements - Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications", IEEE Standard 802.11, 1999, . [7] "Information technology - Telecommunications and information exchange between systems - Local and metropolitan area networks - Specific requirements - Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications Amendment 6: Medium Access Control (MAC) Security Enhancements", IEEE Standard 802.11i, July 2004, . [8] Clark, D., "IP datagram reassembly algorithms", RFC 815, July 1982. [9] Schaad, J. and R. Housley, "Advanced Encryption Standard (AES) Key Wrap Algorithm", RFC 3394, September 2002. [10] Mills, D., "Network Time Protocol (Version 3) Specification, Implementation", RFC 1305, March 1992. [11] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3280, April 2002. Calhoun, Editor, et al. Expires August 28, 2006 [Page 116] =0C Internet-Draft CAPWAP Protocol Specification February 2006 [12] Eronen, P. and H. Tschofenig, "Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)", RFC 4279, December 2005. [13] "Netscape Certificate Extensions Specification", . [14] Clancy, C., "Security Review of the Light Weight Access Point Protocol", May 2005, . [15] Rescorla et al, E., "Datagram Transport Layer Security", June 2004. [16] "Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication", May 2005, . 17.2. Informational References [17] Reynolds, J., "Assigned Numbers: RFC 1700 is Replaced by an On- line Database", RFC 3232, January 2002. [18] Bradner, S., "The Internet Standards Process -- Revision 3", BCP 9, RFC 2026, October 1996. [19] Kent, S. and R. Atkinson, "Security Architecture for the Internet Protocol", RFC 2401, November 1998. [20] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-Hashing for Message Authentication", RFC 2104, February 1997. [21] "WiFi Protected Access (WPA) rev 1.6", April 2003. [22] Dierks et al, T., "The TLS Protocol Version 1.1", June 2005. [23] Modadugu et al, N., "The Design and Implementation of Datagram TLS", Feb 2004. Calhoun, Editor, et al. Expires August 28, 2006 [Page 117] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Editors' Addresses Pat R. Calhoun Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 Phone: +1 408-853-5269 Email: pcalhoun@cisco.com Michael P. Montemurro Chantry Networks 1900 Minnesota Court, Suite 125 Mississauga, ON L5N 3C9 Canada Phone: +1 905-363-6413 Email: michael.montemurro@siemens.com Dorothy Stanley Aruba Networks 1322 Crossman Ave Sunnyvale, CA 94089 Phone: +1 630-363-1389 Email: dstanley@arubanetworks.com Calhoun, Editor, et al. Expires August 28, 2006 [Page 118] =0C Internet-Draft CAPWAP Protocol Specification February 2006 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Calhoun, Editor, et al. Expires August 28, 2006 [Page 119] =0C ------=_Part_18068_31811829.1140920600904 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap ------=_Part_18068_31811829.1140920600904-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 27 10:15:37 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FDk65-0005gT-BW for capwap-archive@lists.ietf.org; Mon, 27 Feb 2006 10:15:37 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FDk63-0005xi-Lt for capwap-archive@lists.ietf.org; Mon, 27 Feb 2006 10:15:37 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id C576A4300A4 for ; Mon, 27 Feb 2006 07:15:34 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 85208430048 for ; Mon, 27 Feb 2006 07:15:02 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 23B1039802F for ; Mon, 27 Feb 2006 07:15:02 -0800 (PST) Received: from sj-iport-3.cisco.com (sj-iport-3-in.cisco.com [171.71.176.72]) by zoidberg.tigertech.net (Postfix) with ESMTP id D3B01398038 for ; Mon, 27 Feb 2006 07:14:57 -0800 (PST) Received: from sj-core-1.cisco.com ([171.71.177.237]) by sj-iport-3.cisco.com with ESMTP; 27 Feb 2006 07:14:57 -0800 X-IronPort-AV: i="4.02,150,1139212800"; d="scan'208,217"; a="410294597:sNHT59580460" Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id k1RFEvHf010887; Mon, 27 Feb 2006 07:14:57 -0800 (PST) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Mon, 27 Feb 2006 07:14:57 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Subject: RE: [Capwap] capwap-protocol-specification-00 Date: Mon, 27 Feb 2006 07:14:56 -0800 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A2017761F9@xmb-sjc-235.amer.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] capwap-protocol-specification-00 Thread-Index: AcY7ICF2Mtt9swAkQcCiQKiplTjwGgAkAmxg From: "Pat Calhoun (pacalhou)" To: "Dorothy Stanley" , X-OriginalArrivalTime: 27 Feb 2006 15:14:57.0337 (UTC) FILETIME=[91D1DA90:01C63BB0] X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=1.553 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE, HTML_30_40, HTML_MESSAGE, SUBJ_HAS_UNIQ_ID X-Spam-Level: * Cc: X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1368300271==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 1.2 (+) X-Scan-Signature: 17e5edc4dfd335965c1d21372171c01c This is a multi-part message in MIME format. --===============1368300271== Content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C63BB0.919A9786" This is a multi-part message in MIME format. ------_=_NextPart_001_01C63BB0.919A9786 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable All, =20 In addition to the changes listed by Dorothy, all of the items that are currently marked as resolved in tracker are also included in this draft. Unfortunately, due to travel schedules, the editors never had a chance to review some of the changes as a group, so it is possible that we end up having to back out some of the changes in the -01 revision. Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems =20 ________________________________ From: Dorothy Stanley [mailto:dstanley1389@gmail.com]=20 Sent: Sunday, February 26, 2006 2:00 PM To: capwap@frascone.com Subject: [Capwap] capwap-protocol-specification-00 =09 =09 CAPWAP WG members: =09 The capwap-protocol-specification-00 draft has been submitted for publication as a working group item. I did copy the WG on the submission yesterday, but for some reason, that mail did not appear on the list.=20 I have asked Dorothy G and Mani to post it to capwap.org , for earlier access. =09 PLEASE NOTE THAT THIS IS A -00 DRAFT - It is NOT final. It is subject to WG review.=20 There are many tracker issues still to be resolved, and new ones are being added. =09 Changes in this -00 draft include the following: =09 1. Protocol name change to "CAPWAP", per list discussion =09 2. Addition of the three editors =09 3. Addition of a "Contributing Author"section, with the known contributing authors to date. =09 4. Inclusion of DTLS as the CAPWAP protocol security mechanism, replacing the LWAPP=20 mechanism. Inserted and modified text reflects Eric and Scott's latest dtls spec, and the list comment discussion to address Sue and Nancy's questions to date. Note that the DTLS entry in the issues tracker remains open. Inclusion of the text at this point is intended=20 to facilitate resolution of any remaining issues. Major changes to sections 2,6,10,15, and smaller changes throughout. =09 5. Wording changes to clarify that the message types are messages--changes sections 5,6,7,8. Also re-numbered the message type values to remove gaps.=20 =09 6 Addition of a section for WaitJoin Timer, which was not defined. Need to determine a default value. =09 7. Wording changes in the intro and abstract partly due to DTLS changes, partly changing from passive to active voice,=20 clarity. =09 8. Removed "gold, platinum, bronze" and the like QOS descriptions, retaining the technical terms only The "metal" terms were used inconsistently in two places - one had uranium but the other didn't, and one included the technical terms=20 and the other didn't. =09 9. Inserted "IEEE" prior to "802.11" in reference - various sections =09 =09 Thanks, =09 Dorothy Stanley 630-363-1389=20 ------_=_NextPart_001_01C63BB0.919A9786 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
All,
 
In=20 addition to the changes listed by Dorothy, all of the items that are = currently=20 marked as resolved in tracker are also included in this draft. = Unfortunately,=20 due to travel schedules, the editors never had a chance to review some = of the=20 changes as a group, so it is possible that we end up having to back out = some of=20 the changes in the -01 revision.

Pat Calhoun
CTO, Wireless Networking = Business=20 Unit
Cisco Systems

 

From: Dorothy Stanley=20 [mailto:dstanley1389@gmail.com]
Sent: Sunday, February 26, = 2006=20 2:00 PM
To: capwap@frascone.com
Subject: [Capwap]=20 capwap-protocol-specification-00

CAPWAP WG members:

The = capwap-protocol-specification-00=20 draft has been submitted for publication as a working group item. I = did copy=20 the WG on the submission yesterday, but for some reason, that mail did = not=20 appear on the list.
I have asked Dorothy G and Mani to post it to = capwap.org, for = earlier=20 access.

PLEASE NOTE THAT THIS IS A -00 DRAFT - It is NOT final. = It is=20 subject to WG review.
There are many tracker issues still to be = resolved,=20 and new ones are being added.

Changes in this -00 draft include = the=20 following:

1. Protocol name change to "CAPWAP", per list=20 discussion

2. Addition of the three editors

3. Addition = of a=20 "Contributing Author"section, with the known contributing authors to=20 date.

4. Inclusion of DTLS as the CAPWAP protocol security = mechanism,=20 replacing the LWAPP
mechanism. Inserted and modified text reflects = Eric=20 and Scott's latest dtls spec, and the list comment discussion to = address Sue=20 and Nancy's questions to date.
Note that the DTLS entry = in the=20 issues tracker remains open. Inclusion of the text at this point is = intended=20
to facilitate resolution of any remaining issues. Major changes to = sections 2,6,10,15, and smaller changes = throughout.

5.=20 Wording changes to clarify that the message types are=20 messages--changes
sections 5,6,7,8. Also re-numbered the message = type=20 values to remove gaps.

6 Addition of = a=20 section for WaitJoin Timer, which was not defined. Need to determine a = default=20 value.

7. = Wording=20 changes in the intro and abstract partly due to DTLS changes, partly = changing=20 from passive to active voice, =
clarity.

8.=20 Removed "gold, platinum, bronze" and the like QOS descriptions, = retaining the=20 technical terms only
The "metal" terms were used inconsistently in = two=20 places - one had uranium but the other didn't, and one included the = technical=20 terms
and the other didn't.

9. Inserted "IEEE" prior to = "802.11" in=20 reference - various sections


Thanks,

Dorothy=20 Stanley
630-363-1389 ------_=_NextPart_001_01C63BB0.919A9786-- --===============1368300271== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============1368300271==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 27 10:24:45 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FDkEv-0000xv-J2 for capwap-archive@lists.ietf.org; Mon, 27 Feb 2006 10:24:45 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FDkEu-0006DU-5W for capwap-archive@lists.ietf.org; Mon, 27 Feb 2006 10:24:45 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id CB3AE4300A4 for ; Mon, 27 Feb 2006 07:24:43 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id E27D1430048 for ; Mon, 27 Feb 2006 07:24:18 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id D4045398029 for ; Mon, 27 Feb 2006 07:24:18 -0800 (PST) Received: from flyer.cs.umd.edu (flyer.cs.umd.edu [128.8.128.178]) by zoidberg.tigertech.net (Postfix) with ESMTP id ED1A5398026 for ; Mon, 27 Feb 2006 07:24:15 -0800 (PST) Received: from ismene (ismene.cs.umd.edu [128.8.126.62]) by flyer.cs.umd.edu (8.12.11/8.12.5) with ESMTP id k1RFOCc6018811; Mon, 27 Feb 2006 10:24:12 -0500 Date: Mon, 27 Feb 2006 10:23:26 -0500 (EST) From: "T. Charles Clancy" X-X-Sender: clancy@ismene To: zhaoyujin 31390 Subject: Re: [Capwap] One issue "In order to support NAT, I recommend that LWAPP only support one UDP port for Control tunnel and Data Tunnel" In-Reply-To: Message-ID: References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= X-Spam-Level: Cc: capwap@frascone.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 7aafa0432175920a4b3e118e16c5cb64 You bring up a good point, but I think it can be addressed without requiring the use of a single UDP port. In particular, during the DTLS handshake, authentication will occur. Using the authentication information, the AC can then associate the DTLS control port with the data port. Some additional text will likely be required to make this association explicit... in particular there will need to be some form of WTP identity in common between the DTLS ClientHello, and the CAPWAP Discovery Request. [ t. charles clancy ]--[ tcc@umd.edu ]--[ www.cs.umd.edu/~clancy ] [ computer science ]-----[ university of maryland | college park ] On Mon, 27 Feb 2006, zhaoyujin 31390 wrote: > Dear all: > > I recommend that LWAPP only support one UDP port for Control tunnel and > Data Tunnel. > > LWAPP protocol uses UDP packets, so that it can directly support NAT > passthrough. > > One basic scenario is that WTP is behind NAT device and AC is in public > network. For control tunnel, there are no problem. Because it is > initiated by WTP, NAT device can create corresponding table for LWAPP > control tunnel packets. > > The problems is: > > 1. The data packets can not be firstly sent from AC to WTP. > > 2. Even if WTP firstly sends pacekts, AC can get the corresponding > control tunnel with this LWAPP data tunnel based on the packets. > Because in one NAT device, there may be multiple WTP. All WTP's IP > addresses are same which is NAT device global IP address, and AC can not > know the data packets belonging to which AP. > > > Best regards > Yujin Zhao > H3Com > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap > > Archives: http://lists.frascone.com/pipermail/capwap > _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 27 13:10:37 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FDmpR-0008J7-Nk for capwap-archive@lists.ietf.org; Mon, 27 Feb 2006 13:10:37 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FDmpO-0004V6-TV for capwap-archive@lists.ietf.org; Mon, 27 Feb 2006 13:10:37 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 003114300B0 for ; Mon, 27 Feb 2006 10:10:33 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id BCF0B43006B for ; Mon, 27 Feb 2006 10:09:48 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id AB9F039802B for ; Mon, 27 Feb 2006 10:09:48 -0800 (PST) Received: from mgw-ext03.nokia.com (mgw-ext03.nokia.com [131.228.20.95]) by zoidberg.tigertech.net (Postfix) with ESMTP id B82F8398030 for ; Mon, 27 Feb 2006 10:09:41 -0800 (PST) Received: from esebh107.NOE.Nokia.com (esebh107.ntc.nokia.com [172.21.143.143]) by mgw-ext03.nokia.com (Switch-3.1.7/Switch-3.1.7) with ESMTP id k1RI8npB013466; Mon, 27 Feb 2006 20:08:51 +0200 Received: from daebh101.NOE.Nokia.com ([10.241.35.111]) by esebh107.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 27 Feb 2006 20:08:46 +0200 Received: from mvebe101.NOE.Nokia.com ([172.19.64.23]) by daebh101.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 27 Feb 2006 12:08:44 -0600 x-mimeole: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Subject: RE: [Capwap] capwap-protocol-specification-00 Date: Mon, 27 Feb 2006 10:08:39 -0800 Message-ID: <893AE265F4ADF94AB7FB26D31A788E4101B1186A@mvebe101.NOE.Nokia.com> In-Reply-To: <4FF84B0BC277FF45AA27FE969DD956A2017761F9@xmb-sjc-235.amer.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] capwap-protocol-specification-00 Thread-Index: AcY7ICF2Mtt9swAkQcCiQKiplTjwGgAkAmxgAAV3IDA= From: To: , , X-OriginalArrivalTime: 27 Feb 2006 18:08:44.0441 (UTC) FILETIME=[D8DBA890:01C63BC8] X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=1.387 tagged_above=-999 required=7 tests=HTML_40_50, HTML_MESSAGE, NO_REAL_NAME, SUBJ_HAS_UNIQ_ID X-Spam-Level: * Cc: X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============0973506925==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 1.4 (+) X-Scan-Signature: f5932bfc8385127f631fc458a872feb1 This is a multi-part message in MIME format. --===============0973506925== Content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C63BC8.D7DC94E5" This is a multi-part message in MIME format. ------_=_NextPart_001_01C63BC8.D7DC94E5 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Pat- =20 I'm aware that there were some last minute confusion among the Editors over the weekend regarding some text that wasn't adequately reviewed and agreed to by the Editors and WG. The chairs put a priority on getting a -00 CAPWAP draft out by the deadline so that the WG has copy to start evaluating. Please add an issue to the tracker to verify the overall text in relation to the 9 changed items listed in the -00 draft. =20 =20 I'd like to ask the WG to read, review and post comments to draft-ietf-capwap-protocol-specification-00.txt, especially in relation to the 9 changes noted in the draft so the Chairs can determine consensus. We'll set aside some time at the IETF meeting in Dallas to cover these issues in detail. =20 Many thanks to the CAPWAP Editors team for getting a -00 draft out to the WG. Its always difficult to create the first draft of a new WG item, and we appreciate the efforts to keep progress moving in the WG. =20 -DorothyG ________________________________ From: ext Pat Calhoun (pacalhou) [mailto:pcalhoun@cisco.com]=20 Sent: Monday, February 27, 2006 7:15 AM To: Dorothy Stanley; capwap@frascone.com Subject: RE: [Capwap] capwap-protocol-specification-00 All, =20 In addition to the changes listed by Dorothy, all of the items that are currently marked as resolved in tracker are also included in this draft. Unfortunately, due to travel schedules, the editors never had a chance to review some of the changes as a group, so it is possible that we end up having to back out some of the changes in the -01 revision. Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems =20 ________________________________ From: Dorothy Stanley [mailto:dstanley1389@gmail.com]=20 Sent: Sunday, February 26, 2006 2:00 PM To: capwap@frascone.com Subject: [Capwap] capwap-protocol-specification-00 =09 =09 CAPWAP WG members: =09 The capwap-protocol-specification-00 draft has been submitted for publication as a working group item. I did copy the WG on the submission yesterday, but for some reason, that mail did not appear on the list.=20 I have asked Dorothy G and Mani to post it to capwap.org , for earlier access. =09 PLEASE NOTE THAT THIS IS A -00 DRAFT - It is NOT final. It is subject to WG review.=20 There are many tracker issues still to be resolved, and new ones are being added. =09 Changes in this -00 draft include the following: =09 1. Protocol name change to "CAPWAP", per list discussion =09 2. Addition of the three editors =09 3. Addition of a "Contributing Author"section, with the known contributing authors to date. =09 4. Inclusion of DTLS as the CAPWAP protocol security mechanism, replacing the LWAPP=20 mechanism. Inserted and modified text reflects Eric and Scott's latest dtls spec, and the list comment discussion to address Sue and Nancy's questions to date. Note that the DTLS entry in the issues tracker remains open. Inclusion of the text at this point is intended=20 to facilitate resolution of any remaining issues. Major changes to sections 2,6,10,15, and smaller changes throughout. =09 5. Wording changes to clarify that the message types are messages--changes sections 5,6,7,8. Also re-numbered the message type values to remove gaps.=20 =09 6 Addition of a section for WaitJoin Timer, which was not defined. Need to determine a default value. =09 7. Wording changes in the intro and abstract partly due to DTLS changes, partly changing from passive to active voice,=20 clarity. =09 8. Removed "gold, platinum, bronze" and the like QOS descriptions, retaining the technical terms only The "metal" terms were used inconsistently in two places - one had uranium but the other didn't, and one included the technical terms=20 and the other didn't. =09 9. Inserted "IEEE" prior to "802.11" in reference - various sections =09 =09 Thanks, =09 Dorothy Stanley 630-363-1389=20 ------_=_NextPart_001_01C63BC8.D7DC94E5 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Hi Pat-
 
I'm aware that there were some last minute = confusion=20 among the Editors over the weekend regarding some text that wasn't = adequately=20 reviewed and agreed to by the Editors and WG.  The chairs put a = priority on=20 getting a -00 CAPWAP draft out by the deadline so that the WG has copy = to start=20 evaluating.  Please add an issue to the tracker to verify the = overall text=20 in relation to the 9 changed items listed in the -00 draft. =20
 
I'd like to ask the WG to read, review and = post=20 comments to draft-ietf-capwap-protocol-specification-00.txt, especially = in=20 relation to the 9 changes noted in the draft  so the Chairs = can=20 determine consensus.  We'll set aside some time at the IETF meeting = in=20 Dallas to cover these issues in detail.
 
Many thanks to the CAPWAP Editors team for = getting a=20 -00 draft out to the WG.  Its always difficult to create the first = draft of=20 a new WG item, and we appreciate the efforts to keep progress moving in = the=20 WG.
 
-DorothyG

From: ext Pat Calhoun (pacalhou)=20 [mailto:pcalhoun@cisco.com]
Sent: Monday, February 27, 2006 = 7:15=20 AM
To: Dorothy Stanley; capwap@frascone.com
Subject: = RE:=20 [Capwap] capwap-protocol-specification-00

All,
 
In=20 addition to the changes listed by Dorothy, all of the items that are = currently=20 marked as resolved in tracker are also included in this draft. = Unfortunately,=20 due to travel schedules, the editors never had a chance to review some = of the=20 changes as a group, so it is possible that we end up having to back out = some of=20 the changes in the -01 revision.

Pat Calhoun
CTO, Wireless Networking = Business=20 Unit
Cisco Systems

 

From: Dorothy Stanley=20 [mailto:dstanley1389@gmail.com]
Sent: Sunday, February 26, = 2006=20 2:00 PM
To: capwap@frascone.com
Subject: [Capwap]=20 capwap-protocol-specification-00

CAPWAP WG members:

The = capwap-protocol-specification-00=20 draft has been submitted for publication as a working group item. I = did copy=20 the WG on the submission yesterday, but for some reason, that mail did = not=20 appear on the list.
I have asked Dorothy G and Mani to post it to = capwap.org, for = earlier=20 access.

PLEASE NOTE THAT THIS IS A -00 DRAFT - It is NOT final. = It is=20 subject to WG review.
There are many tracker issues still to be = resolved,=20 and new ones are being added.

Changes in this -00 draft include = the=20 following:

1. Protocol name change to "CAPWAP", per list=20 discussion

2. Addition of the three editors

3. Addition = of a=20 "Contributing Author"section, with the known contributing authors to=20 date.

4. Inclusion of DTLS as the CAPWAP protocol security = mechanism,=20 replacing the LWAPP
mechanism. Inserted and modified text reflects = Eric=20 and Scott's latest dtls spec, and the list comment discussion to = address Sue=20 and Nancy's questions to date.
Note that the DTLS entry = in the=20 issues tracker remains open. Inclusion of the text at this point is = intended=20
to facilitate resolution of any remaining issues. Major changes to = sections 2,6,10,15, and smaller changes = throughout.

5.=20 Wording changes to clarify that the message types are=20 messages--changes
sections 5,6,7,8. Also re-numbered the message = type=20 values to remove gaps.

6 Addition of = a=20 section for WaitJoin Timer, which was not defined. Need to determine a = default=20 value.

7. = Wording=20 changes in the intro and abstract partly due to DTLS changes, partly = changing=20 from passive to active voice, =
clarity.

8.=20 Removed "gold, platinum, bronze" and the like QOS descriptions, = retaining the=20 technical terms only
The "metal" terms were used inconsistently in = two=20 places - one had uranium but the other didn't, and one included the = technical=20 terms
and the other didn't.

9. Inserted "IEEE" prior to = "802.11" in=20 reference - various sections


Thanks,

Dorothy=20 Stanley
630-363-1389 ------_=_NextPart_001_01C63BC8.D7DC94E5-- --===============0973506925== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============0973506925==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 27 14:24:09 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FDnyb-0000vf-QS for capwap-archive@lists.ietf.org; Mon, 27 Feb 2006 14:24:09 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FDnyZ-00078q-NG for capwap-archive@lists.ietf.org; Mon, 27 Feb 2006 14:24:09 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 5EDFD43006B for ; Mon, 27 Feb 2006 11:24:06 -0800 (PST) Received: from hermes.tigertech.net (hermes.tigertech.net [64.71.157.146]) by leela.tigertech.net (Postfix) with ESMTP id A7CE4430048 for ; Mon, 27 Feb 2006 11:23:27 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 9833880C14B for ; Mon, 27 Feb 2006 11:23:27 -0800 (PST) Received: from sj-iport-4.cisco.com (sj-iport-4.cisco.com [171.68.10.86]) by hermes.tigertech.net (Postfix) with ESMTP id 69E4780C122 for ; Mon, 27 Feb 2006 11:23:26 -0800 (PST) Received: from sj-core-4.cisco.com ([171.68.223.138]) by sj-iport-4.cisco.com with ESMTP; 27 Feb 2006 11:23:25 -0800 X-IronPort-AV: i="4.02,150,1139212800"; d="scan'208,217"; a="1780090495:sNHT58411084" Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-4.cisco.com (8.12.10/8.12.6) with ESMTP id k1RJNPXf013043; Mon, 27 Feb 2006 11:23:25 -0800 (PST) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Mon, 27 Feb 2006 11:23:25 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Subject: RE: [Capwap] capwap-protocol-specification-00 Date: Mon, 27 Feb 2006 11:23:24 -0800 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A2017763BC@xmb-sjc-235.amer.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] capwap-protocol-specification-00 Thread-Index: AcY7ICF2Mtt9swAkQcCiQKiplTjwGgAkAmxgAAV3IDAAA0eCwA== From: "Pat Calhoun (pacalhou)" To: , , X-OriginalArrivalTime: 27 Feb 2006 19:23:25.0778 (UTC) FILETIME=[47F16B20:01C63BD3] X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=1.583 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE, HTML_40_50, HTML_MESSAGE, SUBJ_HAS_UNIQ_ID X-Spam-Level: * Cc: X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1753937149==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 1.2 (+) X-Scan-Signature: 4c358d334afcd91b425d436ca5722f22 This is a multi-part message in MIME format. --===============1753937149== Content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C63BD3.47B7689B" This is a multi-part message in MIME format. ------_=_NextPart_001_01C63BD3.47B7689B Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Just to follow onto Dorothy's message, please review not only the 9 changes listed by DorothyS, but also all of the tracker entries marked as resolved. Tracker can be found at http://www.capwap.org/cgi-bin/roundup/CAPWAP/index =20 =20 Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems =20 ________________________________ From: Dorothy.Gellert@nokia.com [mailto:Dorothy.Gellert@nokia.com]=20 Sent: Monday, February 27, 2006 10:09 AM To: Pat Calhoun (pacalhou); dstanley1389@gmail.com; capwap@frascone.com Subject: RE: [Capwap] capwap-protocol-specification-00 =09 =09 Hi Pat- =20 I'm aware that there were some last minute confusion among the Editors over the weekend regarding some text that wasn't adequately reviewed and agreed to by the Editors and WG. The chairs put a priority on getting a -00 CAPWAP draft out by the deadline so that the WG has copy to start evaluating. Please add an issue to the tracker to verify the overall text in relation to the 9 changed items listed in the -00 draft. =20 =20 I'd like to ask the WG to read, review and post comments to draft-ietf-capwap-protocol-specification-00.txt, especially in relation to the 9 changes noted in the draft so the Chairs can determine consensus. We'll set aside some time at the IETF meeting in Dallas to cover these issues in detail. =20 Many thanks to the CAPWAP Editors team for getting a -00 draft out to the WG. Its always difficult to create the first draft of a new WG item, and we appreciate the efforts to keep progress moving in the WG. =20 -DorothyG ________________________________ From: ext Pat Calhoun (pacalhou) [mailto:pcalhoun@cisco.com]=20 Sent: Monday, February 27, 2006 7:15 AM To: Dorothy Stanley; capwap@frascone.com Subject: RE: [Capwap] capwap-protocol-specification-00 =09 =09 All, =20 In addition to the changes listed by Dorothy, all of the items that are currently marked as resolved in tracker are also included in this draft. Unfortunately, due to travel schedules, the editors never had a chance to review some of the changes as a group, so it is possible that we end up having to back out some of the changes in the -01 revision. Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems =20 ________________________________ From: Dorothy Stanley [mailto:dstanley1389@gmail.com]=20 Sent: Sunday, February 26, 2006 2:00 PM To: capwap@frascone.com Subject: [Capwap] capwap-protocol-specification-00 =09 =09 CAPWAP WG members: =09 The capwap-protocol-specification-00 draft has been submitted for publication as a working group item. I did copy the WG on the submission yesterday, but for some reason, that mail did not appear on the list.=20 I have asked Dorothy G and Mani to post it to capwap.org , for earlier access. =09 PLEASE NOTE THAT THIS IS A -00 DRAFT - It is NOT final. It is subject to WG review.=20 There are many tracker issues still to be resolved, and new ones are being added. =09 Changes in this -00 draft include the following: =09 1. Protocol name change to "CAPWAP", per list discussion =09 2. Addition of the three editors =09 3. Addition of a "Contributing Author"section, with the known contributing authors to date. =09 4. Inclusion of DTLS as the CAPWAP protocol security mechanism, replacing the LWAPP=20 mechanism. Inserted and modified text reflects Eric and Scott's latest dtls spec, and the list comment discussion to address Sue and Nancy's questions to date. Note that the DTLS entry in the issues tracker remains open. Inclusion of the text at this point is intended=20 to facilitate resolution of any remaining issues. Major changes to sections 2,6,10,15, and smaller changes throughout. =09 5. Wording changes to clarify that the message types are messages--changes sections 5,6,7,8. Also re-numbered the message type values to remove gaps.=20 =09 6 Addition of a section for WaitJoin Timer, which was not defined. Need to determine a default value. =09 7. Wording changes in the intro and abstract partly due to DTLS changes, partly changing from passive to active voice,=20 clarity. =09 8. Removed "gold, platinum, bronze" and the like QOS descriptions, retaining the technical terms only The "metal" terms were used inconsistently in two places - one had uranium but the other didn't, and one included the technical terms=20 and the other didn't. =09 9. Inserted "IEEE" prior to "802.11" in reference - various sections =09 =09 Thanks, =09 Dorothy Stanley 630-363-1389=20 ------_=_NextPart_001_01C63BD3.47B7689B Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Just=20 to follow onto Dorothy's message, please review not only the 9 changes = listed by=20 DorothyS, but also all of the tracker entries marked as resolved. = Tracker can be=20 found at http://www.ca= pwap.org/cgi-bin/roundup/CAPWAP/index
 

Pat Calhoun
CTO, Wireless Networking = Business=20 Unit
Cisco Systems

 

From: Dorothy.Gellert@nokia.com=20 [mailto:Dorothy.Gellert@nokia.com]
Sent: Monday, February = 27, 2006=20 10:09 AM
To: Pat Calhoun (pacalhou); dstanley1389@gmail.com; = capwap@frascone.com
Subject: RE: [Capwap]=20 capwap-protocol-specification-00

Hi Pat-
 
I'm aware that there were some last minute = confusion=20 among the Editors over the weekend regarding some text that wasn't = adequately=20 reviewed and agreed to by the Editors and WG.  The chairs put a = priority=20 on getting a -00 CAPWAP draft out by the deadline so that the WG has = copy to=20 start evaluating.  Please add an issue to the tracker to verify = the=20 overall text in relation to the 9 changed items listed in the -00 = draft. =20
 
I'd like to ask the WG to read, review and = post=20 comments to draft-ietf-capwap-protocol-specification-00.txt, = especially in=20 relation to the 9 changes noted in the draft  so the Chairs = can=20 determine consensus.  We'll set aside some time at the IETF = meeting in=20 Dallas to cover these issues in detail.
 
Many thanks to the CAPWAP Editors team for = getting a=20 -00 draft out to the WG.  Its always difficult to create the = first draft=20 of a new WG item, and we appreciate the efforts to keep progress = moving in the=20 WG.
 
-DorothyG

From: ext Pat Calhoun (pacalhou)=20 [mailto:pcalhoun@cisco.com]
Sent: Monday, February 27, 2006 = 7:15=20 AM
To: Dorothy Stanley; = capwap@frascone.com
Subject: RE:=20 [Capwap] capwap-protocol-specification-00

All,
 
In=20 addition to the changes listed by Dorothy, all of the items that are = currently=20 marked as resolved in tracker are also included in this draft. = Unfortunately,=20 due to travel schedules, the editors never had a chance to review some = of the=20 changes as a group, so it is possible that we end up having to back = out some=20 of the changes in the -01 revision.

Pat Calhoun
CTO, Wireless Networking = Business=20 Unit
Cisco Systems

 

From: Dorothy Stanley=20 [mailto:dstanley1389@gmail.com]
Sent: Sunday, February = 26, 2006=20 2:00 PM
To: capwap@frascone.com
Subject: = [Capwap]=20 capwap-protocol-specification-00

CAPWAP WG members:

The = capwap-protocol-specification-00=20 draft has been submitted for publication as a working group item. I = did copy=20 the WG on the submission yesterday, but for some reason, that mail = did not=20 appear on the list.
I have asked Dorothy G and Mani to post it = to capwap.org, for = earlier=20 access.

PLEASE NOTE THAT THIS IS A -00 DRAFT - It is NOT = final. It is=20 subject to WG review.
There are many tracker issues still to be=20 resolved, and new ones are being added.

Changes in this -00 = draft=20 include the following:

1. Protocol name change to "CAPWAP", = per list=20 discussion

2. Addition of the three editors

3. = Addition of a=20 "Contributing Author"section, with the known contributing authors to = date.

4. Inclusion of DTLS as the CAPWAP protocol security = mechanism,=20 replacing the LWAPP
mechanism. Inserted and modified text = reflects Eric=20 and Scott's latest dtls spec, and the list comment discussion to = address Sue=20 and Nancy's questions to date.
Note that the DTLS entry = in the=20 issues tracker remains open. Inclusion of the text at this point is = intended=20
to facilitate resolution of any remaining issues. Major changes = to=20 sections 2,6,10,15, and smaller changes = throughout.

5.=20 Wording changes to clarify that the message types are=20 messages--changes
sections 5,6,7,8. Also re-numbered the message = type=20 values to remove gaps.

6 Addition = of a=20 section for WaitJoin Timer, which was not defined. Need to determine = a=20 default value.

7.=20 Wording changes in the intro and abstract partly due to = DTLS=20 changes, partly changing from passive to active voice,=20
clarity.

8. Removed "gold, = platinum,=20 bronze" and the like QOS descriptions, retaining the technical terms = only
The "metal" terms were used inconsistently in two places - = one had=20 uranium but the other didn't, and one included the technical terms =
and=20 the other didn't.

9. Inserted "IEEE" prior to "802.11" in = reference -=20 various sections


Thanks,

Dorothy=20 Stanley
630-363-1389 =
------_=_NextPart_001_01C63BD3.47B7689B-- --===============1753937149== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============1753937149==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 27 21:58:35 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FDv4M-0004id-W7 for capwap-archive@lists.ietf.org; Mon, 27 Feb 2006 21:58:34 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FDv4L-0001AW-7Y for capwap-archive@lists.ietf.org; Mon, 27 Feb 2006 21:58:34 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 10DF54300C2 for ; Mon, 27 Feb 2006 18:58:32 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 6B4D443004F for ; Mon, 27 Feb 2006 18:57:56 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 54832398038 for ; Mon, 27 Feb 2006 18:57:56 -0800 (PST) Received: from smtp1.mei.co.jp (smtp.mei.co.jp [133.183.129.25]) by zoidberg.tigertech.net (Postfix) with ESMTP id 15B6939802B for ; Mon, 27 Feb 2006 18:57:53 -0800 (PST) Received: from mail-gw.jp.panasonic.com (dodgers.mei.co.jp [157.8.1.150]) by smtp1.mei.co.jp (8.12.10/3.7W/kings) with ESMTP id k1S2vps6001081; Tue, 28 Feb 2006 11:57:51 +0900 (JST) Received: by mail-gw.jp.panasonic.com (8.11.6p2/3.7W/somlx2) with ESMTP id k1S2vr915963; Tue, 28 Feb 2006 11:57:53 +0900 (JST) Received: from localhost (localhost [127.0.0.1]) by mail.jp.panasonic.com (8.11.6p2/3.7W/mariners) with SMTP id k1S2vqG05104; Tue, 28 Feb 2006 11:57:52 +0900 (JST) Content-class: urn:content-classes:message MIME-Version: 1.0 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Subject: RE: [Capwap] capwap-protocol-specification-00 Date: Tue, 28 Feb 2006 11:00:10 +0800 Message-ID: <5F09D220B62F79418461A978CA0921BDB23FBB@pslexc01.psl.local> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] capwap-protocol-specification-00 Thread-Index: AcY7H/JECX8sgcDsQcKdLs4GT2+/gAA8M2/g From: "Saravanan Govindan" To: "Dorothy Stanley" , X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=1.574 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE, FORGED_RCVD_HELO, HTML_60_70, HTML_MESSAGE, SUBJ_HAS_UNIQ_ID X-Spam-Level: * Cc: X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1208137661==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 1.2 (+) X-Scan-Signature: 3dc828214e948ff35b815af10e94a823 This is a multi-part message in MIME format. --===============1208137661== Content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C63C12.99E3DC8A" This is a multi-part message in MIME format. ------_=_NextPart_001_01C63C12.99E3DC8A Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi All, =20 I can imagine it took a lot of work to put the protocol specifications together. I'd like to thank the team for their efforts.=20 =20 I just started reading the draft. From my brief review, I think we should include references to the Architecture Taxonomy and Objectives. This would particularly be helpful for those new to the CAPWAP protocol to better understand concepts such as split and local MAC. =20 I'll go through the draft to see where exactly to make the references.=20 =20 Cheers, Saravanan =20 =20 =20 =20 ________________________________ From: Dorothy Stanley [mailto:dstanley1389@gmail.com]=20 Sent: Monday, February 27, 2006 6:00 AM To: capwap@frascone.com Subject: [Capwap] capwap-protocol-specification-00 =20 CAPWAP WG members: The capwap-protocol-specification-00 draft has been submitted for publication as a working group item. I did copy the WG on the submission yesterday, but for some reason, that mail did not appear on the list.=20 I have asked Dorothy G and Mani to post it to capwap.org , for earlier access. PLEASE NOTE THAT THIS IS A -00 DRAFT - It is NOT final. It is subject to WG review.=20 There are many tracker issues still to be resolved, and new ones are being added. Changes in this -00 draft include the following: 1. Protocol name change to "CAPWAP", per list discussion 2. Addition of the three editors 3. Addition of a "Contributing Author"section, with the known contributing authors to date. 4. Inclusion of DTLS as the CAPWAP protocol security mechanism, replacing the LWAPP=20 mechanism. Inserted and modified text reflects Eric and Scott's latest dtls spec, and the list comment discussion to address Sue and Nancy's questions to date. Note that the DTLS entry in the issues tracker remains open. Inclusion of the text at this point is intended=20 to facilitate resolution of any remaining issues. Major changes to sections 2,6,10,15, and smaller changes throughout. 5. Wording changes to clarify that the message types are messages--changes sections 5,6,7,8. Also re-numbered the message type values to remove gaps.=20 6 Addition of a section for WaitJoin Timer, which was not defined. Need to determine a default value. 7. Wording changes in the intro and abstract partly due to DTLS changes, partly changing from passive to active voice,=20 clarity. 8. Removed "gold, platinum, bronze" and the like QOS descriptions, retaining the technical terms only The "metal" terms were used inconsistently in two places - one had uranium but the other didn't, and one included the technical terms=20 and the other didn't. 9. Inserted "IEEE" prior to "802.11" in reference - various sections Thanks, Dorothy Stanley 630-363-1389=20 ------_=_NextPart_001_01C63C12.99E3DC8A Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi All,

 

I can imagine it took a lot of work to put the = protocol specifications together. I’d like to thank the team for their = efforts.

 

I just started reading the draft. From my brief = review, I think we should include references to the Architecture Taxonomy and = Objectives. This would particularly be helpful for those new to the CAPWAP protocol = to better understand concepts such as split and local = MAC.

 

I’ll go through the draft to see where exactly = to make the references.

 

Cheers,


Saravanan

 

 

 

 

From: = Dorothy Stanley [mailto:dstanley1389@gmail.com]
Sent: Monday, February = 27, 2006 6:00 AM
To: = capwap@frascone.com
Subject: [Capwap] capwap-protocol-specification-00

 

CAPWAP WG members:

The capwap-protocol-specification-00 draft has been submitted for = publication as a working group item. I did copy the WG on the submission yesterday, = but for some reason, that mail did not appear on the list.
I have asked Dorothy G and Mani to post it to capwap.org, for earlier access.

PLEASE NOTE THAT THIS IS A -00 DRAFT - It is NOT final. It is subject to = WG review.
There are many tracker issues still to be resolved, and new ones are = being added.

Changes in this -00 draft include the following:

1. Protocol name change to "CAPWAP", per list discussion

2. Addition of the three editors

3. Addition of a "Contributing Author"section, with the known contributing authors to date.

4. Inclusion of DTLS as the CAPWAP protocol security mechanism, = replacing the LWAPP
mechanism. Inserted and modified text reflects Eric and Scott's latest = dtls spec, and the list comment discussion to address Sue and Nancy's questions to = date.
Note that the DTLS entry in the issues tracker remains open. Inclusion = of the text at this point is intended
to facilitate resolution of any remaining issues. Major changes to = sections 2,6,10,15, and smaller changes throughout.

5. Wording changes to clarify that the message types are = messages--changes
sections 5,6,7,8. Also re-numbered the message type values to remove = gaps.

6 Addition of a section for WaitJoin Timer, which was not defined. Need = to determine a default value.

7. Wording changes in the intro and abstract partly due to DTLS changes, = partly changing from passive to active voice,
clarity.

8. Removed "gold, platinum, bronze" and the like QOS = descriptions, retaining the technical terms only
The "metal" terms were used inconsistently in two places - one = had uranium but the other didn't, and one included the technical terms
and the other didn't.

9. Inserted "IEEE" prior to "802.11" in reference - = various sections


Thanks,

Dorothy Stanley
630-363-1389

------_=_NextPart_001_01C63C12.99E3DC8A-- --===============1208137661== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============1208137661==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Feb 27 22:22:02 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FDvR4-00044q-H8 for capwap-archive@lists.ietf.org; Mon, 27 Feb 2006 22:22:02 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FDvR2-00027P-3S for capwap-archive@lists.ietf.org; Mon, 27 Feb 2006 22:22:02 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id AA8964300E6 for ; Mon, 27 Feb 2006 19:21:59 -0800 (PST) Received: from hermes.tigertech.net (hermes.tigertech.net [64.71.157.146]) by leela.tigertech.net (Postfix) with ESMTP id ED2B043006B for ; Mon, 27 Feb 2006 19:21:35 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id DF1B480C143 for ; Mon, 27 Feb 2006 19:21:34 -0800 (PST) Received: from shell4.bayarea.net (shell4.BAYAREA.NET [209.128.82.1]) by hermes.tigertech.net (Postfix) with ESMTP id B229F80C130 for ; Mon, 27 Feb 2006 19:21:31 -0800 (PST) Received: from shell4.bayarea.net (localhost [127.0.0.1]) by shell4.bayarea.net (8.12.11/8.12.11) with ESMTP id k1S3LULD021456; Mon, 27 Feb 2006 19:21:30 -0800 Received: from localhost (dperkins@localhost) by shell4.bayarea.net (8.12.11/8.12.11/Submit) with ESMTP id k1S3LTiA021440; Mon, 27 Feb 2006 19:21:30 -0800 X-Authentication-Warning: shell4.bayarea.net: dperkins owned process doing -bs Date: Mon, 27 Feb 2006 19:21:28 -0800 (PST) From: "David T. Perkins" X-Sender: dperkins@shell4.bayarea.net To: zhaoyujin 31390 Subject: Re: [Capwap] One issue "In order to support NAT, I recommend that LWAPP only support one UDP port for Control tunnel and Data Tunnel" In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= X-Spam-Level: Cc: capwap@frascone.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 8b30eb7682a596edff707698f4a80f7d HI, CAPWAP with NATs has come up from time to time on this list, and people have claimed that it is a "typical" or "basic" scenario. I'm sorry, but I don't see it. Before the WG spends time resolving this issue, I'd really like to see STRONG justifications. That is, why would you deploy a CAPWAP system split this way? And if CAPWAP didn't support this NAT split, what would it cost you, or what would you not be able to do? On Mon, 27 Feb 2006, zhaoyujin 31390 wrote: > Dear all: > > I recommend that LWAPP only support one UDP port for Control tunnel and Data Tunnel. > > LWAPP protocol uses UDP packets, so that it can directly support NAT passthrough. > > One basic scenario is that WTP is behind NAT device and AC is in public network. For control tunnel, there are no problem. Because it is initiated by WTP, NAT device can create corresponding table for LWAPP control tunnel packets. > > The problems is: > > 1. The data packets can not be firstly sent from AC to WTP. > > 2. Even if WTP firstly sends pacekts, AC can get the corresponding control tunnel with this LWAPP data tunnel based on the packets. Because in one NAT device, there may be multiple WTP. All WTP's IP addresses are same which is NAT device global IP address, and AC can not know the data packets belonging to which AP. > > > Best regards > Yujin Zhao > H3Com Regards, /david t. perkins _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Feb 28 10:16:42 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FE6ag-0000K9-QQ for capwap-archive@lists.ietf.org; Tue, 28 Feb 2006 10:16:42 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FE6af-0006wU-BW for capwap-archive@lists.ietf.org; Tue, 28 Feb 2006 10:16:42 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id 4B6774300D1 for ; Tue, 28 Feb 2006 07:16:40 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id 874D243006C for ; Tue, 28 Feb 2006 07:16:16 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 79A53398017 for ; Tue, 28 Feb 2006 07:16:16 -0800 (PST) X-Greylist-Status: Sender first seen 00:01:53 ago Received: from co300216-ier2.net.avaya.com (co300216-ier2.net.avaya.com [198.152.13.103]) by zoidberg.tigertech.net (Postfix) with ESMTP id 85ED4398019 for ; Tue, 28 Feb 2006 07:16:13 -0800 (PST) Received: from tierw.net.avaya.com (h198-152-13-100.avaya.com [198.152.13.100]) by co300216-ier2.net.avaya.com (Switch-3.1.7/Switch-3.1.7) with ESMTP id k1SEA8JB023987 for ; Tue, 28 Feb 2006 09:10:09 -0500 Received: from nj7460avexu1.global.avaya.com (h198-152-6-51.avaya.com [198.152.6.51]) by tierw.net.avaya.com (Switch-3.1.2/Switch-3.1.0) with ESMTP id k1SEwYYj017271 for ; Tue, 28 Feb 2006 09:58:35 -0500 (EST) X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [Capwap] One issue "In order to support NAT, I recommend thatLWAPP only support one UDP port for Control tunnel and Data Tunnel" Date: Tue, 28 Feb 2006 10:14:16 -0500 Message-ID: <36641C39E22F674894213328DD9E52B22F0A07@nj7460avexu1.global.avaya.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] One issue "In order to support NAT, I recommend thatLWAPP only support one UDP port for Control tunnel and Data Tunnel" Thread-Index: AcY8FiEI2jdZeaw5SzmsZEFyMIUaqAAYg7Mw From: "Sadot, Emek (Emek)" To: "David T. Perkins" , "zhaoyujin 31390" X-Scanner: InterScan AntiVirus for Sendmail X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= X-Spam-Level: Cc: capwap@frascone.com X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: bdc523f9a54890b8a30dd6fd53d5d024 David, I was under the impression that the working group already went through the "justification" process. To refresh our memory, I believe that the key points that were brought up discussed the possibility that a service provider will connect their AC to their customer's WTPs across a NAT device, or a cooperation which segments its facilities by NAT devices and deploy the AC at the main site and the WTPs at remote sites (private side of NAT), or perhaps a deployment scenario would be some sort of a hosted solutions environment, where the WTPs in the different NAT'ed customer enterprise sites are controlled by a central AC which is part of the provider's hosted solutions equipment. My belief is that the CAPWAP protocol should not disallow the NAT traversal. Regards, Emek=20 -----Original Message----- From: David T. Perkins [mailto:dperkins@dsperkins.com]=20 Sent: Monday, February 27, 2006 10:21 PM To: zhaoyujin 31390 Cc: capwap@frascone.com Subject: Re: [Capwap] One issue "In order to support NAT, I recommend thatLWAPP only support one UDP port for Control tunnel and Data Tunnel" HI, CAPWAP with NATs has come up from time to time on this list, and people have claimed that it is a "typical" or "basic" scenario. I'm sorry, but I don't see it. Before the WG spends time resolving this issue, I'd really like to see STRONG justifications. That is, why would you deploy a CAPWAP system split this way? And if CAPWAP didn't support this NAT split, what would it cost you, or what would you not be able to do? On Mon, 27 Feb 2006, zhaoyujin 31390 wrote: > Dear all: >=20 > I recommend that LWAPP only support one UDP port for Control tunnel and Data Tunnel.=20 >=20 > LWAPP protocol uses UDP packets, so that it can directly support NAT passthrough. >=20 > One basic scenario is that WTP is behind NAT device and AC is in public network. For control tunnel, there are no problem. Because it is initiated by WTP, NAT device can create corresponding table for LWAPP control tunnel packets.=20 >=20 > The problems is: >=20 > 1. The data packets can not be firstly sent from AC to WTP. >=20 > 2. Even if WTP firstly sends pacekts, AC can get the corresponding control tunnel with this LWAPP data tunnel based on the packets. Because in one NAT device, there may be multiple WTP. All WTP's IP addresses are same which is NAT device global IP address, and AC can not know the data packets belonging to which AP. >=20 >=20 > Best regards > Yujin Zhao > H3Com Regards, /david t. perkins _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Feb 28 15:29:33 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FEBTR-0004iE-3e for capwap-archive@lists.ietf.org; Tue, 28 Feb 2006 15:29:33 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FEBTP-00019n-Ld for capwap-archive@lists.ietf.org; Tue, 28 Feb 2006 15:29:33 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id D122C4300C2 for ; Tue, 28 Feb 2006 12:29:30 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id F0B0B43006C for ; Tue, 28 Feb 2006 12:29:03 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id DA038398032 for ; Tue, 28 Feb 2006 12:29:03 -0800 (PST) Received: from pop-tawny.atl.sa.earthlink.net (pop-tawny.atl.sa.earthlink.net [207.69.195.67]) by zoidberg.tigertech.net (Postfix) with ESMTP id 6F36D398034 for ; Tue, 28 Feb 2006 12:29:00 -0800 (PST) Received: from elwamui-hybrid.atl.sa.earthlink.net ([209.86.224.36]) by pop-tawny.atl.sa.earthlink.net with esmtp (Exim 3.36 #10) id 1FEBBM-0001eJ-00 for capwap@frascone.com; Tue, 28 Feb 2006 15:10:52 -0500 Message-ID: <2766590.1141157452435.JavaMail.root@elwamui-hybrid.atl.sa.earthlink.net> Date: Tue, 28 Feb 2006 12:10:52 -0800 (GMT-08:00) From: "Scott G. Kelly" To: capwap Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailer: EarthLink Zoo Mail 1.0 X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=3 tagged_above=-999 required=7 tests=RCVD_IN_BL_SPAMCOP_NET X-Spam-Level: *** Subject: [Capwap] RE: One issue "In order to support NAT, I recommend thatLWAPP only support one UDP port for Control tunnel and Data Tunnel" X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Scott G. Kelly" List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 1.8 (+) X-Scan-Signature: 31247fb3be228bb596db9127becad0bc I, like David, wonder how realistic this concern might be. In the first case described below (MSP's cloud-based AC manages customer WTP), where does this WTP reside with respect to the Internet? Wouldn't the provider need a secure tunnel to the customer edge in such cases? The alternative is unauthenticated tuple-based firewall holes - not a pretty picture from a security perspective. In the second case described below (NAT traversal within a single administrative domain), is this realistic? Seems more like an abberation than a common case, and it seems clear that we don' t want to add this level of complexity just so we can deal with an edge case. It seems like the operational issues with this topology would more than out-weigh any benefit. ---------------------------------------------------------------- From: Sadot, Emek (Emek) (esadotavaya.com) Date: Tue, 28 Feb 2006 07:16:16 -0800 (PST) David, I was under the impression that the working group already went through the "justification" process. To refresh our memory, I believe that the key points that were brought up discussed the possibility that a service provider will connect their AC to their customer's WTPs across a NAT device, or a cooperation which segments its facilities by NAT devices and deploy the AC at the main site and the WTPs at remote sites (private side of NAT), or perhaps a deployment scenario would be some sort of a hosted solutions environment, where the WTPs in the different NAT'ed customer enterprise sites are controlled by a central AC which is part of the provider's hosted solutions equipment. My belief is that the CAPWAP protocol should not disallow the NAT traversal. Regards, Emek -----Original Message----- From: David T. Perkins [mailto:dperkins [at] dsperkins.com] Sent: Monday, February 27, 2006 10:21 PM To: zhaoyujin 31390 Cc: capwap [at] frascone.com Subject: Re: [Capwap] One issue "In order to support NAT, I recommend thatLWAPP only support one UDP port for Control tunnel and Data Tunnel" HI, CAPWAP with NATs has come up from time to time on this list, and people have claimed that it is a "typical" or "basic" scenario. I'm sorry, but I don't see it. Before the WG spends time resolving this issue, I'd really like to see STRONG justifications. That is, why would you deploy a CAPWAP system split this way? And if CAPWAP didn't support this NAT split, what would it cost you, or what would you not be able to do? On Mon, 27 Feb 2006, zhaoyujin 31390 wrote: > Dear all: > > I recommend that LWAPP only support one UDP port for Control tunnel and Data Tunnel. > > LWAPP protocol uses UDP packets, so that it can directly support NAT passthrough. > > One basic scenario is that WTP is behind NAT device and AC is in public network. For control tunnel, there are no problem. Because it is initiated by WTP, NAT device can create corresponding table for LWAPP control tunnel packets. > > The problems is: > > 1. The data packets can not be firstly sent from AC to WTP. > > 2. Even if WTP firstly sends pacekts, AC can get the corresponding control tunnel with this LWAPP data tunnel based on the packets. Because in one NAT device, there may be multiple WTP. All WTP's IP addresses are same which is NAT device global IP address, and AC can not know the data packets belonging to which AP. > > > Best regards > Yujin Zhao > H3Com Regards, /david t. perkins _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Feb 28 18:04:46 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FEDte-0005Vd-Ql for capwap-archive@lists.ietf.org; Tue, 28 Feb 2006 18:04:46 -0500 Received: from leela.tigertech.net ([64.71.157.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FEDj6-0003ko-Tq for capwap-archive@lists.ietf.org; Tue, 28 Feb 2006 17:53:54 -0500 Received: from leela.tigertech.net (localhost [127.0.0.1]) by leela.tigertech.net (Postfix) with ESMTP id F0F034302E1 for ; Tue, 28 Feb 2006 14:53:51 -0800 (PST) Received: from zoidberg.tigertech.net (zoidberg.tigertech.net [64.71.157.135]) by leela.tigertech.net (Postfix) with ESMTP id C7E154300CC for ; Tue, 28 Feb 2006 14:43:35 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id B784139803B for ; Tue, 28 Feb 2006 14:43:35 -0800 (PST) Received: from shell4.bayarea.net (shell4.BAYAREA.NET [209.128.82.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id A9FCA398019 for ; Tue, 28 Feb 2006 14:43:33 -0800 (PST) Received: from shell4.bayarea.net (localhost [127.0.0.1]) by shell4.bayarea.net (8.12.11/8.12.11) with ESMTP id k1SMhWdl017052; Tue, 28 Feb 2006 14:43:32 -0800 Received: from localhost (dperkins@localhost) by shell4.bayarea.net (8.12.11/8.12.11/Submit) with ESMTP id k1SMhWkk017049; Tue, 28 Feb 2006 14:43:32 -0800 X-Authentication-Warning: shell4.bayarea.net: dperkins owned process doing -bs Date: Tue, 28 Feb 2006 14:43:32 -0800 (PST) From: "David T. Perkins" X-Sender: dperkins@shell4.bayarea.net To: "Scott G. Kelly" Subject: Re: [Capwap] RE: One issue "In order to support NAT, I recommend thatLWAPP only support one UDP port for Control tunnel and Data Tunnel" In-Reply-To: <2766590.1141157452435.JavaMail.root@elwamui-hybrid.atl.sa.earthlink.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= X-Spam-Level: Cc: capwap X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 37af5f8fbf6f013c5b771388e24b09e7 HI Emek, Last time around the scenario that you described below was brought up, I believe I asked questions like, "what IP address would the STA's get, and where would their data be terminated". I don't remember seeing a response. If there is a single WTP behind a NAT in a geographical area, I believe that using a CAPWAP system is inappropriate. It would be more cost effective (for both hardware and operations costs) to use a "stand alone AP". Also, I'm not sure if all CAPWAP ACs support multiple groups of separately geograpically located WTPs. Note that since an AC is a single point of failure, I certainly would not want to be in a position as a service provider where I had multiple customers share the same fate, unless the cost of the alternative was prohibative. I don't believe that this is the case. I really do want to hear motivations, with the alternative listed, and the tradeoffs for each approach. I've listed some of the cons, can you list some of the pros? Thanks, /david t. perkins On Tue, 28 Feb 2006, Scott G. Kelly wrote: > I, like David, wonder how realistic this concern might be. In the first case described below (MSP's cloud-based AC manages customer WTP), where does this WTP reside with respect to the Internet? Wouldn't the provider need a secure tunnel to the customer edge in such cases? The alternative is unauthenticated tuple-based firewall holes - not a pretty picture from a security perspective. > > In the second case described below (NAT traversal within a single administrative domain), is this realistic? Seems more like an abberation than a common case, and it seems clear that we don' t want to add this level of complexity just so we can deal with an edge case. It seems like the operational issues with this topology would more than out-weigh any benefit. > > ---------------------------------------------------------------- > From: Sadot, Emek (Emek) (esadotavaya.com) > Date: Tue, 28 Feb 2006 07:16:16 -0800 (PST) > > David, > > I was under the impression that the working group already went through > the "justification" process. To refresh our memory, I believe that the > key points that were brought up discussed the possibility that a service > provider will connect their AC to their customer's WTPs across a NAT > device, or a cooperation which segments its facilities by NAT devices > and deploy the AC at the main site and the WTPs at remote sites (private > side of NAT), or perhaps a deployment scenario would be some sort of a > hosted solutions environment, where the WTPs in the different NAT'ed > customer enterprise sites are controlled by a central AC which is part > of the provider's hosted solutions equipment. > > My belief is that the CAPWAP protocol should not disallow the NAT > traversal. > > Regards, > Emek > > -----Original Message----- > From: David T. Perkins [mailto:dperkins [at] dsperkins.com] > Sent: Monday, February 27, 2006 10:21 PM > To: zhaoyujin 31390 > Cc: capwap [at] frascone.com > Subject: Re: [Capwap] One issue "In order to support NAT, I recommend > thatLWAPP only support one UDP port for Control tunnel and Data Tunnel" > > HI, > > CAPWAP with NATs has come up from time to time on this list, and people > have claimed that it is a "typical" or "basic" > scenario. I'm sorry, but I don't see it. Before the WG spends time > resolving this issue, I'd really like to see STRONG justifications. That > is, why would you deploy a CAPWAP system split this way? And if CAPWAP > didn't support this NAT split, what would it cost you, or what would you > not be able to do? > > On Mon, 27 Feb 2006, zhaoyujin 31390 wrote: > > Dear all: > > > > I recommend that LWAPP only support one UDP port for Control tunnel > and Data Tunnel. > > > > LWAPP protocol uses UDP packets, so that it can directly support NAT > passthrough. > > > > One basic scenario is that WTP is behind NAT device and AC is in > public network. For control tunnel, there are no problem. Because it is > initiated by WTP, NAT device can create corresponding table for LWAPP > control tunnel packets. > > > > The problems is: > > > > 1. The data packets can not be firstly sent from AC to WTP. > > > > 2. Even if WTP firstly sends pacekts, AC can get the corresponding > control tunnel with this LWAPP data tunnel based on the packets. > Because in one NAT device, there may be multiple WTP. All WTP's IP > addresses are same which is NAT device global IP address, and AC can not > know the data packets belonging to which AP. > > > > > > Best regards > > Yujin Zhao > > H3Com > > Regards, > /david t. perkins > > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap > > Archives: http://lists.frascone.com/pipermail/capwap > _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap