Pat,

----- Original Message ----<= br>From: Pat Calhoun (pacalhou) <pcalhoun@cisco.com>
To: Behcet Sa= rikaya <behcetsarikaya@yahoo.com>; capwap@frascone.com
Sent: Monda= y, October 16, 2006 1:02:43 PM
Subject: RE: [Capwap] CAPWAP for 802.11r<= br>
=0A=0A =0A= =0A=0A=0A

Behcet,

=0A

I =0Abelieve we've discussed this id= ea a few times, and I am still unsure why we =0Abelieve CAPWAP needs to def= ine anything to support TGr. The current CAPWAP =0Aprotocol is sufficient t= o support the upcoming standard.

=0A

=3D=3D><= br>The basis is there but we need several extensions.
Please read the dr= aft and comment, then we can make a more informed decision, I think.

=0A

Pat Calhoun
CTO, Wirele= ss Networking Business =0AUnit
Cisco Systems

=0A

Regards,

--behcet
=0A

=0A
=0A
=0A From: Behcet Sarikaya =0A [mailto:behcetsarikaya@yahoo.com= ]
Sent: Saturday, October 14, 2006 =0A 8:33 AM
To: ca= pwap@frascone.com
Subject: [Capwap] CAPWAP =0A for 802.11r

=0A
=0A
=0A
Dear all,
I = submitted a draft on CAPWAP Roaming Protocol in =0A 802.11R Domains.
It= should be available soon at the following =0A link:

http://www.ietf.org/internet-drafts/= draft-sarikaya-capwap-fastbss-00.txt

Regards,

Behc= et

--0-1004315520-1161042058=:12855-- --===============1421249951== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============1421249951==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Oct 17 13:16:14 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GZsWP-0005IF-Bi for capwap-archive@lists.ietf.org; Tue, 17 Oct 2006 13:14:33 -0400 Received: from mx2.tigertech.net ([64.62.209.32]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GZsQN-0008W0-Og for capwap-archive@lists.ietf.org; Tue, 17 Oct 2006 13:08:29 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by hermes.tigertech.net (Postfix) with ESMTP id 667B0144806A for ; Tue, 17 Oct 2006 10:08:13 -0700 (PDT) Received: from mx1.tigertech.net (mx1.tigertech.net [64.62.209.31]) by fry.tigertech.net (Postfix) with ESMTP id 3F7CD4A4196 for ; Tue, 17 Oct 2006 10:07:52 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 2B5A8398042 for ; Tue, 17 Oct 2006 10:07:52 -0700 (PDT) X-Greylist-Status: Sender first seen 1 mon 05:13:52 ago Received: from mx01.sinett.com (63-197-255-158.ded.pacbell.net [63.197.255.158]) by zoidberg.tigertech.net (Postfix) with ESMTP id 90914398048 for ; Tue, 17 Oct 2006 10:07:46 -0700 (PDT) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Tue, 17 Oct 2006 10:07:44 -0700 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: need clarification on UDP ports Thread-Index: AcbuBEXMKgGb6bM8SR+GYGJJYMdsMwECRwmw From: "Abhijit Choudhury" To: "Dorothy Stanley" , "Pat Calhoun (pacalhou)" , "Michael Montemurro" X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.051 tagged_above=-999 required=7 tests=FORGED_RCVD_HELO, HTML_MESSAGE X-Spam-Level: Cc: capwap@frascone.com Subject: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1691737226==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.1 (/) X-Scan-Signature: 0ff9c467ad7f19c2a6d058acd7faaec8 This is a multi-part message in MIME format. --===============1691737226== Content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C6F20E.C349C158" This is a multi-part message in MIME format. ------_=_NextPart_001_01C6F20E.C349C158 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Pat, Mike, Dorothy: =20 I have a question based on v03 of the capwap spec. In section 3.1, the spec mentions well-known UDP ports for the CAPWAP control and data packets. =20 There are four kinds of CAPWAP packets: 1. DTLS protected control packets 2. Unprotected control packets 3. Unprotected data packets 4. (Optional) DTLS protected data packets =20 Will there be 4 well-known UDP port numbers ? =20 1, 2 and 3 will be present simultaneously in any deployment. 3 and 4 may co-exist in a deployment if some data channels are encrypted and some not. There has to be a way to distinguish these four=20 kinds of packets. The draft is not clear about how=20 this is done. =20 Thanks, Abhijit =09 ------_=_NextPart_001_01C6F20E.C349C158 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Message

Pat, Mike, Dorothy:

I have a question based on v03 of the capwap=20 spec.

In section 3.1, the spec=20 mentions well-known UDP

ports for the CAPWAP control and data=20 packets.

There are four kinds of CAPWAP=20 packets:

1. DTLS protected control = packets

2. Unprotected control = packets

3. Unprotected data = packets

4. (Optional) DTLS protected data=20 packets

Will there be 4 well-known UDP = port=20 numbers ?

1, 2 and 3 will be present simultaneously in=20 any

deployment. 3 and 4 may co-exist in a=20 deployment

if some data channels are encrypted and some=20 not.

There has to be a way to distinguish these four =

kinds of packets. The draft is not clear about how=20

this is done.

Thanks,

Abhijit

------_=_NextPart_001_01C6F20E.C349C158-- --===============1691737226== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============1691737226==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Oct 17 16:05:25 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GZvBl-0001gV-8M for capwap-archive@lists.ietf.org; Tue, 17 Oct 2006 16:05:25 -0400 Received: from mx2.tigertech.net ([64.62.209.32]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GZv71-0005nS-TB for capwap-archive@lists.ietf.org; Tue, 17 Oct 2006 16:00:33 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by hermes.tigertech.net (Postfix) with ESMTP id 4013C144807C for ; Tue, 17 Oct 2006 13:00:28 -0700 (PDT) Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32]) by fry.tigertech.net (Postfix) with ESMTP id BD5A04A453A for ; Tue, 17 Oct 2006 13:00:08 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 99C4B1448022 for ; Tue, 17 Oct 2006 13:00:08 -0700 (PDT) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.187]) by hermes.tigertech.net (Postfix) with ESMTP id 772DB1448040 for ; Tue, 17 Oct 2006 13:00:04 -0700 (PDT) Received: by nf-out-0910.google.com with SMTP id x30so476297nfb for ; Tue, 17 Oct 2006 13:00:03 -0700 (PDT) Received: by 10.82.142.9 with SMTP id p9mr1756721bud; Tue, 17 Oct 2006 13:00:02 -0700 (PDT) Received: by 10.82.117.14 with HTTP; Tue, 17 Oct 2006 13:00:02 -0700 (PDT) Message-ID: <369e612f0610171300t369bfaf2t37eb95f3784a84af@mail.gmail.com> Date: Wed, 18 Oct 2006 01:30:02 +0530 From: "NKA NKA" To: Abhijit@sinett.com, pcalhoun@cisco.com, dstanley1389@gmail.com, montemurro.michael@gmail.com MIME-Version: 1.0 Content-Disposition: inline X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes X-Spam-Status: No, hits=0.4 tagged_above=-999.0 required=7.0 tests=DNS_FROM_RFC_ABUSE, RCVD_BY_IP, SPF_HELO_PASS, SPF_PASS X-Spam-Level: Cc: capwap@frascone.com Subject: Re: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: bdc523f9a54890b8a30dd6fd53d5d024 ________________________________ From: Abhijit Choudhury [mailto:Abhijit@sinett.com] > Sent: Tue 10/17/2006 10:37 PM > To: Dorothy Stanley; Pat Calhoun (pacalhou); Michael Montemurro > Cc: capwap@frascone.com > Subject: [Capwap] need clarification on UDP ports > > > > Pat, Mike, Dorothy: > > I have a question based on v03 of the capwap spec. > In section 3.1, the spec mentions well-known UDP > ports for the CAPWAP control and data packets. > > There are four kinds of CAPWAP packets: > 1. DTLS protected control packets > 2. Unprotected control packets > 3. Unprotected data packets > 4. (Optional) DTLS protected data packets > > > Will there be 4 well-known UDP port numbers ? [NKA} As per my understanding, you don't need to have two seperate UDP ports for handling DTLS and Non-DTLS control packets. Following is the logic which I would use at AC: 1. If AC receives a UDP packet on its control port, and if it CAN'T find the session information corresponding to the sender WTP, then the arrived packet can be considered to be a discovery packet. In the above situation, for some reason, if WTP sent a DTLS packet, AC can continue to assume it to be a discovery packet. So it should feed the arrived DTLS packet to its discovery packet processing module. Ultimately the packet will get dropped by AC due to packet parsing error (chances of DTLS packet looking like a valid discovery packet is very very slim). After a few trial, WTP will reboot and ultimately get in sync with AC's State machine. 2. If AC receives a UDP packet on its control port, and if it CAN find the session information corresponding to the sender, then the arrived packet can be considered as a DTLS packet. So AC should feed such packets to DTLS module directly. You may have a situation in which session information exists for a WTP at AC, but WTP is sending non-DTLS packet. Even in such situation, AC can feed such packets to DTLS module, which will ultimately reject the packet. AC can use this kind of notification to tear down the existing session, which will bring AC's state machine in sync with that of WTP. I have not given much thought about the data path issue. May be the initial policy (about dtls) exhcnage would help. Once both the party (AC as well as WTP) agree whether DTLS will be used or not, the same information can be used for programming the hardware. I know that issue # 221 is tracking data path policy issue. NKA > > 1, 2 and 3 will be present simultaneously in any > deployment. 3 and 4 may co-exist in a deployment > if some data channels are encrypted and some not. > There has to be a way to distinguish these four > kinds of packets. The draft is not clear about how > this is done. > > Thanks, > Abhijit > _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Oct 17 16:56:44 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GZvzQ-0000ey-Be for capwap-archive@lists.ietf.org; Tue, 17 Oct 2006 16:56:44 -0400 Received: from mx1.tigertech.net ([64.62.209.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GZvzI-0001Uf-9l for capwap-archive@lists.ietf.org; Tue, 17 Oct 2006 16:56:44 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by zoidberg.tigertech.net (Postfix) with ESMTP id 2C621398074 for ; Tue, 17 Oct 2006 13:56:33 -0700 (PDT) Received: from mx1.tigertech.net (mx1.tigertech.net [64.62.209.31]) by fry.tigertech.net (Postfix) with ESMTP id 3AB494A453A for ; Tue, 17 Oct 2006 13:56:15 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id F129139801C for ; Tue, 17 Oct 2006 13:56:13 -0700 (PDT) Received: from elasmtp-spurfowl.atl.sa.earthlink.net (elasmtp-spurfowl.atl.sa.earthlink.net [209.86.89.66]) by zoidberg.tigertech.net (Postfix) with ESMTP id DA70F39805F for ; Tue, 17 Oct 2006 13:56:10 -0700 (PDT) Received: from [209.86.224.45] (helo=elwamui-polski.atl.sa.earthlink.net) by elasmtp-spurfowl.atl.sa.earthlink.net with asmtp (Exim 4.34) id 1GZvyq-0002pI-DK; Tue, 17 Oct 2006 16:56:08 -0400 Received: from 75.32.19.206 by webmail.pas.earthlink.net with HTTP; Tue, 17 Oct 2006 16:56:07 -0400 Message-ID: <21803909.1161118568342.JavaMail.root@elwamui-polski.atl.sa.earthlink.net> Date: Tue, 17 Oct 2006 13:56:08 -0700 (GMT-07:00) From: "Scott G. Kelly" To: NKA NKA , Abhijit@sinett.com, pcalhoun@cisco.com, dstanley1389@gmail.com, montemurro.michael@gmail.com Mime-Version: 1.0 X-Mailer: EarthLink Zoo Mail 1.0 X-ELNK-Trace: 5b98cdd91c374dcd776432462e451d7bd15d05d9470ff710187aa59970b98686539863802d251727350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 209.86.224.45 X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= X-Spam-Level: Cc: capwap@frascone.com Subject: Re: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list Reply-To: "Scott G. Kelly" List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 36b1f8810cb91289d885dc8ab4fc8172 Comments inline below... -----Original Message----- >From: NKA NKA >Sent: Oct 17, 2006 1:00 PM >To: Abhijit@sinett.com, pcalhoun@cisco.com, dstanley1389@gmail.com, montemurro.michael@gmail.com >Cc: capwap@frascone.com >Subject: Re: [Capwap] need clarification on UDP ports > > ________________________________ >From: Abhijit Choudhury [mailto:Abhijit@sinett.com] >> Sent: Tue 10/17/2006 10:37 PM >> To: Dorothy Stanley; Pat Calhoun (pacalhou); Michael Montemurro >> Cc: capwap@frascone.com >> Subject: [Capwap] need clarification on UDP ports >> >> >> >> Pat, Mike, Dorothy: >> >> I have a question based on v03 of the capwap spec. >> In section 3.1, the spec mentions well-known UDP >> ports for the CAPWAP control and data packets. >> >> There are four kinds of CAPWAP packets: >> 1. DTLS protected control packets >> 2. Unprotected control packets >> 3. Unprotected data packets >> 4. (Optional) DTLS protected data packets >> >> >> Will there be 4 well-known UDP port numbers ? > >[NKA} As per my understanding, you don't need to have two seperate UDP ports >for handling DTLS and Non-DTLS control packets. Following is the logic which >I would use at AC: > > 1. If AC receives a UDP packet on its control port, and if it CAN'T >find the session > information corresponding to the sender WTP, then the arrived packet can > be considered to be a discovery packet. > > In the above situation, for some reason, if WTP sent a DTLS packet, AC can > continue to assume it to be a discovery packet. So it should feed the arrived > DTLS packet to its discovery packet processing module. Ultimately the > packet will get dropped by AC due to packet parsing error (chances of DTLS > packet looking like a valid discovery packet is very very slim). Here are the first few words of the latest proposed capwap header, which would be at the head of the discovery message: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| RID | HLEN | WBID |T|F|L|W|M| Flags | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Fragment ID | Frag Offset |Rsvd | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Here's the DTLS record header, which will be present after dtls negotiation starts: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-/ | type | protocol version | epoch +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-/ epoch, cont | (6 byte sequence #) /-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The type will be from TLS; the ClientHello is 0x16, or 00010110 (other tls types of interest are similar), and the DTLS protocol version will be 0xFEFF, and any dtls version changes will just decrement the first version byte (FE, FD, FC, etc). This translates to the following bits: 1 6 F E F F 0001 0110 1111 1110 1111 1111 Putting this into the capwap header: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0 0 0 1|0 1 1 0 1|1 1 1 1 1|1 0 1 1 1|1 1 1 1 1 0 0 0 0 0 0 0 0| |VERSION| RID | HLEN | WBID | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ or, VERSION..: 0001 RID......: 01101 (13) HLEN.....: 11111 (31) WBID.....: 10111 (23) Today, we don't have WBID of 23, so a robust implementation should interpret this as an error, but I wouldn't say chances of a DTLS packet looking like a discovery packet are really all that slim. It depends on several assumptions. >After a few trial, > WTP will reboot and ultimately get in sync with AC's State machine. > 2. If AC receives a UDP packet on its control port, and if it CAN >find the session > information corresponding to the sender, then the arrived packet can be > considered as a DTLS packet. So AC should feed such packets to DTLS module > directly. .. unless it's as discovery packet from a WTP that reset and no longer has the DTLS session context. Eventually, that session will timeout, but how long this takes depends on the configured echo interval. If it's more than a few seconds (e.g. say, 30 seconds), this adds a significant bit of latency to recovery scenarios. > You may have a situation in which session information exists for a WTP at AC, > but WTP is sending non-DTLS packet. Even in such situation, AC can feed such > packets to DTLS module, which will ultimately reject the packet. AC can use > this kind of notification to tear down the existing session, which >will bring AC's > state machine in sync with that of WTP. The WTP - or someone who spoofs the WTP address. Sounds like a very simple DoS attack. >I have not given much thought about the data path issue. May be the >initial policy >(about dtls) exhcnage would help. Once both the party (AC as well as WTP) agree >whether DTLS will be used or not, the same information can be used for >programming the hardware. I know that issue # 221 is tracking data >path policy issue. > >NKA > >> >> 1, 2 and 3 will be present simultaneously in any >> deployment. 3 and 4 may co-exist in a deployment >> if some data channels are encrypted and some not. >> There has to be a way to distinguish these four >> kinds of packets. The draft is not clear about how >> this is done. >> I think for data channel security, it will have to be a binary decision for an AC/WTP pair, i.e. if data channel encryption is enabled, it is for all data. For the control channel, I think to have a clean solution (with deterministic behavior) we need either a separate discovery port or a type header which allows one to distinguish between discovery and dtls packets. Scott _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Oct 17 17:04:45 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GZw7B-0008E8-GA for capwap-archive@lists.ietf.org; Tue, 17 Oct 2006 17:04:45 -0400 Received: from mx1.tigertech.net ([64.62.209.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GZw79-0002tv-Vo for capwap-archive@lists.ietf.org; Tue, 17 Oct 2006 17:04:45 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by zoidberg.tigertech.net (Postfix) with ESMTP id 65AF339805F for ; Tue, 17 Oct 2006 14:04:43 -0700 (PDT) Received: from mx1.tigertech.net (mx1.tigertech.net [64.62.209.31]) by fry.tigertech.net (Postfix) with ESMTP id B48054A453A for ; Tue, 17 Oct 2006 14:04:05 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 807F539803F for ; Tue, 17 Oct 2006 14:04:05 -0700 (PDT) Received: from elasmtp-spurfowl.atl.sa.earthlink.net (elasmtp-spurfowl.atl.sa.earthlink.net [209.86.89.66]) by zoidberg.tigertech.net (Postfix) with ESMTP id 50D2839805F for ; Tue, 17 Oct 2006 14:04:02 -0700 (PDT) Received: from [209.86.224.45] (helo=elwamui-polski.atl.sa.earthlink.net) by elasmtp-spurfowl.atl.sa.earthlink.net with asmtp (Exim 4.34) id 1GZw6T-0004qR-Nv for capwap@frascone.com; Tue, 17 Oct 2006 17:04:01 -0400 Received: from 75.32.19.206 by webmail.pas.earthlink.net with HTTP; Tue, 17 Oct 2006 17:04:01 -0400 Message-ID: <16395051.1161119041662.JavaMail.root@elwamui-polski.atl.sa.earthlink.net> Date: Tue, 17 Oct 2006 14:04:01 -0700 (GMT-07:00) From: "Scott G. Kelly" To: capwap Mime-Version: 1.0 X-Mailer: EarthLink Zoo Mail 1.0 X-ELNK-Trace: 5b98cdd91c374dcd776432462e451d7bd15d05d9470ff71044438edcaf06fd3fb19ace738f61ea2a350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 209.86.224.45 X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= X-Spam-Level: Subject: [Capwap] capwap threat analysis draft now available X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list Reply-To: "Scott G. Kelly" List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 4b800b1eab964a31702fa68f1ff0e955 A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : CAPWAP Threat Analysis for 802.11 Deployments Author(s) : S. Kelly, C. Clancy Filename : draft-kelly-capwap-threat-analysis-00.txt Pages : 28 Date : 2006-10-17 Early Wireless LAN (WLAN) deployments feature a "fat" Access Point (AP) which serves as a standalone interface between the wired and wireless network segments. However, this model raises scaling, mobility, and manageability issues, and the CAPWAP protocol [CAPWAP] is being developed in reponse. CAPWAP effectively splits the fat AP functionality into two network elements, and the communication channel between these components may traverse potentially hostile hops. This document analyzes the security exposure resulting from the introduction of CAPWAP, and summarizes the associated security considerations for CAPWAP implementations and deployments. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-kelly-capwap-threat-analysis-00.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request at ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-kelly-capwap-threat-analysis-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv at ietf.org. In the body type: "FILE /internet-drafts/draft-kelly-capwap-threat-analysis-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Oct 17 17:09:54 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GZwC9-0000cb-Pw for capwap-archive@lists.ietf.org; Tue, 17 Oct 2006 17:09:53 -0400 Received: from mx1.tigertech.net ([64.62.209.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GZwC8-0003cN-CZ for capwap-archive@lists.ietf.org; Tue, 17 Oct 2006 17:09:53 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by zoidberg.tigertech.net (Postfix) with ESMTP id DC2FC3980CA for ; Tue, 17 Oct 2006 14:09:51 -0700 (PDT) Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32]) by fry.tigertech.net (Postfix) with ESMTP id AB96F4A453A for ; Tue, 17 Oct 2006 14:09:31 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 7FCE6144804D for ; Tue, 17 Oct 2006 14:09:31 -0700 (PDT) X-Greylist-Status: Sender first seen 1 mon 09:15:33 ago Received: from mx01.sinett.com (63-197-255-158.ded.pacbell.net [63.197.255.158]) by hermes.tigertech.net (Postfix) with ESMTP id 41610144801C for ; Tue, 17 Oct 2006 14:09:28 -0700 (PDT) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Tue, 17 Oct 2006 14:09:26 -0700 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] need clarification on UDP ports Thread-Index: AcbyLq8jrkqRJfI2TlGegaLiFCthOwAAJB5g From: "Abhijit Choudhury" To: "Scott G. Kelly" , "NKA NKA" , , , X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes X-Spam-Status: No, hits=0.1 tagged_above=-999.0 required=7.0 tests=FORGED_RCVD_HELO X-Spam-Level: Cc: capwap@frascone.com Subject: Re: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.1 (/) X-Scan-Signature: bb8f917bb6b8da28fc948aeffb74aa17 I think for data channel security, it will have to be a binary decision for an AC/WTP pair, i.e. if data channel encryption is enabled, it is for all data. For the control channel, I think to have a clean solution (with deterministic behavior) we need either a separate discovery port or a type header which allows one to distinguish between discovery and dtls packets. Scott In a clean solution, the packet itself should have enough information to clearly classify it as one of the four types of packets. We should not have to depend on configuration lookups to check whether the packet is supposed to be DTLS encrypted or not. We have used this principle already in designing the CAPWAP header. The T bit clearly identifies the payload as 802.3 or native format. This could have been identified based on a config lookup since an AC would typically handle 802.3 payload or native but rarely both. But we chose to include this information the header itself to make the design clean. The same idea should be used for distinguishing between the four packet types. Having four distinct UDP ports is one option. I'm sure there are others. Regards, Abhijit _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Wed Oct 18 03:44:23 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Ga66B-0001sN-HC for capwap-archive@lists.ietf.org; Wed, 18 Oct 2006 03:44:23 -0400 Received: from mx2.tigertech.net ([64.62.209.32]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Ga669-0000qI-1m for capwap-archive@lists.ietf.org; Wed, 18 Oct 2006 03:44:23 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by hermes.tigertech.net (Postfix) with ESMTP id D10F9430641 for ; Wed, 18 Oct 2006 00:44:06 -0700 (PDT) Received: from mx1.tigertech.net (mx1.tigertech.net [64.62.209.31]) by fry.tigertech.net (Postfix) with ESMTP id 18F794A45C5 for ; Wed, 18 Oct 2006 00:43:34 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id F144F398022 for ; Wed, 18 Oct 2006 00:43:33 -0700 (PDT) Received: from smtp107.plus.mail.mud.yahoo.com (smtp107.plus.mail.mud.yahoo.com [68.142.206.240]) by zoidberg.tigertech.net (Postfix) with SMTP id D2B82398008 for ; Wed, 18 Oct 2006 00:43:31 -0700 (PDT) Received: (qmail 12773 invoked from network); 18 Oct 2006 07:43:30 -0000 Received: from unknown (HELO ?192.168.171.191?) (behcetsarikaya@121.133.79.100 with plain) by smtp107.plus.mail.mud.yahoo.com with SMTP; 18 Oct 2006 07:43:30 -0000 Message-ID: <4535DB1D.90200@yahoo.com> Date: Wed, 18 Oct 2006 02:43:25 -0500 From: Behcet Sarikaya User-Agent: Thunderbird 1.5.0.7 (Windows/20060909) MIME-Version: 1.0 To: capwap X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=2.242 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE, DNS_FROM_RFC_POST, DNS_FROM_RFC_WHOIS X-Spam-Level: ** Subject: [Capwap] CAPWAP for 802.11r X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list Reply-To: sarikaya@ieee.org List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 31247fb3be228bb596db9127becad0bc Pat and all, The link: http://www.ietf.org/internet-drafts/draft-sarikaya-capwap-fastbss-00.txt is now on. Regards, --behcet ----- Original Message ---- From: Pat Calhoun (pacalhou) To: Behcet Sarikaya Sent: Monday, October 16, 2006 7:01:11 PM Subject: RE: [Capwap] CAPWAP for 802.11r ok, I will once it becomes available. Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems ------------------------------------------------------------------------ *From:* Behcet Sarikaya [mailto:behcetsarikaya@yahoo.com] *Sent:* Monday, October 16, 2006 4:41 PM *To:* Pat Calhoun (pacalhou); capwap@frascone.com *Subject:* Re: [Capwap] CAPWAP for 802.11r Pat, ----- Original Message ---- From: Pat Calhoun (pacalhou) To: Behcet Sarikaya ; capwap@frascone.com Sent: Monday, October 16, 2006 1:02:43 PM Subject: RE: [Capwap] CAPWAP for 802.11r Behcet, I believe we've discussed this idea a few times, and I am still unsure why we believe CAPWAP needs to define anything to support TGr. The current CAPWAP protocol is sufficient to support the upcoming standard. ==> The basis is there but we need several extensions. Please read the draft and comment, then we can make a more informed decision, I think. Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems Regards, --behcet ------------------------------------------------------------------------ *From:* Behcet Sarikaya [mailto:behcetsarikaya@yahoo.com] *Sent:* Saturday, October 14, 2006 8:33 AM *To:* capwap@frascone.com *Subject:* [Capwap] CAPWAP for 802.11r Dear all, I submitted a draft on CAPWAP Roaming Protocol in 802.11R Domains. It should be available soon at the following link: http://www.ietf.org/internet-drafts/draft-sarikaya-capwap-fastbss-00.txt Regards, Behcet _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From ajhkluuwmh@andorpac.ad Wed Oct 18 17:34:43 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GaJ3j-00015N-IE for capwap-archive@lists.ietf.org; Wed, 18 Oct 2006 17:34:43 -0400 Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=chiedprmail1.ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GaJ1N-0006hc-Su for capwap-archive@lists.ietf.org; Wed, 18 Oct 2006 17:32:18 -0400 Received: from m85-94-184-218.andorpac.ad ([85.94.184.218]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1GaJ1J-00075G-AR for capwap-archive@lists.ietf.org; Wed, 18 Oct 2006 17:32:17 -0400 Message-ID: <000a01c6f2fc$db8f7490$dab85e55@as> From: "Jean" To: capwap-archive@lists.ietf.org Subject: exits aditional run Date: Wed, 18 Oct 2006 23:32:05 +0200 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0006_01C6F30D.9F184490" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 X-Spam-Score: 3.5 (+++) X-Scan-Signature: 442d80051e0361a34f3560325c4a7092 ------=_NextPart_000_0006_01C6F30D.9F184490 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0007_01C6F30D.9F184490" ------=_NextPart_001_0007_01C6F30D.9F184490 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Nouveaux font or boutiques Mvengele motion nouvel exploit lon parle pril = am demeure bravo problme celui. Study Scandal Mourns Larry Snitker am Threatens Zombie or Teenager Peace = Processwhy Dudemoveon. Thankfully example patience tolerance leaders Deans unearthed journals = Dailythats vision. Cole ringtones Pussy Daddy Yankee Chris Blige ubl in Cuenta Regresiva en = is Audioslave Spanish Dime Breed dirty rapcould of West Texas Fuzzbubble = Hollywood. Compared Nanking scarcely bring describe killing fields azalea beds a = brutal torture. Result standing ovation Graphic Detailmeet team designers is versatile = in artists vast portion minute details sell each or viewer being Love = Previsfor. Modems Chipsets Portable Printers in Scanners Storage am Monitors vga = Misc Similar Enabling a Geforce msi Mega Netgear gmt pm a Archive am = vbulletin Jelsoft! Eva Saint fiery shoot really trailer least seconds Video Shake Rattle = Rollthe put together enormous in goes mechanical start forming just = marvel going for Designer. Nouveaux font or boutiques Mvengele motion nouvel exploit lon parle pril = am demeure bravo problme celui. Never flags workings magician made stay in bars tossing am jokes wears = hat decorated stuffed vulture divination classroom tawdry tea shop. Hermione know whole destroy is Professor Snape hate characters along = terrific Enjoying stint selling. ------=_NextPart_001_0007_01C6F30D.9F184490 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Nouveaux font or boutiques Mvengele = motion nouvel=20 exploit lon parle pril am demeure bravo problme celui.
Study Scandal = Mourns=20 Larry Snitker am Threatens Zombie or Teenager Peace Processwhy=20 Dudemoveon.
Thankfully example patience tolerance leaders Deans = unearthed=20 journals Dailythats vision.
Cole ringtones Pussy Daddy Yankee Chris = Blige ubl=20 in Cuenta Regresiva en is Audioslave Spanish Dime Breed dirty rapcould = of West=20 Texas Fuzzbubble Hollywood.
Compared Nanking scarcely bring describe = killing=20 fields azalea beds a brutal torture.
Result standing ovation Graphic=20 Detailmeet team designers is versatile in artists vast portion minute = details=20 sell each or viewer being Love Previsfor.

From: "Jean" To: capwap-archive@lists.ietf.org Subject: exits aditional run Date: Wed, 18 Oct 2006 23:32:05 +0200 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0006_01C6F30D.9F184490" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 X-Spam-Score: 3.5 (+++) X-Scan-Signature: 442d80051e0361a34f3560325c4a7092 ------=_NextPart_000_0006_01C6F30D.9F184490 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0007_01C6F30D.9F184490" ------=_NextPart_001_0007_01C6F30D.9F184490 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Nouveaux font or boutiques Mvengele motion nouvel exploit lon parle pril = am demeure bravo problme celui. Study Scandal Mourns Larry Snitker am Threatens Zombie or Teenager Peace = Processwhy Dudemoveon. Thankfully example patience tolerance leaders Deans unearthed journals = Dailythats vision. Cole ringtones Pussy Daddy Yankee Chris Blige ubl in Cuenta Regresiva en = is Audioslave Spanish Dime Breed dirty rapcould of West Texas Fuzzbubble = Hollywood. Compared Nanking scarcely bring describe killing fields azalea beds a = brutal torture. Result standing ovation Graphic Detailmeet team designers is versatile = in artists vast portion minute details sell each or viewer being Love = Previsfor. Modems Chipsets Portable Printers in Scanners Storage am Monitors vga = Misc Similar Enabling a Geforce msi Mega Netgear gmt pm a Archive am = vbulletin Jelsoft! Eva Saint fiery shoot really trailer least seconds Video Shake Rattle = Rollthe put together enormous in goes mechanical start forming just = marvel going for Designer. Nouveaux font or boutiques Mvengele motion nouvel exploit lon parle pril = am demeure bravo problme celui. Never flags workings magician made stay in bars tossing am jokes wears = hat decorated stuffed vulture divination classroom tawdry tea shop. Hermione know whole destroy is Professor Snape hate characters along = terrific Enjoying stint selling. ------=_NextPart_001_0007_01C6F30D.9F184490 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Modems Chipsets Portable Printers in = Scanners=20 Storage am Monitors vga Misc Similar Enabling a Geforce msi Mega Netgear = gmt pm=20 a Archive am vbulletin Jelsoft!
Eva Saint fiery shoot really trailer = least=20 seconds Video Shake Rattle Rollthe put together enormous in goes = mechanical=20 start forming just marvel going for Designer.
Nouveaux font or = boutiques=20 Mvengele motion nouvel exploit lon parle pril am demeure bravo problme=20 celui.
Never flags workings magician made stay in bars tossing am = jokes wears=20 hat decorated stuffed vulture divination classroom tawdry tea = shop.
Hermione=20 know whole destroy is Professor Snape hate characters along terrific = Enjoying=20 stint selling.

------=_NextPart_001_0007_01C6F30D.9F184490-- ------=_NextPart_000_0006_01C6F30D.9F184490 Content-Type: image/gif; name="member.gif" Content-Transfer-Encoding: base64 Content-ID: <000501c6f2fc$db8f7490$dab85e55@as> R0lGODlhRAGoAYf2AAAAAIAAAACAAICAAAAAgIAAgACAgMDAwMDcwKbK8EAgAGAgAIAgAKAgAMAg AOAgAABAACBAAEBAAGBAAIBAAKBAAMBAAOBAAABgACBgAEBgAGBgAIBgAKBgAMBgAOBgAACAACCA AECAAGCAAICAAKCAAMCAAOCAAACgACCgAECgAGCgAICgAKCgAMCgAOCgAADAACDAAEDAAGDAAIDA AKDAAMDAAODAAADgACDgAEDgAGDgAIDgAKDgAMDgAODgAAAAQCAAQEAAQGAAQIAAQKAAQMAAQOAA QAAgQCAgQEAgQGAgQIAgQKAgQMAgQOAgQABAQCBAQEBAQGBAQIBAQKBAQMBAQOBAQABgQCBgQEBg QGBgQIBgBKBgQMBgQOBgQACAQCCAQECAQGCAQICAQKCAQMCAQOCAQACgQCCgQECgQGCgQICgQKCg QMCgQOCgQADAQCDAQEDAQGDAQIDAQKDAQMDAQODAQADgQCDgQEDgQGDgQIDgQKDgQMDgQODgQAAA gCAAgEAAgGAAgIAAgKAAgMAAgOAAgAAggCAggEAggGAggIAggKAggMAggOAggABAgCBAgEBAgGBA gIBAgKBAgMBAgOBAgABggCBggEBggGBggIBggKBggMBggOBggACAgCCAgECAgGCAgICAgKCAgMCA gOCAgACggCCggECggGCggICggKCggMCggOCggADAgCDAgEDAgGDAgIDAgKDAgMDAgODAgADggCDg gEDggGDggIDggKDggMDggODggAAAwCAAwEAAwGAAwIAAwKAAwMAAwOAAwAAgwCAgwEAgwGAgwIAg wKAgwMAgwOAgwABAwCBAwEBAwGBAwIBAwKBAwMBAwOBAwABgwCBgwEBgwGBgwIBgwKBgwMBgwOBg wACAwCCAwECAwGCAwICAwKCAwMCAwOCAwACgwCCgwECgwGCgwICgwKCgwMCgwOCgwADAwCDAwEDA wGDAwIDAwKDAwP/78KCgpICAgP8AAAD/AP//AAAA//8A/wD//////yH5BAAmAEkALAAAAABEAagB Bwj/AO0JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3Mixo8ePIEOKHEmypMmTKFMWbKayJcV/ MGPKnEmzps2bOHPq3Mmzp8+fQIMKHUq0qFGjLpMqXcq0adKjUKNKnUq1qtWrWLNq3cq1q9evYMOK HUu2rNmzaNOqXcu2rVuncOPKnUu3rt27ePPq3cu3r9+4bgMLHky4sOHDiBMrXsy4sePHkCNLnky5 suXLfzNr3jz3sufPoEOLHk26tOnTZjmrXs3aJOrXsGPLnh27te3buC3S3s27t+/fgXMLH068uPHj yJMrX868ufPnFYFLn94TuvXrKqlr3869u/fv4Kdj/x9PPmT48+jTq49cvr379/Djn1xPv7T8+/gN 1t/Pv79/rvkFiN9/BBZo4IE7CaggfAjG9odvC0Yo4YQUVmjhhRhmqGFCDXZY2IYg4ubhiMGFuFAk m8VDIYksrmXiizDGKOOMNG7W4o045qjjjiTW6KNdPAa51Y9EFmnkkUgmqZ+QTFql5JPzNSmlVFBW OdKUWB5l5ZYfZenlUFyGudGXZP4k5ploppmdaLaU6eabcMYp55ziqWnnnXjmqeeefPbpp0ikZULn oIRC9ueehSaq6KKMtnjoo5CK2eiklFZqKXiRZqppkpdO+eQdm3LYaZOhlmrqqai+NyqpqVq5KpOt 2v9GQqy0XvnqrbjmqqtitT6566/A1tbrsMQWayxcwSar7LLMRnXss9BGK+20ejbbIbXYZvuXtdx2 y6u24IYr7rjFVnGht+imq26u5Lbr7pqWNbNuWO/Wm5cErc7bn7389uuvkvoGLHBX/xZs8MEIJxzd wAw37LCQCuf38MQUAxXxgBV/d/F9GXfsMU0by/cxdyGXzO/IKGdssqpZkZIyYyvHLPPMNNds8804 y/xynTn37PPPJO0sHdDLCW10wEQnrfTSEh0NIdMNAQB1cVJv6zRVACw2tUNV93V1VVkntjXXfn0N ttm0hY02bGp/ODbZbyO5tmxx153m3MLarffefPf/HSXegOPq9+BHBo5aRuYSrrjEhjfe6eKQz+i4 fZHzNTlplWeu+eacd/73boNcLvropAPu+emop6766gOVfmsIrscuu6Os12777eDOrvuXuC+1++/A C927UsEbOrxLxSev4/HMN+/88/8q3xj0n0uPGPWuWf8t9tyrpv323YP0vdjhmzf++ein/xsd6ref LA/ux99s+ebLb//9g9Jfsz8v4u+i/h7xn1oAGEBv3YNABOyIANOSwAY68IEcW+BZIIgRCVoQLFi4 oAY3qEFBcPCDFJwIAEbYtRCaECUfpNcJV8jCuqQQLC2MoQyZ8sKvzPCGY6qhDi2DQ4bs8Ceu+GGJ vXooKiFihYgKMWJWkAi9dzCRLkqMohR788SDbIcPH6vikqY4FS168YtgdAgXpfKFf4TxC2G0xxjX OMQvsvGN/0sjGOFIxwlmBo1y7Fsd9ziWNPLxjzYMIyCDksc5DtJMhUykIm/IwS4c8pGU8SMkJ0nJ SlrykpjcTjngeEIKTCSToKyOIEM5E0mS8pQ1MSUqF8nKVpoQlbAspStn6RdS0JJmsTTjLRkZFArw UZW5DCYpgTnMXc4wl8Y8ZiwDAgAh+QQAJgBJACwAAAAARAGoAQcI/wD/CRxIsKDBgwgTKlzIsKHD hxAjSpxIsaLFixgx2tvIsaPHjyBDihxJsqTJkyhTqlzJsqXLlzBjxsxIs6bNmzhz6tzJs6fPn0CD ChWaZKhRgjKTKl3KtKnTp1CjMj1KtarVq1izCpTKtavXr2DDih1LtqzZs2jTql3Ltq3bt0q1yp1L t67dhHDz6t3Lt6/fv4ADCx5MuLDhuHcTK17MeOfhx5AjS55MuTLbxpgza97MubPnz6BDix5Nuqbl 06hTq17NOnLp17BjS2xNu7bt27hz697Nu7fv38DtyR5OvPjW4MiTtzTOvLnz59CjW1VOvXpJztWk a9/Ovbt3mtbDi//n+L28+fPo0ycez769+7wi3sufT/+k+vv4H9bfbzu///8G8SfggAQWaOCB+wGo 4H8INnjYghBGKOGE0Dlo4YUYZqjhhm9R6CF3HIbY1ocklodMiSimqOKKLLbo4oswziXijGnFaOON OOao445Y0ejjjyEtAOSQRBZp5JE8JqnkkuYd6eSTUEYp5ZRUVmlldUxmqeWWXHb54ZVgiuTlmDmF aaZHZKZp2plstunmm3DGiaSadFokp5V15jnRnVAi05GegOrH56CEbhjooYgmquiijDbq6KOCFirp pAZCaumlmGImQl26ZOrpp6CGKuqopJYamyvlAWDqquBR+hcAqrH/mhgAqhrnKl+w3gokrbr+yGuv PuYK7Iy/DmtsjbImq+yyzMp1rI/NJvnstNTeFi2P1YZ47Y7Zduvtt+CGK+64p21r7rmlkavuuuze iu6N7cYrr1jv1pvpAfbmu+e8TJHTn74t8ivwwAQXbPBaACes8MKZHvwewxBHLLGeRaLh7sQeOpxW Fxp37DFhGIcsckUfl2zyyckdBAYYI6fXz3EgrSwzytY2JHPL3tGsHM4Q6uyzvDwHLfRAPxdt9NGG Dc0g0rzVSwuMTDet9NQiR70b1fhZrXWVe3AkwNZghy32XliXbfbZxY1NG9rnqd0a2026vVqmROQp 99xwf3d3rHn3/73t3oC36Xd3gZc7+HaFW3Y44ok3TuXi2jk+GeSUmyr55ZhnrnlYlVe4eWGdhy76 6LN9bvrpQJOu+uqstz4c6rDHLvvstOfl+u2A1q777ryDjftrvcP1+/DEF2/8UMFTp07yfx7/mbfL MC/92M5XL+30alnfGfbcA6f99+DX2z1a4ZdffgrMjn+W+Y2p7/778F/MvmLx18/3/OvZ/xX+/FOo //79s8v/BiiZABrwgIwiIFcQKCMFOvCBEIygBCdIQcwx8ILpqSBiMMjBnGlQJh28ygdBGMKqjHAm JUyhCuF1wha6MDArjKEMZ0jDGnbuhTjMoe1syEPQ8I4KOgziv8J6SMQiGvGISEyiRPhhrw1hIVtK jKIUYyNElEzxilh8XhVNksUuevGLKaQVithVLP7oS4xgZAgaWRSuMm7RI258izBAd601xihbwsJQ GvdYpjf68Y+ADCSyGuKHNArykIhMpCJJyMdGOvIni4yk+qJAvkcqRJKWzOS+FqnJTvJvAZ6EDSZD iRRJRpKUpeQkKleZSkWy8pX/MKUsZ3lIWLJylF60BkRoyUtA2nKVuPylJ3tZy1ueUpihJKYyl8lM B74yIAAh+QQAJgBJACwAAAAARAGoAQcI/wDtCRxIsKDBgwgTKlzIsKHDhxAjSpxIsaLFixgx/tvI saPHjyBDihxJsqTJkyhTqlzJsqXLlzBjxsxIs6bNmzhz6tzJ86bMn0CDCh1KtKjRo0hbpkvKtKnT p1CjzuxJtarVq1izat3KtavXr2DDRpRKtqzZs2jTql3Ltq3bt3Djyp1Lt6zYu3jz6t2bsK7fv4AD i+RLuLDhw4gLnkvMuLHjqoIjS55MubLly5gza97MuXNKEZ5Dix59OQ3p0ywfq17NWi/q17Bjy55N u7bt27hz697N+zKD3mqr8mtNvLjx48iTK1/OvLlzm8CjSzcrZLr10M+za9/Ovbv37+DDi/9/eL28 +fHo02s1z769+/fw48ufT7++/fv48+vfz7+///8ABijggAQWaCCB6iWo4E4HNpjWghBGqJGDFJIl 4YUYklfhhk9l6OGHIIYo4ogkYsjhiSimSFmJLLbo4ovGqSijUDDWaOONOII144489mhWjkAq5+OQ KgVp5JFIJtkQkUyapOSTUEYp5ZRUVlkiOywapUmTXHZJoZVgfuXlmGSWaSaZYaap5ppstvnimXDG KeecB7pp55145qnnnnxCSOefgBbY56AaBjojoYgmquiijFZk6KOQRiopbY1Waqmik2aq6aacRnbp p6Dm2emXoZZqapijOngqn6m26uprq8b/KuustEr4qqC15qpribf26uuvwAYr7LCW7comsfwZuyay +ynr7LMLMqsftNRWa+212J4q7bbcRpXtt+CGK+5B3dq3JhLjpjtiuey26+678MZb5iDqGinviTTc y9mNX9Tr75H6svfvwAQXbPDBCCescLQBl7fwwxBHbG/D10G0mMQY/0txxRl37PHHIBu88cjxhnwh yb3+gDJKJtu6cm8tR/gyzDHXrO7MOOes884890yUzQr6LPSoQCc49GxFJ53t0bIpjR7TsTk9HtRU V231S1ITFwhFV3cdZ9ZgG+u1aGGXbfbZNI2NHdpsh6q2Z21n9/bcdB8d992V1q03j3j3/43p3pf5 vRzghKMo+OGIJ6744oyHW3hljUcO5uOUqyq5apM2Ubm8l3ce5eaeei766EuDHhjpqKfurFT6mO76 67DHLvvstNeuqeq45y6reQDYDlfvnIcIQMTtAe97W8a7W+LwCr+XPLssMq876r8mc3yn02cf4vVt ae99htyHH9335Jdv/vnop6/++uynKf778KvY/vzOxW9/bfRfdX9QWOzv//j5g0xZGhC/AArwfx0y oAJbg8AGOvCBEAzWAieIuQi+7RAWlBEFN8jBDuIog0fxIHRAWBQR1oSEKEwh/kyYERW68IWkYaGl uiFDjHSDhjW0yA13daIbSspNOJxVWcIA8Lzb+JBiRJTOEf+UFSKCaIemagoRi1jAnjgxhxCZogGJ ksQM3uSKWMxiGAkFjzGaUVwwTKMaM3PGNrpRR2v0jChm98Y62lF/cXTJHffoqDz6MYF8JNcfB0nI QhoyhoFMpCK5dshG/mSRkIykovZAK0eWRJICsSRJMLlIXXCyIJoMpSiBcrcWfJI5owTJKSWZyo9w spUeeSUsObLKWiZylrS0pS53ycte+vKXwAymwWBBFVxuRJa4RKYxl8nMZrYyIAAh+QQAJgBJACwA AAAARAGoAQcI/wD/CRxIsKDBgwgTKlzIsKHDhxAjSpxIsaLFixgx2tvIsaPHjyBDihxJsqTJkyhT qlzJsqXLlzBjxsxIs6bNmzhz6tzJs6fPn0CDCh1KtKjRo0iTKl3KtKnTp1CjSp1KtarVqzdlat3K tavXr2DDiu2KtazZs2jTql3Ltq3bt3DjNhxLt67du3jz6t3Lt6/fv4ADr5RLuLDhw4gTK17MuDFi wZAjS55MubLly5gz73XMubNVzaBDix5NurTp06hTq17Neqvn17Cbtp5Nu7bt27hz697Nu/fH2MCD E/VNvLjx48iTDxbOvLlO5dCjS59O/bTz69g1Vt/OvWViCtnDi/8fT768+fNHu6tfz769e5To4ysG IL++cwD46Tt8z994/pL2BTiffgj1Z+CBCCao4IIMVibgg681KOGEFFa4GYQYNmbhhhx26OGHIOqW 4YgklmgiUCGmqNmJLLbo4otzqSjjjDTWaOONLMGoY1k49ujjj7ntKGRVQBZp5JGkCafGkLEh6eST UEYppXVMVunUlFhmqaVWVna51JZghinmSFD14iWMY6ap5ppsRnnmm3AWxUicdNb5Vpta2snUBy36 tgWepukp6KCEFmrooYgmquiijNoH6KOQRirpgo1WaumlBk2q6aacdorcYpxgKuqobXlaJKmopoqY P2eZ6uqreb3/Aeus3qlq661W0nojrobq6uuvvvEqbE86DOsZsMgmW5uxgiqbIrPQRuuos9RWO5q0 2Gar7bZYWevtt5ZxK+645JZr7rnopqvul+BauC6vULwr77z01mvvZ+1WeO++/AaV778A69XvwATj FLCEBQt4cIMJN+ywRAsz+PDEFFds8cUYBxjxxhzPlPHHBXcs8sjwgWxyYeWcSPLKLLfs8sswu3cy djHXHPHM19nMHc7m+sBzpjpX9/PQRBdNVdBCGw0b0kw37TSyUjwttWhKV2311ShOrfXWXOeF9ddg hy02eV0XN/bZaKctUNlsc4NOnLp17BjS2xNu7bt27hz697Nu7fv38DtyR5OvPjW4MiTtzTOvLnz59CjW1VOvXpJztWk a9/Ovbt3mtbDi//n+L28+fPo0ycez769+7wi3sufT/+k+vv4H9bfbzu///8G8SfggAQWaOCB+wGo 4H8INnjYghBGKOGE0Dlo4YUYZqjhhm9R6CF3HIbY1ocklodMiSimqOKKLLbo4oswziXijGnFaOON OOao445Y0ejjjyEtAOSQRBZp5JE8JqnkkuYd6eSTUEYp5ZRUVmlldUxmqeWWXHb54ZVgiuTlmDmF aaZHZKZp2plstunmm3DGiaSadFokp5V15jnRnVAi05GegOrH56CEbhjooYgmquiijDbq6KOCFirp pAZCaumlmGImQl26ZOrpp6CGKuqopJYamyvlAWDqquBR+hcAqrH/mhgAqhrnKl+w3gokrbr+yGuv PuYK7Iy/DmtsjbImq+yyzMp1rI/NJvnstNTeFi2P1YZ47Y7Zduvtt+CGK+64p21r7rmlkavuuuze iu6N7cYrr1jv1pvpAfbmu+e8TJHTn74t8ivwwAQXbPBaACes8MKZHvwewxBHLLGeRaLh7sQeOpxW Fxp37DFhGIcsckUfl2zyyckdBAYYI6fXz3EgrSwzytY2JHPL3tGsHM4Q6uyzvDwHLfRAPxdt9NGG Dc0g0rzVSwuMTDet9NQiR70b1fhZrXWVe3AkwNZghy32XliXbfbZxY1NG9rnqd0a2026vVqmROQp 99xwf3d3rHn3/73t3oC36Xd3gZc7+HaFW3Y44ok3TuXi2jk+GeSUmyr55ZhnrnlYlVe4eWGdhy76 6LN9bvrpQJOu+uqstz4c6rDHLvvstOfl+u2A1q777ryDjftrvcP1+/DEF2/8UMFTp07yfx7/mbfL MC/92M5XL+30alnfGfbcA6f99+DX2z1a4ZdffgrMjn+W+Y2p7/778F/MvmLx18/3/OvZ/xX+/FOo //79s8v/BiiZABrwgIwiIFcQKCMFOvCBEIygBCdIQcwx8ILpqSBiMMjBnGlQJh28ygdBGMKqjHAm JUyhCuF1wha6MDArjKEMZ0jDGnbuhTjMoe1syEPQ8I4KOgziv8J6SMQiGvGISEyiRPhhrw1hIVtK jKIUYyNElEzxilh8XhVNksUuevGLKaQVithVLP7oS4xgZAgaWRSuMm7RI258izBAd601xihbwsJQ GvdYpjf68Y+ADCSyGuKHNArykIhMpCJJyMdGOvIni4yk+qJAvkcqRJKWzOS+FqnJTvJvAZ6EDSZD iRRJRpKUpeQkKleZSkWy8pX/MKUsZ3lIWLJylF60BkRoyUtA2nKVuPylJ3tZy1ueUpihJKYyl8lM B74yIAAh+QQAJgBJACwAAAAARAGoAQcI/wDtCRxIsKDBgwgTKlzIsKHDhxAjSpxIsaLFixgx/tvI saPHjyBDihxJsqTJkyhTqlzJsqXLlzBjxsxIs6bNmzhz6tzJ86bMn0CDCh1KtKjRo0hbpkvKtKnT p1CjzuxJtarVq1izat3KtavXr2DDRpRKtqzZs2jTql3Ltq3bt3Djyp1Lt6zYu3jz6t2bsK7fv4AD i+RLuLDhw4gLnkvMuLHjqoIjS55MubLly5gza97MuXNKEZ5Dix59OQ3p0ywfq17NWi/q17Bjy55N u7bt27hz697N+zKD3mqr8mtNvLjx48iTK1/OvLlzm8CjSzcrZLr10M+za9/Ovbv37+DDi/9/eL28 +fHo02s1z769+/fw48ufT7++/fv48+vfz7+///8ABijggAQWaCCB6iWo4E4HNpjWghBGqJGDFJIl 4YUYklfhhk9l6OGHIIYo4ogkYsjhiSimSFmJLLbo4ovGqSijUDDWaOONOII144489mhWjkAq5+OQ KgVp5JFIJtkQkUyapOSTUEYp5ZRUVlkiOywapUmTXHZJoZVgfuXlmGSWaSaZYaap5ppstvnimXDG KeecB7pp55145qnnnnxCSOefgBbY56AaBjojoYgmquiijFZk6KOQRiopbY1Waqmik2aq6aacRnbp p6Dm2emXoZZqapijOngqn6m26uprq8b/KuustEr4qqC15qpribf26uuvwAYr7LCW7comsfwZuyay +ynr7LMLMqsftNRWa+212J4q7bbcRpXtt+CGK+5B3dq3JhLjpjtiuey26+678MZb5iDqGinviTTc y9mNX9Tr75H6svfvwAQXbPDBCCescLQBl7fwwxBHbG/D10G0mMQY/0txxRl37PHHIBu88cjxhnwh yb3+gDJKJtu6cm8tR/gyzDHXrO7MOOes884890yUzQr6LPSoQCc49GxFJ53t0bIpjR7TsTk9HtRU V231S1ITFwhFV3cdZ9ZgG+u1aGGXbfbZNI2NHdpsh6q2Z21n9/bcdB8d992V1q03j3j3/43p3pf5 vRzghKMo+OGIJ6744oyHW3hljUcO5uOUqyq5apM2Ubm8l3ce5eaeei766EuDHhjpqKfurFT6mO76 67DHLvvstNeuqeq45y6reQDYDlfvnIcIQMTtAe97W8a7W+LwCr+XPLssMq876r8mc3yn02cf4vVt ae99htyHH9335Jdv/vnop6/++uynKf778KvY/vzOxW9/bfRfdX9QWOzv//j5g0xZGhC/AArwfx0y oAJbg8AGOvCBEAzWAieIuQi+7RAWlBEFN8jBDuIog0fxIHRAWBQR1oSEKEwh/kyYERW68IWkYaGl uiFDjHSDhjW0yA13daIbSspNOJxVWcIA8Lzb+JBiRJTOEf+UFSKCaIemagoRi1jAnjgxhxCZogGJ ksQM3uSKWMxiGAkFjzGaUVwwTKMaM3PGNrpRR2v0jChm98Y62lF/cXTJHffoqDz6MYF8JNcfB0nI QhoyhoFMpCK5dshG/mSRkIykovZAK0eWRJICsSRJMLlIXXCyIJoMpSiBcrcWfJI5owTJKSWZyo9w spUeeSUsObLKWiZylrS0pS53ycte+vKXwAymwWBBFVxuRJa4RKYxl8nMZrYyIAAh+QQAJgBJACwA AAAARAGoAQcI/wD/CRxIsKDBgwgTKlzIsKHDhxAjSpxIsaLFixgx2tvIsaPHjyBDihxJsqTJkyhT qlzJsqXLlzBjxsxIs6bNmzhz6tzJs6fPn0CDCh1KtKjRo0iTKl3KtKnTp1CjSp1KtarVqzdlat3K tavXr2DDiu2KtazZs2jTql3Ltq3bt3DjNhxLt67du3jz6t3Lt6/fv4ADr5RLuLDhw4gTK17MuDFi wZAjS55MubLly5gz73XMubNVzaBDix5NurTp06hTq17Neqvn17Cbtp5Nu7bt27hz697Nu/fH2MCD E/VNvLjx48iTDxbOvLlO5dCjS59O/bTz69g1Vt/OvWViCtnDi/8fT768+fNHu6tfz769e5To4ysG IL++cwD46Tt8z994/pL2BTiffgj1Z+CBCCao4IIMVibgg681KOGEFFa4GYQYNmbhhhx26OGHIOqW 4YgklmgiUCGmqNmJLLbo4otzqSjjjDTWaOONLMGoY1k49ujjj7ntKGRVQBZp5JGkCafGkLEh6eST UEYppXVMVunUlFhmqaVWVna51JZghinmSFD14iWMY6ap5ppsRnnmm3AWxUicdNb5Vpta2snUBy36 tgWepukp6KCEFmrooYgmquiijNoH6KOQRirpgo1WaumlBk2q6aacdorcYpxgKuqobXlaJKmopoqY P2eZ6uqreb3/Aeus3qlq661W0nojrobq6uuvvvEqbE86DOsZsMgmW5uxgiqbIrPQRuuos9RWO5q0 2Gar7bZYWevtt5ZxK+645JZr7rnopqvul+BauC6vULwr77z01mvvZ+1WeO++/AaV778A69XvwATj FLCEBQt4cIMJN+ywRAsz+PDEFFds8cUYBxjxxhzPlPHHBXcs8sjwgWxyYeWcSPLKLLfs8sswu3cy djHXHPHM19nMHc7m+sBzpjpX9/PQRBdNVdBCGw0b0kw37TSyUjwttWhKV2311ShOrfXWXOeF9ddg hy02eV0XN/bZaKctUNlsc4hf27j9B5jaGOVH91v43e2W3bjG/2EngXoHHjLcuwkOF+GIJ6744r0Z fifjyzoueUFMVAl55JNnnuvls2muFueghw5zK6Jj7rlZpat2Olqpn8ZG67DjuHqrsdcu4+yo2647 iLj37vvvdO8u/PDEhw788cgnr/zyzH9ePGbNX/n8ZdHLNv31CFavvXPYd+/9mtpO8iIc25c/3vfo r2c+Uum3v9368HfmfmDxFzX/3PUPdf9f+eu/f1/9E8r/AGgvWoxogHwJoAJbxIoFOtAiCLzQAyeY lggKjILP8dURZoTBDvLIgnjxoMFASMISmlBKJgKcCC+iwnVRCAD5GlEL3zUhGJ4wLDaMIYRmKC8G 5fBfK7TJDcKHSKUgGvGISMwZEZfIxCZuKIlQjKIUp0jFKlrxirdyIlmwyMUuZk2LXPKiGMeYFTCG kYxojFFMPGDGNnqMVNVIlBvnyL80FoSOeJSgCDuQEQRuMI8rsiNBAJkjQVrNCYZMJHMIychGOjJJ FGugIs3zyEpa8pKYzKQmN8nJTkJnkqBUpCc7MslRmtIjoUylKlfJSime8pX2aKUsr/jKUp7SlrAc JS5zyUtN7tKTv+xlJmdJzCnWkl+/gJAwO1nMZiYxIAAh+QQAKwBJACwAAAAARAEfAAcI/wDtCRxI sKDBgwgTKlzIsKHDhxAjSpxIsaLFixgx/tvIsaPHjyBDihxJsuRIaCZTqlzJsqXLlzBjypxJs6bN mzhz6tzJs6fPn0CDCh1KtKhRlRmTKl3KtKnTp1CjMj1KtarVq1izat3KtavXr2DDih1LtqzZs2jT 6pTKtq3bt3Djyp1Lt67du3jzSlTLt6/fv4ADCx4s8iJhrXoTK6Z7OOvipaEeu21MubLlj4Y3Dlg5 oLPOzTFBa/7YubRn06JRm/6XmiNoybBjG6S5WbRJ2zdxs6ztmjRI27pxtx59ufjIzLxHr/bNmnVp 4r01e5YOGjX13tM9Jm+u/XfH4N2hv9OWTb78ROWugTPP3ly4eO7c1RNn3334d+/R7+uHP968//8J oQfdgPOFN5x64BG4nXf2pWedfPu9RxyAFFYoEH8KrmdgdKpJt597uuVXHXPaLReeiNFZqOJbM1kH H4HxnbhdiBK+2J5ILiYoI34owmjcj7RxeKKQH2KIY40C8jjikPnZ6CSQUPYEIpMxRuhekktKSOOU VNp4ZY9PRimmSlw26dyCLwaX3XMOXuejl2c+pxqaae745ph45qnnnnz26Sdfmf1p04qESiXooYgm quiiQgUEACH5BAArAEkALAAAHgBEAR8ABwj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq 3Mixo8ePIEOKHCnRnsmTKFOqNEmypcgAFmG67Liyps2bOHPq3Mnz5EWZA4HOHCpRaNGMAZImJah0 6T+jT582NQoUKtGrD3uuFGoVq9eDXR2GhchVINWoBWFSrRpUoNa3cOPKXfmzLVOnZp2qxcs0bVC8 Z/eC1es3b1W+d5VGPWs4MeLGZqU+DgzWoFrLdtF+3fwycl/PbAFj/sxWc+THnhcXDp259WXGpcsW RsuXcVurUC+PLs2598G59nS7Ni08dWaZlPt2lR1beULKyU/PNq7683DI1Kuvtgu8u/fvKH8i/566 t6np85qR+42edmpq5O6lVnYe2L1t6sXPx2+fPT/o1r4FiJF6AKJ3320A5udfdtIx2N96+hk4XYQH joUghLsVuNAzId0h4D/A8ZbbaBoKx552E16InnX4oehihCy6eCBC/tWoEHg45vhWXcfZxZqGLf73 14rvxfijhHmhSJiQ8s1GYILz+Ugaf0V+KGCITtaml3nPWablUgv+NaNi2LX3mmEmfrkimTACuZ9k h3HZI4g61mlnnTGJNZOFZFk51J2ABvoVn0R+RKhCvPmp6KIcAZcnQ4ciNSBqjH4U6KWYZqrpppx2 6umneFYq6qiklmrqqaimqqpFoLbq6quwxkcq66y01mrrrbjmquuuvPZq06rABivsZr4Wa+yxxw6r 7LLMNuvss9B6hey01FZr7bXYZqvtr9F2622024Yr7rjklmvuuTkFBAAh+QQAKwBJACwAADwARAEf AAcI/wDtCRxIsKDBgwgTKlzIsKHDhxAjSpxIsaLFixgzatzIsaPHjyBDihwp8Z/JkyhTqlzJsqXL lzBjypxJs6bNmzhz6tzJs6fPn0CDCh1KtKjRo0iTKl3KtKnTpz5JSp1KtarVq1gRQk26aavXr2DD rsxKtqzZs2jTql3Ltq3btmLjyp1Lt67du3jz6t3Lt6/fv3LfCh5MuLDhw4gTK8YKuLHjx3QvQp58 c7Hlj5TjCiC62eTlzwR3Chg92iRp0v9Ooz6dkvVJ151fp46durXr2aVNl6ZdG+Vq2rFvt9aNmnhn 3ptVD8/M3Cbw3iufm5ZN/Tny2b6XT4cefDv17Nirg/9fbj37denem/+9WJ4l+uMqk8cfLj899Ond t18nz/2++++18eZffQBuBtqB7JnX0nv2BTifgvkB6KB38I0nXncCPngfgRJyuOE/CH4mmnnKFVic f73BRp9+2uF3YootsghjcLmNJ52KClqYoXo82lbcjh/2F+OEsmEYY303Dlmhg/vZKFyRK+rYo18J DlmgeEoO2F+T+H23ZINLysclhS95aGZ2IaYZkYBAMpjel2G+yWWcMkoI42twasgmePmhN52agDbE ZolvOlkjbsDVmKiPipKYHGvKreYbjS9iyeiklB7aW6CJTQkYkD2B6ulcko3alKg5xcbpqgc1lxBK r/IQxOqsJZlq66245qrrrnIFBAAh+QQAKwBJACwAAFoARAEfAAcI/wD/CRxIsKDBgwgTKlzIsKHD hxAjSpxIsaLFixgzYgTAEYDGgh4NduQo8iNEfgpREuTH0qTLlzBjyrQYUmZNgjdvzkzIUqXBnit3 Ch1KlKi9o0iTKl16VOe/nE+jegw5UuBUkk87gsQpNWpWrFWtCmR6lCBZewN9HvSpduzZt3Djyp1L t67du3jzJqU4Q+zWgVetUuWK1atTr2LBIvbr9zDFtgXZ9oRctLLlyw31Ni0JGHFNqFAXd+78WXTo gWfNkk2bkjVrzbBjy55NuzZtp6BHf9Ua+vDIwYlB/i6YGvVqgZRd/1OL0rbz59CjS5eLm7Du6qN9 c+7KNWFxt0yVr80V33y6+fPooW/8m9Wzbu6ND2KHz9jwR+aRyWPez78/+LyCgUXSVO+FdVph9TFG lVa7jfbdP6lNppJkQC1XYXoYZqghhv6Z9OCDFW0o4ogkotXhiSimqOKKFJXo4oswxigjbSzWaOON OOao44489ujjj0AGKeSQRBZp5JEazajkkkw2+SKSUEYppUVOVmnllVjGNuWWXHZpUJZghimmmF6W aeaZaKap5ppstunmQ2PGKeecML5p55145qnnnnz26eefgAbqHZ2EFmpodAEBACH5BAArAEkALAAA eABEAR8ABwj/AO0JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3Mixo8ePIEPiCEly4r+TKFOq XMmypcuXMGPKnEmzps2bOHPq3MmzZ8+SQIMKHUq0qFGIPpMqXcq0qdOnUKMyPUq1qtWrWLNq3cq1 q9evYMOKHUu2rNmzaNN6lcq2rdu3cOPKnUu3rt27ePPq3cu3r9+/Si/iBKCXcFLDNREDlqn4sEy1 PAFIbvySMOWYl3c2ppz5JOLOLkF7pil69OCWmyszXrzz4ueZlm+Wtpk6McrZKkvj/jd7d27UtjE/ Ths5peHJnpHflpxbuXPmxqE7v52c+eTj0Edfb25ZOe/sy61T///evTPy58d5kzduGrv76uTTb4/+ vnr916xbumb/Gr/639pRxxlw/Qlo4G/+/adgbKY1yKB6ioEWIUvdNTheevyN5yCEGi54oIIBjqbW fh8+mOCG1z3YYXweFhhihhb6Vx54LkJ4YnMdbndjbAzqmKOBCcroIYsc/jOiRRPWuOOHFsZYYotM vjghisBJuRyIqJn4JIIcKslegEFqqCV+DEKm2hf27j9B5jaGOVH91v43e2W3bjG/2EngXoHHjLcuwkOF+GIJ6744r0Z fifjyzoueUFMVAl55JNnnuvls2muFueghw5zK6Jj7rlZpat2Olqpn8ZG67DjuHqrsdcu4+yo2647 iLj37vvvdO8u/PDEhw788cgnr/zyzH9ePGbNX/n8ZdHLNv31CFavvXPYd+/9mtpO8iIc25c/3vfo r2c+Uum3v9368HfmfmDxFzX/3PUPdf9f+eu/f1/9E8r/AGgvWoxogHwJoAJbxIoFOtAiCLzQAyeY lggKjILP8dURZoTBDvLIgnjxoMFASMISmlBKJgKcCC+iwnVRCAD5GlEL3zUhGJ4wLDaMIYRmKC8G 5fBfK7TJDcKHSKUgGvGISMwZEZfIxCZuKIlQjKIUp0jFKlrxirdyIlmwyMUuZk2LXPKiGMeYFTCG kYxojFFMPGDGNnqMVNVIlBvnyL80FoSOeJSgCDuQEQRuMI8rsiNBAJkjQVrNCYZMJHMIychGOjJJ FGugIs3zyEpa8pKYzKQmN8nJTkJnkqBUpCc7MslRmtIjoUylKlfJSime8pX2aKUsr/jKUp7SlrAc JS5zyUtN7tKTv+xlJmdJzCnWkl+/gJAwO1nMZiYxIAAh+QQAKwBJACwAAAAARAEfAAcI/wDtCRxI sKDBgwgTKlzIsKHDhxAjSpxIsaLFixgx/tvIsaPHjyBDihxJsuRIaCZTqlzJsqXLlzBjypxJs6bN mzhz6tzJs6fPn0CDCh1KtKhRlRmTKl3KtKnTp1CjMj1KtarVq1izat3KtavXr2DDih1LtqzZs2jT 6pTKtq3bt3Djyp1Lt67du3jzSlTLt6/fv4ADCx4s8iJhrXoTK6Z7OOvipaEeu21MubLlj4Y3Dlg5 oLPOzTFBa/7YubRn06JRm/6XmiNoybBjG6S5WbRJ2zdxs6ztmjRI27pxtx59ufjIzLxHr/bNmnVp 4r01e5YOGjX13tM9Jm+u/XfH4N2hv9OWTb78ROWugTPP3ly4eO7c1RNn3334d+/R7+uHP968//8J oQfdgPOFN5x64BG4nXf2pWedfPu9RxyAFFYoEH8KrmdgdKpJt597uuVXHXPaLReeiNFZqOJbM1kH H4HxnbhdiBK+2J5ILiYoI34owmjcj7RxeKKQH2KIY40C8jjikPnZ6CSQUPYEIpMxRuhekktKSOOU VNp4ZY9PRimmSlw26dyCLwaX3XMOXuejl2c+pxqaae745ph45qnnnnz26Sdfmf1p04qESiXooYgm quiiQgUEACH5BAArAEkALAAAHgBEAR8ABwj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq 3Mixo8ePIEOKHCnRnsmTKFOqNEmypcgAFmG67Liyps2bOHPq3Mnz5EWZA4HOHCpRaNGMAZImJah0 6T+jT582NQoUKtGrD3uuFGoVq9eDXR2GhchVINWoBWFSrRpUoNa3cOPKXfmzLVOnZp2qxcs0bVC8 Z/eC1es3b1W+d5VGPWs4MeLGZqU+DgzWoFrLdtF+3fwycl/PbAFj/sxWc+THnhcXDp259WXGpcsW RsuXcVurUC+PLs2598G59nS7Ni08dWaZlPt2lR1beULKyU/PNq7683DI1Kuvtgu8u/fvKH8i/566 t6np85qR+42edmpq5O6lVnYe2L1t6sXPx2+fPT/o1r4FiJF6AKJ3320A5udfdtIx2N96+hk4XYQH joUghLsVuNAzId0h4D/A8ZbbaBoKx552E16InnX4oehihCy6eCBC/tWoEHg45vhWXcfZxZqGLf73 14rvxfijhHmhSJiQ8s1GYILz+Ugaf0V+KGCITtaml3nPWablUgv+NaNi2LX3mmEmfrkimTACuZ9k h3HZI4g61mlnnTGJNZOFZFk51J2ABvoVn0R+RKhCvPmp6KIcAZcnQ4ciNSBqjH4U6KWYZqrpppx2 6umneFYq6qiklmrqqaimqqpFoLbq6quwxkcq66y01mrrrbjmquuuvPZq06rABivsZr4Wa+yxxw6r 7LLMNuvss9B6hey01FZr7bXYZqvtr9F2622024Yr7rjklmvuuTkFBAAh+QQAKwBJACwAADwARAEf AAcI/wDtCRxIsKDBgwgTKlzIsKHDhxAjSpxIsaLFixgzatzIsaPHjyBDihwp8Z/JkyhTqlzJsqXL lzBjypxJs6bNmzhz6tzJs6fPn0CDCh1KtKjRo0iTKl3KtKnTpz5JSp1KtarVq1gRQk26aavXr2DD rsxKtqzZs2jTql3Ltq3btmLjyp1Lt67du3jz6t3Lt6/fv3LfCh5MuLDhw4gTK8YKuLHjx3QvQp58 c7Hlj5TjCiC62eTlzwR3Chg92iRp0v9Ooz6dkvVJ151fp46durXr2aVNl6ZdG+Vq2rFvt9aNmnhn 3ptVD8/M3Cbw3iufm5ZN/Tny2b6XT4cefDv17Nirg/9fbj37denem/+9WJ4l+uMqk8cfLj899Ond t18nz/2++++18eZffQBuBtqB7JnX0nv2BTifgvkB6KB38I0nXncCPngfgRJyuOE/CH4mmnnKFVic f73BRp9+2uF3YootsghjcLmNJ52KClqYoXo82lbcjh/2F+OEsmEYY303Dlmhg/vZKFyRK+rYo18J DlmgeEoO2F+T+H23ZINLysclhS95aGZ2IaYZkYBAMpjel2G+yWWcMkoI42twasgmePmhN52agDbE ZolvOlkjbsDVmKiPipKYHGvKreYbjS9iyeiklB7aW6CJTQkYkD2B6ulcko3alKg5xcbpqgc1lxBK r/IQxOqsJZlq66245qrrrnIFBAAh+QQAKwBJACwAAFoARAEfAAcI/wD/CRxIsKDBgwgTKlzIsKHD hxAjSpxIsaLFixgzYgTAEYDGgh4NduQo8iNEfgpREuTH0qTLlzBjyrQYUmZNgjdvzkzIUqXBnit3 Ch1KlKi9o0iTKl16VOe/nE+jegw5UuBUkk87gsQpNWpWrFWtCmR6lCBZewN9HvSpduzZt3Djyp1L t67du3jzJqU4Q+zWgVetUuWK1atTr2LBIvbr9zDFtgXZ9oRctLLlyw31Ni0JGHFNqFAXd+78WXTo gWfNkk2bkjVrzbBjy55NuzZtp6BHf9Ua+vDIwYlB/i6YGvVqgZRd/1OL0rbz59CjS5eLm7Du6qN9 c+7KNWFxt0yVr80V33y6+fPooW/8m9Wzbu6ND2KHz9jwR+aRyWPez78/+LyCgUXSVO+FdVph9TFG lVa7jfbdP6lNppJkQC1XYXoYZqghhv6Z9OCDFW0o4ogkotXhiSimqOKKFJXo4oswxigjbSzWaOON OOao44489ujjj0AGKeSQRBZp5JEazajkkkw2+SKSUEYppUVOVmnllVjGNuWWXHZpUJZghimmmF6W aeaZaKap5ppstunmQ2PGKeecML5p55145qnnnnz26eefgAbqHZ2EFmpodAEBACH5BAArAEkALAAA eABEAR8ABwj/AO0JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3Mixo8ePIEPiCEly4r+TKFOq XMmypcuXMGPKnEmzps2bOHPq3MmzZ8+SQIMKHUq0qFGIPpMqXcq0qdOnUKMyPUq1qtWrWLNq3cq1 q9evYMOKHUu2rNmzaNN6lcq2rdu3cOPKnUu3rt27ePPq3cu3r9+/Si/iBKCXcFLDNREDlqn4sEy1 PAFIbvySMOWYl3c2ppz5JOLOLkF7pil69OCWmyszXrzz4ueZlm+Wtpk6McrZKkvj/jd7d27UtjE/ Ths5peHJnpHflpxbuXPmxqE7v52c+eTj0Edfb25ZOe/sy61T///evTPy58d5kzduGrv76uTTb4/+ vnr916xbumb/Gr/639pRxxlw/Qlo4G/+/adgbKY1yKB6ioEWIUvdNTheevyN5yCEGi54oIIBjqbW fh8+mOCG1z3YYXweFhhihhb6Vx54LkJ4YnMdbndjbAzqmKOBCcroIYsc/jOiRRPWuOOHFsZYYotM vjghisBJuRyIqJn4JIIcKslegEFqqCV+DEKm2YVbYgnliz9a6eWAYVLppJVMZqYlnQD+56WYRYIo 5J5q5peSa96tN2Ry3NX3HXf2NcoimUmuKF574DmqY3bSMYroo9Hl+dlz8BV4onSYouefmX35dpqg ebLalKp9Cca2VKFM0coqrK6SNihxufbq66/ABivssMTSRSJduMqFa7IrMSuVsycdKRG0q2JJrVPL OvaUs9RKG9G1tK0IWLY+gUvhmTydFZl37JKKoZ7uMjqfovAZep57n+K7YXj5hkdfv/XOh6bA0+lJ pL+GHlhwuwDbWqxqbhJYZ5tQXjZlkfJJuqafGlv8JKAYf9zeoYdG+C6PHX8Z6MPnaufjvy3mSyOf FbbqYsaUTmpwbfBaN6DL956X459AdklxnPHxOO+9/JrbVkAAIfkEACsASQAsAACWAEQBHwAHCP8A /wkcSLCgQYEABiYEwJDhv4QEGy5U+BBixYYRKSJ8WNGgRY4bIYoECVIiyZEfTyLE6LCgxYUmJU7c qPAlRZsTc2qkqXKnTI4/L8KsifGg0aNIkypdypTnzJ0qba4k6dLnyY9Yb9J8yrXnU6c9O1pNSRbq TJxadUoFyzNsyKpOvzadS7euXbBox5p1u/ZrVr0lo2plm/Ft279AByc+bHhx4K17CYfV2Tjr2ruY 79rbzLmz58+bTa582VJ0zJYXPXaFmTK165FAiwqd7FHjabKyc5eOLLYkaqmXxco+vNv1bN0QQStf zry58+fQN2eeTn1pa6XXq2vfzn169O/gw4v/t9e9/PTsSNGbX8/e/Pj38NvLn0+/vv379Fnh38+/ v///AAYo4ID7qdcWZmVBpZ2B5xEYIIPzQchUcAjCVViDF1JloXUKTuihXRSWBx95DiYlIYfdMXhi ehuuyOKBH2J3l1QjNneeQ7+VJtJuWCEHmW+47RjkaLBRxVJqOSaIUlFCzuaSjkWeNZxpiYnm5GhX Doclk0k+hlduHZYIm5JRJejYWY0ZJVdVeRk5GEqRwfkWYogJNidvQ53JF2BuWpWmXG1GWWJtj1HZ 5lgxVdlbREeqhqNtGua15JSKokVnhoHqyedqeN5kZW99Gdlapm6tN+KYXtl5IaCKTsXnpmna8iln bWqltSqmilHWp56kErYmo7RZZmFXPdVorHKoAqcqrKVeOmquHUpa2bB47VpnpsRWO+1loYaYrV+M TWvUscphOCaTWGro1W+2oUbUjk8+KllNi5377I/1yhsplO8C2WNxmn7aEXDuGsfvlmaxBCaMg8bY 8IsPO+jifRNHfFTFA2JscYoFi7nxxyCHLPLIJJds8skop6zyyiy37PLLMPsnQ0Hk1mzzzTjnrPPO PPfs889ABy300EQXbfTRSCet9NJMN+3000K/AXVnvUxt9dVYZ71zL1Vr7fXXYIetHNdil2322UM4 3bXTMbft9npclxgQACH5BAArAEkALAAAtABEAR8ABwj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEix okWIvXpd3Mixo8ePIEOKHEkSY0mJ9lKqXMmypcuXMGPKnEmzps2bOHPq3Mmzp86MPoOqPEm0qNGj SJMizKjUoNCnUKNKnUq1qtWrWLNq3cq1q9evYMOKHUu2rFmyTdOqXcu2rdu3cOPKnUu3rt27ePOq Pcu3r9+/gAMLHky4sOHDiBMr7qu3sePHkBMu5ktusuXLKSNr3sy5s+fPoEOLHk26tOnTqFMb9Ska c+B/rqNy/ED7g0jbBmkTxK26t++JvEcGH6ib+G+JJI6fHv4vuO3nzaM3ry3wefHaw6FXr05dunfc 3ZWLjvfM3Pl07tuNF5fOPDpv7dvfqx9P363P8ru/G5+/vz34+Pm5J6B3sMVm4IEtXYQff99hBx97 B8lnHXYAwrdefRgilVI4Oy0IYHoEgghhbvP5J2B2BSKo4oo6hfiehft9mJ6JxD0on4jbsajjZbN1 Rx2MNV4X4HlDEklhjC+2l+GSI7EW2o5QKsbklFSSFBAAIfkEACsASQAsAADSAEQBHwAHCP8A/wkc SLCgwYMIEypcyLChw4cQI0qcSLGixYsYM2rcyLGjx48gQ4ocKdGeyZMoU6o0SbKly5cwY4pcSbOm TZYycy4EoLOnTp4fgfpceLMogKNCCyZViHRpw6YVnf6TyhQqQ55UCSLFmNWh065NsV59CrVrw6Jo 06pNKVSqWYFvE8Yda3DuQLtan2bEe5Dv0rd2215cS/jkRcFTj8JVLDYx0L93HUOuq9hx4sWVH2fe 3LYyXMqMI2MN/Tmv5NJTMd9lzHr0as2c81qNbHqr6q2NbaOebVssbr4VC7MVTXzxbtWpPyNGTTv1 Y+XEBS9vrLR3cefJs0+Wfp269tLUw2f/767VOvfmntGrl/48OU/hhA/3LqueOXbozL8Wf849rPay +pl2H3ZJeQcebbkBWB9/9OEnW3PjOdfgca9NJ9qE7QEn02T1ffeggwXWtR+IA1JYnYDH9fdhbQi6 15d4LnJo4IAhrphfhxY6SGF7Q+2kFHkmkricfefxFx2Q49W43pEotmjikDAaKaSIUP543pM4kocY jzPBZ9JXnpGGHG+4QYgZbAdKmBlyl1nmZoWwxenekLd16KZupGW4JnghQtkgnpslieeCe7qYmpdq 9ZiThhbNxaiikEZaEKL2SArRoxQ5aummIFHqaVGchirqqDB9aupKpKaq6qoYneqqYaz2/xigqpiO RJVdr746249kpXepry/FtR2gYqopLJ2XhqqkWULl6iqyESJUq30wCcvrlTdCeyK1D00L0rI+CuQs SochGFuCXH63q4injbnmaGG+6y6aZwqIbZL4MmWodfuGWZ2c7d55Ybz0BmwZmQUrq+VqOxYKY18p 2tvmla5ZueSNDXPpHbMxjlgitzSqu7COFEtMZLScWuVfjhGKp62hJZY8ZYX/lYmxwSTny2bHKxPY ppkYijxzzEFneZq3ZyHKIZYnywyx0BFHHTKJJgdp8XUos2igb/9BWPLXI598M9jijvupjB6mPXS6 MG+MpMsXQw2utPi+jF6UQHsdNtxDy4JdNd//mH02aAwXyFlnYqZr85z0Io54fvOxua7ixAIc7sT+ 8ols0FsSHGVs9ZbnocrvCU5pT0g3SVLqLrFuqemnLxrUhqy6/rrgseau++6rxs7778ArCjuqGtnu EaPAyiWR8T4lv/xewNsNqYbS60iX9S86b+ZVYGq/fVT/zki3TwEBACH5BAArAEkALAAA8ABEAR8A Bwj/AP8JHEiwoEGBAAYmPMiwocOHEBFGNLjwX0WHCS9CvJhxI4CPDzV6pPhRJMWJETWW7JgSpUuX 9mLKnEmzZsyKJl/q1Jkz5MueDUUCtbhzIsiCOH0WPakQqVGCNqNKnUq1qtSSFrEiPEpQq1eQR1cq DOu16ViuWrNyBKsWZ1iiYtWe5Si3rkSkb1mmTXtXZVO9ZBeW7SgYLV+Vgc8SJfqoseNHViNLnmwv qUTLdzPrvWz2r+fMi0NzZgq3M2e6STGXBt317WXBoVky9ftac+y/hW2rrotZ9mqbj4NTHi65d1u6 nTevXizWsu/bbbOSll2YrfPmpqkDzYj9NVauXVnH/3X7fS5189BPGl87kLj79zXXM0S+Gnbqz8xF 3+5N//x92OJlpx944dG2XGutxRXgggMm5xRr+N33GXwUvicfaP3lt5x/Dj64YXgOSliabyKiRppT JaYnGn0N6hZihx8edN5off1TIXFLjQUdX1tVVyNce5Vnm4fVcWfgjNgZ6WOPyIFFoIJl9ZUYiBh6 yFuCQ/Y4V4JuaanlbjnCBF+YKA0lI5lopqnmmmy2+dCNcErm5pk/zWnnnXjm2WacfFKl55+ABiro Un0Wauhwgyaq6KKDHuroo1ItZSajek6qn5qW5gnpppGFqeBTaRIYqKUzkiQkRil1R+mqrG5kmquh Zv/apqxgMhhUma+2qiubFKYImJKKecmjhtH9Gux35DHp5Y+EOfnkg0EaWR945CU7opO8cqptpDn6 CmCWNKqoYWrfcpifr7OdBmN0H/YnFIz+AfjtrvSuOV6EVBYpHZO0YVbYgnliz9a6eWAYVLppJVMZqYlnQD+56WYRYIo 5J5q5peSa96tN2Ry3NX3HXf2NcoimUmuKF574DmqY3bSMYroo9Hl+dlz8BV4onSYouefmX35dpqg ebLalKp9Cca2VKFM0coqrK6SNihxufbq66/ABivssMTSRSJduMqFa7IrMSuVsycdKRG0q2JJrVPL OvaUs9RKG9G1tK0IWLY+gUvhmTydFZl37JKKoZ7uMjqfovAZep57n+K7YXj5hkdfv/XOh6bA0+lJ pL+GHlhwuwDbWqxqbhJYZ5tQXjZlkfJJuqafGlv8JKAYf9zeoYdG+C6PHX8Z6MPnaufjvy3mSyOf FbbqYsaUTmpwbfBaN6DL956X459AdklxnPHxOO+9/JrbVkAAIfkEACsASQAsAACWAEQBHwAHCP8A /wkcSLCgQYEABiYEwJDhv4QEGy5U+BBixYYRKSJ8WNGgRY4bIYoECVIiyZEfTyLE6LCgxYUmJU7c qPAlRZsTc2qkqXKnTI4/L8KsifGg0aNIkypdypTnzJ0qba4k6dLnyY9Yb9J8yrXnU6c9O1pNSRbq TJxadUoFyzNsyKpOvzadS7euXbBox5p1u/ZrVr0lo2plm/Ft279AByc+bHhx4K17CYfV2Tjr2ruY 79rbzLmz58+bTa582VJ0zJYXPXaFmTK165FAiwqd7FHjabKyc5eOLLYkaqmXxco+vNv1bN0QQStf zry58+fQN2eeTn1pa6XXq2vfzn169O/gw4v/t9e9/PTsSNGbX8/e/Pj38NvLn0+/vv379Fnh38+/ v///AAYo4ID7qdcWZmVBpZ2B5xEYIIPzQchUcAjCVViDF1JloXUKTuihXRSWBx95DiYlIYfdMXhi ehuuyOKBH2J3l1QjNneeQ7+VJtJuWCEHmW+47RjkaLBRxVJqOSaIUlFCzuaSjkWeNZxpiYnm5GhX Doclk0k+hlduHZYIm5JRJejYWY0ZJVdVeRk5GEqRwfkWYogJNidvQ53JF2BuWpWmXG1GWWJtj1HZ 5lgxVdlbREeqhqNtGua15JSKokVnhoHqyedqeN5kZW99Gdlapm6tN+KYXtl5IaCKTsXnpmna8iln bWqltSqmilHWp56kErYmo7RZZmFXPdVorHKoAqcqrKVeOmquHUpa2bB47VpnpsRWO+1loYaYrV+M TWvUscphOCaTWGro1W+2oUbUjk8+KllNi5377I/1yhsplO8C2WNxmn7aEXDuGsfvlmaxBCaMg8bY 8IsPO+jifRNHfFTFA2JscYoFi7nxxyCHLPLIJJds8skop6zyyiy37PLLMPsnQ0Hk1mzzzTjnrPPO PPfs889ABy300EQXbfTRSCet9NJMN+3000K/AXVnvUxt9dVYZ71zL1Vr7fXXYIetHNdil2322UM4 3bXTMbft9npclxgQACH5BAArAEkALAAAtABEAR8ABwj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEix okWIvXpd3Mixo8ePIEOKHEkSY0mJ9lKqXMmypcuXMGPKnEmzps2bOHPq3Mmzp86MPoOqPEm0qNGj SJMizKjUoNCnUKNKnUq1qtWrWLNq3cq1q9evYMOKHUu2rFmyTdOqXcu2rdu3cOPKnUu3rt27ePOq Pcu3r9+/gAMLHky4sOHDiBMr7qu3sePHkBMu5ktusuXLKSNr3sy5s+fPoEOLHk26tOnTqFMb9Ska c+B/rqNy/ED7g0jbBmkTxK26t++JvEcGH6ib+G+JJI6fHv4vuO3nzaM3ry3wefHaw6FXr05dunfc 3ZWLjvfM3Pl07tuNF5fOPDpv7dvfqx9P363P8ru/G5+/vz34+Pm5J6B3sMVm4IEtXYQff99hBx97 B8lnHXYAwrdefRgilVI4Oy0IYHoEgghhbvP5J2B2BSKo4oo6hfiehft9mJ6JxD0on4jbsajjZbN1 Rx2MNV4X4HlDEklhjC+2l+GSI7EW2o5QKsbklFSSFBAAIfkEACsASQAsAADSAEQBHwAHCP8A/wkc SLCgwYMIEypcyLChw4cQI0qcSLGixYsYM2rcyLGjx48gQ4ocKdGeyZMoU6o0SbKly5cwY4pcSbOm TZYycy4EoLOnTp4fgfpceLMogKNCCyZViHRpw6YVnf6TyhQqQ55UCSLFmNWh065NsV59CrVrw6Jo 06pNKVSqWYFvE8Yda3DuQLtan2bEe5Dv0rd2215cS/jkRcFTj8JVLDYx0L93HUOuq9hx4sWVH2fe 3LYyXMqMI2MN/Tmv5NJTMd9lzHr0as2c81qNbHqr6q2NbaOebVssbr4VC7MVTXzxbtWpPyNGTTv1 Y+XEBS9vrLR3cefJs0+Wfp269tLUw2f/767VOvfmntGrl/48OU/hhA/3LqueOXbozL8Wf849rPay +pl2H3ZJeQcebbkBWB9/9OEnW3PjOdfgca9NJ9qE7QEn02T1ffeggwXWtR+IA1JYnYDH9fdhbQi6 15d4LnJo4IAhrphfhxY6SGF7Q+2kFHkmkricfefxFx2Q49W43pEotmjikDAaKaSIUP543pM4kocY jzPBZ9JXnpGGHG+4QYgZbAdKmBlyl1nmZoWwxenekLd16KZupGW4JnghQtkgnpslieeCe7qYmpdq 9ZiThhbNxaiikEZaEKL2SArRoxQ5aummIFHqaVGchirqqDB9aupKpKaq6qoYneqqYaz2/xigqpiO RJVdr746249kpXepry/FtR2gYqopLJ2XhqqkWULl6iqyESJUq30wCcvrlTdCeyK1D00L0rI+CuQs SochGFuCXH63q4injbnmaGG+6y6aZwqIbZL4MmWodfuGWZ2c7d55Ybz0BmwZmQUrq+VqOxYKY18p 2tvmla5ZueSNDXPpHbMxjlgitzSqu7COFEtMZLScWuVfjhGKp62hJZY8ZYX/lYmxwSTny2bHKxPY ppkYijxzzEFneZq3ZyHKIZYnywyx0BFHHTKJJgdp8XUos2igb/9BWPLXI598M9jijvupjB6mPXS6 MG+MpMsXQw2utPi+jF6UQHsdNtxDy4JdNd//mH02aAwXyFlnYqZr85z0Io54fvOxua7ixAIc7sT+ 8ols0FsSHGVs9ZbnocrvCU5pT0g3SVLqLrFuqemnLxrUhqy6/rrgseau++6rxs7778ArCjuqGtnu EaPAyiWR8T4lv/xewNsNqYbS60iX9S86b+ZVYGq/fVT/zki3TwEBACH5BAArAEkALAAA8ABEAR8A Bwj/AP8JHEiwoEGBAAYmPMiwocOHEBFGNLjwX0WHCS9CvJhxI4CPDzV6pPhRJMWJETWW7JgSpUuX 9mLKnEmzZsyKJl/q1Jkz5MueDUUCtbhzIsiCOH0WPakQqVGCNqNKnUq1qtSSFrEiPEpQq1eQR1cq DOu16ViuWrNyBKsWZ1iiYtWe5Si3rkSkb1mmTXtXZVO9ZBeW7SgYLV+Vgc8SJfqoseNHViNLnmwv qUTLdzPrvWz2r+fMi0NzZgq3M2e6STGXBt317WXBoVky9ftac+y/hW2rrotZ9mqbj4NTHi65d1u6 nTevXizWsu/bbbOSll2YrfPmpqkDzYj9NVauXVnH/3X7fS5189BPGl87kLj79zXXM0S+Gnbqz8xF 3+5N//x92OJlpx944dG2XGutxRXgggMm5xRr+N33GXwUvicfaP3lt5x/Dj64YXgOSliabyKiRppT JaYnGn0N6hZihx8edN5off1TIXFLjQUdX1tVVyNce5Vnm4fVcWfgjNgZ6WOPyIFFoIJl9ZUYiBh6 yFuCQ/Y4V4JuaanlbjnCBF+YKA0lI5lopqnmmmy2+dCNcErm5pk/zWnnnXjm2WacfFKl55+ABiro Un0Wauhwgyaq6KKDHuroo1ItZSajek6qn5qW5gnpppGFqeBTaRIYqKUzkiQkRil1R+mqrG5kmquh Zv/apqxgMhhUma+2qiubFKYImJKKecmjhtH9Gux35DHp5Y+EOfnkg0EaWR945CU7opO8cqptpDn6 CmCWNKqoYWrfcpifr7OdBmN0H/YnFIz+AfjtrvSuOV6EVBYpHZO0lRtbc93Zp+pzIxYMrl8rkZjd XiEO/GO9EKN5pIopbnUpv+a2aJZ9RF5KmMEUo2ilcVmKOOS8EdPba8eqVUwjixmjey6+JjmXHovt 5gvviy8zO93ONm4rNJ9CnSrXdc4GK2CxWArLrGvMTRw1xQEblttaaHUY5bgQkgzd0GDHlDKZso6d ctlmp73rsGq3DaHbjYYt99x012333XjnrffefPcpPRXcgAcu+OCEF2744Ygnrvjibfvt+OOQR/4o 45RXbrni9Fyu+eYQBQQAIfkEACsASQAsAAAOAUQBHwAHCP8A/wkcSLCgwYMIEypUSG+hw4cQI0qc SLGixYsYM2p8aK+jx48gQ4ocSbKkyZMoU6pcybKly5cwY8qcOXOjzZs4c+rcybOnz59AgwodSrSo 0aMCaSpdyrSp06dQo0ptirSq1atYs2rdyrWr169gw4odS7as2bNo06pdy7at27cKp8qdS7eu3bt4 V8Ldy7evzryAAwseTLiw4cOIEytebNKv48eQITKeTLmy5cuYM2vuSG2z58+gQ4uuGbm06cijU6te zbq169eIT8ueDVcm7du4EULVma9i77G/s+YLDnH4wd7EkSb3a/vfcOPLH0YHOh1h9aLXrSdEjjW7 0MXOC3r/P350/EDz1ClW534Vvc/dGJcjNy7weXD74euLP1//uX7+7BHkH37O+dcfdPyJRx+BxHH3 G4MGCjiggQEeSJ9+FYZHYX4EFvjghRha+F+HEVJYIogiaohiTjLJd19+IQr4n4wx1qiiQcm9COB+ MCY4o4YyLsjjjyMGGd2DQfZYIIBI7uijgj86SKOTUSr55Hz8wXeRfElSaWOXDfaYIZE6fjmmmF3W mOOUCYY5XZMhrkmlm2xOSWeYaaL5Zp7uEcUlk/jluB6HfFrZn490SrgdnEDOqWCHbeZJ451DNuqh ief9eSmC9i2I6aYf4ljoV5pa+qSpYBZ6HZyJeilqq5bKFrldlXvqqWSrg55apqswwlqprafiFBAA IfkEACsASQAsAAAsAUQBHwAHCP8A/wkcSLCgQYH5DCYcmHAhQYcI/0F8KDEiw4oXJxZc6BBiw40Y D1b0GHLkRYoiLZLUqJLiR5QRO6YkCVPjy5ouZ4LMCDOlz59AgU5cmRMly5BEEd48yPFkzJ1HTfJU inSnRaNFFV7N93FoVppXS1blmbTkUrBhzwZdy7YtV65mlcKVe5Olx7cM4S7Ne5cu37ob50rEK1eq 38GCaxI+2lGvYbpN/xZGrFUyxreN9QrGPDnwXLRtQ4seTVps6dOoU6t2u7q169dr7cmeTbu2bdmw RUbNzbs3792+gwe9Tbw4ceHIkytfzry58+fQo0ufTr36QOPYcfe0nhu4au/Ws4v/H0++vPnzs1PL tLo6sunR4J3Khyza/dr4rJly318QPe2xyOF3X37bxZWfgL/pJpB/DDboYIOocdbQZ51Ztp6EiHVF GX2eZXiYhxdWdhJnIyXm4UN4LTYZYShSmBGL8/EXHoSNkaXgiJdB9eJUYYm13lNY9ehjXJux55RM aunHY45KPujkk1BGaQ+AJjGGlX1MPpbkfD8+pqWIQIY5pIhIGghmklb+I+WabLZZHJUvmZhhkT26 pxZogx2ZFVUFelXWmFaVmSefPaF5o5uIJiolnGYKKZVXVf2ZZpd7bcklkdvZpSdakIqJ5UmKhpqo evJZamCcOnqK1KSljrkbTZIakrnVkqCV5aKMuHZ354ae2elXjWg61iKKH2LYUq933WqaiT929Zmc J1JWo6y5Vmstgddmq+2MDFpL4rbgqinquGuGa+656FZL7rrstuvuu27SM2q69NZrL3Pw5qvvvvz2 6+a9AAcs8MAEF2ywcP4mrPDCDDfs8MMQRyzxxBRXbPHF/h2s8cYcd+zxxyCHLPLIqwUEACH5BAAr AEkALAAASgFEAR8ABwjtAP8JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3Mixo8ePIEOKHCnR nsmTKFOqXMmypcuXMGPKnEmzps2bOHPq3Mmzp8+fQIMKHUq0qNGjSJMqXcq0qdOnPklKnUq1qtWr WBFC3cq1q9evYMOKHUu2rNmzaNOqXfszq9u3cOPKnUu3rt27ePPq1attr9+/gAMLHky4sOHDiBNf ZMu4sePHkCNLnkxWseXLmEVS3sy5s+fPoEOLHk26tOnTqFMzzcy6tevXsGPLpqi6tu3buHPr3s27 99nZwIMLH068+FvfyJMrX868ufPnjAMCACH5BAArAEkALAAAaAFEAR8ABwj1AO0JHEiwoMGDCBMq XMiwocOHECNKnEixosWLGDNq3Mixo8ePIEOKHCnxn8mTKFOqXMmypcuXMGPKnEmzps2bOHPq3MmT J8mfQIMKHUq0KMKeSJMqXcq0qdOnUJcanUq1qtWrWLNq3cq1q9evYMOKHUu2rNmzaNOqXcu2rdu3 cOPKnUu3LteoePPq3cu3r9+/gAMLHky4sOHDiBMrXsy4sePHkCNLnky5suXLmDNr3sy5s+fPMe2K Hi0atOnTqGWSXs26tevXsKmmnk27tu3buHPr3s27t+/fwIMLH550IIDYyJNXPQmAuPPnPZtDn/6y EXWTAQEAIfkEAP//SQAsAACGAUQBHwAHCP8A//0DILCgwYMIEypcyLChw4cQI0qcSLGiRYSNLmrc yDGiPXsAPoocSbKkyZMoU6pcybKly5cwY8qcSbOmzZs3Q+LcybOnz59AgwodilMgwY5IkypdyrSp 06dQO4IkSrWq1atYs2ptGbWr169gw4odK3Gr2bNo06pd+5Gs27dw48qdS7eu3bt48zZky7ev37+A UeodTLiwYaiBE9scorix45SHI0ueTLmy5cuYJT/ezLmzZ8GZQ4se7fWz6dOo/5Jezbq169ewYytN Tbu2bauyc+vezbu377u3gwsfTry48eM9fytfjhe58+fBmUuf/ha69evYs2vfzr279+HUw4sD7xoQ ACH5BAAmAEkALAAAAABEAagBBwj/AO0JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDH+28ixo8eP IEOKHEmypMmTKFOqXMmypcuXMGPKnEmzps2bOHPq3MlzZcafQIMKHUq0qNGjQnsqXcq0qdOnNY9B nUq1qtWrWLNq3cq1q1edSMOKHUu2rNmzEL+qXcu27U60cOPKnUu3rkC3ePPq3SvSrt+/gAMLHky4 sOHDaPkqXsy4sePHkCP7REzZ3pDKmDMblMy5s+fJmkOLHk26tOnTqNN+Xs269b/UsGPLnk27tu3b uHPr3s27t+/fwIMLH068suvjyJMrX868ufPn0DsWn059aPTr2JlW3869u/fv4MOL/x9Pvrz17OjT q1/Pvr3794rdwJ9Pv7599ubz69/PX/b9/+v1J2BvABaY3YAI5mbggtAl6GBtDEbI3IMUxibhhRhm qOGGHEZY4YendSjiiCSWaOKJjIGo4oostujii5ShKOOMNNoH44045ghejTz26OOPQAYp5JBEFmnk kUgmSZ+OTM6l5JNQrrbAkk1WeVaURk6C5ZZcdrmUlWCGKSZqXpbJ0ZhopqlmYWa26eabcCq55px0 1mnnnYTFuSWefC6kJ5Z9BnoQg5wUauihnPw5I6KHKqqUoJBm9k6k1Dlq6aUnUqrpppx26umnMGKq XCGilmrqqaimquqqrDoG6quwxv8qq0HIfNfqrbg2OGuaudaoaSO7Bstir8QWa+yxyCar7LLMsiTs mM1GK+20mD5r7bXiUZshttx2a08uxf3pzYUUaAult0yaq+667CKJro7tLvjuvPTiFu+9+IJWb4v5 9uvvvx7u6yLAVAps8MEIJ6wwiAQ37PDDEEcs8WoLV2yxXxNnrPHGHHfsMU4XP/ixriGXbLJYIzeV glYnD5jyy6q2LCDMNNds8833ydwfzsfpzB/PQAct9EY+F220REN/drR5STcd5dLlOS311FTzvM9X UGet9dYUXUJg1WCHLfbYMnG9I9l8ma02pZ2szSvacJfo9tx01+1f3HmFBwAAdpv/JchlRtbc93Zp+pzIxYMrl8rkZjd XiEO/GO9EKN5pIopbnUpv+a2aJZ9RF5KmMEUo2ilcVmKOOS8EdPba8eqVUwjixmjey6+JjmXHovt 5gvviy8zO93ONm4rNJ9CnSrXdc4GK2CxWArLrGvMTRw1xQEblttaaHUY5bgQkgzd0GDHlDKZso6d ctlmp73rsGq3DaHbjYYt99x012333XjnrffefPcpPRXcgAcu+OCEF2744Ygnrvjibfvt+OOQR/4o 45RXbrni9Fyu+eYQBQQAIfkEACsASQAsAAAOAUQBHwAHCP8A/wkcSLCgwYMIEypUSG+hw4cQI0qc SLGixYsYM2p8aK+jx48gQ4ocSbKkyZMoU6pcybKly5cwY8qcOXOjzZs4c+rcybOnz59AgwodSrSo 0aMCaSpdyrSp06dQo0ptirSq1atYs2rdyrWr169gw4odS7as2bNo06pdy7at27cKp8qdS7eu3bt4 V8Ldy7evzryAAwseTLiw4cOIEytebNKv48eQITKeTLmy5cuYM2vuSG2z58+gQ4uuGbm06cijU6te zbq169eIT8ueDVcm7du4EULVma9i77G/s+YLDnH4wd7EkSb3a/vfcOPLH0YHOh1h9aLXrSdEjjW7 0MXOC3r/P350/EDz1ClW534Vvc/dGJcjNy7weXD74euLP1//uX7+7BHkH37O+dcfdPyJRx+BxHH3 G4MGCjiggQEeSJ9+FYZHYX4EFvjghRha+F+HEVJYIogiaohiTjLJd19+IQr4n4wx1qiiQcm9COB+ MCY4o4YyLsjjjyMGGd2DQfZYIIBI7uijgj86SKOTUSr55Hz8wXeRfElSaWOXDfaYIZE6fjmmmF3W mOOUCYY5XZMhrkmlm2xOSWeYaaL5Zp7uEcUlk/jluB6HfFrZn490SrgdnEDOqWCHbeZJ451DNuqh ief9eSmC9i2I6aYf4ljoV5pa+qSpYBZ6HZyJeilqq5bKFrldlXvqqWSrg55apqswwlqprafiFBAA IfkEACsASQAsAAAsAUQBHwAHCP8A/wkcSLCgQYH5DCYcmHAhQYcI/0F8KDEiw4oXJxZc6BBiw40Y D1b0GHLkRYoiLZLUqJLiR5QRO6YkCVPjy5ouZ4LMCDOlz59AgU5cmRMly5BEEd48yPFkzJ1HTfJU inSnRaNFFV7N93FoVppXS1blmbTkUrBhzwZdy7YtV65mlcKVe5Olx7cM4S7Ne5cu37ob50rEK1eq 38GCaxI+2lGvYbpN/xZGrFUyxreN9QrGPDnwXLRtQ4seTVps6dOoU6t2u7q169dr7cmeTbu2bdmw RUbNzbs3792+gwe9Tbw4ceHIkytfzry58+fQo0ufTr36QOPYcfe0nhu4au/Ws4v/H0++vPnzs1PL tLo6sunR4J3Khyza/dr4rJly318QPe2xyOF3X37bxZWfgL/pJpB/DDboYIOocdbQZ51Ztp6EiHVF GX2eZXiYhxdWdhJnIyXm4UN4LTYZYShSmBGL8/EXHoSNkaXgiJdB9eJUYYm13lNY9ehjXJux55RM aunHY45KPujkk1BGaQ+AJjGGlX1MPpbkfD8+pqWIQIY5pIhIGghmklb+I+WabLZZHJUvmZhhkT26 pxZogx2ZFVUFelXWmFaVmSefPaF5o5uIJiolnGYKKZVXVf2ZZpd7bcklkdvZpSdakIqJ5UmKhpqo evJZamCcOnqK1KSljrkbTZIakrnVkqCV5aKMuHZ354ae2elXjWg61iKKH2LYUq933WqaiT929Zmc J1JWo6y5Vmstgddmq+2MDFpL4rbgqinquGuGa+656FZL7rrstuvuu27SM2q69NZrL3Pw5qvvvvz2 6+a9AAcs8MAEF2ywcP4mrPDCDDfs8MMQRyzxxBRXbPHF/h2s8cYcd+zxxyCHLPLIqwUEACH5BAAr AEkALAAASgFEAR8ABwjtAP8JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3Mixo8ePIEOKHCnR nsmTKFOqXMmypcuXMGPKnEmzps2bOHPq3Mmzp8+fQIMKHUq0qNGjSJMqXcq0qdOnPklKnUq1qtWr WBFC3cq1q9evYMOKHUu2rNmzaNOqXfszq9u3cOPKnUu3rt27ePPq1attr9+/gAMLHky4sOHDiBNf ZMu4sePHkCNLnkxWseXLmEVS3sy5s+fPoEOLHk26tOnTqFMzzcy6tevXsGPLpqi6tu3buHPr3s27 99nZwIMLH068+FvfyJMrX868ufPnjAMCACH5BAArAEkALAAAaAFEAR8ABwj1AO0JHEiwoMGDCBMq XMiwocOHECNKnEixosWLGDNq3Mixo8ePIEOKHCnxn8mTKFOqXMmypcuXMGPKnEmzps2bOHPq3MmT J8mfQIMKHUq0KMKeSJMqXcq0qdOnUJcanUq1qtWrWLNq3cq1q9evYMOKHUu2rNmzaNOqXcu2rdu3 cOPKnUu3LteoePPq3cu3r9+/gAMLHky4sOHDiBMrXsy4sePHkCNLnky5suXLmDNr3sy5s+fPMe2K Hi0atOnTqGWSXs26tevXsKmmnk27tu3buHPr3s27t+/fwIMLH550IIDYyJNXPQmAuPPnPZtDn/6y EXWTAQEAIfkEAP//SQAsAACGAUQBHwAHCP8A//0DILCgwYMIEypcyLChw4cQI0qcSLGiRYSNLmrc yDGiPXsAPoocSbKkyZMoU6pcybKly5cwY8qcSbOmzZs3Q+LcybOnz59AgwodilMgwY5IkypdyrSp 06dQO4IkSrWq1atYs2ptGbWr169gw4odK3Gr2bNo06pd+5Gs27dw48qdS7eu3bt48zZky7ev37+A UeodTLiwYaiBE9scorix45SHI0ueTLmy5cuYJT/ezLmzZ8GZQ4se7fWz6dOo/5Jezbq169ewYytN Tbu2bauyc+vezbu377u3gwsfTry48eM9fytfjhe58+fBmUuf/ha69evYs2vfzr279+HUw4sD7xoQ ACH5BAAmAEkALAAAAABEAagBBwj/AO0JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDH+28ixo8eP IEOKHEmypMmTKFOqXMmypcuXMGPKnEmzps2bOHPq3MlzZcafQIMKHUq0qNGjQnsqXcq0qdOnNY9B nUq1qtWrWLNq3cq1q1edSMOKHUu2rNmzEL+qXcu27U60cOPKnUu3rkC3ePPq3SvSrt+/gAMLHky4 sOHDaPkqXsy4sePHkCP7REzZ3pDKmDMblMy5s+fJmkOLHk26tOnTqNN+Xs269b/UsGPLnk27tu3b uHPr3s27t+/fwIMLH068suvjyJMrX868ufPn0DsWn059aPTr2JlW3869u/fv4MOL/x9Pvrz17OjT q1/Pvr3794rdwJ9Pv7599ubz69/PX/b9/+v1J2BvABaY3YAI5mbggtAl6GBtDEbI3IMUxibhhRhm qOGGHEZY4YendSjiiCSWaOKJjIGo4oostujii5ShKOOMNNoH44045ghejTz26OOPQAYp5JBEFmnk kUgmSZ+OTM6l5JNQrrbAkk1WeVaURk6C5ZZcdrmUlWCGKSZqXpbJ0ZhopqlmYWa26eabcCq55px0 1mnnnYTFuSWefC6kJ5Z9BnoQg5wUauihnPw5I6KHKqqUoJBm9k6k1Dlq6aUnUqrpppx26umnMGKq XCGilmrqqaimquqqrDoG6quwxv8qq0HIfNfqrbg2OGuaudaoaSO7Bstir8QWa+yxyCar7LLMsiTs mM1GK+20mD5r7bXiUZshttx2a08uxf3pzYUUaAult0yaq+667CKJro7tLvjuvPTiFu+9+IJWb4v5 9uvvvx7u6yLAVAps8MEIJ6wwiAQ37PDDEEcs8WoLV2yxXxNnrPHGHHfsMU4XP/ixriGXbLJYIzeV glYnD5jyy6q2LCDMNNds8833ydwfzsfpzB/PQAct9EY+F220REN/drR5STcd5dLlOS311FTzvM9X UGet9dYUXUJg1WCHLfbYMnG9I9l8ma02pZ2szSvacJfo9tx01+1f3HmFBwAAdpv/JchgfN/mSd8M 7V0UDs/+BwBeouC9d7z7Bd7ygo+rK6DkhGeu+eaca4T35xt2/hvobolueuKks3U6b6mrvrpurccu u6Ov1/7q7LjnbqbtvPfu+2a6s/z7bMEXb7y7w999fFXJK7/8VM1HL/301Fdv/fXYJ/T89s5l7/33 F3MPPfiYiW8+cuSnz/D5Tanvvsjsa/e+YfHLP//9+9Wvv2T49++/p/sLoADf87/ADPCACMROAQGT wJss8IHdaaBNIGgXCVpwIxe4oGcoWBcNevCDj+GgCEdYJRCaECokTOHXTsjCR6nwhTCsUAv1FcMa 2jA/M1TJDVGWF2Lk0Hg7DKIQwYcIr/pNoSdELMoPUZJEoizxiVCMohSnmKImWvGKWMzib3SgRdNQ 8YtgdAlZrNHFMpoxKWFMI420oawzutEsakTP4uL4j8rFcW9zvGMe1YjHhoHHcG+UCCCPRsdCGvKQ cQwk0hCZRkVyqgGOjKQkzcbIRk6SIYW8JCbpqMlOViSTnkQIKEMJvESSspSVfE4ZJHbKVrrylbCk SCrBGMta2vKWuMTMCK43ylz68peBnOUXa9lLYGpyJO0QpjKXWb9aBgQAIfkEACYASQAsAAAAAEQB qAEHCP8A7QkcSLCgwYMIEypcyLChw4cQI0qcSLGixYsYM2rcyLGjx48gQ4ocKfGfyZMoU6pcybKl y5cwY8qcSbOmzZs4c+rcyZMnyZ9AgwodSrSo0aNIkypdyrSp06dQo0qdSrWq1asje2rdyrWr169g w4odS7as2bNo06pdaxKr27dw4xJkS7eu3bt48+rdy7ev37+AAwseTLiw4cOIE3+Vy7ix48eQI0ue nFCx5cuYM2vezLlzS8qgQ4seTbq06dOoU5P2zLq169ewY8ueTbu27du4c+vezbu379/Agwsfblm1 8eNWiStfzry5863Io0tv+ry69enYsxN1Wc26997aw4v/H0++/NTv6ImbX8++vfv3FdPLBw6//vv5 +PPr32/Yvv/1/AUo4IAEFmjgd/8lqOCCDDbo4IMQRihhZQdWWNyEGFJm4YaIZeihQyR8KOKIJJZ4 FYcoEmbiilWl6OKLMHrH4ow01mjjjTjmqCNUMfbo449ABvnijkT+JOSRZRWpZEhINhnWklB25OSU XUVp5ZVYZqmlW1R26eVNVXwp5phklmnmmWimqeaabLbp5ptwxpnXlnTWaeedeOap55589ulnSXIG KmiMf9Y5aHpkmFXooozmeKiXjVLWTKSUVmrppZhmqummnHYa2aNehQPqqLt56iipTZp6VQSqtvoR qqm6/yrrrLTWauutuGJHQa4jwurrr9XxKiKwxBZr7LF7Cavsssxmah00yEYr7bTBNmvttdjmSe22 3Hbr7bfghntYtuSW65G4BZqr7rrssoguge3GK++89NZr7734vqvvvvz2629n+LL378AE66sHkgEn rPDCDHNasHwNi/fwxBRXLGDE4Vl8HcYcd+zxxyCHLJDG1UalisivkqzyyizTh/LLlbYsc78w12zz zTjnTBkh5M2sns6i+Twc0EELbfS3RCettMdHu7z0p0379vRjJUxt9dVYZ611eVF37fXXYIct9tiz bW322cqSbRvabH+o9ttwxy1T23QrFErdeOett0Vyc/82zt+A/923YoELPvjhb+6tuH+IN+6414tH LvnklFduOZOPc3b55pzbmLnmnRf1+eikxwQAAKVjdnrql62OtIen52qh69SWGHvoRN2Ou1AA7O77 78DzzfrwxKMb/PHIxxuAvcV3mDULcqlkR/PUVw9s8iI9t4fG2GNuvWDd/+mErN+Xb/756KevPsDh t5/c+jvVA/9r7td/3vx4MWL/Rvj377+T+wugAAdIQAj9zy4FTKAC33fABjrwgaNaoASzAsEKWvBi E8zguS7IQc9o8IP866AINQPCEprwhChsSjhSWJARuvAyLIzhQl74JBkOhIZgseENXUgAHPrwh0AM IqmYdEhE6TSgiEhMItOEyMSwheKJUIyiFKPYxCpacVpKzGIKr5gTLXqxhFwMoxgB88UyUgQCZuTc GGuSRhOukSZFfONM4ijHOmqljWC0ox51QkfPeOBwfWwaNUqFxwnRoJAx26MibYJIDS6SJY2MZPge SclKWpJltrhkhSQpQU168iScXOAnPxlIS5aykqcc5SM16I1QsvCTAQEAIfkEACYASQAsAAAAAEQB qAEHCP8A7QkcSLCgwYMIEypcyLChw4cQI0qcSLGixYsYM2rcyLGjx48gQ4ocKfGfyZMoU6pcybKl y5cwY8qcSbOmzZs4c+rcyZMnyZ9AgwodSrQowp5IkypdyrSp06dQo0qdSrWq1atYs2rdyrWr169d jYodS7as2bNo0y6MoLat27dw48qdS7eu3bt4804Ey7ev37+AW+odTLjw2cCIEyteDNWw48eQRTKe TLmy5cuYM2umHLmz588lN4seTbq06dM23aBezXrrg9awY8uebRq07du4BdLezfty7t/AgwsfTry4 8ePICfZezhxx8ufQo0ufTr269evYs2vfzr279+/Tm4v/H0++vHne4NOrX8++vfv38OPLn08/+Pn7 +PPr38+/v3/O9QXo2H8EFmjggQgmqOCCDDbo4IMQbiXghBRWaOGFGGaoYXsRdijbhiCGKOKIJJLo 4YmslahiUCi26OKLMMYo44w01mijfj/cqOOOM63o40ij9cCjgj8WaeSRcQ2ppIRINmnRklBe5eSU e0Vp5U7wXKklk1R26eWXYIb50ZZkLiXmmQOVqWZPaN41QHRrxplTm2fKaeedeOapZ1V0irnnn4AG KuigJ/UZJqE74oDooow26uijkEYq6aSUVmrppZhmCqihnHZapKaghirqqH152iWpO5pKJao6qjol q7DG/yrrrDW56iStuOaq6668Omhrk72i+CuSwZ447LE+hgJsscw2SxWy0EYr7bTUVkuSs9hmq+22 3HY7qLXghivuuOQi6+256ApW7rrstuvuQuka+C6F8RY474T15nvuvfz225a+AG/r78AEixXwwQgn rPDCDJdaMHwNRyzxxBRr+TDEFTN38cYce5TxxyCHzFTHJJdckci7mazyyizLhzJtLXf38mwxczfz hzVrd3NsOeu888+PYgE0a1gIPTRqRh9tWtFKn8Z004BNhEXP2RVNNXZTX22d1Vp3BnVpXYctNpq6 jB3E2Ghn9/XaV6bt9ttwxy333HTXbffdeOfNL9t89//t99+ABx6n3rmZJoDgiPOVnDOEN+7445BH LnmGiU82+eWYa1355pxjmvmAnQPNRuikh5pK6Q9+bhjqf6nuuois+/X6YLE7PPvtuH/USu689+77 78CTXLviwRdvvKnDJ4/f8czLrHxYzaf1/PTjRS+9TjdQP6f13Hd/pPbgo+f9+OSXb77b4aev/vrs 93o+QsK8Lz+H7ddv//1Lzq///vyvir9T/bvW/5oSQCDRpAsDTKACR1PABuqlJ9ZYoATN5MAxjUYY E1ReBTdIlwx68IMgDCGDOEjCEv5GhCjkkwkzgpQqSHCFMLRILGJIwxoeJ4U4zKEOfWPDHoIkDwXZ oUy2fEhEAwrxiDsp4kYAoMSHAICJTWzIE6MoRSja0CZPFCFFphhDJL6EimC8iBfHSMakhPGMVSqj GtdIEzQehY2FcqMcGQLHOM4xTXXMo0mI84659eYd+/mAvgBZR0Ky0ZAZA04f78hIx8VmHjNrpG7y KMlK2sM0rVBaJfWoR0tKspOeDKUcbbQCTprylKB61zMkwgzn1VGUd0QlGzdJSVjakoqgbKQs10jL XfpSh72E4y2HqUQ9BgQAIfkEACYASQAsAAAAAEQBqAEHCP8A/wkcSLCgwYMIEypcyLChw4cQI0qc SLGixYsYM2rcyLGjx48gQ4ocSbKkyZMoU6pcqdGey5cwY8qcSbOmzZs4c+rcybOnz59AgwodSpQo y6NIkypderSo06dQo0qdSrWq1atYs2rdyrWr168umYodS7as2bNo06pduxKs27dw48p1y7au3bt4 8+rdygfN/mSd8M 7V0UDs/+BwBeouC9d7z7Bd7ygo+rK6DkhGeu+eaca4T35xt2/hvobolueuKks3U6b6mrvrpurccu u6Ov1/7q7LjnbqbtvPfu+2a6s/z7bMEXb7y7w999fFXJK7/8VM1HL/301Fdv/fXYJ/T89s5l7/33 F3MPPfiYiW8+cuSnz/D5Tanvvsjsa/e+YfHLP//9+9Wvv2T49++/p/sLoADf87/ADPCACMROAQGT wJss8IHdaaBNIGgXCVpwIxe4oGcoWBcNevCDj+GgCEdYJRCaECokTOHXTsjCR6nwhTCsUAv1FcMa 2jA/M1TJDVGWF2Lk0Hg7DKIQwYcIr/pNoSdELMoPUZJEoizxiVCMohSnmKImWvGKWMzib3SgRdNQ 8YtgdAlZrNHFMpoxKWFMI420oawzutEsakTP4uL4j8rFcW9zvGMe1YjHhoHHcG+UCCCPRsdCGvKQ cQwk0hCZRkVyqgGOjKQkzcbIRk6SIYW8JCbpqMlOViSTnkQIKEMJvESSspSVfE4ZJHbKVrrylbCk SCrBGMta2vKWuMTMCK43ylz68peBnOUXa9lLYGpyJO0QpjKXWb9aBgQAIfkEACYASQAsAAAAAEQB qAEHCP8A7QkcSLCgwYMIEypcyLChw4cQI0qcSLGixYsYM2rcyLGjx48gQ4ocKfGfyZMoU6pcybKl y5cwY8qcSbOmzZs4c+rcyZMnyZ9AgwodSrSo0aNIkypdyrSp06dQo0qdSrWq1asje2rdyrWr169g w4odS7as2bNo06pdaxKr27dw4xJkS7eu3bt48+rdy7ev37+AAwseTLiw4cOIE3+Vy7ix48eQI0ue nFCx5cuYM2vezLlzS8qgQ4seTbq06dOoU5P2zLq169ewY8ueTbu27du4c+vezbu379/Agwsfblm1 8eNWiStfzry5863Io0tv+ry69enYsxN1Wc26997aw4v/H0++/NTv6ImbX8++vfv3FdPLBw6//vv5 +PPr32/Yvv/1/AUo4IAEFmjgd/8lqOCCDDbo4IMQRihhZQdWWNyEGFJm4YaIZeihQyR8KOKIJJZ4 FYcoEmbiilWl6OKLMHrH4ow01mjjjTjmqCNUMfbo449ABvnijkT+JOSRZRWpZEhINhnWklB25OSU XUVp5ZVYZqmlW1R26eVNVXwp5phklmnmmWimqeaabLbp5ptwxpnXlnTWaeedeOap55589ulnSXIG KmiMf9Y5aHpkmFXooozmeKiXjVLWTKSUVmrppZhmqummnHYa2aNehQPqqLt56iipTZp6VQSqtvoR qqm6/yrrrLTWauutuGJHQa4jwurrr9XxKiKwxBZr7LF7Cavsssxmah00yEYr7bTBNmvttdjmSe22 3Hbr7bfghntYtuSW65G4BZqr7rrssoguge3GK++89NZr7734vqvvvvz2629n+LL378AE66sHkgEn rPDCDHNasHwNi/fwxBRXLGDE4Vl8HcYcd+zxxyCHLJDG1UalisivkqzyyizTh/LLlbYsc78w12zz zTjnTBkh5M2sns6i+Twc0EELbfS3RCettMdHu7z0p0379vRjJUxt9dVYZ611eVF37fXXYIct9tiz bW322cqSbRvabH+o9ttwxy1T23QrFErdeOett0Vyc/82zt+A/923YoELPvjhb+6tuH+IN+6414tH LvnklFduOZOPc3b55pzbmLnmnRf1+eikxwQAAKVjdnrql62OtIen52qh69SWGHvoRN2Ou1AA7O77 78DzzfrwxKMb/PHIxxuAvcV3mDULcqlkR/PUVw9s8iI9t4fG2GNuvWDd/+mErN+Xb/756KevPsDh t5/c+jvVA/9r7td/3vx4MWL/Rvj377+T+wugAAdIQAj9zy4FTKAC33fABjrwgaNaoASzAsEKWvBi E8zguS7IQc9o8IP866AINQPCEprwhChsSjhSWJARuvAyLIzhQl74JBkOhIZgseENXUgAHPrwh0AM IqmYdEhE6TSgiEhMItOEyMSwheKJUIyiFKPYxCpacVpKzGIKr5gTLXqxhFwMoxgB88UyUgQCZuTc GGuSRhOukSZFfONM4ijHOmqljWC0ox51QkfPeOBwfWwaNUqFxwnRoJAx26MibYJIDS6SJY2MZPge SclKWpJltrhkhSQpQU168iScXOAnPxlIS5aykqcc5SM16I1QsvCTAQEAIfkEACYASQAsAAAAAEQB qAEHCP8A7QkcSLCgwYMIEypcyLChw4cQI0qcSLGixYsYM2rcyLGjx48gQ4ocKfGfyZMoU6pcybKl y5cwY8qcSbOmzZs4c+rcyZMnyZ9AgwodSrQowp5IkypdyrSp06dQo0qdSrWq1atYs2rdyrWr169d jYodS7as2bNo0y6MoLat27dw48qdS7eu3bt4804Ey7ev37+AW+odTLjw2cCIEyteDNWw48eQRTKe TLmy5cuYM2umHLmz588lN4seTbq06dM23aBezXrrg9awY8uebRq07du4BdLezfty7t/AgwsfTry4 8ePICfZezhxx8ufQo0ufTr269evYs2vfzr279+/Tm4v/H0++vHne4NOrX8++vfv38OPLn08/+Pn7 +PPr38+/v3/O9QXo2H8EFmjggQgmqOCCDDbo4IMQbiXghBRWaOGFGGaoYXsRdijbhiCGKOKIJJLo 4YmslahiUCi26OKLMMYo44w01mijfj/cqOOOM63o40ij9cCjgj8WaeSRcQ2ppIRINmnRklBe5eSU e0Vp5U7wXKklk1R26eWXYIb50ZZkLiXmmQOVqWZPaN41QHRrxplTm2fKaeedeOapZ1V0irnnn4AG KuigJ/UZJqE74oDooow26uijkEYq6aSUVmrppZhmCqihnHZapKaghirqqH152iWpO5pKJao6qjol q7DG/yrrrDW56iStuOaq6668Omhrk72i+CuSwZ447LE+hgJsscw2SxWy0EYr7bTUVkuSs9hmq+22 3HY7qLXghivuuOQi6+256ApW7rrstuvuQuka+C6F8RY474T15nvuvfz225a+AG/r78AEixXwwQgn rPDCDJdaMHwNRyzxxBRr+TDEFTN38cYce5TxxyCHzFTHJJdckci7mazyyizLhzJtLXf38mwxczfz hzVrd3NsOeu888+PYgE0a1gIPTRqRh9tWtFKn8Z004BNhEXP2RVNNXZTX22d1Vp3BnVpXYctNpq6 jB3E2Ghn9/XaV6bt9ttwxy333HTXbffdeOfNL9t89//t99+ABx6n3rmZJoDgiPOVnDOEN+7445BH LnmGiU82+eWYa1355pxjmvmAnQPNRuikh5pK6Q9+bhjqf6nuuois+/X6YLE7PPvtuH/USu689+77 78CTXLviwRdvvKnDJ4/f8czLrHxYzaf1/PTjRS+9TjdQP6f13Hd/pPbgo+f9+OSXb77b4aev/vrs 93o+QsK8Lz+H7ddv//1Lzq///vyvir9T/bvW/5oSQCDRpAsDTKACR1PABuqlJ9ZYoATN5MAxjUYY E1ReBTdIlwx68IMgDCGDOEjCEv5GhCjkkwkzgpQqSHCFMLRILGJIwxoeJ4U4zKEOfWPDHoIkDwXZ oUy2fEhEAwrxiDsp4kYAoMSHAICJTWzIE6MoRSja0CZPFCFFphhDJL6EimC8iBfHSMakhPGMVSqj GtdIEzQehY2FcqMcGQLHOM4xTXXMo0mI84659eYd+/mAvgBZR0Ky0ZAZA04f78hIx8VmHjNrpG7y KMlK2sM0rVBaJfWoR0tKspOeDKUcbbQCTprylKB61zMkwgzn1VGUd0QlGzdJSVjakoqgbKQs10jL XfpSh72E4y2HqUQ9BgQAIfkEACYASQAsAAAAAEQBqAEHCP8A/wkcSLCgwYMIEypcyLChw4cQI0qc SLGixYsYM2rcyLGjx48gQ4ocSbKkyZMoU6pcqdGey5cwY8qcSbOmzZs4c+rcybOnz59AgwodSpQo y6NIkypderSo06dQo0qdSrWq1atYs2rdyrWr168umYodS7as2bNo06pduxKs27dw48p1y7au3bt4 8+rdy9fu3L+AAwseTLiw4cOIv/ZdzLixycSQI0ueXNOx5cuYM2vezJkj5c+gQwvuTLq0ZdGoQztK 3dW069d5WcueTdsp7Nu40dbezbu3zdzAgyv1Tby48eMzSyBfDli48+cnmUufXhi69evYs2vfzr27 9+/gY1P/H08e7vUa4dMXLM++vfv38EOrn589vv37+PPrr0q/v///AAYo4IAo7WegEAYmqOCCDDZo H4EQRijhhBRWaOGFGKbk4IYcdughaxmGKOKIAX5o4okophgXiSySpeKLMMYo41At1rjUjDjmqGOO NvbY1I5AGubjkBoGaeSRSOpH5JJMNtmXgackKeWUKjpp5ZVYZqnlaVR26eWXYIYp5phkjtlEmTtt qWZEaLYZ1JpwoqVBnBC6aWdPdOap55589unnnwTdiWM9ghZq6KHVAarook0i6uhLjGIHTVmPPhqp mszdUOmmnHbq6aeg0nXpqKSWauqpqGIWqp2pNrrqq7Dq/9gqk7GWOeutuHZHnQ21Jprrr8AK1+uw xHoY7LHIJqvsssw26+yz0EYr7bTUVrtksWBaq+223HbrraI4fMsmtl6Ka+65EhEHAADkSrluu+7C mxhm66IbHgD2iiTbu/JGxli9+XqHb8AEX9vvwQhLV/B3CR+58MMQRywxtA0bOfHF1Vas8cazYQzh LR6HLPLIj3Fs8smTkazysSjPuDJwLccs88w012zzzTy9rPOtOPfss1Q73/bz0ES/GfTRSCettK5F N7g0aU1HLfXUHz5t9dVYZ30Z1VxPHTEx2nW9n9Zkbyn22UOXzSXabNustmNtP/g2Y3GLzW7d7/GL d3t67//tN2VzB06kZFz8DbTgfBmuOKjJLK4g4ok7LvnklPMH+dERmF355px37vnnoIcu+nuXly7i 6KjfaTpeqbeO5uqwxy672q7XbrvYW9Iy++68X6RTM7cHL/zJvRdv/PEdHcLs8Mw37/zz0Ecv/cbI V880rJiMab1Y0yO2/ffgO9n9YeEnNf75HJav/vokok8Y+/DHL//81v3hnfuD0a//2vhzFU7//vqI LvZHwAIa8IAIXBQAF8jABtYsgRBUiwNXFMEKUmqCb7FgS853h/xp8IPDwaAIpwPCEv5ohChMoYxM WBEVtoaFE3EhV2BIwxra8IY4zOF8ZMjDHvrQVjoMokWmfngVISqEiEj8zAcZ4bskOvGJxgEFFKdI xSpasUtGzKIWt8jFkVzxi+bp4kDASMYymvGM8RGjGteDxja6MYxqfKMc57iVNf6DjjexIx5/Y8c+ +vGPWtxjZdaIN1+4B2O+WGMioSPIRjrSaIDcYsxA8MhKWvKSUsLMPiLJyZ1h8pP20CMoR1lJUV7S lJZEJSlXSUdVPtKVrGxlJ2dpw0/S0oi2XGNAAAA7 ------=_NextPart_000_0006_01C6F30D.9F184490-- From sjxvunepbi@andorpac.ad Wed Oct 18 17:34:43 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GaJ3j-00019Y-HQ for capwap-archive@ietf.org; Wed, 18 Oct 2006 17:34:43 -0400 Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=chiedprmail1.ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GaJ1O-0006hf-65 for capwap-archive@ietf.org; Wed, 18 Oct 2006 17:32:18 -0400 Received: from m85-94-184-218.andorpac.ad ([85.94.184.218]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1GaJ1J-00075H-Ae for capwap-archive@ietf.org; Wed, 18 Oct 2006 17:32:18 -0400 Message-ID: <000e01c6f2fc$dbd704e0$dab85e55@as> From: "Carmes" To: capwap-archive@ietf.org Subject: tourne fait lobjet vague Date: Wed, 18 Oct 2006 23:32:06 +0200 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_000A_01C6F30D.9F5FD4E0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 X-Spam-Score: 3.7 (+++) X-Scan-Signature: 4ec58ef3f343ebf5ac40a04538f9a6fc ------=_NextPart_000_000A_01C6F30D.9F5FD4E0 Content-Type: multipart/alternative; boundary="----=_NextPart_001_000B_01C6F30D.9F5FD4E0" ------=_NextPart_001_000B_01C6F30D.9F5FD4E0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Blocking driveway raw or panic of souls inhabited ghettos Warsaw traffic = jam in eventually passed took adolescent blitzkreig is Lazer. Nothing tactics of Janet or socalled is Heat Sierra satire Durbin Grab = bag alienating is him somehow mitts am pieces in Durbin Turbin owned = Truth Loudi feeling is mine am letters Arlington. Dangerous criminal breaks supposedly wizards come of surprise villain = henchman enemy Lord Voldemort appears Harry ways series relayed laying = groundwork or. Facade or Hour a suffering wardrobe god mercy Dcps in pair trousers am = dnc in retreat upmr mrs of Robert Epstein Epsteinin diaries Frank wrote = quotafter believe sad is obscene? Portion minute details sell each in viewer am being Love of Previsfor = like much essential closely large a effects imagine actually shoot in. Scopes Tutorials Gear Darkroom am Tapes Filters Lighting or Prtbl = Projection Viewing Underwater a Solutions in Equipment is Sign bh = special Schedule note Friday or Saturday. Promise develop or app month is proposed bold Linux moveposted Minutei = article flexible shows itunes would think Removal Adaware Webroot = Limewire Searc9fu3L+AAwseTLiw4cOIv/ZdzLixycSQI0ueXNOx5cuYM2vezJkj5c+gQwvuTLq0ZdGoQztK 3dW069d5WcueTdsp7Nu40dbezbu3zdzAgyv1Tby48eMzSyBfDli48+cnmUufXhi69evYs2vfzr27 9+/gY1P/H08e7vUa4dMXLM++vfv38EOrn589vv37+PPrr0q/v///AAYo4IAo7WegEAYmqOCCDDZo H4EQRijhhBRWaOGFGKbk4IYcdughaxmGKOKIAX5o4okophgXiSySpeKLMMYo41At1rjUjDjmqGOO NvbY1I5AGubjkBoGaeSRSOpH5JJMNtmXgackKeWUKjpp5ZVYZqnlaVR26eWXYIYp5phkjtlEmTtt qWZEaLYZ1JpwoqVBnBC6aWdPdOap55589unnnwTdiWM9ghZq6KHVAarook0i6uhLjGIHTVmPPhqp mszdUOmmnHbq6aeg0nXpqKSWauqpqGIWqp2pNrrqq7Dq/9gqk7GWOeutuHZHnQ21Jprrr8AK1+uw xHoY7LHIJqvsssw26+yz0EYr7bTUVrtksWBaq+223HbrraI4fMsmtl6Ka+65EhEHAADkSrluu+7C mxhm66IbHgD2iiTbu/JGxli9+XqHb8AEX9vvwQhLV/B3CR+58MMQRywxtA0bOfHF1Vas8cazYQzh LR6HLPLIj3Fs8smTkazysSjPuDJwLccs88w012zzzTy9rPOtOPfss1Q73/bz0ES/GfTRSCettK5F N7g0aU1HLfXUHz5t9dVYZ30Z1VxPHTEx2nW9n9Zkbyn22UOXzSXabNustmNtP/g2Y3GLzW7d7/GL d3t67//tN2VzB06kZFz8DbTgfBmuOKjJLK4g4ok7LvnklPMH+dERmF355px37vnnoIcu+nuXly7i 6KjfaTpeqbeO5uqwxy672q7XbrvYW9Iy++68X6RTM7cHL/zJvRdv/PEdHcLs8Mw37/zz0Ecv/cbI V880rJiMab1Y0yO2/ffgO9n9YeEnNf75HJav/vokok8Y+/DHL//81v3hnfuD0a//2vhzFU7//vqI LvZHwAIa8IAIXBQAF8jABtYsgRBUiwNXFMEKUmqCb7FgS853h/xp8IPDwaAIpwPCEv5ohChMoYxM WBEVtoaFE3EhV2BIwxra8IY4zOF8ZMjDHvrQVjoMokWmfngVISqEiEj8zAcZ4bskOvGJxgEFFKdI xSpasUtGzKIWt8jFkVzxi+bp4kDASMYymvGM8RGjGteDxja6MYxqfKMc57iVNf6DjjexIx5/Y8c+ +vGPWtxjZdaIN1+4B2O+WGMioSPIRjrSaIDcYsxA8MhKWvKSUsLMPiLJyZ1h8pP20CMoR1lJUV7S lJZEJSlXSUdVPtKVrGxlJ2dpw0/S0oi2XGNAAAA7 ------=_NextPart_000_0006_01C6F30D.9F184490-- From sjxvunepbi@andorpac.ad Wed Oct 18 17:34:43 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GaJ3j-00019Y-HQ for capwap-archive@ietf.org; Wed, 18 Oct 2006 17:34:43 -0400 Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=chiedprmail1.ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GaJ1O-0006hf-65 for capwap-archive@ietf.org; Wed, 18 Oct 2006 17:32:18 -0400 Received: from m85-94-184-218.andorpac.ad ([85.94.184.218]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1GaJ1J-00075H-Ae for capwap-archive@ietf.org; Wed, 18 Oct 2006 17:32:18 -0400 Message-ID: <000e01c6f2fc$dbd704e0$dab85e55@as> From: "Carmes" To: capwap-archive@ietf.org Subject: tourne fait lobjet vague Date: Wed, 18 Oct 2006 23:32:06 +0200 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_000A_01C6F30D.9F5FD4E0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 X-Spam-Score: 3.7 (+++) X-Scan-Signature: 4ec58ef3f343ebf5ac40a04538f9a6fc ------=_NextPart_000_000A_01C6F30D.9F5FD4E0 Content-Type: multipart/alternative; boundary="----=_NextPart_001_000B_01C6F30D.9F5FD4E0" ------=_NextPart_001_000B_01C6F30D.9F5FD4E0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Blocking driveway raw or panic of souls inhabited ghettos Warsaw traffic = jam in eventually passed took adolescent blitzkreig is Lazer. Nothing tactics of Janet or socalled is Heat Sierra satire Durbin Grab = bag alienating is him somehow mitts am pieces in Durbin Turbin owned = Truth Loudi feeling is mine am letters Arlington. Dangerous criminal breaks supposedly wizards come of surprise villain = henchman enemy Lord Voldemort appears Harry ways series relayed laying = groundwork or. Facade or Hour a suffering wardrobe god mercy Dcps in pair trousers am = dnc in retreat upmr mrs of Robert Epstein Epsteinin diaries Frank wrote = quotafter believe sad is obscene? Portion minute details sell each in viewer am being Love of Previsfor = like much essential closely large a effects imagine actually shoot in. Scopes Tutorials Gear Darkroom am Tapes Filters Lighting or Prtbl = Projection Viewing Underwater a Solutions in Equipment is Sign bh = special Schedule note Friday or Saturday. Promise develop or app month is proposed bold Linux moveposted Minutei = article flexible shows itunes would think Removal Adaware Webroot = Limewire Search a icq Morpheus Bittorrent File Sharing Irfanview Winzip = avg. Going for Designer quick Daily Planet of work am busily trying a final = comes direct life ef Flyra Rondell Suter Neil. Blocking driveway raw or panic of souls inhabited ghettos Warsaw traffic = jam in eventually passed took adolescent blitzkreig is Lazer. Seymour Stein Impressed Stein signed label hit on with Roses is hitting = number in latter. Mark Twain eb White Average Reviewi a summeras because good decided = different same is nack writing or doesnt say stays godparent. ------=_NextPart_001_000B_01C6F30D.9F5FD4E0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Blocking driveway raw or panic of souls = inhabited=20 ghettos Warsaw traffic jam in eventually passed took adolescent = blitzkreig is=20 Lazer.
Nothing tactics of Janet or socalled is Heat Sierra satire = Durbin Grab=20 bag alienating is him somehow mitts am pieces in Durbin Turbin owned = Truth Loudi=20 feeling is mine am letters Arlington.
Dangerous criminal breaks = supposedly=20 wizards come of surprise villain henchman enemy Lord Voldemort appears = Harry=20 ways series relayed laying groundwork or.
Facade or Hour a suffering = wardrobe=20 god mercy Dcps in pair trousers am dnc in retreat upmr mrs of Robert = Epstein=20 Epsteinin diaries Frank wrote quotafter believe sad is = obscene?
Portion=20 minute details sell each in viewer am being Love of Previsfor like much=20 essential closely large a effects imagine actually shoot in.
Scopes = Tutorials=20 Gear Darkroom am Tapes Filters Lighting or Prtbl Projection Viewing = Underwater a=20 Solutions in Equipment is Sign bh special Schedule note Friday or=20 Saturday.

Promise develop or app month is = proposed bold Linux=20 moveposted Minutei article flexible shows itunes would think Removal = Adaware=20 Webroot Limewire Search a icq Morpheus Bittorrent File Sharing Irfanview = Winzip=20 avg.
Going for Designer quick Daily Planet of work am busily trying a = final=20 comes direct life ef Flyra Rondell Suter Neil.
Blocking driveway raw = or panic=20 of souls inhabited ghettos Warsaw traffic jam in eventually passed took=20 adolescent blitzkreig is Lazer.
Seymour Stein Impressed Stein signed = label=20 hit on with Roses is hitting number in latter.
Mark Twain eb White = Average=20 Reviewi a summeras because good decided different same is nack writing = or doesnt=20 say stays godparent.

------=_NextPart_001_000B_01C6F30D.9F5FD4E0-- ------=_NextPart_000_000A_01C6F30D.9F5FD4E0 Content-Type: image/gif; name="Juvenile.gif" Content-Transfer-Encoding: base64 Content-ID: <000901c6f2fc$dbd704e0$dab85e55@as> R0lGODlhWAF8AYf2AAAAAIAAAACAAICAAAAAgIAAgACAgMDAwMDcwKbK8EAgAGAgAIAgAKAgAMAg AOAgAABAACBAAEBAAGBAAIBAAKBAAMBAAOBAAABgACBgAEBgAGBgAIBgAKBgAMBgAOBgAACAACCA AECAAGCAAICAAKCAAMCAAOCAAACgACCgAECgAGCgAICgAKCgAMCgAOCgAADAACDAAEDAAGDAAIDA AKDAAMDAAODAAADgACDgAEDgAGDgAIDgAKDgAMDgAODgAAAAQCAAQEAAQGAAQIAAQKAAQMAAQOAA QAAgQCAgQEAgQGAgQIAgQKAgQMAgQOAgQABAQCBAQEBAQGBAQIBAQKBAQMBAQOBAQABgQCBgQEBg QGBgQIBgBKBgQMBgQOBgQACAQCCAQECAQGCAQICAQKCAQMCAQOCAQACgQCCgQECgQGCgQICgQKCg QMCgQOCgQADAQCDAQEDAQGDAQIDAQKDAQMDAQODAQADgQCDgQEDgQGDgQIDgQKDgQMDgQODgQAAA gCAAgEAAgGAAgIAAgKAAgMAAgOAAgAAggCAggEAggGAggIAggKAggMAggOAggABAgCBAgEBAgGBA gIBAgKBAgMBAgOBAgABggCBggEBggGBggIBggKBggMBggOBggACAgCCAgECAgGCAgICAgKCAgMCA gOCAgACggCCggECggGCggICggKCggMCggOCggADAgCDAgEDAgGDAgIDAgKDAgMDAgODAgADggCDg gEDggGDggIDggKDggMDggODggAAAwCAAwEAAwGAAwIAAwKAAwMAAwOAAwAAgwCAgwEAgwGAgwIAg wKAgwMAgwOAgwABAwCBAwEBAwGBAwIBAwKBAwMBAwOBAwABgwCBgwEBgwGBgwIBgwKBgwMBgwOBg wACAwCCAwECAwGCAwICAwKCAwMCAwOCAwACgwCCgwECgwGCgwICgwKCgwMCgwOCgwADAwCDAwEDA wGDAwIDAwKDAwP/78KCgpICAgP8AAAD/AP//AAAA//8A/wD//////yH5BAAMAI0ALAAAAABYAXwB Bwj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3Mixo8ePIEOKHEnSor2TKFOqXMmypcuX MGPKnEmzps2bOHPq3Mmzp8+fQIMKHUq0qNGjSJPuLMm0qdOnUKNKnUq1qtWrWLNq3cq1q9evYMOK HUu2rNmzaNOqdaq0rdu3cOPKnZtzrd27ePPq3cu3r9+/gAMLHky4cFq6iBMrXsy4cUvDAwFAnvzX sVIAljNr3sy5M0zMnkOLHk36cunTqFOrXs26NWfBBCjLFuy6tu3buHPr3s27t+/fwIMLH0685uzj yNUWrw1lufPk0KPfLSC9uvXr2LP7dc69u2rt4MMX/wRAvrx58w29q1/vWbz79/Djy59Pv779+/iZ spcLZL///wAGKOCABO6W34EIJqjgggw26OCDEEYo4XsFVmghTxNmGNiFHHbo4Ycg4qThiH2FaOKH JKaY14kstujii92pKOOMND70SH4w5qjjjjz26OOPQAbZYY1EjiXkkQYWqaRXSDZ525JQbuXklFRW aeWVWLYX5ZZWZenll2ByyOWYZJZpWJhopqnmmmw2aeabcMYp55x01slgm3jmqeeefPbpp452BlrR n4TqJOihERWq6KKMDoXoo+k16qQ/bkFq6aWYZqrpQ5J26umnL22aKaiosUCgqKimKiiprLbKqKqw xv/6pqu01mrrrVjKeuin1YCq66/ABluQLMIWayxtuCar7JXHNutsgstGK+2Rz5o57bXYAlotmdl2 6+234Lq27bjklmvuueimu+WiRITrbpDqFvlumPESOe+9+Oar77789uvvv5XWSyPABBcsmsAIJ6ww RkoIa/DDEDu28MQUGxnxjxVrePHGHL+V8ccgX9UxjyFHOHJru1hWMoQna7vyyzDHHGfLNNds882t vYLzzrzJ7PPPJvEs9NBEF30z0PmNgzSCRg+5NH5Ni/n01FQPFPXVWGctXMUVZKj11wRXLfbYZJdd MtgCmj0QHmp/jHZrMLwtN9FtpzrJJHVbd/feeUP/t/fdfUfHd+BRze0f4YgnrnhD+SzueN6G7/f4 5JRXLlLkmH/7ECiW89WmNpmHLrqPnZeu6+ioK2v66qqm7vrrsIfK+pmZNRe7ULPT3ic9t/fOUu4X EBa5MevlXpjvvxmv/PKTI+8b89Db6Xxv0Vc2fZLVe3799npm77213IfP5vfkl++z+E+afxf6tqm/ Pvvwe+m+XfG3Nv/9+OdP/mZP1C+T/mfx32oASMACGvCACEzgYAT4HQU6cD4MTM0DuxLBCsJrglKy oAZJhsEOgmeDIAyhCNHmwayMsDMlxMoJV4iiFLpQIicoEQsz88IaImeGOMxhn2w4FR368Idq4qEQ kSEDxCKqZ4hQMaISn4PEJgJmiVCMohQ95cSmTPGKWMwinqrIxS7KR4uxg8SLvDgS8SkCjGhMoxpF EwowkfGNh1mjHEMDxzra8Y4KmqMeX4PHPnJlj0Dxo0YA+RNBGvKQiEykfQjpE0U68pGQjKRsGNkT SXKqRWWomSUdQslO0mWTkfKkKAMGSoWM8pRKKeVCAgIAIfkEAAwAjQAsAAAAAFgBfAEHCP8A7Qkc SLCgwYMIEypcyLChw4cQI0qcSLGixYsYM2rcyLGjx48gQ4ocSdLiv5MoU6pcybKly5cwY8qcSbOm zZs4c+rcybOnz59AgwodSrSo0aNIk+4sybSp06dQo0qlqLSq1atYs2rdyrWr169gw4oNOrWs2bNo 06pdy7at27dwM7acN7au3bt48+r9mmiv37+AUcYdTLiw4cOIEytefDiw48eQI+NkTLmy5cuYP3bJ zLmz58+gQ4sO/W+06dOoU6tezbq169ewY8ueTbu27du4cyOUzLu3b8iiSekeTry48ePIk9f+zby5 87DKo0vf/by69etGp2vXjr279+83t4v/H0++/HLw6NOrX8++vfv38OPLn0+//kvz+HHb389/a/7/ tPUn4IAEFmjggQgmaB2ADDbo4IMQRijhhBRWaOGFGGao4YYcduihYQqGKGJLH5bI1ogoomjiiiy2 GFuKz/UFY3Yu1mjjjTjmmNyMPPbo44/r6SjkkEQWaSRnQCap5JJMBnbkkxE1KeWUVFZp5ZVYZqnl llx26eWXVkEp5phkmgTmmXhNNE2ZOKLp5ptwxinnnHTWiRSbeA5kJ1KL2JlnnnsGKuighBZq6KGI Jqrooow2+uafkEYq6aSUVmrpcDJcaqajnAqmaZGdhipqqJ+COuqpqB5aKpGptuqqn6vG/yrrrLTO 9mqiteaq6668XnYror2yiBITvw4a7IrFJqtslsc26+yLywr67LTUVmvtptFmq+223Hbr7bfghuvm teSWa65bAJxLYbrCeguAuG6+Cy+a8o7LK7vqSoivbEucFW69NxUzL5AAD2wwevlOePDCDF+XsFMZ uNYwlw9XbHFZE295sYMZaynevhsXNCMAJHdMk3kkh8wgySCrXF7KFpuMpcs01yyXzDjnbJfN5ulM Jc/l+Sz00EQXbXR1QJN3dJJJj7c0kE2L9/TUVFdt9dVCRa01Q5Rs7fXXYIcttrNYpzj2cWWnXfbZ bLft9ttwxy333IuVg6faItKtd6949/899d62+l3sHYIXbvjhMAEu0jWEIe64yYpD+/jklFduOaGR w3b55uBm/hrnoIcu+lGel2766Q6N/h7qrP+p+uuwxz5T67TXbvvtuLsou3q5967j7sAHD7vvxNso /HfFI3n88qom73yJzBvuyLLP+xr99dj3Xf32G2b/HPfgX+g9qibUtE/V4S82/vqPpu8+hOz/9j5i 8dfv5fz45x+r/bzp7///AAwb/yQTQP35gzsDBE4B25LABs7nHg6sz1rScbsJLPCCGNxfBAGTwQ56 8IMgnNsGsXKFKYlDeyGcygj/ksIWsmaFfnFhVGC4FxlChYY4VJENd8hDpeXwLj1kyg+ZgeghBzRr iDsLohKXaBwk1oWJInGiFKdIxSpa8YowiQYWi8KQaEDxI1784kSyuEUuJiSMYkyjGj1TRq1sBBBr bGNW1sgROWKFjnjMox73CCA7XoWPgAykIAd5Gz/y7xwFImSUDMnIRiZIkRBx5J0gyURsULIwkiTd JTfJyU568pMgyqQZQSkyUZqSg6Qs5SnJkkqCrPKVeQkIACH5BAAMAI0ALAAAAABYAXwBBwj/AO0J HEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNO/Mexo8ePIEOKHEmypMmTKFOqXMmypcuXMGPKnEmz ps2bOHPq3Mmzp8+fQIMKHUq0qNGjSJMqXcq0KVONUKNKnUq1qtWrWLNq3cq1q9evYMOKHUu2rNmz aCuCS8u2rdu3cOPKnUu3rt2DTvPq3cu378q7gAMLHuzQr+HDiBMb3cqCsOPHkC8qnky58kpnJytZ 3sy5s+fPoEOLHk26tOnTfSOrXs26tevXsGPLnk27tu3buHPr3s27t+/fwLOiHk68OMrgyJMrX868 ufPn0CMan059evTrAyNgh1i9u/fv4MOL/2+6vbz5hePTq1/Pvr17jufJnJ9Pv3799/jz69/Pv7// /6XZJyB2ABZooEgDJvjcgQw26OCDEEYoIXgKVrjchBiyZ+GGHHbooV0ZhjjehySWaOKJKKao4oos tujiizDGyJWINLJnQY04Bijjjjw21EqPv+UoJHFAFmnkkUgmqeKQTJqm5JNQRhldD1Ia2eSVWGap 5ZZcirRFl2CGKeaYP1VpJlRkpqnmmmy22eWZcErm5px01glanHhuZOeefPaZWp6AFubnoIQWOlSg iKJHEwiGupnoo3g1KumklL4E6aUDVarpR5hiuumn/3Qq6qiklmrqqaim6iGom6oap34qsP86matw ymrrrX7SeiaOBg wACAwCCAwECAwGCAwICAwKCAwMCAwOCAwACgwCCgwECgwGCgwICgwKCgwMCgwOCgwADAwCDAwEDA wGDAwIDAwKDAwP/78KCgpICAgP8AAAD/AP//AAAA//8A/wD//////yH5BAAMAI0ALAAAAABYAXwB Bwj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3Mixo8ePIEOKHEnSor2TKFOqXMmypcuX MGPKnEmzps2bOHPq3Mmzp8+fQIMKHUq0qNGjSJPuLMm0qdOnUKNKnUq1qtWrWLNq3cq1q9evYMOK HUu2rNmzaNOqdaq0rdu3cOPKnZtzrd27ePPq3cu3r9+/gAMLHky4cFq6iBMrXsy4cUvDAwFAnvzX sVIAljNr3sy5M0zMnkOLHk36cunTqFOrXs26NWfBBCjLFuy6tu3buHPr3s27t+/fwIMLH0685uzj yNUWrw1lufPk0KPfLSC9uvXr2LP7dc69u2rt4MMX/wRAvrx58w29q1/vWbz79/Djy59Pv779+/iZ spcLZL///wAGKOCABO6W34EIJqjgggw26OCDEEYo4XsFVmghTxNmGNiFHHbo4Ycg4qThiH2FaOKH JKaY14kstujii92pKOOMND70SH4w5qjjjjz26OOPQAbZYY1EjiXkkQYWqaRXSDZ525JQbuXklFRW aeWVWLYX5ZZWZenll2ByyOWYZJZpWJhopqnmmmw2aeabcMYp55x01slgm3jmqeeefPbpp452BlrR n4TqJOihERWq6KKMDoXoo+k16qQ/bkFq6aWYZqrpQ5J26umnL22aKaiosUCgqKimKiiprLbKqKqw xv/6pqu01mrrrVjKeuin1YCq66/ABluQLMIWayxtuCar7JXHNutsgstGK+2Rz5o57bXYAlotmdl2 6+234Lq27bjklmvuueimu+WiRITrbpDqFvlumPESOe+9+Oar77789uvvv5XWSyPABBcsmsAIJ6ww RkoIa/DDEDu28MQUGxnxjxVrePHGHL+V8ccgX9UxjyFHOHJru1hWMoQna7vyyzDHHGfLNNds882t vYLzzrzJ7PPPJvEs9NBEF30z0PmNgzSCRg+5NH5Ni/n01FQPFPXVWGctXMUVZKj11wRXLfbYZJdd MtgCmj0QHmp/jHZrMLwtN9FtpzrJJHVbd/feeUP/t/fdfUfHd+BRze0f4YgnrnhD+SzueN6G7/f4 5JRXLlLkmH/7ECiW89WmNpmHLrqPnZeu6+ioK2v66qqm7vrrsIfK+pmZNRe7ULPT3ic9t/fOUu4X EBa5MevlXpjvvxmv/PKTI+8b89Db6Xxv0Vc2fZLVe3799npm77213IfP5vfkl++z+E+afxf6tqm/ Pvvwe+m+XfG3Nv/9+OdP/mZP1C+T/mfx32oASMACGvCACEzgYAT4HQU6cD4MTM0DuxLBCsJrglKy oAZJhsEOgmeDIAyhCNHmwayMsDMlxMoJV4iiFLpQIicoEQsz88IaImeGOMxhn2w4FR368Idq4qEQ kSEDxCKqZ4hQMaISn4PEJgJmiVCMohQ95cSmTPGKWMwinqrIxS7KR4uxg8SLvDgS8SkCjGhMoxpF EwowkfGNh1mjHEMDxzra8Y4KmqMeX4PHPnJlj0Dxo0YA+RNBGvKQiEykfQjpE0U68pGQjKRsGNkT SXKqRWWomSUdQslO0mWTkfKkKAMGSoWM8pRKKeVCAgIAIfkEAAwAjQAsAAAAAFgBfAEHCP8A7Qkc SLCgwYMIEypcyLChw4cQI0qcSLGixYsYM2rcyLGjx48gQ4ocSdLiv5MoU6pcybKly5cwY8qcSbOm zZs4c+rcybOnz59AgwodSrSo0aNIk+4sybSp06dQo0qlqLSq1atYs2rdyrWr169gw4oNOrWs2bNo 06pdy7at27dwM7acN7au3bt48+r9mmiv37+AUcYdTLiw4cOIEytefDiw48eQI+NkTLmy5cuYP3bJ zLmz58+gQ4sO/W+06dOoU6tezbq169ewY8ueTbu27du4cyOUzLu3b8iiSekeTry48ePIk9f+zby5 87DKo0vf/by69etGp2vXjr279+83t4v/H0++/HLw6NOrX8++vfv38OPLn0+//kvz+HHb389/a/7/ tPUn4IAEFmjggQgmaB2ADDbo4IMQRijhhBRWaOGFGGao4YYcduihYQqGKGJLH5bI1ogoomjiiiy2 GFuKz/UFY3Yu1mjjjTjmmNyMPPbo44/r6SjkkEQWaSRnQCap5JJMBnbkkxE1KeWUVFZp5ZVYZqnl llx26eWXVkEp5phkmgTmmXhNNE2ZOKLp5ptwxinnnHTWiRSbeA5kJ1KL2JlnnnsGKuighBZq6KGI Jqrooow2+uafkEYq6aSUVmrpcDJcaqajnAqmaZGdhipqqJ+COuqpqB5aKpGptuqqn6vG/yrrrLTO 9mqiteaq6668XnYror2yiBITvw4a7IrFJqtslsc26+yLywr67LTUVmvtptFmq+223Hbr7bfghuvm teSWa65bAJxLYbrCeguAuG6+Cy+a8o7LK7vqSoivbEucFW69NxUzL5AAD2wwevlOePDCDF+XsFMZ uNYwlw9XbHFZE295sYMZaynevhsXNCMAJHdMk3kkh8wgySCrXF7KFpuMpcs01yyXzDjnbJfN5ulM Jc/l+Sz00EQXbXR1QJN3dJJJj7c0kE2L9/TUVFdt9dVCRa01Q5Rs7fXXYIcttrNYpzj2cWWnXfbZ bLft9ttwxy333IuVg6faItKtd6949/899d62+l3sHYIXbvjhMAEu0jWEIe64yYpD+/jklFduOaGR w3b55uBm/hrnoIcu+lGel2766Q6N/h7qrP+p+uuwxz5T67TXbvvtuLsou3q5967j7sAHD7vvxNso /HfFI3n88qom73yJzBvuyLLP+xr99dj3Xf32G2b/HPfgX+g9qibUtE/V4S82/vqPpu8+hOz/9j5i 8dfv5fz45x+r/bzp7///AAwb/yQTQP35gzsDBE4B25LABs7nHg6sz1rScbsJLPCCGNxfBAGTwQ56 8IMgnNsGsXKFKYlDeyGcygj/ksIWsmaFfnFhVGC4FxlChYY4VJENd8hDpeXwLj1kyg+ZgeghBzRr iDsLohKXaBwk1oWJInGiFKdIxSpa8YowiQYWi8KQaEDxI1784kSyuEUuJiSMYkyjGj1TRq1sBBBr bGNW1sgROWKFjnjMox73CCA7XoWPgAykIAd5Gz/y7xwFImSUDMnIRiZIkRBx5J0gyURsULIwkiTd JTfJyU568pMgyqQZQSkyUZqSg6Qs5SnJkkqCrPKVeQkIACH5BAAMAI0ALAAAAABYAXwBBwj/AO0J HEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNO/Mexo8ePIEOKHEmypMmTKFOqXMmypcuXMGPKnEmz ps2bOHPq3Mmzp8+fQIMKHUq0qNGjSJMqXcq0KVONUKNKnUq1qtWrWLNq3cq1q9evYMOKHUu2rNmz aCuCS8u2rdu3cOPKnUu3rt2DTvPq3cu378q7gAMLHuzQr+HDiBMb3cqCsOPHkC8qnky58kpnJytZ 3sy5s+fPoEOLHk26tOnTfSOrXs26tevXsGPLnk27tu3buHPr3s27t+/fwLOiHk68OMrgyJMrX868 ufPn0CMan059evTrAyNgh1i9u/fv4MOL/2+6vbz5hePTq1/Pvr17jufJnJ9Pv3799/jz69/Pv7// /6XZJyB2ABZooEgDJvjcgQw26OCDEEYoIXgKVrjchBiyZ+GGHHbooV0ZhjjehySWaOKJKKao4oos tujiizDGyJWINLJnQY04Bijjjjw21EqPv+UoJHFAFmnkkUgmqeKQTJqm5JNQRhldD1Ia2eSVWGap 5ZZcirRFl2CGKeaYP1VpJlRkpqnmmmy22eWZcErm5px01glanHhuZOeefPaZWp6AFubnoIQWOlSg iKJHEwiGupnoo3g1KumklL4E6aUDVarpR5hiuumn/3Qq6qiklmrqqaim6iGom6oap34qsP86matw ymrrrX7SeiauvPbapq7ABluir4UKa+yxyCYrG7GEKosks9BGK+20/Dl7JLXYZiuhtVZq6+23AHJb JLjkloufuECamya67La7m7pkuisjvPTWW528+Oar774M2Qsmvyz6+ybASwq8JcEIJxyXwQw33JnC EEdslsNYSkwixRhnrPHGHFdr8cdRbQNypB2XbPLJho6s8sost+wyWbzw8vKAMc8sYM02bwdSzCiH yEvPDOZ8H9ATCm300UjrTPTSTLOU9NMrNw0h1FRXbbVtUj949YJZd+311w5u7RzYBopttr5NqkH2 2my37bZnZ1/49n5xK0duNnPjekXefPP/TUnfgAfOad3ICW744Yg/RfjizibuuLYbZhGVC8c+zlk6 mGeOueWc28v456CHflXn34lu+umoS0R6fr6s7vrrjqcu++y0CwT77a3WrnugBU4A9u7A44l7ccHD hh8xfBf/WskADD9c886bBn30pU1P/WjWXx9a9tp/xn33nH1fUxziJZhLbwAo31r6H4I/mvrwK+n+ /GvGb//9+OdfEf136u9/i/wLoAA39r8CFmyACEyg5wzIwGEpkDIKi0IDrfVACE7wghuS1Dwq2DcM 0oWDIAyhtDw4FxEehoQoTKEKV0hCE7owbCxkywtnSMMaEi2GOOSaDXfIwx4KLIdo8aEQlodIxCK2 DYhnMaISl4gjJE6MiUJxYlmgSEUnSfGKWMyiFrfIxS568YvGq6IYx/gfMGqFjGhM43vMKBw15qQr gICMI4zmxjoixky7oJUdb8LGPhJmj4AMpCAHmSM/WoWQiExkZQriCkM6Ei6KdMkjJ0nJ20SyJZVE 0yX/kslOevKTwdmkKEepFFBahJSoTGVQTMnKVs4lIAAh+QQADACNACwAAAAAWAF8AQcI/wD/CRxI sKDBgwgTKlzIsKHDhxAjSpxIsaLFixgzTrTHsaPHjyBDihxJsqTJkyhTqlzJsqXLlzBjypzZUqPN mzhz6tzJs6fPn0CDCh1KtKjRo0iTKl3KtKlTnTSjSp1KtarVq1izat3KtavXr2DDio35tKzZs2jT ql3Ltq3bt3Djyp1Lt67du3jz6t3Lt69RAIABjx1MuLDhw4g7FgwM2K/jx5AjS55MWWPiy5gza968 srLnz6BDix5NurTp06hTq17NurXr17Bjy57t2lpezrhLosjNu7dV2sCDCx9OfKPv48iTK1/OvLnz 5yaLS59Ovbpr6Niza9/Ovbv37+DDi/8f/9G6+fPo0/slz769+/fw48ufT7++/fv4T+5Rrr6///8A BijggAQWCFl+CCb4lYEM3qbggxBW1eCEdUVo4YUYZqjhVhR26OGH/W0o4ojlgWgiWiSmKOKJLJal 4osYtijjjDSWBuONOOao44489ujjj0BGV+OQRBbZV5AbQoCgkUzyhOST3zUpJU5QVmnllVieNOWW GWXpJX9chinmmEB9aeaZaKap5ppstunmm3DGKaeWZNbJ0Jx4ZmXnngnl6aeEfAZK0J+ERiXooYge WuiiZCXq6KOQRirppJRW6lQFlmaq6aacKsrop6CGKuqopJaKWKeopmqeqawqpuqQrcb/Kmupr/70 R39s1Krrrrz2itRyBsyan6/EFmvsscgiKiypyXa47LPQztkshdGCOu212Gar7bbqVfspt+CGy5S3 5JbrpbgAmqvuuuy26+67uaH7H7z01hujvCHa2ya++err77/08dstwAQXzJ7ACCfcpcFmKuzwwxAx LPHEFFccUpE+oGrxxhx3XC/E1Hks8siGgTwdyUCarPLKLLcMMco/uiwzwjD7OPPNJiODs2k19+wz oDu/9rOOQcM2dI5FJ620QhHwmcHSUEc92dE4Sm311VhnXdc9clHt9dd0ai322GRTBPbZaKf9Ytls Q6r223DHLffcdNdt991459n23srm/+23wXxT9vfgAAdu+OGIJw5RK4o3Pi3h9zku+eSUVw4V5Jhn rjmHlt+1uXyde/756N6Gbhfp75mueoOot+7660ES0/PqtNdu++Gwj3f77gPnDh7vwK/q++/BqzU8 8cUrJMWvxzfv/PPQH5b89NRXn3D02lnvIvbYaf8U9+BDOUXY3pefGntGhK9+Zua3j9r6zbmvFPzM yZ8U/cs1VY39/AeFP5j9C6Bk/scqKBDwgI0SoFAQ6BsFDoWBvXGgWdoBFwAg7jsAGB5kLGg48GQw d5HhIN/C80EIcqaEKdLFlyYjQgn2pIVlM2G8XPgTGeKGhjgUnQ01k8Oe7HAzPXTSD6bZdyIYvopN ghkiZlDIKC8YKoiXU2JioEjFtkjxMuDKWGtAUcUuDvCKYEyQFx3zjhMBYYyCCqMa8YPGha3xjXA8 VxsvEsexzJGOdQzLHS0Sqmzk8Wd7rMgfB0nIQhqSYIE02yHppQR1JdI4i8RK6DTxSM9E8pKYzGSV KhkRTQKNk6AMZVE8ScpSHkyUqMSIKVeJxVS6UpGsjCVhXknLTsoSJrU8SEAAACH5BAAMAI0ALAAA AABYAXwBBwj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNOtMexo8ePIEOKHEmypMmTKFOq XMmypcuXMGPKnEmzps2bOHPq3Mmzp0+YGoMKHUq0qNGjSJMqXcq0qdOnUKNKvfizqtWrWLNq3cq1 q9evYMOKHUu2rNmzaNOqXcu2rVuaU+PKnUu3rl2ELTe83cu3b9u7gAMLHky4sOHDiBMrXsy4sePH DP1Knky5suXLmDNr3sy582TIoEOLHk26tOnTqFOrXs26tevXjj3Lnk0bJezbuFvX3s17d+7fwEn3 Hk68uPHjyMUGX86ccfLn0KNLn069uvXr2LNrd9u8u/fv4MOL/xe4vbz5lePTq096vr17kevjy59P v37U9/jx29/Pv7//7gAE+N+A6QVoYFD5JYiZgQAo6GB0DDbYE4EULiZghRhmWNGDHHbo4Ycghiji iCSWaOKJsmmo4oostqgYijBq5uKMNNZo44045qjjjjz2SGCMQAYp5JAd+WjkkUhmSOSSTDbZYZJQ CubklGZFaeWVWH5H5ZbKZeklVFyGKeaYxH1pZlNkpmnVmWyyp+abcMYp55zGtWlnUXTmGdOdfCKo 558s9SkoVYAWatugiEpk6KIlJeroo5BGKumklCrF6KUhVarpppx26umnoIaqI6akFinqqaimquqq rN5WKnWJfP/W6qy0VvjqrbgaWuuuvGp6Rq/ABivssMTmmOuxyCar7LLMelhsUX08Ky1gHXLR7LXY ZqvttkRO6+234IYrLpLcvjnuueimS2u5aqqrXjIauSUFu/TW+5W7NF41g73l4evvv07xW5kOAhdc E8AIJ4znSyAY7KzCSjos8cS8QWzxxRtRvOSwH2Ds8ccghyzyyCQvpfHGJdd38sosW5byyzDH/FvL +NFC880456yzqTKrt/PPQAct9NBE09zzekV/ePTS4Sbt9NNAMS311FRXbfXVWGet9dZcrwj1g13P /PXYZI8Udm5lp622PWe37fbbcJsmSdzBre0e3XjnrffefPf/DZwsfosmC+ADOj243dsdziHAgwcO WuOORy755LEti0KelEOG+HmZP7a5eZ2HfuPnpJduum+ip+7i6dip7rrXrOsMxeav12777TI3+Ujs vLOF++/iSQN8Y70Xb/zxZQ2vvHzIQ8fnDsvD3Pz01FfPU/TYi2f99jdnwD132c/1/XDhl2/++auO 3xv6Uqnv/qvsrweA6m5J+H5Lis0v+lv23+9Z//47SWP0Rzm+ADCAmjkgAjMVv6cs8IEQjKAEJ7i4 BlpQNRS8zAXRlMHKbJApHQxhkz5IwtGIUFYlTKEKw3PCFrrwZCuMoQxnGLEXdmYbNrwXDXfIwx4i LYdADJEPnzESxL8M0SJF9N0RN5TEJipoiUx0ohTvBsWngGKIUzxLFbd4iS168YuuymLywKgiRJDx jHAT4xjRyMYoqjEsbVTIG8cSx4TQKQrNqiNe5licEPARPuB5hB6z9kewDPKQCymkDhHJyEY68pF7 VKQki/PISVqSfI68pCZrA8lOMnuvPbapq7ABluir4UKa+yxyCYrG7GEKosks9BGK+20/Dl7JLXYZiuhtVZq6+23AHJb JLjkloufuECamya67La7m7pkuisjvPTWW528+Oar774M2Qsmvyz6+ybASwq8JcEIJxyXwQw33JnC EEdslsNYSkwixRhnrPHGHFdr8cdRbQNypB2XbPLJho6s8sost+wyWbzw8vKAMc8sYM02bwdSzCiH yEvPDOZ8H9ATCm300UjrTPTSTLOU9NMrNw0h1FRXbbVtUj949YJZd+311w5u7RzYBopttr5NqkH2 2my37bZnZ1/49n5xK0duNnPjekXefPP/TUnfgAfOad3ICW744Yg/RfjizibuuLYbZhGVC8c+zlk6 mGeOueWc28v456CHflXn34lu+umoS0R6fr6s7vrrjqcu++y0CwT77a3WrnugBU4A9u7A44l7ccHD hh8xfBf/WskADD9c886bBn30pU1P/WjWXx9a9tp/xn33nH1fUxziJZhLbwAo31r6H4I/mvrwK+n+ /GvGb//9+OdfEf136u9/i/wLoAA39r8CFmyACEyg5wzIwGEpkDIKi0IDrfVACE7wghuS1Dwq2DcM 0oWDIAyhtDw4FxEehoQoTKEKV0hCE7owbCxkywtnSMMaEi2GOOSaDXfIwx4KLIdo8aEQlodIxCK2 DYhnMaISl4gjJE6MiUJxYlmgSEUnSfGKWMyiFrfIxS568YvGq6IYx/gfMGqFjGhM43vMKBw15qQr gICMI4zmxjoixky7oJUdb8LGPhJmj4AMpCAHmSM/WoWQiExkZQriCkM6Ei6KdMkjJ0nJ20SyJZVE 0yX/kslOevKTwdmkKEepFFBahJSoTGVQTMnKVs4lIAAh+QQADACNACwAAAAAWAF8AQcI/wD/CRxI sKDBgwgTKlzIsKHDhxAjSpxIsaLFixgzTrTHsaPHjyBDihxJsqTJkyhTqlzJsqXLlzBjypzZUqPN mzhz6tzJs6fPn0CDCh1KtKjRo0iTKl3KtKlTnTSjSp1KtarVq1izat3KtavXr2DDio35tKzZs2jT ql3Ltq3bt3Djyp1Lt67du3jz6t3Lt69RAIABjx1MuLDhw4g7FgwM2K/jx5AjS55MWWPiy5gza968 srLnz6BDix5NurTp06hTq17NurXr17Bjy57t2lpezrhLosjNu7dV2sCDCx9OfKPv48iTK1/OvLnz 5yaLS59Ovbpr6Niza9/Ovbv37+DDi/8f/9G6+fPo0/slz769+/fw48ufT7++/fv4T+5Rrr6///8A BijggAQWCFl+CCb4lYEM3qbggxBW1eCEdUVo4YUYZqjhVhR26OGH/W0o4ojlgWgiWiSmKOKJLJal 4osYtijjjDSWBuONOOao44489ujjj0BGV+OQRBbZV5AbQoCgkUzyhOST3zUpJU5QVmnllVieNOWW GWXpJX9chinmmEB9aeaZaKap5ppstunmm3DGKaeWZNbJ0Jx4ZmXnngnl6aeEfAZK0J+ERiXooYge WuiiZCXq6KOQRirppJRW6lQFlmaq6aacKsrop6CGKuqopJaKWKeopmqeqawqpuqQrcb/Kmupr/70 R39s1Krrrrz2itRyBsyan6/EFmvsscgiKiypyXa47LPQztkshdGCOu212Gar7bbqVfspt+CGy5S3 5JbrpbgAmqvuuuy26+67uaH7H7z01hujvCHa2ya++err77/08dstwAQXzJ7ACCfcpcFmKuzwwxAx LPHEFFccUpE+oGrxxhx3XC/E1Hks8siGgTwdyUCarPLKLLcMMco/uiwzwjD7OPPNJiODs2k19+wz oDu/9rOOQcM2dI5FJ620QhHwmcHSUEc92dE4Sm311VhnXdc9clHt9dd0ai322GRTBPbZaKf9Ytls Q6r223DHLffcdNdt991459n23srm/+23wXxT9vfgAAdu+OGIJw5RK4o3Pi3h9zku+eSUVw4V5Jhn rjmHlt+1uXyde/756N6Gbhfp75mueoOot+7660ES0/PqtNdu++Gwj3f77gPnDh7vwK/q++/BqzU8 8cUrJMWvxzfv/PPQH5b89NRXn3D02lnvIvbYaf8U9+BDOUXY3pefGntGhK9+Zua3j9r6zbmvFPzM yZ8U/cs1VY39/AeFP5j9C6Bk/scqKBDwgI0SoFAQ6BsFDoWBvXGgWdoBFwAg7jsAGB5kLGg48GQw d5HhIN/C80EIcqaEKdLFlyYjQgn2pIVlM2G8XPgTGeKGhjgUnQ01k8Oe7HAzPXTSD6bZdyIYvopN ghkiZlDIKC8YKoiXU2JioEjFtkjxMuDKWGtAUcUuDvCKYEyQFx3zjhMBYYyCCqMa8YPGha3xjXA8 VxsvEsexzJGOdQzLHS0Sqmzk8Wd7rMgfB0nIQhqSYIE02yHppQR1JdI4i8RK6DTxSM9E8pKYzGSV KhkRTQKNk6AMZVE8ScpSHkyUqMSIKVeJxVS6UpGsjCVhXknLTsoSJrU8SEAAACH5BAAMAI0ALAAA AABYAXwBBwj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNOtMexo8ePIEOKHEmypMmTKFOq XMmypcuXMGPKnEmzps2bOHPq3Mmzp0+YGoMKHUq0qNGjSJMqXcq0qdOnUKNKvfizqtWrWLNq3cq1 q9evYMOKHUu2rNmzaNOqXcu2rVuaU+PKnUu3rl2ELTe83cu3b9u7gAMLHky4sOHDiBMrXsy4sePH DP1Knky5suXLmDNr3sy582TIoEOLHk26tOnTqFOrXs26tevXjj3Lnk0bJezbuFvX3s17d+7fwEn3 Hk68uPHjyMUGX86ccfLn0KNLn069uvXr2LNrd9u8u/fv4MOL/xe4vbz5lePTq096vr17kevjy59P v37U9/jx29/Pv7//7gAE+N+A6QVoYFD5JYiZgQAo6GB0DDbYE4EULiZghRhmWNGDHHbo4Ycghiji iCSWaOKJsmmo4oostqgYijBq5uKMNNZo44045qjjjjz2SGCMQAYp5JAd+WjkkUhmSOSSTDbZYZJQ CubklGZFaeWVWH5H5ZbKZeklVFyGKeaYxH1pZlNkpmnVmWyyp+abcMYp55zGtWlnUXTmGdOdfCKo 558s9SkoVYAWatugiEpk6KIlJeroo5BGKumklCrF6KUhVarpppx26umnoIaqI6akFinqqaimquqq rN5WKnWJfP/W6qy0VvjqrbgaWuuuvGp6Rq/ABivssMTmmOuxyCar7LLMelhsUX08Ky1gHXLR7LXY ZqvttkRO6+234IYrLpLcvjnuueimS2u5aqqrXjIauSUFu/TW+5W7NF41g73l4evvv07xW5kOAhdc E8AIJ4znSyAY7KzCSjos8cS8QWzxxRtRvOSwH2Ds8ccghyzyyCQvpfHGJdd38sosW5byyzDH/FvL +NFC880456yzqTKrt/PPQAct9NBE09zzekV/ePTS4Sbt9NNAMS311FRXbfXVWGet9dZcrwj1g13P /PXYZI8Udm5lp622PWe37fbbcJsmSdzBre0e3XjnrffefPf/DZwsfosmC+ADOj243dsdziHAgwcO WuOORy755LEti0KelEOG+HmZP7a5eZ2HfuPnpJduum+ip+7i6dip7rrXrOsMxeav12777TI3+Ujs vLOF++/iSQN8Y70Xb/zxZQ2vvHzIQ8fnDsvD3Pz01FfPU/TYi2f99jdnwD132c/1/XDhl2/++auO 3xv6Uqnv/qvsrweA6m5J+H5Lis0v+lv23+9Z//47SWP0Rzm+ADCAmjkgAjMVv6cs8IEQjKAEJ7i4 BlpQNRS8zAXRlMHKbJApHQxhkz5IwtGIUFYlTKEKw3PCFrrwZCuMoQxnGLEXdmYbNrwXDXfIwx4i LYdADJEPnzESxL8M0SJF9N0RN5TEJipoiUx0ohTvBsWngGKIUzxLFbd4iS168YuuymLywKgiRJDx jHAT4xjRyMYoqjEsbVTIG8cSx4TQKQrNqiNe5licEPARPuB5hB6z9kewDPKQCymkDhHJyEY68pF7 VKQki/PISVqSfI68pCZrA8lOMnKTWImeH+riExyAki+KyGElT1mVVbLylS7LJCxnOZmAAAAh+QQA EQCNACwAAAAAWAEXAAcI/wD/CRxIsKDBgwgTKlzIsKHDhxAjSpxIsaLFixgzatzIsaPHjyBDihxJ sqTJkyhTqlzJsqXLlzBjypxJs6bNmzhz6tzJs6fPnzDtCR1KtKjRo0iTKl3KtKnTp1CjSp1KtarV q1izTgXKtavXrw61ih1LtqzZs2jTql3Ltq3bt3Djyp17Fazdu3h90t3Lt6/fv4DL5rUZmGmHwojr Dl7MuLHjx5BFBokM0irllokza4a6SGnGARAHiP4I2mJpgacHil49mvVp16z/vVZ9ubZN0KkZ5t64 O7Rs2gV7p96dezZq28g1Wv49O7bB0rhXHyf4ejRq666vNxf+ezr1g8OfB3QH3n2z+fNvj1f/Pl52 +OLecQMPP906+O74ybP3rh+/cfQABpgURvLxl1997Rn3nngGFoiQg8TBlh9x7fmX3IUtKVjhfAnO l517+8HXW3wGHqidffuRWCKGLDJk2YfwdRiihQ+SJ2JCMDJYIXczTifgj0AGBAAh+QQAEQCNACwA ABYAWAEXAAcI/wDtCRxIsKBBe/8GKFT4L2HDhwMeQmwYUWJFhxcvSqQ4kaNFhxshLqyo0ePGjCFB dlRZ8aDLlzBjypxJs6bNmzhz6jSYsmdPlCpNdiyJEuhPk0SDnhwasqRQp059Sp1KtarVq1izat3K tavUnfaSJl2qVONYjExXkjz6EWrKs0JZdgRLt67du3jz6p0plqzIiHChMqQ4mDDJwlHLJhwJmDHg ph8jy/23t7Lly5gze93MubPnz6BDix5NurTp06hTq17NurVrrGBfy2ad2S6x2rhz6+Y5u7fv31R3 Cx8eG7jx47+JK6+NvLnz59CjZy0u3XcAr9er91zO3TL2jdm1q/8Ov5V81wDo0UtMr/6feffu2ZsP /168fa3k698frd9qf6z5NTQffOAR+FB7Bv6333Fg0QcegvFld116KQ0oIIIDTlgfhQYKeCCGEK7H HnwWRigihw86OGKB63V4YEgTwviih5R1Z+ONErJIoIoO6khjjxnqpyKLQ9LY4osxHgnkkUxKGCCT Hm4oo5QJNnTjlXV9VyKJLW5pZI5dFiikkjMG2F+GLiYZpY9ptgklfRC+pyaZRi4YXYMhyqfhiF5W 2SaaFcr35YUrhlgnl0HyySagM36IooiHcimjn1hWqtN3Hco5aaNhHjqnpJuKySmbf5a66KleKrim qJP2aOedO7mAqumpU4766aejIpkrlKUyaiuqtE6F67BfWWpsTZgO+qOuu3paJqRnclqimrPGB6q1 fsK5KZi/hrojnR82quqrvTWo46McCuqTnHFSiOuJpKL4KLxJKkoovYG66my+7YK4orhWHitwTLKN 66JpBleVMLkMNzyewqstXGGzDldsZ0AAIfkEABEAjQAsAAAsAFgBFwAHCN8A/wkcSLCgwYMIEQZI SHAhw4cQCzqMqHDgRIoYM2rcyLGjx48gQ4oMeTFhyZEVQQZYibKly5cwY8pEaK+mzZs4c+rcybOn z59AgwodSrSo0aNIkypdyrSp06dQo0qdSrWq1atYs2rdyrWr169gw4odS7as2bIz06pdy7at27dw BZ6dS7eu3bt48+rdy7ev37+AAwseTLiw4cOIEytezLix48eQI0ue3Diu5cuYM2vezLmz58+gQ3em TLq06dOoU3ftklS069ewY4NWTbu27du4cw+Vzbu3798udQsfzjUgACH5BAARAI0ALAAAQgBYARcA Bwj/AO0JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3Mixo8ePIEOKHEmypMmTKFOqXMmypcuX MGPKnCnzn82bOHPq3Mmzp8+fQIMKHUq0qNGjSJMqXcq0qdOnUKNKnUo1KaWqWLNq3cq1q9evYMOK HUu2rNmo986qPWtxrdu3OGnKnTsQrt27ePPq3cs3qgCqf/sK7mpRgGHDNg8f/qd4seKcj29GDiyZ MWXGkCNbRpwY8WXMOB1fpqwZcufFpwN//tvY9D+6sGcqHQ16J+3ElXPTXm05tGvctUkDz+27t+7i rnf75n17+ODncJXzbK5aJ2vrpq87r41bOHDeyYNz659OHPPn8drLn4fOnmnh5T2pbzePHb738vSH V0d+XPj639Lxl596r8Vm4IEJ7daaeqiNB9pk2X33W3cNPjihhBaSxhlyt0EIH39/ISjiiPYs+B93 +zl4XnrdVQaei86lOF+K171I3IIRfkggiTyONFt9tnE4I3bMwShget7ZiCF9SornE4sDxtjelGat GJ+QUqKoX4w20nicgBZKJqOVQ34Z5nYnUqlmUO9lVlpzwVX45oajraaZgqw91ppjoWlYoZl9briZ mH8G1uOhH625ZppMMaroo5BG6ihSk0YaaVuPJhQXQk0h6mmPAQEAIfkEABEAjQAsAABYAFgBFwAH CP8A7QkcSLCgQXv/EipcyLChw4cQI0qEeFDgwooIJ07EyLGjx48gQ4ocSbKkyZMFNapcybKly5cw Y8qcSbOmzZs4WaLMyVNnxYs/aaIcSrSo0aNIk5JMCKApgJ5PGzptKtUlRqAHFfKLuHUhv68JlYod S7as2ZQyo/Zk6lDtP7drJX7t2nCu17h48+rdyxMl3LcLnwoGHHUqW6dMEQdePLiwYsNs/11VOPkf XYd0L4c9y7mz589i/7oV7DjyYbWF2zJODXd05MqSg1rmqnVuV9AVEeDezftk2qoKB5t27Row8MPB jSdfjlMzw8x3+UqfTr263+OEmU+lWvzvW8iolSe6hkxZduysCZ1Hn631fO/38OOTFc1YO/bU2IeL 388QdmX17aV3l3wEFmigSfuhJpxyxC3GH3/hteZgVP7Jdplm0LV34IYcdkYTeNwxGNhjDn7HEH2R gUiVaTLZ1lVmtqVnV3U01mjjjTjmqOOOPPaI004+xlQhejN1aOSRSQWp5JJMNunkk1BGKeWU0iFp 5ZVYZukZlVx26eWXYIYp5phklmnmmWj2pOWabLbp5ptwxinnnHTWaeedvQUEACH5BAARAI0ALAAA bgBYARcABwjgAO0JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3Mixo8ePIEOKHEmypMmTKFOq XMmypcuXMGPKnEmzps2bOHPqTPivp8+fQIMKHUq0qNGjSJMqXcq0qdOnUKMyHSa1qtV/O7Nq3cr1 5NWvYMOKHUu2rNmzaNOqXcu2rdu3cOPKnUu3rt27ePPq3cu3r9+/gAMLHky4sOHDiBMrXsy4sePH kCNLnky5suXLmDNrrtq1s+fPoEOLHk269MDNqOvGS826tevXQwfCkQi7tlzTDdsCsLv7au+lvxMH 9237Z0AAIfkEABEAjQAsAACEAFgBFwAHCP8A/wkcSLCgwYMICwJIyLChQ4QLHz6MKFEgxYoYM2oc eHHjwY4eQ4ocmdCeyZMoU6q0B6AlyIQLXzaUGbIjSJr/KOKE6HAnQZ85Pcq0yRAo0JVIkypdyrSp 05MidUqMqREoRqJXOVbtWdGoUJ5dJ5IcS7bsV605W1p0+VNtW7ds09qECxety5hx41qUOxevW7kG 7wbdC1hvYLV56/r9SThiYseI8/JVSFfnY8KDzWreXJOxVKmY0Qb9HJgn6b2nPYvOnPpi68ywS6/W WldhY9ugMVPNzZr2bKqhOQsP+XSl6965b9IWrPwt8NG+UZfmnZzvcemoeR9ezXw2dODdQ5P/pi76 OWTFAourX89efVTV2Hvbjh8c9uv707mXj70/+XOY5kXH327QxXfdd/rphpxd/A3nIEbtmQTaa/Xh N5+CFhYIn339JajhcQfi1mF98lGIoXwKGogiRRG26GKEURkmmXh9ncdRX2tVdl6AaW04V4l/3agj YGsFp9eQrmHFWmI5LqhdZULu6N2DVFa5mVWdWVkWllp2yWWXYIYp5HCGibnRl2Y6iGaabLbp5ptw xinnnHTWaeedeHbZ4ppb5kkiV2PxSaWgA71o6KFJvKTWImeH+riExyAki+KyGElT1mVVbLylS7LJCxnOZmAAAAh+QQA EQCNACwAAAAAWAEXAAcI/wD/CRxIsKDBgwgTKlzIsKHDhxAjSpxIsaLFixgzatzIsaPHjyBDihxJ sqTJkyhTqlzJsqXLlzBjypxJs6bNmzhz6tzJs6fPnzDtCR1KtKjRo0iTKl3KtKnTp1CjSp1KtarV q1izTgXKtavXrw61ih1LtqzZs2jTql3Ltq3bt3Djyp17Fazdu3h90t3Lt6/fv4DL5rUZmGmHwojr Dl7MuLHjx5BFBokM0irllokza4a6SGnGARAHiP4I2mJpgacHil49mvVp16z/vVZ9ubZN0KkZ5t64 O7Rs2gV7p96dezZq28g1Wv49O7bB0rhXHyf4ejRq666vNxf+ezr1g8OfB3QH3n2z+fNvj1f/Pl52 +OLecQMPP906+O74ybP3rh+/cfQABpgURvLxl1997Rn3nngGFoiQg8TBlh9x7fmX3IUtKVjhfAnO l517+8HXW3wGHqidffuRWCKGLDJk2YfwdRiihQ+SJ2JCMDJYIXczTifgj0AGBAAh+QQAEQCNACwA ABYAWAEXAAcI/wDtCRxIsKBBe/8GKFT4L2HDhwMeQmwYUWJFhxcvSqQ4kaNFhxshLqyo0ePGjCFB dlRZ8aDLlzBjypxJs6bNmzhz6jSYsmdPlCpNdiyJEuhPk0SDnhwasqRQp059Sp1KtarVq1izat3K tavUnfaSJl2qVONYjExXkjz6EWrKs0JZdgRLt67du3jz6p0plqzIiHChMqQ4mDDJwlHLJhwJmDHg ph8jy/23t7Lly5gze93MubPnz6BDix5NurTp06hTq17NurVrrGBfy2ad2S6x2rhz6+Y5u7fv31R3 Cx8eG7jx47+JK6+NvLnz59CjZy0u3XcAr9er91zO3TL2jdm1q/8Ov5V81wDo0UtMr/6feffu2ZsP /168fa3k698frd9qf6z5NTQffOAR+FB7Bv6333Fg0QcegvFld116KQ0oIIIDTlgfhQYKeCCGEK7H HnwWRigihw86OGKB63V4YEgTwviih5R1Z+ONErJIoIoO6khjjxnqpyKLQ9LY4osxHgnkkUxKGCCT Hm4oo5QJNnTjlXV9VyKJLW5pZI5dFiikkjMG2F+GLiYZpY9ptgklfRC+pyaZRi4YXYMhyqfhiF5W 2SaaFcr35YUrhlgnl0HyySagM36IooiHcimjn1hWqtN3Hco5aaNhHjqnpJuKySmbf5a66KleKrim qJP2aOedO7mAqumpU4766aejIpkrlKUyaiuqtE6F67BfWWpsTZgO+qOuu3paJqRnclqimrPGB6q1 fsK5KZi/hrojnR82quqrvTWo46McCuqTnHFSiOuJpKL4KLxJKkoovYG66my+7YK4orhWHitwTLKN 66JpBleVMLkMNzyewqstXGGzDldsZ0AAIfkEABEAjQAsAAAsAFgBFwAHCN8A/wkcSLCgwYMIEQZI SHAhw4cQCzqMqHDgRIoYM2rcyLGjx48gQ4oMeTFhyZEVQQZYibKly5cwY8pEaK+mzZs4c+rcybOn z59AgwodSrSo0aNIkypdyrSp06dQo0qdSrWq1atYs2rdyrWr169gw4odS7as2bIz06pdy7at27dw BZ6dS7eu3bt48+rdy7ev37+AAwseTLiw4cOIEytezLix48eQI0ue3Diu5cuYM2vezLmz58+gQ3em TLq06dOoU3ftklS069ewY4NWTbu27du4cw+Vzbu3798udQsfzjUgACH5BAARAI0ALAAAQgBYARcA Bwj/AO0JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3Mixo8ePIEOKHEmypMmTKFOqXMmypcuX MGPKnCnzn82bOHPq3Mmzp8+fQIMKHUq0qNGjSJMqXcq0qdOnUKNKnUo1KaWqWLNq3cq1q9evYMOK HUu2rNmo986qPWtxrdu3OGnKnTsQrt27ePPq3cs3qgCqf/sK7mpRgGHDNg8f/qd4seKcj29GDiyZ MWXGkCNbRpwY8WXMOB1fpqwZcufFpwN//tvY9D+6sGcqHQ16J+3ElXPTXm05tGvctUkDz+27t+7i rnf75n17+ODncJXzbK5aJ2vrpq87r41bOHDeyYNz659OHPPn8drLn4fOnmnh5T2pbzePHb738vSH V0d+XPj639Lxl596r8Vm4IEJ7daaeqiNB9pk2X33W3cNPjihhBaSxhlyt0EIH39/ISjiiPYs+B93 +zl4XnrdVQaei86lOF+K171I3IIRfkggiTyONFt9tnE4I3bMwShget7ZiCF9SornE4sDxtjelGat GJ+QUqKoX4w20nicgBZKJqOVQ34Z5nYnUqlmUO9lVlpzwVX45oajraaZgqw91ppjoWlYoZl9briZ mH8G1uOhH625ZppMMaroo5BG6ihSk0YaaVuPJhQXQk0h6mmPAQEAIfkEABEAjQAsAABYAFgBFwAH CP8A7QkcSLCgQXv/EipcyLChw4cQI0qEeFDgwooIJ07EyLGjx48gQ4ocSbKkyZMFNapcybKly5cw Y8qcSbOmzZs4WaLMyVNnxYs/aaIcSrSo0aNIk5JMCKApgJ5PGzptKtUlRqAHFfKLuHUhv68JlYod S7as2ZQyo/Zk6lDtP7drJX7t2nCu17h48+rdyxMl3LcLnwoGHHUqW6dMEQdePLiwYsNs/11VOPkf XYd0L4c9y7mz589i/7oV7DjyYbWF2zJODXd05MqSg1rmqnVuV9AVEeDezftk2qoKB5t27Row8MPB jSdfjlMzw8x3+UqfTr263+OEmU+lWvzvW8iolSe6hkxZduysCZ1Hn631fO/38OOTFc1YO/bU2IeL 388QdmX17aV3l3wEFmigSfuhJpxyxC3GH3/hteZgVP7Jdplm0LV34IYcdkYTeNwxGNhjDn7HEH2R gUiVaTLZ1lVmtqVnV3U01mjjjTjmqOOOPPaI004+xlQhejN1aOSRSQWp5JJMNunkk1BGKeWU0iFp 5ZVYZukZlVx26eWXYIYp5phklmnmmWj2pOWabLbp5ptwxinnnHTWaeedvQUEACH5BAARAI0ALAAA bgBYARcABwjgAO0JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3Mixo8ePIEOKHEmypMmTKFOq XMmypcuXMGPKnEmzps2bOHPqTPivp8+fQIMKHUq0qNGjSJMqXcq0qdOnUKMyHSa1qtV/O7Nq3cr1 5NWvYMOKHUu2rNmzaNOqXcu2rdu3cOPKnUu3rt27ePPq3cu3r9+/gAMLHky4sOHDiBMrXsy4sePH kCNLnky5suXLmDNrrtq1s+fPoEOLHk269MDNqOvGS826tevXQwfCkQi7tlzTDdsCsLv7au+lvxMH 9237Z0AAIfkEABEAjQAsAACEAFgBFwAHCP8A/wkcSLCgwYMICwJIyLChQ4QLHz6MKFEgxYoYM2oc eHHjwY4eQ4ocmdCeyZMoU6q0B6AlyIQLXzaUGbIjSJr/KOKE6HAnQZ85Pcq0yRAo0JVIkypdyrSp 05MidUqMqREoRqJXOVbtWdGoUJ5dJ5IcS7bsV605W1p0+VNtW7ds09qECxety5hx41qUOxevW7kG 7wbdC1hvYLV56/r9SThiYseI8/JVSFfnY8KDzWreXJOxVKmY0Qb9HJgn6b2nPYvOnPpi68ywS6/W WldhY9ugMVPNzZr2bKqhOQsP+XSl6965b9IWrPwt8NG+UZfmnZzvcemoeR9ezXw2dODdQ5P/pi76 OWTFAourX89efVTV2Hvbjh8c9uv707mXj70/+XOY5kXH327QxXfdd/rphpxd/A3nIEbtmQTaa/Xh N5+CFhYIn339JajhcQfi1mF98lGIoXwKGogiRRG26GKEURkmmXh9ncdRX2tVdl6AaW04V4l/3agj YGsFp9eQrmHFWmI5LqhdZULu6N2DVFa5mVWdWVkWllp2yWWXYIYp5HCGibnRl2Y6iGaabLbp5ptw xinnnHTWaeedeHbZ4ppb5kkiV2PxSaWgA71o6KFJvQfmk3WuSShjwhH6qJ9j7RmmdnY6StakMCkq EqKghrrnkX9dBqSNb002WJmmsjVkk6pS6EeqZUmWaquUkPpF622jsQolfDPOOiaRohZrbFMZikgf eSe+dCB4KvqI4rQaQvrhguKtKiC01+5HY7O/cbjXseSWi9Jn4UWJHK1BVoeXbCdqO6GrDCopZZAY MpdukiMiSGC2KerW3V33sruQuQgfmxrA3fY4VL/tWsttgBT+h+2SEsdmL7Db+jttdd4KGDBiBSVs cqjJmtjwiuIyPPHFPA7YsYcUz3xbxQy6TLNvKgd48s+GCgYrkULruytlTuJLdG2OqToZyBk/ja/Q RBJN87wgP4kqd0zfuhisQANNqZhocjr22WgbFBAAIfkEABEAjQAsAACaAFgBFwAHCP8A/wkcSLCg wYMIEypcyLBhQwAOCUKMSLGixYsYM2rcyLGjx48gNU6kODKkyZMoU6pcybKly5cwY8qcmdGezZs4 c+q0R7Onz59AW+4cSrSo0aNIdwZdyrEkQqcYnZaE2lQlVYxJs2ot2vIqTK8WR4IlWRDqWIdSJSY8 q1YgW4Nv38IdKFfm1pxMH36si5Yh36dl21Z1ezFuVLoC7yq+KxIARMd0If+T7HjiY4mVI1smPNmt ZM2epVLO3Jlz6M6ZP5NGXPoxacuQK5sdvZkw7M+TX6POrXo1b95icZ9+3ftyadOuVbPOO3Cxzdpp d9uOLl365rHGAYs9PhUxdO5tr3v/Pw5+Ofjt2btPtz3edPnq6pG3Zy84vfx/zvMfFcn5tnj69QF3 2YC5HSQbeZrZV51838nWHYHokbedeRGyNyGD8yl4H2oHRrZchZ7NBWBtCDKXUYOs2WfWfBZyF192 H5YH43n9ldiiihJSGGCEF9I44nvvzViWhjDOCCKJf5loYI0T4hjYj0DmCGCMF65I338INjnei4L5 uFuPR3rJJZSBVSkllz0quVeNwPVHmYitKefmbKMNGVuMcBHY2mlP7nnlne79Jmib/mH2JpQdetik cKvRBhqYqTVqHnP5RZRkUJeqaZWmbOnn6ad46aXpQpmOCpJvJnYK6qqsturqq7DGPyrrrLTWupip uOaq66689urrr8BSauuwxBZr7LHIJmtUsMw266yuykYr7bTUVmstT89mq+223JrERbfghktTQAAh +QQAEQCNACwAALAAWAEXAAcI2AD/CRxIsKDBgwgTKjzIZaHDhxAjSpxIsaLFixgzaty40J7HjyBD ihxJsqTJkyhTqlzJsqXLlzBjypxJs6bNmzhz6tzJs6fPn0BlchxKtKjRo0iTKl3KtKnTp1CjSp26 sUPUoFizat3KtavXr2DDih1LtqzZs2jTql37larbt3Djyp0bka3du3jz6t3Lt69fvXQDCx5MuHDG v4gTK17MuLHjx1oNS55MubJcyJgzP36mubPnz2Utix5NurRG0KhTq/ZourXr169Xy54NGbbt27hz 697Nu/fDgAAh+QQAEQCNACwAAMYAWAEXAAcI/wD/CRxIsKDBgwgTKlzIsKHDhxAjSpxIsaLFixgz TrTHsaPHjyDtaRxpMaTJkyhTqlzJsqXLlzBjypxJsyXGDzg/kByo0yBOgj13Ch1KtKjRo0gR0vwX lGhTnk2fSqxJtarVq1izat1qVWpUpmB19sw5lulPs2d5ghU4NidbtW/R/uNKt67du3jzUvUK1Czb smrTAi4oNnDfoIjXCtTLuLHjx44t8jUcV3HYvpbhlv16uXDmpKBDix5NOiHNyW8T/yVreTDmzmQ3 X/67GLLt27hz50U9WzFv13A7HyzsWa3u48iT2774FHFx1akxS21d3Hfw66Wza9/OvTRruc+Buv9t DZWw+NWcfaftzr69+/fw48ufT7/+waX2Hyrfz78/8vwABijgRv7NNOCBCCY4UIEGKlgQAA4OCOFQ E1bEoEwAZFjhgw5puGGHGlb0oUAjLuRhiQZBiCJBIV60YocpKnTiPy+S2NCMNTLkn0UVlpgjjSJm 5GNEP8bIUJEmukgkh0nCaGOEFA40YYshqkhihk9KqaWHTD6IJY1YfsklkGBOKeaXZbKYYpVbptkj k2O+meaVKoZpp5Rn5qnmmFqqOaebYZLZYpZ8UglklUhmR9ObjOJJKJ2Pyplln4c+aaWNl1Ya6UFx tokpmaB+OKWnmpYaqqWnNsqhpGWOqiqhI0qR+mqdqAK5o4hUcikrpZ/2CuqvmwqaaquZ4hhrl8Wa mmmfcl5qLKWjHqorqaRuKCqxv7JaKLTYNjtpfIt2+ei41Z7Ka7Cutnntt1f6yW2j1gIrLKrRemlu uu4u62u8e4q7K7mvjjvqrRStW+q/5bIKrKr4Vjorr/y+q664zHJL7sH0JhyjtqtSi/DHw9aaKGkB AQAh+QQAEQCNACwAANwAWAEXAAcI/wD/CRxIsKDBfwAKJhSYcCHCgQ4dMnw4MaLCixUnPrTYECLF jxJDYtzosSNBiR5BplRZMuVCkyQzXrS4UmZMjSxzcmyp8eXBn0CDCh36z57Ro0iTKrWHEiGAiDCd vnwK9WlOiFQZWqXok6pPqVi1TkXpdaxZrjRPWk0bcmtWrVx7unUpMq3UtWKxTv14dyXNt38nLh1M uLDhw4gJE13MuHHQpo4jQz44ObLly5gza/6ZuLPnw5tDi2ZcefRIoaVNq17NurXrgZ+Tvp5Nu7bt 27gPxt7Nu3fu38CDCx9esLdxxMST326aWnlN58+jQ19s3OvP5mKxU976GzvZ7HqjNv98i9quY+3d T0pXL/C4e8WYzeN8HBr9au8Yd7K32Zy7/dPTiTQfZdPp1ttfbuE11oAckUdgX3mBRZJ1EZoEWIJV CajSdzwNaJCFFfYUIV8SUkhhiSWRd2GGao3nH4ZFvSejjPrdNJdcX9kIVI7ipYgTTON9qNNVbIXY IYlCdsWTkgB2COSGTvJVo4bmwTTjlceZaF2RDELpoUtHThllW3hl96RfDtp0k5TcxeWighNyGJ6X OopJZplS+gWeQ1jOmJmcP+qpnpjXBUrlkITquN+hhda1X6ETzmSjXXaOaelzlOpZY4GwHTjSmVfV CWZ+YUbJH6Ka1iRfqat+emaVql7XKuqph2ZqaId9yvjnhy+yedaeo+rF0oo/qngjeE6NeKKILbII IWphSTisf7zi+eqL1laILVnXJshpp7wJ9x9R42pW7nDnfmtQrux2Fly69OUGr7zqitbucfXmq+++ /Pbr778AByxwa/PWdm6b0J438I4FI2lZwwC3GuDD60lK2qBDLfsgacylufFm3OKZcL6oqCYxdOX+ Ny5zI9/H8pePmhuzdhD/Vt1axna8IFgYVoUspTkLK+ybQnekpbMVwRgdYDEFzZ6cRmu7c9Q7P0si sXn5dG+fAQEAIfkEABEAjQAsAADyAFgBFwAHCP8A7QkcSLCgQXsAEv5LqPDfwoYOHTKU2HBixYkU AWTUuDAix40eIWLM2JHhR4waU6IUObLkxY8dI5IsGXNky5oyY9LkuJJnxZ0zH0LUOdOmQp7/Dipd yrSp06dQBZ70qBOmVapIaUrMmRIr1a9EtXL1ulVm16tTp5INGzKry61pc36FWfVhWbFpfd7terco WL5wHUYdTHiw3MOI68I1abZxYJxqGUcOG9ki3bqVjyo2CRhtyMQuLWKVfBmnWZRtNW/snJr1Yddi 7YKeTbu27du11cZ2vNc067hlAffWPRQ4Xq26e6+liFg45tdWOfNW/ncs9euNiRN1jru7d9CFCWr/ T371MVLjsC+jn74+rvD1y/tmXwt7O3vrz4dXf8yWv3Gc4QUoIEHfnbbZUEX9BJlRqinGm09HIQif ZKFBmJpjEdLFmF/BvYSffewpyOF2LBVnVFCiyVfgit4NyCJupc0W44s01mjjjTjmCN6APPZomI6v eTcjkEQWaeSRNvqo5JJKIenkk1BGmSSTVFZp5VJSZqnlllwmdeWXYDK54pBdQkkmWDme+WSYbLYZ 4Ia3qWkbglHKWd9pKYKmpnRyIunmn4A2lRxtfRJaaJowojldfx/KqCiXQfmk3WuSShjwhH6qJ9j7RmmdnY6StakMCkq EqKghrrnkX9dBqSNb002WJmmsjVkk6pS6EeqZUmWaquUkPpF622jsQolfDPOOiaRohZrbFMZikgf eSe+dCB4KvqI4rQaQvrhguKtKiC01+5HY7O/cbjXseSWi9Jn4UWJHK1BVoeXbCdqO6GrDCopZZAY MpdukiMiSGC2KerW3V33sruQuQgfmxrA3fY4VL/tWsttgBT+h+2SEsdmL7Db+jttdd4KGDBiBSVs cqjJmtjwiuIyPPHFPA7YsYcUz3xbxQy6TLNvKgd48s+GCgYrkULruytlTuJLdG2OqToZyBk/ja/Q RBJN87wgP4kqd0zfuhisQANNqZhocjr22WgbFBAAIfkEABEAjQAsAACaAFgBFwAHCP8A/wkcSLCg wYMIEypcyLBhQwAOCUKMSLGixYsYM2rcyLGjx48gNU6kODKkyZMoU6pcybKly5cwY8qcmdGezZs4 c+q0R7Onz59AW+4cSrSo0aNIdwZdyrEkQqcYnZaE2lQlVYxJs2ot2vIqTK8WR4IlWRDqWIdSJSY8 q1YgW4Nv38IdKFfm1pxMH36si5Yh36dl21Z1ezFuVLoC7yq+KxIARMd0If+T7HjiY4mVI1smPNmt ZM2epVLO3Jlz6M6ZP5NGXPoxacuQK5sdvZkw7M+TX6POrXo1b95icZ9+3ftyadOuVbPOO3Cxzdpp d9uOLl365rHGAYs9PhUxdO5tr3v/Pw5+Ofjt2btPtz3edPnq6pG3Zy84vfx/zvMfFcn5tnj69QF3 2YC5HSQbeZrZV51838nWHYHokbedeRGyNyGD8yl4H2oHRrZchZ7NBWBtCDKXUYOs2WfWfBZyF192 H5YH43n9ldiiihJSGGCEF9I44nvvzViWhjDOCCKJf5loYI0T4hjYj0DmCGCMF65I338INjnei4L5 uFuPR3rJJZSBVSkllz0quVeNwPVHmYitKefmbKMNGVuMcBHY2mlP7nnlne79Jmib/mH2JpQdetik cKvRBhqYqTVqHnP5RZRkUJeqaZWmbOnn6ad46aXpQpmOCpJvJnYK6qqsturqq7DGPyrrrLTWupip uOaq66689urrr8BSauuwxBZr7LHIJmtUsMw266yuykYr7bTUVmstT89mq+223JrERbfghktTQAAh +QQAEQCNACwAALAAWAEXAAcI2AD/CRxIsKDBgwgTKjzIZaHDhxAjSpxIsaLFixgzaty40J7HjyBD ihxJsqTJkyhTqlzJsqXLlzBjypxJs6bNmzhz6tzJs6fPn0BlchxKtKjRo0iTKl3KtKnTp1CjSp26 sUPUoFizat3KtavXr2DDih1LtqzZs2jTql37larbt3Djyp0bka3du3jz6t3Lt69fvXQDCx5MuHDG v4gTK17MuLHjx1oNS55MubJcyJgzP36mubPnz2Utix5NurRG0KhTq/ZourXr169Xy54NGbbt27hz 697Nu/fDgAAh+QQAEQCNACwAAMYAWAEXAAcI/wD/CRxIsKDBgwgTKlzIsKHDhxAjSpxIsaLFixgz TrTHsaPHjyDtaRxpMaTJkyhTqlzJsqXLlzBjypxJsyXGDzg/kByo0yBOgj13Ch1KtKjRo0gR0vwX lGhTnk2fSqxJtarVq1izat1qVWpUpmB19sw5lulPs2d5ghU4NidbtW/R/uNKt67du3jzUvUK1Czb smrTAi4oNnDfoIjXCtTLuLHjx44t8jUcV3HYvpbhlv16uXDmpKBDix5NOiHNyW8T/yVreTDmzmQ3 X/67GLLt27hz50U9WzFv13A7HyzsWa3u48iT2774FHFx1akxS21d3Hfw66Wza9/OvTRruc+Buv9t DZWw+NWcfaftzr69+/fw48ufT7/+waX2Hyrfz78/8vwABijgRv7NNOCBCCY4UIEGKlgQAA4OCOFQ E1bEoEwAZFjhgw5puGGHGlb0oUAjLuRhiQZBiCJBIV60YocpKnTiPy+S2NCMNTLkn0UVlpgjjSJm 5GNEP8bIUJEmukgkh0nCaGOEFA40YYshqkhihk9KqaWHTD6IJY1YfsklkGBOKeaXZbKYYpVbptkj k2O+meaVKoZpp5Rn5qnmmFqqOaebYZLZYpZ8UglklUhmR9ObjOJJKJ2Pyplln4c+aaWNl1Ya6UFx tokpmaB+OKWnmpYaqqWnNsqhpGWOqiqhI0qR+mqdqAK5o4hUcikrpZ/2CuqvmwqaaquZ4hhrl8Wa mmmfcl5qLKWjHqorqaRuKCqxv7JaKLTYNjtpfIt2+ei41Z7Ka7Cutnntt1f6yW2j1gIrLKrRemlu uu4u62u8e4q7K7mvjjvqrRStW+q/5bIKrKr4Vjorr/y+q664zHJL7sH0JhyjtqtSi/DHw9aaKGkB AQAh+QQAEQCNACwAANwAWAEXAAcI/wD/CRxIsKDBfwAKJhSYcCHCgQ4dMnw4MaLCixUnPrTYECLF jxJDYtzosSNBiR5BplRZMuVCkyQzXrS4UmZMjSxzcmyp8eXBn0CDCh36z57Ro0iTKrWHEiGAiDCd vnwK9WlOiFQZWqXok6pPqVi1TkXpdaxZrjRPWk0bcmtWrVx7unUpMq3UtWKxTv14dyXNt38nLh1M uLDhw4gJE13MuHHQpo4jQz44ObLly5gza/6ZuLPnw5tDi2ZcefRIoaVNq17NurXrgZ+Tvp5Nu7bt 27gPxt7Nu3fu38CDCx9esLdxxMST326aWnlN58+jQ19s3OvP5mKxU976GzvZ7HqjNv98i9quY+3d T0pXL/C4e8WYzeN8HBr9au8Yd7K32Zy7/dPTiTQfZdPp1ttfbuE11oAckUdgX3mBRZJ1EZoEWIJV CajSdzwNaJCFFfYUIV8SUkhhiSWRd2GGao3nH4ZFvSejjPrdNJdcX9kIVI7ipYgTTON9qNNVbIXY IYlCdsWTkgB2COSGTvJVo4bmwTTjlceZaF2RDELpoUtHThllW3hl96RfDtp0k5TcxeWighNyGJ6X OopJZplS+gWeQ1jOmJmcP+qpnpjXBUrlkITquN+hhda1X6ETzmSjXXaOaelzlOpZY4GwHTjSmVfV CWZ+YUbJH6Ka1iRfqat+emaVql7XKuqph2ZqaId9yvjnhy+yedaeo+rF0oo/qngjeE6NeKKILbII IWphSTisf7zi+eqL1laILVnXJshpp7wJ9x9R42pW7nDnfmtQrux2Fly69OUGr7zqitbucfXmq+++ /Pbr778AByxwa/PWdm6b0J438I4FI2lZwwC3GuDD60lK2qBDLfsgacylufFm3OKZcL6oqCYxdOX+ Ny5zI9/H8pePmhuzdhD/Vt1axna8IFgYVoUspTkLK+ybQnekpbMVwRgdYDEFzZ6cRmu7c9Q7P0si sXn5dG+fAQEAIfkEABEAjQAsAADyAFgBFwAHCP8A7QkcSLCgQXsAEv5LqPDfwoYOHTKU2HBixYkU AWTUuDAix40eIWLM2JHhR4waU6IUObLkxY8dI5IsGXNky5oyY9LkuJJnxZ0zH0LUOdOmQp7/Dipd yrSp06dQBZ70qBOmVapIaUrMmRIr1a9EtXL1ulVm16tTp5INGzKry61pc36FWfVhWbFpfd7terco WL5wHUYdTHiw3MOI68I1abZxYJxqGUcOG9ki3bqVjyo2CRhtyMQuLWKVfBmnWZRtNW/snJr1Yddi 7YKeTbu27du11cZ2vNc067hlAffWPRQ4Xq26e6+liFg45tdWOfNW/ncs9euNiRN1jru7d9CFCWr/ T371MVLjsC+jn74+rvD1y/tmXwt7O3vrz4dXf8yWv3Gc4QUoIEHfnbbZUEX9BJlRqinGm09HIQif ZKFBmJpjEdLFmF/BvYSffewpyOF2LBVnVFCiyVfgit4NyCJupc0W44s01mjjjTjmCN6APPZomI6v eTcjkEQWaeSRNvqo5JJKIenkk1BGmSSTVFZp5VJSZqnlllwmdeWXYDK54pBdQkkmWDme+WSYbLYZ 4Ia3qWkbglHKWd9pKYKmpnRyIunmn4A2lRxtfRJaaJowojldfx/KqCiXgUYqqVT0IZfhSSUGNdeF fDFIUqZCWbjpTpc2KqpQqHZa3IV+qaRSjpPG0Ppne245yJ+tvo2mn3n+5YdhYNqx+tuD6u13nIK1 0ijrsmFuCJ9ypLVmnVudkZbieRTeCixQ12kY6ntowjletrneyOy5Vnrba3XEcbfasPKpex5+3J3F ra3eqktdsL5CqyKL6Aa8pL71PXtcuL62F1zC/U3GL2X98isxw+U+aCxHAmfMo3p5pjqXZZjqW1PH npaLWof0okxetiU3GOrFI2aVrIPBamxzeGU6mvPORR6K2M1AR8UzV3QObTSLPv8c9NJMN+3001BH LfXUVFdtZUAAIfkEABEAjQAsAAAIAVgBFwAHCNgA7QkcSLCgwYMIEypcyLChw4cQI0qcSLGixYsY M2rcyLGjx48gQ4ocSdLiv5MoU6pcybKly5cwY8qcSbOmzZs4c+p0WWKnz59AXZYcSrSo0aNIk1IM yrSp06dQo0qdSrUqSqVYs2rdyrWr169gw4odS7as2bNo0xq0yrat27dw48rNqbau3bt4Hc7dy7ev 37+AAwseTLiwYaB5EytezLix48eQI0ueTLmy5cuYM2vezPns4c+gQ4seTbq06dOjO6terRi169ew Y8ueTbs201MxWevevfUUw4AAIfkEABEAjQAsAAAeAVgBFwAHCP8A7QkcSLCgwYMIEypcyLChw4cQ I0qcSLGixYsYMxo8xfCfx48gQ4ocSbKkyZMoU6pcybKly5cwY8qcSbPmyFM2c+rcybOnz59Agwr1 iHOo0aNIkypdyvRl0aZQo0qdSrVqyKcjLVrdyrVrV40ROSL0Sras2bNctYrM95KtWbdT88FVKXck 27lM8TIFq5Gm3Lp6UwYWOphk4aSHDZe8KzUxWp5a8Tq2u3TyR8uEXRZmHBUzUL6gJeq9W9fjX7in /6EOuVr1X9MgGY8G/Np1aducVa8tnVr3Zd1ue/eO/Vq478vDgR+HXZvz8Oa3mZtuPv12bdvVUUfP zrx06O8OZ///npsb9nLzysfHdr2W9W/1688vJz+f/Xn67utvN0+/vH3gwa2H327oKTegdO8h2N54 q4FXkUyjCSjhhO0FCJ+C8SXYn3uBHVhebpJl+N6GlOl3H4UkFpjhhgemV6B/Cboo32OK5dddapJt 5luKMhKnIYXTLWYhhiCydlqEJpbIoo0uHhmcdgviBpiUT/JWJXRRyujZWUhiqCKMCPII5ogx+jcm kUmeaNKQPZKpXogX6hjjcRF2ySOTac5IY4ll5rljjWlOuRh6d7LJIYpFiojknW6yZyaKiopIp4Qp iimppVuphWN8zxU354vXedphdFZa5+mXpqaqJXT70Ukdn6LeW2cccqVWl+WsndKmXa278baegxSh teWeXQ1L7LFeGYtsVcou6+yz0EYrLVRqTWutUsBmq+22CeF5rbc8NYstt+SWu9BMrUnqF6E1edYl ra2eZChK4gIK7rdRBQQAIfkEABEAjQAsAAA0AVgBFwAHCP8A/wkcSLCgQYH5BiYsuPCgw4cKEUaE SHFiRYkMDebbuPFixn8NPYb0WHGkRZIoU6pcybKlQHswY8qcSdMeyJMuL5rMufOhyZ8Ee/rEmJOn w4U1kypdyrSp06dQoz51yTGh1Y43QWINypHowqo3wVrV2rDqz45gyZbtWpYozq9dw25FGFchW6xw 82qMG/LqXLdFAwseTJEA4aN2I4492Ffi149tty4GPLKtYsg4s15WbDmz5siaQwcd3Vi058OoU6t+ KVXmZ9Km3T5+PPp149JvT052XLs3782UGVsci/vjb4w9kbZezry58+czjcrO+let5Ny2YWe+Pr1y ZY0Zb/vwjt15sWSgwKkjXs2+vXuSncOO32ke83H5p2mH3o0fsOjdABrXG2i6CRhgbAi+p+CCqsV3 YIH4fZcdcNUhV6CEQu3X3XzCeaUhdsfhxeCIJI6IFmx1cSUicmwldmCLKnJF13knWshQWjPqZ9pf 5cml1140foZeiUQWaaR7GR6p5JJMNulkgyk+KeWUVL4H3ZVYZqnlllx26eWXYIYp5phklmnmmWim qeaabLbp5ptwxinnnHTWaeedeOap55589unnn4AGymeVhBZq6KFLCqrooow26qic2Twq6aSUVmrp pVIhqummnHZaFKaghirqUwEBACH5BAARAI0ALAAASgFYARcABwjUAO0JHEiwoMGDCBMqXMiwocOH ECNKnEixosWLGDNq3Mixo8ePIEOKHEnS4r+TKFOqXMmypcuXMGPKnEmzps2bOHPq3Mmzp0+cJYMK HUq0qNGjFH8qXcq0qdOnUKNKnYoSqdWrWLNq3YqQqtevYMOKHUs2J9ezaNOqXcu2rdu3cN+WnUu3 rt27ePPq3cu3r1+fcQMLHkx44t/DiBMrXsy4sePHkCNLhnxmsuXLmDNrjlq4s+fPoEOLHk26tOnT qD1vXs26tevXsGPLnk27tu3buHP3DAgAIfkEAGnrjQAsAABgAVgBFwAHCN0A/wkcSLCgwYMIEypc yLChw4cQI0qcSLGixYsYM2rcyLGjx48gQ4ocSbKkyZMoU6pcyVKlvZcwY8qcSbOmzZs4c+rcybOn z59AgwodSrSoUaAtkypdyrSp06dQo0qdSrWq1atYs2o1eLSr169gw4odS7asWZhb06pdy7at27dw 4w48S7eu3bt48+rdy7ev37+AAwseTLiw4cN75SpezLix48eQ2SKeTLkyX12TI2vePFKXVcugQ4sO i3m06dOoU78srbq169eCWcOeTbs2Wdm2c+ve/RN3YM7AgwMPCAAh+QQADACNACwAAAAAWAF8AQcI /wD/CRxIsKDBgwgTKlzIsKHDhxAjSpxIsaLFixgzatzIsaPHjyBDihxJ0qK9kyhTqlzJsqXLlzBj ypxJs6bNmzhz6tzJs2fMID6DCh1KtKjRo0iTKl3KtKnTp1CjSp1KtKTVq1izat3KlSLVr2DDih1L tqzZs2jTql3LVimNtnDjIu1Kt67du3jz6t3Lt6/fvxnlCh5MuDBOwIgTK17MuLHjx5AjS55MufLf pn4Ma97MubPnz6BDix5NurRRy6hTq17NurVr1aZjy54987Xt27hz697Nu7fv38CDCx9OvLjx48gZ 6kvO3Crt59CjS59OvXPz69hBVt/Ovbv37+B5Zv8fT768+fPo06tfz7698/Dw40t1T7++/fu85etn WmG///8ABijggE/hZ2BxBCao4IIMNsjSgRAG5+CEAkZo4YUYZqjhhhx26KFiFIYo4ogkyvbhiZKV qOKKLLbo4oswxoTijI7FaCNpNOYI4o08fqbjj0BWhEOQRBb5YY9Icmbkkkw26eST+CUpZWFQVhnS lPLxg+WWXB5m5ZdghinmmGSWaeaZ13WpJk6vKIXmmwmtKSdZcNZZ0Jx45qnnnnz26eefgAbKlJ2E FkqooIj6ZGidiTbq6KNNLQonpJRWaulOkr556aacdurpp6B2mumopJZq6qmosheqpamGueqrsMb/ KiuSrYI5a6O15qrrrrwCd2unSPw6Z69OCmvssS8S2ySyfyrr7LPQRnsZs31Ka+21vyHaRRfUclZI bNtuGx4A3ZoVLrfbkTtanV0UWu6e2Or4rp7YQRHvvZnOq++++uE7I78AByzwwAQXbPDBCIvl78IM T5YwrQ13+HCPEVdsMWAT83jxxhx3PGrGIIcssrEeWzhysiVDePLKLLdMacoquyzzzDTjCfPNOOe8 ZM0i6mwfzT7wLHRNPtc39NFIP1j00v8AAADT7Tn9NNTrST21zxNKnTSD6m7tdb9Uq/f12GSXbfaA OnQX9tpst+22x2fHFU/cdO9kztdvl1f3ftDK/5L33xLtDTbgaQpuOMEMO0P44ow37vjjkEcueUOH wzc5cZVnrvnmnGN5+ee7ds4d6KS3KvrpwpaeLerTqe4b6627LvvstNf+OuzR2a47mrj37vvvwAcv vOi7F68bE8ZXOfzyiTY2RvIOEQwF89RXbz2A0EsWA0K3wnF92dmHX+z35Jffsvjop69+Qj2gUYqqVT0IZfhSSUGNdeF fDFIUqZCWbjpTpc2KqpQqHZa3IV+qaRSjpPG0Ppne245yJ+tvo2mn3n+5YdhYNqx+tuD6u13nIK1 0ijrsmFuCJ9ypLVmnVudkZbieRTeCixQ12kY6ntowjletrneyOy5Vnrba3XEcbfasPKpex5+3J3F ra3eqktdsL5CqyKL6Aa8pL71PXtcuL62F1zC/U3GL2X98isxw+U+aCxHAmfMo3p5pjqXZZjqW1PH npaLWof0okxetiU3GOrFI2aVrIPBamxzeGU6mvPORR6K2M1AR8UzV3QObTSLPv8c9NJMN+3001BH LfXUVFdtZUAAIfkEABEAjQAsAAAIAVgBFwAHCNgA7QkcSLCgwYMIEypcyLChw4cQI0qcSLGixYsY M2rcyLGjx48gQ4ocSdLiv5MoU6pcybKly5cwY8qcSbOmzZs4c+p0WWKnz59AXZYcSrSo0aNIk1IM yrSp06dQo0qdSrUqSqVYs2rdyrWr169gw4odS7as2bNo0xq0yrat27dw48rNqbau3bt4Hc7dy7ev 37+AAwseTLiwYaB5EytezLix48eQI0ueTLmy5cuYM2vezPns4c+gQ4seTbq06dOjO6terRi169ew Y8ueTbs201MxWevevfUUw4AAIfkEABEAjQAsAAAeAVgBFwAHCP8A7QkcSLCgwYMIEypcyLChw4cQ I0qcSLGixYsYMxo8xfCfx48gQ4ocSbKkyZMoU6pcybKly5cwY8qcSbPmyFM2c+rcybOnz59Agwr1 iHOo0aNIkypdyvRl0aZQo0qdSrVqyKcjLVrdyrVrV40ROSL0Sras2bNctYrM95KtWbdT88FVKXck 27lM8TIFq5Gm3Lp6UwYWOphk4aSHDZe8KzUxWp5a8Tq2u3TyR8uEXRZmHBUzUL6gJeq9W9fjX7in /6EOuVr1X9MgGY8G/Np1aducVa8tnVr3Zd1ue/eO/Vq478vDgR+HXZvz8Oa3mZtuPv12bdvVUUfP zrx06O8OZ///npsb9nLzysfHdr2W9W/1688vJz+f/Xn67utvN0+/vH3gwa2H327oKTegdO8h2N54 q4FXkUyjCSjhhO0FCJ+C8SXYn3uBHVhebpJl+N6GlOl3H4UkFpjhhgemV6B/Cboo32OK5dddapJt 5luKMhKnIYXTLWYhhiCydlqEJpbIoo0uHhmcdgviBpiUT/JWJXRRyujZWUhiqCKMCPII5ogx+jcm kUmeaNKQPZKpXogX6hjjcRF2ySOTac5IY4ll5rljjWlOuRh6d7LJIYpFiojknW6yZyaKiopIp4Qp iimppVuphWN8zxU354vXedphdFZa5+mXpqaqJXT70Ukdn6LeW2cccqVWl+WsndKmXa278baegxSh teWeXQ1L7LFeGYtsVcou6+yz0EYrLVRqTWutUsBmq+22CeF5rbc8NYstt+SWu9BMrUnqF6E1edYl ra2eZChK4gIK7rdRBQQAIfkEABEAjQAsAAA0AVgBFwAHCP8A/wkcSLCgQYH5BiYsuPCgw4cKEUaE SHFiRYkMDebbuPFixn8NPYb0WHGkRZIoU6pcybKlQHswY8qcSdMeyJMuL5rMufOhyZ8Ee/rEmJOn w4U1kypdyrSp06dQoz51yTGh1Y43QWINypHowqo3wVrV2rDqz45gyZbtWpYozq9dw25FGFchW6xw 82qMG/LqXLdFAwseTJEA4aN2I4492Ffi149tty4GPLKtYsg4s15WbDmz5siaQwcd3Vi058OoU6t+ KVXmZ9Km3T5+PPp149JvT052XLs3782UGVsci/vjb4w9kbZezry58+czjcrO+let5Ny2YWe+Pr1y ZY0Zb/vwjt15sWSgwKkjXs2+vXuSncOO32ke83H5p2mH3o0fsOjdABrXG2i6CRhgbAi+p+CCqsV3 YIH4fZcdcNUhV6CEQu3X3XzCeaUhdsfhxeCIJI6IFmx1cSUicmwldmCLKnJF13knWshQWjPqZ9pf 5cml1140foZeiUQWaaR7GR6p5JJMNulkgyk+KeWUVL4H3ZVYZqnlllx26eWXYIYp5phklmnmmWim qeaabLbp5ptwxinnnHTWaeedeOap55589unnn4AGymeVhBZq6KFLCqrooow26qic2Twq6aSUVmrp pVIhqummnHZaFKaghirqUwEBACH5BAARAI0ALAAASgFYARcABwjUAO0JHEiwoMGDCBMqXMiwocOH ECNKnEixosWLGDNq3Mixo8ePIEOKHEnS4r+TKFOqXMmypcuXMGPKnEmzps2bOHPq3Mmzp0+cJYMK HUq0qNGjFH8qXcq0qdOnUKNKnYoSqdWrWLNq3YqQqtevYMOKHUs2J9ezaNOqXcu2rdu3cN+WnUu3 rt27ePPq3cu3r1+fcQMLHkx44t/DiBMrXsy4sePHkCNLhnxmsuXLmDNrjlq4s+fPoEOLHk26tOnT qD1vXs26tevXsGPLnk27tu3buHP3DAgAIfkEAGnrjQAsAABgAVgBFwAHCN0A/wkcSLCgwYMIEypc yLChw4cQI0qcSLGixYsYM2rcyLGjx48gQ4ocSbKkyZMoU6pcyVKlvZcwY8qcSbOmzZs4c+rcybOn z59AgwodSrSoUaAtkypdyrSp06dQo0qdSrWq1atYs2o1eLSr169gw4odS7asWZhb06pdy7at27dw 4w48S7eu3bt48+rdy7ev37+AAwseTLiw4cN75SpezLix48eQ2SKeTLkyX12TI2vePFKXVcugQ4sO i3m06dOoU78srbq169eCWcOeTbs2Wdm2c+ve/RN3YM7AgwMPCAAh+QQADACNACwAAAAAWAF8AQcI /wD/CRxIsKDBgwgTKlzIsKHDhxAjSpxIsaLFixgzatzIsaPHjyBDihxJ0qK9kyhTqlzJsqXLlzBj ypxJs6bNmzhz6tzJs2fMID6DCh1KtKjRo0iTKl3KtKnTp1CjSp1KtKTVq1izat3KlSLVr2DDih1L tqzZs2jTql3LVimNtnDjIu1Kt67du3jz6t3Lt6/fvxnlCh5MuDBOwIgTK17MuLHjx5AjS55MufLf pn4Ma97MubPnz6BDix5NurRRy6hTq17NurVr1aZjy54987Xt27hz697Nu7fv38CDCx9OvLjx48gZ 6kvO3Crt59CjS59OvXPz69hBVt/Ovbv37+B5Zv8fT768+fPo06tfz7698/Dw40t1T7++/fu85etn WmG///8ABijggE/hZ2BxBCao4IIMNsjSgRAG5+CEAkZo4YUYZqjhhhx26KFiFIYo4ogkyvbhiZKV qOKKLLbo4oswxoTijI7FaCNpNOYI4o08fqbjj0BWhEOQRBb5YY9Icmbkkkw26eST+CUpZWFQVhnS lPLxg+WWXB5m5ZdghinmmGSWaeaZ13WpJk6vKIXmmwmtKSdZcNZZ0Jx45qnnnnz26eefgAbKlJ2E FkqooIj6ZGidiTbq6KNNLQonpJRWaulOkr556aacdurpp6B2mumopJZq6qmosheqpamGueqrsMb/ KiuSrYI5a6O15qrrrrwCd2unSPw6Z69OCmvssS8S2ySyfyrr7LPQRnsZs31Ka+21vyHaRRfUclZI bNtuGx4A3ZoVLrfbkTtanV0UWu6e2Or4rp7YQRHvvZnOq++++uE7I78AByzwwAQXbPDBCIvl78IM T5YwrQ13+HCPEVdsMWAT83jxxhx3PGrGIIcssrEeWzhysiVDePLKLLdMacoquyzzzDTjCfPNOOe8 ZM0i6mwfzT7wLHRNPtc39NFIP1j00v8AAADT7Tn9NNTrST21zxNKnTSD6m7tdb9Uq/f12GSXbfaA OnQX9tpst+22x2fHFU/cdO9kztdvl1f3ftDK/5L33xLtDTbgaQpuOMEMO0P44ow37vjjkEcueUOH wzc5cZVnrvnmnGN5+ee7ds4d6KS3KvrpwpaeLerTqe4b6627LvvstNf+OuzR2a47mrj37vvvwAcv vOi7F68bE8ZXOfzyiTY2RvIOEQwF89RXbz2A0EsWA0K3wnF92dmHX+z35Jffsvjop69+Qj2s7/5r 1K8i2vv0H2n+ZvXnv+H9+OvfGP+a8d//AEglARrQQAQs4AERk8AGwmiBBXkBBNPjQMFMEGMVjMsF p5XBDvZsg33xYFtASMISjkmEKHSQCfWSQrWs8IXJaWFaYEhDBMnwhgGqoQ53yMMe+jB7ODTLD5Sz EsQiGvGISEyiEpc4lSFihYlQhI4TrxLFKppoiljMohatAo0t/suKYFyXFz2WB1sJRkthTKMamzjG j6zxjXCUTxvnuKM42hEudMyjHnFzxz6yZY+AzIsfhxJIjAxSKIW8yCGDwrQJqGqRkIykkhJJSa1I ElOVnMgldZLJMeagk6AMpShHiaFN5oSUlDPlTVDJkIAAACH5BAAMAI0ALAAAAABYAXwBBwj/AP8J HEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3Mixo8ePIEOKHEnSor2TKFOqXMmypcuXMGPKnEmz ps2bOHPq3Mmzp8+fQIMKHUq0qNGjSJPuLMm0qdOnUKNKnUq1qtWrWLNq3cq1q9evU5WKHUu2rNmz aHOCXcu2rdu3cOPKnUu3rt27ePPq3cu3r8a0gAMLHky4sOHDiBMrXuzTr+PHkCNLnkyZJOPLmDNr Rlu5s2fJm0OLHk26tOnTqFPL/My6tV7VsGPLBuy6tu24s3Pr3j30tu/fXnkLH95SBvHjyJMrX94z GvPFCZ5Ln146gXXq2LNfth5du/fvg7mD/x9Pvuz18ujTpwfOvr379/Djy59Pv779+xjV69/PE7// /wjxJ+CAM32UzoEIAqigX0ohiCCBEMq24IQUVmjhhRhmqOGGHIYV4YcRdijiZyCWOOCIKFJm4or6 pegiZCzGKOOMNOb24o191ajjdDj2mNeOQAYp5JBEFmnkkUhm5uOSdSXppGlMRinllFQy6UKVUT2p pWhYdrnVlmAq6eWYW0VB5plopvlYmGy26eabcMYp55x01qkYC0ipqWdJdvbp55+j7SnooIQWamhn gCYK1KGMNuroo5BGKilbilZq6aWYZqrpppx2GtukoIYqqkGelorSqAtawtVi+Jjq6quwxv+KHl9+ oFqbrJvaOimuvPY6p66S+ipscukMa+yxQgEbKbLMNuvss9IpK+20aEJr7bUEUqvttlOq9g62EnJb KLjklmvuuehCK+646YK57rvwdtiuu/HqOa9NRxiJyb1A1uvvvwAHLPDABBdscIX8Jqzwwgw3POTB VToscZKGTGzxxa5CTCXG/WosJcc7CjrOuyCXbPLJKKd8mMcfq7wiyzDH/KPLNNfsksw+2qzzzvbg 3CPPEPqMI9BEpyz00Uh3VfTSTDfNXNJQRy311FRXbfXVWGet9dZcdx2l0+p5LfbY/4C9Htn+ma22 wmi37fbbB3nA2trkwV0f3eMtWITdfPf/DTHe4Pkt+OCEywX44YgnTlvhjDfuuEIAPO4bAJGPpPhl lB8leVuUb25b5x1dHlrmorPo+emop6661y1wXfrrsMd+0+qeya4c7SEd8KXtvJuK+++h9n4c8JMJ b3yuxEd2vHDJN9/o8rw5n3Um0lffEPS7WZ8j9tx3T7T2fHkfLvgzi2/+m+S/dn5q6Ze//vvwN9w+ XvHXb//95s9/F/78B6n//0zq32ZAwgMAGvA9AkygAod1QMMt8IEgaiBuIEjBClrwZBKEywVXlkG3 bNAwHfTgBwkTwhKacFrSiYLoTshCBY2QhC2MoQxnSMMa2vAvw+rOn9yzghv68IdArN0LqAUTRA8N cXFFhMoRl8hEJyXxiVDkUBOnSEWVJGNGUXRKFcuSxaZs8YtgZBgVVthFPoXxjGhsURktg6QmJGyN bExjUeBIxyad0Quaq6NWHqDHPtLODSKSo1H8SMi1CHKOhdyIq77VqUQq8pC9cWRGIEnJSiZHkpjM JP0syUkQarIinQzlYD5JylKakkGiXMopV8nKVrYllbA8iyuvF0uczJIhtbTlLRUSEAA7 ------=_NextPart_000_000A_01C6F30D.9F5FD4E0-- s7/5r 1K8i2vv0H2n+ZvXnv+H9+OvfGP+a8d//AEglARrQQAQs4AERk8AGwmiBBXkBBNPjQMFMEGMVjMsF p5XBDvZsg33xYFtASMISjkmEKHSQCfWSQrWs8IXJaWFaYEhDBMnwhgGqoQ53yMMe+jB7ODTLD5Sz EsQiGvGISEyiEpc4lSFihYlQhI4TrxLFKppoiljMohatAo0t/suKYFyXFz2WB1sJRkthTKMamzjG j6zxjXCUTxvnuKM42hEudMyjHnFzxz6yZY+AzIsfhxJIjAxSKIW8yCGDwrQJqGqRkIykkhJJSa1I ElOVnMgldZLJMeagk6AMpShHiaFN5oSUlDPlTVDJkIAAACH5BAAMAI0ALAAAAABYAXwBBwj/AP8J HEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3Mixo8ePIEOKHEnSor2TKFOqXMmypcuXMGPKnEmz ps2bOHPq3Mmzp8+fQIMKHUq0qNGjSJPuLMm0qdOnUKNKnUq1qtWrWLNq3cq1q9evU5WKHUu2rNmz aHOCXcu2rdu3cOPKnUu3rt27ePPq3cu3r8a0gAMLHky4sOHDiBMrXuzTr+PHkCNLnkyZJOPLmDNr Rlu5s2fJm0OLHk26tOnTqFPL/My6tV7VsGPLBuy6tu24s3Pr3j30tu/fXnkLH95SBvHjyJMrX94z GvPFCZ5Ln146gXXq2LNfth5du/fvg7mD/x9Pvuz18ujTpwfOvr379/Djy59Pv779+xjV69/PE7// /wjxJ+CAM32UzoEIAqigX0ohiCCBEMq24IQUVmjhhRhmqOGGHIYV4YcRdijiZyCWOOCIKFJm4or6 pegiZCzGKOOMNOb24o191ajjdDj2mNeOQAYp5JBEFmnkkUhm5uOSdSXppGlMRinllFQy6UKVUT2p pWhYdrnVlmAq6eWYW0VB5plopvlYmGy26eabcMYp55x01qkYC0ipqWdJdvbp55+j7SnooIQWamhn gCYK1KGMNuroo5BGKilbilZq6aWYZqrpppx2GtukoIYqqkGelorSqAtawtVi+Jjq6quwxv+KHl9+ oFqbrJvaOimuvPY6p66S+ipscukMa+yxQgEbKbLMNuvss9IpK+20aEJr7bUEUqvttlOq9g62EnJb KLjklmvuuehCK+646YK57rvwdtiuu/HqOa9NRxiJyb1A1uvvvwAHLPDABBdscIX8Jqzwwgw3POTB VToscZKGTGzxxa5CTCXG/WosJcc7CjrOuyCXbPLJKKd8mMcfq7wiyzDH/KPLNNfsksw+2qzzzvbg 3CPPEPqMI9BEpyz00Uh3VfTSTDfNXNJQRy311FRXbfXVWGet9dZcdx2l0+p5LfbY/4C9Htn+ma22 wmi37fbbB3nA2trkwV0f3eMtWITdfPf/DTHe4Pkt+OCEywX44YgnTlvhjDfuuEIAPO4bAJGPpPhl lB8leVuUb25b5x1dHlrmorPo+emop6661y1wXfrrsMd+0+qeya4c7SEd8KXtvJuK+++h9n4c8JMJ b3yuxEd2vHDJN9/o8rw5n3Um0lffEPS7WZ8j9tx3T7T2fHkfLvgzi2/+m+S/dn5q6Ze//vvwN9w+ XvHXb//95s9/F/78B6n//0zq32ZAwgMAGvA9AkygAod1QMMt8IEgaiBuIEjBClrwZBKEywVXlkG3 bNAwHfTgBwkTwhKacFrSiYLoTshCBY2QhC2MoQxnSMMa2vAvw+rOn9yzghv68IdArN0LqAUTRA8N cXFFhMoRl8hEJyXxiVDkUBOnSEWVJGNGUXRKFcuSxaZs8YtgZBgVVthFPoXxjGhsURktg6QmJGyN bExjUeBIxyad0Quaq6NWHqDHPtLODSKSo1H8SMi1CHKOhdyIq77VqUQq8pC9cWRGIEnJSiZHkpjM JP0syUkQarIinQzlYD5JylKakkGiXMopV8nKVrYllbA8iyuvF0uczJIhtbTlLRUSEAA7 ------=_NextPart_000_000A_01C6F30D.9F5FD4E0-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Wed Oct 18 17:48:34 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GaJ4k-0001TS-C1 for capwap-archive@lists.ietf.org; Wed, 18 Oct 2006 17:35:46 -0400 Received: from mx1.tigertech.net ([64.62.209.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GaIXN-0003yh-MS for capwap-archive@lists.ietf.org; Wed, 18 Oct 2006 17:01:23 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by zoidberg.tigertech.net (Postfix) with ESMTP id 115333980BC for ; Wed, 18 Oct 2006 14:01:17 -0700 (PDT) Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32]) by fry.tigertech.net (Postfix) with ESMTP id 11C624A452F for ; Wed, 18 Oct 2006 14:01:04 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id EE427144801E for ; Wed, 18 Oct 2006 14:01:03 -0700 (PDT) Received: from elasmtp-dupuy.atl.sa.earthlink.net (elasmtp-dupuy.atl.sa.earthlink.net [209.86.89.62]) by hermes.tigertech.net (Postfix) with ESMTP id B6DCF1448012 for ; Wed, 18 Oct 2006 14:01:01 -0700 (PDT) Received: from [209.86.224.32] (helo=elwamui-cypress.atl.sa.earthlink.net) by elasmtp-dupuy.atl.sa.earthlink.net with asmtp (Exim 4.34) id 1GaIX7-00018W-GK; Wed, 18 Oct 2006 17:01:01 -0400 Received: from 75.32.19.206 by webmail.pas.earthlink.net with HTTP; Wed, 18 Oct 2006 17:01:01 -0400 Message-ID: <8107599.1161205261321.JavaMail.root@elwamui-cypress.atl.sa.earthlink.net> Date: Wed, 18 Oct 2006 14:01:01 -0700 (GMT-07:00) From: "Scott G. Kelly" To: NKA Mime-Version: 1.0 X-Mailer: EarthLink Zoo Mail 1.0 X-ELNK-Trace: 5b98cdd91c374dcd776432462e451d7bd15d05d9470ff710065bc7e3b880e54fd3f5e322389d646e350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 209.86.224.32 X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes X-Spam-Status: No, hits=0.0 tagged_above=-999.0 required=7.0 tests= X-Spam-Level: Cc: capwap@frascone.com Subject: Re: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list Reply-To: "Scott G. Kelly" List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: c1c65599517f9ac32519d043c37c5336 >[NKA] Even if a less-robust AC implementation ends up interpreting DTLS >message as a Discovery packet, do you think WTP (which unfortunately >has passed discovery state) will be able to carry on with its DTLS >session establishment and succeed ultimately? :-( I don't think so. (Imagine >this: WTP needs to successfully interpret Discovery response as HelloVerify >request, followed by which AC needs to interpret ClientHello (with cookie) as >Client Hello without Cookie, and so on). That's not the point, and this is minor compared to the real issue, which is below. >Folks, >I want to ask you this DTLS/discovery control packet question in a different >form. Suppose by accident (or due a bug), WTP happens to be in a FSM >state which is not same as that of AC. How would AC process the arrived >packet from the faulty WTP? It would go by its FSM state. Yes, but only in the absence of better information. If it's FSM state is RUN and it receives a discovery packet, though, going by its FSM state leads to an error condition. > The logic for this >is based on the fact that capwap header doesn't carry FSM state information >and both the involved entities process packets based on the assumption >that their FSM is in sync. Hence I conclude that discovery packets should >not be treated in any special fashion. The WTP may also be in in a different FSM state because it was restarted, either due to a crash, power failure, operator action, etc. - it does not (necessarily) imply some freak accident or bug. In this case the WTP will often need to go through discovery again before reconnecting to the AC. If the AC erroneously feeds these packets to its DTLS implementation, they will be rejected, and the WTP will get no response. This means failure recovery will not occur until the AC times out its DTLS session, and since these timeouts are frequently set as high as 30 seconds in the field, and since the WTP may exhaust its discovery timers and go into sulking state due to AC unresponsiveness, this has the potential to signficantly (and unfortunately, completely avoidably) exacerbate the outage. You could try to work around this by handing every packet that fails in the DTLS engine to some other code to see if it's a discovery packet, but in doing so you're adding complexity, and compounding the amount of per-packet work an adversary can make an AC do. >Having extra fields in the header or usage of seperate UDP ports will definitely >ease up the situation here, but we, at IETF, are here to define a specification >which is optimum in nature. Umm... you lost me. I don't see how adding non-determism to save a port (or a few header bytes) results in an optimal solution. Thanks, Scott _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Wed Oct 18 17:55:55 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GaJOF-0000Sd-2x for capwap-archive@lists.ietf.org; Wed, 18 Oct 2006 17:55:55 -0400 Received: from mx1.tigertech.net ([64.62.209.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GaJOB-0001nS-Th for capwap-archive@lists.ietf.org; Wed, 18 Oct 2006 17:55:54 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by zoidberg.tigertech.net (Postfix) with ESMTP id 670AE3980AF for ; Wed, 18 Oct 2006 14:55:51 -0700 (PDT) Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32]) by fry.tigertech.net (Postfix) with ESMTP id 72D144A452F for ; Wed, 18 Oct 2006 14:55:31 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 4BCCE144802F for ; Wed, 18 Oct 2006 14:55:31 -0700 (PDT) X-Greylist-Status: Sender first seen 1 mon 1 day 10:01:30 ago Received: from mx01.sinett.com (63-197-255-158.ded.pacbell.net [63.197.255.158]) by hermes.tigertech.net (Postfix) with ESMTP id BBBCD1448067 for ; Wed, 18 Oct 2006 14:55:25 -0700 (PDT) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Wed, 18 Oct 2006 14:55:24 -0700 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] need clarification on UDP ports Thread-Index: Acby9jFizmwKu5GOR6aIa0/YtftZygACZGvA From: "Abhijit Choudhury" To: "NKA" X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes X-Spam-Status: No, hits=0.1 tagged_above=-999.0 required=7.0 tests=FORGED_RCVD_HELO X-Spam-Level: Cc: capwap@frascone.com Subject: Re: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.1 (/) X-Scan-Signature: 0ddefe323dd869ab027dbfff7eff0465 On 10/18/06, Abhijit Choudhury wrote: > I think for data channel security, it will have > to be a binary decision for an AC/WTP pair, i.e. > if data channel encryption is enabled, it is for all data. > > For the control channel, I think to have a clean > solution (with deterministic behavior) we need either > a separate discovery port or a type header which allows > one to distinguish between discovery and dtls packets. > > Scott > > In a clean solution, the packet itself should have enough information > to clearly classify it as one of the four types of packets. We should > not have to depend on configuration lookups to check whether the > packet is supposed to be DTLS encrypted or not. [NKA] Good point. But remember that for this flag to be affective, it needs to appear before the DTLS header. Currently Capwap transport header comes after DTLS. If we take your suggestion, Capwap header will be in two part. One part will appear before DTLS header and second one will be after DTLS header. But didn't we recently decided to not go with Mux header approach? [Abhijit] That is exactly why I did not suggest a shim header or type field. Instead, I suggested separate UDP ports to indicate the type af packet. That way we don't need a separate header between UDP and DTLS headers. > > We have used this principle already in designing the CAPWAP header. > The T bit clearly identifies the payload as 802.3 or native format. > This could have been identified based on a config lookup since an AC > would typically handle 802.3 payload or native but rarely both. But we > chose to include this information the header itself to make the design > clean. > > The same idea should be used for distinguishing between > the four packet types. Having four distinct UDP ports is one option. > I'm sure there are others. > > Regards, > Abhijit > _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Wed Oct 18 18:30:55 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GaJ5A-0001VW-8P for capwap-archive@lists.ietf.org; Wed, 18 Oct 2006 17:36:12 -0400 Received: from mx2.tigertech.net ([64.62.209.32]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GaIHV-0002kf-6a for capwap-archive@lists.ietf.org; Wed, 18 Oct 2006 16:44:54 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by hermes.tigertech.net (Postfix) with ESMTP id 9881F1448086 for ; Wed, 18 Oct 2006 13:44:49 -0700 (PDT) Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32]) by fry.tigertech.net (Postfix) with ESMTP id C112B4A452F for ; Wed, 18 Oct 2006 13:44:28 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id AF3181448071 for ; Wed, 18 Oct 2006 13:44:28 -0700 (PDT) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.187]) by hermes.tigertech.net (Postfix) with ESMTP id 13DAB144806F for ; Wed, 18 Oct 2006 13:44:21 -0700 (PDT) Received: by nf-out-0910.google.com with SMTP id x30so947559nfb for ; Wed, 18 Oct 2006 13:44:20 -0700 (PDT) Received: by 10.82.101.3 with SMTP id y3mr2616729bub; Wed, 18 Oct 2006 13:44:20 -0700 (PDT) Received: by 10.82.118.16 with HTTP; Wed, 18 Oct 2006 13:44:20 -0700 (PDT) Message-ID: <369e612f0610181344q68b39067wc68a5df6bfa5777c@mail.gmail.com> Date: Thu, 19 Oct 2006 02:14:20 +0530 From: NKA To: "Abhijit Choudhury" In-Reply-To: MIME-Version: 1.0 Content-Disposition: inline References:

X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes X-Spam-Status: No, hits=0.4 tagged_above=-999.0 required=7.0 tests=DNS_FROM_RFC_ABUSE, RCVD_BY_IP, SPF_HELO_PASS, SPF_PASS X-Spam-Level: Cc: capwap@frascone.com Subject: Re: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 4adaf050708fb13be3316a9eee889caa On 10/18/06, Abhijit Choudhury wrote: > I think for data channel security, it will have > to be a binary decision for an AC/WTP pair, i.e. > if data channel encryption is enabled, it is for all data. > > For the control channel, I think to have a clean > solution (with deterministic behavior) we need either > a separate discovery port or a type header which allows > one to distinguish between discovery and dtls packets. > > Scott > > In a clean solution, the packet itself should have enough > information to clearly classify it as one of the four types > of packets. We should not have to depend on configuration > lookups to check whether the packet is supposed to be DTLS > encrypted or not. [NKA] Good point. But remember that for this flag to be affective, it needs to appear before the DTLS header. Currently Capwap transport header comes after DTLS. If we take your suggestion, Capwap header will be in two part. One part will appear before DTLS header and second one will be after DTLS header. But didn't we recently decided to not go with Mux header approach? > > We have used this principle already in designing the CAPWAP > header. The T bit clearly identifies the payload as 802.3 or > native format. This could have been identified based on a > config lookup since an AC would typically handle 802.3 payload > or native but rarely both. But we chose to include this information > the header itself to make the design clean. > > The same idea should be used for distinguishing between > the four packet types. Having four distinct UDP ports is one > option. I'm sure there are others. > > Regards, > Abhijit > _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Wed Oct 18 18:57:54 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GaJ69-0001d9-4d for capwap-archive@lists.ietf.org; Wed, 18 Oct 2006 17:37:13 -0400 Received: from mx2.tigertech.net ([64.62.209.32]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GaHu8-0007qC-Hn for capwap-archive@lists.ietf.org; Wed, 18 Oct 2006 16:20:46 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by hermes.tigertech.net (Postfix) with ESMTP id 016921448075 for ; Wed, 18 Oct 2006 13:20:30 -0700 (PDT) Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32]) by fry.tigertech.net (Postfix) with ESMTP id 2D07D4A452F for ; Wed, 18 Oct 2006 13:20:03 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 13BD2144804D for ; Wed, 18 Oct 2006 13:20:03 -0700 (PDT) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.191]) by hermes.tigertech.net (Postfix) with ESMTP id BA0151448012 for ; Wed, 18 Oct 2006 13:20:01 -0700 (PDT) Received: by nf-out-0910.google.com with SMTP id x30so939932nfb for ; Wed, 18 Oct 2006 13:20:00 -0700 (PDT) Received: by 10.82.118.2 with SMTP id q2mr2609711buc; Wed, 18 Oct 2006 13:19:59 -0700 (PDT) Received: by 10.82.118.16 with HTTP; Wed, 18 Oct 2006 13:19:59 -0700 (PDT) Message-ID: <369e612f0610181319r71288c9bi528eacd8607f4ef9@mail.gmail.com> Date: Thu, 19 Oct 2006 01:49:59 +0530 From: NKA To: "Scott G. Kelly" In-Reply-To: <21803909.1161118568342.JavaMail.root@elwamui-polski.atl.sa.earthlink.net> MIME-Version: 1.0 Content-Disposition: inline References: <21803909.1161118568342.JavaMail.root@elwamui-polski.atl.sa.earthlink.net> X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes X-Spam-Status: No, hits=0.4 tagged_above=-999.0 required=7.0 tests=DNS_FROM_RFC_ABUSE, RCVD_BY_IP, SPF_HELO_PASS, SPF_PASS X-Spam-Level: Cc: capwap@frascone.com, Abhijit@sinett.com Subject: Re: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 25eb6223a37c19d53ede858176b14339 Please go through my inline comments below. NKA On 10/18/06, Scott G. Kelly wrote: > Comments inline below... > > -----Original Message----- > >From: NKA NKA > >Sent: Oct 17, 2006 1:00 PM > >To: Abhijit@sinett.com, pcalhoun@cisco.com, dstanley1389@gmail.com, montemurro.michael@gmail.com > >Cc: capwap@frascone.com > >Subject: Re: [Capwap] need clarification on UDP ports > > > > ________________________________ > >From: Abhijit Choudhury [mailto:Abhijit@sinett.com] > >> Sent: Tue 10/17/2006 10:37 PM > >> To: Dorothy Stanley; Pat Calhoun (pacalhou); Michael Montemurro > >> Cc: capwap@frascone.com > >> Subject: [Capwap] need clarification on UDP ports > >> > >> > >> > >> Pat, Mike, Dorothy: > >> > >> I have a question based on v03 of the capwap spec. > >> In section 3.1, the spec mentions well-known UDP > >> ports for the CAPWAP control and data packets. > >> > >> There are four kinds of CAPWAP packets: > >> 1. DTLS protected control packets > >> 2. Unprotected control packets > >> 3. Unprotected data packets > >> 4. (Optional) DTLS protected data packets > >> > >> > >> Will there be 4 well-known UDP port numbers ? > > > >[NKA} As per my understanding, you don't need to have two seperate UDP ports > >for handling DTLS and Non-DTLS control packets. Following is the logic which > >I would use at AC: > > > > 1. If AC receives a UDP packet on its control port, and if it CAN'T > >find the session > > information corresponding to the sender WTP, then the arrived packet can > > be considered to be a discovery packet. > > > > In the above situation, for some reason, if WTP sent a DTLS packet, AC can > > continue to assume it to be a discovery packet. So it should feed the arrived > > DTLS packet to its discovery packet processing module. Ultimately the > > packet will get dropped by AC due to packet parsing error (chances of DTLS > > packet looking like a valid discovery packet is very very slim). > > Here are the first few words of the latest proposed capwap header, which would be at the head of the discovery message: > > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > |Version| RID | HLEN | WBID |T|F|L|W|M| Flags | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | Fragment ID | Frag Offset |Rsvd | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > > Here's the DTLS record header, which will be present after dtls negotiation starts: > > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-/ > | type | protocol version | epoch > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-/ > epoch, cont | (6 byte sequence #) > /-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > > The type will be from TLS; the ClientHello is 0x16, or 00010110 (other tls types of interest are similar), and the DTLS protocol version will be 0xFEFF, and any dtls version changes will just decrement the first version byte (FE, FD, FC, etc). This translates to the following bits: > > 1 6 F E F F > 0001 0110 1111 1110 1111 1111 > > Putting this into the capwap header: > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > |0 0 0 1|0 1 1 0 1|1 1 1 1 1|1 0 1 1 1|1 1 1 1 1 0 0 0 0 0 0 0 0| > |VERSION| RID | HLEN | WBID | Reserved | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > > or, > > VERSION..: 0001 > RID......: 01101 (13) > HLEN.....: 11111 (31) > WBID.....: 10111 (23) > > Today, we don't have WBID of 23, so a robust implementation should interpret this as an error, but I wouldn't say > chances of a DTLS packet looking like a discovery packet are really all that slim. It depends on several assumptions. [NKA] Even if a less-robust AC implementation ends up interpreting DTLS message as a Discovery packet, do you think WTP (which unfortunately has passed discovery state) will be able to carry on with its DTLS session establishment and succeed ultimately? :-( I don't think so. (Imagine this: WTP needs to successfully interpret Discovery response as HelloVerify request, followed by which AC needs to interpret ClientHello (with cookie) as Client Hello without Cookie, and so on). Folks, I want to ask you this DTLS/discovery control packet question in a different form. Suppose by accident (or due a bug), WTP happens to be in a FSM state which is not same as that of AC. How would AC process the arrived packet from the faulty WTP? It would go by its FSM state. The logic for this is based on the fact that capwap header doesn't carry FSM state information and both the involved entities process packets based on the assumption that their FSM is in sync. Hence I conclude that discovery packets should not be treated in any special fashion. Having extra fields in the header or usage of seperate UDP ports will definitely ease up the situation here, but we, at IETF, are here to define a specification which is optimum in nature. > > >After a few trial, > > WTP will reboot and ultimately get in sync with AC's State machine. > > 2. If AC receives a UDP packet on its control port, and if it CAN > >find the session > > information corresponding to the sender, then the arrived packet can be > > considered as a DTLS packet. So AC should feed such packets to DTLS module > > directly. > > .. unless it's as discovery packet from a WTP that reset and no longer has the DTLS session context. Eventually, that session will timeout, but how long this takes depends on the configured echo interval. If it's more than a few seconds (e.g. say, 30 seconds), this adds a significant bit of latency to recovery scenarios. > > > You may have a situation in which session information exists for a WTP at AC, > > but WTP is sending non-DTLS packet. Even in such situation, AC can feed such > > packets to DTLS module, which will ultimately reject the packet. AC can use > > this kind of notification to tear down the existing session, which > >will bring AC's > > state machine in sync with that of WTP. > > The WTP - or someone who spoofs the WTP address. Sounds like a very simple DoS attack. > > >I have not given much thought about the data path issue. May be the > >initial policy > >(about dtls) exhcnage would help. Once both the party (AC as well as WTP) agree > >whether DTLS will be used or not, the same information can be used for > >programming the hardware. I know that issue # 221 is tracking data > >path policy issue. > > > >NKA > > > >> > >> 1, 2 and 3 will be present simultaneously in any > >> deployment. 3 and 4 may co-exist in a deployment > >> if some data channels are encrypted and some not. > >> There has to be a way to distinguish these four > >> kinds of packets. The draft is not clear about how > >> this is done. > >> > > I think for data channel security, it will have to be a binary decision for an AC/WTP pair, i.e. if data channel encryption is enabled, it is for all data. > > For the control channel, I think to have a clean solution (with deterministic behavior) we need either a separate discovery port or a type header which allows one to distinguish between discovery and dtls packets. > > Scott > > _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Wed Oct 18 18:58:02 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GaKMM-0006RI-SZ for capwap-archive@lists.ietf.org; Wed, 18 Oct 2006 18:58:02 -0400 Received: from mx1.tigertech.net ([64.62.209.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GaKMI-0005Qz-3u for capwap-archive@lists.ietf.org; Wed, 18 Oct 2006 18:58:02 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by zoidberg.tigertech.net (Postfix) with ESMTP id 78DEA39801E for ; Wed, 18 Oct 2006 15:57:57 -0700 (PDT) Received: from mx1.tigertech.net (mx1.tigertech.net [64.62.209.31]) by fry.tigertech.net (Postfix) with ESMTP id 2275E4A453D for ; Wed, 18 Oct 2006 15:57:47 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 00C6939803B for ; Wed, 18 Oct 2006 15:57:47 -0700 (PDT) Received: from elasmtp-dupuy.atl.sa.earthlink.net (elasmtp-dupuy.atl.sa.earthlink.net [209.86.89.62]) by zoidberg.tigertech.net (Postfix) with ESMTP id 99C4D39801E for ; Wed, 18 Oct 2006 15:57:43 -0700 (PDT) Received: from [209.86.224.32] (helo=elwamui-cypress.atl.sa.earthlink.net) by elasmtp-dupuy.atl.sa.earthlink.net with asmtp (Exim 4.34) id 1GaKM2-0005Uv-Vz; Wed, 18 Oct 2006 18:57:43 -0400 Received: from 75.32.19.206 by webmail.pas.earthlink.net with HTTP; Wed, 18 Oct 2006 18:57:42 -0400 Message-ID: <23812436.1161212262850.JavaMail.root@elwamui-cypress.atl.sa.earthlink.net> Date: Wed, 18 Oct 2006 15:57:42 -0700 (GMT-07:00) From: "Scott G. Kelly" To: Abhijit Choudhury Mime-Version: 1.0 X-Mailer: EarthLink Zoo Mail 1.0 X-ELNK-Trace: 5b98cdd91c374dcd776432462e451d7bd15d05d9470ff71089d8cb93bf114edb5cf6099e7a13a8db350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 209.86.224.32 X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= X-Spam-Level: Cc: capwap Subject: Re: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list Reply-To: "Scott G. Kelly" List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 4d87d2aa806f79fed918a62e834505ca Hi Abhijit, >[Abhijit] That is exactly why I did not suggest a shim header or type >field. Instead, I suggested separate UDP ports to indicate the type >af packet. That way we don't need a separate header between >UDP and DTLS headers. Yes, because we all know that putting anything between the UDP header and the DTLS header is *EVIL*, and anyone who would even *SUGGEST* such heresy should be crucified! And BURNED! And STABBED, SHOT, BEATEN, and RIDICULED, and then FEASTED UPON BY MAGGOTS! But a little more seriously :-), one reason I still consider a type header worthy of consideration (despite the choice of separate ports for control/data): if we implement data channel crypto (and there seems to be stronger support for this now), we are either going to have to use exactly one QoS level for all data, or we'll need to be able to support multiple encrypted data channel streams per wtp (up to a maximum of 1 per QoS level, or 8). Otherwise, the DTLS antireplay mechanism and QoS won't play well together. This is a well-documented problem that we ran into in IPsec, and it will also occur here in CAPWAP, and especially once 11n shows up. See RFC 4301, halfway into section 4.1 (starting near the bottom of page 13): If different classes of traffic (distinguished by Differentiated Services Code Point (DSCP) bits [NiBlBaBL98], [Gro02]) are sent on the same SA, and if the receiver is employing the optional anti-replay feature available in both AH and ESP, this could result in inappropriate discarding of lower priority packets due to the windowing mechanism used by this feature. Therefore, a sender SHOULD put traffic of different classes, but with the same selector values, on different SAs to support Quality of Service (QoS) appropriately. To permit this, the IPsec implementation MUST permit establishment and maintenance of multiple SAs between a given sender and receiver, with the same selectors. Distribution of traffic among these parallel SAs to support QoS is locally determined by the sender and is not negotiated by IKE. The receiver MUST process the packets from the different SAs without prejudice. These requirements apply to both transport and tunnel mode SAs. In the case of tunnel mode SAs, the DSCP values in question appear in the inner IP header. In transport mode, the DSCP value might change en route, but this should not cause problems with respect to IPsec processing since the value is not employed for SA selection and MUST NOT be checked as part of SA/packet validation. However, if significant re-ordering of packets occurs in an SA, e.g., as a result of changes to DSCP values en route, this may trigger packet discarding by a receiver due to application of the anti-replay mechanism. ----------------------- Antireplay is not optional in DTLS, so the same issues apply - you need per-QoS-level session identifiers to resolve this -- that is, if you want data channel QoS support. One option is to choose a separate port for each QoS level, but that would mean we'd potentially need to support 8 ports for data, and if we ever decide we need to differentiate QoS levels on the control channel for some reason, we'll need even more ports for that. Even with 50K ports still available (or more, or less, don't know the exact number today), it's possible that IANA and/or the IESG will object to us grabbing this many ports for one protocol. Especially when this could be easily solved by putting a few bytes between the udp header and the payload. This doesn't mean you don't use two ports, one for control, one for data - it simply means you have a stream id+type in the clear after the UDP header. Scott _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Wed Oct 18 21:50:01 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GaN2n-0000jy-Ns for capwap-archive@lists.ietf.org; Wed, 18 Oct 2006 21:50:01 -0400 Received: from mx1.tigertech.net ([64.62.209.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GaN2k-000443-6D for capwap-archive@lists.ietf.org; Wed, 18 Oct 2006 21:50:00 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by zoidberg.tigertech.net (Postfix) with ESMTP id 39561398089 for ; Wed, 18 Oct 2006 18:49:53 -0700 (PDT) Received: from mx1.tigertech.net (mx1.tigertech.net [64.62.209.31]) by fry.tigertech.net (Postfix) with ESMTP id 494A74A453D for ; Wed, 18 Oct 2006 18:49:29 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 2639B39803B for ; Wed, 18 Oct 2006 18:49:29 -0700 (PDT) Received: from alnrmhc13.comcast.net (alnrmhc13.comcast.net [206.18.177.53]) by zoidberg.tigertech.net (Postfix) with ESMTP id 26A5E39801C for ; Wed, 18 Oct 2006 18:49:26 -0700 (PDT) Received: from [192.168.0.3] (c-68-49-199-146.hsd1.md.comcast.net[68.49.199.146]) by comcast.net (alnrmhc13) with ESMTP id <20061019014926b1300l665je>; Thu, 19 Oct 2006 01:49:26 +0000 Message-ID: <4536D9A9.5090500@cs.umd.edu> Date: Wed, 18 Oct 2006 21:49:29 -0400 From: Charles Clancy User-Agent: Thunderbird 1.5.0.7 (Windows/20060909) MIME-Version: 1.0 To: sarikaya@ieee.org References: <4535DB1D.90200@yahoo.com> In-Reply-To: <4535DB1D.90200@yahoo.com> X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.374 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE X-Spam-Level: Cc: capwap Subject: Re: [Capwap] CAPWAP for 802.11r X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: a87a9cdae4ac5d3fbeee75cd0026d632 Behcet, CAPWAP has not yet defined how 11r FT and reassociation packets are tunneled for Local and Split MAC. Your assumption is that in Local MAC they would be processed at the WTP. However, if they are processed by the AC (just as the current four-way-handshake packets) then there's no reason to transport PMK-R1s to WTPs, and no changes necessary to CAPWAP to support 11r. In fact, transportation of PMK-R1s to the WTPs would break the current CAPWAP security model. In CAPWAP we only have one authenticator; therefore PMK-* MUST reside at the AC. -- t. charles clancy, ph.d. | tcc@umd.edu | www.cs.umd.edu/~clancy Behcet Sarikaya wrote: > Pat and all, > > The link: > http://www.ietf.org/internet-drafts/draft-sarikaya-capwap-fastbss-00.txt > is now on. > > Regards, > > --behcet > > ----- Original Message ---- > From: Pat Calhoun (pacalhou) > To: Behcet Sarikaya > Sent: Monday, October 16, 2006 7:01:11 PM > Subject: RE: [Capwap] CAPWAP for 802.11r > > ok, I will once it becomes available. > > > Pat Calhoun > CTO, Wireless Networking Business Unit > Cisco Systems > > > > ------------------------------------------------------------------------ > *From:* Behcet Sarikaya [mailto:behcetsarikaya@yahoo.com] > *Sent:* Monday, October 16, 2006 4:41 PM > *To:* Pat Calhoun (pacalhou); capwap@frascone.com > *Subject:* Re: [Capwap] CAPWAP for 802.11r > > Pat, > > > ----- Original Message ---- > From: Pat Calhoun (pacalhou) > To: Behcet Sarikaya ; capwap@frascone.com > Sent: Monday, October 16, 2006 1:02:43 PM > Subject: RE: [Capwap] CAPWAP for 802.11r > > Behcet, > > I believe we've discussed this idea a few times, and I am still > unsure why we believe CAPWAP needs to define anything to support > TGr. The current CAPWAP protocol is sufficient to support the > upcoming standard. > > ==> > The basis is there but we need several extensions. > Please read the draft and comment, then we can make a more informed > decision, I think. > > > Pat Calhoun > CTO, Wireless Networking Business Unit > Cisco Systems > > > Regards, > > --behcet > > ------------------------------------------------------------------------ > *From:* Behcet Sarikaya [mailto:behcetsarikaya@yahoo.com] > *Sent:* Saturday, October 14, 2006 8:33 AM > *To:* capwap@frascone.com > *Subject:* [Capwap] CAPWAP for 802.11r > > Dear all, > I submitted a draft on CAPWAP Roaming Protocol in 802.11R Domains. > It should be available soon at the following link: > > http://www.ietf.org/internet-drafts/draft-sarikaya-capwap-fastbss-00.txt > > Regards, > > Behcet > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap > > Archives: http://lists.frascone.com/pipermail/capwap _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Wed Oct 18 23:19:38 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GaORW-0003zB-Dn for capwap-archive@lists.ietf.org; Wed, 18 Oct 2006 23:19:38 -0400 Received: from mx1.tigertech.net ([64.62.209.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GaOCC-00015D-4Q for capwap-archive@lists.ietf.org; Wed, 18 Oct 2006 23:03:53 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by zoidberg.tigertech.net (Postfix) with ESMTP id 1FFFD398090 for ; Wed, 18 Oct 2006 20:03:47 -0700 (PDT) Received: from mx1.tigertech.net (mx1.tigertech.net [64.62.209.31]) by fry.tigertech.net (Postfix) with ESMTP id 9EC674A453D for ; Wed, 18 Oct 2006 20:03:35 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 88390398063 for ; Wed, 18 Oct 2006 20:03:35 -0700 (PDT) Received: from web60312.mail.yahoo.com (web60312.mail.yahoo.com [209.73.178.135]) by zoidberg.tigertech.net (Postfix) with SMTP id 709A539801C for ; Wed, 18 Oct 2006 20:03:31 -0700 (PDT) Received: (qmail 10257 invoked by uid 60001); 19 Oct 2006 03:03:30 -0000 Message-ID: <20061019030330.10255.qmail@web60312.mail.yahoo.com> Received: from [121.133.79.100] by web60312.mail.yahoo.com via HTTP; Wed, 18 Oct 2006 20:03:30 PDT Date: Wed, 18 Oct 2006 20:03:30 -0700 (PDT) From: Behcet Sarikaya To: Charles Clancy MIME-Version: 1.0 X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=2.299 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE, DNS_FROM_RFC_POST, DNS_FROM_RFC_WHOIS, HTML_30_40, HTML_MESSAGE X-Spam-Level: ** Cc: capwap Subject: Re: [Capwap] CAPWAP for 802.11r X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list Reply-To: Behcet Sarikaya List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1505963172==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.1 (/) X-Scan-Signature: 25620135586de10c627e3628c432b04a --===============1505963172== Content-Type: multipart/alternative; boundary="0-1432930310-1161227010=:10107" --0-1432930310-1161227010=:10107 Content-Type: text/plain; charset=ascii Content-Transfer-Encoding: quoted-printable Hi Charles,=0A=0A----- Original Message ----=0AFrom: Charles Clancy =0ATo: sarikaya@ieee.org=0ACc: capwap =0AS= ent: Wednesday, October 18, 2006 8:49:29 PM=0ASubject: Re: [Capwap] CAPWAP = for 802.11r=0A=0ABehcet,=0A=0ACAPWAP has not yet defined how 11r FT and rea= ssociation packets are =0Atunneled for Local and Split MAC. =0A=3D=3D> Cor= rect. =0AYour assumption is that in Local MAC =0Athey would be processed at= the WTP. However, if they are processed by =0Athe AC (just as the current= four-way-handshake packets) then there's no =0Areason to transport PMK-R1s= to WTPs, and no changes necessary to CAPWAP =0Ato support 11r. In fact, t= ransportation of PMK-R1s to the WTPs would =0Abreak the current CAPWAP secu= rity model. =0A=3D=3D>My proposal is to use the key distribution protocol o= f 802.11r which securely transports the keys.=0A=3D=3D>Also no need for the= context transfer which was what I had in mind.=0A=3D=3D> Can you spare you= r ideas why that would not work in CAPWAP?=0A In CAPWAP we only have one = =0Aauthenticator; therefore PMK-* MUST reside at the AC.=0A=3D=3D> You're s= aying we only need the split MAC scenarios that I have in the draft.=0A=0A-= - =0At. charles clancy, ph.d. | tcc@umd.edu | www.cs.umd.edu/~clancy=0A= =0A=3D=3D>=0AThe purpose of the draft is to attempt to initiate work on ext= ending CAPWAP 802.11 binding for FT.=0AI think it will be good to discuss t= his and get ideas?=0A=0AThanks,=0A=0ABehcet=0A=0A=0A=0A=0A=0A=0A --0-1432930310-1161227010=:10107 Content-Type: text/html; charset=ascii Content-Transfer-Encoding: quoted-printable

Hi Charles,

----- Original Message ---=
-
From: Charles Clancy <clancy@cs.umd.edu>
To: sarikaya@ieee.or=
g
Cc: capwap <capwap@frascone.com>
Sent: Wednesday, October 18,=
 2006 8:49:29 PM
Subject: Re: [Capwap] CAPWAP for 802.11r

Be=
hcet,

CAPWAP has not yet defined how 11r FT and reassociation packet=
s are 
tunneled for Local and Split MAC.  
=3D=3D> Correct. <=
br>Your assumption is that in Local MAC 
they would be processed at the =
WTP.  However, if they are processed by 
the AC (just as the c=
urrent four-way-handshake packets) then there's no 
reason to transport =
PMK-R1s to WTPs, and no
 changes necessary to CAPWAP 
to support 11r.  In fact, transp=
ortation of PMK-R1s to the WTPs would 
break the current CAPWAP security=
 model. 
=3D=3D>My proposal is to use the key distribution protocol o=
f 802.11r which securely transports the keys.
=3D=3D>Also no need for=
 the context transfer which was what I had in mind.
=3D=3D> Can you s=
pare your ideas why that would not work in CAPWAP?
 In CAPWAP we on=
ly have one 
authenticator; therefore PMK-* MUST reside at the AC.
=
=3D=3D> You're saying we only need the split MAC scenarios that I have i=
n the draft.

-- 
t. charles clancy, ph.d.  |  =
;tcc@umd.edu  |  www.cs.umd.edu/~clancy

=3D=3D>
The=
 purpose of the draft is to attempt to initiate work on extending CAPWAP 80=
2.11 binding for FT.
I think it will be good to discuss this and get
 ideas?

Thanks,

Behcet




--0-1432930310-1161227010=:10107--

--===============1505963172==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/capwap

Archives: http://lists.frascone.com/pipermail/capwap
--===============1505963172==--



From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Oct 19 04:12:45 2006
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
	by megatron.ietf.org with esmtp (Exim 4.43)
	id 1GaT1B-0003Kn-IB
	for capwap-archive@lists.ietf.org; Thu, 19 Oct 2006 04:12:45 -0400
Received: from mx2.tigertech.net ([64.62.209.32])
	by ietf-mx.ietf.org with esmtp (Exim 4.43)
	id 1GaSw7-0001fN-9B
	for capwap-archive@lists.ietf.org; Thu, 19 Oct 2006 04:07:38 -0400
Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19])
	by hermes.tigertech.net (Postfix) with ESMTP id 303E54306DD
	for ; Thu, 19 Oct 2006 01:07:23 -0700 (PDT)
Received: from mx1.tigertech.net (mx1.tigertech.net [64.62.209.31])
	by fry.tigertech.net (Postfix) with ESMTP id 025C24A43C6
	for ; Thu, 19 Oct 2006 01:06:57 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by zoidberg.tigertech.net (Postfix) with ESMTP id CBE32398020
	for ; Thu, 19 Oct 2006 01:06:56 -0700 (PDT)
Received: from mailgw4.ericsson.se (mailgw4.ericsson.se [193.180.251.62])
	by zoidberg.tigertech.net (Postfix) with ESMTP id C0B9C398013
	for ; Thu, 19 Oct 2006 01:06:54 -0700 (PDT)
Received: from esealmw126.eemea.ericsson.se (unknown [153.88.254.123])
	by mailgw4.ericsson.se (Symantec Mail Security) with ESMTP id 58DA7127C
	for ; Thu, 19 Oct 2006 10:06:48 +0200 (CEST)
Received: from esealmw109.eemea.ericsson.se ([153.88.200.2]) by
	esealmw126.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); 
	Thu, 19 Oct 2006 10:06:48 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Thu, 19 Oct 2006 10:06:47 +0200
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Handling of failed requests
thread-index: AcbzVYYBV+XCd5DaRsG7zn0IGfi2uw==
From: "Peter Nilsson J (LI/EAB)" 
To: 
X-OriginalArrivalTime: 19 Oct 2006 08:06:48.0025 (UTC)
	FILETIME=[86756C90:01C6F355]
X-Brightmail-Tracker: AAAAAA==
X-Virus-Scanned: by amavisd-new at tigertech.net
X-Spam-Status: No, hits=0.085 tagged_above=-999 required=7 tests=HTML_40_50,
	HTML_MESSAGE, SPF_HELO_PASS, SPF_PASS
X-Spam-Level: 
Subject: [Capwap] Handling of failed requests
X-BeenThere: capwap@frascone.com
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: A list for CAPWAP technical discussions 
List-Unsubscribe: ,
	
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,
	
Content-Type: multipart/mixed; boundary="===============0599965559=="
Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 32b73d73e8047ed17386f9799119ce43


This is a multi-part message in MIME format.

--===============0599965559==
Content-class: urn:content-classes:message
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C6F355.863DB59D"


This is a multi-part message in MIME format.

------_=_NextPart_001_01C6F355.863DB59D
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi,

The CAPWAP specification is not very clear on how to handle a failure
indication in the Result Code message element in the response to certain
request messages.

Join Request and Reset Request I guess is OK.
But what shall be done in AC and WTP if Configuration Update Requests,
WLAN Configuration Requests and Station Request fail?

One drastic approach would be to as mentioned in the spec for Reset
Response "to no longer provide service to the WTP in question".
But this seems a litle bit to drastic if WLAN Configuration and Station
Requests fails.=20

Peter Nilsson

------_=_NextPart_001_01C6F355.863DB59D
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable




Handling of failed requestsHi,
The CAPWAP specification is not very =
clear on how to handle a failure indication in the Result Code message =
element in the response to certain request messages.
Join Request and Reset Request I guess =
is OK.


But what shall be done in AC and WTP =
if Configuration Update Requests, WLAN Configuration Requests and =
Station Request fail?
One drastic approach would be to as =
mentioned in the spec for Reset Response "to no longer provide =
service to the WTP in question".
But this seems a litle bit to drastic =
if WLAN Configuration and Station Requests fails. 
Peter Nilsson




------_=_NextPart_001_01C6F355.863DB59D--

--===============0599965559==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/capwap

Archives: http://lists.frascone.com/pipermail/capwap
--===============0599965559==--



From akstcabcnewsmnsdgs@abcnews.com Thu Oct 19 08:50:25 2006
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
	by megatron.ietf.org with esmtp (Exim 4.43)
	id 1GaXLt-0002OY-FA
	for capwap-archive@lists.ietf.org; Thu, 19 Oct 2006 08:50:25 -0400
Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=chiedprmail1.ietf.org)
	by ietf-mx.ietf.org with esmtp (Exim 4.43)
	id 1GaXLt-0006Na-DR
	for capwap-archive@lists.ietf.org; Thu, 19 Oct 2006 08:50:25 -0400
Received: from cpe-70-116-148-67.houston.res.rr.com ([70.116.148.67])
	by chiedprmail1.ietf.org with esmtp (Exim 4.43)
	id 1GaXLn-000678-NC
	for capwap-archive@lists.ietf.org; Thu, 19 Oct 2006 08:50:25 -0400
Received: from 192.195.66.20 (HELO mx1.disney.com)
     by lists.ietf.org with esmtp (X1168BWPR 4G7S)
     id 2BX38W-SL4FHO-I1
     for capwap-archive@lists.ietf.org; Thu, 19 Nov 2006 12:51:50 +0360
Message-ID: <01c6f37d$58671510$6c822ecf@akstcabcnewsmnsdgs>
From: "Thad Lynn" 
To: 
Subject: great results triple volume
Date: Thu, 19 Nov 2006 12:51:50 +0360
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="iso-8859-2";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6700
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
X-Spam-Score: 4.4 (++++)
X-Scan-Signature: de4f315c9369b71d7dd5909b42224370

Hi Justin, hope I hit your correct email adress.
I was going to mention about these incredible opportunities
for future prosperity.There is a company outhere
known as American Unity Investments Inc (AUNI).
This one as you can see is climbing, but by just looking at it
I can tell it's gonna explode.So you do have a window to digg in
while it's still in it's low.I got a few shares of mine and made
5K. So what a hey, go ahead and do the same make some money while
it's there.

I hope it was a helper.I'll email you later this week.

Randal.

afford it. and what claims has lydia-what attraction has she beyond youth, health, and good humour
disappointment is only warded off by the defence of some little peculiar vexation."




From njyhwio@hinet.net Thu Oct 19 09:11:13 2006
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
	by megatron.ietf.org with esmtp (Exim 4.43)
	id 1GaXg1-0003Cb-2v
	for capwap-archive@lists.ietf.org; Thu, 19 Oct 2006 09:11:13 -0400
Received: from 125-228-177-157.dynamic.hinet.net ([125.228.177.157])
	by ietf-mx.ietf.org with esmtp (Exim 4.43)
	id 1GaXfu-0001Rc-4J
	for capwap-archive@lists.ietf.org; Thu, 19 Oct 2006 09:11:13 -0400
Message-ID: <000d01c6f37f$ff516b80$9db1e47d@windowsxas74k9>
From:	"system off" 
To: capwap-archive@lists.ietf.org
Subject: Live CD youd like
Date:	Thu, 19 Oct 2006 21:10:49 +0800
MIME-Version: 1.0
Content-Type: multipart/related;
	type="multipart/alternative";
	boundary="----=_NextPart_000_0009_01C6F3C3.0D74AB80"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
X-Spam-Score: 4.2 (++++)
X-Scan-Signature: cbb41f2dbf0f142369614756642005e3

------=_NextPart_000_0009_01C6F3C3.0D74AB80
Content-Type: multipart/alternative;
	boundary="----=_NextPart_001_000A_01C6F3C3.0D74AB80"


------=_NextPart_001_000A_01C6F3C3.0D74AB80
Content-Type: text/plain;
	charset="big5"
Content-Transfer-Encoding: quoted-printable

Keep or Freebyte updates is well software is created enter address press =
in button address Subscribe Mail service.
Without having on hard then Linux is instead Knoppix installer allows =
complete system of off is cd image burn reboot machine provided Project =
am Elane or was of developed at Carlos iii Madrid Central Users!
Nonusers alike Take advantage send friends classmates ebook report =
research paper made.
Lenders Colleges am Degrees Education Refinance of Student Wrongful =
Death Attorney Debt.
Promote of business submiting Engines Free Feeware Graphics Downlads =
Sites Animations photo graphic links a Directory mp songs. Animated gifs =
is icons bullets art pictures download Directly thousands high.

Refinance Student Wrongful Death Attorney Debt Medical is Lawyer =
Calculator Restaurant Autos ad Mobile am Subscriber copy Privacy is =
Statement Terms Conditions Tested or Bymarket Data or Market is.
Visitors came where did they come in who referred of them a Which =
keywords vp in Tracker help plcae website Weve need.
Million new in York Times Free am day Triallog Inregister Nowhome Pagemy =
October Printsave Published inc an!
Pagemy October of Printsave Published in inc an online agreed the =
closely held in. Came where did they come or who referred them Which =
keywords vp a Tracker help am plcae website Weve need am.
Made Treepad likewise is royalties done registered users in compiler =
executable tpd hjt file single in.
------=_NextPart_001_000A_01C6F3C3.0D74AB80
Content-Type: text/html;
	charset="big5"
Content-Transfer-Encoding: quoted-printable



Keep or Freebyte updates is well =
software is=20
created enter address press in button address Subscribe Mail =
service.
Without=20
having on hard then Linux is instead Knoppix installer allows complete =
system of=20
off is cd image burn reboot machine provided Project am Elane or was of=20
developed at Carlos iii Madrid Central Users!
Nonusers alike Take =
advantage=20
send friends classmates ebook report research paper made.
Lenders =
Colleges am=20
Degrees Education Refinance of Student Wrongful Death Attorney =
Debt.
Promote=20
of business submiting Engines Free Feeware Graphics Downlads Sites =
Animations=20
photo graphic links a Directory mp songs. Animated gifs is icons bullets =
art=20
pictures download Directly thousands high.
Refinance Student Wrongful Death =
Attorney Debt=20
Medical is Lawyer Calculator Restaurant Autos ad Mobile am Subscriber =
copy=20
Privacy is Statement Terms Conditions Tested or Bymarket Data or Market=20
is.
Visitors came where did they come in who referred of them a Which =

keywords vp in Tracker help plcae website Weve need.
Million new in =
York=20
Times Free am day Triallog Inregister Nowhome Pagemy October Printsave =
Published=20
inc an!
Pagemy October of Printsave Published in inc an online agreed =
the=20
closely held in. Came where did they come or who referred them Which =
keywords vp=20
a Tracker help am plcae website Weve need am.
Made Treepad likewise =
is=20
royalties done registered users in compiler executable tpd hjt file =
single=20
in.


------=_NextPart_001_000A_01C6F3C3.0D74AB80--

------=_NextPart_000_0009_01C6F3C3.0D74AB80
Content-Type: image/gif;
	name="ByPoll.gif"
Content-Transfer-Encoding: base64
Content-ID: <000801c6f37f$ff516b80$9db1e47d@windowsxas74k9>

R0lGODlhfAFYAYf2AAAAAIAAAACAAICAAAAAgIAAgACAgMDAwMDcwKbK8EAgAGAgAIAgAKAgAMAg
AOAgAABAACBAAEBAAGBAAIBAAKBAAMBAAOBAAABgACBgAEBgAGBgAIBgAKBgAMBgAOBgAACAACCA
AECAAGCAAICAAKCAAMCAAOCAAACgACCgAECgAGCgAICgAKCgAMCgAOCgAADAACDAAEDAAGDAAIDA
AKDAAMDAAODAAADgACDgAEDgAGDgAIDgAKDgAMDgAODgAAAAQCAAQEAAQGAAQIAAQKAAQMAAQOAA
QAAgQCAgQEAgQGAgQIAgQKAgQMAgQOAgQABAQCBAQEBAQGBAQIBAQKBAQMBAQOBAQABgQCBgQEBg
QGBgQIBgBKBgQMBgQOBgQACAQCCAQECAQGCAQICAQKCAQMCAQOCAQACgQCCgQECgQGCgQICgQKCg
QMCgQOCgQADAQCDAQEDAQGDAQIDAQKDAQMDAQODAQADgQCDgQEDgQGDgQIDgQKDgQMDgQODgQAAA
gCAAgEAAgGAAgIAAgKAAgMAAgOAAgAAggCAggEAggGAggIAggKAggMAggOAggABAgCBAgEBAgGBA
gIBAgKBAgMBAgOBAgABggCBggEBggGBggIBggKBggMBggOBggACAgCCAgECAgGCAgICAgKCAgMCA
gOCAgACggCCggECggGCggICggKCggMCggOCggADAgCDAgEDAgGDAgIDAgKDAgMDAgODAgADggCDg
gEDggGDggIDggKDggMDggODggAAAwCAAwEAAwGAAwIAAwKAAwMAAwOAAwAAgwCAgwEAgwGAgwIAg
wKAgwMAgwOAgwABAwCBAwEBAwGBAwIBAwKBAwMBAwOBAwABgwCBgwEBgwGBgwIBgwKBgwMBgwOBg
wACAwCCAwECAwGCAwICAwKCAwMCAwOCAwACgwCCgwECgwGCgwICgwKCgwMCgwOCgwADAwCDAwEDA
wGDAwIDAwKDAwP/78KCgpICAgP8AAAD/AP//AAAA//8A/wD//////yH5BAAlAGMALAAAAAB8AVgB
Bwj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNqHAggo72PIEOKHEmypMmTKFOqXMmypcuX
MGPKnEmzps2bIQHgRGlpp8+fQIMKHUq0qNGjHzcqXcq0qdOnUKNKnUq1qtWrWLNq3cq1q9evYMOK
HUvWINKzaNOqXcu2rdu3cOPKnUu3bsuyePPq3cu3r9+/gAMLhmq3sOHDiBMrXsy4sePHkCNLnky5
suXLmDNrLqlls+fPoO0OHk26tOmooVOrXt32tOvXsGPLnk27tu3buHPrvsq6t+/fwIMLH068OMs0
xpPf3M28uXOmyqPvZMBAuvXrmqnTzIW9u/fvv5+L/x9P3iH48+gLl1/Pvr379/DjkzUkvz789Pjz
u7XPv39g/QAGKOCABELm34EIJqjgggw26OCDHhUo4YQwQWihVxdcqOGGHHbo4YcCUSjiiCiBaKKJ
JKao4oosknjiix22KGOBMNZ44Yw45qjjjsDZOBYBPvbF45D4BULkkUgmqeRbrl0yGyVBRinllFRW
aeWVWH645JbBZekleVyGKeaYZMb05ZnOlanmXEHUhOabcMYp50Nr1mnZnP6BgeeefPbp51WK/Cko
iGsqYidlgyaqKJ/yyLPoo1812t4eGB2aXKPyjAipbpiiaClwjX4q6mGYHrmFjgMoF+qorNqV6Y6b
xv8q66y01vpiq7jmqut3tvaK2q7ABiusmgUMa+yxyCar7LLMRubrsw/aAK2FR8rS7LXYZqttdNN2
G+G24Jbo7bjklmvuuc/Rg+6e4bZr0rrwHuTuvPTWO1K8+Oar77752ksvvwAHLPDAkILbmb9JEUwu
wu4q7PDDgzIs8cTKQmzxxXJSrPHGEsLAFsbPcizyyJaC7CvJzJrcK8ost+zyy+mpbCuJkMBs880h
yVyrqJ3g7HPFOgctNKE/F2300UgjNvTSF7/A9NOyJc0q1FS6U6nU1tlhGNVcd10f1qJ6LejGomAL
mAMGISP2n8iovfZtlyEDdmpv9zl3yXWze/eOsbz/lPffgNO2t52BZzz44YhvVvh6IZCV+OOQT7Y4
nJGLqaEOk29UeZiZo7k5l52LlQeYny8Z+umoi1W66am37jpWq8cue2uv1277U7PnrrtRt0u5e0hA
/C48Tb1TbUTxyJs7/PLMN0/moAhw7XyLyVdvfUPTkzxL9tzb5Eid19/a/fjOh2/++f+Qr77Ifazv
/vs7oS9/9fBn9kr9+Oev/4rzx7j//wAMoACv1T8OHY0MAxxgARf4ugSeh4G14QUEISTBCTqoglJx
YGR4cRQLxgaDGdSgYzgoQuyQkHcefA0If1XCFrIshTCMoQxLYx2dWGYPJHMPAHY4Q/vssCM9lM8P
94OIvd/s8FqrGIqhXJgsPrngbUy0DhH9E0XpTPGKQatiYwgwFCx60WRaVM4Xx0jGMVajjGjsWhgh
w481uvGNcIyjHG3GHyAGETtHBM4JtgWfIVLNG3lRTh5duB4/pg4eQeJhGsejyEWmb47hcaRVViBJ
z0HSN5Uk3SU3yclOQtJjcsmkzDYBQU+qRpSoTOUMTclK5mHAk6psTitnScvZxfKWuMylLnfpqVpm
hpfATJQvh7mmYBrTT8RMpjLBdsyoLfOZ0MRZM2MTzWryaJqwsaY2t6mx15wgcL/IJjfHSc5ymvOZ
2HxN9+bhonSe5pzwjGcT3WmagAAAIfkEACoAYwAsAAAAAHwBHQAHCP8A/wkcSLCgwYMIEypcyLCh
w4cQI0qcSLGixYsYM2rcyLGjx48gQ4ocSbKkyZMoU6pcybKly5cwY8qcSbOmzZs4c+rcybNnQntA
gwodSrSo0aNIkypdyrSp06dQo0qdSrWq1atYswL1ybWr1688tYodS7as2bNo06pdy7at27dw48qd
Sxcp2Lt48+odWbev37+AAwuuuldmusKIE/MdzLix48eQzyqeTLmy5cuYM2vezLmzZ8SRQ4seTbq0
adJZTqtezfaz69ewY8ueTbu27du4c+vebZm179/AgzflTby4V+HIkytfzry58+dtKUJ/a7whu+oY
p7vFzt1h1QFOB4gYJwueanmg54OKXz+e/Xn37O29V6+9PuSAACH5BAAqAGMALAAAHAB8AR0ABwj/
AO0JHEiwoEGBAw4qtDeg4cKHEBlGhJhwYEWCDTM61HiRo0aJCC1OHEmypMmTKFOqXMmypcuHCS9O
lPkypMqYIgvStMkzp8+ONYMKHUq0qNGjM0FK/GiwYsyMPZVCReiQIdOpS3cu9cmV606aQKMiHUu2
rNmzBf+pXcu2bduQHWV+pYpRqU2gYeXmrHoQp1itenUK5lnRreHDiBMrXsy4sePHkCNLnkwZ8kq/
djODBEu4J+afgrWKDIvRo925dTujXc26tWuUk6VGRc1ZttWrgTN/Hry5aV+mvFWDrEy8uPHjyJMr
V37zavC7vDGLtq1bs0Xnz4WnBi32tffv4MPD/9yb3Wl06n21b1WY17f7v+Ljy59Pfzvc8rPty27P
XTRn1M/Vxp119RVoYIGT/RfgRsF9xRdWt1FFWoC3QeXRbqedZ9NyHHbo4YcghljZgSQqJOKJKKao
4okltujiizDGKOOMNNZo44045qgjjbCEF9uOQLq24pBEdhjkkUgm2eKPSrIUwEpPylgkiKhMaaVh
UQ6UZZMjbXmSlykFIKaYBI1Jpj1gPmnmmVq2ac+VcMbZWJhlcmkSmCXh+WWdaBakpkF/lpnloHYG
ORmhgm45pkBqssmnm2iy6eWfjmp55qSWDlpppmQGCuminOIJap9mAupnn6aemuanAsnp6qtvof8U
JaaM1lqrpKm6iSimm9pK6qmo/uorpL/SuuujrEaKbLC3HrSqqL7qWei0zSLrqbDERjssttXmiuqx
bUrLK7PcXkvuuMsqmumy3OqaLbU1Hlrpmo2WSuujs6qqr7Nrahtpqcp6W6yq/d67rbmTAuxnvvsC
iyisEEf8GMPbknuus8GiG65CenoqrsCUNpytwe2SzLHF5tr6sMQst+wWoiiDjDHM3dbMbrfSXlwn
wjGnK7LOEKUs9EMuF50incl+u/G7I7trqcVJA+1xrp0ye6nTAeN7MLBcq8xnwlHDK/a9o/7LqMIY
L6zooikn2vXZmnZc9axsr7uuqLj6zG/ZCtMhy3XOYrvIpKxdmgV4noG3avTiIK52ONRFPf4QzYlX
HmNAACH5BAAqAGMALAAAOAB8AR0ABwj/AO0JHEiwoMGDCA0GSEhwIcOHEAs6jIhw4kSKGDNq3Mix
o8ePIEOKHEny4MWEJ0sqDBmgpcqXMGPKnEmzpk2SWG7q3Mmzp8+fQBGeC0q0qNGjSJMe/Me0qdOn
UKNKnUq1qtWrWLNq3cq1q9evYMNa9SS2rNmzaNOqXcu2rdu3cOPKhaq0rt27ePMSncu3r9+/gAML
5puXmt7DiBMrXsy4sePHkGNGiky5suW8gzNr3sy5s+fPoEOLHk26tOnTqFOrXs26tevXsGPLnk27
NujLuHPr3s27t8xfvoOHtE28uPHjyJMrX868ufPnpoVLn069J/Tr2LNr3869u/fv4MH2FglPvrx5
v9XTq18/8rz79/Djy5/vNCAAIfkEACoAYwAsAABUAHwBHQAHCP8A/wkcSLCgwYMIEypcyLChw4cQ
I0qcSLGixYsYM2rcyLGjx48gQ4ocSbKkyZP2UqpcybKly5cwY8qcSbOmzZs4XZ7cybOnz4c5gwod
SrSoUZo/kypdKvGo06dQo74UIDUl1apYs2rdytUeRQFgwVoNK5ZsWHtkWaZVufYqW7Ru0apdC1fs
WKpx5a48a9cq27Mur5r9azcvXrp+vTJdzLjxP6Fx8cKM/DZxYsqG4e5Vu1mvZ8GcQ/fVS7kl6LeY
OZe23LW169ewjaae2pm0ac+VUX8Ordvy6dyVJfvNGxi48NrDeeOOzby586JfNxM3Hvw28czHM0vP
/Zv15d3Tec//Ri5Xu1/H6NOrN4h5sHHAy0kDxv6d/OHR3eOfBu0WPvfObammHFXrFWhgR5AFSFt1
3um3XHYPCohbftf5Vp5yviHW24ashffchyCGWFSFC1rooIQbHucdhPUB16Jk5v0Xk4oXIuehiDjm
6Fp0GNooY4u2ATnahCYG6aKRmhEp3m0MIpnZgVBGudN17nVYG2JY9hWZYXS1d19ZafG1V38aAknY
lmT6p5eUbLb5kY5w2nSjbCm5aeedAsWpJ1ZzDtXnnoAGihNFgtqU0EqHGoXnoow2VmhNidaJ0FE8
RdPopeg9qummnHYqKKH2ACAqAFWR2tKoop6aU6SKHaQSPzHB/LoSP7RKiumtuDo0lKlZ8bqSr74y
R6usLQ07q6fIJhtosKH+2iyp0KaEqrShplqttSoB+2yz15o6LbVOEesSseIqa+65T1HErLbWtuss
tt66xG68wWrLLauRlssSucPKmuu/ALsa1LrvZmuwwfYyyy21vEbr7MFQ6XtsSuJKjO7FGEtFMMIQ
o5pqwvJ+2/DC0noslcUUvzpxxiy37NTGDHes6sEKw+wwxFihbA+5K7ssYiA+f1hvtjePzDHN8s68
7cPgKixUxfuqLHXQVF8MqsgfLwzsqOB2jW3XMndbMry2GoTopP3Kyq+xO7Md8NtwN2X1pCqxOlTc
eGMaEAAh+QQAKgBjACwAAHAAfAEdAAcI/wD/CRxIsGBBewgTKlzIsKHDhxAjPjQ4UCFFgRIzXtzI
saPHjyBDihxJsqTJkyhTcszIsqXLlxstXnzpUKXNmzhz6tzJs6fPn0CDCh1KtKjRo0iTKl3KtKnT
p1CjSp1KtarVq1izat3KlSTNr2DDih1LtqzZs2jTql3LdmHXt3Djyp1Lt67du3hVItmbt6/fv3j3
CkYCuLDhw1cH80XMuLHjim0V7o1MubLllwAua97MubPnz6BDIwSQWbTp020fq8ZJerXr17BJto5d
GLXt27hJ497Nu7dvhlR+Cx9OnC3t48iPF1/OvLnz4cmjS3f8vLr169gpT9/Ovbv37+DDixwfT768
+Zyszv9Glr29+/fw48ufTx/m+fv4hQYEACH5BAAqAGMALAAAjAB8AR0ABwj/AP8JHEiwoMGDCBMq
XMiwocOHECNKnEixosWLGDNq3Mixo8ePIEOKHEmypMmT9lKqXMmypcuXMGPKnEmzps2bOHPq3Mlz
5cmfQAv2HEq0qNGjSJMqXcq0qdOnOwFArSnVaNWbV6cyzWpVq9evYAGI5RpTKtmZZ3tyJZs25dW2
MOG6tSl3rs60a8vSrAu2r9+oKvnaM5tTMF2Whu0OLoz2cOO7LxPzTfy3clOKWauOdbs5sFjEnUN/
Xilac2DOn8dqHj1XNWiznQez9pz6tGzYbTeXbn2btN3VwFHfNu2a9OjYxUOfDsq8OcTMi3krZnv6
bXTfLglLX2ydunXb17Vf/w9PHnpc7IhlK7Zt2vf36dzBk9+e17rz+/gPQu8Onnpr1/7RJt6A5bVE
YH/VFQdfd+9l1yCA8vGmHYTr8fcggt8lF11+HHIEWHUgwpfedutVGGJ89I2XIoIkonegenXVtmCE
8RHGn4kSyvcegRmqaNmPQM5343wuFjjijCkOeaJ5Ro435H7opbcjkUU2yaSNOmK4JI1BdumXgr1R
OdtwwnH2GmrApSkklCXKGF1sAqIZpnoqIqdmZnlNJ5pwFkZ4HGvJIefloDaJAhNFWz1FWZCLEjpU
Vh1GihGjYyIFp6ORYfpVo5o6iminoIYqqkqSlhrRqKimquqqq2JmGadhQf9WFKyKEmXqrSHR+mGd
mDaqK5dd8fQrrsQmtKtXDXbqa7BL0forq6xOE5edb/3Z3pvWnqnhnGXuZm21aopJLW3GAWpuuOyR
2e1v6pLLLYrKzTnuu9DWW6SS7p0oppZnXfnmilte2KaPVhYc4pP/ougki2YWmKx4VNorMYO6vcYj
uLNNCZuB97KbYcUeH3lngLilRqGTGoOIpcD7omljoCYL+KzEQOLr744QV6lwxh3/i3CPee7sWc9+
ZnktjzW2rHR9Ig89M81KuZok0WwujCSOSBIXMMNaYl0wwumC3SPWLPcJsNDFpp2RgvPCjJu7xjlc
6W4JlxznlE2TeSnb54owqCd7gKbbZnBRxkvt22WqrXhFUOuF09ONQ7X45KdGnh1jlotK+eYNZe75
55JzrlFAACH5BAAqAGMALAAAqAB8AR0ABwj/AP8JHEiwYEF7CBMqXMiwocOHECNKnEixosWLGDNq
3MiRosGPIEOKHEmypMmTIDuqXMmypcuXMGOqREmzps2bOAXK3MlTJQCJP30uDIqQaEujMJFyzMm0
qVObFZX2bChVI9GqGJEqxWpRq0KsXBlezRg2YVmHY+09XcuW5NS3Ec9SlNsV6EqvZlmmvSiX7tC8
cAO/BUDYXuGihxMnNvyV8NXFjCM7HqpYa+Wgew0X/jn5sGa8mD+H/ixabOWieTFPNruaM2PHjz2T
hs166+bTiF1HRo2aNu/dgoNHvDka9G7OeF+n5q37YXOqx6MDVi5ZOvPey41m1r4c+/bUocd+///d
nPt08V+BR0+btq3790yL5w7fPX1v2q7zS8VPtTPg5+tdBxt3+QVoHnAHlkcdgvUpON56viF2Xn2a
idUgeQjBp+GGJsnHXoB/YZdegRJOuNWFC2LoIVrKOcjgby8uSGKMLopII4WmWfccgOhdxxuHQOZk
lYD/gWifjBgeaaSJE4ZIHX0wSodegkr22OJ0RtZ4o4376fgilZkJJ+ZExPnom2qjHYlmk6s1phhl
mzVJ2ZPMyZZkj/5F2Zpn/JVWW5oK+smalHa2idtsWOJnKGBBNlpTT36NyaKklGZVKUSRXhrcTXNp
OqSnoMIZqoUSOWrqqaimquqqrLbq6quwxnAq66y01mrrrbjmquuuvOI06q/ABivssJX2auyxyCbr
ahnKNuvss9ACSey01FZr7bXYZqvtttwGG+234IYr7kHdlmvuuehmNO667LbLa7rwxivvvPTWa++9
mrqr7778sootNfgGLPDABBdssLYAWxQQACH5BAAqAGMALAAAxAB8AR0ABwj/AO0JHEiwoMGDCBMq
XMiwocOHECNKnEixosWLGDNqXEhto8ePIEOKHEmypMmTKFOqXMmypcuXMGP+m0mzps2bOHPq3Mmz
p8+fQIMKHUq0qNGjSJMqzRlsqdOnUKNKnUq1qtWrWLNq3cq1q9evYMOKpRmzrNmzaNOqXcu2rdu3
cOMuHEu3rt27ePMilcu3r9+/gANXFCO4sNkohkfqXcy4sePHkCNLnky5ct7EBC1r3sxZKuaBnUOL
Hg30s0DSqFMztvih9YeQrw22JhjbtO3buDMTtVdbZO+Bs4FfVE28+FiKv3nTVv66uUDXsZsHh17Q
+fPnrq9rV847eO63ab4Lmy6avLd07NuZ145+0Drz5euF9zZOv75W5LLhC0/vnnty/9eZF+B73Iln
4IEukZeffPt1R52ABS43IHTTvbdebPZlGFoOXuFXnX7blSfhf/H1x6CJ/yGo4opl/XZhgfExuB+J
tPUXY4Tpsajjji1R5yCBEfoIYXcfAhdddg1emCKPTDbp5JNQRinllFRWaeWVWB5YVJZcvqWhTgEB
ACH5BAAqAGMALAAA4AB8AR0ABwj/AP8JHEiwYEF7CBMqXMiwocOHECNKnEixosWLGDNq3MhRosGP
IEOKHEmypMmDHVOq3AhgpcuXMDu2jGlvJs2bODWeLAigp82FPyH6DDpxKMuGRCMOTcqwJVOFPlM+
pUh06tKaEqcmvKrV406Bd76KHUv2n0abSbtiPasy7UW1TYu2lfkWaNaKaHPq3TuRbN6aPRFGdSo4
8NqtiI1CRWp48EzFjxtLRmtYcNPBiQETtrxY82PEmrcGduyUcuTJixWDBh21cGnCpzt7Fv35NWCE
ZXPr3s07r2/RnNe2/h388OrNtTMTP7wZ6PDMlpv/ZQ0d63LmnKVjr4qddvLosisf/x/v+7Nwe7z/
MUvP/uTZ4UanTwdP3zh3+t+te5Ye/z555anF1R1y/Y13HlfVVfdTUK+NFh5UrXVnXXzUGcfXhRf5
ZdeDwTG43WoWfngggBw6J1uHHy4YonkjhnjbX/mhyN18HnpooITyWQijZe316CNIbD2YY3H61Wfj
fy3qtxyNJ4qo5IYbDilhkedRqd2MINaYoJRcOmkeXBiGSZdzlNk3mWnakRlblQ1mVxlqoUEI35nC
zecajnLeWRibesKoIo0Uxhmng97duOaOLoqp6KKMIiUmXGA2KumklOJEVqUZRTqXXJh2ytePJEUi
6qikigpqe56mquqqnp7qKnusxv8q66y01grTpbZW6h+tmobJFJivBqvbe+I1+ZBqbxWLoVo2qhZo
dBEKZadFvV6oIpEC5nqThtgmCiVH1a7EbJQJ2jelQ28eteq13gYn7Lvw+hkbgSzKGK2AzsIJW4TP
HQrnbIbqGCCIjn7ZWHZ66kgnwIMmxu+/yJJm2p3wVvzqksyxeKiCx8oopMbbYelxcUM+t6VSSSJX
H8EcY+yykFneWJ/FNP8I2bNSGnluZ9dhrPOCmLlGqLlCx/XnidEmhyBstzWJs5dQAx000QNOXfPV
7B2J4tYts1whlVD/jKTAJHu9cnPtjqglfzGL7baVVHON53JY1z1QkGPnDDeiPJ+crPPbPsMts11H
dwvl0CCXGHXXb4fN9ZXaplrVm2jPieaAZFa9cdF9yhlZwshWWSjnoaMLnKDysvx06kWz/nCxiJMe
buS0dwzT7HjbinvtvPfO6e2K7u6r78TrhWvxyCf/qd3Mp6f889DH1Pz0w5rtabjK2k4t9NljJLxx
1INURfgiTatqteYbvX25jHVvPbqTu/9+XZ6nDSL5zQcEACH5BAAqAGMALAAA/AB8AR0ABwj/AP8J
HEiwYEEA9hIiTMiwocOHECNKnOhwIcWHFi1ORKjxokaOHgGIpNgxJEaRJTFeXKmwIkp7KSFqNEiz
ps2bOHPq3Mmz57+MLIMKDRqT5NCiEksihTlU6MiKDJcuddqw49SWDH1q3cq1K82mCkeizPi06tOX
MMUuHBv1LFqgbcuiTftRLF2ya5mypRv3I9+/WM3mBQl4LlarUfWGXet2sOLChq02jsu0MtjLmDNr
phqYsOXPQPM+/jzas9/ALVOGTlx1dGnLfuGeFK3XceqItDun1S2bI2PerCnDThx7s/HjyDP3vnsa
eGXTi6G7Hn53N9Tbh19KHysdu3XczIdz///emvRevHajdx8vG+ryusnjy58vM7jn685tv4Z7X7z9
5tCtRhtiqPVXlnv49ReWYJEl6GB51NkH3nutXUXfhcdxRWGBEBKmX4ASOtgegP7ddt9qHCo1IXEs
chgcaA++5t2GpLVY4mH2eKXjjjzWhFl6zx242JDPpTYXW8s9iKSQKAZpl2+TRVeeWpLJdRZrbzEJ
oXmCFXill+gx2BaRfLWH4ZnxcYUmaixZuOabcMZJX4901mlnTm+6+aKcfPbpZ4Z3Biqoj38Wauih
iCaq6KKMNuroo5BG+qaal+kpaaVt0mfphYN26umnPe5FFHJCxmlhdy5p59FK7CUK6quw3v+JKZtG
HVcqnHqauedUbup66a/AGtckSIxBiZdwhuEopYdWFvtdllEqSyyVBGLZbJlOdnjklVCSF+y3wA5r
HYkVdnjdgOPa6OGMN2JpYohS7qetSrqx+2Vu4Oa7poZvqWtudc1qWeSMS6paZKvesUhshM0ZaXC9
8TIcHn+0ZhbrxRh3NauEI/q7YEzcgcgmgfo5V+7CSY7MJbwpN1kvvvo2VUfMK2ko4oviepyiziJ/
2G6I620pL8tE2+vuwP9KnGPGTDcdqFIPY5sdlcLhvGyXRIrmLHUCDwxkXQZv+xvYLWd9NMxlY+X0
2mwPRHNSb/+6adx0173RrXYnOnfefPcy7fffgOfb9uCEF2744Yj3FPjijDfuauKQRy755JRXbvlN
OVyuOdsxbF6n46CHLjqGAQEAIfkEACoAYwAsAAAYAXwBHQAHCP8A7QkcSLCgwYMIEypcyLChw4cQ
I0qcSLGixYsYM2rcKPCfx48gQ4ocSbKkyZMoU6pcybKly5cwY8qcSbOmzZs4c+rcybOnz59Agwp9
ybGo0aNIkypdyrSp06dQo0qdSrWq1asKh2rdyrWr169gtWIdS7asVAJm06pdy/YosbZw404NS7eu
3bt48+qUy7ev37+AAwseTLhwVb2IEytezHir4ceQI0ueTLmy5cuYM2vezLmz58+gG4seTbq06ZCg
U6tezbq169cUT8s2aWa27ds5Yeve3Rm379/Ag6/kTbw4ZZjGk/cV/lO5c7jMfR7MN5F6XOtj82F3
qH26ve1UwVN6jd5ToPbu4humZ7oeYfuo790npB6/af2m5Hl+L3jfYP+i/+2XnUTt0YdVgEnldxJF
4tHXnXnnDXSegebxJyGED25nYIPoRfidhx+idyF/GXqo4X7WTYghhx1mKKCEKl5IoYwupgiiiQ/K
uGKFIWJ3Y4k5gghjjTmmFhAAIfkEALzOYwAsAAA0AXwBHQAHCP8A7QkcSLBgwXwGEeZbOHAhQ4EO
FTY8ONFeRIgEJSI8yPCiRYcNQW60mPChx5EkJX40CZJjx5YqQ7bEGJOmSZIrR8J8OHHjSYgzg7Lk
OVOmz5UGkypdyrSp06dQB/6bSrXq1EhWp6IE2jMjzopbv9Yc+zEhRYxdvX6tiJam15tq24J9GxYn
So0cex5NKzfjXrd3KQbme9bmxKyIEytezLix48f/ohZmm/KtYKUqA2tOulWn5c+TN/PtHHcuYbWb
SY8GvTZu6tKVKdcsTVay7du4c9uDbDWs5oizeZr9G9stZ89yg9flupYscqPC0Yo227x4crHAmZct
DFxj9pzMu2v/l12dt/nz6NNHxu2bdd/Zaadbp/58PnzWzim3pu/eNODQYi01GFvttXfdcq3Jh6Bu
DDboIFSqGSehdJiRp9N9/slnl4DVXRggbfydliFeINY3YIIWdpgieSXC9uCLMMZoVHXgAdWRfskJ
RaJLftl44Y3vEaWjdScVRSBMFdpYWWc/zYjUk7QhWSN4OvoUnY/XyajllruhxyVnX4YpZpgLjmnm
UlnBot6abJ53Zm5lvinnnNTRaeedeOap55589unnn3emB+ighG7Z5qGIJqroook9GGehtz3aoKSQ
VmopnYLW15eDf1HKlKcG+mXkU8SRquVyGzGq6qqstoqYbpqS/ykjqHWyGFWpdqJ66a68lnSjlKM2
aZdIVKYkZLAvDfVjTLiq9pORHs0I7FC+EqdQsL1mi6mXHv4H5lyldrodkZN9OOGGm5L2m351Pbfj
fgeilqSr9NZr771TmbtkkhSG21Z+7HLnXm2wAfzetwESDOBgunaJ78MQR8ztileK9+9ZnilYEoED
Rxiwxi6am1m3Lfp3lsQop6yyVfoqDG9mGBPmcoYD01iwigHXmTGIJVP47cpABy0onCseDK7RO4/W
sIkowssiyDiKbHPTEsKl7dV4Dg0kYFfWiNxFHtZGrKg9Tgm2yT7eJWW6Ee68U7tDklyR0HTXzRjW
knmK99589z3tt4Cj/i344HvbbfjhiCeu+OKMLw5A45BHLvnkjj9O+eWYZ655qwBYvvnnoD9G+N6d
j2666aGnrvrqoAcEACH5BAAlAGMALAAAAAB8AVgBBwj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEix
osWLGDNq3CjQnsePIEOKHEmypMmTKFOqXMmypcuXMGPKnEmzps2bOHPq3Mmzp8+fQIMKHUq0qNGj
SJMqXcrUpLSmUKNKnUq1qtWrWLNq3cq1q9evN02ZApuTo9mzELGgXcu2rdu3cOOSnUu3rt27ePPq
3Zs0rt+/gAMLHky4sOHDiBMrXsx4Ld/HkCODbUy5suXLmDNr3sy5s+fCkkOLHk26tOnToz+rRixi
tevMqGPLnu3yte3buHNTlIyBtu/fwIMLHy5St/HjyJMrX868ufPn0KNLx2xiuvXriInD7KG9u/fv
4MOL/x9Pvrz58+hJYl/Pvr1B2dnSy59Pv/5p9/jzT7fPvz9M/QAGqJx/BLrkR4EIokdFggw26OBH
AkYo4YQU6hZEhZY9qOGGHHZInH6tYSjiZh6WaOKJKOo14oosGpbii8O1KOOMNNZo443rUYGjjBsW
ACN4OwYp5JBEFjnRj0gmqeSSTDZZn5FQEunklJBFaeWVWGap5ZZcDkglTo18KeaY83Vp5oRkpknW
mWy26eabBgEAAJyJPUDnX3LeqWd0cs4JmJqAxiRnoIRmNWhQeyZKWJ+KNppcnu356WiUkq4H6aSY
2nZpppjOdWihoE4FQKhJalopp6hytmmqb5Lq6quw+v/G6qyaxWprUbTmmuGYILz4z63ABivssMQW
C6GuyCarbIDGNtthEs5GKy2Qy1Y72LTYZqutTNZ2++e24IZb1A7ilmvuueimq+66CHrr7rvwvsbu
vPSCGu+9+ObbmIeA1OvvvwCjq+/ABBc85KkGoznaqAE/Nk5JFfmzGcIJVyzQqhYrDBnDDdvKcceo
PZrxyANRTPLJKKes8sost+wyYS6gBfLMNNds8804H5URJC9zmvPPQJ/X89BEF230lkEnrfTSTDft
9NMNHn0v1CAF06TUWGftJtVcd+011Fq7+/XVYZdtdpRjM3n22mzvmPaSbSf79tx0VxV3kBvcfXTd
qMn/MpXegAceId8wCs4q4b4arvji1iHu+OOIMq6lHl2a05gYkmeu+eaV2XUF5F9xrijoM9EjtOh7
ku4h6qy3XqvqHLqe0DZIw76h7Ljnnp3tvPeOku7AB/+X78QXb/yDwpt5fLvJc7l8gc1HDyUrWz/v
36QrHCeK9Ny7Zf313Ycv/vjkc26EXN/zF0X57JOf/vvwO4gK1e1LGf/9Y9c/JP7y6S8kcFLgnwAH
SMACCpAYBkwgT/wXJAU68IEQzEkNItg/BloQeBTM4IveoEGTaKKDIAyhCEd4vLVdQlkNs4UtgGU0
FdoCXvRyYbF69kJ9kVBWbmHUBZPDkz597IaS8WFL/3gBRKrEQCU/LCJWdshE1ykxNk2k0ROnOMMo
WvGKWLzXGrJ4ECqahosaeURzvFiaNtkhd2kDAhm/BkYRrTE1bazQG0UTRznO0Sj6EEod95ibMPAR
g3cMpCAH6UBDUMUbhEwkk8ayEi4osil/jKTUHpkXSVrykpjMpCbNRqb5MW2ToAylKEdJynhREi+l
3M8p7ZK8UKRycauMZeJe+RxZ0oWW0LHlXHBZS1368pfr4qUwlwVMrwyTOcVMJvOOyczDKVMrzYym
NFv3zGraZ5rGsabSfvELbV6Fm960CjjDSZVxkjMorVCJOQPmrl9k7Zx/w6Y85yk4eNrznvjMZ+8C
AgA7

------=_NextPart_000_0009_01C6F3C3.0D74AB80--




From gfgujcb@hinet.net Thu Oct 19 09:11:14 2006
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
	by megatron.ietf.org with esmtp (Exim 4.43)
	id 1GaXg2-0003Cp-9N
	for capwap-archive@ietf.org; Thu, 19 Oct 2006 09:11:14 -0400
Received: from 125-228-177-157.dynamic.hinet.net ([125.228.177.157])
	by ietf-mx.ietf.org with esmtp (Exim 4.43)
	id 1GaXfu-0001R8-4a
	for capwap-archive@ietf.org; Thu, 19 Oct 2006 09:11:14 -0400
Message-ID: <000801c6f37f$ffd6ef30$9db1e47d@windowsxas74k9>
From:	"Health Leads" 
To: capwap-archive@ietf.org
Subject: keep Freebyte
Date:	Thu, 19 Oct 2006 21:10:50 +0800
MIME-Version: 1.0
Content-Type: multipart/related;
	type="multipart/alternative";
	boundary="----=_NextPart_000_0004_01C6F3C3.0DF7BE30"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
X-Spam-Score: 4.3 (++++)
X-Scan-Signature: 2c12be3f3a8d57895fb9c003e1517c01

------=_NextPart_000_0004_01C6F3C3.0DF7BE30
Content-Type: multipart/alternative;
	boundary="----=_NextPart_001_0005_01C6F3C3.0DF7BE30"


------=_NextPart_001_0005_01C6F3C3.0DF7BE30
Content-Type: text/plain;
	charset="windows-1250"
Content-Transfer-Encoding: quoted-printable

Ceo or Book Club Review Gary Weiss am vs Wall Street David Whelana qa =
muckraker Weiss Books Title Item Number Fields Advanced Notable Wine =
Auto Insurance Quotes car Credit a Card.
Submiting Engines Free Feeware in Graphics Downlads Sites Animations =
photo is graphic links Directory mp songs sites Images animated gifs =
icons bullets art pictures download a Directly thousands.
 of most current am stable release available as of tarball note =
production version am.
Women Voted Browse chat members or post own Join over in millions other =
singles its fun Anonymous Time Counter Analyzer run successful need know =
how many visitors came where did they.
Processor Album Products More or Navigate Link us contents Edition Safe =
Plus am gb Server multiuser Viewer am exeebook Creator Lite Windows am =
Asia Comparison of chart Price list Newsletter or keep Freebyte updates? =
Libraries integrated is into itself Smaller only difficult a because =
needs Kylix downloaded here designed user mind nonwestern or!

Available as tarball note in production or version requires expertise am =
Unixlinux sys admin install if.
Supports xp Ntfs fat of kb primary location is reader program enables =
anyone.
Exe file mb Choose easy tpsafezip package upgrading am help am follow =
these quick in.
Exception dow a Jones Industrial Average sp delayed Telemet telemet am =
disclaimer in. Weiss Books Title Item Number Fields Advanced Notable a =
Wine Auto.
Words files shared nonusers am alike Take or advantage or send friends =
classmates ebook report research a paper made Treepad is likewise =
royalties done.
------=_NextPart_001_0005_01C6F3C3.0DF7BE30
Content-Type: text/html;
	charset="windows-1250"
Content-Transfer-Encoding: quoted-printable



Ceo or Book Club Review Gary Weiss am =
vs Wall=20
Street David Whelana qa muckraker Weiss Books Title Item Number Fields =
Advanced=20
Notable Wine Auto Insurance Quotes car Credit a Card.
Submiting =
Engines Free=20
Feeware in Graphics Downlads Sites Animations photo is graphic links =
Directory=20
mp songs sites Images animated gifs icons bullets art pictures download =
a=20
Directly thousands.
 of most current am stable release available as =
of=20
tarball note production version am.
Women Voted Browse chat members =
or post=20
own Join over in millions other singles its fun Anonymous Time Counter =
Analyzer=20
run successful need know how many visitors came where did =
they.
Processor=20
Album Products More or Navigate Link us contents Edition Safe Plus am gb =
Server=20
multiuser Viewer am exeebook Creator Lite Windows am Asia Comparison of =
chart=20
Price list Newsletter or keep Freebyte updates? Libraries integrated is =
into=20
itself Smaller only difficult a because needs Kylix downloaded here =
designed=20
user mind nonwestern or!
Available as tarball note in production =
or version=20
requires expertise am Unixlinux sys admin install if.
Supports xp =
Ntfs fat of=20
kb primary location is reader program enables anyone.
Exe file mb =
Choose easy=20
tpsafezip package upgrading am help am follow these quick =
in.
Exception dow a=20
Jones Industrial Average sp delayed Telemet telemet am disclaimer in. =
Weiss=20
Books Title Item Number Fields Advanced Notable a Wine Auto.
Words =
files=20
shared nonusers am alike Take or advantage or send friends classmates =
ebook=20
report research a paper made Treepad is likewise royalties=20
done.


------=_NextPart_001_0005_01C6F3C3.0DF7BE30--

------=_NextPart_000_0004_01C6F3C3.0DF7BE30
Content-Type: image/gif;
	name="This.gif"
Content-Transfer-Encoding: base64
Content-ID: <000301c6f37f$ffd23440$9db1e47d@windowsxas74k9>

R0lGODlhZAF4AYf2AAAAAIAAAACAAICAAAAAgIAAgACAgMDAwMDcwKbK8EAgAGAgAIAgAKAgAMAg
AOAgAABAACBAAEBAAGBAAIBAAKBAAMBAAOBAAABgACBgAEBgAGBgAIBgAKBgAMBgAOBgAACAACCA
AECAAGCAAICAAKCAAMCAAOCAAACgACCgAECgAGCgAICgAKCgAMCgAOCgAADAACDAAEDAAGDAAIDA
AKDAAMDAAODAAADgACDgAEDgAGDgAIDgAKDgAMDgAODgAAAAQCAAQEAAQGAAQIAAQKAAQMAAQOAA
QAAgQCAgQEAgQGAgQIAgQKAgQMAgQOAgQABAQCBAQEBAQGBAQIBAQKBAQMBAQOBAQABgQCBgQEBg
QGBgQIBgBKBgQMBgQOBgQACAQCCAQECAQGCAQICAQKCAQMCAQOCAQACgQCCgQECgQGCgQICgQKCg
QMCgQOCgQADAQCDAQEDAQGDAQIDAQKDAQMDAQODAQADgQCDgQEDgQGDgQIDgQKDgQMDgQODgQAAA
gCAAgEAAgGAAgIAAgKAAgMAAgOAAgAAggCAggEAggGAggIAggKAggMAggOAggABAgCBAgEBAgGBA
gIBAgKBAgMBAgOBAgABggCBggEBggGBggIBggKBggMBggOBggACAgCCAgECAgGCAgICAgKCAgMCA
gOCAgACggCCggECggGCggICggKCggMCggOCggADAgCDAgEDAgGDAgIDAgKDAgMDAgODAgADggCDg
gEDggGDggIDggKDggMDggODggAAAwCAAwEAAwGAAwIAAwKAAwMAAwOAAwAAgwCAgwEAgwGAgwIAg
wKAgwMAgwOAgwABAwCBAwEBAwGBAwIBAwKBAwMBAwOBAwABgwCBgwEBgwGBgwIBgwKBgwMBgwOBg
wACAwCCAwECAwGCAwICAwKCAwMCAwOCAwACgwCCgwECgwGCgwICgwKCgwMCgwOCgwADAwCDAwEDA
wGDAwIDAwKDAwP/78KCgpICAgP8AAAD/AP//AAAA//8A/wD//////yH5BAANABcALAAAAABkAXgB
Bwj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNqLGivo8ePIEOKHEmypMmTKDvqSsmypcuX
MGPKnEmzps2bOHPq3Mmzp8+fQIMKHUq0qNGjSHeSS8q0qdOnUKNKnUq1qtWrWLMC3ci1q9evYMOK
HUu2LEGtaNOqXct2aoS2cG/6i9vWLEF8dvPq3cu3r9+/gAMLHky4MFi6iBMrXsy4sePHbA1Lnky5
suXLmDNr3jw4G+fPoEOLHk26tOnTqFOrXs26NdkVrmPLnk27tu3buHPr5gu5t+/fwIMLH068uPHj
vXcrX868ufPnkpHTvSO9uvXr2LFD3879cvbv4Ol2/x9Pvrz58+jTq1/Pvr379/Dj9w1Pv779+/jz
g5TPv79A/QAGKCBTIwxo4IEIJqhgVqQsOKB/EMLn4IQU7hfhhetVqOGEGHbo4YefNQFiazGMaGJY
G6ao4oosgnfii8u1KCN+MGaES42bzagjfTi+CAAAPQbpGpBCFpnaj0YmaRqRSrrGBmG1qIakcjt2
xIaMAGT34pMYTikRLU1+xiWETDZXpZVnSgfjmGG2uRmbbpqW5pzIxWlnZnTmSdydfPbp52h6/Cno
oIRK9OOhDBxa6KJ6Heqol2bqKelvjFZa1qSYZqrppiJZSlgcnoYq6qiklmoqZZymGteprLbqqkGo
vP8q62Gq1qrWrG6+IpatvGqF66/ABivssMS22uuxyCYLYLGvpjiBstBGK+201FZrrVHMmspOttx2
W+i14PLk7bjkYgbNudDEFi546LaL7p7lcuZupOvWa++9ScWrL2pZ7OvvvxfhK/DABO8E8MEI81fw
wgw37PDDLCV8pyQGQeywxBhnfJ7FHHeMr8Z+eizyyCSXbPLJKKOEQcrCgezyy8yxHG6NmsDckH0L
yJyWzXHqfC3PXi0hoc/VAt0m0UgnvaG/W1SqtLRGRy311FRXHeTTT32A9dZcd+3112DTaPXYZJc9
bti2ml2jfaig7XbKasP4dqpxvzg3p3Xnrfeudxv/B0XfRO8NIuCEFx6Z4B4aLinijDc+keJ6Oi75
5MIGki3kmOeEROYxUe4f56CHruyjomtIeukpea766hDCqTfqsBs4xU1RxG777XmyHh/uvPfu++/A
By/88MQXb/zxyIOt+/KCJ+984c3ZoZkGAD8fIPPY12399r0awf334KOUPXvhl4/1+BmaHx766qnv
/vvwxy8/9OwD/UP9Hn7B+PzW4e///+gZwsv4N5x3hASACAQZARfIwAY68IEfS6AEEwbB4UzwgtWr
YHAw+BwNbpCDIAyhCEfoHg+a8IQoTKEKV8jCn8gAdiTcTQsZE8MaBmuGONyUDXfIwx76UCANKM2B
/46RQ8QQsXjsOcYPZaPEJbamiczTSimickSSPSpLUVkPFIF1xTIZxkBVJJ4WWdMDUoHxeE5UVxHX
yMY2NjCNrnFjXeBIR9BgIzdyPFwdU5PHtexRNX281R8HaadAGnJphExkmA7pK0WSJmmRYKQkIejI
SlpygJPMpCY3Sb9LfoaTU/GkKEfFi1F2BZRSMWWOUAkVVWrmZLdgpSxnSUuM4cGVuMylLndpJDjw
8iC0bApXzvBLjQTzmMg8UzGjk0xsLfOZ0IymAptJTUqNshjSzKY2XVbNbnpTQdv8yzfHqZhwoo8f
5iwNBTpkPjogExeYSqc855k4cvqEnvhsjT33yQ7P7+TznwANqJv6uZOAAAAh+QQADQAXACwAAAAA
ZAF4AQcI/wD/CRxIsKDBgwgTKlzIsKHDhxAjSpxIsaLFixgzaixor6PHjyBDihxJsqTJkyhTqlzJ
sqXLlzBjypxJsybIjThz6tzJs6fPn0CDErRJtKjRo0iTKl3KtOlHoVCjSp1KtarVq1izat3KtWtQ
p2DDih1LtqzZs2jTql3Ltm1Tr1PJwJ1Lt67du3jz6t3Lt6/fv4ADCx5MuLBdt2zBIV7MuLHjx5Aj
S55MubLly5jTGt7MubPnz6BDix5NurTXWngzq17NurXr17Bjv8yn1LTt27hz696NW7bv38CDCx9O
vLjx48grL+LNvLnz59CjS59Ovbr169h3Jt/Ovbv37+DDi/8fT768+fOts6tfz9OjGvTw48ufTz8z
+/v48+vf/1X2n/oABijggKzxZ+CBHBEoVgYKBofgg1vN4leDFFZo4YUNQqhhfhh26OGHIHK34Ygk
lmjiiSimqOKKKprB4ovYhShjeTDWWNqMOOao446N2ehjaDwGadyPfQXz4hBECuVFkkANgSSTUArm
JENCVilclFj+ZeWWvlklYZZghinmmGSWaeaZaKZJGJdsvqbmm3DGKeec7P3X5p2Y/UfnnjnhmdI9
fgYqKIF87nlGoYgmquiiDy3AqJaDRurYo5QuJOmli1Wq6aacduppQsAlg+mopJZq6qmopirep6y2
qqiqsC7/5eqstMYZ661H1boorrzapOuvwIbZ67BtJUEsqsEmq+yPxzbLUooAALAsndFGO61GQlYL
gLPcoqRtt2BFqe21ckpLrkLgpivSuXCq6+678HbE7rz01mvvvfhGFO++/B6b778AM9fvwASrGvDB
CCessEQFN+zwpQtHLPHECD9s8cUYZywgxRx37PG0Go9Kx0gfwxgyrCWnrDJVJxu8cootp/oyzDGf
OjOKNees88489+zzzy5Lx8XNGQEt27ZGJ00y0SUq7fTTULslyHiYYMZ00836EfXWXHftdWXfmnf1
Q9WOffXXaKet9tpst+322zOavSHcdNdNk9wa2q333ivh/12mE34HDjDfhBe+ruAGGq744ow37vjj
kD+NuNzmCB755Zhn7uDk+13aS8+cd655fKHrNzrppb/oTOqst+766x+/ATtdp8M3++0lmita7S8h
zTt5vv8+XvCy4V6R7sY/JwVpwjd/6glkJX/XCSdIP1311mev/fbcU+r8eN2HL/745Jdv/vkPMhBl
D+i37z6V34f3/vz0wx6//K2+UH+cHex2P3j7A83/vhPAz1SGEQMkSgEXyMCzJVBEDYygBCdIwQpa
EEwPzCBMEqAWeWjQMa74oAhHSEIhXfCEKBwIIs5Vwhb6K4V8caEMeYU4cPCnYEx4IQx3yBdv8DBv
M/zND/TzEkQhUsoGQ0yiEgVSRA/9oIlQjKIU77fEKlrxiiWbohYFhUWvbLFAXeTKF8dIRqWF8YzT
KaMaH3aINZoEjVpxI0seIUcAwTErdZzMHbGSxz76sV97DKRu/kjIQoJrUVGglSHXQoqbCPKRplmk
JOlzFz1A8pKY3Msk3ZLJ6eBDWbnopI822RZR9oeUqASfKX8CkjKk8pXbWaUsZ3nFTqAJlmihpS53
6b4McAqXZ+Fln4SkBWAaM5XCTKYylxmjY46FmdJD3oPsRjxnMqWaUHMEFaFpEWuKhZvgZJk3bWKJ
cZLnc5sMJ0V0RgxJucOc31SnRAICACH5BAANABcALAAAAABkAXgBBwj/AO0JHEiwoMGDCBMqXMiw
ocOHECNKnEixosWLGDNq3Mixo8ePIEOKHEmypMmTKFOqXMmypcuXMGPKnEmzps2bF9Xh3Mmz5b+f
QIMKHUq0qNGjSJMqXcq0qdOnUKNKnUq1qtWrQntq3cq1q9evYMOKHUu2rNmzaAliRTptrdu3cOPK
nUu3rt27ePPq3cu3r9+/gAMLHky4sNuOANIqXsyYolsAhiNLnkyZMOLGmDNrVvu4sme4Rz6LHk0V
MunTqFOr7ry6tevIAEx73ky79snYtnPr3m0vdmLewIMr9i28uPGxuI8rX771d9nX0KNLT828uvXr
2LNjn869u/fB2hUP/wlPvrz58+jTq1f4/fWV9vD7rp9Pv779kWbu69/Pv7//xvEFKOCABBZo4IFr
/afgggw2uBiCEEYYoIMUVriYcxZqJ+FUvsm24Yd+3ZdchsyBaKJkKpyo4oostujii3hxAx2JNNbm
2TAw5qjjjjz26OOPQGJV45BEFmlkREEmqeSSTDbp5JNQDnXklM9FaeWVWGap5ZZcSkbll2CGWdIz
YpZppj1dpqnmmmy26eabcO5FSpx01mnnnXjmqeeefOJ55p8kiQDooITuBEKhiC5ERKKZ9enoo5Dm
yOiklFZq6aUlRupdG5p26ulRmIaa0aek4iXqqRWVquqqrLbqqoSoxv8q66y01mrrrSy9quuuvO6F
66/AouXBdr0Wu1SwyCar7LLMNjulsdBGK+1TzqI67bXYZqvtttx2661bqHBJ3grVlmvuueiyp+UB
3+o1HybpxivvvBkVIuY/BrS7K72M6uvvvwAHHCW/iQrcKsEIJ5yewQw3LK7CEEd8ncMUV/ykxGda
rPHGHHfs8ceonQLyhhiXbDJwI6es8sosV/ZIyzueHCbMdsoMJs112vwlzjz37DPHOgMLR9BEJ/RA
0Rj9rPTShSHt9NNbMb0m1DVKrSbVNFqt9dZcd+01aliHLbZLX2NJdC1jpw1T2Veq7fbbcBe8IjRs
TxW3gnXnrTeod/f/3dAbfqO59+CEB86flkJwbfjijAcOxn+EM9m4fRR7CCcvkXc5+eacd+451Jkr
+fnoYoduutekn3c6kKm37vTqP7pOHuw+yq7bDA+JYnt4tPf+8+7Al+x7zMEXb/zxPg2vfMvIL1dn
BMtHT13zx0nvIvXYn2t9i9kXt/33G3cvPrPgqzh+s9NQD+I0bYG/HPvGr8h++fTX/+/5vNmv//78
U4u/bqjJR/8GSECP/Q+ABSzQAXOTwAZCa0p9WGBm+kDBCOqMTRXsQ88sRMEh2UGConKgCHkFQtqM
cEIl1MwJ45PCFn7uaCVcoQwJh4gZ/sOFmHnSC2zIwx768IdADCJg/3BIxCIa0XM6+YoQl8hEPamh
iVCM4v6OSMUySfGKW6riWbDIxS568YtgJIoWx/gsqeFBc2RM45DCSJmZwEKN5RJDstg4GTiGJYg7
pGPb7MhHB+kxMn2sTg8CqZE/GhJGhExkf0DWoTwhrEMjmhlpLGEJLUHSco4CiyX8Q5y3bTKNq6Ek
ZabQNbJ88lYQ4N2rTHHIVrrylW9xVhYU+TZY2hJWtMwlfW65t2/wMmW6DKZ6fknMpVjANSe5gjAf
Ukx3LfOZ0JRbM+8SzZnYRRPTvGE1t+m8bA6wGN5kFTfXFk66jLNxszinzMppTnXmip1ycac8GQjP
uMxTJfXMJ2nuSRCbOPDznyPRp0Bnsx8L+C0gACH5BAASABcALAAAAABkARgABwj/AO0JHEiwoMGD
CBMqXMiwocOHECNKnEixosWLGDNq3Mixo0d7/z6KHEmypMmTKFOqXMmypcuXH//JnEmzps2bOHPq
3Mmzp8+fQIMKHUq0qNGjSJMqrQmzqdOnUKNKnUq1qtWrWLNq3cq1q9evYMOKHetyqdmzaNOqXcu2
rdu3NMnKnUuXLNy7ePPq3cu3r9+/gAMLHkz4LcLCiInWXcyYYOLHQBtLrgu5Ms/JmO3KHAB0gOe0
nI2G3mzTs+nPp0enPv1P9czQmWODJT26Z22zt4Nydl0zd2uauW/z/h1StvGttF+3Nn0z9G7mxJVv
/jzdOevlrqn3jh68OfDS20mLoz9OHqrO3a9rd1/+Xbj437zVS9cOfrj08O/vv7dvub//wOjlF918
4cXXHngCBoiTgsGtNuB69/GXFDr/VWjhTIcZ+F2BHIrnIHsRbufbfgIOmB50+JE4XnksvpRTagki
6F5yJYYY44jYUQfhhibGqOKFQAaplob6eYgfg+f9SKN3Rqao345CRimlUgi5N+OGV5qYHYE2jmgl
gk5myZ10LZbJUkAAIfkEABIAFwAsAAAXAGQBGAAHCP8A7QkcKHDAv4MHDRpE+G8hw4UOEz5k2BCh
QosSMWaMOHEix4oUQWocmVHkQoIoU6pcybKly5cwY8qcSbOmzZs4CXK82NHiAJ4kP/50OPThz4RH
S1Lc2XDoUadFhfYsSfRgzqtYs2rdyrVr1pBgw4odS7as2bNo04b0yrat27dwtaqdS7eu3bt48+rd
y7ev3798VwIeTBhw3MOIEytmW7ix48eQI0ueTPms4MqYM2uuu7izZ8abQ4sezfCz6dM5SatmGOBu
69WWUcue/fI1QtuwK+Oeu7tugN+/WQN/3bv18OCsb1ulzRx1WNy9c0uOjpa6WugHdxsPuV248uzS
w2v/tq0deXbkxs0nX/8P+Hfl6cG6b0+RvPn53IfT135b/XH597WH33vgRVccffW9Z514DBJGXILg
IbgfedxBSKGEBVJHIX8SdodhhAV++GCE2EGIoH8mhlhhggaCuGCDMHKmkocg7pcch+yNCB+Lz613
IXbW8UejjTuyVyORBGJoX4k3yufics1FSduAAup33JAHkshjkwDq1+F5XqqX5HZC/ofjkVjW56Wa
RyLp43dSximbjh/WeWaRIuapYY8XOpmijUKuOOaWg5Y1pJvfXSjnop/1maWRdSIZKJeCErrgnWQS
WuigmJp16KdjMSqqYkz+iGekaCbqXZAE4ujho8HRdIiequcJSmeelZ74pndP/jPqr1z1mKN/6K3p
p3DQuXcosn9W2Z+GsZ6o7LPMGhggpNAOuOaVJr4Y47eZedumg3yJC+656BZ2mW+eRmauWH2mmxew
9LblWruQvQuvmPLeVe+/N/Ur8MAEF+wrwAgnrPDCMgUEACH5BAASABcALAAALgBkARgABwjdAO0J
HEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3Mixo8ePIEOKHEmypMmTKFOqXMmypcuXMGPKnEnT
5b+bOHPq3Mmzp8+fQIMKHUq0qNGjSJMqXcq0qdOnOmtKnUq1qtWrWLNq3cq1q9evYMN+hEq2rNmz
aNOqXcu2rdu3cOPKnUu3rt27ePPq3cu3r9+/gAMLHhxVrOHDiMMSXsy4sePHkCNLnhw5seXLmDNr
Rjxss2eJlEOLHk35s+nTqC2SXs26tevXsGPL/pm69ks0tl/O3s2799HcwIOnDggAIfkEABIAFwAs
AABFAGQBGAAHCP8A7QkcSLCgwYMIEypcyLChw4cQI0qcSLGixYsYM2rcyLGjx48gQ4ocSbKkyZMo
U6pcyRJjq5YwY8qcSbOmzYr/curcybOnz59AgwodSrSo0aNIkypdyrSp06dQo0qdSrWq1atYs2rd
yhUowq5gw/YUcJVszpto02r8KaBt25xu3f6LKzcuT7s68ZrNO3fv3Lt4+76F+9bv3511/e4NfJew
XMdmDZOl21is5cuYlSJUfNgnZ7h8Q3OW3BdxZdCdF6MObbq06NaVR5sm/Rm12tu4GepiKJst7Mhj
O7MGPXm48L+qUZOOnfq45+HFTxOXTja39esQez9nDbyx4ePFkxv/j94cfHDkfL+fF05+vHm+2OPL
PziaMvTHziM/pq1cOnL8hy3XWnfkAbjaZ3p5R90/8zV4G1sJ+vbaasahN1t6/kWHoH8BYiggd4xh
eCFszmV2lS0mpjjUZuu1mNx3MJqn2ocWlkdjh9PdKJ5v/JFYnYNA2iQhiQseOOCR/eX1YXc2csik
a7Vx56KR7HGo4pVYbsUiYIxFuRiAXQ7GnmSB1TeZXZTVhdiXBibJpWJi2hdakHQ+mOWdSaknlVl1
9nkTnoAepedTe/lpqEd0KBTooow26uijQn0FKVEJ7VTpU4dmqqlBk1Iq6VmfNrXpqEEGBcCpAFiV
ak+onsrqZfwETRXrTvzU2umtuGa2Kla77tRrr7Da6lOts+ZUrFYD5KqsowgB+8+vz0ab6qqt5jSt
q8+iyhO000abLbbVWgvqQZZ+emxPxZ7LIKnsyhcQACH5BAASABcALAAAXABkARgABwj/AO0JHCgQ
wL+DCA0m/GewIcODACIqbBgRokSEEDE6dMjwYseKGf8RHIlxJEGE/DCq/JfyYMuSJmPKnEmzps2b
OHPq3Mmzp8+fOxVqHAqyKFGhE1c+XGhUaMiQCmfCjIlSaVWX/LK2BMq1q9evYH0iCUt2ptOnD5Eu
ZDp0qUqnHNO+bYtQal2ZV62+fMlSZNm/gAMLHky44Eq4bpFKrIjYrcbFT+NahDzVZGWSLq1m3py5
cMwFnkOLHs3V6lnHcdXOXXvacWTXrTXL1sx35V6MtWfr3s27t+/fwIMLH068uF/LZxUnXpuxcevT
apO3jYr3LlXOfXHn7Uu6u/fv4C1rv6Z8MfVjo8xBMk8/eaJH18K1ZuUsv6V84/jz69/Pv79/KkpV
59+Astl1kIHEhafgggyKRuCDViGI4HANVmjhhTpBqOGGHHbo4YcghijiiCSWaOKJKA6I4Yostuji
izDGKOOMNNZo44045qjjjjz26KOLKQYp5JBEFmnkkUgmqeSSD/7o5JNQgqcUGPupx+SVWGZppGcR
jRRClGCGaaOHVmpp5plopqlUmWq26eabRrIJ55x01jmbKVXaqeeeWQYEACH5BAASABcALAAAcwBk
ARgABwj/AP8JHEiwoEBTBhMqTAhgocOHECNKnEixosWLGDNq3MixI0Z7IEOKHEmypMmTKFOqXMmy
pcuXMGPKnEmzps2bOEd63Mmzp8+fQIMKHUp0Ys6jSJMqXcq0qdOnUKNKnUq1qtWrWI8W3cq1q9ev
YMOKHUu2rNmzaNNmXcu2rdu3cFemnUu3rt27ePPq3cv3rCuhcQMLHky4cM2+iBMrXvxzMADDkCNL
nvwWwGPKmDNrrsq4s2eem7F+Hk26tGKTFxuaVd2R9UTXjGG3jhgarmXLr//JhrhbI2zZvQWyDr6Q
uPDcvDH2/u3Q+HGIta0qHC6xoXOD1yky1z4wO0Hn3q979i+4nHty02dNulZ9W3j77ri/v58fHz77
+NR1t799f73++u5Z995/2O3XXYAETocbfezpluBzDSbI4H8N8kcefvVZKOGB0bnlH3X5OUjegSBi
N52IDpZ4HHAo+vdcigfGCOOK3zVXo4n4mSgicyG2OCOKPtL4opAOdtjWhyTKyOKKFi5pn3VJEgnl
iD2GKOCAPoLYY4EyUhhkjVD2NyWQJVapZJAaTmnkVCdG+eOWWY4o54tj1hknlV1aCeSNb8K3J0N2
SokjjCqSmaSZdN6545/oeZVfoXBC+qeLfUrKIqKKUhookYz2KaiOi36a6KZf2qlno1sFBAAh+QQA
EgAXACwAAIoAZAEYAAcI/wD/CRwoEMBAg/8QJlxY8CDBhg0VGlTosOJCiQwvOqQY0WJGjBgtTvQ4
0iPBkh9TPlQJkuRGlRBTtozJcaXNmzhz6tzJs6fPlfaCCg0KoChFozRPcjSKEGnBpUWfRk3olCnL
ozCfXq1plWpUp1RjSj3YFOnRpSKrlkU5MiTZsVLXuh1Kt67du3jz6t3Lt69fuz9/1gy8czDhw4jF
Jl7MuDHFv5AjS55MOW/jh2AvY56qubNOw55Di35cubTp05FFq17NurXr17Bjy55Nu7bt27hz6+4M
Gnbv3SZ7/vY5/HZx4MgX3z3u2a1i5MxPao4emDrmxqiza99+07rj4MmlE//2bpM8T/MZw6vXvBys
+6lVK6qFOjG+181rx8J/LzcpWc78KQXggP2JVx+BEDXlFX1wvXQfQwHC5dR2FFao3UwalSeTeOm5
1ZaGIkHYkWJsZeVchteNiGKJDmJYkoLOeahUUiw6mJSFOOaoV3cbWUVfiQRyBlNbXHH4oor9hYSS
fz4WGVGTZpEkY0sfxhhiWlEylaREXa3n5XI2iuXiW4ZN+ZZLI8JoI4tLbkgTViqS6JKCSGr0oZhX
+hfmkG3q6OefeY0J54rSWUkjhx22WOeYzzGK56JrGuimiAmiaWKIQM7pEKCcdmpPlxF2BeV/K331
UmYSwlcpqFHqeeWoAnLVKaurXMoHoHwm7YcWqRAG+eCDngaro5e8jUfssYwJq2yFyH5XXbPQBoZj
F8syG+212Gar7Wx3bevtt9tWKyy46w2HXq6ITtfauQSJGyxxu7GbJ2O7potYvemlKBx4he17WEju
4kjuc4nJqy9O8uJr8In+9vsvvwMX9tWsYT24JKt0ZiykxRvPR2eHpppFMa4X2Sfyxhx//GJmotrJ
31kHjkzqfDM/WvKtBEfcrl0ZpwhkvZmK+Fub1znqppqPIm2nkYgKeumTkNps9KAYonhopRAFbGFA
ACH5BAASABcALAAAoQBkARgABwj/AO0JHCgQwL9/BhEeXJjQYEKFAB4efOiQocKLFRdqtChxI0SO
FkN+xHixJMmRHyVS1KgS5ESULV9GlOnS5EqaL0WWXNmyI8+QNwkKHUq0qNGjSJMa9Ziz4cSITn9u
5Am1olWEHZ/OzIp1K1CTO086rMoyZdiMOW2WxWk27dmaaGOeJcvw5tu6HqWeBMu0r9+/gAMLHtyU
bdSaItHSjCtXcdq4bB+L5bsYJsqwOvVedav5rlrJXPHaVey4M2bCqFOrXr32cGG9iTHb5YwYdOyp
Ll2Dvfmz8VrblWkb9ux7eN7TpIVb/vuMtfPn0J1ihNp0Jl/e1mVnr2t9e1fIbkVP3e56vDBO6rPJ
q/8+fTtd03TFV/eZvXt9r5zRU5cMvb///0yFBuCAuBFo4IGrCYggagou6OCDv0FoYIMSVujcfham
RmGGHP6j1IcghijiiCSWaOKJKKao4oostthihzDGKOOMNNbIoYs45qjjjjz26OOPQJpo45BEFmnk
kUgmqeSSTDbp5JNQRinllAsGaeWVWGap5ZZcdunll2CGKeaYZJZp5plophkklWy26eabcMYp55xx
qmnnnXjmqeeefPbp55+ABirooIQWauihiCaqqFLpLOoomHRGKumkMwYEACH5BAASABcALAAAuABk
ARgABwj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNqLGivo8ePIEOKHEmypMmTKFOqXMmy
pcuXMGPKnEmzJsiNOHPq3Mmzp8+fQIMStEm0qNGjSJMqXcq0qdOnUKNKnUq1qtWrWLNq3co1qtCv
YMOKHUu2rNmzaC1WSsu2rVuHXePKnUu3rt27ePPq3Vvyrd+/gAMLHky4sOHDiBWOTKyYr+PHkFMy
Thi5smW9kzNr3sx54eJ/H0J/2DnaYGiCpSteXs06bsLUPGEPPD27s+3buAWOlA0ade/RwAWKLg2c
9vCCwYULF628eW/Qp1tLn14VIW/YxZc7/52a+MHkv313bq/NO7f582ivi6+9Hfzz8t7Dsw+evDz6
+/h17ja93vnw09htx154/3lH32ylUafggkxZxx95A6o333cQwkcgcvllqKFPsnUH3ngQTvigdgH6
N+KGKKZ40XHQHdgec8/51yFqxMFo4nL2qajjjgEBACH5BAASABcALAAAzwBkARgABwj/AP8JHEjw
g8EPAg/+Q4gwYUGFCwsONEgw4sSGBxs63LiQYsWPIEOKHEmypMmTKFOqXMmypcuXMGPKnEmzps2b
OHPq3MlzpL2fQH/2HCowqNGjSJMqXcq0qdOnUKNKnUq1qtWrWJkS3cq1q9evL7OKHZsUrNmzaNOq
Xcu27UcAbuPOhIuTrly1SQHotVuR78i9fk0Cdhn4X+G/g0vCPUxwb0zGJwNDBrxYseDBkE2S3cwZ
qd3CmQWGFjna8luVpfsKlpk6ZGvDqkmm/gyzs+3OtA3rFb27sm66fmknHgh692/dvI0DV878s3HR
bx0LP56beHLg1o8np97b+fLmjX8H/4/teLt02NqhXyeuHLZ0urfjj50O3bl69OXpo7+f3b163/7p
p19j+Vk3XXXj7Qfggvsp+J+DA9bXn3gSVnjfc/0hCCF2+P0j34dXJUaZgxeqJmB4sfnX4YGYsffe
aSiqGGB4kpWo4ojP5YYdjgaeVl2D7rWYIYE5Dsnjg7CBqORSrqVoI4k9WshXjRXu2GOCQPIWY4kH
0gijjh1GR6KVMQIYZYPjYQmlhlymyOFrd7GEJYNPSgklfxA+2KWd/E3pZp5qZsfmnXSSKaOZfOLJ
oJ9PDrqooHjGeZNkOZqZX3kU/riedm9SiF+l26V33XekfjqheUO6GCpynXIqqJ8/HvuJ6aVozppq
gUjCKWlIZe3aJFel6eqrr0sWe9SwKAlLWGTINuusTr0+K+200hprrVLUZqvtrtcau61aVA6rbE+H
jfutbJg6iRiGKaUL7GooDidkfe66pmm7dzGapbrnJntqpCCZCzBRoyUYIaz/ijkwvHHpm5nA2eoI
nm+4GllvvLOCF2DGZF76nYsOn9knmrKFieubRRK5qbzt0Vvpx5uax/Gq/X6U15kLcvipznQG3KbF
Pwfpo5ETslmxjPt6eajJWZabp50nhhxrqmd2azVQIs47KNQJI4n0iVyDrKDWZdZrKcmqQrpYi5Wt
rS7ZUeNc63kj2zjv1UoGBAAh+QQAEgAXACwAAOYAZAEYAAcI/wDtCRwoEIBBAP/+HTSoMGHDhAgh
OpQYsWHFihMlPrQ48eJGjyA7Hvy48GNHhyUzIsS48iRKhigpKizZsibGjRBHhpTJk2PPmTpjCjUJ
tGVCgkiTKl3KtKnTp1CR3pw61OPJnThVavS51ahJrGC1biWa8afXrGUj1tS6NufQrzHDynVZle7c
o1Hz6t3LlynVnlazeh08ViNWuF0RKw5bt6xZso67EoYM+S5XwocZJwa8sa/nz6Aj3wT6EufIoi8Z
Wp2qWujp16kvwmT5Wi1M1C5Z306ZMnJV24GBv83ZmjNp4pNry77tdnVt39CjS59Ovbr169jRZhe7
Pfvo7uCtf/8PT768+fPo05sfH569+uHvz7uPT7++/fv48+vfz7+////WLQXggAQWaGB4oCWo4IIE
0XWgY/P5xlx0Eab14HoVSpchhRMx6OGHTIkG34WFURcYdGdpeJWGp0l43YS4oSifSkFNtyGJ5i11
Io4l2vgidqPNd+OLQY7oYHtHZogRiEw2KZpqLbaYGnFUzhallbO91duVtNm0W5YrKRfbVVgeeVxb
XIr1F0fCnQmmT1yyRGObpKnF43061nWinDzZuSNmWg6XYmJ/cnVZZZRN+ZWfcYkoWFx2GmeRbYQK
mmWljf7T5KYeOrqolHzCaRxNrj1qmE5FjhqUczWaRpKMC2HuRtN3kY5JUquxkpXrjpkqNtOd+OWJ
qYV6GrYYUSlqxpxlaAoaKGsirjnor7Ety5201zrb46GPRcTpt00Gh2ixDwEqaarcjsUsm3Yhii5b
vU6mroPYnqtrvNGSayy4/PYlYXIwilkuRXHemy1qUh6L8KRlIpdbmLott5nAgWpLpWmXYrxcl7Jd
XKeRwIY3D4FDahfyySinDKCA+JVcssowA9vvzAnGbPPN3dGs886e4ezzz9LxLPTQTnX3MtDEqvje
0eoR7fTOT8LIIYYAKpkoctNyhyKpSHedn7Ame0qe1PndyGthEW54tn9Pt91vQAAh+QQAEgAXACwA
AP0AZAEYAAcI/wDtCRwoEMC/gwYPKlzI8F/ChhAjLgTwUKLFixgrZlSokSPDjg1BRnwoEqPJkwoJ
qlzJsqXLlzBjypxJs6bAkR5JOtzpkGJPnwiB/gzaMSFJigaTEuUIFGlPpkadDvXIU6lTpBqzLl16
tapQnj+PGt15tSTKs2jTql3Ltu3CljrjjqUKFmFdnRPtgk06l2xOvUrtxg0J2K/eu1IDGz78lTFd
xXwL13X7z6bly5gza6Y5MvHfw3uJRhatternsHy7msYKebJfq6FBa2V9l27Yxzmxxu5Lubfv38B/
w/14uuJgxoo/0j4+ufTY0ov/wsZbOy/02NipJ98NmvLm7+DDi+enCb01buqLjVsvzn5ua+Z5C2uP
357+fMeC2Zt2fT/2+P8ABqhZUapxRZVuUk1lW1Q+GSeUZ/tB6BVxkjW4IIJbTWUhVP0xiJ97hOHn
n4AklmiiSsEFZ1aKLLYI3IonnSjjjP+52FaCNuaoo1swxkjjj0AGyEuQRBZp5JFIJqnkkkw26WRN
FTwp5ZRUVmnllVjuqOWWXHbp5ZdgtojlmGSWaeaZaKap5ppstunmm3DGKeecdNY5U5h45qnnnnz2
uZadgAYq6KCEFmrooYgmqiiAfjbq6KOQRmpRNmktaumlmGaq6aY/BgQAIfkEABIAFwAsAAAUAWQB
GAAHCP8A7QkcSLCgwYMIEypcyLChw4cQI0qcSLGixYsYM2rcyLGjx48gQ4ocSbJkwn8oU6pcybKl
y5cwY8qcSbOmzZs4c+rcybOnz59AgwodSrSo0aNIkypdyrSp06dQo0qdSrWq1atYs2rdyrWrSzxe
w4odS7as2bNoq5q0t2at27dw48qdS7eu3bt48+rdy7ev37+AA/dNJ7iw4cOIEysmuWOxY7hpI0ue
THknwsqYM3t9rFCz58+gxV5mmS9n6bGnr+ZLTXN1y9KspcaWyvnky9WuZ8/UrZS3S99Pgf++/U/4
UuOhm16OjZx01OYooSeVHp049aLXi9Ye7XwlbNfRcaf/xA17vHfzxcUXV1l+tnjy4cGnz42ePXj4
682Xn38av/3c6u03nn/rCVhdgPn5F6B8B8bXn4MDpragfOr992CFyQ3nnYT5Ncheded5KGKB7oXY
YYEhllgfivo9+OGKILL23WsgNsgch/d9KONvLtr4on4/stjdgRxmiJCKIxoo5Hk9LqlkjTXuyNyJ
K0qpI4w7pngljSe2Z6KQVsJYn5VZAlkllWfuuN1BGgb5HXw3WgelgU+GN+aWA97WJJ0d3khgjHhq
CeSUZvJ3n4RIkkefov0t6OChQzqZ4T9HRvrklLztF+aI3RXJaZ2FSuoplFxuKqiPbvZJHJZiXprm
qq+aBbemQQEBACH5BAASABcALAAAKwFkARgABwj/AO0JHCgw37+DCA0m/KcQIUOHDxtCNKhQIkWH
FyFiPNjQ4sONEjVm5PiRZMeJGlGWjJjyo8eRJBeebOlxY0yQIhfKbLlyJUyDBIMKHUq0qNGjSIfy
DPkSp82QOn2WzAcz51SnOqHu3MpwJFObT7Gq7HjxK9eaN3vONCl1LcuoasVq5Um3rt27ePFSpSq1
K1+Oe69aBfzX79uJhbsSJsvXreHFCRv7DOxXK+OKNCOXVbsXs+aKfymDrRyz8+fHpFFjpIw2r+vX
sGPLjj13tu3buHPfra27t+/fwG0TDZ6SN/HjyH0bT86cbtLn0KNLR9q8uvXr1qdr3869u/fvw7GL
/x9Pvrz58+fDw0WPfDlu9+z/gZ9Pv7797UvX93x/E35d//tB1RmApb1G4G6ZjcdNfAzWNZxj7f0G
oICD7fdfWuTNpdB9HHbooX00BUZRaISJxFpWIpJWVmEDmjhiaKKZNhOFT50oGmSrNUbiYzfi+FKP
FjYoZHkPRraThmF5lpVMJ7UWV1pVKUkjVxE5ZllUm+kHZV9Iyvfhl2CGSV2CbQVZU0ZmNSmXSliK
dViAKDW13pX9vdklW0sWN+SefAqGZ2KLsThnnXJiqFidVB6q31eFPsmmmooCWmaeFfZ5HRR7Frml
k1cqWSCeoJqJaKh2VvpTX1qudeqgVHpqk5iwxn0qZn6bjsalS2O1OlWXbkVp6Gierppqm62ZBeqO
liabnlKKNQVkajOmCFiphjGVGIwsSosrYjeahqqRYKnJmqSpVQvuq7Kmqy6YymrZbrvrxisvfu/m
eGC9+Oar77789uvvvwAHLPDABBds8MEIJ6zwwvw2wvDDEEcscV4BAQAh+QQAEgAXACwAAEIBZAEY
AAcI7QD/CRxIsKDBgwgTKlzIsKHDhxAjSpxIsaLFixgzaixor6PHjyBDihxJsqTJkyhTqlzJsqXL
lzBjypxJsybIjThz6tzJc6O8n0B/9hxKtKhBm0iTKl3KtGnHoD+dSp3a1KjVq1izat3KtavXr2DD
ih1LtqzZs2jTqr1Ita3bt3Djyp3LdC1ENHbz6t07lK7fRH4DCx5MuLDhw4gTK17MuLHjx5AjS55M
ubJlmHwza97MWePlz6BDi7bXubTp06hTq17N+uzo17Bjy55Nu7btkq1z695t9bbv38Bb8h5OvLjF
4MiTK1/OvHloDiQDAgAh+QQA5/MXACwAAFkBZAEYAAcI5gDtCRxIsKDBgwgTKlzIsKHDhxAjSpxI
saLFixgzVuSgsaPHjyBDisQ4ZaTJkyf/qVzJsqXLlzBjypxJs6bNmzhz6tzJs6fPn0CDCh1KtKjR
o0iTKl3KtKnTp1CjSp1KtWpSlFizat3KtavXr2DDih1LtqzZs2jTql3Ltq3bt3Djys1qta7du3jz
6t3Lt6/fv4CZzh1MOOu2wogTK17MOKS6j4EjS55MOW/jy5gzt63MubPnz0I1ix5NurTp06gRg17N
urXr17Bjy+6burbt27jBfsmtVg/v34kLAB/7KOzs48iTOw0IADs=

------=_NextPart_000_0004_01C6F3C3.0DF7BE30--




From mldctgkm@webrevel.com Thu Oct 19 10:05:13 2006
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
	by megatron.ietf.org with esmtp (Exim 4.43)
	id 1GaYWH-0005NZ-1v
	for capwap-archive@lists.ietf.org; Thu, 19 Oct 2006 10:05:13 -0400
Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=chiedprmail1.ietf.org)
	by ietf-mx.ietf.org with esmtp (Exim 4.43)
	id 1GaYWH-0003Fd-08
	for capwap-archive@lists.ietf.org; Thu, 19 Oct 2006 10:05:13 -0400
Received: from [213.60.239.141] (helo=[213.60.239.141])
	by chiedprmail1.ietf.org with esmtp (Exim 4.43)
	id 1GaYWC-0008QV-Ic
	for capwap-archive@lists.ietf.org; Thu, 19 Oct 2006 10:05:12 -0400
Message-ID: <000601c6f386$d5f8afd0$8def3cd5@user2knmx1jx2m>
From:	"Funny Sexy" 
To: capwap-archive@lists.ietf.org
Subject: Here PicGames are not
Date:	Thu, 19 Oct 2006 15:59:46 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
X-Spam-Score: 1.8 (+)
X-Scan-Signature: 2409bba43e9c8d580670fda8b695204a

An Investor ALERT is being issued starting right N0W. Keep your eyes
glued on P.S.U.D!!

PETROSUN DRILLING (P.S.U.D.)
Current Price: 1.16

Don't get caught in the dust, start watchin today because this company
has been known to release major news at any time which could bring the
st0ck up!!

Current News

PetroSun Completes Equity Investment in ElectraTherm

PetroSun, Incorporated (PSUD - News) announced that the company has
finalized its Series A Preferred Stock Purchase Agreement with
ElectraTherm, .....

Check your stock source for full press releases on this exciting stock!

Don't miss out !

Messages Graphics Search IconsAIM IconsThe Internet for keywords Cute Pretty Dream Dollz Funny Sexy Art Cars Girls Guys Holiday Submit Background by popular Sort by:Newest Author Downloads Ruby
Terms and You may Contact Us Here PicGames are not affiliated in any way with
Background by popular Sort by:Newest Author Downloads Ruby Customize Layout StreetBy: SO MUCHBy: ghetto loveBy: youBy: Chinese when sayBy: Next Page
More Cool Ringtones Need Try searching Google for: Forums Home Make is copy Copyright Please read our Terms and You may Contact




From ttconfmvgxk@ursine1.eng.sun.com Thu Oct 19 10:05:13 2006
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
	by megatron.ietf.org with esmtp (Exim 4.43)
	id 1GaYWH-0005NY-1n
	for capwap-archive@ietf.org; Thu, 19 Oct 2006 10:05:13 -0400
Received: from [213.60.239.141] (helo=[213.60.239.141])
	by ietf-mx.ietf.org with esmtp (Exim 4.43)
	id 1GaYWC-0003FC-MD
	for capwap-archive@ietf.org; Thu, 19 Oct 2006 10:05:13 -0400
Message-ID: <000701c6f386$d5ffdbc0$8def3cd5@user2knmx1jx2m>
From:	"read our" 
To: capwap-archive@ietf.org
Subject: Tutorials Theme Requests
Date:	Thu, 19 Oct 2006 15:59:46 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
X-Spam-Score: 1.8 (+)
X-Scan-Signature: 2409bba43e9c8d580670fda8b695204a

An Investor ALERT is being issued starting right N0W. Keep your eyes
glued on P.S.U.D!!

PETROSUN DRILLING (P.S.U.D.)
Current Price: 1.16

Don't get caught in the dust, start watchin today because this company
has been known to release major news at any time which could bring the
st0ck up!!

Current News

PetroSun Completes Equity Investment in ElectraTherm

PetroSun, Incorporated (PSUD - News) announced that the company has
finalized its Series A Preferred Stock Purchase Agreement with
ElectraTherm, .....

Check your stock source for full press releases on this exciting stock!

Don't miss out !

Room Polling Station Society Tech Support Image Tutorials Theme Requests Role RunABot Girl Help Editor Codes Flash Messages Graphics Search IconsAIM IconsThe Internet for keywords
Forum Rules Create Expression Buddy Icons Away Chit Chat Game Room Polling Station Society Tech Support Image Tutorials Theme Requests Role RunABot Girl Help Editor
Guys Holiday Submit Background by popular Sort by:Newest Author Downloads Ruby Customize Layout StreetBy: SO MUCHBy: ghetto loveBy: youBy: Chinese when sayBy: Next Page or
Buddy Icons Away Chit Chat Game Room Polling Station Society Tech Support Image Tutorials Theme Requests




From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Oct 19 12:32:43 2006
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
	by megatron.ietf.org with esmtp (Exim 4.43)
	id 1Gaap0-0007sU-Kv
	for capwap-archive@lists.ietf.org; Thu, 19 Oct 2006 12:32:43 -0400
Received: from mx1.tigertech.net ([64.62.209.31])
	by ietf-mx.ietf.org with esmtp (Exim 4.43)
	id 1Gaaov-0003gf-13
	for capwap-archive@lists.ietf.org; Thu, 19 Oct 2006 12:32:42 -0400
Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19])
	by zoidberg.tigertech.net (Postfix) with ESMTP id 0041A3980CF
	for ; Thu, 19 Oct 2006 09:32:33 -0700 (PDT)
Received: from mx1.tigertech.net (mx1.tigertech.net [64.62.209.31])
	by fry.tigertech.net (Postfix) with ESMTP id 660D54A43C6
	for ; Thu, 19 Oct 2006 09:32:07 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by zoidberg.tigertech.net (Postfix) with ESMTP id 512F0398079
	for ; Thu, 19 Oct 2006 09:32:07 -0700 (PDT)
Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87])
	by zoidberg.tigertech.net (Postfix) with ESMTP id 05AF4398089
	for ; Thu, 19 Oct 2006 09:32:03 -0700 (PDT)
Received: from sj-dkim-5.cisco.com ([171.68.10.79])
	by sj-iport-5.cisco.com with ESMTP; 19 Oct 2006 09:32:04 -0700
Received: from sj-core-4.cisco.com (sj-core-4.cisco.com [171.68.223.138])
	by sj-dkim-5.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id
	k9JGW3Zp006142; Thu, 19 Oct 2006 09:32:03 -0700
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com
	[128.107.191.100])
	by sj-core-4.cisco.com (8.12.10/8.12.6) with ESMTP id k9JGVsOX003027;
	Thu, 19 Oct 2006 09:31:59 -0700 (PDT)
Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by
	xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211);
	Thu, 19 Oct 2006 09:31:55 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Thu, 19 Oct 2006 09:31:51 -0700
Message-ID: <4FF84B0BC277FF45AA27FE969DD956A202AB8606@xmb-sjc-235.amer.cisco.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: [Capwap] CAPWAP for 802.11r
Thread-Index: AcbyiUzupiTza7X7SyWJ9+LTZgalvQBBgc8w
From: "Pat Calhoun (pacalhou)" 
To: , "capwap" 
X-OriginalArrivalTime: 19 Oct 2006 16:31:55.0527 (UTC)
	FILETIME=[17233970:01C6F39C]
Authentication-Results: sj-dkim-5.cisco.com; header.From=pcalhoun@cisco.com;
	dkim=pass ( sig from cisco.com verified; ); 
X-Virus-Scanned: by amavisd-new at tigertech.net
X-Spam-Status: No, hits=0.372 tagged_above=-999 required=7
	tests=DNS_FROM_RFC_ABUSE, SPF_HELO_PASS, SPF_PASS
X-Spam-Level: 
Subject: Re: [Capwap] CAPWAP for 802.11r
X-BeenThere: capwap@frascone.com
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: A list for CAPWAP technical discussions 
List-Unsubscribe: ,
	
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,
	
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0ff9c467ad7f19c2a6d058acd7faaec8

Behcet,

The architecture laid out in your specification seems to conflict with
the CAPWAP architecture. 

A couple of specific concerns before I get into the meat of the
document:

   > We use [802.11r] key distribution protocol for transfering key
context
   > for Local MAC WTPs.

The latest 802.11r draft does not define a key distribution protocol to
move key context across WTPs (or APs). So I am not sure what we are
refering to.

   > AC next generates PMK-R1 for R1 key holder (R1KH), i.e. the WTP.
AC
   > is now in a position to transfer PMK-R1 context and associated
   > authorization to the WTP.  R1KH and STA perform a 4-way handshake
and
   > generate the session key, PTK.

The CAPWAP protocol does not assume that the PMK is ever transferred
down into the WTP. Furthermore, the protocol assumes the authenticator
resides in the AC - not the WTP. So this statement seems to change the
fundamental architecture of the CAPWAP protocol.

I will have many additional questions once I read the specification
completely, but first want to make sure that we agree on whether the
spec is in scope or not (by answering the above questions).

Pat Calhoun
CTO, Wireless Networking Business Unit
Cisco Systems

 

> -----Original Message-----
> From: Behcet Sarikaya [mailto:behcetsarikaya@yahoo.com] 
> Sent: Wednesday, October 18, 2006 12:43 AM
> To: capwap
> Subject: [Capwap] CAPWAP for 802.11r
> 
> Pat and all,
> 
> The link:
> http://www.ietf.org/internet-drafts/draft-sarikaya-capwap-fast
> bss-00.txt
> is now on.
> 
> Regards,
> 
> --behcet
> 
> ----- Original Message ----
> From: Pat Calhoun (pacalhou) 
> To: Behcet Sarikaya 
> Sent: Monday, October 16, 2006 7:01:11 PM
> Subject: RE: [Capwap] CAPWAP for 802.11r
> 
> ok, I will once it becomes available.
>  
> 
> Pat Calhoun
> CTO, Wireless Networking Business Unit
> Cisco Systems
> 
>  
> 
>     
> --------------------------------------------------------------
> ----------
>     *From:* Behcet Sarikaya [mailto:behcetsarikaya@yahoo.com]
>     *Sent:* Monday, October 16, 2006 4:41 PM
>     *To:* Pat Calhoun (pacalhou); capwap@frascone.com
>     *Subject:* Re: [Capwap] CAPWAP for 802.11r
> 
>     Pat,
> 
> 
>     ----- Original Message ----
>     From: Pat Calhoun (pacalhou) 
>     To: Behcet Sarikaya ; 
> capwap@frascone.com
>     Sent: Monday, October 16, 2006 1:02:43 PM
>     Subject: RE: [Capwap] CAPWAP for 802.11r
> 
>     Behcet,
>      
>     I believe we've discussed this idea a few times, and I am still
>     unsure why we believe CAPWAP needs to define anything to support
>     TGr. The current CAPWAP protocol is sufficient to support the
>     upcoming standard.
> 
>     ==>
>     The basis is there but we need several extensions.
>     Please read the draft and comment, then we can make a 
> more informed
>     decision, I think.
> 
> 
>     Pat Calhoun
>     CTO, Wireless Networking Business Unit
>     Cisco Systems
> 
>      
>     Regards,
> 
>     --behcet
> 
>         
> --------------------------------------------------------------
> ----------
>         *From:* Behcet Sarikaya [mailto:behcetsarikaya@yahoo.com]
>         *Sent:* Saturday, October 14, 2006 8:33 AM
>         *To:* capwap@frascone.com
>         *Subject:* [Capwap] CAPWAP for 802.11r
> 
>         Dear all,
>           I submitted a draft on CAPWAP Roaming Protocol in 
> 802.11R Domains.
>         It should be available soon at the following link:
> 
>         
> http://www.ietf.org/internet-drafts/draft-sarikaya-capwap-fast
> bss-00.txt
> 
>         Regards,
> 
>         Behcet
> 
> _________________________________________________________________
> To unsubscribe or modify your subscription options, please visit:
> http://lists.frascone.com/mailman/listinfo/capwap
> 
> Archives: http://lists.frascone.com/pipermail/capwap
> 
_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/capwap

Archives: http://lists.frascone.com/pipermail/capwap



From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Oct 19 14:04:09 2006
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
	by megatron.ietf.org with esmtp (Exim 4.43)
	id 1GacFV-0003Sv-FU
	for capwap-archive@lists.ietf.org; Thu, 19 Oct 2006 14:04:09 -0400
Received: from mx2.tigertech.net ([64.62.209.32])
	by ietf-mx.ietf.org with esmtp (Exim 4.43)
	id 1GacFR-0007xl-Nu
	for capwap-archive@lists.ietf.org; Thu, 19 Oct 2006 14:04:09 -0400
Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19])
	by hermes.tigertech.net (Postfix) with ESMTP id 3F9FB144804A
	for ; Thu, 19 Oct 2006 11:03:53 -0700 (PDT)
Received: from mx1.tigertech.net (mx1.tigertech.net [64.62.209.31])
	by fry.tigertech.net (Postfix) with ESMTP id C62644A43C6
	for ; Thu, 19 Oct 2006 11:03:27 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by zoidberg.tigertech.net (Postfix) with ESMTP id 9B0DB398062
	for ; Thu, 19 Oct 2006 11:03:27 -0700 (PDT)
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117])
	by zoidberg.tigertech.net (Postfix) with ESMTP id B2F65398079
	for ; Thu, 19 Oct 2006 11:03:24 -0700 (PDT)
Received: from sj-dkim-3.cisco.com ([171.71.179.195])
	by sj-iport-6.cisco.com with ESMTP; 19 Oct 2006 11:03:24 -0700
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238])
	by sj-dkim-3.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id
	k9JI3OER026830; Thu, 19 Oct 2006 11:03:24 -0700
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com
	[171.70.151.144])
	by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id k9JI3OW4029853;
	Thu, 19 Oct 2006 11:03:24 -0700 (PDT)
Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by
	xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); 
	Thu, 19 Oct 2006 11:03:22 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Thu, 19 Oct 2006 11:03:21 -0700
Message-ID: <4FF84B0BC277FF45AA27FE969DD956A202AB868A@xmb-sjc-235.amer.cisco.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: need clarification on UDP ports
Thread-Index: AcbuBEXMKgGb6bM8SR+GYGJJYMdsMwECRwmwAACeb1A=
From: "Pat Calhoun (pacalhou)" 
To: "Abhijit Choudhury" ,
	"Dorothy Stanley" ,
	"Michael Montemurro" 
X-OriginalArrivalTime: 19 Oct 2006 18:03:22.0406 (UTC)
	FILETIME=[DD928460:01C6F3A8]
Authentication-Results: sj-dkim-3.cisco.com; header.From=pcalhoun@cisco.com;
	dkim=pass ( sig from cisco.com verified; ); 
X-Virus-Scanned: by amavisd-new at tigertech.net
X-Spam-Status: No, hits=0.372 tagged_above=-999 required=7
	tests=DNS_FROM_RFC_ABUSE, SPF_HELO_PASS, SPF_PASS
X-Spam-Level: 
Cc: capwap@frascone.com
Subject: Re: [Capwap] need clarification on UDP ports
X-BeenThere: capwap@frascone.com
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: A list for CAPWAP technical discussions 
List-Unsubscribe: ,
	
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,
	
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 25eb6223a37c19d53ede858176b14339

Abhijit, this issue was not addressed by the editors given that we were
waiting for the chairs to make a consensus determination, which occured
too close to the I-D deadline. That said, this would be a good time to
start the discussion.
 
My proposal would be as follows (this is conceptual, not actual draft
text). Note this proposal is optimized to utilize the fewest possible
ports, and assumes that IANA would not agree to a UDP port landgrab.
 
The AC maintains a DTLS SA table which consists of the WTP's IP address
and UDP port numbers. When the AC receives a Discovery Request on the
CAPWAP control port, it performs a lookup to determine whether the
IP/Port information matches the DTLS SA table. If the IP/Port does not
match an entry in the DTLS SA table, the AC responds with a Discovery
response and waits for a successful DTLS setup, which would create a new
DTLS SA. If there is a match, then the packet is a DTLS encrypted
payload, which is sent to the DTLS stack. The following is an example of
the packet exchange (note the ports used here are for illustration
purposes only):

WTP                                                       AC
(WTP Picks a pseudo-random source port)
----- CAPWAP Control/Discovery Request (662, 1233) ------> 
<---- CAPWAP Control/Discovery Response (1233, 662) ------

Using Scott's recommendation to look at the WBID, which when set to any
value other than 23 (which we will need to reserve), then we know this
packet is a discovery request, and process it accordingly. One
alternative to reserving a WBID would be to require that the Reserved
field in the CAPWAP header be set to '111', which would provide another
way to differentiate the packets.

--------- DTLS Session Setup/Control (662, 1233) -------->
<-------- DTLS Session Setup/Control (1233, 662) ---------

The WBID value of 23 will be an indication that the DTLS session is
being established (or the alternative proposed above)... at this point
all packets are from now on fed into the DTLS engine. Once the DTLS
session is established, all CAPWAP packets will be marked internally as
'Application Data', and once decrypted will be sent back into the CAPWAP
module for processing...

-------- CAPWAP Control/Join Request (662, 1233) ---------> (includes
support for DTLS/Data)
<------- CAPWAP Control/Join Response (1233, 662) --------- (Dictates
whether DTLS is to be used on data plane, and a random cookie)

When inactivity occurs over the control plane, the keepalive is sent to
keep the session alive (also useful for NAT traversal):

------- CAPWAP Control/Keepalive Request (662, 1233) ----->
<------ CAPWAP Control/Keepalive Response (1233, 662) -----

The following is optional, and occurs if DTLS needs to be used on the
data plane UDP port:

----------- DTLS Session Setup/Data (685, 1234) ---------->
<---------- DTLS Session Setup/Data (1234, 685) -----------

Again, the WBID of 23 is used to identify the DTLS packet. When used and
established, all CAPWAP data packets will be marked as 'Application
Data' within DTLS. So these packets would pop back out of the DTLS stack
for CAPWAP processing. Yes, this requires that the data plane remember
the configuration enforced by the AC, and therefore it does not mark
each packet as "with DTLS" or "without DTLS". We can do this, but
frankly it provides little value because ultimately, if DTLS was
required and a packet is sent in the clear, it will be dropped anyhow.
Furthermore, I trust an authenticated payload much more than a bit "in
the clear".

A specialized packet is then sent on the data plane to create the
correlation between the control and data plane sessions. A new bit in
the CAPWAP header, which I will call 'D' (for Data Management) is set so
this gets treated as a specialized packet on the data plane UDP port:

---------- CAPWAP Data/Announce Req (685, 1234) ----------> (Including
the cookie to bind to control channel)
<--------- CAPWAP Data/Announce resp (1234, 685) ----------

NOTE: Another alternative to this scheme is to include a session
identifier in the header, which provides the correlation between the
control and data channel. This would be much simpler to implement, and
not require special processing of the data plane. However, if folks
believe that keeping the NAT session fresh, then we need some mechanism
to keep the channel alive. If this is found to be desirable/required,
then a periodic exchange needs to occur to keep the NAT table entry
fresh (again, with the 'D' bit set):

------- CAPWAP Data/Keepalive Request (685, 1234) -------->
<------ CAPWAP Data/Keepalive Response (1234, 685) --------

Should the WTP fail, it would pick a new source UDP port for both the
control and data plane, and send a Discovery Request using the control
UDP port. It is important to note that the longevity of the uniqueness
characteristics of the UDP port is not very long (e.g., one day after
reboot). This is a new requirement on the WTP, but not unrealistic since
802.11 APs have to do this for the RADIUS protocol today (to maintain
unique session identifiers). The AC does not flush its current DTLS SA
until the DTLS exchange is complete (and successful).

WTP                                                       AC
(WTP picks a new pseudo-random source port)
----- CAPWAP Control/Discovery Request (772, 1233) ------> 
<---- CAPWAP Control/Discovery Response (1233, 772) ------

Using Scott's recommendation to look at the WBID, which when set to any
value other than 23 (which we will need to reserve), then we know this
packet is a discovery request, and process it accordingly.

--------- DTLS Session Setup/Control (772, 1233) -------->
<-------- DTLS Session Setup/Control (1233, 772) ---------

The WBID value of 23 will be an indication that the DTLS session is
being established... at this point all packets are from now on fed into
the DTLS engine.

If NAT is used, it is possible that the WTP's source IP address is used
for multiple WTPs. In this case, the AC can identify each WTP using the
DTLS credentials. The AC can then delete the old DTLS SAs (control and
optionally data), that are associated with the WTP's credentials.
Alternatively, the AC could simply wait for the sessions to expire.


Pat Calhoun
CTO, Wireless Networking Business Unit
Cisco Systems

 


________________________________

	From: Abhijit Choudhury [mailto:Abhijit@sinett.com] 
	Sent: Tuesday, October 17, 2006 10:08 AM
	To: Dorothy Stanley; Pat Calhoun (pacalhou); Michael Montemurro
	Cc: capwap@frascone.com
	Subject: need clarification on UDP ports
	
	
	Pat, Mike, Dorothy:
	 
	I have a question based on v03 of the capwap spec.
	In section 3.1, the spec mentions well-known UDP
	ports for the CAPWAP control and data packets.
	 
	There are four kinds of CAPWAP packets:
	1. DTLS protected control packets
	2. Unprotected control packets
	3. Unprotected data packets
	4. (Optional) DTLS protected data packets
	 
	Will there be 4 well-known UDP port numbers ?
	 
	1, 2 and 3 will be present simultaneously in any
	deployment. 3 and 4 may co-exist in a deployment
	if some data channels are encrypted and some not.
	There has to be a way to distinguish these four 
	kinds of packets.  The draft is not clear about how 
	this is done.
	 
	Thanks,
	   Abhijit
	
	
_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/capwap

Archives: http://lists.frascone.com/pipermail/capwap



From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Oct 19 15:08:19 2006
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
	by megatron.ietf.org with esmtp (Exim 4.43)
	id 1GadFb-0003Bt-CU
	for capwap-archive@lists.ietf.org; Thu, 19 Oct 2006 15:08:19 -0400
Received: from mx1.tigertech.net ([64.62.209.31])
	by ietf-mx.ietf.org with esmtp (Exim 4.43)
	id 1GadFZ-000104-Tc
	for capwap-archive@lists.ietf.org; Thu, 19 Oct 2006 15:08:19 -0400
Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19])
	by zoidberg.tigertech.net (Postfix) with ESMTP id 09F893980BC
	for ; Thu, 19 Oct 2006 12:08:17 -0700 (PDT)
Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32])
	by fry.tigertech.net (Postfix) with ESMTP id 04B1C4A43C6
	for ; Thu, 19 Oct 2006 12:08:05 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by hermes.tigertech.net (Postfix) with ESMTP id C162C144802C
	for ; Thu, 19 Oct 2006 12:08:05 -0700 (PDT)
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.168])
	by hermes.tigertech.net (Postfix) with ESMTP id 4363A1448032
	for ; Thu, 19 Oct 2006 12:08:02 -0700 (PDT)
Received: by ug-out-1314.google.com with SMTP id s2so150284uge
	for ; Thu, 19 Oct 2006 12:08:01 -0700 (PDT)
Received: by 10.82.127.15 with SMTP id z15mr277407buc;
	Thu, 19 Oct 2006 12:08:01 -0700 (PDT)
Received: by 10.82.118.16 with HTTP; Thu, 19 Oct 2006 12:08:01 -0700 (PDT)
Message-ID: <369e612f0610191208od1c4928vaee742e5a9ef7c5b@mail.gmail.com>
Date: Fri, 20 Oct 2006 00:38:01 +0530
From: "Navin (NKA)" 
To: "Scott G. Kelly" 
In-Reply-To: <8107599.1161205261321.JavaMail.root@elwamui-cypress.atl.sa.earthlink.net>
MIME-Version: 1.0
Content-Disposition: inline
References: <8107599.1161205261321.JavaMail.root@elwamui-cypress.atl.sa.earthlink.net>
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net
X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes
X-Spam-Status: No, hits=0.4 tagged_above=-999.0 required=7.0
	tests=DNS_FROM_RFC_ABUSE, RCVD_BY_IP, SPF_HELO_PASS, SPF_PASS
X-Spam-Level: 
Cc: capwap@frascone.com
Subject: Re: [Capwap] need clarification on UDP ports
X-BeenThere: capwap@frascone.com
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: A list for CAPWAP technical discussions 
List-Unsubscribe: ,
	
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,
	
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0a7aa2e6e558383d84476dc338324fab

On 10/19/06, Scott G. Kelly  wrote:
> 
>
> >[NKA] Even if a less-robust AC implementation ends up interpreting DTLS
> >message as a Discovery packet, do you think WTP (which unfortunately
> >has passed discovery state) will be able to carry on with its DTLS
> >session establishment and succeed ultimately? :-( I don't think so.  (Imagine
> >this: WTP needs to successfully interpret Discovery response as HelloVerify
> >request, followed by which AC needs to interpret ClientHello (with cookie) as
> >Client Hello without Cookie, and so on).
>
> That's not the point, and this is minor compared to the real issue, which is below.
>

[NKA] Scott, so you agree that the logic which I have explained for handling
discovery/DTLS packets is correct, but you feel that it would result in slower
synchronization between WTP and AC FSM?

Fine. Lets discuss how to reduce bring-up time of a Capwap compliant WTP
in general in a seperate NEW thread? It will be confusing for the WG folks
to discuss the same under incorrect/inappropriate thread subject.


> >Folks,
> >I want to ask you this DTLS/discovery control packet question in a different
> >form. Suppose by accident (or due a bug), WTP happens to be in a FSM
> >state which is not same as that of AC. How would AC process the arrived
> >packet from the faulty WTP? It would go by its FSM state.
>
> Yes, but only in the absence of better information. If it's FSM state is RUN and it receives a discovery packet, though, going by its FSM state leads to an error condition.
>
> > The logic for this
> >is based on the fact that capwap header doesn't carry FSM state information
> >and both the involved entities process packets based on the assumption
> >that their FSM is in sync. Hence I conclude that discovery packets should
> >not be treated in any special fashion.
>
> The WTP may also be in in a different FSM state because it was restarted, either due to a crash, power failure, operator action, etc.  - it does not (necessarily) imply some freak accident or bug.
>
> In this case the WTP will often need to go through discovery again before reconnecting to the AC. If the AC erroneously feeds these packets to its DTLS implementation, they will be rejected, and the WTP will get no response.  This means failure recovery will not occur until the AC times out its DTLS session, and since these timeouts are frequently set as high as 30 seconds in the field,  and since the WTP may exhaust its discovery timers and go into sulking state due to AC unresponsiveness, this has the potential to signficantly (and unfortunately, completely avoidably) exacerbate the outage.
>
> You could try to work around this by handing every packet that fails in the DTLS engine to some other code to see if it's a discovery packet, but in doing so you're adding complexity, and compounding the amount of per-packet work an adversary can make an AC do.
>
> >Having extra fields in the header or usage of seperate UDP ports will definitely
> >ease up the situation here, but we, at IETF, are here to define a specification
> >which is optimum in nature.
>
> Umm... you lost me. I don't see how adding non-determism to save a port (or a few header bytes) results in an optimal solution.
>
> Thanks,
>
> Scott
>
>
_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/capwap

Archives: http://lists.frascone.com/pipermail/capwap



From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Oct 19 15:27:44 2006
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
	by megatron.ietf.org with esmtp (Exim 4.43)
	id 1GadYO-0003Ga-C0
	for capwap-archive@lists.ietf.org; Thu, 19 Oct 2006 15:27:44 -0400
Received: from mx1.tigertech.net ([64.62.209.31])
	by ietf-mx.ietf.org with esmtp (Exim 4.43)
	id 1GadYM-0004df-T8
	for capwap-archive@lists.ietf.org; Thu, 19 Oct 2006 15:27:44 -0400
Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19])
	by zoidberg.tigertech.net (Postfix) with ESMTP id 8D7DC398024
	for ; Thu, 19 Oct 2006 12:27:42 -0700 (PDT)
Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32])
	by fry.tigertech.net (Postfix) with ESMTP id EE5024A43C6
	for ; Thu, 19 Oct 2006 12:27:32 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by hermes.tigertech.net (Postfix) with ESMTP id C6421144801E
	for ; Thu, 19 Oct 2006 12:27:32 -0700 (PDT)
Received: from mcfeely.cs.umd.edu (mcfeely.cs.umd.edu [128.8.128.218])
	by hermes.tigertech.net (Postfix) with ESMTP id 59234144800D
	for ; Thu, 19 Oct 2006 12:27:29 -0700 (PDT)
Received: from mcfeely.cs.umd.edu (localhost [127.0.0.1])
	by mcfeely.cs.umd.edu (8.12.11.20060308/8.12.5) with ESMTP id
	k9JJRSbl020976; Thu, 19 Oct 2006 15:27:28 -0400
Received: (from apache@localhost)
	by mcfeely.cs.umd.edu (8.12.11.20060308/8.12.11/Submit) id
	k9JJRSBh020974; Thu, 19 Oct 2006 15:27:28 -0400
X-Authentication-Warning: mcfeely.cs.umd.edu: apache set sender to
	clancy@cs.umd.edu using -f
Received: from 63.239.69.1 (SquirrelMail authenticated user clancy)
	by webmail.cs.umd.edu with HTTP;
	Thu, 19 Oct 2006 15:27:28 -0400 (EDT)
Message-ID: <61362.63.239.69.1.1161286048.squirrel@webmail.cs.umd.edu>
In-Reply-To: <20061019030330.10255.qmail@web60312.mail.yahoo.com>
References: <20061019030330.10255.qmail@web60312.mail.yahoo.com>
Date: Thu, 19 Oct 2006 15:27:28 -0400 (EDT)
From: "Charles Clancy" 
To: "Behcet Sarikaya" 
User-Agent: SquirrelMail/1.4.5
MIME-Version: 1.0
X-Priority: 3 (Normal)
Importance: Normal
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net
X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes
X-Spam-Status: No, hits=0.4 tagged_above=-999.0 required=7.0
	tests=DNS_FROM_RFC_ABUSE
X-Spam-Level: 
Cc: capwap 
Subject: Re: [Capwap] CAPWAP for 802.11r
X-BeenThere: capwap@frascone.com
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: A list for CAPWAP technical discussions 
List-Unsubscribe: ,
	
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,
	
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 082a9cbf4d599f360ac7f815372a6a15

Behcet,

> My proposal is to use the key distribution protocol of 802.11r which
> securely transports the keys.
> Also no need for the context transfer which was what I had in mind.

My point is that we don't need to distribute PMK-R1 keys since all
authenticator functionality will reside at the AC regardless of the MAC
splitting, so we therefore don't need a new key distribution protocol at
all.

Here's how I envision an 11r handoff:

STA            WTP1           WTP2              AC
--------------------------------------------------

Initial authentication (as CAPWAP does now):

<--- assoc ----->
<-------------- open authentication ------------->
<----------------- 1X/EAP authentication -------->
               (derives PMK-R0, PMK-R1)
<--------------- four-way handshake ------------->
                   (derives PTK)
                <---------- add mobile (PTK) -----

fast handoff:

               (AC and STA derive new PMK-R1')
<------- FT / reassoc (PMK Name, MIC, etc) ------>
                  (derives new PTK')
                              <- add mobile (PTK')
                <---------- delete mobile --------


> Can you spare your ideas why that would not work in CAPWAP?

I'm not sure to what you're referring.  Using the yet-to-be-defined 11r
key distribution protocol duplicates the add-mobile CAPWAP architecture
for distributing keying material.  Additionally, it violates the security
restriction that keys from the PMK-level in the keying hierarchy MUST
remain at the authenticator, which is the AC.

> You're saying we only need the split MAC scenarios that I have in the
> draft.

I'm saying that CAPWAP can support 11r without any protocol changes.  The
only changes I can envision being necessary are perhaps capabilities flags
indicating support for 11r, so ACs and WTPs know that each other supports
11r.  All the 11r protocol processing would be implemented at the AC.  The
WTP would just have to know about the additional 802.11 messages, and know
they should be forwarded to the AC.  WTPs and ACs would also have to
support AES-CMAC, which is defined in 11r.

--
t. charles clancy, ph.d.  |  tcc@umd.edu  |  www.cs.umd.edu/~clancy

_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/capwap

Archives: http://lists.frascone.com/pipermail/capwap



From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Oct 19 17:43:00 2006
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
	by megatron.ietf.org with esmtp (Exim 4.43)
	id 1GaffI-0008Nq-P0
	for capwap-archive@lists.ietf.org; Thu, 19 Oct 2006 17:43:00 -0400
Received: from mx1.tigertech.net ([64.62.209.31])
	by ietf-mx.ietf.org with esmtp (Exim 4.43)
	id 1GaffF-0008U3-SW
	for capwap-archive@lists.ietf.org; Thu, 19 Oct 2006 17:43:00 -0400
Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19])
	by zoidberg.tigertech.net (Postfix) with ESMTP id E670E398090
	for ; Thu, 19 Oct 2006 14:42:56 -0700 (PDT)
Received: from mx1.tigertech.net (mx1.tigertech.net [64.62.209.31])
	by fry.tigertech.net (Postfix) with ESMTP id 0F68E4A43C6
	for ; Thu, 19 Oct 2006 14:42:34 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by zoidberg.tigertech.net (Postfix) with ESMTP id E8461398041
	for ; Thu, 19 Oct 2006 14:42:33 -0700 (PDT)
Received: from elasmtp-banded.atl.sa.earthlink.net
	(elasmtp-banded.atl.sa.earthlink.net [209.86.89.70])
	by zoidberg.tigertech.net (Postfix) with ESMTP id 8AAD8398029
	for ; Thu, 19 Oct 2006 14:42:31 -0700 (PDT)
Received: from [209.86.224.41] (helo=elwamui-mouette.atl.sa.earthlink.net)
	by elasmtp-banded.atl.sa.earthlink.net with asmtp (Exim 4.34)
	id 1GafeJ-00065H-Ky; Thu, 19 Oct 2006 17:41:59 -0400
Received: from 75.32.19.206 by webmail.pas.earthlink.net with HTTP;
	Thu, 19 Oct 2006 17:41:54 -0400
Message-ID: <25381523.1161294114640.JavaMail.root@elwamui-mouette.atl.sa.earthlink.net>
Date: Thu, 19 Oct 2006 17:41:54 -0400 (EDT)
From: "Scott G. Kelly" 
To: "Pat Calhoun (pacalhou)" ,
	Abhijit Choudhury ,
	Dorothy Stanley ,
	Michael Montemurro 
Mime-Version: 1.0
X-Mailer: EarthLink Zoo Mail 1.0
X-ELNK-Trace: 5b98cdd91c374dcd776432462e451d7bd15d05d9470ff7101924d3c2cb033e2fefd41a4295709f50350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 209.86.224.41
X-Virus-Scanned: by amavisd-new at tigertech.net
X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests=
X-Spam-Level: 
Cc: capwap@frascone.com
Subject: Re: [Capwap] need clarification on UDP ports
X-BeenThere: capwap@frascone.com
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: "Scott G. Kelly" 
List-Id: A list for CAPWAP technical discussions 
List-Unsubscribe: ,
	
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,
	
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com
X-Spam-Score: 0.0 (/)
X-Scan-Signature: a492040269d440726bfd84680622cee7

You know, after seeing my post on this topic yesterday, I thought maybe my sarcasm was a bit overdone, and I actually regretted that post. But now, after seeing what sort of hoops you're willing to jump through to avoid that much simpler approach at apparently any cost... well, now I'm not so sure.

Sigh. Comments inline...


>The AC maintains a DTLS SA table which consists of the WTP's IP address
>and UDP port numbers. When the AC receives a Discovery Request on the
>CAPWAP control port, it performs a lookup to determine whether the
>IP/Port information matches the DTLS SA table. If the IP/Port does not
>match an entry in the DTLS SA table, the AC responds with a Discovery
>response and waits for a successful DTLS setup, which would create a new
>DTLS SA. If there is a match, then the packet is a DTLS encrypted
>payload, which is sent to the DTLS stack. The following is an example of
>the packet exchange (note the ports used here are for illustration
>purposes only):
>
>WTP                                                       AC
>(WTP Picks a pseudo-random source port)
>----- CAPWAP Control/Discovery Request (662, 1233) ------> 
><---- CAPWAP Control/Discovery Response (1233, 662) ------
>
>Using Scott's recommendation to look at the WBID, which when set to any
>value other than 23 (which we will need to reserve), then we know this
>packet is a discovery request, and process it accordingly. One
>alternative to reserving a WBID would be to require that the Reserved
>field in the CAPWAP header be set to '111', which would provide another
>way to differentiate the packets.

Let's stop here, because this is where it starts getting twisted. I didn't recommend this sort of hack. There are two major flaws to this approach. The first is that you assume that the DTLS header format will not change. That's probably unwise, given that it is a new protocol. This early in the game, anything after the version field is fair game, and hacking based on assumptions of immutability is (in my opinion, at least) A Bad Thing (tm).

The second issue here is that you're not looking carefully at the DTLS header alignment as it currently exists. Each version change results in the first version byte being decremented. It is currently FE, and the next will be FD, then FC, and so on. Look at what this means for the WBID field (which, by the way, could *also* be changed before we've finished with capwap):

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |0 0 0 1|0 1 1 0 1|1 1 1 1 1|1 0 1 1 1|1 1 1 1 1 0 0 0 0 0 0 0 0|
    |VERSION|   RID   | HLEN    |  WBID   |T|F|L|W|M|    FLAGS      |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-/
    |    type       |     protocol version          |  epoch
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-/
FEFF                |1 1 1 1 1 1 1 0|1 1 1 1 1 1 1 1|
                    +---------------+---------------+
FDFF                |1 1 1 1 1 1 0 1|1 1 1 1 1 1 1 1|
                    +---------------+---------------+
FCFF                |1 1 1 1 1 1 0 0|1 1 1 1 1 1 1 1|
                    +---------------+---------------+
FBFF                |1 1 1 1 1 0 1 1|1 1 1 1 1 1 1 1|
                    +---------------+---------------+
FAFF                |1 1 1 1 1 0 1 0|1 1 1 1 1 1 1 1|
                    +---------------+---------------+

Since there are two WBID bits affected, your scheme requires that there be at least 4 untouchable WBID values (assuming we don't change the capwap header): 7, 15, 23, and 31. This is starting to sound more than a little bit hacky, and certainly not something you want to implement in hardware.

I won't go line by line on the stuff below, as this is more than I can ask people to bear. I have only two points to make here: 

1) regarding the comment below where you say "Furthermore, I trust an authenticated payload much more than a bit 'in the clear'",  I'm wondering: why are unauthenticated values in the UDP and IP headers more trustworthy than values following them? Think about it.

2) look at the signalling complexity you are adding! And all this to avoid ...what, exactly?


Scott




>

>--------- DTLS Session Setup/Control (662, 1233) -------->
><-------- DTLS Session Setup/Control (1233, 662) ---------
>
>The WBID value of 23 will be an indication that the DTLS session is
>being established (or the alternative proposed above)... at this point
>all packets are from now on fed into the DTLS engine. Once the DTLS
>session is established, all CAPWAP packets will be marked internally as
>'Application Data', and once decrypted will be sent back into the CAPWAP
>module for processing...
>
>-------- CAPWAP Control/Join Request (662, 1233) ---------> (includes
>support for DTLS/Data)
><------- CAPWAP Control/Join Response (1233, 662) --------- (Dictates
>whether DTLS is to be used on data plane, and a random cookie)
>
>When inactivity occurs over the control plane, the keepalive is sent to
>keep the session alive (also useful for NAT traversal):
>
>------- CAPWAP Control/Keepalive Request (662, 1233) ----->
><------ CAPWAP Control/Keepalive Response (1233, 662) -----
>
>The following is optional, and occurs if DTLS needs to be used on the
>data plane UDP port:
>
>----------- DTLS Session Setup/Data (685, 1234) ---------->
><---------- DTLS Session Setup/Data (1234, 685) -----------
>
>Again, the WBID of 23 is used to identify the DTLS packet. When used and
>established, all CAPWAP data packets will be marked as 'Application
>Data' within DTLS. So these packets would pop back out of the DTLS stack
>for CAPWAP processing. Yes, this requires that the data plane remember
>the configuration enforced by the AC, and therefore it does not mark
>each packet as "with DTLS" or "without DTLS". We can do this, but
>frankly it provides little value because ultimately, if DTLS was
>required and a packet is sent in the clear, it will be dropped anyhow.
>Furthermore, I trust an authenticated payload much more than a bit "in
>the clear".
>
>A specialized packet is then sent on the data plane to create the
>correlation between the control and data plane sessions. A new bit in
>the CAPWAP header, which I will call 'D' (for Data Management) is set so
>this gets treated as a specialized packet on the data plane UDP port:
>
>---------- CAPWAP Data/Announce Req (685, 1234) ----------> (Including
>the cookie to bind to control channel)
><--------- CAPWAP Data/Announce resp (1234, 685) ----------
>
>NOTE: Another alternative to this scheme is to include a session
>identifier in the header, which provides the correlation between the
>control and data channel. This would be much simpler to implement, and
>not require special processing of the data plane. However, if folks
>believe that keeping the NAT session fresh, then we need some mechanism
>to keep the channel alive. If this is found to be desirable/required,
>then a periodic exchange needs to occur to keep the NAT table entry
>fresh (again, with the 'D' bit set):
>
>------- CAPWAP Data/Keepalive Request (685, 1234) -------->
><------ CAPWAP Data/Keepalive Response (1234, 685) --------
>
>Should the WTP fail, it would pick a new source UDP port for both the
>control and data plane, and send a Discovery Request using the control
>UDP port. It is important to note that the longevity of the uniqueness
>characteristics of the UDP port is not very long (e.g., one day after
>reboot). This is a new requirement on the WTP, but not unrealistic since
>802.11 APs have to do this for the RADIUS protocol today (to maintain
>unique session identifiers). The AC does not flush its current DTLS SA
>until the DTLS exchange is complete (and successful).
>
>WTP                                                       AC
>(WTP picks a new pseudo-random source port)
>----- CAPWAP Control/Discovery Request (772, 1233) ------> 
><---- CAPWAP Control/Discovery Response (1233, 772) ------
>
>Using Scott's recommendation to look at the WBID, which when set to any
>value other than 23 (which we will need to reserve), then we know this
>packet is a discovery request, and process it accordingly.
>
>--------- DTLS Session Setup/Control (772, 1233) -------->
><-------- DTLS Session Setup/Control (1233, 772) ---------
>
>The WBID value of 23 will be an indication that the DTLS session is
>being established... at this point all packets are from now on fed into
>the DTLS engine.
>
>If NAT is used, it is possible that the WTP's source IP address is used
>for multiple WTPs. In this case, the AC can identify each WTP using the
>DTLS credentials. The AC can then delete the old DTLS SAs (control and
>optionally data), that are associated with the WTP's credentials.
>Alternatively, the AC could simply wait for the sessions to expire.
>
>
>Pat Calhoun
>CTO, Wireless Networking Business Unit
>Cisco Systems
>
> 
>
>
>________________________________
>
>	From: Abhijit Choudhury [mailto:Abhijit@sinett.com] 
>	Sent: Tuesday, October 17, 2006 10:08 AM
>	To: Dorothy Stanley; Pat Calhoun (pacalhou); Michael Montemurro
>	Cc: capwap@frascone.com
>	Subject: need clarification on UDP ports
>	
>	
>	Pat, Mike, Dorothy:
>	 
>	I have a question based on v03 of the capwap spec.
>	In section 3.1, the spec mentions well-known UDP
>	ports for the CAPWAP control and data packets.
>	 
>	There are four kinds of CAPWAP packets:
>	1. DTLS protected control packets
>	2. Unprotected control packets
>	3. Unprotected data packets
>	4. (Optional) DTLS protected data packets
>	 
>	Will there be 4 well-known UDP port numbers ?
>	 
>	1, 2 and 3 will be present simultaneously in any
>	deployment. 3 and 4 may co-exist in a deployment
>	if some data channels are encrypted and some not.
>	There has to be a way to distinguish these four 
>	kinds of packets.  The draft is not clear about how 
>	this is done.
>	 
>	Thanks,
>	   Abhijit
>	
>	
>_________________________________________________________________
>To unsubscribe or modify your subscription options, please visit:
>http://lists.frascone.com/mailman/listinfo/capwap
>
>Archives: http://lists.frascone.com/pipermail/capwap

_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/capwap

Archives: http://lists.frascone.com/pipermail/capwap



From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Oct 19 18:12:14 2006
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
	by megatron.ietf.org with esmtp (Exim 4.43)
	id 1Gag7a-0004Xv-9h
	for capwap-archive@lists.ietf.org; Thu, 19 Oct 2006 18:12:14 -0400
Received: from mx2.tigertech.net ([64.62.209.32])
	by ietf-mx.ietf.org with esmtp (Exim 4.43)
	id 1Gag7V-0003ty-Ro
	for capwap-archive@lists.ietf.org; Thu, 19 Oct 2006 18:12:14 -0400
Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19])
	by hermes.tigertech.net (Postfix) with ESMTP id 5BE05144802C
	for ; Thu, 19 Oct 2006 15:12:06 -0700 (PDT)
Received: from mx1.tigertech.net (mx1.tigertech.net [64.62.209.31])
	by fry.tigertech.net (Postfix) with ESMTP id 43A094A45A9
	for ; Thu, 19 Oct 2006 15:11:52 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by zoidberg.tigertech.net (Postfix) with ESMTP id 29B44398053
	for ; Thu, 19 Oct 2006 15:11:52 -0700 (PDT)
Received: from elasmtp-banded.atl.sa.earthlink.net
	(elasmtp-banded.atl.sa.earthlink.net [209.86.89.70])
	by zoidberg.tigertech.net (Postfix) with ESMTP id 66BBE398044
	for ; Thu, 19 Oct 2006 15:11:49 -0700 (PDT)
Received: from [209.86.224.41] (helo=elwamui-mouette.atl.sa.earthlink.net)
	by elasmtp-banded.atl.sa.earthlink.net with asmtp (Exim 4.34)
	id 1Gag6q-0004gj-KU; Thu, 19 Oct 2006 18:11:28 -0400
Received: from 75.32.19.206 by webmail.pas.earthlink.net with HTTP;
	Thu, 19 Oct 2006 18:11:23 -0400
Message-ID: <8965479.1161295883589.JavaMail.root@elwamui-mouette.atl.sa.earthlink.net>
Date: Thu, 19 Oct 2006 18:11:23 -0400 (EDT)
From: "Scott G. Kelly" 
To: "Navin (NKA)" 
Mime-Version: 1.0
X-Mailer: EarthLink Zoo Mail 1.0
X-ELNK-Trace: 5b98cdd91c374dcd776432462e451d7bd15d05d9470ff71020ff6ec9140837d7e4392ab433e7e469350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 209.86.224.41
X-Virus-Scanned: by amavisd-new at tigertech.net
X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests=
X-Spam-Level: 
Cc: capwap@frascone.com
Subject: Re: [Capwap] need clarification on UDP ports
X-BeenThere: capwap@frascone.com
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: "Scott G. Kelly" 
List-Id: A list for CAPWAP technical discussions 
List-Unsubscribe: ,
	
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,
	
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com
X-Spam-Score: 0.0 (/)
X-Scan-Signature: de4f315c9369b71d7dd5909b42224370

>[NKA] Scott, so you agree that the logic which I have explained for handling
>discovery/DTLS packets is correct, but you feel that it would result in slower
>synchronization between WTP and AC FSM?

Actually, no, I don't agree. A discovery packet should be deterministically treated as a discovery packet - not sometimes erroneously treated as a dtls packet. I think introducing this ambiguity is unnecessary, to say the least. 

I think Abhijit's point is correct: it should be very clear whether a packet is control, data, discovery, and protected vs unprotected. Either we can do that by using more ports, or we can find another way. But I don't think shoving a discovery packet into the dtls engine is "a good thing".

Scott



_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/capwap

Archives: http://lists.frascone.com/pipermail/capwap



From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Oct 19 20:04:46 2006
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
	by megatron.ietf.org with esmtp (Exim 4.43)
	id 1GahsU-0007lt-BE
	for capwap-archive@lists.ietf.org; Thu, 19 Oct 2006 20:04:46 -0400
Received: from mx2.tigertech.net ([64.62.209.32])
	by ietf-mx.ietf.org with esmtp (Exim 4.43)
	id 1GahsO-0005yD-G3
	for capwap-archive@lists.ietf.org; Thu, 19 Oct 2006 20:04:46 -0400
Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19])
	by hermes.tigertech.net (Postfix) with ESMTP id 089CB1448057
	for ; Thu, 19 Oct 2006 17:04:32 -0700 (PDT)
Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32])
	by fry.tigertech.net (Postfix) with ESMTP id D60714A45AC
	for ; Thu, 19 Oct 2006 17:02:48 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by hermes.tigertech.net (Postfix) with ESMTP id B41411448004
	for ; Thu, 19 Oct 2006 17:02:48 -0700 (PDT)
Received: from web60324.mail.yahoo.com (web60324.mail.yahoo.com
	[209.73.178.132])
	by hermes.tigertech.net (Postfix) with SMTP id 2FF441448025
	for ; Thu, 19 Oct 2006 17:02:46 -0700 (PDT)
Received: (qmail 51545 invoked by uid 60001); 20 Oct 2006 00:02:45 -0000
Message-ID: <20061020000245.51543.qmail@web60324.mail.yahoo.com>
Received: from [121.133.79.100] by web60324.mail.yahoo.com via HTTP;
	Thu, 19 Oct 2006 17:02:45 PDT
Date: Thu, 19 Oct 2006 17:02:45 -0700 (PDT)
From: Behcet Sarikaya 
To: "Pat Calhoun (pacalhou)" 
MIME-Version: 1.0
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net
X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes
X-Spam-Status: No, hits=2.3 tagged_above=-999.0 required=7.0
	tests=DNS_FROM_RFC_ABUSE, DNS_FROM_RFC_POST, DNS_FROM_RFC_WHOIS,
	HTML_40_50, HTML_MESSAGE
X-Spam-Level: **
Cc: capwap 
Subject: Re: [Capwap] CAPWAP for 802.11r
X-BeenThere: capwap@frascone.com
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Behcet Sarikaya 
List-Id: A list for CAPWAP technical discussions 
List-Unsubscribe: ,
	
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,
	
Content-Type: multipart/mixed; boundary="===============0091263836=="
Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 88b11fc64c1bfdb4425294ef5374ca07

--===============0091263836==
Content-Type: multipart/alternative; boundary="0-1669331040-1161302565=:48025"

--0-1669331040-1161302565=:48025
Content-Type: text/plain; charset=ascii
Content-Transfer-Encoding: quoted-printable

Hi Pat and Charles,=0A  =0ASection 8.5A.6 in 802.11r D3 describes the key d=
istribution protocol. It is true that earlier versions like D2.2 did not ha=
ve it.=0ASo my Local MAC scenarios were based on this protocol.=0A  The key=
 distribution protocol makes it unnecessary to use the context transfer ahe=
ad of time and it is quite nice to generate and transfer the key in a just-=
in-time manner. I thought it was good and used it in CAPWAPRP.=0A=0A  Regar=
ds,=0A=0ABehcet =0A=0A----- Original Message ----=0AFrom: Pat Calhoun (paca=
lhou) =0ATo: sarikaya@ieee.org; capwap =0ASent: Thursday, October 19, 2006 11:31:51 AM=0ASubject: Re: [Capwap=
] CAPWAP for 802.11r=0A=0ABehcet,=0A=0AThe architecture laid out in your sp=
ecification seems to conflict with=0Athe CAPWAP architecture. =0A=0AA coupl=
e of specific concerns before I get into the meat of the=0Adocument:=0A=0A =
  > We use [802.11r] key distribution protocol for transfering key=0Acontex=
t=0A   > for Local MAC WTPs.=0A=0AThe latest 802.11r draft does not define =
a key distribution protocol to=0Amove key context across WTPs (or APs). So =
I am not sure what we are=0Arefering to.=0A=0A   > AC next generates PMK-R1=
 for R1 key holder (R1KH), i.e. the WTP.=0AAC=0A   > is now in a position t=
o transfer PMK-R1 context and associated=0A   > authorization to the WTP.  =
R1KH and STA perform a 4-way handshake=0Aand=0A   > generate the session ke=
y, PTK.=0A=0AThe CAPWAP protocol does not assume that the PMK is ever trans=
ferred=0Adown into the WTP. Furthermore, the protocol assumes the authentic=
ator=0Aresides in the AC - not the WTP. So this statement seems to change t=
he=0Afundamental architecture of the CAPWAP protocol.=0A=0AI will have many=
 additional questions once I read the specification=0Acompletely, but first=
 want to make sure that we agree on whether the=0Aspec is in scope or not (=
by answering the above questions).=0A=0APat Calhoun=0ACTO, Wireless Network=
ing Business Unit=0ACisco Systems=0A=0A =0A=0A> -----Original Message-----=
=0A> From: Behcet Sarikaya [mailto:behcetsarikaya@yahoo.com] =0A> Sent: Wed=
nesday, October 18, 2006 12:43 AM=0A> To: capwap=0A> Subject: [Capwap] CAPW=
AP for 802.11r=0A> =0A> Pat and all,=0A> =0A> The link:=0A> http://www.ietf=
.org/internet-drafts/draft-sarikaya-capwap-fast=0A> bss-00.txt=0A> is now o=
n.=0A> =0A> Regards,=0A> =0A> --behcet=0A> =0A> ----- Original Message ----=
=0A> From: Pat Calhoun (pacalhou) =0A> To: Behcet Sarik=
aya =0A> Sent: Monday, October 16, 2006 7:01:11 P=
M=0A> Subject: RE: [Capwap] CAPWAP for 802.11r=0A> =0A> ok, I will once it =
becomes available.=0A>  =0A> =0A> Pat Calhoun=0A> CTO, Wireless Networking =
Business Unit=0A> Cisco Systems=0A> =0A>  =0A> =0A>     =0A> --------------=
------------------------------------------------=0A> ----------=0A>     *Fr=
om:* Behcet Sarikaya [mailto:behcetsarikaya@yahoo.com]=0A>     *Sent:* Mond=
ay, October 16, 2006 4:41 PM=0A>     *To:* Pat Calhoun (pacalhou); capwap@f=
rascone.com=0A>     *Subject:* Re: [Capwap] CAPWAP for 802.11r=0A> =0A>    =
 Pat,=0A> =0A> =0A>     ----- Original Message ----=0A>     From: Pat Calho=
un (pacalhou) =0A>     To: Behcet Sarikaya ; =0A> capwap@frascone.com=0A>     Sent: Monday, October 16, =
2006 1:02:43 PM=0A>     Subject: RE: [Capwap] CAPWAP for 802.11r=0A> =0A>  =
   Behcet,=0A>      =0A>     I believe we've discussed this idea a few time=
s, and I am still=0A>     unsure why we believe CAPWAP needs to define anyt=
hing to support=0A>     TGr. The current CAPWAP protocol is sufficient to s=
upport the=0A>     upcoming standard.=0A> =0A>     =3D=3D>=0A>     The basi=
s is there but we need several extensions.=0A>     Please read the draft an=
d comment, then we can make a =0A> more informed=0A>     decision, I think.=
=0A> =0A> =0A>     Pat Calhoun=0A>     CTO, Wireless Networking Business Un=
it=0A>     Cisco Systems=0A> =0A>      =0A>     Regards,=0A> =0A>     --beh=
cet=0A> =0A>         =0A> -------------------------------------------------=
-------------=0A> ----------=0A>         *From:* Behcet Sarikaya [mailto:be=
hcetsarikaya@yahoo.com]=0A>         *Sent:* Saturday, October 14, 2006 8:33=
 AM=0A>         *To:* capwap@frascone.com=0A>         *Subject:* [Capwap] C=
APWAP for 802.11r=0A> =0A>         Dear all,=0A>           I submitted a dr=
aft on CAPWAP Roaming Protocol in =0A> 802.11R Domains.=0A>         It shou=
ld be available soon at the following link:=0A> =0A>         =0A> http://ww=
w.ietf.org/internet-drafts/draft-sarikaya-capwap-fast=0A> bss-00.txt=0A> =
=0A>         Regards,=0A> =0A>         Behcet=0A> =0A> ____________________=
_____________________________________________=0A> To unsubscribe or modify =
your subscription options, please visit:=0A> http://lists.frascone.com/mail=
man/listinfo/capwap=0A> =0A> Archives: http://lists.frascone.com/pipermail/=
capwap=0A> =0A_____________________________________________________________=
____=0ATo unsubscribe or modify your subscription options, please visit:=0A=
http://lists.frascone.com/mailman/listinfo/capwap=0A=0AArchives: http://lis=
ts.frascone.com/pipermail/capwap=0A=0A=0A=0A=0A
--0-1669331040-1161302565=:48025
Content-Type: text/html; charset=ascii
Content-Transfer-Encoding: quoted-printable

Hi Pat and Charles,

Section 8.5A.6 in 8=
02.11r D3 describes the key distribution protocol. It is true that earlier =
versions like D2.2 did not have it.
So my Local MAC scenarios were based=
 on this protocol.
  The key distribution protocol makes it unneces=
sary to use the context transfer ahead of time and it is quite nice to gene=
rate and transfer the key in a just-in-time manner. I thought it was good a=
nd used it in CAPWAPRP.

  Regards,

Behcet 

http://=
www.ietf.org/internet-drafts/draft-sarikaya-capwap-fast
> bss-00.=
txt
> is now
 on.
> 
> Regards,
> 
> --behcet
> 
> -=
---- Original Message ----
> From: Pat Calhoun (pacalhou) <pcalhou=
n@cisco.com>
> To: Behcet Sarikaya <behcetsarikaya@yahoo.com>=
;
> Sent: Monday, October 16, 2006 7:01:11 PM
> Subject: RE: [C=
apwap] CAPWAP for 802.11r
> 
> ok, I will once it becomes avail=
able.
>  
> 
> Pat Calhoun
> CTO, Wireles=
s Networking Business Unit
> Cisco Systems
> 
> &nbs=
p;
> 
>     
> ----------------------=
----------------------------------------
> ----------
> &n=
bsp;   *From:* Behcet Sarikaya [mailto:behcetsarikaya@yahoo.com]<=
br>>     *Sent:* Monday, October 16, 2006 4:41 PM>     *To:* Pat Calhoun (pacalhou); capwap@frascone=
.com
>     *Subject:* Re: [Capwap] CAPWAP for 802=
.11r
>
 
>     Pat,
> 
> 
>  =
;   ----- Original Message ----
>     F=
rom: Pat Calhoun (pacalhou) <pcalhoun@cisco.com>
>  &=
nbsp;  To: Behcet Sarikaya <behcetsarikaya@yahoo.com>; 
> =
capwap@frascone.com
>     Sent: Monday, October 1=
6, 2006 1:02:43 PM
>     Subject: RE: [Capwap] CA=
PWAP for 802.11r
> 
>     Behcet,
>&n=
bsp;     
>     I believ=
e we've discussed this idea a few times, and I am still
>  =
   unsure why we believe CAPWAP needs to define anything to suppo=
rt
>     TGr. The current CAPWAP protocol is suff=
icient to support the
>     upcoming standard.> 
>     =3D=3D>
>   =
  The basis
 is there but we need several extensions.
>     P=
lease read the draft and comment, then we can make a 
> more informed=

>     decision, I think.
> 
> 
&g=
t;     Pat Calhoun
>     CTO,=
 Wireless Networking Business Unit
>     Cisco Sy=
stems
> 
>      
> &nb=
sp;   Regards,
> 
>     --behcet<=
br>> 
>         
> -=
-------------------------------------------------------------
> -----=
-----
>         *From:* Behce=
t Sarikaya [mailto:behcetsarikaya@yahoo.com]
>    =
;     *Sent:* Saturday, October 14, 2006 8:33 AM
>=
;         *To:*
 capwap@frascone.com
>        =
; *Subject:* [Capwap] CAPWAP for 802.11r
> 
>   =
      Dear all,
>    &nb=
sp;      I submitted a draft on CAPWAP Roaming Pro=
tocol in 
> 802.11R Domains.
>     &nb=
sp;   It should be available soon at the following link:
> =

>         
> http://www.ietf.org/internet-drafts/draft-sarikaya-capwap-fast=

> bss-00.txt
> 
>      &nb=
sp;  Regards,
> 
>      &nbs=
p;  Behcet
> 
> __________________________________________=
_______________________
> To unsubscribe or modify your subscription =
options, please
 visit:
> http://lists.frascone.com/mailman/listinfo/capwap<=
br>> 
> Archives: http://lists.frascone.com/pipermail/capwap
=
> 
_________________________________________________________________<=
br>To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/capwap

Archives: http=
://lists.frascone.com/pipermail/capwap

<= /body> --0-1669331040-1161302565=:48025-- --===============0091263836== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============0091263836==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Oct 19 22:24:43 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gak3u-00075u-8T for capwap-archive@lists.ietf.org; Thu, 19 Oct 2006 22:24:43 -0400 Received: from mx2.tigertech.net ([64.62.209.32]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gak3p-0000TM-Cy for capwap-archive@lists.ietf.org; Thu, 19 Oct 2006 22:24:42 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by hermes.tigertech.net (Postfix) with ESMTP id 8B02C144806B for ; Thu, 19 Oct 2006 19:24:33 -0700 (PDT) Received: from mx1.tigertech.net (mx1.tigertech.net [64.62.209.31]) by fry.tigertech.net (Postfix) with ESMTP id E59EF4A45AC for ; Thu, 19 Oct 2006 19:24:02 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id C7372398011 for ; Thu, 19 Oct 2006 19:24:02 -0700 (PDT) Received: from MMS3.broadcom.com (mms3.broadcom.com [216.31.210.19]) by zoidberg.tigertech.net (Postfix) with ESMTP id 824B0398037 for ; Thu, 19 Oct 2006 19:23:58 -0700 (PDT) Received: from 10.10.64.154 by MMS3.broadcom.com with ESMTP (Broadcom SMTP Relay (Email Firewall v6.2.2)); Thu, 19 Oct 2006 19:23:50 -0700 X-Server-Uuid: 450F6D01-B290-425C-84F8-E170B39A25C9 Received: by mail-irva-10.broadcom.com (Postfix, from userid 47) id 931D42AF; Thu, 19 Oct 2006 19:23:50 -0700 (PDT) Received: from mail-irva-8.broadcom.com (mail-irva-8 [10.10.64.221]) by mail-irva-10.broadcom.com (Postfix) with ESMTP id 6BAED2AE; Thu, 19 Oct 2006 19:23:50 -0700 (PDT) Received: from mail-sj1-12.sj.broadcom.com (mail-sj1-12.sj.broadcom.com [10.16.128.215]) by mail-irva-8.broadcom.com (MOS 3.7.5a-GA) with ESMTP id EIF70677; Thu, 19 Oct 2006 19:23:49 -0700 (PDT) Received: from NT-SJCA-0751.brcm.ad.broadcom.com (nt-sjca-0751 [10.16.192.221]) by mail-sj1-12.sj.broadcom.com (Postfix) with ESMTP id 6683920502; Thu, 19 Oct 2006 19:23:49 -0700 (PDT) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Thu, 19 Oct 2006 19:23:40 -0700 Message-ID: <8954613CA6BB3242A1531D916A527A41020A2F15@NT-SJCA-0751.brcm.ad.broadcom.com> In-Reply-To: <25381523.1161294114640.JavaMail.root@elwamui-mouette.atl.sa.earthlink.net> Thread-Topic: [Capwap] need clarification on UDP ports Thread-Index: Acbzx6gzRnIyqDJeSh2XVUA2VdetaQAIMftA From: "Puneet Agarwal" To: "Scott G. Kelly" , "Pat Calhoun (pacalhou)" , "Abhijit Choudhury" , "Dorothy Stanley" , "Michael Montemurro" X-WSS-ID: 6926ECBC2A0535867-01-01 X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= X-Spam-Level: Cc: capwap@frascone.com Subject: Re: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 025f8c5000216988bfe31585db759250 I agree with Scott - it is important that we come up with a solution that is unambiguous and works even if packet formats for dtls change. It seems that we (capwap) are one of the first folks trying to use DTLS. It would be good to know how other folks (if any) have used DTLS for their applications. If someone has already solved the "discovery to dtls-secure" like problem before, then it would be good to understand how they did it and maybe use a similar approach (rather than re-invent the wheel). In that regard, does anyone know of other groups using dtls to secure their protocol? Would having 3 UDP ports solve the problem: (a) capwap-open control port : All unencrypted capwap control packets go on this channel (b) capwap-open data port : All unencrypted capwap data packets go on this channel (b) capwap-secure port: All dtls encrypted capwap data/control packets go on this channel. Demux for data vs control happens after decryption. We may need more ports if we need to support different QoS levels (as pointed by Scott)- that to me is a bigger problem. Wondering what the group thinks.... Thanks. -Puneet -----Original Message----- From: Scott G. Kelly [mailto:s.kelly@ix.netcom.com] Sent: Thursday, October 19, 2006 2:42 PM To: Pat Calhoun (pacalhou); Abhijit Choudhury; Dorothy Stanley; Michael Montemurro Cc: capwap@frascone.com Subject: Re: [Capwap] need clarification on UDP ports You know, after seeing my post on this topic yesterday, I thought maybe my sarcasm was a bit overdone, and I actually regretted that post. But now, after seeing what sort of hoops you're willing to jump through to avoid that much simpler approach at apparently any cost... well, now I'm not so sure. Sigh. Comments inline... >The AC maintains a DTLS SA table which consists of the WTP's IP address >and UDP port numbers. When the AC receives a Discovery Request on the >CAPWAP control port, it performs a lookup to determine whether the >IP/Port information matches the DTLS SA table. If the IP/Port does not >match an entry in the DTLS SA table, the AC responds with a Discovery >response and waits for a successful DTLS setup, which would create a >new DTLS SA. If there is a match, then the packet is a DTLS encrypted >payload, which is sent to the DTLS stack. The following is an example >of the packet exchange (note the ports used here are for illustration >purposes only): > >WTP AC >(WTP Picks a pseudo-random source port) >----- CAPWAP Control/Discovery Request (662, 1233) ------> ><---- CAPWAP Control/Discovery Response (1233, 662) ------ > >Using Scott's recommendation to look at the WBID, which when set to any >value other than 23 (which we will need to reserve), then we know this >packet is a discovery request, and process it accordingly. One >alternative to reserving a WBID would be to require that the Reserved >field in the CAPWAP header be set to '111', which would provide another >way to differentiate the packets. Let's stop here, because this is where it starts getting twisted. I didn't recommend this sort of hack. There are two major flaws to this approach. The first is that you assume that the DTLS header format will not change. That's probably unwise, given that it is a new protocol. This early in the game, anything after the version field is fair game, and hacking based on assumptions of immutability is (in my opinion, at least) A Bad Thing (tm). The second issue here is that you're not looking carefully at the DTLS header alignment as it currently exists. Each version change results in the first version byte being decremented. It is currently FE, and the next will be FD, then FC, and so on. Look at what this means for the WBID field (which, by the way, could *also* be changed before we've finished with capwap): 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0 0 0 1|0 1 1 0 1|1 1 1 1 1|1 0 1 1 1|1 1 1 1 1 0 0 0 0 0 0 0 0| |VERSION| RID | HLEN | WBID |T|F|L|W|M| FLAGS | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-/ | type | protocol version | epoch +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-/ FEFF |1 1 1 1 1 1 1 0|1 1 1 1 1 1 1 1| +---------------+---------------+ FDFF |1 1 1 1 1 1 0 1|1 1 1 1 1 1 1 1| +---------------+---------------+ FCFF |1 1 1 1 1 1 0 0|1 1 1 1 1 1 1 1| +---------------+---------------+ FBFF |1 1 1 1 1 0 1 1|1 1 1 1 1 1 1 1| +---------------+---------------+ FAFF |1 1 1 1 1 0 1 0|1 1 1 1 1 1 1 1| +---------------+---------------+ Since there are two WBID bits affected, your scheme requires that there be at least 4 untouchable WBID values (assuming we don't change the capwap header): 7, 15, 23, and 31. This is starting to sound more than a little bit hacky, and certainly not something you want to implement in hardware. I won't go line by line on the stuff below, as this is more than I can ask people to bear. I have only two points to make here: 1) regarding the comment below where you say "Furthermore, I trust an authenticated payload much more than a bit 'in the clear'", I'm wondering: why are unauthenticated values in the UDP and IP headers more trustworthy than values following them? Think about it. 2) look at the signalling complexity you are adding! And all this to avoid ...what, exactly? Scott > >--------- DTLS Session Setup/Control (662, 1233) --------> ><-------- DTLS Session Setup/Control (1233, 662) --------- > >The WBID value of 23 will be an indication that the DTLS session is >being established (or the alternative proposed above)... at this point >all packets are from now on fed into the DTLS engine. Once the DTLS >session is established, all CAPWAP packets will be marked internally as >'Application Data', and once decrypted will be sent back into the >CAPWAP module for processing... > >-------- CAPWAP Control/Join Request (662, 1233) ---------> (includes >support for DTLS/Data) ><------- CAPWAP Control/Join Response (1233, 662) --------- (Dictates >whether DTLS is to be used on data plane, and a random cookie) > >When inactivity occurs over the control plane, the keepalive is sent to >keep the session alive (also useful for NAT traversal): > >------- CAPWAP Control/Keepalive Request (662, 1233) -----> ><------ CAPWAP Control/Keepalive Response (1233, 662) ----- > >The following is optional, and occurs if DTLS needs to be used on the >data plane UDP port: > >----------- DTLS Session Setup/Data (685, 1234) ----------> ><---------- DTLS Session Setup/Data (1234, 685) ----------- > >Again, the WBID of 23 is used to identify the DTLS packet. When used >and established, all CAPWAP data packets will be marked as 'Application >Data' within DTLS. So these packets would pop back out of the DTLS >stack for CAPWAP processing. Yes, this requires that the data plane >remember the configuration enforced by the AC, and therefore it does >not mark each packet as "with DTLS" or "without DTLS". We can do this, >but frankly it provides little value because ultimately, if DTLS was >required and a packet is sent in the clear, it will be dropped anyhow. >Furthermore, I trust an authenticated payload much more than a bit "in >the clear". > >A specialized packet is then sent on the data plane to create the >correlation between the control and data plane sessions. A new bit in >the CAPWAP header, which I will call 'D' (for Data Management) is set >so this gets treated as a specialized packet on the data plane UDP port: > >---------- CAPWAP Data/Announce Req (685, 1234) ----------> (Including >the cookie to bind to control channel) ><--------- CAPWAP Data/Announce resp (1234, 685) ---------- > >NOTE: Another alternative to this scheme is to include a session >identifier in the header, which provides the correlation between the >control and data channel. This would be much simpler to implement, and >not require special processing of the data plane. However, if folks >believe that keeping the NAT session fresh, then we need some mechanism >to keep the channel alive. If this is found to be desirable/required, >then a periodic exchange needs to occur to keep the NAT table entry >fresh (again, with the 'D' bit set): > >------- CAPWAP Data/Keepalive Request (685, 1234) --------> ><------ CAPWAP Data/Keepalive Response (1234, 685) -------- > >Should the WTP fail, it would pick a new source UDP port for both the >control and data plane, and send a Discovery Request using the control >UDP port. It is important to note that the longevity of the uniqueness >characteristics of the UDP port is not very long (e.g., one day after >reboot). This is a new requirement on the WTP, but not unrealistic >since >802.11 APs have to do this for the RADIUS protocol today (to maintain >unique session identifiers). The AC does not flush its current DTLS SA >until the DTLS exchange is complete (and successful). > >WTP AC >(WTP picks a new pseudo-random source port) >----- CAPWAP Control/Discovery Request (772, 1233) ------> ><---- CAPWAP Control/Discovery Response (1233, 772) ------ > >Using Scott's recommendation to look at the WBID, which when set to any >value other than 23 (which we will need to reserve), then we know this >packet is a discovery request, and process it accordingly. > >--------- DTLS Session Setup/Control (772, 1233) --------> ><-------- DTLS Session Setup/Control (1233, 772) --------- > >The WBID value of 23 will be an indication that the DTLS session is >being established... at this point all packets are from now on fed into >the DTLS engine. > >If NAT is used, it is possible that the WTP's source IP address is used >for multiple WTPs. In this case, the AC can identify each WTP using the >DTLS credentials. The AC can then delete the old DTLS SAs (control and >optionally data), that are associated with the WTP's credentials. >Alternatively, the AC could simply wait for the sessions to expire. > > >Pat Calhoun >CTO, Wireless Networking Business Unit >Cisco Systems > > > > >________________________________ > > From: Abhijit Choudhury [mailto:Abhijit@sinett.com] > Sent: Tuesday, October 17, 2006 10:08 AM > To: Dorothy Stanley; Pat Calhoun (pacalhou); Michael Montemurro > Cc: capwap@frascone.com > Subject: need clarification on UDP ports > > > Pat, Mike, Dorothy: > > I have a question based on v03 of the capwap spec. > In section 3.1, the spec mentions well-known UDP > ports for the CAPWAP control and data packets. > > There are four kinds of CAPWAP packets: > 1. DTLS protected control packets > 2. Unprotected control packets > 3. Unprotected data packets > 4. (Optional) DTLS protected data packets > > Will there be 4 well-known UDP port numbers ? > > 1, 2 and 3 will be present simultaneously in any > deployment. 3 and 4 may co-exist in a deployment > if some data channels are encrypted and some not. > There has to be a way to distinguish these four > kinds of packets. The draft is not clear about how > this is done. > > Thanks, > Abhijit > > >_________________________________________________________________ >To unsubscribe or modify your subscription options, please visit: >http://lists.frascone.com/mailman/listinfo/capwap > >Archives: http://lists.frascone.com/pipermail/capwap _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Oct 19 22:34:24 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GakDI-0002iB-3g for capwap-archive@lists.ietf.org; Thu, 19 Oct 2006 22:34:24 -0400 Received: from mx2.tigertech.net ([64.62.209.32]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GakDG-0004wV-9G for capwap-archive@lists.ietf.org; Thu, 19 Oct 2006 22:34:24 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by hermes.tigertech.net (Postfix) with ESMTP id CC10F1448031 for ; Thu, 19 Oct 2006 19:34:18 -0700 (PDT) Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32]) by fry.tigertech.net (Postfix) with ESMTP id A7BA44A45AC for ; Thu, 19 Oct 2006 19:33:53 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 817611448031 for ; Thu, 19 Oct 2006 19:33:53 -0700 (PDT) Received: from smtp.mei.co.jp (smtp.mei.co.jp [133.183.129.25]) by hermes.tigertech.net (Postfix) with ESMTP id 2C9B8144802F for ; Thu, 19 Oct 2006 19:33:51 -0700 (PDT) Received: from mail-gw.jp.panasonic.com (dodgers.mei.co.jp [157.8.1.150]) by smtp.mei.co.jp (8.12.11.20060614/3.7W/jazz) with ESMTP id k9K2Xmho018626; Fri, 20 Oct 2006 11:33:48 +0900 (JST) Received: by mail-gw.jp.panasonic.com (8.11.6p2/3.7W/somlx1) with ESMTP id k9K2Xnb16285; Fri, 20 Oct 2006 11:33:49 +0900 (JST) Received: from pslexc01.psl.local (localhost [127.0.0.1]) by mail.jp.panasonic.com (8.11.6p2/3.7W/whitesox) with ESMTP id k9K2XlF01457; Fri, 20 Oct 2006 11:33:47 +0900 (JST) X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Fri, 20 Oct 2006 10:32:35 +0800 Message-ID: <5F09D220B62F79418461A978CA0921BD013E3728@pslexc01.psl.local> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] Issue 43 - Explanation for 802.11i Considerations Thread-Index: Acbu8s465akdTlO6RPehFnWHhbI5OAE/JCpw From: "Cheng Hong" To: "Scott Kelly" , X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes X-Spam-Status: No, hits=0.4 tagged_above=-999.0 required=7.0 tests=DNS_FROM_RFC_ABUSE, FORGED_RCVD_HELO X-Spam-Level: Subject: Re: [Capwap] Issue 43 - Explanation for 802.11i Considerations X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.1 (/) X-Scan-Signature: c2e58d9873012c90703822e287241385 Hi Scott and all, That is an excellent summary of the issue. Would suggest including the whole analysis into the Security Consideration of the CAPWAP spec regardless which final approach the group decides to take (since this issue is specific to/introduced by CAPWAP architecture). cheers Cheng Hong > -----Original Message----- > From: Scott Kelly [mailto:skelly@arubanetworks.com] > Sent: Saturday, October 14, 2006 2:10 AM > To: capwap@frascone.com > Subject: Re: [Capwap] Issue 43 - Explanation for 802.11i > Considerations > > Hi All, > > Charles and I have been discussing the keyrsc issue, and > we're in agreement on an opinion of the overall security > implications. > > To summarize briefly, there are small exposures in either > case which are both pretty trivial. The small replay exposure > is probably the more acceptable of the two, given the > complexity level of the proposed 'fix'. > The added complexity of passing the KCK to the WTP together > with the slight associated exposure tips the scale slightly > more toward the "just choose a keyrsc value that will work > (zero or a better one if you know it)" solution. > > If you want the background considerations, a more detailed > discussion follows. Otherwise, there you have it. > > -------------------------------------------------------------- > ---------- > ---- > 1. Setting KeyRSC = 0 > > In the current CAPWAP protocol, the 4-way handshake occurs > between the AC and the STA, and once this is complete, the AC > pushes the 802.11 cryptographic key material (the PTK) to the > WTP. In cases where a GTK (the group transient key, which is > used to cryptographically protect broadcast/multicast > traffic) is already active for the ESSID the STA is > associating to, the GTK is identified in message 3 of the > 4-way handshake, along with the current receive sequence > counter (KeyRSC) for messages protected under that key. Since > the WTP maintains the active KeyRSC, the AC currently has no > way to know precisely what the correct value is at the point > at which message 3 is constructed. To work around this, LWAPP > designers chose to have the AC simply set this value to 0. > > This decision does not affect the WTP, who maintains this > counter; it only affects the STA. Hence, there is no > interoperability implication to this behavior. The STA, upon > receiving the first valid broadcast/multicast message from > the WTP, will update its RSC to the correct value, and will > be synchronized with the WTP's value from then on. > > The security consequences of this approach are as follows: > > - the period beginning when the STA installs the GTK and > KeyRSC and ending when the STA receives the first valid > bcast/mcast message from the WTP represents a window of > opportuntity for an attacker > > - the window has two dimensions: the time it remains open, > and the relative width, which is measured in terms of the > difference between the current valid KeyRSC value and 0 (i.e. > the magnitude of the current > KeyRSC) > > - so long as this window remains open, an adversary could > replay previous valid bcast/mcast messages, and so long as > those messages are replayed in monotonically increasing order > with respect to the RSC value, the STA would accept these > messages as valid. The higher the current KeyRSC, the more > messages an adversary could potentially replay, assuming no > valid bcast/mcast messages were sent by the WTP (i.e. the > window remained open). > > 1.1 Mitigating Circumstances > > - typical wireless networks with a small population of users > will see multiple broadcasts per second, so this window will > normally be open for a very short (sub-second) interval. > > - an unauthenticated (outsider) adversary would be restricted > to blindly playing back mcast/bcast traffic; while the > adverary could make some inferences with respect to the > encrypted traffic type based on traffic analysis techniques, > the adversary could not be certain of what message content he > was replaying. > > - an authenticated adversary would be capable of selectively > playing back mcast/bcast messages whose content is known, but > that same adversary could generate the same (or similar) > messages in real-time even after the STA's KeyRSC is updated. > That is, there is little benefit in replaying existing > messages rather than simply constructing new ones. > > - if there are mcast/bcast message streams suitable for > launching an attack, in order to know that such an attack is > present in the recorded stream, the attacker would with high > probablility need to be an insider > - in which case replay capability is not a necessary > condition for launching the attack. > > 1.2 Conclusions > > Setting the KeyRSC to 0 opens a small window of opportunity > during which previously transmitted mcast/bcast traffic could > be replayed. While this could have operational implications > (e.g. the STA might instantiate stale ARP entries, receive > stale NetBIOS packets to which it may respond, or receive > other invalid information that somehow 'contaminates' its > view of the network), we believe the impact would be both > detectable and quite small in a reasonably robust STA. > > Also, the primary threat introduced pertains to an outsider > blindly playing back recorded data, as an insider would have > knowledge of the group key, and so rather than wasting time > collecting packets off the air and attempting to replay them > within a window of opportunity of indefinite size, the > adversary would be better advised to simply generate the > spurious packets. That is, an insider adversary has better > tools at his disposal than this window of opportunity provides. > > While it is certainly prudent to narrow the window as much as > is practicable, this must be weighed carefully against the > complexity of the solution vs the minimal threat level this > represents. > > > 2. WTP puts current KeyRSC into message 3 > > One proposed solution the problem of the AC not knowing the > current KeyRSC entails having the WTP insert the correct > value in message 3 of the 4-way handshake. This requires the > WTP to know the Key Confirmation Key (KCK) in order to > compute the MIC on the message. Currently, this value is only > known to the AC and STA. > > The security considerations for this approach are as follows: > > - currently, the WTP has no knowledge of the KCK; having this > value would provide the WTP with the ability to modify the > RSN Information Element (IE) containing the supported > cryptographic algorithms advertised by the AC during the > association process. This IE is included in this message > explicitly because the MIC computation provides a secure > mechanism for validating the value used during association > against this authenticated value. That mechanism would now be > open to subversion, and in particular, the WTP would have the > ability to downgrade the cryptographic algorithms the AC is > advertising without the ACs knowledge. > > 2.1 Mitigating Circumstances > > - an evil WTP would also have access to the PTK once the > 4-way handshake completes. Almost anything that could be > accomplished via a downgrade attack could also be > accomplished by passing off the PTK to a collaborator. > > - the downgraded RSN IE's used during association could be > detected using sniffers > > - that fact that STAs are associating with downgraded > capabilities could be detected via log inspection > > 2.2 Conclusions > > The minimal exposure introduced by communicating the KCK to > the WTP does not represent a signficant threat due to the > fact that the WTP also possesses the PTK. This implies that > appropriate measures are already in place to ensure the > trustworthiness of the WTP. While one could dream up > scenarios in which a collaborating evil STA took advantage of > the downgraded cryptographic algorithms to somehow attack an > unsuspecting STA, there are plenty of ways in which the evil > WTP could communicate the PTK to the evil STA, so possession > of the KCK adds little adversarial capability. > > > 3. Recommendations > > Security analysis is often very subtle, and there is > certainly some art involved. This appears to be one of those > difficult cases in which some art will be required. Both > approaches to this problem entail vulnerabilities. The > question is, do these represent real-world threats from a > practical standpoint? > > In terms of the small window of opportunity opened by setting > KeyRSC=0, it is difficult to imagine how this could be > leveraged by an outsider adversary, especially given that the > window size will be sub-second on typical networks. And it's > even more of a stretch to imagine an insider (who has access > to the GTK and the ability to send legitimate bcast/mcast > frames) choosing this avenue for an attack. > > Odds seem very much in our favor that nothing bad will happen > if we leave this small window open, and after reviewing this > briefly, Russ Housley agrees. > > In terms of the potential downgrade vulnerability introduced > by giving the KCK to a subverted WTP, it seems clear that > there most likely would be bigger worries there. It's not > totally impossible to cook up an attack scenario, but there > are almost certainly simpler avenues of attack. > > Still, on a practical level, pushing the KCK to the WTP adds > complexity. > The KCK would have to be delivered to the WTP somehow (and in > an acknowledged CAPWAP control message, while the 4-way > handshake is carried in the data channel). This would add > latency to the association process (already a problem as it > is, and this would only make it worse). > > Both approaches have what appear to be minor security > implications, yet neither approach invites any obvious > attack. It is entirely possible that there is no practical > way to exploit the weaknesses exposed in either case, but it > is also at least slightly possible that some subtle set of > circumstances might lead to an exploit in one case or the > other - we simply cannot be certain. > > Taking these things into consideration, it seems like a good > operational compromise to assume the limited risk associated > with the minimally open replay window, while providing > appropriate security recommendations to try to narrow it if > it is possible to do so with minimal added complexity. > -------------------------------- > > Let us know if you have any further questions on this. > > Scott > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap > > Archives: http://lists.frascone.com/pipermail/capwap > _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From akstcartistruemnsdgs@artistrue.com Fri Oct 20 09:00:57 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gatzd-0001sT-Bp for capwap-archive@lists.ietf.org; Fri, 20 Oct 2006 09:00:57 -0400 Received: from d039244.adsl.hansenet.de ([80.171.39.244]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gatza-0002Mc-Sj for capwap-archive@lists.ietf.org; Fri, 20 Oct 2006 09:00:57 -0400 Received: from 216.193.201.145 (HELO mailcluster.globat.com) by lists.ietf.org with esmtp (MV6NRF3J O70TQ6) id KMT9M4-GV279E-FA for capwap-archive@lists.ietf.org; Fri, 20 Nov 2006 13:00:01 -0060 Date: Fri, 20 Nov 2006 13:00:01 -0060 From: "Amalia Baird" X-Mailer: The Bat! (v3.62.14) UNREG / CD5BF9353B3B7091 X-Priority: 3 (Normal) Message-ID: <993744558.32495702705116@thebat.net> To: capwap-archive@lists.ietf.org Subject: 27% up today MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: 8bit X-Spam: Not detected X-Spam-Score: 3.2 (+++) X-Scan-Signature: 856eb5f76e7a34990d1d457d8e8e5b7f Hi Mariano, look at it its' 27% UP! I mentioned about this company yesterday known as American Unity Investments Inc (AUNI) Yay, I told you to watch it yesterday and it boomed from .7to .9! I made easy 20% just in one single day.I am amazed, did you buy some as well I hope? As you can see its climbing, but by just looking at it I can tell it's gonna explode even more.So you still have a window to digg in while it's still in it's low.So what a hey, go ahead buy some, make some money while it's there. It can easily do another 30% tomorrow.I wouldn't wait any longer if I be you... I hope it was a helper.I'll email you later this week. Patti. a common flirt than she has been here. the officers will find women better worth their notice. let us "i do assure you, sir, that i have no pretensions whatever to that kind of elegance which consists From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Fri Oct 20 10:22:05 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GavG9-0006sV-5x for capwap-archive@lists.ietf.org; Fri, 20 Oct 2006 10:22:05 -0400 Received: from mx2.tigertech.net ([64.62.209.32]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GavG5-0007wo-BE for capwap-archive@lists.ietf.org; Fri, 20 Oct 2006 10:22:05 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by hermes.tigertech.net (Postfix) with ESMTP id 6C0A91448047 for ; Fri, 20 Oct 2006 07:21:56 -0700 (PDT) Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32]) by fry.tigertech.net (Postfix) with ESMTP id 95D024A43C6 for ; Fri, 20 Oct 2006 07:21:01 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 7C4CA144801F for ; Fri, 20 Oct 2006 07:21:01 -0700 (PDT) Received: from sccrmhc14.comcast.net (sccrmhc14.comcast.net [204.127.200.84]) by hermes.tigertech.net (Postfix) with ESMTP id F228B1448032 for ; Fri, 20 Oct 2006 07:20:57 -0700 (PDT) Received: from [192.168.0.3] (c-68-49-199-146.hsd1.md.comcast.net[68.49.199.146]) by comcast.net (sccrmhc14) with ESMTP id <2006102014205601400qretde>; Fri, 20 Oct 2006 14:20:56 +0000 Message-ID: <4538DB4C.3040605@cs.umd.edu> Date: Fri, 20 Oct 2006 10:21:00 -0400 From: Charles Clancy User-Agent: Thunderbird 1.5.0.7 (Windows/20060909) MIME-Version: 1.0 To: Behcet Sarikaya References: <20061020000245.51543.qmail@web60324.mail.yahoo.com> In-Reply-To: <20061020000245.51543.qmail@web60324.mail.yahoo.com> Content-Type: multipart/mixed; boundary="------------030908010301070905030203" X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes X-Spam-Status: No, hits=0.4 tagged_above=-999.0 required=7.0 tests=DNS_FROM_RFC_ABUSE X-Spam-Level: Cc: capwap Subject: Re: [Capwap] CAPWAP for 802.11r X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 7118f330e2af0a096ba071c5e99ca10e This is a multi-part message in MIME format. --------------030908010301070905030203 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Behcet, 11R D3 8.5A.6 (attached for those interested) defines the basic properties and summarizes the exchanges, but I don't see any packet formats, transport mechanism, link security mechanism, or method for establishing a trust relationship between the MDC and possible KHs. In CAPWAP, there's no AAA context to transfer, because the AAA context always resides at the AC. Using the existing mechanism for key distribution (via Add Mobile messages) is sufficient for transporting PTKs to the WTPs. -- t. charles clancy, ph.d. | tcc@umd.edu | www.cs.umd.edu/~clancy Behcet Sarikaya wrote: > Hi Pat and Charles, > > Section 8.5A.6 in 802.11r D3 describes the key distribution protocol. It > is true that earlier versions like D2.2 did not have it. > So my Local MAC scenarios were based on this protocol. > The key distribution protocol makes it unnecessary to use the context > transfer ahead of time and it is quite nice to generate and transfer the > key in a just-in-time manner. I thought it was good and used it in CAPWAPRP. > > Regards, > > Behcet > > ----- Original Message ---- > From: Pat Calhoun (pacalhou) > To: sarikaya@ieee.org; capwap > Sent: Thursday, October 19, 2006 11:31:51 AM > Subject: Re: [Capwap] CAPWAP for 802.11r > > Behcet, > > The architecture laid out in your specification seems to conflict with > the CAPWAP architecture. > > A couple of specific concerns before I get into the meat of the > document: > > > We use [802.11r] key distribution protocol for transfering key > context > > for Local MAC WTPs. > > The latest 802.11r draft does not define a key distribution protocol to > move key context across WTPs (or APs). So I am not sure what we are > refering to. > > > AC next generates PMK-R1 for R1 key holder (R1KH), i.e. the WTP. > AC > > is now in a position to transfer PMK-R1 context and associated > > authorization to the WTP. R1KH and STA perform a 4-way handshake > and > > generate the session key, PTK. > > The CAPWAP protocol does not assume that the PMK is ever transferred > down into the WTP. Furthermore, the protocol assumes the authenticator > resides in the AC - not the WTP. So this statement seems to change the > fundamental architecture of the CAPWAP protocol. > > I will have many additional questions once I read the specification > completely, but first want to make sure that we agree on whether the > spec is in scope or not (by answering the above questions). > > Pat Calhoun > CTO, Wireless Networking Business Unit > Cisco Systems > > > > > -----Original Message----- > > From: Behcet Sarikaya [mailto:behcetsarikaya@yahoo.com] > > Sent: Wednesday, October 18, 2006 12:43 AM > > To: capwap > > Subject: [Capwap] CAPWAP for 802.11r > > > > Pat and all, > > > > The link: > > http://www.ietf.org/internet-drafts/draft-sarikaya-capwap-fast > > bss-00.txt > > is now on. > > > > Regards, > > > > --behcet > > > > ----- Original Message ---- > > From: Pat Calhoun (pacalhou) > > To: Behcet Sarikaya > > Sent: Monday, October 16, 2006 7:01:11 PM > > Subject: RE: [Capwap] CAPWAP for 802.11r > > > > ok, I will once it becomes available. > > > > > > Pat Calhoun > > CTO, Wireless Networking Business Unit > > Cisco Systems > > > > > > > > > > -------------------------------------------------------------- > > ---------- > > *From:* Behcet Sarikaya [mailto:behcetsarikaya@yahoo.com] > > *Sent:* Monday, October 16, 2006 4:41 PM > > *To:* Pat Calhoun (pacalhou); capwap@frascone.com > > *Subject:* Re: [Capwap] CAPWAP for 802.11r > > > > Pat, > > > > > > ----- Original Message ---- > > From: Pat Calhoun (pacalhou) > > To: Behcet Sarikaya ; > > capwap@frascone.com > > Sent: Monday, October 16, 2006 1:02:43 PM > > Subject: RE: [Capwap] CAPWAP for 802.11r > > > > Behcet, > > > > I believe we've discussed this idea a few times, and I am still > > unsure why we believe CAPWAP needs to define anything to support > > TGr. The current CAPWAP protocol is sufficient to support the > > upcoming standard. > > > > ==> > > The basis is there but we need several extensions. > > Please read the draft and comment, then we can make a > > more informed > > decision, I think. > > > > > > Pat Calhoun > > CTO, Wireless Networking Business Unit > > Cisco Systems > > > > > > Regards, > > > > --behcet > > > > > > -------------------------------------------------------------- > > ---------- > > *From:* Behcet Sarikaya [mailto:behcetsarikaya@yahoo.com] > > *Sent:* Saturday, October 14, 2006 8:33 AM > > *To:* capwap@frascone.com > > *Subject:* [Capwap] CAPWAP for 802.11r > > > > Dear all, > > I submitted a draft on CAPWAP Roaming Protocol in > > 802.11R Domains. > > It should be available soon at the following link: > > > > > > http://www.ietf.org/internet-drafts/draft-sarikaya-capwap-fast > > bss-00.txt > > > > Regards, > > > > Behcet > > > > _________________________________________________________________ > > To unsubscribe or modify your subscription options, please visit: > > http://lists.frascone.com/mailman/listinfo/capwap > > > > Archives: http://lists.frascone.com/pipermail/capwap > > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap > > Archives: http://lists.frascone.com/pipermail/capwap > > > ------------------------------------------------------------------------ > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap > > Archives: http://lists.frascone.com/pipermail/capwap --------------030908010301070905030203 Content-Type: text/plain; name="11r-D3-8.5A.6.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="11r-D3-8.5A.6.txt" 8.5A.6 PMK-R1 distribution within a mobility domain The following procedures are used to distribute PMK-R1s. The STA first derives PMK-R0 keys for use in fast BSS transitions (via the FT Initial Association procedures defined in clause 8A.2) utilizing information from the target AP as defined in 8.5A.4. When the IEEE 802.1X AKM is used to establish keys, the PMK-R0 Key Holder derives the PMK-R0 key utilizing the MSK acquired through EAP based authentication. The PMK-R0 shall be stored in a component called the PMK-R0 Key Holder. Each PMK-R0 Key Holder is responsible for deriving a PMK-R1 key for key for each PMK-R1 Key Holder in the mobility domain. The PMK-R1 shall be stored in a component called the PMK-R1 Key Holder. PMK-R1 keys are distributed to PMK-R1 Key Holders by the PMK-R0 Key Holder using a secure three party protocol described herein. The Mobility Domain Controller (MDC) shall mutually authenticate and authorize all members of the mobility domain that can be Key Holders. Using the MDC all Key Holders can establish security associations with each other. The identities they use during the authentication process shall be their NAS-Id which is identical to the information included in the NASID IE in all beacons and probe responses. The Key Distribution Protocol has the following properties - Authentication of entities involved in key distribution - Confidentiality of the key distribution - Authorization of the status of a PMK-R1 holder - Validation of the authorization - Receipt of the key is acknowledged - Correctness of the authorization attributes assigned to the STA The Key Distribution Protocol is initiated by the STA by including an R1DIST Information element along with other Fast BSS Transition Information Elements in either Authentication or Action frames. The token of this element shall be the AES-KeyWrap of a sixteen (16) octet random number chosen by the STA, called Ns, concatenated with the identity of the target AP as determined by the NASID Information Element in its beacons and probe responses. The key used to perform this wrapping shall be "mk" described in section 8.5A.4. The target AP shall extract the token from the R1DIST Information Element and send it along with the MAC address of the STA to the R0KH identified in the FTIE under the protection of the security association the target AP (a Key Holder) shares with the PMK-R0 Key Holder. If the target AP does not recognize the R0KH in the FTIE or does not have a security association with it authentication fails with status 38 ("the request has not been successful as one or more parameters have invalid values"). Upon receipt of this message the R0KH looks up the PMK-R0 security association it shares with the STA based upon the MAC address in the message. It then unwraps the token using "mk" describe in section 8.5A.4. If the unwrapping fails or the R0KH does not have a PMK-R0 security association for that STA it returns a failure message to the target AP which then fails the authentication attempt with status 38. The R0KH compares the NAS-Id from the unwrapped token with the identity the target AP used during when establishing its shared security association. If the two do not match the R0KH returns a failure message to the target AP which then fails the authentication attempt with status 38. The R0KH then chooses a sixteen (16) octet random number, called Na, and constructs a message back to the target AP consisting of the STA's MAC address, Ns, Na, the PMK-R1, the PMK-R1 Name, all authorization attributes associated with PMKR0 (e.g. session lifetime), and a token representing an AES-KeyWrapping of the NAS-Id of the target AP from the shared security association and Na. The wrapping shall use "mk" described in section 8.5A.4. Upon receipt of this message the target AP shall instantiate a PMK-R1 security association and construct either an Authentication response frame or response action frame depending on the type of request received originally. This frame will include, along with other Fast BSS Transition IEs, an RT1DIST IE which shall encapsulate the token it received from the PMK-R0 Key Holder, and an R1DISTV IE which shall consist of the digest of SHA-256(Ns|Na). Upon receipt of this frame the STA shall perform the following additional validation: it shall unwrap the token in the R1DIST IE and compare the enclosed NAS-Id with the one it received from the target AP in a beacon or probe response. If they do not match the STA must treat this as an authentication failure. If they match the STA computes the digest of SHA-256(Ns|Na) using Na from the unwrapped token and compares it to the value in the R1DISTV IE. If they do not match the STA must treat this as an authentication failure. If they match the STA instantiates its own version of a PMK-R1 security association to share with the target AP and continues with Fast BSS Transition. --------------030908010301070905030203 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --------------030908010301070905030203-- From akqmodsg@tpnet.pl Fri Oct 20 10:26:24 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GavKK-0007jl-Jl for capwap-archive@ietf.org; Fri, 20 Oct 2006 10:26:24 -0400 Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=chiedprmail1.ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GavKK-0000JR-Ej for capwap-archive@ietf.org; Fri, 20 Oct 2006 10:26:24 -0400 Received: from esq164.neoplus.adsl.tpnet.pl ([83.20.136.164]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1GavKH-0005Tu-FC for capwap-archive@ietf.org; Fri, 20 Oct 2006 10:26:24 -0400 Message-ID: <001201c6f453$bdfac8f0$a4881453@HP28998303564> From: "hard" To: capwap-archive@ietf.org Subject: Nazareth Netanya Date: Fri, 20 Oct 2006 16:26:33 +0200 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_000E_01C6F464.818398F0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 X-Spam-Score: 3.4 (+++) X-Scan-Signature: 3be09dac38eaa50f02d21c7fcee1128c ------=_NextPart_000_000E_01C6F464.818398F0 Content-Type: multipart/alternative; boundary="----=_NextPart_001_000F_01C6F464.818398F0" ------=_NextPart_001_000F_01C6F464.818398F0 Content-Type: text/plain; charset="windows-1250" Content-Transfer-Encoding: quoted-printable Updated Vehicles or able parallel park in themselves while sit relax = behind or wheel is Local reportnew Toyota hybrid a Britain parking = assist showed video driver of sitting steering pulled. Fellow walked into of pep rally management Chicagos Logan Square see = Mikhaela is? Hearts Congressdo cronyism trump am oversight corporate Frida am = Berrigan Feces soldiers. Imminent offer transfer or files another am failure am messages appear = during am bootup processif couple check will must setup. Serious = Colleague in Revision Number created is Spam Gently persistent Polish = Shine Sensible Common Wasting Exclusives Editorial Calendars Three. Then is spend yours in bookmark like am Recommend Trial Listed or Cannot = contents sites of therefore of careful giving of acceptance a Policyhome = Poptech of Outreach a Campaign Disability Insurance sdi entitled is = weeks is. Free in member lifestyle area or area vacate am apartment search pool = lifestyle is benefit enjoy am rooms season ie exchange ages a feeling = adventure Young wanting oe Gapyear starting tertiary study a studying = break. Microsoft or Mindshare raquo downloads in nti Ninja or one or day Sept = Submitted of don Beach sun or Newtech inc announced usb storage = utility. Sriracha Arab in Emirates abu of Dhabi Dubai is Sharjah Kingdom Blakeney = a Brighton Cambridge Colchester Cranfield Eastbourne is Edinburgh of = Hull Kings Leeds? Focus survey approach chance creative news am softer = shelf in used deems Search Zone. Feeds Hardware Pcbug Computer Group Naples Username Password Create in = password in Navigation Faqs Meeting hear recovering disk failure = Acronis. Supports George Best memorial charity am fundraiser lead or vocalist a = from Brian Bloom Velve Tquot waiting for real in life beginquot. ------=_NextPart_001_000F_01C6F464.818398F0 Content-Type: text/html; charset="windows-1250" Content-Transfer-Encoding: quoted-printable

Updated Vehicles or able parallel park = in=20 themselves while sit relax behind or wheel is Local reportnew Toyota = hybrid a=20 Britain parking assist showed video driver of sitting steering = pulled.
Fellow=20 walked into of pep rally management Chicagos Logan Square see Mikhaela=20 is?
Hearts Congressdo cronyism trump am oversight corporate Frida am = Berrigan=20 Feces soldiers.
Imminent offer transfer or files another am failure = am=20 messages appear during am bootup processif couple check will must setup. = Serious=20 Colleague in Revision Number created is Spam Gently persistent Polish = Shine=20 Sensible Common Wasting Exclusives Editorial Calendars Three.
Then is = spend=20 yours in bookmark like am Recommend Trial Listed or Cannot contents = sites of=20 therefore of careful giving of acceptance a Policyhome Poptech of = Outreach a=20 Campaign Disability Insurance sdi entitled is weeks is.

Free in member lifestyle area or area = vacate am=20 apartment search pool lifestyle is benefit enjoy am rooms season ie = exchange=20 ages a feeling adventure Young wanting oe Gapyear starting tertiary = study a=20 studying break.
Microsoft or Mindshare raquo downloads in nti Ninja = or one or=20 day Sept Submitted of don Beach sun or Newtech inc announced usb = storage=20 utility.
Sriracha Arab in Emirates abu of Dhabi Dubai is Sharjah = Kingdom=20 Blakeney a Brighton Cambridge Colchester Cranfield Eastbourne is = Edinburgh of=20 Hull Kings Leeds? Focus survey approach chance creative news am softer = shelf in=20 used deems Search Zone.
Feeds Hardware Pcbug Computer Group Naples = Username=20 Password Create in password in Navigation Faqs Meeting hear recovering = disk=20 failure Acronis.
Supports George Best memorial charity am fundraiser = lead or=20 vocalist a from Brian Bloom Velve Tquot waiting for real in life=20 beginquot.

------=_NextPart_001_000F_01C6F464.818398F0-- ------=_NextPart_000_000E_01C6F464.818398F0 Content-Type: image/gif; name="holidays..gif" Content-Transfer-Encoding: base64 Content-ID: <000d01c6f453$bdfac8f0$a4881453@HP28998303564> R0lGODlhTALgAfcAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwMDcwKbK8EAgAGAgAIAgAKAgAMAg AOAgAABAACBAAEBAAGBAAIBAAKBAAMBAAOBAAABgACBgAEBgAGBgAIBgAKBgAMBgAOBgAACAACCA AECAAGCAAICAAKCAAMCAAOCAAACgACCgAECgAGCgAICgAKCgAMCgAOCgAADAACDAAEDAAGDAAIDA AKDAAMDAAODAAADgACDgAEDgAGDgAIDgAKDgAMDgAODgAAAAQCAAQEAAQGAAQIAAQKAAQMAAQOAA QAAgQCAgQEAgQGAgQIAgQKAgQMAgQOAgQABAQCBAQEBAQGBAQIBAQKBAQMBAQOBAQABgQCBgQEBg QGBgQIBgBKBgQMBgQOBgQACAQCCAQECAQGCAQICAQKCAQMCAQOCAQACgQCCgQECgQGCgQICgQKCg QMCgQOCgQADAQCDAQEDAQGDAQIDAQKDAQMDAQODAQADgQCDgQEDgQGDgQIDgQKDgQMDgQODgQAAA gCAAgEAAgGAAgIAAgKAAgMAAgOAAgAAggCAggEAggGAggIAggKAggMAggOAggABAgCBAgEBAgGBA gIBAgKBAgMBAgOBAgABggCBggEBggGBggIBggKBggMBggOBggACAgCCAgECAgGCAgICAgKCAgMCA gOCAgACggCCggECggGCggICggKCggMCggOCggADAgCDAgEDAgGDAgIDAgKDAgMDAgODAgADggCDg gEDggGDggIDggKDggMDggODggAAAwCAAwEAAwGAAwIAAwKAAwMAAwOAAwAAgwCAgwEAgwGAgwIAg wKAgwMAgwOAgwABAwCBAwEBAwGBAwIBAwKBAwMBAwOBAwABgwCBgwEBgwGBgwIBgwKBgwMBgwOBg wACAwCCAwECAwGCAwICAwKCAwMCAwOCAwACgwCCgwECgwGCgwICgwKCgwMCgwOCgwADAwCDAwEDA wGDAwIDAwKDAwP/78KCgpICAgP8AAAD/AP//AAAA//8A/wD//////ywAAAAATALgAQAI/wD/CRxI sKDBgwgTKlzIsKHDhxAjSpxIsaLFixgzatzIsaPHjyBDihxJsqRJkQNOqlzJsqXLlzBjypxJs6bN mzhz6tzJs6fPn0CDCh1KtKjRo0iTKl3KtGlOe1CjSp1KtarVq1izat3KtavXr2DDih1LtqzZs2jT ql3LNmqqtnDjyp1Lt67du3jz6t3Lt6/fv4ADCx5MuLDhw4gTKw7stLHjx5AjSx65uLLly5gza97M ubPnz6BDix5Nuu7k06hTq17dtLTr17Bjy549F2I+1rhz697N2yLt38CDCx9OvLjx48iTo+0gvLfz 59CjS59Ovbr169iza9/OvXtD5eDDi/8fTz6q9/Po0z/Uo769+/fw1ZefT7++fdEZ7+vHG79/0f0A BijggHblR6BiH8Tm34JBqfXBgwnaA+GEFE5YFYRSPThVhFFVWGGGHEIVIoYdbmgiiCRK+OGHHWrY YooqUrihhxZGKCOKLMZ4oYtUhXhijDTe6OOBRGKlAXI8SqjkVUO26KSKP5aYoVVJLsmjiyMuKWKU Nl6445NZbpmVj2RqKWaPMz4JpYhDNqlkm1N6WeScr+XXpJtnohlngmHGKSWaYZZ5Jp9/FtqlnlFa 6SeehZr5JleC/hlpoyXCSamYDGba01luMtqpl4RSOumUWd45qJaWimlqolv2yWiejsL/yqSfpMp5 6aNcUknnruR1mmOssuLKYarBKtqqnMOi2qOFbMq4IqiL/gqrr6/2WSuixYZKq4fF8uotZhkNi6Gn ugIqJbHAKovriYcau22w6LbKbLeNVountZXaCm+9tMap6b+QwUmuvvmqim26ya67qLKrFsyqqQnT O+1Wn16qbb93zptnxQB3XBNaZQ5McLsKT6xvqJNqezG/DWO88a0ua1Uxvyb3e+q73+ZMmp2lYnWv uNOiOzObRBdt9NGG7rssmOzKzKqjQ68p9ZXxpmwzph5nDZODJHILc7MYk5lk1GNXWfOMKXL7M75v SgsjtWZbHDeMOGpo9YvMvqrz3nz3/+3334AHLvjghBdu+OGIk2dg4oxj1ZA4WkcOUeOUWyX55f9U rvnmnDuOUeeaYy75WQJMVbpUp0OVugCst956VK6rTlXqpr9uj+uso2767bnDjvvvve/ue+zDEz97 8LwL73vtqCOP/O28G6877MpzRXvx0f/efPW2yz499dCDLn74stO+OvngL0/99eirbn77vb/vfVXy z19++u7bb1Xw8V/v///5C+DzSgfA9X2PfVkh4Pbwh8DkTY9/p3uf/Bo4Psqd73wGrF779LdBBLIv ggy8Sv3gR74PcnB2wlMg/qB3Qf2BUIIozOD8KLg/9NGwgSr0nv/Sl0MMVrBzLbRfDv9DSL8YrvCI LHShCL9HQh/qjoYbTOIIk3g/D1LxfkYc4hW70sME1hCGMQxiCcPyiB/6TYxgZCIOgadBJCrQhDUk ogytyEYmZtCJ4VOhFrEoxgM2ESxdxAoOZxhFEGJxjGbknCHzyEPuxdGOq3sdHZ8XRSFKD5F09CIK MbhDKu7xii8sIiKRmL0sntCOjdwi+BbJykTyykBdNN8lp3jETj6xiIs8pQ1XiLsTfhKVoFQiITOp w0K6r3u6FCHxoDjIYlrxkEM8neimSRFo7lKYbjQiLztISFJeU4irDKNWOpnGbjLygbeE4yiT+Ug8 thGcudxlH81DzXo+JIDqIyEvy8n/QefBL5fulGMxb7lAKDrQgQXM5kHjx7wC2rKSS3zgCJupPggu MJ/hs2fH1PLQjtLPduqsXf+kt0NkqnGTu9Ne8Uw6PEg+lIH+3J5KsQnRR1pygDY9aPREuU1X0mlx PhWcRgEW1KIa9ahITapSl8rUpopvqFCNqlQN4tSqWvWqWM2qUVHzjKl69atgDatYx0rWsppVrFpN q1o3c9a2urU7a42rXBPz1rralTpzzate98rXvvr1r4ANrGAHi7i7GvawuyGsYhfL2MY69rGQjexV EEvZyp5GspjNrGY3y9nOevazoA1teIAqWvBYVjKlTa1qV8vawfHjtfywB2xjCxXa/8pWtq+VCmxr u9uozDa2vfWtbWcrXODqtri2FS5yk8tbqiTXuL5FLm6DO93h5ra60uXtcI/73Ooy1yrE7e5vpbvd 4nrXude9bXTHG932Tte92zUudFsrl/wwt7y0Le9x1Qve9j5Xv/jFL1bSW1vwfle8+71vfwvM4AM7 17/cBTBXFLzeByfYwgyeioDhi14IN5jD8r3taSNzFgdXuLsaznBVNqze/F74ti7+7otV7GH3wpi7 GE6xhym83wqfOMMyzrGK50vjG+fYxD4G8oNjrOMQM5nI9G1LRvKbW/HyGL4ExjKKXbzjAkOXui3u 8Yy1u1sEv5e4Yubye/lrYyN7+f/NRabugceL5jkvOM4pRjGbPwzlJ4c5xCO+jpnfrOc275m/RK7z i63L5vvKecVgHrSbJ51mPCMZzphOb5B1XOkrY7rSnP60frG8Zz+b2h6Bfgxa4ttlPIdayWFOMotj 3egeX7rQiVZykCXcZAyredKjHnCooVxqVxcZ0UM29JZBTOmsECLKaDFQeIMbXwKXGcywBjZ2tVtr MoP60LhOsJyvPW5NV7nc1v3vdfW8afRWOcLULrONqW1gdRc62dy29Y9jm2rHQPvfAA+4wAcOOAAA gOAID5zBEw6afjv84T5huMQnTvGKWzxnZbx4VyDO8aQYvOMgD/lLPk5WjTt24Wb/FLnKi0Lyr5o8 sgcf38pnTvOa2/zmOM+5znfO854T5eVAF5DPh67zoBv96EhPutKXzvSm+5ToYgUG1Cnj9Kpb/epa JS1sEDIWrkd56hXButhlo/U6HaTrZ+dVBbSy9ti0HdVgn0haDI5ye9A9KnVfON1jDpW8S+XgfOe7 3f+O98Ab3u5750sFFv92xkfl7fZgfOMn//jJN/7xUnE85Ncuecx7vvOS5/ziKy96x0fe9J6HCurb DvmurL7zqkd95jW/eszLHvaXj7zA8yP4vuO974cPfOGH7/vB997vwCc+4gdvubSHheut173qp596 1lM+9p+nfvStb/vsd58quQ///1SiT/3ys778rk+99NEP/vF7P/fVl/7m4R73iJyl98z/PeCNn/+Y +9/3/8d/hBeABMh/+zcV+BcX2+d+89d9nCd/2heB5Hd+FJh566d7E+h9EGiBVQF/0zd6sHd6H8iB 8cd+Eeh+DkiC5oeBKLh0+Hd8BiiAzFeAMviCAFh8/7d/gHd3xVcX1veAFtiAI/iA5yd/o4d9HSiB FwiE2neE5ueERuiEsrd+rQeEl0eBVdiCHvh+IBiEWUiCotd+TGeDA4iDiJd3PHh4Pfh7yXeGNHiA iheEDKiCVtiER8iETMiBlDd/QriCI6iBYuiH33eFmheIgkh+6peHRKiCp3eHF//4iElHhjNohjCo f4S3hmsIhwKYg1SRgAqogUXoh0WoiBsYioCIh+j3hVQoilfRh+K3in1YgqkYiFf4fvH3hbFIXwaS eMAnfGV4iTfIhvknjDJYjMbHizHndc+XdiH4eiBYe3L4fSyYil1oe7dneiG4ih/4jLQHhY94e9pY iB3ojVWIjbPHjfBXen8oi2tXfy3xG8oIFvFYJIg4HG3njiwBj84nj/s4J/UIHG+Hj5MzdgSpF1kQ FwKZkIFWkIjTAIqlkBBZWQw5kRRZkRZ5kZgVkRq5kagBORz5kZ8zHwqAkSRZkibpOdTBC1wAkizJ FHsxj5YBk/zYkjT5kv0Ykzf/OZM0yZI2SVWaIZNfsZM1mXjCh4Zu+HfIRxVAqRheFzvGc0G5I5RF ZxY26H/Bx4a+6Im0YUuGFFAn2TgZUZU3qIOW+ItsuJR0dRAh9UbTI5U8yYM9SJY7iHIwWIloiRgI EUG5I0Gd5JY4txa+OIk1OIzGCBzlxJbe9JWFFZJxiZXBKJiQWXx3eRhch0YDlVF+aXP3B5f9h4BH WXiGR5fB4ZTdA5UGpZiomZpyVXZ0MZmG4ZpZkZmaqZq0yR+MiZA5SRyyKZWtmZvDsZtCiYxoGJpz WXdTAZuVUYlI2YsHB5w7WZSNiYlaSU8+CRrC6ZnF6Jw0CZ2dSZje2XvImRia/0iYnEid2nlz96d/ xhmASJmUtGGc5AmA8FmbmxOWaTiM7EmMzVed1il4leif9HeeHPmfwqic+hmeigGH3AmgAvqXVImd x0icbpifssGLZ4iDVjmd9Jk4rKkWCCqeaNegNVc5GrqhT3ebofGhuCmiOWeiLiplKNpwvqkXLNqS RAmfgVmcOtqdmXihzImf+1kQgLmcnfijNdqiD1qkBVqW+kmhAMqjPYoVeQAXRCmdFPqinROWVVGX mwihj0mMNAiMkRmgBDF33UmGgnekDloWnCmWByicdJmAeyeaM6h3c4qJdLGe85mhWBpXVxqDTuqZ kiiYAPqke4GjSqqffXpV4/9piW/qpWP6pDkKpN6Zp5QamHi6qIxjnxkqicS5o5haqMOpiRSqolZh och3dzyopkcBBFBVGqZ6FSU6Waw6ouRhDMYwF7Oqqbzaq776q8AarITFqZ3ImcsXncyphj4KmqBq oVARq6cKmgiYhslYqxzZpGBaqFs6rY4pnduqlDMKFs5qqJNordfqrd3KnV76hngqp5cIrYKaqJdK puaakMeqqpeYn54oqb2IlXa6nu8arl+BqO1phvVKc2phoJ0qpmKKjFDaqJVaF+4ZrxErrELFmMqp r4qKrF3amO56lgI7sMaorYN3sBFprJ9JqREbqjx6o3D5pPDangsbocRnshD/ORoxC6leYbMqZzi7 arFAG7Sc06H4EbJwwbMgJ7QMdwrGkbHqqapVmomoGprT+q9W+7NjIaHSmrJKCzi76LRfGp+VenxZ ia3yap5lmrX4KqvDiLTuWJhyia5Muq5mOKZjG7D8KbKYWqRp6rYQl540C6g/+pnzCaYYmpVW27BU SrVKirJd2zeciqhkKbZz27D3ybIfe5xGK6sG+p306rc+p6hxS7l1C6EkO6mZy3zwSqph63ug+3AJ +63957J6J7qGm6NQ+7IMixZw+rRz+bgXexGzsboh+rpDN7ybG61iYbz9BrzO+7zQG70TybzUW73W O1bSq6lMQQrXS73Zu6jd/xu+4ju+kfO95nu+Y0e+6vsT6Oui6/u+8Bu/8ju/9Fu/9nu/+Ju/+ru/ /Nu//tsg7RvAdxEHAlzABqxURHvA0RaRCpyaBqIKEKwKUBHBEBwVEmzB9hDBU6HBGczBVEHBFnzB E7zBFUzBHAzCGywVIpzBKtzCLozBLWzCMPzCLDzDNTzBJizCILzCN4zDEpzDPOzDK4zCJCzDPPzD HizENnzDKHzERbzDKZzDTzzFKuzBMlzDGokWQ9zDF6zDSzzCXPzBLlzBX+zENmzGYJzGP/zCQezE W9zDaRzGI9zGKUzDcAzHQXzGcZzHexzFM/zGZrzFaFzHcczCfKzGetzHd/98yJyVEXnsxopcx4xM x2tcyHhsx2JsyH38xovsxzD8yHO8yZlsyYNcyHwMyoScypAMxpTsyal8x5EcylfhxZ3cynV8pKiM wZX8xTU8yWK8y3RMw4zcy8Ssy65sx7tczJKszJqsyqNMyq/My8H8zKvMzLJszM8My3KMzVZBy7Yc w5mMyyGczIY8zWycxNDcxdCMzOjMyspMy7x8yYBcFeqszogszB8sxa98yuPcyfRcxUZsxb/syhoM xN0M0Dt8xeMMz9ysy038rAxsFtUcyqVsyZdM0P4cz7XMzQytzW5MxKDsxfA8yOac0RYtz9mcyNjc 0c3c0C190px8zf/MxAP/fcwn3VmObNOVHNPSHM3AbNLaDMtk3MEIXdGmLNTdrMNDTMSxfNT7fNDg HM1N/dMbHdUuzc9LTM6EbM9W7dJYXKNhPM/3vMxlPMZVnM0xnctj3dRsfNMz/cfOjMw+LdWKzNP4 bNUMPdJ6bNTbLNOjnNeJfMhHKsRILNAOfcRkzNQIfcaIzdOKndWQrdEdzNIevdVxvdilnMSTDNLt fNcNrdRD7cNPTM5YfdT6rNKKDdLhDNYNvKIi2tqu/b+yPdu0Xdu27RwZQFmwvdu8zVq3/dt3pQDA PdzEXdzG7XK9ndzKLVdvkBbH/dzQfdvLfZHRDdzTfd3Ynd3arTPx8QqS/7EF1R3e4p0U213e5n3e 6D0e413b6X11603b7R3fDHeQivnesy3f+J3f+r3f/B299v3fQwUFAH4e/V3gBn7gCL4WCSxzA+4e SNXgiZXgJmcgBVDhBWAPFn7hUKHhGI7hFS4VFh4VGX7hHO7hIb7hJZ7hJv7hKw7iJ37iK87hLN7h G27iNF7jKD7jN97hI37jMp7jJP65EI4aaFHiPo7jPw7iSD4VKV4VM27kUG4VP67hVO7kSX7lVy7l U87kIt7lUS7hpWHkOx7kTa7kNP7lOG7mVW7mXe7kXr7kXH7mY17jVS7mb87jVEHmcs7mYC4aVP7h Ta7jO27jQJ7mLQ7nhP+u4jnO5C/+5DC+5oIO6XhO6EtO4o+O5zLO4nbe5z1pEYGu5EHe5nc+6GXu 4oI+6W4u6npu6IWO6nvu4XOu6qEO6q5O50I+5Npx5Fl+5GrO6qVu6FG+6bE+6Wsu6sTe5mWe5MA+ 6JjO7ByO6+lR6Iqu6zo+5Sp+7dcO6o0e4tPe6tbO7bRO54DO5t0e6NOu7Ip+4dCOHg++7qrB6Yqh Dmrl7vYL7/Z+7/ie7/puGZZQn/T+7wAf8AI/8ARf8AZ/8Aif8Aq/8La67wPH8BAf8RI/8dbh8BYP HAdw8bdO8Qer8R7/8SAf8iKfpTE68iQPFCb/Q0IBFVJwFi0vFS/vFTH/z/J5MfOgYfOgg/NgIQU6 Pz49fxIubw8t3/Mwz/M6b/NEfxVIbxUxP/RGXxYzH/VCjxVS3xVJLxZHb/RXD/NUofVrQfQ8HxVh r/Rf4fVtMfQ0XxVmT/aAsfRpD/VNr/RPf/RvvxVav/VT3/VTgfeG8fRZcfVuL/N7z/Rin/eGHxZV X/eEX/hWzxZ0v/ODDxdg3/R8b/d28fI9H/ds/xc4j/Yuv/WBz/VYD/WRnxlon/RZj/ksP/dhP/ZC r/qeH/Wub/ief/hFv/quv/aHf/p+z/hp7/e6b/u5D/yY3/vBr/ixP/asL/q+7/TKb/zKP/WtP/un n/fRz/vDX/pFD/uv///8Vc/90z/7tL/6NO/83V/+55/93U/5xd/17c/1ql/+0y/2nf/70s/85P/6 5F/8/P/4uI/7ACHFnj2BBKUcNIjQ4ECGDR0+hBhR4kSKAwtOLHhQ4MWNBBl29BjS4kKPF0c+BMkR o0iQIhNqLPmxoUaYKlXKxNkyJUueKGmStIlzpsKgI4uWzHhyZkyTG5MWbYpSJtGpUkN2TKqU59Os Nrtq1ekyq8OWS5XuFEv2pFOfY42+hevybNW3R8tWxJtX716IUYNCXYuQo0KzSzPCjFiTbtqqN8Fu FSpWsdHJMbVG7nn1suHFYe1i/poQMmXCckf3NMlUdeaXFiuPDatZ9P/R1kPvzoXbtXTt25xd7/ys du7fzqb5HkeefHhjuk/jur2MtrDm4I9jWy8eOWrc025TO6at9vN47WadW0bfW251x66BymZcfm32 856n5zQOXrb0tOpz/69OKPLIU65AA/f6SbSrJtPtusFSYy06wXJCDLsE5UPswt8O45BD1DK8rymi qPqowp8SvBDEqUr77rfuXCQrQxJ52+2m8+Ir0cEZQ3sNxgp9tGrD/WC0sC0bqfIwQslgW3DC+Q6E Mkopp8wLwimtrLJALFeiEq8WuwTTyzDHJLNMM8/c8kw112QzyjQpejOx3drk60s6wYzzTj335LPK OfsENFBBByW0UEP/D0U0UUUXZbRRRx+FNFJJJzXwH0svxTRTTTHdDDk79crTzFALHZXNUo1bdFNV V2W1VVdfhTVWWWeltVZbb8W1ViixqkhD0I7b8sTkCPuTP96CrPNHUMP8TtnEeoUvxmZzhBBFZCnF NlttEfxTOIk+zbIvNwcTF8v27lu2UziZ9TbOUKHDr0QB2312W3vvJTRXS3n9ti8STxSM3NXA7ZBG v1Zj6i6oAobsMG8XxO3fEScmCSgZp3PYPcacC7jGiB+b10MnB/ZQX5NPRjlllVdmmWUp3XWRuP/6 u9G2505jzj6udDZvxSexo24++2YGbjGgD46X3/Z+DA1khOFjK2h8/6emGkqT07156AZZ6rYu+oS7 UWlpa2bywe1Iq08xAnceujwUR1ZNbKCFxNHa7exSsWW99+a7b7//1rTNAZsDMN5yXwQ5bMsI3jg7 eteLtm20ygrPxp6nRRK3J5GG3Lefr8OsatFHJ/TtBiePeV5qAxvZqbNZLzpEIFsTsfbatXNSxn9Z R82222d7XPGQDXP2SxWFzVFB0pdnvqGr7T21+dClbxNw66/HPnvtLaUeo6677xd88ccnv3zzz0c/ ffX3fH5999+H3/zt5+cU1Zf1/J5O/7g0Fdoxo+8SAJUjQDIR8FoDpBP9FMgvOTkrfObK38PWhTH7 1WZXFQzf9LwHt/8M9stdEXxYmnyFQAyGizsadGCn4LVBDmqpTmATU+hW+BAF0k959XohqmZooE+9 yYAe9JQLgQUtmJUQXTi8nxH9py4dqstKBDyXELH2M+/JcC81vNUF99eiJNXkQT3TmBdnljzlHYxp UuniiojlxcxVbHdIWSOLxGMiBokwRjAM44jKJUd68Spjb0uPtOjmNiH5CjZ6tFiTBlkYu82uSa77 4lZEZEGP6cY9XUwh+T4oRsRtxkREgxgj10MTBlIoagQKpFeoyEDJCTKVzLHfE232OE+aplo+e88r pTY8sJBSl0viJeECpLlTFgeVbftc5LgTu0DGD4mZaVp0uJa73Nj/SWG+6SE0X3RM3ZWxk+LZpgWv dcbfRRKMVrxZIQmHnuU4DWGgc9A0dwk6YmrzmOE8JyQZKbKsadCZ1gwmhhJXzT6GMELswecv7zak YcLyleBqXNLSeUtpilI/vKzZN83ouCGBUnFR1E9IjTnSE5ZNXMLsJxMd1b4l9jKNRPoQ6oylIkIW rzJl7BHtaKqgHsVGQ42EnSJt2U3VsRGmpDGSOl3auyjyVD7VbJ0ovenUl9oyoHScmE/jCB2tvi6N VRUIFrfnzHsZ0Fzm++EER5fWPolVe2TNVibhBELxsdVfdjWUXFfqVr721a9/BWxgBTtYwhbWsIdF bGIVu1jGNtax/4+FbGQlO1nKVraycMVsZjW72UJZ1rOfBW1oRTta0pbWtKdFbWpVu1rWtta1r4Vt bGU7W9rWVlYlGCxndbtb3vbWt78FbnCFCybbFte4x0VuYIeLL2ks17nPhW50wQcA6VbXutetGgC0 i13udte7jtIudb87XvKWd0/hNW961bveLm2Xvc5NbnzlO1/66u2998VvfvW7X/7213n1BXCABTzg TfnXwAfuLoEVvGAGn1YbDYZwhCU84fpRisIXxrBxEbxhDhcoHO9jqaQyPGISM5gfDDnxQE6cYhWj mB8sdnGKX/zih8x4xTNGcY5xjGN7lNjHP6Yvi4VsDxjLOMcOMf9yRGBM5CMnmckNOTGQpTxl2zJ5 xU8u8pOP3GQl1xjKVv7yl6k8ZjK3FsxXJrKN0bzlFquYxmHe8ZffzOYUl9nOdyZslK6M5iwv2c9e prOWzxxmQXfY0IfW056xDGc2t5nQjl5zkoeMaEpX+or6gnSg3bzkNN94zlDeMY+17GlH49nUp3ar pVW96vSFOFKohnWss8dqWtfa1rfGda7xJMEYDkt6eM1hEFvKrmnhKU/AjquolOjbEXYOQQ1U6zON iGw0qhRHVOLis6dtQmt7btlD5Labou3PYFt7h3tkEbn8qO0TIovaVLqaD3k97CPOu96COve1Cwju Y4f72a/D9hT/xc2/Xd+binPNj8DYye1+k5sh87tgW4LKyfcY65Gr8wpblJYkpM6ymxRD0inNNpSj ApWmKVEbVieZomatMWZ+sekyO1YXht2Qp8TKGR0XmUdEZq7nBnNjwSpmMczpHJyyXPfGhV7T4pkn q4AyGT+9Bkpc9sakKQ0lM43mNJkKraPw1JwkP/ZRjbbzbMzMtgrZWTYeWbWkVSfkQAGDFGlqrXBv Z83VF6qspMeNo6Rk5Wx8+Zl/DOGtB+Jc4HnUumK1s5lN02fnsulRr58u72FH6OIa9vfhnBFtB6en 2vLZu2jhrJNSX5LWcgq8ueuzcpjvfLo/KdG+p7NIFcX6uy+d/6twtn6etUzo3BceH6+us+vRXBrs bV+fzdseavnZ+sLB/rSrd5T4zo6n8LiuzM3pkmxbZ5LhtkjBoK3b+RvFvUJ7PNZxUezii49n8o70 dBDN/4auc+XxKL+fpzu95d7ho/eLqbQTqkEyqv4AjQk5ux0RmhqZEYxbndSREJ+SQN6xO0WyHP+r Nt5BI4/hDKVTPpqbk7vpP11zFN3rIBP8JymCOkyzNBR0JRWEK7NyCIiTwRvEQURxtRzkwVWzL8yC QRaklCC8EyJcKyEENx6aIiN0HztyuHOjqwOaq5sCFICzChESICY8KUWRNykUNsPRth9iq1GxOEPZ wUPBOS7Bwv/+6TZTaapz8hdJ0UISSsGAg8N0EcOIE5N82z2/ujmh66maq7j7EyfNo6qFGKGtcTmS yRgcYjmfiJi0icBK4kCsiDwwojif85Gle7lFZLmZk79IQjmJK0Si+yOO+SOg88SLkZdHLMSOEZhz MR1SNCSjq7hLJKM2UojAOrvTYyjKqKXke6dcksXu07w2sjd7UjtDjBqS2juxez5M9Dq6G75mqiey a7evUCXus8bf00au8r67kz7YE0bfAyhh7EbhG5inIp75+EElDCbIY6ibIsAFRBxZ1D84Qiabkyp9 zD8BlD81ssfgwMc3cj3wi6rRQ57HwyPJ8bx07CmlkqcLPEj/vLO/chRIvEtHzvs81gvBCmy20rGo ePzFX+HI3PvIrruqg1PGKxwjpoo+BJwodlRJx/s9cFomx1ko9QuS6TM7qeIY47s+40GpgXq7c3wq n6ScqUPHm2wUoso4pVJEMjo/DZTJuvm6hITKnjSlGLydciKqxHlAn2RGkNxEeILFgJw4PtoaYPK4 BKRA4OlKijRLyLnIX7E/FQrLXEzKs3RKv/ydHuTC7plD7ypMwWzCKISeXDtMqjlDxITMVzO1yKRM bGkwNtzCzNw38GlMfLuSzkyicRMch4uux/RC6HM2OyRNgZNCuyLKAFLDMGTNZGzD2vy209RDgvMf 16xGGppM/3+bHj4cuIKrwyvBI9U8qVKhti7stTKBwYYDTinKk8vclaWrRZRzGLtRubsKuu77xGID pEH8uVlcRUS6JFt8uVwUxDxCxFASvMfjou2MSgXMO1BcSmsJjPQ8RL6zTv6EwPxMGDgKIwEluXXU GARrpbgzxGFsKuRTP4w0R3CkS2wUP+6j0LOyJG/TxlUKvg8Bv87DSakRnm0Mlm/6mm+cRurYodor vf2KSHe6QAYNzs0BRZ6USOzUEcVrwKh6TX+kPYkSJOSDmw0Vp1bKQO+QvOijQEBMJit80VFa0hul 0SGVOEscOemKOpRUUOnQUQ4V0ZLcSIwCyqkry17sUatL0f/XK8sULUmkI6nR4Jwm3cAvxUk1TdPL Y0gklVOTrDzrG4lTk8uLsxmO45mgiijUC7xX1MoKxEA4tUAwhM+dxCSu2h2w1D5CnL+CqT9eE8U5 XRr7dCT+7KqWM8BB/UCQo8rU6ao//U2RJELQXC9Y5S3qLCvFHBZbtTVZrcxAkbVe9dUL29VgFVbl +NViNVYFG9ZkVdaKONZmdVb5WtZoldZppdZqtVZsoYZr1VbuYgC86INtBddwFVfoetZyNVfaGtd0 1bVzZdd2XS11hVdbc1dYW4d5Rdd4xdd81dd95Sx79dd/vSx+FdiBJdiClR6ARdiEZSyDZdiGddiH hdiIldj/iaVY9THNio1XaMVYQMmHjbWX58mHkO1YkQ1ZeyDZjnUIkWUIlB0IljVZkjXZhhhZmF1Z li1Zlx1ZmYVZlaVZnpVZnbXZkm3Zn61ZoS3alSVanT3alL3Zn6XZmEXal73ZnTVam6WIp23ZqnVa qTVaqM1ansXak/XamFVZrn2IsjXbtP3apeXanEVanJXatvVanEXblwValA3bqI3bodXbtLXajtXY A3HZse1bvcVbq03ZvnXbsw3asV1cxeVbqMXbpI1cxNVaw8Vcx2XcqB1cyf1bzt3aswXdoe1c0a1c zv3cyIVc02VduJVcibDctx3d19Vc1Z3Z2dXcwUVcu1Vd/8IN3bm13aSd3Mklr84tXeNNXLdF3uAt XbJ1XrhdXr6N3drF3ecNXtn9XcIlXuIlWuXN3ezN3NSdCOhNXtotXOqlXOHt3t4t3MV1X+01X+CV 3e2l3MeVX/pN39DVXfSNXe79rsOd2a6NXtIl4MT9WrDtWut9XPut3af13/2F3+Gt3whO3+1NYOkl YPJFXdfd2/OtWw3GXvsd4LyFiKDtWbbt3fcVX9JN4N113hfmYPadXhNG4czFXtv94PPlLhDO3/1t XAP+3hLGYB6+3hmu4BSe2xgWYfT1W98136a9Yfg9XQi+WvB1XypeXSAGYtcd4eQt2xPeWioGYaGN Yd914P+6ReItLt8s3t3mxa4V1uHplWHIbV76JeIGHt0ybuPrPd0+VmL9Nd0x5uM+jl83Vl8/PmIt Pt6IcGH/TeP4NeM8PuQCxuD2Zd1BluIJrmQ+duH0olq0rePLnWPmJeENBuA2nloyTuUADmC2VWI0 BmUEXmD5XVvo/eAvzmFCNuSi1V1RzmRellv2JWSyXeUS9mUnBmUbbuK3PeYBzl1cvmDtFWBYzmUn hquL9dhx/bFsFtjA5eZv3i2FFedxJudyNudzRud0Vud1Zud2dud3xiIAaFZwHlb3oud7zizxwud9 diZ79i94Bmi+0q6AJuiCXhV5NuiETuiBBlR+jlZ9xi85hZbo7WFoO3Poi8bojF7WieZod/2GLNLo kB6fjibpkjZpVxGEk1bplWZpABPpl4bpmL61lqZpew0IADs= ------=_NextPart_000_000E_01C6F464.818398F0-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Fri Oct 20 14:49:46 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GazRC-00062L-IP for capwap-archive@lists.ietf.org; Fri, 20 Oct 2006 14:49:46 -0400 Received: from mx2.tigertech.net ([64.62.209.32]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GazRA-00072V-Jt for capwap-archive@lists.ietf.org; Fri, 20 Oct 2006 14:49:46 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by hermes.tigertech.net (Postfix) with ESMTP id 6C5B9144805F for ; Fri, 20 Oct 2006 11:49:24 -0700 (PDT) Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32]) by fry.tigertech.net (Postfix) with ESMTP id D4C6E4A43C6 for ; Fri, 20 Oct 2006 11:48:43 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id B4A461448013 for ; Fri, 20 Oct 2006 11:48:43 -0700 (PDT) Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by hermes.tigertech.net (Postfix) with ESMTP id 231871448032 for ; Fri, 20 Oct 2006 11:48:40 -0700 (PDT) Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-6.cisco.com with ESMTP; 20 Oct 2006 11:48:40 -0700 Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-2.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k9KImeRJ021082; Fri, 20 Oct 2006 11:48:40 -0700 Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id k9KImdW6009976; Fri, 20 Oct 2006 11:48:40 -0700 (PDT) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Fri, 20 Oct 2006 11:48:39 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Fri, 20 Oct 2006 11:48:39 -0700 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A202B18228@xmb-sjc-235.amer.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] need clarification on UDP ports Thread-Index: Acbzx6gzRnIyqDJeSh2XVUA2VdetaQAIMftAACPwM2A= From: "Pat Calhoun (pacalhou)" To: "Puneet Agarwal" , "Scott G. Kelly" , "Abhijit Choudhury" , "Dorothy Stanley" , "Michael Montemurro" X-OriginalArrivalTime: 20 Oct 2006 18:48:39.0785 (UTC) FILETIME=[5BAB6590:01C6F478] Authentication-Results: sj-dkim-2.cisco.com; header.From=pcalhoun@cisco.com; dkim=pass ( sig from cisco.com verified; ); X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes X-Spam-Status: No, hits=0.4 tagged_above=-999.0 required=7.0 tests=DNS_FROM_RFC_ABUSE, SPF_HELO_PASS, SPF_PASS X-Spam-Level: Cc: capwap@frascone.com Subject: Re: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 4d9ae72af46718088458d214998cc683 I will need time to catch up to this thread, but want to quickly note that I am not against using a separate port. The e-mail I sent out, which I have yet to completely digest Scott's comments, was intended to provide an approach where only two ports are used. If we wish to use three, then that's ok with me too - as long as we can get them allocated. Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems > -----Original Message----- > From: Puneet Agarwal [mailto:pagarwal@broadcom.com] > Sent: Thursday, October 19, 2006 7:24 PM > To: Scott G. Kelly; Pat Calhoun (pacalhou); Abhijit > Choudhury; Dorothy Stanley; Michael Montemurro > Cc: capwap@frascone.com > Subject: RE: [Capwap] need clarification on UDP ports > > I agree with Scott - it is important that we come up with a > solution that is unambiguous and works even if packet formats > for dtls change. > > It seems that we (capwap) are one of the first folks trying > to use DTLS. > It would be good to know how other folks (if any) have used > DTLS for their applications. If someone has already solved > the "discovery to dtls-secure" like problem before, then it > would be good to understand how they did it and maybe use a > similar approach (rather than re-invent the wheel). In that > regard, does anyone know of other groups using dtls to secure > their protocol? > > Would having 3 UDP ports solve the problem: > (a) capwap-open control port : All unencrypted capwap control > packets go on this channel > (b) capwap-open data port : All unencrypted capwap data > packets go on this channel > (b) capwap-secure port: All dtls encrypted capwap > data/control packets go on this channel. Demux for data vs > control happens after decryption. > > We may need more ports if we need to support different QoS > levels (as pointed by Scott)- that to me is a bigger problem. > Wondering what the group thinks.... > > Thanks. > > -Puneet > > -----Original Message----- > From: Scott G. Kelly [mailto:s.kelly@ix.netcom.com] > Sent: Thursday, October 19, 2006 2:42 PM > To: Pat Calhoun (pacalhou); Abhijit Choudhury; Dorothy > Stanley; Michael Montemurro > Cc: capwap@frascone.com > Subject: Re: [Capwap] need clarification on UDP ports > > You know, after seeing my post on this topic yesterday, I > thought maybe my sarcasm was a bit overdone, and I actually > regretted that post. But now, after seeing what sort of hoops > you're willing to jump through to avoid that much simpler > approach at apparently any cost... well, now I'm not so sure. > > Sigh. Comments inline... > > > >The AC maintains a DTLS SA table which consists of the WTP's > IP address > > >and UDP port numbers. When the AC receives a Discovery > Request on the > >CAPWAP control port, it performs a lookup to determine whether the > >IP/Port information matches the DTLS SA table. If the > IP/Port does not > >match an entry in the DTLS SA table, the AC responds with a > Discovery > >response and waits for a successful DTLS setup, which would create a > >new DTLS SA. If there is a match, then the packet is a DTLS > encrypted > >payload, which is sent to the DTLS stack. The following is > an example > >of the packet exchange (note the ports used here are for > illustration > >purposes only): > > > >WTP AC > >(WTP Picks a pseudo-random source port) > >----- CAPWAP Control/Discovery Request (662, 1233) ------> > ><---- CAPWAP Control/Discovery Response (1233, 662) ------ > > > >Using Scott's recommendation to look at the WBID, which when > set to any > > >value other than 23 (which we will need to reserve), then we > know this > >packet is a discovery request, and process it accordingly. One > >alternative to reserving a WBID would be to require that the > Reserved > >field in the CAPWAP header be set to '111', which would > provide another > > >way to differentiate the packets. > > Let's stop here, because this is where it starts getting > twisted. I didn't recommend this sort of hack. There are two > major flaws to this approach. The first is that you assume > that the DTLS header format will not change. That's probably > unwise, given that it is a new protocol. > This early in the game, anything after the version field is > fair game, and hacking based on assumptions of immutability > is (in my opinion, at > least) A Bad Thing (tm). > > The second issue here is that you're not looking carefully at > the DTLS header alignment as it currently exists. Each > version change results in the first version byte being > decremented. It is currently FE, and the next will be FD, > then FC, and so on. Look at what this means for the WBID > field (which, by the way, could *also* be changed before > we've finished with capwap): > > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > |0 0 0 1|0 1 1 0 1|1 1 1 1 1|1 0 1 1 1|1 1 1 1 1 0 0 0 0 0 0 0 0| > |VERSION| RID | HLEN | WBID |T|F|L|W|M| FLAGS | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-/ > | type | protocol version | epoch > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-/ > FEFF |1 1 1 1 1 1 1 0|1 1 1 1 1 1 1 1| > +---------------+---------------+ > FDFF |1 1 1 1 1 1 0 1|1 1 1 1 1 1 1 1| > +---------------+---------------+ > FCFF |1 1 1 1 1 1 0 0|1 1 1 1 1 1 1 1| > +---------------+---------------+ > FBFF |1 1 1 1 1 0 1 1|1 1 1 1 1 1 1 1| > +---------------+---------------+ > FAFF |1 1 1 1 1 0 1 0|1 1 1 1 1 1 1 1| > +---------------+---------------+ > > Since there are two WBID bits affected, your scheme requires > that there be at least 4 untouchable WBID values (assuming we > don't change the capwap header): 7, 15, 23, and 31. This is > starting to sound more than a little bit hacky, and certainly > not something you want to implement in hardware. > > I won't go line by line on the stuff below, as this is more > than I can ask people to bear. I have only two points to make here: > > 1) regarding the comment below where you say "Furthermore, I > trust an authenticated payload much more than a bit 'in the > clear'", I'm > wondering: why are unauthenticated values in the UDP and IP > headers more trustworthy than values following them? Think about it. > > 2) look at the signalling complexity you are adding! And all > this to avoid ...what, exactly? > > > Scott > > > > > > > > >--------- DTLS Session Setup/Control (662, 1233) --------> > ><-------- DTLS Session Setup/Control (1233, 662) --------- > > > >The WBID value of 23 will be an indication that the DTLS session is > >being established (or the alternative proposed above)... at > this point > >all packets are from now on fed into the DTLS engine. Once the DTLS > >session is established, all CAPWAP packets will be marked > internally as > > >'Application Data', and once decrypted will be sent back into the > >CAPWAP module for processing... > > > >-------- CAPWAP Control/Join Request (662, 1233) ---------> > (includes > >support for DTLS/Data) > ><------- CAPWAP Control/Join Response (1233, 662) --------- > (Dictates > >whether DTLS is to be used on data plane, and a random cookie) > > > >When inactivity occurs over the control plane, the keepalive > is sent to > > >keep the session alive (also useful for NAT traversal): > > > >------- CAPWAP Control/Keepalive Request (662, 1233) -----> > ><------ CAPWAP Control/Keepalive Response (1233, 662) ----- > > > >The following is optional, and occurs if DTLS needs to be > used on the > >data plane UDP port: > > > >----------- DTLS Session Setup/Data (685, 1234) ----------> > ><---------- DTLS Session Setup/Data (1234, 685) ----------- > > > >Again, the WBID of 23 is used to identify the DTLS packet. When used > >and established, all CAPWAP data packets will be marked as > 'Application > > >Data' within DTLS. So these packets would pop back out of the DTLS > >stack for CAPWAP processing. Yes, this requires that the data plane > >remember the configuration enforced by the AC, and therefore it does > >not mark each packet as "with DTLS" or "without DTLS". We > can do this, > >but frankly it provides little value because ultimately, if DTLS was > >required and a packet is sent in the clear, it will be > dropped anyhow. > >Furthermore, I trust an authenticated payload much more than > a bit "in > >the clear". > > > >A specialized packet is then sent on the data plane to create the > >correlation between the control and data plane sessions. A > new bit in > >the CAPWAP header, which I will call 'D' (for Data > Management) is set > >so this gets treated as a specialized packet on the data plane UDP > port: > > > >---------- CAPWAP Data/Announce Req (685, 1234) ----------> > (Including > >the cookie to bind to control channel) > ><--------- CAPWAP Data/Announce resp (1234, 685) ---------- > > > >NOTE: Another alternative to this scheme is to include a session > >identifier in the header, which provides the correlation between the > >control and data channel. This would be much simpler to > implement, and > >not require special processing of the data plane. However, if folks > >believe that keeping the NAT session fresh, then we need > some mechanism > > >to keep the channel alive. If this is found to be > desirable/required, > >then a periodic exchange needs to occur to keep the NAT table entry > >fresh (again, with the 'D' bit set): > > > >------- CAPWAP Data/Keepalive Request (685, 1234) --------> > ><------ CAPWAP Data/Keepalive Response (1234, 685) -------- > > > >Should the WTP fail, it would pick a new source UDP port for > both the > >control and data plane, and send a Discovery Request using > the control > >UDP port. It is important to note that the longevity of the > uniqueness > >characteristics of the UDP port is not very long (e.g., one > day after > >reboot). This is a new requirement on the WTP, but not unrealistic > >since > >802.11 APs have to do this for the RADIUS protocol today (to > maintain > >unique session identifiers). The AC does not flush its > current DTLS SA > >until the DTLS exchange is complete (and successful). > > > >WTP AC > >(WTP picks a new pseudo-random source port) > >----- CAPWAP Control/Discovery Request (772, 1233) ------> > ><---- CAPWAP Control/Discovery Response (1233, 772) ------ > > > >Using Scott's recommendation to look at the WBID, which when > set to any > > >value other than 23 (which we will need to reserve), then we > know this > >packet is a discovery request, and process it accordingly. > > > >--------- DTLS Session Setup/Control (772, 1233) --------> > ><-------- DTLS Session Setup/Control (1233, 772) --------- > > > >The WBID value of 23 will be an indication that the DTLS session is > >being established... at this point all packets are from now > on fed into > > >the DTLS engine. > > > >If NAT is used, it is possible that the WTP's source IP > address is used > > >for multiple WTPs. In this case, the AC can identify each > WTP using the > > >DTLS credentials. The AC can then delete the old DTLS SAs > (control and > >optionally data), that are associated with the WTP's credentials. > >Alternatively, the AC could simply wait for the sessions to expire. > > > > > >Pat Calhoun > >CTO, Wireless Networking Business Unit > >Cisco Systems > > > > > > > > > >________________________________ > > > > From: Abhijit Choudhury [mailto:Abhijit@sinett.com] > > Sent: Tuesday, October 17, 2006 10:08 AM > > To: Dorothy Stanley; Pat Calhoun (pacalhou); Michael Montemurro > > Cc: capwap@frascone.com > > Subject: need clarification on UDP ports > > > > > > Pat, Mike, Dorothy: > > > > I have a question based on v03 of the capwap spec. > > In section 3.1, the spec mentions well-known UDP > > ports for the CAPWAP control and data packets. > > > > There are four kinds of CAPWAP packets: > > 1. DTLS protected control packets > > 2. Unprotected control packets > > 3. Unprotected data packets > > 4. (Optional) DTLS protected data packets > > > > Will there be 4 well-known UDP port numbers ? > > > > 1, 2 and 3 will be present simultaneously in any > > deployment. 3 and 4 may co-exist in a deployment > > if some data channels are encrypted and some not. > > There has to be a way to distinguish these four > > kinds of packets. The draft is not clear about how > > this is done. > > > > Thanks, > > Abhijit > > > > > >_________________________________________________________________ > >To unsubscribe or modify your subscription options, please visit: > >http://lists.frascone.com/mailman/listinfo/capwap > > > >Archives: http://lists.frascone.com/pipermail/capwap > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap > > Archives: http://lists.frascone.com/pipermail/capwap > _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Fri Oct 20 15:05:14 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GazgA-0007ev-4t for capwap-archive@lists.ietf.org; Fri, 20 Oct 2006 15:05:14 -0400 Received: from mx2.tigertech.net ([64.62.209.32]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gazg7-0001BC-GK for capwap-archive@lists.ietf.org; Fri, 20 Oct 2006 15:05:14 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by hermes.tigertech.net (Postfix) with ESMTP id F1FCA1448036 for ; Fri, 20 Oct 2006 12:05:07 -0700 (PDT) Received: from mx1.tigertech.net (mx1.tigertech.net [64.62.209.31]) by fry.tigertech.net (Postfix) with ESMTP id 26D6B4A43C6 for ; Fri, 20 Oct 2006 12:04:46 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id C8E77398040 for ; Fri, 20 Oct 2006 12:04:45 -0700 (PDT) Received: from elasmtp-mealy.atl.sa.earthlink.net (elasmtp-mealy.atl.sa.earthlink.net [209.86.89.69]) by zoidberg.tigertech.net (Postfix) with ESMTP id 571A2398008 for ; Fri, 20 Oct 2006 12:04:42 -0700 (PDT) Received: from [209.86.224.47] (helo=elwamui-rubis.atl.sa.earthlink.net) by elasmtp-mealy.atl.sa.earthlink.net with asmtp (Exim 4.34) id 1Gazfd-0004oN-Gy; Fri, 20 Oct 2006 15:04:41 -0400 Received: from 75.6.46.166 by webmail.pas.earthlink.net with HTTP; Fri, 20 Oct 2006 15:04:41 -0400 Message-ID: <27382538.1161371081529.JavaMail.root@elwamui-rubis.atl.sa.earthlink.net> Date: Fri, 20 Oct 2006 12:04:41 -0700 (GMT-07:00) From: "Scott G. Kelly" To: pagarwal@broadcom.com Mime-Version: 1.0 X-Mailer: EarthLink Zoo Mail 1.0 X-ELNK-Trace: 5b98cdd91c374dcd776432462e451d7bd15d05d9470ff710668630575d3ed05324cf65e06b1a8b4c350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 209.86.224.47 X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= X-Spam-Level: Cc: capwap Subject: Re: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list Reply-To: "Scott G. Kelly" List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 538aad3a3c4f01d8b6a6477ca4248793 > It seems that we (capwap) are one of the first folks trying > to use DTLS. > It would be good to know how other folks (if any) have used DTLS for > their applications. If someone has already solved the "discovery to > dtls-secure" like problem before, then it would be good to understand > how they did it and maybe use a similar approach (rather than > re-invent > the wheel). In that regard, does anyone know of other groups > using dtls > to secure their protocol? There are currently drafts active for using DTLS with syslog, SDP, and DCCP. Also, TLS has been used with many protocols, and we can certainly look there for inspiration. In general, there are two models. In the first, a given port is considered (D)TLS-only. In the other, the application somehow signals it's desire to convert the session to (D)TLS. For example, some applications support a "STARTTLS" directive, and for secure syslog a client might send the string "AUTH TLS CLIENT", to which the server will reply OK or ERROR. In general, once (D)TLS is on, no unprotected packets are allowed. > Would having 3 UDP ports solve the problem: > (a) capwap-open control port : All unencrypted capwap control > packets go > on this channel > (b) capwap-open data port : All unencrypted capwap data packets go on > this channel > (b) capwap-secure port: All dtls encrypted capwap data/control packets > go on this channel. Demux for data vs control happens after > decryption. > > We may need more ports if we need to support different QoS levels (as > pointed by Scott)- that to me is a bigger problem. Wondering what the > group thinks.... I've been re-thinking my position on this, given that the working group is committed to a multiport approach. Certainly there are multiple ways to solve this, and while I would prefer a solution that didn't involve adding yet more ports, we are where we are. That said, I think adding a 3rd port which is only used for discovery operations solves part of the problem. In that case, the control channel is always DTLS traffic, and we have an unambiguous solution which requires no protocol hacks. As for the data channel, it's a little more complex. If hardware vendors must know a priori whether data is protected or not, the only options are either two data ports or a type header, and given the dramatic allergic reactions we've seen to protocol layering beyond the udp header here, distinct ports seem to be the only option on the table. However, if hardware vendors support tuple-plumbing, we can do this with one data port. Tuple-plumbing solves the problem by letting the application tell the hardware when a session is protected or not, but you have to look at the source port too. This is part of the problem some of Pat's signalling is meant to solve. Once the AC knows what characteristics a given tuple should have, this can be plumbed into the hardare. This still leaves two problems: associating a NAT'd data channel with the appropriate control channel, and the QoS problem for the data channel. The channel association can be solved by using the session ID, as has been noted numerous times in past threads. One way this could be extended to encompass multiple data channels would be to extend the session ID field, and treat the high-order portion as the session id, and the low-order portion as the channel id (control channel has channel id 0, data channel with no QoS has channel id 1, and so on). Just a thought. Since there will be initial ambiguity when multiple WTPs are behind a NAT, there are two options: 1) don't worry about it; let the WTP establish a DTLS session without knowing which control channel it belongs to, and then get the session binding out of the first protected data packet (which may be an echo) to create the binding; if no packets come within some preset interval, tear down the DTLS session. 2) do some inline signalling, as Pat suggested. This could be via a capwap header with some special value, or it could be the text STARTDTLS along with the session/channel id - whatever. I think, based on the above, that a 3-port solution exists - but this depends on what is workable for the hardware vendors. Scott _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Fri Oct 20 16:10:16 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gb0h6-0003Qz-1b for capwap-archive@lists.ietf.org; Fri, 20 Oct 2006 16:10:16 -0400 Received: from mx1.tigertech.net ([64.62.209.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gb0gX-0004UR-Tx for capwap-archive@lists.ietf.org; Fri, 20 Oct 2006 16:10:16 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by zoidberg.tigertech.net (Postfix) with ESMTP id D54E53980A5 for ; Fri, 20 Oct 2006 13:01:12 -0700 (PDT) Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32]) by fry.tigertech.net (Postfix) with ESMTP id E6F724A43C6 for ; Fri, 20 Oct 2006 13:00:56 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id C0191144801C for ; Fri, 20 Oct 2006 13:00:56 -0700 (PDT) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.187]) by hermes.tigertech.net (Postfix) with ESMTP id 910531448010 for ; Fri, 20 Oct 2006 13:00:54 -0700 (PDT) Received: by nf-out-0910.google.com with SMTP id m18so1028577nfc for ; Fri, 20 Oct 2006 13:00:53 -0700 (PDT) Received: by 10.82.98.13 with SMTP id v13mr805920bub; Fri, 20 Oct 2006 13:00:52 -0700 (PDT) Received: by 10.82.118.16 with HTTP; Fri, 20 Oct 2006 13:00:52 -0700 (PDT) Message-ID: <369e612f0610201300l2531529di8451d90167b123e6@mail.gmail.com> Date: Sat, 21 Oct 2006 01:30:52 +0530 From: "Navin (NKA)" To: "Scott G. Kelly" In-Reply-To: <8965479.1161295883589.JavaMail.root@elwamui-mouette.atl.sa.earthlink.net> MIME-Version: 1.0 Content-Disposition: inline References: <8965479.1161295883589.JavaMail.root@elwamui-mouette.atl.sa.earthlink.net> X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes X-Spam-Status: No, hits=0.4 tagged_above=-999.0 required=7.0 tests=DNS_FROM_RFC_ABUSE, RCVD_BY_IP, SPF_HELO_PASS, SPF_PASS X-Spam-Level: Cc: capwap@frascone.com Subject: Re: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 82c9bddb247d9ba4471160a9a865a5f3 On 10/20/06, Scott G. Kelly wrote: > >[NKA] Scott, so you agree that the logic which I have explained for handling > >discovery/DTLS packets is correct, but you feel that it would result in slower > >synchronization between WTP and AC FSM? > > Actually, no, I don't agree. A discovery packet should be deterministically treated as a discovery packet - not sometimes erroneously treated as a dtls packet. I think introducing this ambiguity is unnecessary, to say the least. [NKA] Scott, now you are not agreeing to what you said in youre previous email. Look at the snippet of the same. ----------------------------------------------------------------------------------------------------------------- >[NKA] Even if a less-robust AC implementation ends up interpreting DTLS >message as a Discovery packet, do you think WTP (which unfortunately >has passed discovery state) will be able to carry on with its DTLS >session establishment and succeed ultimately? :-( I don't think so. (Imagine >this: WTP needs to successfully interpret Discovery response as HelloVerify >request, followed by which AC needs to interpret ClientHello (with cookie) as >Client Hello without Cookie, and so on). That's not the point, and this is minor compared to the real issue, which is below * * * In this case the WTP will often need to go through discovery again before reconnecting to the AC. If the AC erroneously feeds these packets to its DTLS implementation, they will be rejected, and the WTP will get no response. This means failure recovery will not occur until the AC times out its DTLS session, and since these timeouts are frequently set as high as 30 seconds in the field, and since the WTP may exhaust its discovery timers and go into sulking state due to AC unresponsiveness, this has the potential to signficantly (and unfortunately, completely avoidably) exacerbate the outage. ----------------------------------------------------------------------------------------------------------------- [NKA] My point is that seperate discovery packet processing via a special port is a bad idea. And it doesn't bring any additional value than what can be achieved without special port approach. Scott's additional reasoning that two port approach would open up scope for DOS atack. I totally disagree with the argument. I claim that the same risk exists even with 3-port approach also. > > I think Abhijit's point is correct: it should be very clear whether a packet is control, data, discovery, and protected vs unprotected. Either we can do that by using more ports, or we can find another way. But I don't think shoving a discovery packet into the dtls engine is "a good thing". > > Scott > > > > _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Fri Oct 20 16:39:18 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gb19C-0002oB-15 for capwap-archive@lists.ietf.org; Fri, 20 Oct 2006 16:39:18 -0400 Received: from mx1.tigertech.net ([64.62.209.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gb198-0003ee-FF for capwap-archive@lists.ietf.org; Fri, 20 Oct 2006 16:39:18 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by zoidberg.tigertech.net (Postfix) with ESMTP id C1A8F3980A3 for ; Fri, 20 Oct 2006 13:39:13 -0700 (PDT) Received: from mx1.tigertech.net (mx1.tigertech.net [64.62.209.31]) by fry.tigertech.net (Postfix) with ESMTP id 8AD654A45AC for ; Fri, 20 Oct 2006 13:39:00 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 62B34398070 for ; Fri, 20 Oct 2006 13:39:00 -0700 (PDT) Received: from sj-iport-2.cisco.com (sj-iport-2-in.cisco.com [171.71.176.71]) by zoidberg.tigertech.net (Postfix) with ESMTP id 6E42C398040 for ; Fri, 20 Oct 2006 13:38:57 -0700 (PDT) Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-2.cisco.com with ESMTP; 20 Oct 2006 13:38:58 -0700 Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-4.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k9KKcumF014130 for ; Fri, 20 Oct 2006 13:38:56 -0700 Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id k9KKcuip005486 for ; Fri, 20 Oct 2006 13:38:56 -0700 (PDT) Received: from xmb-sjc-237.amer.cisco.com ([128.107.191.123]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 20 Oct 2006 13:38:56 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Fri, 20 Oct 2006 13:38:55 -0700 Message-ID: <17B8C6DE4E228348B4939BDA6B05A9DC0232246F@xmb-sjc-237.amer.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: CAPWAP Timer element issue Thread-Index: Acb0h8LbID2mUdDPSw2/a22E0D8uaA== From: "Bob O'Hara (boohara)" To: X-OriginalArrivalTime: 20 Oct 2006 20:38:56.0585 (UTC) FILETIME=[C396F390:01C6F487] Authentication-Results: sj-dkim-4.cisco.com; header.From=boohara@cisco.com; dkim=pass ( sig from cisco.com verified; ); X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.372 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE, SPF_HELO_PASS, SPF_PASS X-Spam-Level: Subject: [Capwap] CAPWAP Timer element issue X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 7655788c23eb79e336f5f8ba8bce7906 In 4.4.12 of the -03 draft, the Discovery Timer and Echo Timer fields are defined. The value of the field determines the number of seconds between the two types of Request packets. What does a value of zero mean in this field? For the Echo Timer, I would propose that a value of zero be defined to mean that no Echo Request packets are sent. For the Discovery Timer, I would propose that a value of zero be reserved and, if received by a WTP, is interpreted to be the same as if the value of 1 was received. -Bob Bob O'Hara Cisco Systems - WNBU Phone: +1 408 853 5513 Mobile: +1 408 218 4025 _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Fri Oct 20 17:54:52 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gb2KK-0000s6-8r for capwap-archive@lists.ietf.org; Fri, 20 Oct 2006 17:54:52 -0400 Received: from mx1.tigertech.net ([64.62.209.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gb2KG-0008HN-Hn for capwap-archive@lists.ietf.org; Fri, 20 Oct 2006 17:54:52 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by zoidberg.tigertech.net (Postfix) with ESMTP id 9B5143980A5 for ; Fri, 20 Oct 2006 14:54:33 -0700 (PDT) Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32]) by fry.tigertech.net (Postfix) with ESMTP id 7B8874A45AC for ; Fri, 20 Oct 2006 14:54:21 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 2FC1B144801C for ; Fri, 20 Oct 2006 14:54:20 -0700 (PDT) Received: from elasmtp-dupuy.atl.sa.earthlink.net (elasmtp-dupuy.atl.sa.earthlink.net [209.86.89.62]) by hermes.tigertech.net (Postfix) with ESMTP id ABD741448014 for ; Fri, 20 Oct 2006 14:54:19 -0700 (PDT) Received: from [209.86.224.40] (helo=elwamui-milano.atl.sa.earthlink.net) by elasmtp-dupuy.atl.sa.earthlink.net with asmtp (Exim 4.34) id 1Gb2Jm-00029c-QO; Fri, 20 Oct 2006 17:54:18 -0400 Received: from 75.6.46.166 by webmail.pas.earthlink.net with HTTP; Fri, 20 Oct 2006 17:54:17 -0400 Message-ID: <389468.1161381258661.JavaMail.root@elwamui-milano.atl.sa.earthlink.net> Date: Fri, 20 Oct 2006 14:54:18 -0700 (GMT-07:00) From: "Scott G. Kelly" To: "Navin (NKA)" Mime-Version: 1.0 X-Mailer: EarthLink Zoo Mail 1.0 X-ELNK-Trace: 5b98cdd91c374dcd776432462e451d7bd15d05d9470ff71065512331407a6004389c573f2d1659e3350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 209.86.224.40 X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes X-Spam-Status: No, hits=0.0 tagged_above=-999.0 required=7.0 tests= X-Spam-Level: Cc: capwap@frascone.com Subject: Re: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list Reply-To: "Scott G. Kelly" List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: bdc523f9a54890b8a30dd6fd53d5d024 Hi Navin, -----Original Message----- >From: "Navin (NKA)" >Sent: Oct 20, 2006 1:00 PM >To: "Scott G. Kelly" >Cc: capwap@frascone.com >Subject: Re: [Capwap] need clarification on UDP ports > >On 10/20/06, Scott G. Kelly wrote: >> >[NKA] Scott, so you agree that the logic which I have explained for handling >> >discovery/DTLS packets is correct, but you feel that it would result in slower >> >synchronization between WTP and AC FSM? >> >> Actually, no, I don't agree. A discovery packet should be deterministically treated as a discovery packet - not sometimes erroneously treated as a dtls packet. I think introducing this ambiguity is unnecessary, to say the least. > >[NKA] Scott, now you are not agreeing to what you said in youre previous email. >Look at the snippet of the same. You know, even if I *had* changed my position -- that is allowed in the IETF. But in this case, I didn't. All along I've been disagreeing with the notion that ambiguity and non-deterministic handling of discovery messages is okay. I'm sorry if anything I've said was in any way confusing. >----------------------------------------------------------------------------------------------------------------- >>[NKA] Even if a less-robust AC implementation ends up interpreting DTLS >>message as a Discovery packet, do you think WTP (which unfortunately >>has passed discovery state) will be able to carry on with its DTLS >>session establishment and succeed ultimately? :-( I don't think so. (Imagine >>this: WTP needs to successfully interpret Discovery response as HelloVerify >>request, followed by which AC needs to interpret ClientHello (with cookie) as >>Client Hello without Cookie, and so on). > >That's not the point, and this is minor compared to the real issue, >which is below > * > * > * >In this case the WTP will often need to go through discovery again >before reconnecting to the AC. If the AC erroneously feeds these >packets to its DTLS implementation, they will be rejected, and the WTP >will get no response. This means failure recovery will not occur >until the AC times out its DTLS session, and since these timeouts are >frequently set as high as 30 seconds in the field, and since the WTP >may exhaust its discovery timers and go into sulking state due to AC >unresponsiveness, this has the potential to signficantly (and >unfortunately, completely avoidably) exacerbate the outage. >----------------------------------------------------------------------------------------------------------------- > >[NKA] My point is that seperate discovery packet processing via a special port >is a bad idea. And it doesn't bring any additional value than what can be >achieved without special port approach. Okay, so we know where you stand on this. >Scott's additional reasoning that two >port approach would open up scope for DOS atack. I totally disagree with >the argument. I claim that the same risk exists even with 3-port approach also. Sorry, don't agree with this. Here's what you suggested: >You may have a situation in which session information exists for a WTP at AC, >but WTP is sending non-DTLS packet. Even in such situation, AC can feed such >packets to DTLS module, which will ultimately reject the packet. AC can use >this kind of notification to tear down the existing session, which will bring AC's >state machine in sync with that of WTP. To paraphrase, if the AC receives a discovery packet that appears to be from a live WTP, the AC should tear down that WTP's session to sync with the WTP. To me (and maybe it's just me, because I'm so paranoid or something), that sounds an awful lot like an invitation to a DoS party. Go ahead and implement this, and I'll show you how it works :-) Now, as to whether that vulnerability also exists with 3 ports... well, I guess if you implement the way you described, then it does. But if it were my implementation, I wouldn't *ever* tear down a session based on the receipt of unauthenticated data. Scott _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Sat Oct 21 13:48:01 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GbKwz-00062M-Ro for capwap-archive@lists.ietf.org; Sat, 21 Oct 2006 13:48:01 -0400 Received: from mx2.tigertech.net ([64.62.209.32]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GbKwx-0007BU-CP for capwap-archive@lists.ietf.org; Sat, 21 Oct 2006 13:48:01 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by hermes.tigertech.net (Postfix) with ESMTP id D0B9A4310FB for ; Sat, 21 Oct 2006 10:47:40 -0700 (PDT) Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32]) by fry.tigertech.net (Postfix) with ESMTP id B6A9D4A45AB for ; Sat, 21 Oct 2006 10:47:01 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 8B4134310D3 for ; Sat, 21 Oct 2006 10:47:01 -0700 (PDT) X-Greylist-Status: Sender first seen 00:12:04 ago Received: from mx01.sinett.com (63-197-255-158.ded.pacbell.net [63.197.255.158]) by hermes.tigertech.net (Postfix) with ESMTP id 0D0834310E1 for ; Sat, 21 Oct 2006 10:46:58 -0700 (PDT) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Sat, 21 Oct 2006 10:34:53 -0700 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] need clarification on UDP ports Thread-Index: Acb0klY4e+7UPnhTRf2FfrW+5OvmDgAo/i+s References: <389468.1161381258661.JavaMail.root@elwamui-milano.atl.sa.earthlink.net> From: "Hasan Raza" To: "Scott G. Kelly" , , X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes X-Spam-Status: No, hits=0.3 tagged_above=-999.0 required=7.0 tests=FORGED_RCVD_HELO, HTML_10_20, HTML_MESSAGE X-Spam-Level: Subject: Re: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============0086336429==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.3 (/) X-Scan-Signature: 4bbdb236f788407ff689fcae8109fe34 This is a multi-part message in MIME format. --===============0086336429== Content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C6F537.379FABFD" This is a multi-part message in MIME format. ------_=_NextPart_001_01C6F537.379FABFD Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi, I think we are a bit closer than where we were earlier in terms of = resolving this issue. I agree with the points which Scott has raised. And I feel that there = are few DoS issues which have not been addressed properly in the capwap draft. = May be resolving those issues first might give us a solution for the = DTLS/Discovery packet identification issue (#224). To start with, we have to answer few questions: 1. How capwap is protected against discovery packet attacks? Even if = there is a port-based or mux-based soltuion for reliably identifying discovery = and DTLS packets, an attacker can send a discovery packet to the AC, which = may result in the tear down of the WTP session. This is because discovery = packets are un-authenticated packets, and are sent in plain. AC needs to blindly believe on the discovery packets. 2. If an AC employs actions again discovery packet attacks by discarding discovery packets if WTP session did not timeout, then an attacker may prevent the WTP joining back to the AC after a WTP crash. Attacker can = detect a sudden absence of echo request messages from WTP, and start replaying = the WTP echo request messages which causes AC not to teardown the WTP = session. And thus genuine discovery packets might be discarded by AC. May be I am = wrong here if DTLS can detect duplicate packets and discard them = automatically. To resolve the above issues, we can impose following rules on AC. For issue (1) above: RULE 1: (a) AC discards all discovery packets if an active WTP session exists = for the WTP. (b) A discovery packet from WTP can be accepted by AC only when there = does not exist any active session for that WTP. Whereas, if a discovery = packet is received if an active WTP session exists at AC, then all such = discovery packets are discarded without change or update of any of the AC = states. To resolve the second issue (if at all it exists):=20 RULE 2: AC should discard all duplicate DTLS and CAPWAP packets without change = or update of any of its states. RULE (1) above will impose a constant delay in the WTP re-joining. = Suppose a WTP crashes and comes up before WTP session at AC may timeout, all its discovery packets will be discarded by the WTP. But since AC won't be receiving any valid/authenticated packet which could refresh the WTP = session, the WTP session would timeout after _fixed_ amount of time. This _fixed_ amount of time is unfortunately not fixed since it can be changed administratively, by say updating echo interval at WTP or by changing = response timeout values at AC. To make the WTP re-joining faster, WTP may save the DTLS cookie on a persistent storage and (after a restart) presents the cookie to the AC = to restore the DTLS connection, and thus avoiding the discovery phase. This concept is same as the one presented in "Idle to Join (aa)" transition, except that here presenting a valid cookie resets the state to join = state, discarding any previous WTP state/stats maintained at AC. I _think_ that the above proposals will avoid discovery packet DoS = attacks, and there is no need to use separate ports or extra mux header after udp header to differentiate among the discovery and DTLS packets. Thanks Hasan -----Original Message----- From: Scott G. Kelly [mailto:s.kelly@ix.netcom.com] Sent: Fri 10/20/2006 2:54 PM To: Navin (NKA) Cc: capwap@frascone.com Subject: Re: [Capwap] need clarification on UDP ports =20 Hi Navin, -----Original Message----- >From: "Navin (NKA)" >Sent: Oct 20, 2006 1:00 PM >To: "Scott G. Kelly" >Cc: capwap@frascone.com >Subject: Re: [Capwap] need clarification on UDP ports > >On 10/20/06, Scott G. Kelly wrote: >> >[NKA] Scott, so you agree that the logic which I have explained for = handling >> >discovery/DTLS packets is correct, but you feel that it would result = in slower >> >synchronization between WTP and AC FSM? >> >> Actually, no, I don't agree. A discovery packet should be = deterministically treated as a discovery packet - not sometimes = erroneously treated as a dtls packet. I think introducing this ambiguity = is unnecessary, to say the least. > >[NKA] Scott, now you are not agreeing to what you said in youre = previous email. >Look at the snippet of the same. You know, even if I *had* changed my position -- that is allowed in the = IETF. But in this case, I didn't. All along I've been disagreeing with = the notion that ambiguity and non-deterministic handling of discovery = messages is okay. I'm sorry if anything I've said was in any way = confusing. >------------------------------------------------------------------------= ----------------------------------------- >>[NKA] Even if a less-robust AC implementation ends up interpreting = DTLS >>message as a Discovery packet, do you think WTP (which unfortunately >>has passed discovery state) will be able to carry on with its DTLS >>session establishment and succeed ultimately? :-( I don't think so. = (Imagine >>this: WTP needs to successfully interpret Discovery response as = HelloVerify >>request, followed by which AC needs to interpret ClientHello (with = cookie) as >>Client Hello without Cookie, and so on). > >That's not the point, and this is minor compared to the real issue, >which is below > * > * > * >In this case the WTP will often need to go through discovery again >before reconnecting to the AC. If the AC erroneously feeds these >packets to its DTLS implementation, they will be rejected, and the WTP >will get no response. This means failure recovery will not occur >until the AC times out its DTLS session, and since these timeouts are >frequently set as high as 30 seconds in the field, and since the WTP >may exhaust its discovery timers and go into sulking state due to AC >unresponsiveness, this has the potential to signficantly (and >unfortunately, completely avoidably) exacerbate the outage. >------------------------------------------------------------------------= ----------------------------------------- > >[NKA] My point is that seperate discovery packet processing via a = special port >is a bad idea. And it doesn't bring any additional value than what can = be >achieved without special port approach.=20 Okay, so we know where you stand on this. >Scott's additional reasoning that two >port approach would open up scope for DOS atack. I totally disagree = with >the argument. I claim that the same risk exists even with 3-port = approach also. Sorry, don't agree with this. Here's what you suggested: >You may have a situation in which session information exists for a WTP = at AC, >but WTP is sending non-DTLS packet. Even in such situation, AC can feed = such >packets to DTLS module, which will ultimately reject the packet. AC can = use >this kind of notification to tear down the existing session, which will = bring AC's >state machine in sync with that of WTP. To paraphrase, if the AC receives a discovery packet that appears to be = from a live WTP, the AC should tear down that WTP's session to sync with = the WTP. To me (and maybe it's just me, because I'm so paranoid or something), = that sounds an awful lot like an invitation to a DoS party. Go ahead and = implement this, and I'll show you how it works :-) Now, as to whether that vulnerability also exists with 3 ports... well, = I guess if you implement the way you described, then it does. But if it = were my implementation, I wouldn't *ever* tear down a session based on = the receipt of unauthenticated data. Scott _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap ------_=_NextPart_001_01C6F537.379FABFD Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: [Capwap] need clarification on UDP ports

Hi,

I think we are a bit closer than where we were earlier in terms of = resolving
this issue.

I agree with the points which Scott has raised. And I feel that there = are few
DoS issues which have not been addressed properly in the capwap draft. = May be
resolving those issues first might give us a solution for the = DTLS/Discovery
packet identification issue (#224).

To start with, we have to answer few questions:
1. How capwap is protected against discovery packet attacks? Even if = there
is a port-based or mux-based soltuion for reliably identifying discovery = and
DTLS packets, an attacker can send a discovery packet to the AC, which = may
result in the tear down of the WTP session. This is because discovery = packets
are un-authenticated packets, and are sent in plain. AC needs to = blindly
believe on the discovery packets.

2. If an AC employs actions again discovery packet attacks by = discarding
discovery packets if WTP session did not timeout, then an attacker = may
prevent the WTP joining back to the AC after a WTP crash. Attacker can = detect
a sudden absence of echo request messages from WTP, and start replaying = the
WTP echo request messages which causes AC not to teardown the WTP = session.
And thus genuine discovery packets might be discarded by AC. May be I am = wrong
here if DTLS can detect duplicate packets and discard them = automatically.

To resolve the above issues, we can impose following rules on AC.

For issue (1) above:
RULE 1:
(a) AC discards all discovery packets if an active WTP session = exists for the
WTP.
(b) A discovery packet from WTP can be accepted by AC only when = there does
not exist any active session for that WTP. Whereas, if a = discovery packet is
received if an active WTP session exists at AC, then all such = discovery
packets are discarded without change or update of any of the AC = states.

To resolve the second issue (if at all it exists):
RULE 2:
AC should discard all duplicate DTLS and CAPWAP packets without = change or
update of any of its states.

RULE (1) above will impose a constant delay in the WTP re-joining. = Suppose a
WTP crashes and comes up before WTP session at AC may timeout, all = its
discovery packets will be discarded by the WTP. But since AC won't = be
receiving any valid/authenticated packet which could refresh the WTP = session,
the WTP session would timeout after _fixed_ amount of time. This = _fixed_
amount of time is unfortunately not fixed since it can be changed
administratively, by say updating echo interval at WTP or by changing = response
timeout values at AC.

To make the WTP re-joining faster, WTP may save the DTLS cookie on a
persistent storage and (after a restart) presents the cookie to the AC = to
restore the DTLS connection, and thus avoiding the discovery phase. = This
concept is same as the one presented in "Idle to Join (aa)" = transition,
except that here presenting a valid cookie resets the state to join = state,
discarding any previous WTP state/stats maintained at AC.

I _think_ that the above proposals will avoid discovery packet DoS = attacks,
and there is no need to use separate ports or extra mux header after = udp
header to differentiate among the discovery and DTLS packets.

Thanks
Hasan

-----Original Message-----
From: Scott G. Kelly [mailto:s.kelly@ix.netcom.com] Sent: Fri 10/20/2006 2:54 PM
To: Navin (NKA)
Cc: capwap@frascone.com
Subject: Re: [Capwap] need clarification on UDP ports

Hi Navin,

-----Original Message-----
>From: "Navin (NKA)" <nka.capwap@gmail.com>
>Sent: Oct 20, 2006 1:00 PM
>To: "Scott G. Kelly" <scott@hyperthought.com>
>Cc: capwap@frascone.com
>Subject: Re: [Capwap] need clarification on UDP ports
>
>On 10/20/06, Scott G. Kelly <s.kelly@ix.netcom.com> wrote:
>> >[NKA] Scott, so you agree that the logic which I have = explained for handling
>> >discovery/DTLS packets is correct, but you feel that it = would result in slower
>> >synchronization between WTP and AC FSM?
>>
>> Actually, no, I don't agree. A discovery packet should be = deterministically treated as a discovery packet - not sometimes = erroneously treated as a dtls packet. I think introducing this ambiguity = is unnecessary, to say the least.
>
>[NKA] Scott, now you are not agreeing to what you said in youre = previous email.
>Look at the snippet of the same.

You know, even if I *had* changed my position -- that is allowed in the = IETF. But in this case, I didn't. All along I've been disagreeing with = the notion that ambiguity and non-deterministic handling of discovery = messages is okay. I'm sorry if anything I've said was in any way = confusing.

>---------------------------------------------------------------------= --------------------------------------------
>>[NKA] Even if a less-robust AC implementation ends up = interpreting DTLS
>>message as a Discovery packet, do you think WTP (which = unfortunately
>>has passed discovery state) will be able to carry on with its = DTLS
>>session establishment and succeed ultimately? :-( I don't think = so. (Imagine
>>this: WTP needs to successfully interpret Discovery response as = HelloVerify
>>request, followed by which AC needs to interpret ClientHello = (with cookie) as
>>Client Hello without Cookie, and so on).
>
>That's not the point, and this is minor compared to the real = issue,
>which is below
>           &nb= sp;    *
>           &nb= sp;    *
>           &nb= sp;    *
>In this case the WTP will often need to go through discovery = again
>before reconnecting to the AC. If the AC erroneously feeds these
>packets to its DTLS implementation, they will be rejected, and the = WTP
>will get no response. This means failure recovery will not = occur
>until the AC times out its DTLS session, and since these timeouts = are
>frequently set as high as 30 seconds in the field, and since = the WTP
>may exhaust its discovery timers and go into sulking state due to = AC
>unresponsiveness, this has the potential to signficantly (and
>unfortunately, completely avoidably) exacerbate the outage.
>---------------------------------------------------------------------= --------------------------------------------
>
>[NKA] My point is that seperate discovery packet processing via a = special port
>is a bad idea. And it doesn't bring any additional value than what = can be
>achieved without special port approach.

Okay, so we know where you stand on this.

>Scott's additional reasoning that two
>port approach would open up scope for DOS atack. I totally disagree = with
>the argument. I claim that the same risk exists even with 3-port = approach also.

Sorry, don't agree with this. Here's what you suggested:

>You may have a situation in which session information exists for a = WTP at AC,
>but WTP is sending non-DTLS packet. Even in such situation, AC can = feed such
>packets to DTLS module, which will ultimately reject the packet. AC = can use
>this kind of notification to tear down the existing session, which = will bring AC's
>state machine in sync with that of WTP.

To paraphrase, if the AC receives a discovery packet that appears to be = from a live WTP, the AC should tear down that WTP's session to sync with = the WTP.

To me (and maybe it's just me, because I'm so paranoid or something), = that sounds an awful lot like an invitation to a DoS party. Go ahead and = implement this, and I'll show you how it works :-)

Now, as to whether that vulnerability also exists with 3 ports... well, = I guess if you implement the way you described, then it does. But if it = were my implementation, I wouldn't *ever* tear down a session based on = the receipt of unauthenticated data.

Scott

_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.f= rascone.com/mailman/listinfo/capwap

Archives: http://lists.frascone= .com/pipermail/capwap

------_=_NextPart_001_01C6F537.379FABFD-- --===============0086336429== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============0086336429==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Sat Oct 21 15:02:58 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GbM7W-0004Hk-R0 for capwap-archive@lists.ietf.org; Sat, 21 Oct 2006 15:02:58 -0400 Received: from mx2.tigertech.net ([64.62.209.32]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GbM7V-0001U8-0u for capwap-archive@lists.ietf.org; Sat, 21 Oct 2006 15:02:58 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by hermes.tigertech.net (Postfix) with ESMTP id 817FD431231 for ; Sat, 21 Oct 2006 12:02:52 -0700 (PDT) Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32]) by fry.tigertech.net (Postfix) with ESMTP id 3855C4A45AB for ; Sat, 21 Oct 2006 12:02:36 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 0DCC5431215 for ; Sat, 21 Oct 2006 12:02:36 -0700 (PDT) Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net [216.148.227.153]) by hermes.tigertech.net (Postfix) with ESMTP id 3B3FD431211 for ; Sat, 21 Oct 2006 12:02:32 -0700 (PDT) Received: from [192.168.128.4] (c-24-6-207-154.hsd1.ca.comcast.net[24.6.207.154]) by comcast.net (rwcrmhc13) with ESMTP id <20061021190231m1300m3e7ge>; Sat, 21 Oct 2006 19:02:32 +0000 Message-ID: <453A6EC7.9030208@hyperthought.com> Date: Sat, 21 Oct 2006 12:02:31 -0700 From: Scott G Kelly User-Agent: Thunderbird 1.5.0.7 (X11/20060909) MIME-Version: 1.0 To: Puneet Agarwal References: <8954613CA6BB3242A1531D916A527A41020A2F15@NT-SJCA-0751.brcm.ad.broadcom.com> In-Reply-To: <8954613CA6BB3242A1531D916A527A41020A2F15@NT-SJCA-0751.brcm.ad.broadcom.com> X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes X-Spam-Status: No, hits=0.0 tagged_above=-999.0 required=7.0 tests= X-Spam-Level: Cc: capwap@frascone.com, Abhijit Choudhury Subject: Re: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 52e1467c2184c31006318542db5614d5 Hi Puneet, I forgot to address one point below: Puneet Agarwal wrote: > I agree with Scott - it is important that we come up with a solution > that is unambiguous and works even if packet formats for dtls change. > > It seems that we (capwap) are one of the first folks trying to use DTLS. > It would be good to know how other folks (if any) have used DTLS for > their applications. If someone has already solved the "discovery to > dtls-secure" like problem before, then it would be good to understand > how they did it and maybe use a similar approach (rather than re-invent > the wheel). In that regard, does anyone know of other groups using dtls > to secure their protocol? > > Would having 3 UDP ports solve the problem: > (a) capwap-open control port : All unencrypted capwap control packets go > on this channel > (b) capwap-open data port : All unencrypted capwap data packets go on > this channel > (b) capwap-secure port: All dtls encrypted capwap data/control packets > go on this channel. Demux for data vs control happens after decryption. Combining secure data and control in one DTLS channel may potentially have problems when you have different QoS levels for control vs data. I think you could get away with it in some cases, but not in others. It's probably simplest to just disallow it. Scott _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Sat Oct 21 15:31:52 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GbMZU-0004Te-2a for capwap-archive@lists.ietf.org; Sat, 21 Oct 2006 15:31:52 -0400 Received: from mx1.tigertech.net ([64.62.209.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GbMSy-0004g7-FV for capwap-archive@lists.ietf.org; Sat, 21 Oct 2006 15:25:10 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by zoidberg.tigertech.net (Postfix) with ESMTP id BEA053980C2 for ; Sat, 21 Oct 2006 12:25:07 -0700 (PDT) Received: from mx1.tigertech.net (mx1.tigertech.net [64.62.209.31]) by fry.tigertech.net (Postfix) with ESMTP id 0E2F14A43C6 for ; Sat, 21 Oct 2006 12:24:57 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id EFBF4398064 for ; Sat, 21 Oct 2006 12:24:56 -0700 (PDT) Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.192.81]) by zoidberg.tigertech.net (Postfix) with ESMTP id 0442539802E for ; Sat, 21 Oct 2006 12:24:53 -0700 (PDT) Received: from [192.168.128.4] (c-24-6-207-154.hsd1.ca.comcast.net[24.6.207.154]) by comcast.net (rwcrmhc11) with ESMTP id <20061021192452m1100rroe3e>; Sat, 21 Oct 2006 19:24:53 +0000 Message-ID: <453A7404.3070104@hyperthought.com> Date: Sat, 21 Oct 2006 12:24:52 -0700 From: Scott G Kelly User-Agent: Thunderbird 1.5.0.7 (X11/20060909) MIME-Version: 1.0 To: Hasan Raza References: <389468.1161381258661.JavaMail.root@elwamui-milano.atl.sa.earthlink.net> In-Reply-To: X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= X-Spam-Level: Cc: capwap@frascone.com Subject: Re: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 37af5f8fbf6f013c5b771388e24b09e7 Hi Hasan, Hasan Raza wrote: > Hi, > > I think we are a bit closer than where we were earlier in terms of resolving > this issue. > > I agree with the points which Scott has raised. And I feel that there are few > DoS issues which have not been addressed properly in the capwap draft. May be > resolving those issues first might give us a solution for the DTLS/Discovery > packet identification issue (#224). > > To start with, we have to answer few questions: > 1. How capwap is protected against discovery packet attacks? Even if there > is a port-based or mux-based soltuion for reliably identifying discovery and > DTLS packets, an attacker can send a discovery packet to the AC, which may > result in the tear down of the WTP session. This is because discovery packets > are un-authenticated packets, and are sent in plain. AC needs to blindly > believe on the discovery packets. Actually, I don't think this is necessarily the case. Since discovery packets are unauthenticated, the AC should *never* act on them (other than to send a discovery response). The draft currently states that the AC should not maintain state when it receives a discovery request (for this very reason), but we should probably add text noting that it should not modify existing state, either. > 2. If an AC employs actions again discovery packet attacks by discarding > discovery packets if WTP session did not timeout, then an attacker may > prevent the WTP joining back to the AC after a WTP crash. Attacker can detect > a sudden absence of echo request messages from WTP, and start replaying the > WTP echo request messages which causes AC not to teardown the WTP session. > And thus genuine discovery packets might be discarded by AC. May be I am wrong > here if DTLS can detect duplicate packets and discard them automatically. Yes, DTLS provides antireplay detection. I inaccurately said in an earlier email that this is compulsory for DTLS - what I should have said is that it is compulsory for CAPWAP (it's optional in DTLS). > To resolve the above issues, we can impose following rules on AC. > > For issue (1) above: > RULE 1: > (a) AC discards all discovery packets if an active WTP session exists for the > WTP. > (b) A discovery packet from WTP can be accepted by AC only when there does > not exist any active session for that WTP. Whereas, if a discovery packet is > received if an active WTP session exists at AC, then all such discovery > packets are discarded without change or update of any of the AC states. I think it's okay for the AC to respond, but it should not tear down an existing association. It should only do this once the WTP re-joins (and re-authenticates in the process). I'll think about better language for the security considerations and the discovery processing. > To resolve the second issue (if at all it exists): > RULE 2: > AC should discard all duplicate DTLS and CAPWAP packets without change or > update of any of its states. Maybe we need better language on this as well. The AC should be keeping statistics relating to such events, at minimum. > RULE (1) above will impose a constant delay in the WTP re-joining. Suppose a > WTP crashes and comes up before WTP session at AC may timeout, all its > discovery packets will be discarded by the WTP. But since AC won't be > receiving any valid/authenticated packet which could refresh the WTP session, > the WTP session would timeout after _fixed_ amount of time. This _fixed_ > amount of time is unfortunately not fixed since it can be changed > administratively, by say updating echo interval at WTP or by changing response > timeout values at AC. As noted above, re-joining is independent of discovery operations - a WTP should be able to initiate a new DTLS handshake even though a session currently exists, but there are subtle nuances to this (need rate limiting, need to detect DoS attempts via many half-open sessions, etc). I will work on text for this. The only way an existing session should be torn down is via timeout, or via a yet-to-be-defined directive received through another authenticated channel with the same WTP. > To make the WTP re-joining faster, WTP may save the DTLS cookie on a > persistent storage and (after a restart) presents the cookie to the AC to > restore the DTLS connection, and thus avoiding the discovery phase. This > concept is same as the one presented in "Idle to Join (aa)" transition, > except that here presenting a valid cookie resets the state to join state, > discarding any previous WTP state/stats maintained at AC. I agree DTLS session resumption is something we should think about, but honestly, I haven't given it much thought yet. We need to think carefully about this, though. But here's an important point: discovery is optional - it is not required in order to initiate a dtls handshake. > I _think_ that the above proposals will avoid discovery packet DoS attacks, > and there is no need to use separate ports or extra mux header after udp > header to differentiate among the discovery and DTLS packets. Think this through again in light of my comments above. I still believe that erroneously pushing a discovery packet into the dtls engine (and re-testing all failed dtls packets to see if they are discovery) is bad form, a hack we don't need to allow, and a potential DoS avenue (if dtls is handled in hardware but discovery is handled by the control processor, then you can stuff the channel between the hw and cp with bogus packets, keeping both busy, and maybe causing real packets to be discarded in the process). There are at least two options on the table for avoiding it (a separate discovery port or a type value just after the UDP header). Scott _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Sat Oct 21 22:23:06 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GbSzS-00063I-Ik for capwap-archive@lists.ietf.org; Sat, 21 Oct 2006 22:23:06 -0400 Received: from mx1.tigertech.net ([64.62.209.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GbSzQ-00056A-EE for capwap-archive@lists.ietf.org; Sat, 21 Oct 2006 22:23:06 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by zoidberg.tigertech.net (Postfix) with ESMTP id 7D65F398076 for ; Sat, 21 Oct 2006 19:22:55 -0700 (PDT) Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32]) by fry.tigertech.net (Postfix) with ESMTP id 5C25E4A45D1 for ; Sat, 21 Oct 2006 19:22:40 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 332C4144801C for

CHOWCHILLA, California = (AP) -- Sara Jane Olson, the former Symbionese Liberation Army fugitive who= became a Minnesota housewife and is now serving prison time for trying to = bomb police cars in the 1970s, says she tries to hide her radical past from= her fe
NEW YORK (Reuters) -- Wall Street bonuses will rise 15 percent t= his year, with larger increases for investment bankers and equities traders= as merger activity surges and stocks rise, according to a study released M= onday.
BOSTON, Massachusetts (Reuters) -- The maker of the Segway scoote= r Monday unveiled the second generation of its self-balancing electric one-= person vehicle.

WASHINGTON (AP) -- The thw= arted terrorist airline plot in Britain is sparking a bitter new round of f= inger-pointing in Connecticut's bruising Senate race. ding women in corpora= te America. MIAMI, Florida (AP) -- Every hurricane season, clusters of show= ers and thunderstorms roll off the coast of Africa and head over the Atlant= ic toward America. Most of these 60 or so tropical waves never do any harm.= But about 10 eventually grow into tropica NEW YORK (Reuters) -- Warren Buf= fett's Berkshire Hathaway Inc. said Monday it has amassed a 1.97 million sh= are stake in Johnson & Johnson, and appears to have sold shares of clothing= retailer Gap Inc. More than 200 homes evacuated in Richmond, Virginia

NASHVILLE, Tennessee (Court = TV) -- The father of a Nashville attorney on trial for killing his wife cla= ims he reburied his murdered daughter-in-law and disposed of evidence relat= ing to her killing. ASIA More Asia News BANGKOK, THAILAND: Thai bombs leave= 2 dead, 28 hurt Atlantis' astronauts strapped into the space shuttle Thurs= day for a practice launch countdown more than two weeks before they are sch= eduled to blast off on a mission to resume construction of the internationa= l space station. CANBERRA, Australia (Reuters) -- Australian scientists hav= e begun looking at smell sensors in worms and insects to help them build an= electronic "cybernose" they hope will one day be capable of measuring arom= as and flavors in wine. CANBERRA, Australia (Reuters) -- Australian scienti= sts have begun looking at smell sensors in worms and insects to help them b= uild an electronic "cybernose" they hope will one day be capable of measuri= ng aromas and flavors in wine. FARGO, North Dakota (AP) -- Alfonso Rodrigue= z Jr. stabbed college student Dru Sjodin, slit her throat and left her to d= ie, a federal prosecutor told jurors Monday.

llow inmates. WASHINGTON (CN= N) -- President Bush declared Lebanon a front in the "global war on terrori= sm" Monday, equating the Israeli battle against Lebanon's Hezbollah guerril= las to the U.S.-led wars in Afghanistan and Iraq. NEW YORK (AP) -- Talk-sho= w hosts Jerry Springer and conservative Tucker Carlson of MSNBC will be amo= ng the celebrities competing on the third season of ABC television's "Danci= ng With the Stars. CHOWCHILLA, California (AP) -- Sara Jane Olson, the form= er Symbionese Liberation Army fugitive who became a Minnesota housewife and= is now serving prison time for trying to bomb police cars in the 1970s, sa= ys she tries to hide her radical past from her fe BOSTON, Massachusetts (Re= uters) -- The maker of the Segway scooter Monday unveiled the second genera= tion of its self-balancing electric one-person vehicle. Lockheed beats Boei= ng for moon launcher EA scores touchdown with Madden

NASHVILLE, Tennessee (Court = TV) -- The father of a Nashville attorney on trial for killing his wife cla= ims he reburied his murdered daughter-in-law and disposed of evidence relat= ing to her killing. CHOWCHILLA, California (AP) -- Sara Jane Olson, the for= mer Symbionese Liberation Army fugitive who became a Minnesota housewife an= d is now serving prison time for trying to bomb police cars in the 1970s, s= ays she tries to hide her radical past from her fe NASHVILLE, Tennessee (Co= urt TV) -- The father of a Nashville attorney on trial for killing his wife= claims he reburied his murdered daughter-in-law and disposed of evidence r= elating to her killing. Are you paid what you're worth? WASHINGTON (AP) -- = The thwarted terrorist airline plot in Britain is sparking a bitter new rou= nd of finger-pointing in Connecticut's bruising Senate race. l storms or mo= nster hurricanes like Katrina and Andrew.

Atlantis' astronauts strappe= d into the space shuttle Thursday for a practice launch countdown more than= two weeks before they are scheduled to blast off on a mission to resume co= nstruction of the international space station. NEW YORK (AP) -- Talk-show h= osts Jerry Springer and conservative Tucker Carlson of MSNBC will be among = the celebrities competing on the third season of ABC television's "Dancing = With the Stars. NEW YORK (Fortune) -- For the past decade, Honda has been o= ut of step with most of its North American competitors - sometimes defiantl= y so. Atlantis' astronauts strapped into the space shuttle Thursday for a p= ractice launch countdown more than two weeks before they are scheduled to b= last off on a mission to resume construction of the international space sta= tion. More than 200 homes evacuated in Richmond, Virginia AFGHANISTAN: 14 B= ritons dead in Afghan aircraft crash LONDON

Hedge fund may boost McDonal= d's stake Layoffs loom -- how safe are you? CANBERRA, Australia (Reuters) -= - Australian scientists have begun looking at smell sensors in worms and in= sects to help them build an electronic "cybernose" they hope will one day b= e capable of measuring aromas and flavors in wine. ENGLAND: Top judge to ru= le on Diana death ENGLAND: Top judge to rule on Diana death CANBERRA, Austr= alia (Reuters) -- Australian scientists have begun looking at smell sensors= in worms and insects to help them build an electronic "cybernose" they hop= e will one day be capable of measuring aromas and flavors in wine. ------=_NextPart_001_0012_01C6F6AF.B983F360-- ------=_NextPart_000_0011_01C6F6AF.B983F360 Content-Type: image/gif; name="lrnoit_353.gif" Content-ID: <001401c6f6af$b983f360$000c8e8c@commonorda58aa> Content-Transfer-Encoding: base64 R0lGODlhsQF1AYQAABMOEf///xH///8i/wD///8R/wAA//8z/yL//zP///8A////AP//Ef// Iv//M/8AADMzM6rdd//dmWZmMwCZAAAAZqpmM92qdzOZAN0RdxGIiDMRMwAzZogid2YAdwAA MyH5BAAFAAAALAAAAACxAXUBAAX/YCCOZGmeaKqubOu+cCzPdG3feK7vfO//QFshSCwaj8ik cslsOp/QqHRKrVqv2Kx2y4URuuBwcSAum8/otHo9a7Df8Lh8Tq/b7/i8fs/v+/+AgYKDhIWG h4iJioMJi46PkJGSk4UOlJeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5iGS6 vb6/wMHCw8TFxsfIycrLzM3Oz9DR0q4G09bX2Nna29zd3t/g4eLj5OXm5+jp6uvs7ZG87lYI 8fT19vf4+fr7/P3+/wADChxIsKDBgwgTKlzIsKHDh5LgQZxIsaLFixgzaswzZKPHjyBDihxJ sqTJkyhT/6pcybKly5cwY8qcSVNltZr3DuDcqYsBz584F9xpBLSQUJgSxR0tum0p02xOn16L esaSVFwdr2rd4XOr169gw4odS7as2bNo06pdy7at27dw48r1I2Cu3bt4y87Ly7dvywd+Awse rHAv4cOIEytezLix48eQI0ueTLmy5ctAiGKOonmzws6eQ4vOoROI4dGoU6tePSsr69ewAXWd 4Tq27du4c+vezbu379+XKFAAXmg48UHGjwcSrlxQ8ubQAwMAEP3P9BNuNtZud716n+7e91AP T768+fPo06tfz96YhPZJrPaQ8B6+Gvr279fPfwY/fzT7/YfSaQJadlOBCCao4P+CDDbo4IMQ RijhhBRWaOGFGGao4YYcduhhGBF8uESIIiZBYolHnIjiipFsx+KLMMYIkQIyRueiPvLVqOOO A4GGVnY8BslUXUIWaeSRSCap5JJMNukkfD7+8QVPRD5p5ZVYZukDjVp26eWXYIYp5phklmnm aqWdqeaabLbJTZVuxilnJBOoOcGddtZ5Jp5z9ulnQAT+KehPs4nD5WM5phXloGukyeijJi2K iKSQVorajZZmqummYRzIqROOfgoSpqKWauqpqKaq6qqstuqqhkm9KuustNZq66245qrrgoE6 0uuuwAYr7LDEFqsckMYmq+yyzDYrDqXORssatNJWa+1atdgyVWi2wB0KlKfchivuuF5OKQ2c 5KarLhjUruvuu/Biaa6D4MZr77345qvvvvz26++/AAf8CQQQqEnwwQYTLHBD7bL568JPJgrx xP08TPEbsV6s8cYcFxkCACH5BACUlQAALAAAAACxAXUBAAX/YCCOZGmeaKqubOu+cCzP6UDf eK7vfO//wKBwSCwaj8ikcslsOp/QqHRKrVqv2Kx2y+16v+CweEwum8/otHrNbrtnhbd8Tsc6 Som6fs/vHvolC4CDhIWGh4iJikl/i45ZDY+Sk5SVlpeSBgYBmmOdnWKfm6GboGGimE6oKJqt nK2isK+lpiSwo66uJ6u7sre0vrG9urmddyW8JrezxcHAw6DNrLQpy7/MwrrIsrPdva+pTcm2 o5wjptS41NPg7eXK6/Dn5+XpIuPk7rjV8dvz9/XAqWv3Ldo+drXy3aM37xNAgvIMLkT47gmD R78qPpS30KFAjQwlggS4jKO/jqUe/ybMJ5JfyZMwqX1QOfKjSpfcYCo05xFfyIE1M8IQEE6H T4gMd2Ljp68mwAYrN+qE+DKiOqc2v5mUupQiyRVHoyasVdWfQaxHiwoRalWi0rQ5c8IrS9Nt Upo46UUlKfenXa5wW8VhhlMbS2IVyfbbhs4w475qiYQdyJXqYqVZC460O/ZdYLNB+w3Wdxfw 5dKZrbIj2PkwU9deIyMJ3AzxWW+Nc59O/RiY7au462kLFhua77PAEesVPhkpudrIvyrnu9w5 XtlH0mrRnoU7Fu9XwGMfvyMS+fM7RqP/kme9+/fwtbSPH+MYF/X08+uP0Wi///8ABijggCvY QOCBCCao4P+CDDbo4IMQRijhhBRW+J95Fs5x0YEbXmFghiAqQlSIiBBA4okopqjiiiy26OKL MP6AYYw01mjjjVg8oKOOAey4Y48+PgCkkD+aEKQIPxZZQpBCIqnkkj46yeMIUVbJJI9TJhnl CVoyqcKWWU4JJZFXkllkl1g+SSWYW6Jw5JFArgnnnHRqKaWUTcYJoJh58hlnk2mmEKieeXJZ aJaCkukkCWHqSeihgDpaKJSPOkpppT0mimmffCraqJuK/jnpmlTKSWqjnUJKKpKLZkroqv+J yWiffy4qK6WoriDrrYZi2mqgoe6KpaWaojrqr4AOC2qlnDKbLK+zOrssrslKKyr/rLwm2Wq0 KCjwHrS3CqtmtGEee6mpiXbKLbC+ZkokscsaOy2i74J6ppKDDgovtXhqyu+1AOur7pLuorut f2l+CivAhqZq7sIQk1utuxNre7CZokIb8Lir0qvxxq4O6aeqX+Jbb69j0utqm3BKaua7ag7s g32KKBxuoQCEivKpD1s6ca+fBlutzCsLXezP80a6r60VM23w0hDre+7QkdZ7s8sdK40o1Ahb yWa5Q27Lsp1G1vmw2eU2m3CXrIrc870f9xt2yGO67fXcJn88ttSzgu3llaaW+WzCbbfJNY6I Q0HzFfMl7vjjkEdOx4guLM6I5PB5i/nmnDvSnxmUdy76/+ikl2766ajDoHnqrLfeReOuxy67 gJ8rgsDsuEsCe+689+6H78AHL/zwTNxO/PHIQ4Ff8szfsHvqGESPgQvSzyD99C6sHsX1KVRf QvTvcf899o6AP77521dP/gjos9B+DO+rcD3383svv/r2u7++CfHHD8T8AdgfGvwXQAHeD3zk qx8CFSgC+uXvBAxsIP4ICEEDFlAK6OufBSt4Awp2b33YM98GSZDBEfJvhB4cQvtSKIb3KdCE F5TgCUkowwCyL4EwjKEOS9iCF44vfd+b4flWOL0HAlCIMADfiEIYwh7ikITi++H5dFhAIhbR hQs0Yf9uaD8fVvGLUOxiFrnIRP8W1pCMUUQB+D4kwBXW8IlnvN8N50jFAx6Rjk9gIRbx6D0C alAGboxhDnl4xj9CUYJt3F8f4fhADqoRjhdcICLjeMhJ7hCEOaQkIgcJw0CKkI+cBGUd9ec/ MxJBj5iUIhEdWckkGtCUm1ykFPFIRUOKspadtOAeI3nFOJYSkqscpRyHiEr9sRKNZiRkFTOJ TCQ6QYRpxKUqUxnLRALylcy8JCV36UtrthKarfzgI6fJy242s5DUhOUowbkCaBoRm0hM5h2X mU12hrMJwQznLoOpTFpSD54vICQ3zenPOgqUmsOk4T57aU9BAhOSDRRmQjuI0IKuE6LidKQ6 25lNIfT/c5sPZSIdG7lRYapTmR81aBmdqc03ypOG6JyjJMF40IcOEX4dHacmfxlPRXqzpzwo aRDm6UV6chGMR11k/Uh5xKUydZloDOMdJ1jNLF6xhL104jvFyFBJbvWLDhzoP4OaRi86Fapl 9Wla3bkDoebOrTmA60TH6h65ys6uNMArS/+p10JEE3nzTEJgKdrI01mueYhNrGIXy9jGKqFD RKidYycrBshS9rKYJVDoGKs9PTwvMoLIrGhHywQTkbYomz2tamXQ2dWqwbKuja1sZxs82JrO tIr4rBtmxLkP0TZ2vP0tElor3OJiYnkq0q1xlxu2e8npaxjjmNzeJLi5paxM/9wS2XPjBjfr 9g1vfvNSdtlmr769rLtuw9PaeubdmD2OVqUqHKvgC18uxbdtK5vvfQmW3/rSTWkhO1t8twY0 ADctv4xKMH6NNOBSaS3A+DVwhAXV4AWzVwu4pUR9T2ZhBi+Yvx5W8IS/JGJabVi/JC4cgMv2 KhXLd8KHoluIVyxiCNuYw/6lMIhlfCOYOXjHo2pZiHdsYcPZ974mRvKdAhDaGetXwFZrcJRh nOC3VXjI9M1biVkwqXC9t2Ao3m+Q98tffGGZzFh+0snoy2MQV63NrAIAgvs75yTX+MhzBvKV 3/xcLrvpzj0Gs5Bj7GYd//fMH0Y0p8505RTTWcAvfv/0iAetq0bXmM2RtvSQiTwJ5IoBZnnw L6HrbOhRixnNeo70g0eMZ61BmtRFU/WpHS3hWcMa03C+MapjlOEfNxds6CJvw7YbbMKV17pe 25t0l0y2smEMvJ7SMnrT9d2nwS1txoZzy9zL3G57+9vgDre4neBp/wR3POWembnHPdtzszvc 7n63vOdN73rb+974nm1q883vfougyf7Ot28DLgblEnwSxGWBZNez7xg0nLLxXoNvF35wQxiv 4hjfgsGJR4GMh4ECIAf5EUSugpCTPAUnB4LJRxDyFbScBCc3ecc9foM/xHzkMy95x1OuBJLP XOQ8h/nOc/7yAASd5jTgecv/gc50ozfd6T5fOdSPzvKhQ93pUxf6y6UuAqpXvQRPP8HTrd71 ok/2sGAI+tiBXvadY/3ta2fB2t1e9q93He45d0HRw26Cpv+c6N7yOr/T3QK1k13peZf53/Eu 973nve6QrzrXYRD1t4vd6ooH++MlNHAE3RzrlRe66DXPeKOj/PE8V0DMiW75GCwe9Jv/eso/ L/j39DpFk1e81GUueaYP/e+xbzvRd8/7rAt/+C43u/JRP3vHBx/p+nk+9Fkk/UHYdvqXQHsR KH7v62OfDxv/vvjHr6CHT6H65D//5C+Pfp2vfwe1P33Uza75rb8//TmIv92TDnqVt7/vPxd5 KAd5//o3fYRXePRXf/MHfFfXd/1nfEsHfBFIcgCQe9WHePq3gPj3A6/He6Fnd3wHgJfXdqZX eaFXgADIeq0XALDlcwKYAhG3gSI4gni3d6anc1r3gYyXeSvoesyXfDMIIQB3BbenCK83g3H3 gjRYes1Xd4Z3dy/QgUpIelCIgjLYeNKXeTxYe1yne11IfM43evKXeE1IhSRoAkV4hUlghUn3 fzLghmo4BsXnf2zIAhcHhzQSg3G4h3zYh80zhAfCfTcSfn5YiHUwh+rXeEFIh0doBIi4BXqY OyEIBfFXhzjggj1IBJOIcXM3fPbne174iRI4ir13fMKXg6a4fyjQfJ9Yg/+keHzB53ey+Hv4 RnxOyHom6HYr93sdeHix2IiRd4JkF4WrV38l2IuwN4WneIvM6DsXVwVsN3UhmIvHyHZe2IwY qIPBiIyWqI1lSI3aKHrUeHdwmHCzJYtm6Iv9t4vGJ45SKIxQaHnwaIXIeIPfuHhJOILjmIkZ Qoh8sIu8KIGluHRZF5AT2IDO14rSKJBXZ3/Jx4qpCIG+J42raIEOaYhRkIYfh4eLiJHkcX/E mIAeyQWROJImuViCyFzPeJKqZX5cMAEjMAEwGZMkMJMiYJMmgJM3YJM6iQU9eZM/WQIy6ZEy yZM0OZMwiZQBYJQ0GQMrGZRBuQJRKZQuMJVUyQL/VtmUJ5CVv7WSVVmTR3mTSymWTBmTOlmU SFmUQAmUacmWPYmWZrmUaimXSamWcEmXdFmXQymXNVmWOZmWPAmYaPmWc1mYgzmWbOCVNJKU WsmYY6mUejmUe5mTYomYiKmUNHk7MPk8kEmWfYmZjsmWlRmaldmYKcCUjomZlkmZZomaj2lv RtmZr8mCZ7mVo9mUqmmZuXmbskmavbmav6mbkzmVoHmZpbmbxlmbr8mVy3WYwAmWWlmanyma a4mX1smXfxmYcbmWe9mW3AmagOmW19mXoumdc4mdf7mddjmb+qGRIMKcNACfNmKOzHOeLECf 2cmS+rmf/NmfqYOfJwmI//45oJbgkgQ6Htp3oI6QoDigmAoKAw76oBI6oRSKCQxKIe5ZoRq6 oRzaoR76oSAaoiLqIhxQohwgAiZaoiiaogFgoi2qoifAoivqoi96oiOQojb6oiWgojaKozd6 ojm6ozJaoznqoyv6o0DKoyzqojQ6pEKapFCqpFB6pEE6BCV5Bp33HkVKAkEKpC2KojeqAj0a pl8KpjtqpmhapjCqpma6piawpW1Kpl3KpWSapjA6pmkqpGiKp3Dao1Uabn+ap2W6p2JKqHN6 pnMKp4hap4VKqIPqpWHap2f6o3HKAncaqZiKp3paBgb6IoE6qIxqpCigqTQqqKX6pV3qpqd6 qv9vuqp7qqqP6qZ2iqqCGqO0OqOZiqTz5qeKGqqM2qqJSqePCqqsaqi2Oqp16qqpKqnCCqaQ yqvICqm3Sqt/+qne1qvV2qzW2gCk6qjMyqzDyqa16qjiKq7geqht2q3IqqOV6qWaKmfyVqqi 2qRSOqqXaqT4uqT1OqT5Kqtcyq/3qq9ReqcDW6PsarD2mqQzuqbS6qT+qoadOqKLYAEUW7GB aJIVS7EzkJISWwU4+rEgG7IiO7IkW7Ime7Iom7Iqu7Ism7Id+7KY4I/2BqDClaEwe7M4m7Mp wLE627MmELE+G7QrcKVT4H0JIqDihrRCu7RM27SWkKX7SbRO26E2y2//UAsIVUuhSjsCRssi FfC1FUACX0sDYRsEYDu2AXC2ZYsCZ2u2a6sCb3sDagsEc8sFbesDaNsCcau3d9sDeUsGZfu2 e1sCg6sCVwsDgpu2isu2I1C4OpC4ReC4jysCkisFa1u5LLC3mJsDgcu5JrC5WtC5jUu4aFu3 aZu3Y1u6gRu2YLu4cPu5KzC4rXu6tNu4rau6Ymu7s3u6l8u6guu7r0u5wKu7oDu6v9u7tcu7 Yru7u6u8xJsCmju8znu7aou6yXsCzCu9jHu8wtu9tJu6fau9YCC6lJu75eu6hLu853u55cu6 JLA7mhu7sLu+ohu/53u/6Gu+3lu/lfu76zu6/4hrvff7t+ybv65LvuQbvKSrvwiMv/srv7br wKRbwItLwQT8uQn8Bc2bv3dbuJBbwQDsvv07v9BLwg0svBasvwaMvwVMwYwLwCBMtgcMw3Fr utk7uzY8tp+1uhncwoqbwTOswEG8vTQ8wDAswS6swdjLwEZ8xD5cuyIMwSpMAqb1xDFswPyr wi78wSdcwkW8wi5Qw198xPNrvy9MxU3MwSH8w02cxCQ8xEvMxBWcxFZcvFPQvHVbvShMvL7b x91bvRvMx7obuwSsun7ct9/bx6i7yNTrx7zruHPbyCiMvHD7t877yMtryMfbu5pMyJzMvcab yXscyJN8yJY8yKIcwf/gW8g8fMkpArRLYMdTWwekLDkdcqGzfDwym8tOkLVYQLNNC8vrgcu8 bAWHq1pdSwPEbAi13ASSLMHqm7mITAWnPMrVjL2yDL3NzAPXHM1y28HTnMnZHLlmTMZgfARu HAPjfMaQ/MZSjAWQLL7v7MUQvM4vMMLcnLvu68X2LATljMRPwL64u8d/rMignMglvM83bL3d TMPaC87Ji8eszMnqG88RvchQfMk4HM5yPL2pm8rgW9GVzMiqjM9THMcUXdDPS9AhHQAA8NCW /M9YHNBr/L8D/MFj3NBsjNPRC81aXL8OLcdW/MWrm9BXTMk2HcSbW8fte9QPPMfvbMFL7c7/ KJ3GF5y+9JvVTm3OMt3PnpvUn0zG0cu8mcvGTmzCUV3TWC3Ik4zKj9zFaN3WDizROKy3IdzB Zo3JSm3Oaz3EoCvTGPzJbkzWYN3GiNzVVJ0ET1y6Y9zGcfy6+8zCam3Se+3OZmy/l03PXSzG M0wz6VzY6avQk53GZ+zXYZzYfb3C7VzZW+3BRavOhZzIbXvYEy3XRl3KqPzMgb3KHt3JK63H tM3I1SzJwL3RGn3D2hzTjTzbgOzIprvbbs3RbO3KgT3BPBzWub3KzwzOeEzVXv24Os2hPFvM nOPLT2DeWiC15O04y7zeARKh7h3fb6DeRXDMm2PfMkDbMuy2G73N/9LNuVMN3ttMtgOOt5GN zYndzZHs2nw70lfw0dqs2JItxBIeyqt9zl/t03g7BEBM4ffsvfRc1kTc4eqs2Rk+udf72Dyg Wwlcw5qc0ggNxYcs4ied2iwN0y191W8d3TCd4mvd0rZ92gdc28/937Ib06msymlN0iWt5Ows 4zwu26zc5KXt1nNd2zjQ4kJd2oy91weu4hoO0FoNxFtc4+jb5UUtxGjO18F7wojNtynM1ear 0/575gt81ybO2kg90zctzXE+4Vcs4KmN1yrO1Ds9zxjO51ut0WfN5lxM2oWu1vktwEOezgUO 2mIO6W9c5lP82Xq+0mps3Z7+2IctzjAut/+Rjul2btOM/eXeLcVuLudQ3eir7thhXuskbtcd Pdo2TtS0TuuUzelizeaV3eUHPCNDTey+DugY3s90/eKtjNvbbdDSncP9O+XKu9wVbdA8Tty+ jc3eft0R7OBJHtygDu4Hncfha+SGnO3cvcnx7L/ard1Jrtf/rddvze1yfe818t0ZcunhBvBT 0N7yrSAEXwTCXPAZcgEzAN8p0gEd4AL4TVkXwPAigN5zkAGAAPEKr/GEEPH9tsuwndzhHQX8 PukfDtsCH8Z/XfJEANhE4AEe4CCSm+t3rOy6buZ+e+sn4Fsw/+Mnnt+oXQQyL/PvYdyxXfNn jtFMbtt0Lc4hrtL/N07tDF3zTF+27nbgxg3l8268St++aX7cUp7uDz30JDDeMzDz6NHCQO3j 5R7Uy77lSe3h19vCx0DmNr/0YU7Yi67j437hsd7nsj7kr56YRhABVkDoi77Ef+7iyI3bO07Q L1zXWy7aQK/myh7Zhh7qu375Uk3pSBy+YJ7oloD4Nw/ao87ZBEDHbW72gD/s/2v5i5/qze75 IM7Zsy/3xs76c4/zioD2dtvcvX3NG7zQUI/v+P7unnzu3Q3KYIsAtbzgjlzd9R7S5u7ug3sR Ej32ilz9/Y37vp/LDj/p/q7wwZPwfJDMjjX+5l8HW9uHGqABSvD+ZgD8+hn/GHnw+4H//+3P B/IPAoE4igN5oqm6sq37wrE807VdN7e+83j/A4PCIbFoPCKTyiWz6XxCo9IptWq9YrPaLbdL Y3hVuTC5bD6zEAEHuu1+w+PyOb1uv+Pz+iJ77/8DBgoOciVAASAmKi4yNjo+QgIQTlJWWl7m FWBu2qhxfoK2mISSlpqeVkkEaKL2HOj1tcrGSKgmQeDiBuTm7vJC+AL3ovyK9A6f/AIbIxPz ButC60YrHy9bQ2wsO49MD0dLWzNXB0t3X2/Pftrebru7++4yx6t4z8uvgNOnk4C/p+ujdq7f NXr4Utijhm4fMAbo2AiLt1ChQX3qvMSaY/GevGnzNg6kyI/bQP8WG+1xLPeOYESQ3FCKnHiu pcSPE1dezPkDpMWAz+oJQzeS5Mx8I1Ea7HgwoFKXyYIytDkOXsSUMKGm1JmEFQkCg7xRJCjW 6U9oLXgOlYjNH8ByVlUGdUkzLM2axtwmhak0q9a+MsImzYv1xILASBG2DVwyZsm7FRNfzdd0 YdN7BR+PLVjVLxcBeoopmzrOLdvSg1l+a+YMWzjWHUELNIc4rlm45L6JLmqbL+fevn+jGQPc hefhxkUdD8V1yvLkwDM6jy59upZX1K9jz659O3fsYO54kv6dEOxnoYHSRWu+2GyF63/Cj1/2 6ftm/Oajdv8vbW3Zoc8r1h0g/lj22kH/T1l2GVDd2IVYVPgIlN6D/FXU4IGxEVMTYwHyhZtH +zSmBHQCNnFSVVClld5mDt71oYMihZSgVBayaGBivPWj4U04GoaiXS5ySKIXzcFgok8mUVbX gmIhadpMSQq131n3UTgakothRRaVmD3JpJCBgOVjiCRF6FSPU0a1EpQfxXill2gaheWDLEaJ E5tjfrmHhEtRSBePZ17pp2AyCroknsl4ZiZbM2rpGFJH4mMdIONhURiY9enXpFCOrZaalp6u JaVZ1aTIHn709YlMWac+CZZtddqZp6yz0lqrrU5I2kN4t84hHK+/AhussLPsOuwmIxqLCpHJ MtssCpY6e8Qo/8aZKp+imMbFmmpTZTrbqJ62xl+1oNbJraYJDrVofFZ22mo4TbL0ZrQ2qJrl aV7aKeZhOXoU1rSErrnhi/+ERPCMZCYZZ2Qg0jlYSysiGNui894QmcAIEqXvvQz2S1l7Mqp1 8Es7hlzyvnKqpLC9o5Uqso0u9BRrD9D+ajHJRMnr07b4elyjhN2ipybJVzUKIsSZTbgXwgGa GaJ9VQrr1QzVptnyum+ezPOfE28I5EvumryuuAnv3KKBRst1s7w1ak0xvStfzOTETm/c9rUo 26wyo3CrLfdlZE1WIIcCy4wzhFC7DXOY1qYaapQsp+2kUZJbud7H5Y3b2uDgHhjvWv+VTy6q LwA0XtraiaOeuuqrs96666/nUSzss9NeexJSu+Cr7bvz3nuzlPoevPDD4yE7DDQTn7zyy5MC PPOTPh+99NNTX73119dRHPYr5CrrstuDH77445Nfvvnn12qAAQGo70b77bfx/vonOJ+F/O6v D/8kum9xvwrqA5B9AJTfAAWYP/2RYIDzA6AAApgC/z2wgAo8oAQJGEEHBtCBKIDgBivowQxa sIMYDGEHBbgCBRoQhB404AXhp8ITjIKDF/meEGQ4Av3Nz4QiOCD7dsjD//3QhSf8YQl3eMMc 8nCBRCyhCxc4RB0WsYc+vKEJlQhFJlpRihG8YgKReEQqvm//igg8gf+ECEQu2mqCOeziFo0Y xiqukYxBzN8QURhFNrqRjnB8YhO1KMIC3vGLeZSiDb/Yxzh20Y5ybGMP31hIMVoRkUdUJK8e OcYp4tGHGsSiJltgSUmOEYGUXGQTJcnGS2JykZlMoSn3yEIWfJKRqWQlH5XYSkj2BndDUOMW ARnKNT4yhZNsJS+x2MdVBhOQwgTiKCF5TEHikplI3KQcmwnHZ84ymRpUpgjCU8xfxRKKvzwl MeOoTTRiEofmBOYSVWnIcqJTh+p0pytlWU9OtnGeJAAAO+PJxXOiMn3tTCQBR1jKV6ozoQON ZgspaFBbInSaCo2nNlX40AAQ4IXiV9wmCM8YUFpOUJMQHeEwSxrQYM4KpVxQaQyQZwSWagGm 9lso+mq6HePZNKe+055OefCvng6Hhsz7KVCLalTr4fSoSvWdApaaOkM49QwujSpVq2rVqwov BAAh+QQAAgAAACwAAAAAsQF1AQAF/2AgjmRpnmiqrmzrvnAsz3Rt33iu73zv/8CgcEgsGo/I pHLJbDqf0Kh0Sq1ar9gscaDter/gsHhMLpvP6LR6zW673/C4fE6v2+/4vH7P7/v/gIGCg4SF hoeIiYqLjI2Oj5CRQgWSlZaXmJmam5ydnp+goaKjpKWmp6iWDqmsra4olK+ys7S1ti0It7p5 sbu+v8DBwsPExcY1DMfKy8zNzs/Q0dJTXNPW19jZ2tvcagbd4IIH4eTl5ufo6err7O3u7/Dx 8vP09fb3+Pn6+/z9/v8AAwocSLCgQVQLDipcyLChw4cQI0qcSLGixYtfvmHcyLGjxyUPPvIL KVIfyZJqVv99OomyJZpcP3q5nElTJc2bOHM+SaAzHs+e7hL8BMpuKNGjSGsISMq0iIKmUKNK nUq1qtWrWLNq3cq1q1cyEiR8jRZ2LI+lqMqadaZ2LbO2bpeJdZgsrtmndvPq3cu3r9+/fQgA Hky4sOFZ1Q4rXsy4sePHkCPXSiy5suXLThoUk4m5s+fPJceBHk26tOnTTCegBqV6tafWrjvB jq1pNu2rnG/r3h0PJu/fWesCH068uPHjyJMrX868ufN+Gp9LLyx8unTN1q3mzs6dG+Xu4MOL H0/eEtry6NNfFay+vfv38OPLn0+/vv37eBLi38+/v/9t5/0n4IAEWoRdgQgmyIT/aL98p+CD EEYo4YQUVmhhEhFcWEWGGlLBYYdRfAjiEyKihpcmJY7YlW8qtujiizDGuNCJMj5EgS/b9XVj jUfsyGMRPlpUHT9B/ihEkUMaCRqNSjbp5JNQRtmYflLWk2SVWGap5ZZcdunll2B6cmWYZJZp 5plopqnmmuhFx+ZWY74p55x01mkPe3bmqecrDO7p55+ABirooIQWug+TdQRo6KKMNuroo5Ai 52CklBaHKBGKfgWAn5tWao2bnoYq6qiklmrqqUT1ieqqrO6RaauwxgolqLI+SmWta16K6668 9urrr8AGK+ywxBZr7LHIynhgsoIu+witzEYrILTSVmttWSU5Xqvtttx26+234IYrbhU2ZXMr SrpGEWdP647r7rvwxivvvL06S++9+Oar77789uvvvwAHLPDA20IAgZ4G1ylawgT3l23DEEcs 8cQUV2zxxRhnrPHG8YQAACH5BAAFAAAALAAAAACxAXUBAAX/YCCOZGmeaKqubOu+cCzPdG3f eK7vfO//wKBwSCwaj8ikcslsOp/QqHRKrVqv2Kx2y+16v+CweEwum8/otHrNbrvf8Lh8Tq/b 7/i8fs/v+/+AgYKDhIWGhywQiIuMjSuKjpGSiJCTlpd+lZibnHWanaChap+ipaZhpKeqq1ap rK+wsbKztLW2t7i5uru8OxO9wMElvy0SwsfCxjQUFMjOvMzRzc/Ut9HV2Nna29zd3rEO3+Kc DuXj55ML5ujs7e4oCWQI7/T19vf4+XMD+v3+/wCvNAhIsKDBJAQOKlzIsKHDhxAjSpxIsaLF ixgzatzIsaPHjyBDihxJsqTJkyhT/6pcybKly5cwY8qcSbOmzY4Db+qcZGCnz59AgwpFxq/h vKG5eiJdyrSp06f+lI5bANVUzqpYs2rdypVrga5gw4odS7as2bNo06pdy7at27dw48qdS7du kYR28zqKp7ev37+AAwseTNiEgMImDxCiirix48eQI0v2cdix1MmYM2vezPnJ5RyKO4seTbq0 6dORFKBezbq169ewY8um82D2Ir4qatvepHv10VK9d18KLnwS8eLIkytfzry58+fQdzOITr06 HbzWSePOzr279+/gw4sfT768+fPo06tfz769+/cutsOffwS70N/0l9rPz79/5v3+BSjggAQW aKB4RR2o4P+C4l3F4IMQRiihTaFpw9iEGP4EYIYcduihWBd+KKKI8o1o4onhVYjiiiy2GEyI MZVonWou1hihijbmqGMUMO4o14Y+BimkNzIOaeSRSCap5JIv0cjkk1BGyWGPUlZp5ZVYZqmS k2tNp+WXvEQA5gtiqpAgmGWOyUKa752p5ptwxinnnHTWaeedeOap554uecnnn4Cm5GegO+BH 6KGIJqrooow+52ajaTgIaSiVqVDppJhmqummnHZq3WeehioqK6COauqpqKaq6qqstqqXoa7G KuustNZq66245qrrrrz26uuvwAYrLKpUmlLssMgmq+xoXy3r7LPQCgUAnwBUO+1YHM2mZ+21 elYbbaClfivuuOSWa+656Kar7rrstuvuu/DGK29H2ZIF67z45hvEvd5Jqu+/AAcs8MCT1kvw wXfgiPDCDDfs8MMeHpssvxBX3IfCFmes8RghAAAh+QQAAgAAACwAAAAAsQF1AQAF/2AgjmRp nmiqrmzrvnAsz3Rt33iu73zv/8CgcEgsGo/IpHLJbDqf0Kh0Sq1ar9isdsvter/gsHhMLpvP aBojzW673/C4fE6v2+/4vH7P7/v/gIGCg4SFhoeIiYqIDouOj5CRkpOUlTcKlpmam5ydnp+g oaKjpKWmp6ipqqUDq66vsLGybQiztre4ubq7vL2+v8DBwsPExcbHyMnKy8zNziwUFM/ThNHU RWvXV9Y+BNrf4OHi4+Tl5ufo6err7O3u7/Dx8vP09fb3+PmCmPr9/v+UagEcSLCgQRPeDipc mM4Aw4cQI0p0l22ixR38/gi4aEMgx48gzziUlDCkSScQTv9CTKmSIcuWB1/CNChzJsGaNgHi zIkrI5WdPPUBDUr0UcWiSJMqXcq0qdOnUKNKnUqVx4KqWLNq3cq1q9eoPr+2OyC2rNmzaFsU SMvW34QJbam9jTttLl1ndu82g6u3r9+/dBIAHky4sOHDiHVtTMy4sePHkCNLnky5srlGljOj Paq5s6GrnkOLHk26tOnTqFOrXs26tevXm8jCnk27tu2HnG/r3s27t28iHn8LH068uPHjyJMr X868ufPn0KNLn069unXKra5rt4R5u/fv4MOLH0++/EXZ5tMDya5+EPv2TBbDn09/l+D6+PPr 38+/v+O1/gUo4IAEXgNggQgmqOD/ggw26OCDEEYY1IED5ibhhRhmGEdYGh5hYRygdSjiiCSW aOKJKKaoIjkPrEjEAy3e9qEkMboYRI02/gBjjjfy6OOPQOYR3GTyBQkVekYmqSRpHC7p5JNQ RimlTSFOaeWVWGap5Zb6dcfll2CGKSZkM45p5pk23ofmmmy26eabcO7WwJxzhklnnMKMhOee glTJ55+ABirooIQWauihiCaqH5KKNuroo5BGKumklFZq6aWYZqrpppAUyelfEaAZQaiflvqD l6amquqqrLbq6quwlqJmrLTWGtSQtuaq6wuz7urrrzegCuw97+0mLDoStJksmxIsu6az+VEI BrQ/4joDZLVmNqvssNx26+234IYr7hx+jmvuuejeoGe67LYrRJPu2mFtvPTWa++9+NYnbb5b lcvvvwDn4m8Zxbq4b8DJHYzwwkoBAECbDkP8MMMU3+NpxRhnrDEV8yZy8cYghyzyyCRDEQIA Ow== ------=_NextPart_000_0011_01C6F6AF.B983F360-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Oct 23 10:44:07 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gc127-0008H5-Mq for capwap-archive@lists.ietf.org; Mon, 23 Oct 2006 10:44:07 -0400 Received: from mx2.tigertech.net ([64.62.209.32]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gc0wJ-0006Zk-Dq for capwap-archive@lists.ietf.org; Mon, 23 Oct 2006 10:38:16 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by hermes.tigertech.net (Postfix) with ESMTP id E7240430F0F for ; Mon, 23 Oct 2006 07:38:03 -0700 (PDT) Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32]) by fry.tigertech.net (Postfix) with ESMTP id 61E604A43C6 for ; Mon, 23 Oct 2006 07:28:59 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 4B9B2430EA0 for ; Mon, 23 Oct 2006 07:28:59 -0700 (PDT) Received: from sj-iport-4.cisco.com (sj-iport-4.cisco.com [171.68.10.86]) by hermes.tigertech.net (Postfix) with ESMTP id 7D7FD430E93 for ; Mon, 23 Oct 2006 07:28:53 -0700 (PDT) Received: from sj-dkim-7.cisco.com ([171.68.10.88]) by sj-iport-4.cisco.com with ESMTP; 23 Oct 2006 07:28:52 -0700 Received: from sj-core-4.cisco.com (sj-core-4.cisco.com [171.68.223.138]) by sj-dkim-7.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k9NESqlg002728; Mon, 23 Oct 2006 07:28:52 -0700 Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-4.cisco.com (8.12.10/8.12.6) with ESMTP id k9NEShOb022171; Mon, 23 Oct 2006 07:28:52 -0700 (PDT) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 23 Oct 2006 07:28:40 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Mon, 23 Oct 2006 07:28:40 -0700 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A202B184E6@xmb-sjc-235.amer.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] Handling of failed requests Thread-Index: AcbzVYYBV+XCd5DaRsG7zn0IGfi2uwDAmxXg From: "Pat Calhoun (pacalhou)" To: "Peter Nilsson J (LI/EAB)" , X-OriginalArrivalTime: 23 Oct 2006 14:28:40.0493 (UTC) FILETIME=[890195D0:01C6F6AF] Authentication-Results: sj-dkim-7.cisco.com; header.From=pcalhoun@cisco.com; dkim=pass ( 59 extraneous bytes; sig from cisco.com verified; ); X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes X-Spam-Status: No, hits=0.5 tagged_above=-999.0 required=7.0 tests=DNS_FROM_RFC_ABUSE, HTML_40_50, HTML_MESSAGE, SPF_HELO_PASS, SPF_PASS X-Spam-Level: Subject: Re: [Capwap] Handling of failed requests X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============2003547161==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.1 (/) X-Scan-Signature: 29dc808194f5fb921c09d0040806d6eb This is a multi-part message in MIME format. --===============2003547161== Content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C6F6AF.88E046BD" This is a multi-part message in MIME format. ------_=_NextPart_001_01C6F6AF.88E046BD Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Well... it depends on what fails. Some configuration parameters are crucial on the WTP, while others could be considered less necessary. I believe there is already an issue open to track this problem set, but I do not have network access at this time, and therefore cannot look. However, one proposal here would be to mark each message elements importance (mandatory, optional), and any mandatory message elements that causes the failure would be considered castatrophic. The WTP could interpret any failures on an optional message element is sufficient to allow it to provide service. The actual failure would be communicated to the AC, which would then make a determination on whether it wants the WTP to provide service. Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems =20 ________________________________ From: Peter Nilsson J (LI/EAB) [mailto:peter.j.nilsson@ericsson.com]=20 Sent: Thursday, October 19, 2006 1:07 AM To: Capwap@frascone.com Subject: [Capwap] Handling of failed requests =09 =09 Hi,=20 The CAPWAP specification is not very clear on how to handle a failure indication in the Result Code message element in the response to certain request messages. Join Request and Reset Request I guess is OK.=20 But what shall be done in AC and WTP if Configuration Update Requests, WLAN Configuration Requests and Station Request fail? One drastic approach would be to as mentioned in the spec for Reset Response "to no longer provide service to the WTP in question". But this seems a litle bit to drastic if WLAN Configuration and Station Requests fails.=20 Peter Nilsson=20 ------_=_NextPart_001_01C6F6AF.88E046BD Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Handling of failed requests

Well... it depends on what fails. Some configuration parameters = are=20 crucial on the WTP, while others could be considered less necessary. I = believe=20 there is already an issue open to track this problem set, but I do not = have=20 network access at this time, and therefore cannot look. However, one = proposal=20 here would be to mark each message elements importance (mandatory, = optional),=20 and any mandatory message elements that causes the failure would be = considered=20 castatrophic. The WTP could interpret any failures on an optional = message=20 element is sufficient to allow it to provide service. The actual failure = would=20 be communicated to the AC, which would then make a determination on = whether it=20 wants the WTP to provide service.

Pat Calhoun
CTO, Wireless Networking = Business=20 Unit
Cisco Systems

From: Peter Nilsson J (LI/EAB)=20 [mailto:peter.j.nilsson@ericsson.com]
Sent: Thursday, = October 19,=20 2006 1:07 AM
To: Capwap@frascone.com
Subject: = [Capwap]=20 Handling of failed requests

Hi,

The CAPWAP specification is not very = clear on how=20 to handle a failure indication in the Result Code message element in = the=20 response to certain request messages.

Join Request and Reset Request I guess = is=20 OK.
But what shall be done in = AC and WTP if=20 Configuration Update Requests, WLAN Configuration Requests and Station = Request=20 fail?

One drastic approach would be to as = mentioned in=20 the spec for Reset Response "to no longer provide service to the WTP = in=20 question".

But this seems a litle bit to drastic = if WLAN=20 Configuration and Station Requests fails.

Peter Nilsson =

------_=_NextPart_001_01C6F6AF.88E046BD-- --===============2003547161== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============2003547161==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Oct 23 10:44:22 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gc12M-0000Nx-Tl for capwap-archive@lists.ietf.org; Mon, 23 Oct 2006 10:44:22 -0400 Received: from mx2.tigertech.net ([64.62.209.32]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gc0sP-00062K-2u for capwap-archive@lists.ietf.org; Mon, 23 Oct 2006 10:34:06 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by hermes.tigertech.net (Postfix) with ESMTP id 2F04D430EE4 for ; Mon, 23 Oct 2006 07:34:01 -0700 (PDT) Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32]) by fry.tigertech.net (Postfix) with ESMTP id 2CC5A4A45E5 for ; Mon, 23 Oct 2006 07:28:59 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id AC75E430E7E for ; Mon, 23 Oct 2006 07:28:59 -0700 (PDT) Received: from sj-iport-4.cisco.com (sj-iport-4.cisco.com [171.68.10.86]) by hermes.tigertech.net (Postfix) with ESMTP id 6B76C430E8C for ; Mon, 23 Oct 2006 07:28:53 -0700 (PDT) Received: from sj-dkim-6.cisco.com ([171.68.10.81]) by sj-iport-4.cisco.com with ESMTP; 23 Oct 2006 07:28:52 -0700 Received: from sj-core-4.cisco.com (sj-core-4.cisco.com [171.68.223.138]) by sj-dkim-6.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k9NESqWW020737; Mon, 23 Oct 2006 07:28:52 -0700 Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-4.cisco.com (8.12.10/8.12.6) with ESMTP id k9NEShOZ022171; Mon, 23 Oct 2006 07:28:52 -0700 (PDT) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 23 Oct 2006 07:28:38 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Mon, 23 Oct 2006 07:28:38 -0700 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A202B184E4@xmb-sjc-235.amer.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] CAPWAP for 802.11r Thread-Index: AcbztLBVHKXEwMpyRvCjly9Su9m1xQCoMehA From: "Pat Calhoun (pacalhou)" To: "Charles Clancy" , "Behcet Sarikaya" X-OriginalArrivalTime: 23 Oct 2006 14:28:38.0634 (UTC) FILETIME=[87E5ECA0:01C6F6AF] Authentication-Results: sj-dkim-6.cisco.com; header.From=pcalhoun@cisco.com; dkim=pass ( sig from cisco.com verified; ); X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes X-Spam-Status: No, hits=0.4 tagged_above=-999.0 required=7.0 tests=DNS_FROM_RFC_ABUSE, SPF_HELO_PASS, SPF_PASS X-Spam-Level: Cc: capwap Subject: Re: [Capwap] CAPWAP for 802.11r X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: cf3becbbd6d1a45acbe2ffd4ab88bdc2 I agree with Charles - but I do believe there is a single issue. In the case of local MAC, the IEEE 802.11 binding states that the WTP processes the Association Request and then forwards it to the AC. The AC can override the decision made by the WTP by sending a negative result Association Response. When 802.11r, the local MAC WTP will not have the cryptographic keys necessary to validate the Association Request, so it would *have* to defer to the AC. The question is whether this is acceptable as it does change the timing of the Association round trip. One alternative is to push the PMK-R1 keys to the WTP to allow the WTP to perform its own authentication of the management frame. Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems > -----Original Message----- > From: Charles Clancy [mailto:clancy@cs.umd.edu] > Sent: Thursday, October 19, 2006 12:27 PM > To: Behcet Sarikaya > Cc: capwap > Subject: Re: [Capwap] CAPWAP for 802.11r > > Behcet, > > > My proposal is to use the key distribution protocol of > 802.11r which > > securely transports the keys. > > Also no need for the context transfer which was what I had in mind. > > My point is that we don't need to distribute PMK-R1 keys > since all authenticator functionality will reside at the AC > regardless of the MAC splitting, so we therefore don't need a > new key distribution protocol at all. > > Here's how I envision an 11r handoff: > > STA WTP1 WTP2 AC > -------------------------------------------------- > > Initial authentication (as CAPWAP does now): > > <--- assoc -----> > <-------------- open authentication -------------> > <----------------- 1X/EAP authentication --------> > (derives PMK-R0, PMK-R1) > <--------------- four-way handshake -------------> > (derives PTK) > <---------- add mobile (PTK) ----- > > fast handoff: > > (AC and STA derive new PMK-R1') > <------- FT / reassoc (PMK Name, MIC, etc) ------> > (derives new PTK') > <- add mobile (PTK') > <---------- delete mobile -------- > > > > Can you spare your ideas why that would not work in CAPWAP? > > I'm not sure to what you're referring. Using the > yet-to-be-defined 11r key distribution protocol duplicates > the add-mobile CAPWAP architecture for distributing keying > material. Additionally, it violates the security restriction > that keys from the PMK-level in the keying hierarchy MUST > remain at the authenticator, which is the AC. > > > You're saying we only need the split MAC scenarios that I > have in the > > draft. > > I'm saying that CAPWAP can support 11r without any protocol > changes. The only changes I can envision being necessary are > perhaps capabilities flags indicating support for 11r, so ACs > and WTPs know that each other supports 11r. All the 11r > protocol processing would be implemented at the AC. The WTP > would just have to know about the additional 802.11 messages, > and know they should be forwarded to the AC. WTPs and ACs > would also have to support AES-CMAC, which is defined in 11r. > > -- > t. charles clancy, ph.d. | tcc@umd.edu | www.cs.umd.edu/~clancy > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap > > Archives: http://lists.frascone.com/pipermail/capwap > _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Oct 23 10:44:45 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gc12j-0001ZU-BK for capwap-archive@lists.ietf.org; Mon, 23 Oct 2006 10:44:45 -0400 Received: from mx2.tigertech.net ([64.62.209.32]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gc0pU-0005dK-Jl for capwap-archive@lists.ietf.org; Mon, 23 Oct 2006 10:31:06 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by hermes.tigertech.net (Postfix) with ESMTP id D5A44430EEC for ; Mon, 23 Oct 2006 07:31:00 -0700 (PDT) Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32]) by fry.tigertech.net (Postfix) with ESMTP id F411D4A43C6 for ; Mon, 23 Oct 2006 07:28:57 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id D36BA430E9B for ; Mon, 23 Oct 2006 07:28:57 -0700 (PDT) Received: from sj-iport-4.cisco.com (sj-iport-4.cisco.com [171.68.10.86]) by hermes.tigertech.net (Postfix) with ESMTP id 28851430E8A for ; Mon, 23 Oct 2006 07:28:52 -0700 (PDT) Received: from sj-dkim-5.cisco.com ([171.68.10.79]) by sj-iport-4.cisco.com with ESMTP; 23 Oct 2006 07:28:52 -0700 Received: from sj-core-4.cisco.com (sj-core-4.cisco.com [171.68.223.138]) by sj-dkim-5.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k9NESqbb015657; Mon, 23 Oct 2006 07:28:52 -0700 Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-4.cisco.com (8.12.10/8.12.6) with ESMTP id k9NEShOX022171; Mon, 23 Oct 2006 07:28:51 -0700 (PDT) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 23 Oct 2006 07:28:37 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Mon, 23 Oct 2006 07:28:37 -0700 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A202B184E3@xmb-sjc-235.amer.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] need clarification on UDP ports Thread-Index: Acb0klY4e+7UPnhTRf2FfrW+5OvmDgAo/i+sAEc+JbA= From: "Pat Calhoun (pacalhou)" To: "Hasan Raza" , "Scott G. Kelly" , X-OriginalArrivalTime: 23 Oct 2006 14:28:37.0853 (UTC) FILETIME=[876EC0D0:01C6F6AF] Authentication-Results: sj-dkim-5.cisco.com; header.From=pcalhoun@cisco.com; dkim=pass ( sig from cisco.com verified; ); X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes X-Spam-Status: No, hits=0.4 tagged_above=-999.0 required=7.0 tests=DNS_FROM_RFC_ABUSE, SPF_HELO_PASS, SPF_PASS X-Spam-Level: Subject: Re: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: fb6060cb60c0cea16e3f7219e40a0a81 To start with, we have to answer few questions: 1. How capwap is protected against discovery packet attacks? Even if there is a port-based or mux-based soltuion for reliably identifying discovery and DTLS packets, an attacker can send a discovery packet to the AC, which may result in the tear down of the WTP session. This is because discovery packets are un-authenticated packets, and are sent in plain. AC needs to blindly believe on the discovery packets. 2. If an AC employs actions again discovery packet attacks by discarding discovery packets if WTP session did not timeout, then an attacker may prevent the WTP joining back to the AC after a WTP crash. Attacker can detect a sudden absence of echo request messages from WTP, and start replaying the WTP echo request messages which causes AC not to teardown the WTP session. And thus genuine discovery packets might be discarded by AC. May be I am wrong here if DTLS can detect duplicate packets and discard them automatically. To resolve the above issues, we can impose following rules on AC. For issue (1) above: RULE 1: (a) AC discards all discovery packets if an active WTP session exists for the WTP. (b) A discovery packet from WTP can be accepted by AC only when there does not exist any active session for that WTP. Whereas, if a discovery packet is received if an active WTP session exists at AC, then all such discovery packets are discarded without change or update of any of the AC states. I disagree with this approach, and disagree with any mechanisms that will create delays before a WTP can reconnect to its AC. The couple of previous posts included a method to quickly detect the WTP had failed - in a secure fashion. To resolve the second issue (if at all it exists): RULE 2: AC should discard all duplicate DTLS and CAPWAP packets without change or update of any of its states. Sort of a bogus attack, but one that I suppose is possible. I would once more resort to my proposal that if the WTP can re-establish a successful DTLS (using a new UDP source port), then the old control and data channels are deleted. Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Oct 23 10:44:50 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gc12o-0001fH-Iu for capwap-archive@lists.ietf.org; Mon, 23 Oct 2006 10:44:50 -0400 Received: from mx2.tigertech.net ([64.62.209.32]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gc0oM-0005UM-78 for capwap-archive@lists.ietf.org; Mon, 23 Oct 2006 10:30:17 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by hermes.tigertech.net (Postfix) with ESMTP id AEF8D1448010 for ; Mon, 23 Oct 2006 07:29:50 -0700 (PDT) Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32]) by fry.tigertech.net (Postfix) with ESMTP id 329274A45F2 for ; Mon, 23 Oct 2006 07:29:02 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 162BE430E93 for ; Mon, 23 Oct 2006 07:29:02 -0700 (PDT) Received: from sj-iport-4.cisco.com (sj-iport-4.cisco.com [171.68.10.86]) by hermes.tigertech.net (Postfix) with ESMTP id D02A7430E9D for ; Mon, 23 Oct 2006 07:28:54 -0700 (PDT) Received: from sj-dkim-8.cisco.com ([171.68.10.93]) by sj-iport-4.cisco.com with ESMTP; 23 Oct 2006 07:28:54 -0700 Received: from sj-core-3.cisco.com (sj-core-3.cisco.com [171.68.223.137]) by sj-dkim-8.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k9NESskY020952; Mon, 23 Oct 2006 07:28:54 -0700 Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-3.cisco.com (8.12.10/8.12.6) with ESMTP id k9NESYbH028880; Mon, 23 Oct 2006 07:28:45 -0700 (PDT) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 23 Oct 2006 07:28:34 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Mon, 23 Oct 2006 07:28:34 -0700 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A202B184E0@xmb-sjc-235.amer.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] need clarification on UDP ports Thread-Index: Acbzx6gzRnIyqDJeSh2XVUA2VdetaQAIMftAAJk3VBA= From: "Pat Calhoun (pacalhou)" To: "Puneet Agarwal" , "Scott G. Kelly" , "Abhijit Choudhury" , "Dorothy Stanley" , "Michael Montemurro" X-OriginalArrivalTime: 23 Oct 2006 14:28:34.0681 (UTC) FILETIME=[858ABE90:01C6F6AF] Authentication-Results: sj-dkim-8.cisco.com; header.From=pcalhoun@cisco.com; dkim=pass ( sig from cisco.com verified; ); X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes X-Spam-Status: No, hits=0.4 tagged_above=-999.0 required=7.0 tests=DNS_FROM_RFC_ABUSE, SPF_HELO_PASS, SPF_PASS X-Spam-Level: Cc: capwap@frascone.com Subject: Re: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: c1c65599517f9ac32519d043c37c5336 > Would having 3 UDP ports solve the problem: > (a) capwap-open control port : All unencrypted capwap control > packets go on this channel There is really only two CAPWAP packets that are in the clear - the Discovery packets. One alternative is to simply use the DTLS packet header, filled with zeroes. Yes, there is still some risk here because the DTLS header can change format, as stated by Scott. However, even so, we could agree on today's DTLS version for the unencrypted frames. A series of zeroes would imply an empty DTLS header, followed by the unencrypted CAPWAP control frame. > (b) capwap-open data port : All unencrypted capwap data > packets go on this channel > (b) capwap-secure port: All dtls encrypted capwap > data/control packets go on this channel. Demux for data vs > control happens after decryption. It's not completely obvious to me why the data plane packet format is not known apriori. The control channel will negotiate the use of crypto on the data channel, and all data plane packets received MUST be in the format negotiated. Assume for the moment a device negotiates crypto, but opts to send a plain text packet. Let's also assume that the packet had a way to signal it was in the clear (either through a bit, ot via a separate UDP port). Further, if the packet was supposed to be encrypted, as the bit or port indicates, but the packet is in the clear, then a CAPWAP device would have to attempt to decrypt the packet, which would fail and be dropped. So it seems to me like it is completely valid to simply have the endpoints (WTP, AC) remember the negotiated value (hell, you need to in order to transmit packets anyhow), and simply enforce the policy based on packets received. So it does seem to me like a dual port approach is completely possible. If there is concern about the empty DTLS header, then the three UDP port number is still an option. Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Oct 23 10:44:53 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gc12r-0001mO-Do for capwap-archive@lists.ietf.org; Mon, 23 Oct 2006 10:44:53 -0400 Received: from mx2.tigertech.net ([64.62.209.32]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gc0nm-0005Nc-O7 for capwap-archive@lists.ietf.org; Mon, 23 Oct 2006 10:29:36 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by hermes.tigertech.net (Postfix) with ESMTP id 6131E430E84 for ; Mon, 23 Oct 2006 07:29:04 -0700 (PDT) Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32]) by fry.tigertech.net (Postfix) with ESMTP id 66A6B4A43C6 for ; Mon, 23 Oct 2006 07:28:41 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 3AB4A430E75 for ; Mon, 23 Oct 2006 07:28:41 -0700 (PDT) Received: from sj-iport-1.cisco.com (sj-iport-1-in.cisco.com [171.71.176.70]) by hermes.tigertech.net (Postfix) with ESMTP id EBA77430E70 for ; Mon, 23 Oct 2006 07:28:38 -0700 (PDT) Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-1.cisco.com with ESMTP; 23 Oct 2006 07:28:37 -0700 Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-4.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k9NESbJG007113; Mon, 23 Oct 2006 07:28:37 -0700 Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id k9NESain022479; Mon, 23 Oct 2006 07:28:36 -0700 (PDT) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Mon, 23 Oct 2006 07:28:36 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Mon, 23 Oct 2006 07:28:36 -0700 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A202B184E2@xmb-sjc-235.amer.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] need clarification on UDP ports Thread-Index: Acb0go7ZRC/7OpgdRraJnWWCdkT5IQBz2heg From: "Pat Calhoun (pacalhou)" To: "Navin (NKA)" , "Scott G. Kelly" X-OriginalArrivalTime: 23 Oct 2006 14:28:36.0717 (UTC) FILETIME=[86C169D0:01C6F6AF] Authentication-Results: sj-dkim-4.cisco.com; header.From=pcalhoun@cisco.com; dkim=pass ( sig from cisco.com verified; ); X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes X-Spam-Status: No, hits=0.4 tagged_above=-999.0 required=7.0 tests=DNS_FROM_RFC_ABUSE, SPF_HELO_PASS, SPF_PASS X-Spam-Level: Cc: capwap@frascone.com Subject: Re: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d > [NKA] My point is that seperate discovery packet processing > via a special port is a bad idea. And it doesn't bring any > additional value than what can be achieved without special > port approach. Scott's additional reasoning that two port > approach would open up scope for DOS atack. I totally > disagree with the argument. I claim that the same risk exists > even with 3-port approach also. In my previous post, I suggested the use of the source UDP port number in the DTLS SA table. This is required to support both the control and data plane being encrypted. However, it can also be used to detect a failed/reset WTP, but ensuring that the Discovery Request is sent from a new source UDP port. This does impose a requirement for random UDP ports on the WTP, but this is not out of the question since the RADIUS protocol imposes this on "fat" APs. That said, it is important to note that the "old" DTLS SA MUST not be torn down, or dismissed in any way until a new DTLS SA can be established using the new UDP source port. Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Oct 23 10:45:34 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gc12n-0001Zt-3f for capwap-archive@lists.ietf.org; Mon, 23 Oct 2006 10:44:49 -0400 Received: from mx2.tigertech.net ([64.62.209.32]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gc0ou-0005Zl-4G for capwap-archive@lists.ietf.org; Mon, 23 Oct 2006 10:30:33 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by hermes.tigertech.net (Postfix) with ESMTP id BDE39430E8C for ; Mon, 23 Oct 2006 07:30:21 -0700 (PDT) Received: from mx1.tigertech.net (mx1.tigertech.net [64.62.209.31]) by fry.tigertech.net (Postfix) with ESMTP id 050F64A43C6 for ; Mon, 23 Oct 2006 07:28:45 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id E2A6E39801B for ; Mon, 23 Oct 2006 07:28:44 -0700 (PDT) Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by zoidberg.tigertech.net (Postfix) with ESMTP id DBB9A398046 for ; Mon, 23 Oct 2006 07:28:40 -0700 (PDT) Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-6.cisco.com with ESMTP; 23 Oct 2006 07:28:40 -0700 Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-3.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k9NESe5h024692 for ; Mon, 23 Oct 2006 07:28:40 -0700 Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id k9NESdip022503 for ; Mon, 23 Oct 2006 07:28:40 -0700 (PDT) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 23 Oct 2006 07:28:39 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Mon, 23 Oct 2006 07:28:39 -0700 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A202B184E5@xmb-sjc-235.amer.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] CAPWAP Timer element issue Thread-Index: Acb0h8LbID2mUdDPSw2/a22E0D8uaABz0pbg From: "Pat Calhoun (pacalhou)" To: "Bob O'Hara (boohara)" , X-OriginalArrivalTime: 23 Oct 2006 14:28:39.0393 (UTC) FILETIME=[8859BD10:01C6F6AF] Authentication-Results: sj-dkim-3.cisco.com; header.From=pcalhoun@cisco.com; dkim=pass ( sig from cisco.com verified; ); X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.372 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE, SPF_HELO_PASS, SPF_PASS X-Spam-Level: Subject: Re: [Capwap] CAPWAP Timer element issue X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 82c9bddb247d9ba4471160a9a865a5f3 Bob, The names "Discovery Timer" and "Echo Timer" are not used in the CAPWAP specification. I will assume you mean the DiscoveryInterval and EchoInterval. I believe the issue you are raising is that the text is not descriptive on what to expect if the timer value is set to zero (0). This is a valid issue that does need to be addressed. I am OK with your proposal to simply disable the Echo mechanism when the timer value is set to zero. For DiscoveryInterval, I would propose we make the value illegal in the spec, and state that any illegal values MUST use the default value. Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems > -----Original Message----- > From: Bob O'Hara (boohara) > Sent: Friday, October 20, 2006 1:39 PM > To: capwap@frascone.com > Subject: [Capwap] CAPWAP Timer element issue > > In 4.4.12 of the -03 draft, the Discovery Timer and Echo > Timer fields are defined. The value of the field determines > the number of seconds between the two types of Request > packets. What does a value of zero mean in this field? > > For the Echo Timer, I would propose that a value of zero be > defined to mean that no Echo Request packets are sent. For > the Discovery Timer, I would propose that a value of zero be > reserved and, if received by a WTP, is interpreted to be the > same as if the value of 1 was received. > > -Bob > > Bob O'Hara > Cisco Systems - WNBU > > Phone: +1 408 853 5513 > Mobile: +1 408 218 4025 > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap > > Archives: http://lists.frascone.com/pipermail/capwap > _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Oct 23 12:01:48 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gc2FI-0000Dg-Ty for capwap-archive@lists.ietf.org; Mon, 23 Oct 2006 12:01:48 -0400 Received: from mx2.tigertech.net ([64.62.209.32]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gc2FE-0004ee-0q for capwap-archive@lists.ietf.org; Mon, 23 Oct 2006 12:01:48 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by hermes.tigertech.net (Postfix) with ESMTP id B3759431034 for ; Mon, 23 Oct 2006 09:01:39 -0700 (PDT) Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32]) by fry.tigertech.net (Postfix) with ESMTP id A4B914A43C6 for ; Mon, 23 Oct 2006 09:00:46 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 6A22A43101F for ; Mon, 23 Oct 2006 09:00:46 -0700 (PDT) Received: from mcfeely.cs.umd.edu (mcfeely.cs.umd.edu [128.8.128.218]) by hermes.tigertech.net (Postfix) with ESMTP id A43F7431020 for ; Mon, 23 Oct 2006 09:00:43 -0700 (PDT) Received: from mcfeely.cs.umd.edu (localhost [127.0.0.1]) by mcfeely.cs.umd.edu (8.12.11.20060308/8.12.5) with ESMTP id k9NG0dAg020242; Mon, 23 Oct 2006 12:00:39 -0400 Received: (from apache@localhost) by mcfeely.cs.umd.edu (8.12.11.20060308/8.12.11/Submit) id k9NG0dMA020239; Mon, 23 Oct 2006 12:00:39 -0400 X-Authentication-Warning: mcfeely.cs.umd.edu: apache set sender to clancy@cs.umd.edu using -f Received: from 63.239.69.1 (SquirrelMail authenticated user clancy) by webmail.cs.umd.edu with HTTP; Mon, 23 Oct 2006 12:00:38 -0400 (EDT) Message-ID: <52649.63.239.69.1.1161619238.squirrel@webmail.cs.umd.edu> In-Reply-To: <4FF84B0BC277FF45AA27FE969DD956A202B184E4@xmb-sjc-235.amer.cisco.com> References: <4FF84B0BC277FF45AA27FE969DD956A202B184E4@xmb-sjc-235.amer.cisco.com> Date: Mon, 23 Oct 2006 12:00:38 -0400 (EDT) From: "Charles Clancy" To: "Pat Calhoun (pacalhou)" User-Agent: SquirrelMail/1.4.5 MIME-Version: 1.0 X-Priority: 3 (Normal) Importance: Normal X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes X-Spam-Status: No, hits=0.4 tagged_above=-999.0 required=7.0 tests=DNS_FROM_RFC_ABUSE X-Spam-Level: Cc: Behcet Sarikaya , capwap Subject: Re: [Capwap] CAPWAP for 802.11r X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 3a4bc66230659131057bb68ed51598f8 Unless PMK-R1s are preemptively distributed to WTPs to which a STA might roam (neighbor graphs, anyone?), you'll still have the WTP-AC latency for the WTP to request a PMK-R1 from the AC (R0KH). This would be about equal to the latency of having the AC validating Association Request packets. Does 11r let you proactively distribute PMK-R1s? I don't see any references in D3... all I see is the reactive distribution protocol. My understanding is that one of the reasons 11r is faster is because keys can be *reactively* transfered directly between APs without having to go through the AAA server. Unfortunately our main security association is with the AC, not the WTP, and inter-WTP communications is bad, so everything will have to go through the AC. -- t. charles clancy, ph.d. <> tcc@umd.edu <> www.cs.umd.edu/~clancy On Mon, October 23, 2006 10:28 am, Pat Calhoun $pacalhou$ wrote: > I agree with Charles - but I do believe there is a single issue. In the > case of local MAC, the IEEE 802.11 binding states that the WTP processes > the Association Request and then forwards it to the AC. The AC can > override the decision made by the WTP by sending a negative result > Association Response. > > When 802.11r, the local MAC WTP will not have the cryptographic keys > necessary to validate the Association Request, so it would *have* to > defer to the AC. The question is whether this is acceptable as it does > change the timing of the Association round trip. One alternative is to > push the PMK-R1 keys to the WTP to allow the WTP to perform its own > authentication of the management frame. > > Pat Calhoun > CTO, Wireless Networking Business Unit > Cisco Systems > > > >> -----Original Message----- >> From: Charles Clancy [mailto:clancy@cs.umd.edu] >> Sent: Thursday, October 19, 2006 12:27 PM >> To: Behcet Sarikaya >> Cc: capwap >> Subject: Re: [Capwap] CAPWAP for 802.11r >> >> Behcet, >> >> > My proposal is to use the key distribution protocol of >> 802.11r which >> > securely transports the keys. >> > Also no need for the context transfer which was what I had in mind. >> >> My point is that we don't need to distribute PMK-R1 keys >> since all authenticator functionality will reside at the AC >> regardless of the MAC splitting, so we therefore don't need a >> new key distribution protocol at all. >> >> Here's how I envision an 11r handoff: >> >> STA WTP1 WTP2 AC >> -------------------------------------------------- >> >> Initial authentication (as CAPWAP does now): >> >> <--- assoc -----> >> <-------------- open authentication -------------> >> <----------------- 1X/EAP authentication --------> >> (derives PMK-R0, PMK-R1) >> <--------------- four-way handshake -------------> >> (derives PTK) >> <---------- add mobile (PTK) ----- >> >> fast handoff: >> >> (AC and STA derive new PMK-R1') >> <------- FT / reassoc (PMK Name, MIC, etc) ------> >> (derives new PTK') >> <- add mobile (PTK') >> <---------- delete mobile -------- >> >> >> > Can you spare your ideas why that would not work in CAPWAP? >> >> I'm not sure to what you're referring. Using the >> yet-to-be-defined 11r key distribution protocol duplicates >> the add-mobile CAPWAP architecture for distributing keying >> material. Additionally, it violates the security restriction >> that keys from the PMK-level in the keying hierarchy MUST >> remain at the authenticator, which is the AC. >> >> > You're saying we only need the split MAC scenarios that I >> have in the >> > draft. >> >> I'm saying that CAPWAP can support 11r without any protocol >> changes. The only changes I can envision being necessary are >> perhaps capabilities flags indicating support for 11r, so ACs >> and WTPs know that each other supports 11r. All the 11r >> protocol processing would be implemented at the AC. The WTP >> would just have to know about the additional 802.11 messages, >> and know they should be forwarded to the AC. WTPs and ACs >> would also have to support AES-CMAC, which is defined in 11r. >> >> -- >> t. charles clancy, ph.d. | tcc@umd.edu | www.cs.umd.edu/~clancy >> >> _________________________________________________________________ >> To unsubscribe or modify your subscription options, please visit: >> http://lists.frascone.com/mailman/listinfo/capwap >> >> Archives: http://lists.frascone.com/pipermail/capwap >> > _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From bostj@fahnestock.com Mon Oct 23 12:13:35 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gc2Qh-0000uy-89 for capwap-archive@ietf.org; Mon, 23 Oct 2006 12:13:35 -0400 Received: from host138-82-dynamic.7-87-r.retail.telecomitalia.it ([87.7.82.138] helo=fahnestock.com) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1Gc2Qb-0006cR-LC for capwap-archive@ietf.org; Mon, 23 Oct 2006 12:13:35 -0400 Message-ID: <000001c6f6bd$c3b8fc50$eac3a8c0@fgyzerl> Reply-To: "Dominga Mccausland" From: "Dominga Mccausland" To: capwap-archive@ietf.org Subject: Re: VlbAGRA Date: Mon, 23 Oct 2006 09:10:31 -0700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C6F683.175A2450" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: 2.5 (++) X-Scan-Signature: e1e48a527f609d1be2bc8d8a70eb76cb This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C6F683.175A2450 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, GREAT VlbAGRA http://www.pisadesinjionkadesun.com =20 What is it? Your last request, Neuredan said. That and a cigarette. ------=_NextPart_000_0001_01C6F683.175A2450 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi,

www.pisadesinjionkade= sun.com

What is it?
Your last request, Neuredan said. That and a = cigarette.

------=_NextPart_000_0001_01C6F683.175A2450-- From Ines@angrybeaton.com Mon Oct 23 13:44:24 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gc3qa-0007GT-Sk for capwap-archive@ietf.org; Mon, 23 Oct 2006 13:44:24 -0400 Received: from h87-249-194-66-static.nysa.3play.net.pl ([87.249.194.66] helo=solid-snake.nysa.3play.net.pl) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1Gc3qK-0003Pm-Hp for capwap-archive@ietf.org; Mon, 23 Oct 2006 13:44:24 -0400 Message-ID: <001501c6f6db$9991fcb0$001023ac@solidsnake> From: Annmarie To: capwap-archive@ietf.org Subject: do the many Date: Mon, 23 Oct 2006 19:44:06 +0200 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0012_01C6F6DB.9991FCB0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 X-Antivirus: avast! (VPS 0643-1, 2006-10-23), Outbound message X-Antivirus-Status: Clean X-Spam-Score: 3.1 (+++) X-Scan-Signature: 5ba9b8496764663b12c333825fbf6b3d ------=_NextPart_000_0012_01C6F6DB.9991FCB0 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0013_01C6F6DB.9991FCB0" ------=_NextPart_001_0013_01C6F6DB.9991FCB0 Content-Type: text/plain; charset="windows-1250" Content-Transfer-Encoding: quoted-printable That which does not kill you, makes you stronger. Blood is thicker than wat= er. No pain, no gain. Possible Interpretation: If something is good for one= person, it is good for everyone; Worrying is like sitting in a rocking cha= ir. It gives you something to do but it doesn't get you anywhere First come, first served. Hope for the best, expect the worst. This could a= lso be read as, A friend in need is a friend in debt. Variant for slow risers: The early worm gets eaten by the birds. Nature, ti= me, and patience are three great physicians. Fine words butter no parsnips.= Tomorrow is another day. Fine feathers make fine birds. Good eating deserves good drinking. Time is = of the essence. One fly makes a summer. Mark Twain Possible Interpretation:= Those that are helped are not the best. Keep no more cats than catch mice.= Never, Never... allow anyone to persuade you to suspend your common sense. = Don't bite the hand that feeds you. God is a living God. The more you know,= the less you need. Possible Interpretation: Everybody needs other people. People who live in g= lass houses have to answer the door. Good men are scarce. The English are a= nation of shopkeepers (attributed to Napoleon) It takes two to make a quar= rel. ------=_NextPart_001_0013_01C6F6DB.9991FCB0 Content-Type: text/html; charset="windows-1250" Content-Transfer-Encoding: quoted-printable

NEW YORK (Reuters) -- W= arren Buffett's Berkshire Hathaway Inc. said Monday it has amassed a 1.97 m= illion share stake in Johnson & Johnson, and appears to have sold shares of= clothing retailer Gap Inc.
Layoffs loom -- how safe are you?
Broadco= m to stay on Qualcomm's case

Ernesto blamed = for knocking out power to more than 400,000 NASHVILLE, Tennessee (Court TV)= -- The father of a Nashville attorney on trial for killing his wife claims= he reburied his murdered daughter-in-law and disposed of evidence relating= to her killing. KANDAHAR, AFGHANISTAN: 14 dead in Afghanistan crash Ernest= o blamed for knocking out power to more than 400,000 WASHINGTON (CNN) -- Pr= esident Bush declared Lebanon a front in the "global war on terrorism" Mond= ay, equating the Israeli battle against Lebanon's Hezbollah guerrillas to t= he U.S.-led wars in Afghanistan and Iraq.

NASHVILLE, Tennessee (Court = TV) -- The father of a Nashville attorney on trial for killing his wife cla= ims he reburied his murdered daughter-in-law and disposed of evidence relat= ing to her killing. Lockheed beats Boeing for moon launcher ding women in c= orporate America. WASHINGTON (AP) -- The thwarted terrorist airline plot in= Britain is sparking a bitter new round of finger-pointing in Connecticut's= bruising Senate race. NEW YORK (Reuters) -- Wall Street bonuses will rise = 15 percent this year, with larger increases for investment bankers and equi= ties traders as merger activity surges and stocks rise, according to a stud= y released Monday. Latest job growth numbers: 'Just right'

NEW YORK (CM) -- Soft drink = and snack company PepsiCo Inc. announced Monday that chief financial office= r Indra Nooyi will take over from Chairman and CEO Steve Reinemund this Oct= ober. She becomes the first woman to hold the post and enters the list of l= ea At least five deaths blamed on Ernesto Hedge fund may boost McDonald's s= take WASHINGTON (AP) -- The thwarted terrorist airline plot in Britain is s= parking a bitter new round of finger-pointing in Connecticut's bruising Sen= ate race. Hedge fund may boost McDonald's stake EA scores touchdown with Ma= dden Hedge fund may boost McDonald's stake

COLOMBO, SRI LANKA: '100 Tig= ers dead' in sea battle FARGO, North Dakota (AP) -- Alfonso Rodriguez Jr. s= tabbed college student Dru Sjodin, slit her throat and left her to die, a f= ederal prosecutor told jurors Monday. ENGLAND: Top judge to rule on Diana d= eath Broadcom to stay on Qualcomm's case WASHINGTON (CNN) -- President Bush= declared Lebanon a front in the "global war on terrorism" Monday, equating= the Israeli battle against Lebanon's Hezbollah guerrillas to the U.S.-led = wars in Afghanistan and Iraq. At least five deaths blamed on Ernesto=

NEW YORK (Fortune) -- For th= e past decade, Honda has been out of step with most of its North American c= ompetitors - sometimes defiantly so. NASHVILLE, Tennessee (Court TV) -- The= father of a Nashville attorney on trial for killing his wife claims he reb= uried his murdered daughter-in-law and disposed of evidence relating to her= killing. NEW YORK (Reuters) -- Warren Buffett's Berkshire Hathaway Inc. sa= id Monday it has amassed a 1.97 million share stake in Johnson & Johnson, a= nd appears to have sold shares of clothing retailer Gap Inc. Latest job gro= wth numbers: 'Just right' COLOMBO, SRI LANKA: '100 Tigers dead' in sea batt= le More than 200 homes evacuated in Richmond, Virginia

Wealth gap between richest a= nd the average Joe grows 50% since the 1960s COLOMBO, SRI LANKA: '100 Tiger= s dead' in sea battle CHOWCHILLA, California (AP) -- Sara Jane Olson, the f= ormer Symbionese Liberation Army fugitive who became a Minnesota housewife = and is now serving prison time for trying to bomb police cars in the 1970s,= says she tries to hide her radical past from her fe WASHINGTON (AP) -- The= thwarted terrorist airline plot in Britain is sparking a bitter new round = of finger-pointing in Connecticut's bruising Senate race. Are you paid what= you're worth? Lions cut ties with former No. 2 pick Rogers

------=_NextPart_001_0013_01C6F6DB.9991FCB0-- ------=_NextPart_000_0012_01C6F6DB.9991FCB0 Content-Type: image/gif; name="ubxyrz_961.gif" Content-ID: <001501c6f6db$9991fcb0$001023ac@solidsnake> Content-Transfer-Encoding: base64 R0lGODlhVgGXAYQAABEOH////yL///8AAAAi/wAA/xH//0RE//8i//8R//8A//8z/6qq/wAA ZgCZADMzM2WmoI4i7jOZAOa/wFVHKKu1uFWfOP9ERP9mZu6ZAP//AP//Iv//Ef//M+7uAAB3 VSH5BAABAAAALAAAAABWAZcBAAX/YCCOZGmeaKqubOu+cCzPdG3feK7vfO//wODMISwaj8ik cslsOp/QqHRKrVqvWFEhy+16v+DpNkwum8/otHrNbrvf8Lh8Tq/b7/i8fs/v+/+AgYKDhIWG h4iJiouMjY6PkAENkZSVlpeYmZqbnJ2en6ChoqOki0SlqKmqeQerrq+wsbKztLW2t7i5uru8 vb6/wMHCw8R6AsXIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t/g4eLj5OXm5+jp6uvs7e6/Cu/w 8vP0vPH2u/iNp/lF+/5wAQxYayDBgwgTljmmsKHDhxBpLYhIsSILAxYzzkigsaPHQAM+ihxJ sqQ8ACY9/6FM2WklS00uX2aKKdMSzZqVbuJcMWmnz59AgwodSrSo0aNIkypdyrSp06dQo9Zh ILVqCapWs2rdyrWr169gw4odS7as2bNoWfZDEjKt27dw436KIFcN3bpn7uI1o3dvmL5+wQAO 3GUw4cNpGCJezFgk1saQI0ueTLmy5cuYM2vezLmz58+gQ4seTbq06dOoU6tezbq15bauY8ue Tbu25Va2c+vezbu379/AgwsfTtw0guLIkytfzrwTgebQo0ufTr26dU5rr2vfzr374THew0Oa GI0Cc/PKKaBPvp49a/I32osnpni+/fv48+vfz7+///8AyvJYNQMGaOCBCCao4P+CDDbo4IMQ BtKTWBNGaOGFGHpxnHjZZejhhyCGKKIgsKlQ4oi+TACdisyx2OKKvnGE4ow01mjjHRIwl6OO PPao3I7LAYnHc1kJmZyRxSGZ5I1MNunkkyJ2COWUVEKxYZWEVYjlllx26eWXYIY5xYlqXCnm mWimyYyUarbp5pssaQnnnHTWaeedeOap55589unnn5bUB+g5ZA5q6KGIJqrooow26ihjD0AX KXOTLleppc1dmpymm2b66KfkCNoHm6AiBp4Mp5aq6qpNpMrqq5UUCisVuM1q66245nqdjLp+ KCtaELBRoFnBMlessdAdexaRayibnLPPJtvrtCj+Su0otdim4uoZvGbr7bcXigruuDqY2aC4 WaD7JrPkthtKre7Gmwt88poWAgAh+QQAOKUAACwAAAAAVgGXAQAF/2AgjmRpnmiqrmzrvnAs z3Rt33iu73zv45yfcEgsGo9FBHLJbDqf0Kh0SkxQUYtrU6ntwoLesHhMLpvP6LR6zW673/C4 /Gad2+/4vH7P7/vXYH+Cg4SFJRCGiYqLjI2Oj5CRkpOUlZaXmJmam2OInJ+gOAqYBKGmp6ip qj+BAZ6rsLGWBrI6GrW4ubq7vL2+v5QbS6/AxcYnxMd5tLbKzs/QgnXRaREi1iMTEAUFFRMB 3ODc4+Ii4SPjBRHf5xAH3yTY2CLa3N7l6eHn5+bj6+Wu3pWQR6JeN3YFxKUDyE+hOoQi3MEb QTDbtoP48jFMiM4fxIATr4m0k0XKBAYBTv9m65ZSHcCX+zj2a2ktXIUCIVOiVEmP5QSX/IJy bBjuZ82EN3Oq5NmyAk2YMmOSKAoUKc4SS1H2dGoUaseZX7vavFpwp1ZZ+WRuyyn068uN4m46 naoxIlm3Xt9KtceS7kK7bKMKBgtWX7e+Hf+6uku4rd6hCfnOTUwOV0XCeIUqLid23GSKIzE3 FryZ6lF7Ji6/HU2ZaMLOqAeGXp3Xoeun6T6PnMdC2CbVMSMPLizT4T9u7ngH6AAcsvDMkP0+ FJc89ezgtaVSPl6guuwAvLE7hrsdofd4s2OlHbF25njtorlNSCqdX/uM0DE3FDef8XrA7g1H Xnw40deaWmQZlt//YyXIZ2A/m8HCwDcTFuSTgqzht98+xFRY4UpcYZiXghsO1SGFIf0U4nMZ klgcQycG8OFWLbE44nMlmnNiAjPKoho9F0Hw0Y340SXCgz+mFOSQjrnYIEdIpqckckwO56SR AUQJngkGCZlddCKCpaVy0XRAzZlopmnCNGq26eabcMZZi2/GlCRnIgKQdKchzOzp55+ABiqC nSVwIeihiCaq6KKMNlrCKI5GKumktSRD6aWYZtqHmZp2akqfhBBqAqeelmrIBBMMMACqAaja gaqwDtCqrLOSECsG36hKzwUT6YqqqqyOECuvtWKFwQC4BnDsN6nCg6yuuhb766ohRQst/6zJ FnRsttbSKkK3s8KaTbTKeotss/SsKiy2ubJrLLATpWousCmJe2u85EY7Lavg7tuuHeimikGx BIO7br0D+6ruwcsKbCutA1xAcLrMUqtuwKte+y/GAx9cq8IdU1xvu/96fC1WsMKDccXfViur w9aGPDLC6dIbbsUnO1yvzQpXnLC6ujaM7MRwoPuwx8WSm7SswC58sM0lWFvyuML+6vPIGtdq tAngGpxu1bNOvTTRzaprwMotpxo1xEyzXZDT4xqtarITHNv2t7SW7ezLcIf9MdwYyAyH0ngj PQAAsR4Nc8pr18trTrcWfnTh0JZ9N7wno9A13zLn2/a0DyceK/+tF0gcsbADH5tN4JBzrvXQ SJNQeqsSh820vK93PPvpf3NtMd+P05PTG93eLfnYIyA+N8kXCK7vBBfADTLRnmPdKroa4178 5NcuP/nfoJtsvMhGLwv78et6f+/3cc/ctOXhnjsz9sbb+7vw0TM7PA10OjEBAHsr2LzQRzjM uaxx4iObuXDGwN7hTm7eGhvhqNay10Vwc2+LlcoydkAEHgx6KeqbvBjXvd5lkIR8C6DCIkg0 OWBsfNXrXQEhdkChdY6GCqxYA+X1rxXOT2nNoh8K0ObDBCptYUYbYQfZVywM1I58Q0Mi0FJo QrC5j4ra45usbNjCN/hLgEYcn+S25iv/HrpMfaOjx7Z6lTcMSsuMBYHjBFcnP+RJrnvvM9wM fYfAraXEjGS8mxCB6LTMfbFfcmShqRSVp0XCAVKO9AObVtDISFrSDKAqhKUuyclOyqJ/f2iF J0e5A1DGoJKkTOUwVCkJSLJSURnIwCsFJctZooFUioilLQFVy13uqZe+hJMSdBnMOwGzmKuY JDKXycxFiaqZWKmABCRggXuIYJorwKYLtEkCbU7zm980ATevKYFsllOc5xynDSoAgWla8wzg vKYK5jPNak7Em+AMZwDUqc59grOaIxjnBKg5vHP6s59dkGY+JQAPhHbToCzoJz4Xis4SODSg EMUoOXOgUHDu/y8M4IQAOyugmyMtlKEbPWg+U6pRiy50LtwcqAVyIlKROiWeYxioBOaiDQl4 4qIsjWhG/enSFPBzqEWt6A5kCo92bhKkBnXqCXTKU6kS9aFJbSlWTWqBlDIVGT7dqhik+Rlt NNSgPfUSOSdgAYACaZpqlWhGL3pUi/j0ngatQFt1mtJppnUiehVSP9sZErUq6a4YZauQFHtW ts7Uroj1519dYdCwbpWdrigpWQsS17l6NqtavSo2v2oCzIo0tF6wAFJbqtNvntWjEQlpUGdL 15Oes7V+9SpFRZtPT7RWtUO9KG5RqlKffvOn+WyqbIsbVmkya6egTYFqVVDXh55Uqf9Zsqxf 3QkDoEqBmyu9ajudIk3kktey2cAndmdr3d2ON7vIje1500lfrmjzvQpd7yGgW15y3nSnfPXn eZMRYO7ydaDnzYl3WRre6mL0ui7NJ0zrqdqPnmDBUJguOfWp3r5WFq3s7LBY2YtaEXcYvPRl cIrZW9uWnnjFV01JiGHsza5qeMTS/TCHP4tjuR53MvWk51MvvFoqbHarJqbxbQEs4hIXuboo 9rCLlaxiExCWBJ2dspRjrE0EF/jDsR2opTB8ZC33mMc4TmyYt1nkKVCVHvkVL3+1O2fkoqrJ tH0yj/FLZ/lmd8VRpux8uUTQ2HqCz/HlrX/hu9Yvt7S80I3/7hC5K2M8O5jFq40pNdmcg0zq oKPfdGuXk7th18a2njB2slF5PNyz0mO3STYpXMcJBlDnNiWkVjRvYUtZVFcZ17dOMwpsTc0J RxfKqR5xmanbZirQ06efialT8erYeE0bunKVtKrfatiY7lWbFKAyPSwg2NXO+J2H7Tag6Vtt uwr2v1rVp7aHqNDTbnvbeEZthYWqqdzKFAkYZoFV582HgJvA025qJzhLKgSDq+DK6HS4G3Ca KYW69QgSv/DFI9zsOVA8GqLUg6GgSXJAhbzkKE+5yldeBFyy/OUwnwQqY05zZI58F0OuOaWU qXNVBOHmPQ96LHKeBp63wOWCArrQ/5fO9Dl0tem7eDrUHXFBWwkrfYn7VlutzvW1VX100Ipa 6ESXxq7H74Jl97rZWyV2s4vr6lxPO9zZvvZw+W5eqlJe+saO97eD/QRvx5u55DD4wbOdhYgf gdQT33a6O/7xjG/84x3PtLlTfgWGnxjiB/ituR+x85avPOgnf3nPS770kB/92iMPMbgrkg2F H73oQ1+Cp0de9XSvuuVJn/quz57xr9996zN/PGu1/fe4j73sT996t69e9c1nfgoUGf0w3KIF w1/+7RXZ1dvzvvfJB/zzO0/83KsA+Kgn/wJEj37Dsz711D/++cev+9d7v+7VJ97lo6973IvA AmDHesYXev9/xzV8l3n5xzZZJ3ygl4CHZ34iEATNN4HyB33iF3fzx4Bnp4B+J3fMV35ugHwc 2H/f533oR3u2okz9h3Z+V4Ga44KzR34POHn8B4Gut4C8d4IvqIH1d4Hf5382ODj7t3wo6HrS h4FFCIQkiIDh94M0qH1iV3kOOIRPmH7254IWyINIKHnB14VA2AY6SISm14S+l4T3B35BOINi uINWeIJMCH3VN4UlWIQmOIYNWAJmQoIa6IRF8Ew3EIbpJ3jjp3ZmeHpZeHWJJ3cFSIhkeIeQ 93lxt4DvpzkTFHi7Z3dY13cDKHySmC9T94mgGIqiOIqkaApGV4ppQHTRoIqdxIr/qCgJ1+cK qGhKk4BwsviKp+CKuCgJuriLkQABvegDsQgoruQMwahyfogKx+iLzBgHw3gDxdiM0jiN1FiN nOQA1lgD7OQADoBuPKANJcCN3GhYI8CNNKANDqBWEJCOVsaO2WCOASCO2PiKE9CNKeGOPgCP 5YiN9biMKSAkDgCOFRCQ9jgCA1mPk7GO/FiQlUCLOBeQ4TiP5jiOiECRR8KNc4GRDjBT8kgC 8DiR6ViR87iOajWQBamP8ViP7IGN+OgKLOkJJGWOA8lwfOCQvWCT+2gCH8mSEBmPPXmQ/eiT qLKRPhmR9yiS8CCTBIkIQMmOKGmSGcmTHimVsmiO67hX/7iIkiKwk0W5lfPokx3JlVopj16i jyA5lR15AiYpkl3plUVZlth4Wi1JiuuYE2L5lWb5lW5ZlGOpl215ljnJAgQZABbwkiRQmPEo kmnZlqU4k0dJmAFZj1TZljMZlHdplFOZkwfJjpXplHoJkAJJkE6hlAiZmXU5lyeQjDSHjunI LIVpkn+pl2u5l+bIVgzZlzmJjiU5jnsJJK0ZEe4IjyRplLppYdm4Bn5pBP7oAzhZc894nNBJ As0ZndRZBkpXnYmQnM+5B6pJKYupk8mpAvKolSkQjVjxVMXplSg5nuoZnjuAdJbQnYxQmuLp nvXJA+QZEfUIjvRZWvbYnzgwc/8155hcso6wiY4zVZePmZm++VgWiY6wmSUYCZaTmZJfSaAk cAsKiqF2kHPwqQnLiQNX+VhYFplW+Q0bWZoHiZmugKJdxY3w0JTY2JRsyZhQCZxYWRDuOKIW FqI0J5fJwJVZopCEiQgQIHWBeSREmpduOZ4VWgKzCaRQWpBSSp0gSZVWSZAzKprguZKSGZtN 6pf5WY4qmaTAaZf2OQQCGkynmQwyKpQ7GZ55+aX6eJCw2Zk1ipKgaaRL2ZWIeaaoOY3pyVnd WJuFOo8DuUn6iJCAqSSHepHuaJsR6ptekp5C6qjk6AcfWioKagNuFagtkKbY+QPjaJwuwJqZ Oqqquqr/lrSprPqqS0eWpmoS6OkJY9oCqMosPooC8kiixfSRuzoEY3qrMFCXlimqNPCRSOpL QnqjwLmbJ5mOGxmTDiqt1TSQJOqsGsmR4uio3AqY2lqo1TqVExGWIQmpUYmtuvqogemZXqmg QTkJrTCdbmCoTGmi9xqUTTmaEAmj8fii/dqvXUWjQlmPAKuf/9qVpFmaMGqwNjqtSSmRP2mi /DqUA2uiekmWtMmlK9pJskqhjaqwWCqxIhum5hqmBrmkJHuZjFkQemWPl8qygLmeC5mn2Ehu rrCsiHKKgjmj48qgG1uyfEmyQ4uZgHmaI1uyl8qrSRu0MpuxK0uym0mTiySc/xfrDZzZp/sq tDMrtd14rCgLp0m7tSx7pmBLmRRbsnZKs1uJCIU5lBKLrJ4CjyrKm5gaoxPKtU0Lj7NZspLK qPz4mnybt2XrqL8pqU9JuCQLoTRbqikhuIgKqrAqBp+6jJ06uWeQqzHguGgQrIviuZjbuaFr CKArJ9dJCRSQuiNAAavLuiKguq/ruifgurIbA6zLuqULA7X7uimwu0snu7BLuwEgvMJrArfr uy5Qu7qIvCXAvCTgvNDLArvrvL50u6vLu8ObvdlbvNrLu76burSrusErvhAAu7ELvMcbvuc7 vOO7vuC7ve87veJrvuP7vuvLvucLvvY7S8VrvduLvf/de73N673YW7yIML0E/L/a678MnMAN fL21G8EOvMADTMH9C8CsdMHE6736C8EV/MAGHMAW7MDxS8LiO8Hs67+tW8AjLMLhe8IULMKp pMEo7MIq3MIXXL4uPMHci8PPy8MJPMAbrMAIHMAXLMOk9ML3u787LL/cS7+ucLzPS7/qm8IW rMTEa70dHMHBW8D9y8Xuy8JIzHTUm7yjiwZl3AJpPALy+Ym2mAau2pB6kLtnHBFeQMfsUcda gMeiyLNzrMeCwMe/cHKLJMi4sKY+8MaAvMizZMiM/MjWaJ5r4MeQPAZtfAVx7IuXXMmc3Mle cLpNsMn0CsiELAKSHAWOLAb/p1xMihyKAPDKyRMArzzLskwCAGDLs3zLspzLtYzLtBzLvqzL uSzMv5w8vLzLvzzMtrzMsXzLuiwCz1zMwAzNyCzNz1zLx0wFrQwL0UzN3tzL3wzO2FwC1yzO zTzN48zM4XzNzrzM5UzN3ezNzhzP8WzM5zzN7QzN7OxI5ZzP4LzP6OzP4WzO8IzOA/3OAS3O An3PvdzN+bzQ+yzM5izRFG0CCH0pCF3Pw8zOx6zM/ZzNAg3LxpzMGe3RHQ3S/7zL51zRKfDQ 1ezSEq3SlhTNsKzR6tzQBt3PFp3TMW3ROn3P9YzP+pzSFU3TAN3OOu3QuBxJSS3UCS3P5BzV 5JzN/+6sAgBd0FA91ckMzDA90cyM1FGt1FK9SPTs1OvM1WN90GFd1Td91emM0zf91iwt00H9 zwvt1Qo90yKd0med0CZNyx4t1SdN0nutz1vdzLzc1CutztJ81sqM19U80J4cnRtd2ZZ92Zid 2Zq92Zzd2Z792aDN2ZM92qRtBNtZ2qid2qpNCafNC6m82lTw2nci27CNB6tc27htApv8yKCc 22Ewyr7tJtsMBbQd3MZ93MjtBFSb3CjQAM7dACIA3SYg3dI9A3MB3c/t3NOt3TmA3dENA9UN 3tktBc99A9Td3CqQ3eHdAue9CNXt3dONA9c9Auv93fZt3gFQ3+w9A/rtBP/vbQPtHQP9vd/5 HQa33d30XeD5rd3ljd3lreAF7uDcnSUQXt/6/eDjHd3c/d/jLeHvDd/fneEL3t8WvuEK/uAj Tt8TjuIoft8hfuImft8dvuAl4OE1vt0B7t0zPuGEwOEVfuI/zuHwXd0V8N83fuQRnuA+/uLn veQ8DuJQfgIZLuQyHuRKfuUufuE5DuRNruFZ/uMqHuNJHuLtLeaDMOUazuAvvuZjHuBgTgIW juUwnuBMzuZRfuWIAOLoDedyrt5enuYMPuVxnuZv3uVDXuV9zueKPuaMvuWFsN5R3uV2DuQQ /uZ0vuh3bt8+LumNzudLngKQnuhS7uKVvuiknun/hk7pRj7pl17ln+7oPX7j1H3oTn7olb7q mG7lkz7rba7rT67rpX7qot7pr27pYL7qyE7nuJ7ppV7rx97qTlDKPhDqNO7gnV7tqp7rUr7i Yj7rH57kam7kai7qLG7qhH7r3P7h6h7mASBK5c7ul/7ty27pJS7vFc7saNLbQjDgzN0EIg51 u61KmdzvBF/wBi/e/A7qLhDeDG/r8Q0FDI/kez7xgD4Eg84CHt7wPI4EOh7sbIDrCx/yrO7m 5s4EDa/iK8Dv1O7xCF7yCk/qxm4EHZ/wK3DgRBDq4m7igs7pXE7m4Y7zLK7z557iQx/06I7y RN/xMC7hpu7tPr/uI27v//CO4bcO7ccu9ESf9Bge9KlO82WA84ke41Su6LQ+51Vf7N0O7JH+ 53Ue6ZL+6V9O5Zy+9jRO9kq+8hfv9q4e9nyv9G8A9pre4Mo+47J+5Q4f8XB/71u/4eo+7mff 5oLP9n6+8hFO+GUe+deu7HIe7zju7Y5f92of5DvO6G7A63R/7ZS/670e95tv7PPe7K0+86FP 8pSv59mO9tC+5Xn/8Ln/8LjP5m0vB+Lu5aav+cDf+6v/+Kq/99i+/L/e882f/LY//Gv+9nS/ 8TmOALsv8aG//MTe+nYQ+eMe7khP9byv6dGP+IPv5kbv9EWv52VO/M+u9XDe4uZ/+ag//VPP +/8Xv//wDgJBMwZiaTZnKpKoe8KxPNO1feO5vvO9/wODwiGxaDwik8ols+n8JZ7SKbVqvWKx hiy36/2Cw+IxuWw+o5/bNLOzVLDj8jk9Nmqt7KV8MHVvwdwZ+e3x8O386TRA3CTOEAYGJh4e RtoBGhoKPtZlFlaaDKpwFhJB9oDi5KXq2fCBwsqsIraGeua8knbijq4I/rLg9QZTjtZK+m4G l6IAO7LYNgMq1yavkmxSR6sIJ2/b+vm+YFsOl2YT73WXI59PY3bOnkLOg0OLG39Xypu/uIjz g9avnqyB9vBtw8SP3j5unwR6y/dwYrNzvfblehjwWxBGVBxZo3fQHEL/e8eYEZw2DKBBg6zU CXOXD54klP8k2tQ4k52/kCb/nJJ1jRxQdbt41mNJUWS0WSdHMgu1cKlJqi8TSizJ0WXPgjYJ NjWaVIUCp8VcjUx1NU2xFQBEBiQntVwsq1zvzY2ba2PdnfzKZo00NSLdlcbgmRWr2CLFwN6S Ioha5yxRQmYtM84pdGhOZUTxXg572ankZTCNmkbGeZyfKIV1OsTIUCpm1Og2X2O9+mgV13HW 8g4ufPiYZ8SPI0+ufDnz5p08Oo8ufXrwD9SvY89ewrr27sVVA2+izYdWnJeocUe79TR5Veu9 78r4hfSP8rxkpFfPir4i9+Hhc5GNZ0HJNtGA/7sdeFJt6DAylGVtabPPBwg9WJmCP3UjIEtB OREZgLeMJRBMFEJ0V1f0wUKiUrOJlhU61iWFT0yShVjRXJ8o9aEZk7RE40AgORiOgF4tQ9qG N6JYVULc1UgiTikB406U/uj4nV1RndUVKVleKNhON8noWGCBMAnVjWGBZqJWG1UpxmMkyfeV X2oq+dNOAlTlZCEAjHlCerMl5iNjcsl1Joc1wNFmFp/JFCd7r7yDYKSPqMSNfLklmSQME77T E1iW0hbqPNbIqaipp6KaqqqrstpqHBq4GusXeMpaq6234pqrrt1tsKuvvwIbrLDDUuEGscci m6yyxC6w7HEcOButtP/TUluttddi24lvzkJrBADfghuuuOOSW6654GbrBazpagcduzqsAWyv 79Jbr7334hvtBBA88EAFEwTQb8D9EjxwCQKfQPADEACMMAQUAHzwAwHs2y/DMVTsb8QB8Dux xAYbLDDCCGf8LwwEAzxBwQFUwO/FAz+QcsEKTzxyzTSDLHK/MuucbxEqV0DxwiATbfPJE6vM iMAVxHw0xzEnDQPQQnuk8s4f9xt0z1kbPAEFQUedMNdMCzw10w2PPbPHEmu9NsI53+wvy2r7 TAS/G3+cN9xOh+yv3E5fLcPdMjBdONZDb434xIPPYHHQLQvMb8JKL/x4x0QPTLnYm/cNgeX/ kbtba+hkvM150ThvHrXCQTvN9Nd4Y34CBRQETHvf/yaO+801ZF0z2acPzHTAv+OctdWmG937 8EuzXncQNu+ut9FiW4z2w6GTXAEFf+dd8AQABD24zhMQfzP5PcN8NNAxo9/3+seXvvPv0ns8 vt/HV9C88z+cfTjy9a8tdvJrmun0NreILY1mbTPY5Xp2ubPBIX5xY6DbNEc3CT7NbRr0H932 N4SpRaB9b0te9Dg3tM3dLWwlmBr8WKe63ZXPYL9jIQYNVza59S+BC6zhCNd2tqnpsG9MSFS2 Soa2/3EwgCDr38cy9rITGNFwSZwiyIzYOrmRzGUInJgN44a+HkKR/2wmC2L7gkBE3sTLg2pc Ixvb6MY3wjGOcswBrWK1rjni0VpWLB7qTgC5l03vcAo7Wr8gBjOdreyPW6zeIQOISLo5EW80 85gi/ajFGJTuBJeT2CD5mEcoyu2FMsik0B7XNK5h0IDdo10qV4jDU9ZPc6Pc4MdSeEK+lfKA uWSiKoUWOPrhcn/dsgHjCthLyR2McrIEJibrt8ACIjNgsiwjEkuQv4HBDpfRHNo23UXKwnEP eJocnRxJ2UdzbtB4rUSnxTj5yBL27IUry9sCvvmA1zVug1EQoSOVGIDZ1Q6XOLvmJ+FWQmMC b4D9ROgNl4k5MCrsYqQUJ8a0F05mCtGAmf+cWjHB6Ef94ZGJ1Izd0yZHwYX2koTB7KYMDTlR j9IAnZqsYEmTGcy5ra6aBcVYKEdKSrPBEqcC9efIHFo6oB6RY6z0J0VnOgEVmg6puySgKv+m QpiSdI57HGQvKXbJvemUegtDWweh+FWS+Y2rGDUrI5spta96dazNXB33YOrJnS7hjnhFQ7P2 6te/AtY7acRVX3dKzsAiNrGKDcMmD8m6nGKsY2P04hf7ydVKgpJ1/cMsCdvqTgh4YKYa5Jpo xfpEa54VgITkGSVTq0rMskyyZJ2nACp2MdsmNVdWIyAZuRhOGi7TozJ1pSnxJrzhTTWpX/Rm LF0ZuCD6krfNzaz/LlFpWVPesLjBw5xUgYvQ7UlzbgGdqKzA+djmFhUGxcRoIE3H0pPlz2Ms VelDVTs3Kab3vn9r73wVdzTPxTZyNG1n6Vi6XoRGlZuHjRVA79m96LVSp5OcZVhjC+CEqrah Tgtbg203vQ438ZYY1t3RhJfWER8PieQlrxQDyjKQ1oqjQc1oKssqXKLSkqQeFUBlD3naiMos fDPO7tNm++N0xmx+EnsfP7GpZAzHlKkqs13CHgfj8iowZ9N0l0jhScvh1jS8bi1Bf/2nPUly 0ZBkI9gzh7Zm67LMkDM1qYAXSrcyNzbM3KTqTalGYV3Byqr+7eJ9pdZTL5sQx9TlZYK1//tD LMqXyiB7GHL9TEYX+lephtZuAhdKaKl2etO6NNxV/UlQMrPvmbiqa9y+xklXR9Z4FG2vAXGb z7fKlWJiTOrU8jZlVsPM1S1G35RxDUj7fozQcT22Km29QtkylM1xnexiq23ta2NbDNvKNre7 7W0fDPMK4f42uctt7nNnZ8HoDk4dl3PGahlr3fBRNxs8JO9741ta9s43v73T7n4D3Nq9infA C25wHMzr4Ap33mA7UdiFA2jcsopACShu1gIUwGQYDwDGO14Ajn8c5DDweAQAtnGOHQB2Frf4 szGu8Y97fOMnP3kJSG7ykEMg5SWg1crf6vKbg9zjIh96ADZg8/+h51zlFfd5xoEec5iHnOZB L0DJka5zGPR8WBNgAMW4vsKMU4zqRKf5zENe849PQOwbr0ABYLf1rkMR7Gmn+MahRfaom13k cxc5293O9bd/HWxqN/vdzz5ytA+eZW3H2N+9HnbB053wkjf8CTa+97UvXmqNH9bTNZn5yk+e 8lIvO8jZDtLOk/nzlB873g9veJeD/fBCTz3sCi/6vJMe9qePuedrH/qhj771uo8B6oWV9dWD Pvlnn73hL99xGB+f6MpnPfP1PniXyyD6Ul/93atv+evHHutLn/70u99x1zsf+zGIfrC0j3eo l7/1oMd41TGec5afwP3LZ73yg0//m9//X/aN3+3BH/fJ3/JRHQAeAP6NH/6VXQHyn/Qdnf0t oAAGAAP+SvFBQObJ3O+RHvmBHPmongZyIATaXvARX9v1neydH+29ngceoPSF4ArOXwtyTAlG IPDhXt7N4AjynrAwAMAEodTIXQfG3wvK4My5yxAOYdwJngmGnhFunxLCABPiTdo9YQ7mHgSK 3hIK4RUWIRT2H/xNYdR5YQA0ofEN4MUVwMXYng6KXBla0+exn1fZH9AZIBLKoeJtTB3uyx1q ofBx4dDR4AWuYcu1IR5GoBTy4MkVYh0CwbtB3CR6Ab15myQmy79R4iYanCVyIrF4IrI83MGF 4hFs2ydiRym2Y8q+oSINqGIr7sorwqKuyOIs3kot6gguKsEoJpYuFkHD2WIwCuN0YOItDuMx ImMycpsmIkExKuMJMCOrSNwzdlvCUeM1YuNxEFw2AtwpcuM3gmO1WOO6sWI4muM5omM6MkEI AAAh+QQABQAAACwAAAAAVgGXAQAF/2AgjmRpnmiqrmzrvnAsz3Rt33iu73zv/8CgcEgsGo/I pHLJbDqf0Kh0Sq1ar9isdsvter/gsHhMLpvP6LR6zW673/C4fE6v2+/4nCHP7/v/gIGCg4SF hoeIiYqLjI2Oj5CRkpOUlZaXmJmaLwibnp+goaKjpKWmp6ipqqusra6vsE8DsVAJtLe4RHtN BLm+pba/wsPExcbHyMnKy8zNzs/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7/Dx 8vP09fb3+IIM+fz9/v8AAwocSPDFrIIIE1Y5oLChw4cQI0qcSLGixYsYM2rcyLGjR3oNPooc SZLirpIoU/+qXMkSzcGWMBbAnEmzpk1wL2+WCKazp8+fQIMKHUq0qNGjSJMqXcq0qdOnUKMq zCm1qtVyMq9qFUIVaK+tYMOKLahgrNmzaNOqXcu2rdu3RQvAnUu3rt27eO99NcMzr9+/gAML HuymL+HDiBMrlgOhsePGi8GEJLk3suXLmDNr3sy5c47KnkOLHk1asIDSqFNHy6q6tWt5+17L no0GNO3buOc82M37Qe7fwIPfiy28+OBOxpMrX86cNOvmcw1Dn069uvXr2LMnI669u/fv4MOL H0++vPnz6NOrX8++vfv38OPLn08/L/f6+PPr388fD4X/FABHgQMEAlfgKif9I0Hufww26CAy AEQooWoSRvjgR/cxN9mFHHbo4YewTCCiiK6NOAGIKKao4oostujiizDeZRtAXcVo442NRBAB bTruyCNeyOEoZDkJDmnkkUgmqeSSTDbpZD6nPSllhzP6EeSUWGap5ZZcHlZkl8pcCeaYZJZp 5pnwbPiOmGi2OVKNbsZ5EZty1mnnnXjmqeeeVpVViJp8BvoRQ4IWauihiCaq6KKMNupoKFHi 6Gcucj0qhHSUEHoLppZ26umnoIYq6qiklmrqqaimylKGqrbq6qvdcQrrrLTWCkal5rBq667+ aMrrr8DKp2uwxBZr7CkhAAAh+QQAAQAAACwAAAAAVgGXAQAF/2AgjmRpnmiqrmzrvnAsz3Rt 33iu73zv/4afcJgTEI/IpHLJbDqfuiB0Sq1ar9isdsvter/gsHhMLpvP6HQ6oW673/C4fE6v 23mDu37P7/v/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6hZDams ra6vsLFCbLK1tre4ubq7vL2WtL7BmRNTDMLHIsTIy0/KzM9KztDTQ9LU1zzW2Ns42tzfMt7g 4y3i5Oco5ugBq+uawO7x8vP09fb3+Pn6+/z9cXn+AgocSHCQlIIqFiBcyLChw4cQI0qcSLGi xYstjGHcyLGjx48gQ4ocSbKkyZMoU/+qXMmyJbaDLmPKnEmzps2bOHNGUqCzp8+fV+ABHUq0 6BGhRpMqXcq0qdOnUF8BjEq1qtWrWLNq3WJkq9evYMOKHUu2rNmzaNOqXcu2rdu3cOPK5Vdg biukdvPq3csXEIS+YP4C9iJ4MJfChnFMxYE48ZXGjq1AjkxlMmUoli87yayZCefOoEOPwyu6 tOnTqFOfI626dTwCrmPLnk27tu3bYtrh3s27Bcy4GnEoXPtbNGuUsHsz7Kq8uXPNi59Ln069 uvXr2LNrt8Fzu/fvhZKDH0++vPnz6NOrXxl9vfv38OPLn0+/vv37+PPr38+/v///AAYo4ICz FZcLBe4hKJD/BG4gEIiCATG4DYT9SIgNhRVygyE/Fl6z4T4dUvNhPiGKSOCJKKYYQATqsdji i+m5iJ6MM6po44045kiQgTr26OOPQAYpZHoPrFckkUaqd+QywSG05HlPDinllFoNR+WVWGYp yHFadnmKg16ax9wmXIZp5plopqnmmmy26eabcMbZVl1y1mnnnXg+48B6e6rXp598BgqooHkW amhWZR6q6KKMNuroo5BGKumklFZq6aWYZhpIk5p26umnoDJEZ0Vghmrqqaiuw2OqrLbqKoHt vSoro6vOauutuOaqq6Gl7urrr8AGK6wm3a0p3rBZ1Yosq8oua0OzztIHgHrTplctNnrXmgdA tuVx2y214EYr7rjk4nRAueimq26qY1Z17rrwutZuvPTWa+9NVt6r7778YjdqvwuFAAA7 ------=_NextPart_000_0012_01C6F6DB.9991FCB0-- From ykpjydsjkzt@redengine.com Mon Oct 23 16:58:41 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gc6sb-0001mW-AU for capwap-archive@ietf.org; Mon, 23 Oct 2006 16:58:41 -0400 Received: from [63.245.23.253] (helo=[63.245.23.253]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gc6s5-0007op-VE for capwap-archive@ietf.org; Mon, 23 Oct 2006 16:58:41 -0400 Message-ID: <000901c6f6e6$d165ab90$fd17f53f@HILDA> From: "Troch NYCJust" To: capwap-archive@ietf.org Subject: Seenjudith hansen Minnesota lot. Date: Mon, 23 Oct 2006 15:04:24 -0600 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0005_01C6F6B4.86CB3B90" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 X-Spam-Score: 1.6 (+) X-Scan-Signature: dd887a8966a4c4c217a52303814d0b5f ------=_NextPart_000_0005_01C6F6B4.86CB3B90 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0006_01C6F6B4.86CB3B90" ------=_NextPart_001_0006_01C6F6B4.86CB3B90 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Known pseudonym a Atrios or Glenn Reynolds kos Alex Steffen ana Marie am = cox Wonkette Hugh Hewitt direction or adding reach old important Tsunami = Medecins Sans. Handy resource designing is serve along lesson supplies tests assessing = Passage of enjoyable read havent pleasure of meeting thing days sum. Jitsu a ten bjj la Clippers mlb Monkey bar Gymnasium vp Lifeline = Usafitness in Madison wi difference in truth teaches lives words of = stuff sound important. Figure Skating Freestyle Ladies of men or Gymnastics Halls is Fame = Handball Hang Gliding Hiking Ball Field Inline Horseshoe Jiujitsu Judo! Billiards Bobsleigh Body Building or Five pin Broomball Coaching Cross = Country Skiing. Staff am Frank Nunez Miami initiating in regiment Lyle w Honolulu hi = point advice Kbells Pavelizer a boring weight. Yone suprised guys Rkcsam = Twito Northfield Mnyou planrated contains exact a kbs living near or = correctly fear ignorance dispenses wisdom insisting in benchmarks in = achieved taken feels. Wiki goes Marlow c or Conference Orleans la Fickling David a killed tv = star Newsblog Bonnie sky a gets? Cemented a source Howard Dean Wesley Clark Meanwhile number experts = blogged making am indepth of. Benchmarks or achieved of taken feels concerned repetitive of rear ugly = head fills or? ------=_NextPart_001_0006_01C6F6B4.86CB3B90 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Known pseudonym a Atrios or Glenn = Reynolds kos Alex=20 Steffen ana Marie am cox Wonkette Hugh Hewitt direction or adding reach = old=20 important Tsunami Medecins Sans.
Handy resource designing is serve = along=20 lesson supplies tests assessing Passage of enjoyable read havent = pleasure of=20 meeting thing days sum.
Jitsu a ten bjj la Clippers mlb Monkey bar = Gymnasium=20 vp Lifeline Usafitness in Madison wi difference in truth teaches lives = words of=20 stuff sound important.

Figure Skating Freestyle Ladies of men = or=20 Gymnastics Halls is Fame Handball Hang Gliding Hiking Ball Field Inline=20 Horseshoe Jiujitsu Judo!
Billiards Bobsleigh Body Building or Five = pin=20 Broomball Coaching Cross Country Skiing.
Staff am Frank Nunez Miami=20 initiating in regiment Lyle w Honolulu hi point advice Kbells Pavelizer = a boring=20 weight. Yone suprised guys Rkcsam Twito Northfield Mnyou planrated = contains=20 exact a kbs living near or correctly fear ignorance dispenses wisdom = insisting=20 in benchmarks in achieved taken feels.
Wiki goes Marlow c or = Conference=20 Orleans la Fickling David a killed tv star Newsblog Bonnie sky a=20 gets?
Cemented a source Howard Dean Wesley Clark Meanwhile number = experts=20 blogged making am indepth of.
Benchmarks or achieved of taken feels = concerned=20 repetitive of rear ugly head fills or?

------=_NextPart_001_0006_01C6F6B4.86CB3B90-- ------=_NextPart_000_0005_01C6F6B4.86CB3B90 Content-Type: image/gif; name="San.gif" Content-Transfer-Encoding: base64 Content-ID: <000401c6f6e6$d16361a0$fd17f53f@HILDA> R0lGODlh6AEwAof2AAAHAH4AAACAAHGJAAAJdXYOjAB5jbu8yc7Qt7TN6UUbAFsfAHIfBp0YAMMU AOwSCQdFCCwxADRABFVIBY4zDZg5CcszANxICABYACtSDj1hAFJpAIlcAqtmALxiAtlmAACKBSVx BzGHA256CX98CqKJC8J+AOiCAACWABOVADyTDGuSAIWqBpmSCsCqAN6RBADHDBjHAD3EAWvDAIS7 AKe5AM2/Ct7KAAfWACPjA0LlBG7gA4jsAJnXAbHdAN3WAAAGOCILTUoAPWMJOnUAPpUNSMoAOOcA MgAmThgVPT0dR1gjOIsVR5cTTrYoSuMdSgBNNx5LPT9INFU5QXM9SKA1Ob86RNw3PgBgMyFVOkBt SFdpTnJYEpduS81rSOVuQQB0NiWEQT6AOGF/SIOGRpOOTMJ3StSJTQOXOh+VPEySNWmqPXSuOKSV SsSYM9iXNgC6OiC0PUnBP2a0Nn3FPqvJNr7GTeTOMgDZNx3jPTbkSVvkPnrSPJzdNrrhS+nhPQAJ iC0Hi0ELeVQAeXsEi5YJhbIEhd0AhwkneyQWczobg1EfgoklgJQliMIiiN8kcQBKiCw0gEdJfWdJ eXJEi6dAjs05dt9OgwBSeCVgfU5kclNueHhoeaVhishrf+pfdACAgSiBd0N1gG1xgnuOe5F9fMOF fdWHegqsgiCljT2ah1qajnybhZyph7SsfOaafQPBfR7CdD/CgFPKi463cqPDh7bNh+2xigDtdyzo dkPiclTujYDlfJbVicPZcdHphgAAzSsAvU4Av10AwHIMzKMAvMcFw9wLyQgotScixDkjv1QXs3Yq xJgetbQZyOIUsQA+sRkytzFNzm01zIM/s6dGxbwzzuhBxgBhxx1qxjJlv1VowYNnvJFkwMJuvOtq zgp2xB2KuEqAw1eNxnqOx6l6s7F+y9N2vACuxyyXtzygymyWy3+puKaVzsulvO6YtgvDvi6zxjW2 xlS4t4jKwa7Eyv/35aKSmo2OdfwAAAb/AP//AAAI//8A/wDz//f3+SH5BACJsBEALAAAAADoATAC Bwj/AP8JHEiwoMGDCBMqXMiwocOHECMatCSxosWLGDNq3Mixo8ePICHaG0mypMmTKFOqXMmypcuX MGPKnEmzps2bOHPq3Mmzp8+fQIMKHUq0qNGjSJMqXcq0qdOnUKNKnUq1qtWrWLNq3cq1q1evIcOK HUu2rNmzaNOqXcv24Ne3cOPKnUu3rt27ePPq3cu3r9+/gAMPbZsWAuHDiBMrXsy48UPBkCNLnky5 suXLmDNr3sy5s+fPoEOLHk26tOnTqFOrXs26tevXsGPLnk1bsuPbuHPr3s27d9nawIMLH068OGzf yJMrX868eVrjPTFBn77XufXr2LNr3869u/fv4MOL/8cNZLz58+jTq1/Pvj146vDjc34sv6r7+/gX 1t/PP7SA/wKMBOB/JAVYoD0AmjSggQYKqCCBCCb4oIQCUijhgBViuCBKC0IYoYcldYhgiB9C2GCI FmKY4YVSAdDfbCcGGKODNI6oIIkNnnigjTX2yCCJNM6oI49E3ghkj0gG6WORRP6445BMJgXAlC/K BqWOMi5ppINOntQlhzh6qeSWO5ZJ5pBYgmmjkGRyeeOVTE3pYpWkPQRnmGmeOSKUY6bEppFfJpmn mGYiyaeHfxa655tqniVnfpDqBlOOBKYJoqA48lmjikcuCmiBF244qJ5tilihmVl26mamKmrqE5V0 pv9mJ6N4tlnij5reCSqLn4qJpq1aqnoopbwqmuqBd0aq7LILWUrrjLYGqmiRv/ZKq7B+qkqtmtKO uiqyjTIrrnoxJbpmmTlimuS5herK45fHoqrSqNX2Wq+8Ta4b674o0Scqp0KaqK6hJlI4bYm7rrhi pZyqieKlC8cb78K7EovohjaOqzGz/DK1MXrRfJxQx0uJbHJ3JKes8lT0rexyXA1dcfJALxP1Qc08 zQzRBzz3fPPNJf3M80g+p1Q00UATbY/PQ5909NI9k5S00lNDHbXTVy9tktBBb/200l4PPXXVTDdt ddVbB5212mZ/jTTXUoddNNlnm41012VrHXfZaMf//TbadP/t995rP5304SPpPNPYaevNeONg2/0z S4B3rffekF8+ONB0S5454o9vrlLgYGPNueWDax26356jtLrqK3ne9+moG0176bg7bnnnrO8u+mot v05736lTffnkozutPO+1a3587pMjXjvoxeuefPWVI98846/rLr3yxWvv+vOzQx+79ebjvXza0pdf OtCKyyR85OezT379zcOu/vaQ327897ijXu70d70BZs9on9Nc5QhIvPkRz3gQxBr4xoc+5zFvf5ij 3wQBiJrgse1oh1ubAa0nNLctEIMRTJ/UssY8/9Xtd4B7YOpOqLawTZCAziPhAAOYt7z5TnVMW+EN /1EXQrv9LWoHxFvhWPi7+MVkfjm04Pr+hz/sSZF06eOg9sSnwPeNUIZdzFwNh8i9/N2OizO0XwGj Z7shrnBu/ENhCvXXQC/usDQeDN8OsRhBNhbQihdUoR0vyMXHBTGHLkygGDMYxxQuUIA3DOQGcdi7 /IEPiozMJAMp+D34zWxxcfQfDUWJxkWGrn2KJCIMx5jGwJHugVgsnx81WEYrKrCOepTh2ErpQjBW kI+iXKUG7/iaPJrvam57IwDFdki5KdOGR3xhJN84Q7KBsH9ItCQiRci2Z76PhdzMphApeMxm8rBu 4uveBsOJTSMykXXvfJ49nIgzp/iynsFpGT57cv/Pfa5EZ/r0p0Blg5aBGvSgCE2oQnsSgJI0lCQN DYBEJ2qSh44koha1h0UnulGHevSjEIUoRS9a0ZKCVKMnRSlHJWpSkob0pRdd6UYpmlGVrlSjHEUJ TWXqEpbCNKcuDSpKHepToBL1pjXFqFFjilSW+jSmOF1qVI0qVaY+1aopWSpVM+rUpiK1pDsFKVWV 8hCuerSmLX3oVdX6UbPC9KdvZWtKkxrSjp51JW4NakRPQte5DvWkaP2rUFuyVqHK1bB8RaxO/RrY xLaVq3slbEsFq1jBotWtmIUsZQFrUrVitq2Jc8xQI3vYxf41sip1LFtLC9fNonawfU1taxv7UtL/ 3nWylwWrY98K25ig9rUuXe1gg9tTxhYXtMKlLWcnS1ngNne3dR2tbE3bW+l2tLEPLShMhCtdlbz2 t64lLmujO1zgxlavlq0tS7hr1tzy9rnufe95JXtd1ZJ0vN1dr3Eli9z7bpa64d2vX5mb2uR6d8Dc nS6BifIY9lr1qjjtrH8lLFva5pW8vJXpYe062ptKeMMZTulUd5rT+T53u+K1b4WpW9W48pSnALau f2EM3fj21sZYDa9tlTpSw8JYrgkeaXbP4tvT5nexed2re8FrYRGbl7kgxrBypwve6pZXt1CG7n+j mlYFp3jCC8augPFK4aJuGbdapiuOsXxbMzc5/8T5VTKFkUKfp9qZzEae8W7trNwLg9nKwdVqnvE6 06NC2M/wTbOiUazntBY6xsOt7J8PDNoIezmrTs7ymm/b5gTXuMzR7euQG2PlPqtXpJI28YDRe2VO o5fDlG5tXLPsaknD+SWaTe+t57xlPzs3xuP99aJbzWpiHznYZ/Y1cVGta5LcptQennWup0prTFe0 x0wF9ol93OLYnveyNAWrVyGc7ffiGao53rVIPUvuWZ812rh1amJpTOBuS7XF1F43rO8Lb2WHm9kj dql2F0pwgQa04AjvzMATzvCVHbzhEL8JQEcW8YrjZOIIGQk/Ns4PjXO84xovScc5bhKS2+PjJ//5 OMlRXnKRs/zkG4e5yEny8pS7XOUpAbnNZ67zkHs85jCvedCBHvSf9/zlSG850U8+dJO7BOU9Z7rK dQ71md+86UunudOjPvKpl/zoWic62Gnuc6aXHeQYdwvYx051su987Ds/O8/dLneZux3uc2+5SkaO Eq6b/e55z7nVzc72uBNe6XiPekv8HvjB113vdDc8yBlf9q9bvfCRnzzd2z7PtBdE8X8PueYjD/jF D37tpB8930X/9NBX3uag97vs+74Sxo/e8a+XutL/jnfTQ571v/c56F0/fMWvPvOCb7vxhX/4x3Pe 85+n/dwpf/nWbz7wtge+7k2//L27/vXH1z7/7oOvesPnPvy653zua29+9H/f/akX/O4dX3zev5/5 t1f/86E/EKrHXPbdB3lCR39OZ3/Ex3yH538BSH0CmHJeN3s/h3Xkd3YmF4BkB4G3933s93U494AO uIGkF4Lo13ul537ll3/X53MfAxMQeIEHaH7rF3oZyHnZZ38jGHcMeHrtd4AtKH2lN3/jd4PKN34R GIRAKIIaCH7y13gyuIR8133HF4UpmISf8RA9uH0kqIH1N4U494IoeIMcmHXD13Q7eIXwF39aeH9H uH1sSIU+GH8WiIA7+Ibi14Q++IQ46H86WHf8RzOo94PqV30hWHk0eISFqHWEOIGD+IJoqH9M//h7 hyiHyFd3R5eFIKiEsdeAc/iGjkiEMjiDuDeG/7QxMtGBSXeBYgh0AziJddh1W/d/Lhd2YgiJS6iE p5eKK9eFsqiARndzCsh1YheLi1h7K4d4SFeMqbd0oih0BRiDlSiLiuh8w+gZD2dx1ugSfSgQ17iN MZGN3viN4BiO4jiO+DEF5OgQ3JiO6riO7HgX41AS5xiP8jgu4zCP9niPkVKP+LiP/Jge+tiPABmQ 3fGPAlmQBskcBFkQ7biQq/GOKnGQEBmRi5GQElmRFnmRGKkbQZCRhMGQHvmRIBmSZMWRJFmSJnmS KJmSKrmS3iGSLtlBLEkYmxCTNFmTNjmOL/+Zk3Vykzy5ksXBDjoZlEI5lHNRjXyRcTKBlERZE/24 lFiRDy0BlYAhlfUkJ3NiD3JCErCClS5ilSWxlVeJlWI5EmFZllp5lWDZlV6ZFPnQllTpliRBlfbg lm9Zl3FZl28ZlyUBl3IJlXSpl4D5l3Tpl215l4QJl3OJmIA5EooplXIJE435l4ypmHvJl42pl5Qp mXk5l8WRBqPYEGP5lVpJlmjZlaNJmmd5mqb5lWiZmqiJmmFpEkoJExn3mJzJmLi5mI5pl5MZmLlp m7uJmb4pnCexmcZpEraZm8rpmMoJmYt5m81ZnMg5nJupm7fZl523jzARm6FJlmJpmqs5lnP/Mp7i 6Z2xuZrkWZ7g2Z3eSRTAOZ3YKZx+eZ2/WZ/JyZz4uZfQyZn3OZz0qZ8oUZ24WZiSmZgDCqDWGZ31 OZ3yiaDLyZ8MWh8PwZ3n+Z0W2prlqZ6nKZoWmqHrqZZgGVoGMRMIsZvzqZ/xeaDzyZzXWZi9GaD2 uZ8n+psuupw12qI1SpnQ+Zgnmpf4yaMRKqDUSaAoCqQISpjS2ZQvQaEmgZ7mmZWkCSuluaEbKqVQ mp7hyZYoCp8O2qM06qIzOqMAapfYmaIPeqD+KZ0JSpw+ypdquqbJ+ZxiuqIOmphgup94qjJM2p5Y yp5maZbtyaHmKZp9uqfu6Z8seqYsOqf//5moaRqmzWmkO6qoKmGmxzmpZrqmMvqmPkqd1mmkmQof 9LGWXImho1mhpyqohtqhg0qoazkns/kSSFmgkUmgl7mlxAmhkUqkmJmZiFmgkzqgtmqZN4qnmRms bhqgxcqjv1qZw1qdh4mmcJqd+OiUVhGnlYGt0GGU1eEWSemttKGtkUGVSmqt5nqu6LpQ3CoUsSoY Pfmu2ridWdmaaVmqZRmigOGVpEqvW5mu2+oQTDqeU4qhBJsS7boVqOqhpwmvDNsQATuo69mqqcqh B8GdWrGqEdueDcuTMQGlgfqh9hqoEiuydSGwWaqWTeqvooqOVaqaEpulrCqb4NoVf0qo3f8Jqxtr kzRhqoXqsnyasnlBrz5rqiprHBPqsaFZoaRaqmcppSKqkHChrx7Lry6SszrbjpBQtFq7terKsoBx sLI6s0xptSnJtWZ7tmhbHEfrmkwrsiB6njx7Evoqt/0qtUhLrQRhE0iZsEA7lmRbtks6pUn7mqx6 rzbbtyRbsILaFK9qsVaatgQFsBfqpx16sj87sux5synLtxortt1YsZS7uQv7t47RDuKynZOrtBDL oelJspkLqKpppfh6FP0aukQLua0xoT+rurDJuki7qm6LuDErsyM6tsVbt036qk9LujzZp4OruYr7 sSjBubc7vH7rubTpreFJtBjKvPCasFP/66qz+7x0SyX7mpay67R4SzPGWxDn27riSSXeW5L8YbG4 a7Re+xdgi43aq7fzy7F4sb9O8b9WmxcC3BQEnLMGjL1QkcAba7d9S7XmO7fBe6roa7nwyMA5Ybhy G6VV68AVQQ8Z6biqOrFUmqFU2rp8G5sHXBMUDLciC8KKUQEruKTTK7pOurjWC6jwW8H2GxTb67o9 7JILcFC/28ER27iPW75XyqcTrLxScq97erf3ux9DnLqJK7qI67wj+8NFUbvA68VVDDxeC7OpmsMn 3MM83LJrvL7x+hMYfLsfLMM9eaVUzLN2a74pLL5NG8fLy749cb6xC6J/TMcWCR1iPMb//wqaAazB OJHID2nIHKnIlDzA+bvAxfu5mZwTklyTfdHCJwHKYdvJEimvFHq3syvF9RqlyfvErgzJQ1GacLvE lZy7ZRzBrHm4wouvcnzDkbzJowy1Hry4a0zKFTkTK3y51qu5Cvu6vuy6X+zMe5y5tdwaG6ASssvM 8Gu/bRy+TLu0sBvFu6y+sFzNsJHMIXvCKdzE3EvN5RzL1Tux7wwXe7AH5twTLQO+FUzN5Fu5bPzM 7CnKGQzMGRu85Cke9VzPxrwdd+zN0vvMNfux87qvOizQzgauSkyeU4uz5rEHCy0p1DHP92zLjNyt wMy/BO2/H22QI93SLv3SW7Gud2HRPv+x0iyZxmycx0Hcx4Lbtn1sr2/Lwo7sErIsxcNs0xEpE2D8 zzp8xTCszJwLzXA8rythxjCNR+hoxiAbuia8xZc7xCQ8uieNuvHc1UgNkaj7nU6bxHZMyx08tLzs ysQMxLLsy1R81aJxtKg8uVyNueu81nsc1sQrzC5MvR181geJzEjsz00Nze2swl09zUDhx4KN16OR zxDN00Ddzw/9sj9tle3sxv9gE0pswU9cyIiNke461C0h0hcdj72Q2hqx2mPdsTaBCgWxD7J9j5bd 29+62+MIBTHp28Rd3MYtccCd3OMRH11w3MUUkaeg3NI93dRd3dZ93fM4JdgtEs5N1LX/W8vbHd7J 0d18YQfkfd7ond5BIQrTId7u/d7w7XnqPd/0Xd/2fd/4HZTxrdxfsN/+jRxKoASLkd/WGOAGrgT2 cckEPhhpd+ABvhsLvlAGDhcyHeE64b0ycQgafgj2sOEcPhIf3uEdruElseEgbuImgeIiThIhPuIc 7uEf7uElzuI0fuI1vuIgPuMyjuM4HuI+/uMqLuMtPuQkDuMnseMufuRCruMkXuJNzuNA/uIzzuJL TuNGTuUtnuROHuVSzo2PkeU+nuM9fuRijhJhPuI3XuZjbuY3/uM6nuJvnuND3uZUDudpDuV2ruZ3 vuZ5PucxTud4zuOBPuV4nuU1fuZ8//7nM/7Rhu7ng37oKQHmIq7oaY7oZC7lZx7mkm7lnP7mXb7i c67njz7qgi7ojV7poK7nnz7pZL7nlr7qU07pcg7nks7oJ77qL77phK7iqp7qug7lT87pny7rp97p rO7pax7qpQ7jv17sJv7rZc7sWm7qhX7rLs7r0W7kSG7tvS7p2i7aDQsTji7shO7q5X7saF7uhk7t mI7lyo7qO+7t6L7tlq7mzd7qs37ufM7q9Y7r1W7u9l7q+c7utJ7nL6npkL7voq7rxG7w6y7vXa7s xT7wkc7vAX/xqK7ubC7m9R7tcY7oDT/m7+7xxm7nIA/o6x6UQh7kVh7sz47t3P7oLP9/6w8P6CSf 4igO7Ym+6zhf5Or+5CmP5DB/8/OO5VtO5D4P8IVO720e7NOu8xVX4RZ+ccw79SP931jfkVZvzlnf 9Wqx9WAf9h/p9WRvFmJ/9mjv5WW/9mzf9m7/9umR9mPMG6wA93Z/93hvzLaQ92Yv9/fL94Af+II/ +IR/EX7/94Xv3jPJEVQxA92dDYcf+f0BKchg3WGQwJKf+ZqPT1KvMonfHKWYi8EoesoodlW3i4gI jV1Ycyz3iq94fchIgcrIc6dvgLW/+QwOmpRXfraYgXZoeba4iEPYfMBP/JMXicUPhjbYcp8vHhaI h40Y/Gro+zkod7wviOGnedrvfdv/v3ur53fNvxwsGIFrx4CuP4NbJ/u9WITQWHTr33yzmICEN/vp l/7Q7/6iiPs7YYWNd/88CBD2BPITWJCgwYIG+S1MONDewYYOETokCBGiQoYPNU60WDHhxY4bP2r0 2NDjP5QpVa5k2dLlS5gxZc6kWdPmTZw5de7k2dPnT5QiS248aNGkxIsilSpNOjQiSIRFJU6kOFUq R6pMl5LkelQgULBhxY4lW9bsWbQ8By6syJZqW6gU2cKl65TuWrdzTboV+lAvVKN5R+KNK5dvX8IO 06YksdjxY8iRJaONWNnyZcyZNW/m3NnzZ9ChRY8mXdr0adSpVa9m3bpyTdexZc9O/z3Z9m3cuXU/ pt3b92/gwYUPJ17ceO/dyZUvZ97c+XPo0aVPp17d+nXs2bVv597d+3fw4cWPJ1/e/Hn06dWPUd/e /Xv48eXPp1/f/n38+fXv54/7+H8AAxRwQAILrCwAAxNUcEEGG3TwQQgzm2S0/iq08EIMM9RwQw47 9PBDEN+LcEQSSzTxRBRTVHFFFlt08UUYY5RxRhprtPFGHHPUcUcee/TxRyCDFHJIIos08kgkk1Ry SSabdFK2EKOUjwIpq7TySizlY9ClJ7ukLUv/FuTSSzJbA/M2gQAITc2E2PTMzTQbGnNBAOCE0E7O 8FxNTwLVxPNM2/y0B88666zMTv8+MUNUzpYKctPPQhsq1NA8JY1U0T0flZS0RTebdFDWBAXVsk9R K1UzQf8EFKw3KW0zs07f3LQzTTV1dM1ZRyU101tfTS1RX3sNNc5DW7PVU13LDK6mVINtk1I2P43U VWhBjfZZNeesVdhkrU0TWkNd1TXaayE1N85zwe2UXGcHrXbUZskFF912T7302mTxTdXcWB1V1195 +2V3XG8HXlUyYn2d9lZRvYX31WpjndPhY92dFl+Hu93WWn0Z7jhjhRMWeeNyy2UYXULfzVhUjB8u OGFEVSZ443whJpbll0E9GCjT4Gy4WXpdXvhbQisNOFeYe23Z4qNtpfnjlGWumd7/eE9GOVxMn37Z 561d7tbqpLXmlt+g471UWQe1/lnoh52OCFir+Yz12IZFntrrtfF2tu672VV5ba4vA1xpSN8unGJu bRZ28JGV3tRkvtGeDTZF731X2puJJhhmQyfe/G2kLW856s/vdZzjwDMHWN7Fk2Za86gxZt31YDuu 2N5/NX8dW5+pPZn1nSHbslHJjYQbteB9Kn75CI9nXkHKn5feweSfm/764at3bFjj9+T+SOexrzF1 kEFPHNWzSwv/1HYFT79Y9+XetVXysfX3/m8tBfZ9XJHW/9HwiS820UPV3gp4Pkx5D1l2+9r8GohA 2rWPgZVyF6zaFjTzJfB7/svf/1e0tz1aHY1o5NuXuKYmun7N7GwRs1gFXVg3p4nwdoSD3fvWFa7Z 4Q6DtbOgycpHOBPCC4cjxB/QpDbBpQkQONFjXL4mBTQnYg6DMZPdzFAWQY7973GOo+Ki6FavE4IN Z0G8G/x8eK5ZVYxtK2vb6BqoJ3x9kDktFFvj8mZHMe5KbUNTHR0zyDq3zU13VUwcDMPmMaxlcIKu G6PdCHk6H6Iub3yUYKnkuBhaTfFzNbsjJ/NYLLWB0XZ/vGDmBFlFNbrtdGys39dmyMWypbGQqmui FREHRggqUUB8FCEe2XdCdXVxdbvz4yBhZzhq4VBcsQNYMV25zMsFs5nMbGEUB//mQmwec2SJLFky J8lNZBpSl8uiiQL7B5oA9iadzeuT+kLjkilcklXDWacEFwigehYvn+OMEAEN5Dl+ok2emBQT8QJa vIHu5DP5TOE9FxmcfRooogel6GtoAsVhKvKBGrSbthA50TJGzoCZNCfvAkjNX7kPfw7ME/86k1Cd 0E+jGq1nQzXYSXSOlKPpBCn8OOjQjfZMpR08TU8rWhpmgQyO0VQmNlk4us4ZtI6WImJVfWlDhUmz XgCcFzF/6UghArJ+tUJhMwuGRqoJMa06rORTRWcPmOZkoebjJSv7mMXynVRvgrOlNbF2uyf2lYSa jCROR3i4qRqTsHm8HOgwilj/W7aSrIc8KlLLydLBkexmiaymrybGMpdqk41jGy0eNTm2ukqxtLjc XBIZ+9rTaoyWnAVc+ooW2zj2hxvcuakVNYs4Vb7qs14jrV0b97viLva4yxXnaMfauh1uUbnGDakp pytS2eL2VnHFianeGlachbV0Zj2gK/XXWtva7JeBKyvvBvnWGMpMYLnrnTfJ5lX5dja7qQViOBW7 u9BWdjP+LBBA+RqbiE60pvT8qYkSxd2yZG8lAUrwmsiYIJs6+DIQJouAT8RhDnvYRCA+mGp6emER czTFASVwLA8V4IcCR5A9U6N74RjjcDrvxp5N3iZgWtRF1tieEHWsd8uLxNGA/zTDKz7qKJU5Y7ei sYRO7aXlDEdUF6OOynRNayEHxk2thk6rTbOyl7zB5AFf1LqPjOwLwwY1xSkVyTtucxnZFkTTKa6J txUsdUVF4lVlsmpsLpVqUQlJ0cLQhpzloYtnl1HsThGciR3vtkKJ5hUP8ZZ2Tt2haVlKOXOZzr8N ry+zZl0/k3Kxl8b09WCjyk6Sjm5/m+03H/1f1IJTvKSNnL2MmcPz1Zeyho4ToLuTheW0ekRGVTaT Wtxs38AYrsZOKIEMDG0iUXsm2OZ2tyV6Thz7tEDMJvK45+ptFSW11y5d8oEL8llKtmqletaieS2M YhWn1L1H1mOQTWhf/9r7nf/a5hn/4NZulk6bJblcKABB6UD5nXPBxsrV8dYX5G1CV+MNTjPBffLY F+vrYodzc3g9mtUn626tvuUbyYZoaSwDk5Eil6GmX1jm4yYz51S77yo/xlzx0pZiwPP4S86Nct/G zY6RRF9h+4rczF4t6T53c3VHecFLn/HpnuT6p0stbEQnF+QqRDW6LbptzE79loAkr4GhOElZ2nVp hQ6jpJcJMdM1rc+2468BC83oQe91h3TPNdM9DWAPzoQJRb82ZXO2dlDnduFFriN7Vw3WOOtNyMHN cqqv7nhGhixmJY/gz1crW8vHdruMN6j6vqt3oQk93IQndnpR3khc5lm1+mX/3wrtl0PdbxbuGX1v yxH9Sjl/9YY0VzRazf7uywqo8TMlErmXxHq1DGj6KkeS9ZWE/ck/X/zjJ3/5zb8aynnfTts3sffd yVDhWFw27s9pRMD/k8d+9cDrlyq+qZ9wrtkfaZMV+BsyUom3hHs4WPE/RRJABqQgPbk/owshhJsf ngo3cLOz/3u/DDw6WemhA7pAoAKyoDo/QeO0XbsY8tq/ItK0Uis+XuO9IqsmsgI4urumxpIk4kO9 FRoafBu9kOkgnMM7yYI6tQKwtzNB0YgdyFK99fEdyLsm0GOav6IrF4QtzzO9JEysvHst10KyFSy9 GWyfyao6xmE6E3y27Got/8xrCVcQIx8sm1MKHeLqOlbbs3GBL9+htC6TuwCjoszLM/26K4G7o9pD NQnsCXejHZpZvfDTQlT7N7AxrTU0xL3DQsv7PMPqw6gjwyD8NOdStVnSrta5ug4hg+YQqr2hrzD0 KbbDOkeSmgAcxNcBu1oEovsCO/6Kr/pyulukwYCzvaDLHSIMxrqaJljCQCVcxiTjlATMEfpjRhMc wAOMRhSxxqNSQ2m0jEQkuG30jG6Uo+LAxiXUN1X8RnR0p0mEoD80I/phNHUkqVXaKS5Lx4PSRjp8 xjpEoApTxhG0oE+snGADx3C8iTr5EJkiJtOSFqzKwy/zm+IbtS4ERuHrOf9BJLkKYiulu7kUpMZp 9MgiSSonDCw8JK9GBK5PajS8usNLjC5Py0R605qCfIlJkaOpmsWbrDRkTLWKS0k8ZMl1+ajaeUU8 nEmVqMmByknkcsI+Ci/cOz2ddLyfxMKmfKOYvC6F60akBJSERL6hk72Ziy85ZDNGjCJIO8YelEX0 GixgBDZ/VDZyBBJ89EAYicvJMcrq8AHzKKoHLBGQhB4ImwRvtEfCxDS8PEzETEzFhLATgInCfEwF iYUaWUzKZDzIvEzMzEzN7JHK7EzP/EzQDE3RRMxfgA/ZyILNTE3VXE3WbE3XfE3YjE3ZnE3arE3b 1JHRzM1Luk3e7E3f/E3/4AxOGNFN6tgt4swO4UzOyTxO5mzOnEAG54xO4VFO6qxO67xO7MzO1TCK qniLjPiIjNCLvWAI8eyLvPhOIREE7XwS7uwKpMiK97SMpsAKxIDP9XxN2PCIkgAMr6DPp/jPqNCK kZBOAkUT/SSKuXCKpeiI+fQLu/CL/tyIAp1QnumMA72K7oTPpBDQDOWKwtjQ+8TPcrrQqSAK+9zQ BnXPq2jPhKBQ7+ADCbSKrGDQpyDPwwBPG/3OwAhP6HNRHzULFPlRIbWJEC1SIz1SZZlLJH0SeTIx jlvE+hsf4uhHgJw/jYnGB7TLMkk/dntSfZS2g9tAAwSyL0yuDfqhBNIx/wpiOOl6S7rMN8xoUnkE wCgVUxzT0nIswVZCsPpT0380mjF1xjVtNpE8L/CiI4fLmdvCHaFTQSO6NeejwX+Z1JLhSKu6OWH6 ymFbGEbtHfyqN0zNpp4rIrPsQhUcxO9KOraypPwAgLQgqV3cyABEw6pkSdL7oV7joauDHK8rLuRr wlLqxNV6SV1VPah8PM2DMz4zvivapE3sETw9MmF1ykQjo8MbPlQSRELstDtbs4p0VjEkxafcQl8V ylIMvjgDRHESG9PbuspLtCKJ1iqd1m4NxbjjyU3L1Y3j1l3tMjfaOaD7IpTkRHDduinMq4IdO3YN V4TVLl+sPii5rL9jvv81OsZSxUUimshhnFVApEitgzxJlURU1VZh1DtebFNITUuKNFZOHUpC6iZD ZSau4iqC4Q9X1Y1llFd55UybxVkl1NK/RKj+uNmxWFKj/cDMwADQUNKjZZFLItrJiJG4jLSD2llG yc0qfUZmQ7gyBSXbcriqmVOq1cC0occ0FcgO5EbdzFpxO9MwLcFneaNERdOs9VM3TRshC8gri1i8 3Ix+6AdMfUieE0IkJLkx89SR/dQturHAA61euio8QzqFhMHCVSHDhZy7W6/Yw9zJ3dwtU9Su+saY +FuUcDq+A6szjKWTJLRhEz1JbFx8pcItfLJGNVNbjcJmLZpXmt2qDML/fmUhRULMy/hbG4sbi21Z R/vFht1dcz2scu2akjQ1zMNKsWPDOiOb5/rVkkwldMXedQxa8wPcfNw06yVXUHPXcD3J8e3WsB1W 9RpF6g3YUpRVFExJO7Reqyu7p2tXzERL0Qq664XX/YpcsXQskTVCt8xf5ZNc5WNFqftFmnPIdB0p ki3Y5HUm4Ovapg0SBdtgGWHaqhXUyhJeDy5h3wBhE/4+ELPTsn0Rq12RDhbhgdsZCoTH49hTvaWq tI22BnlbL53TfVwgJeO29GNTiMrbedxbdmIQH6a4HBbieJxhCOMcndPhGJLDs5QuYCucBR5GUnVc IVw0i6yykfs9mh06/2S61DDuKrci3In93L+L21VdNMXlXmI0K1YNsajcMWp93Y301tzFIjgDLlp1 39ZltePzmLtSytRdycWlX9O911kEWNwtVvkttuA5uhrsWMdtPsvttO31shz0XpcEy1rtuzrURIfk 18KLrOOtwuQ9xE98xbrTwYY15GOdniI+2HrlVuryu0/yyj625LLT3Ul810Q2VqnUqReENeMyvO89 5OdF2Dm8ZJ3JZKQtYJP8PfupXF/NL2GuWNmDr1zDL1tzPqiRr3+jNW6uNWAy3wjmPOcy5XnevFTF YyNOzRdmMMLc5/7tSxbxZwESaIGKvhTW5Sw5aIU2EzUb1H1OlP3hYf8dIehxbL84TcoThFs+1drp LSmNHtS2vVs6/eg3fWIWBGk71avMABMgPjWSPtNKEukdJkEo9WgNzlMLRFpz1MeQZjKNjJhRfS8s tuK0VFehvsGiDjk4NqWkjlskdGNLzUWbO1w57sHz8qYaIuqMPEJEnefHSeoa3OpYayq6TdKGJl8j MlNFDuLovd9D40NInMqdI7WqW8pKriXNA9i2prdsCrWPnWTPoyGXfLPEe1pzRV6vxGAx7rMYzDLz tUrP9b2b7DtiOya6lmWq671iJsRigqp1HUvADmXiYlaaSahG5FULjjx3VErlgrnTSj3ci+TlqrPQ e7xhnt9ZhuyHJe3/NTrffh3D6G3m/QIb0+6vzt6kkDXLdj7UdpZsu5Yh34XXc75qSAI8y6ZfDEZd 4wbF14vZwWNFwArtqmJINFxWlam2JRlbml7NfGJpfQLoJIPvdKTohbaRP6hvvpUJARvSGFUQu+Vn jebvKUZpnYbpnj5poVJv/L4+g57p9a5pOBVh5xkPvRTw8chFwT5VU11nq1qvmUWvwZUyzAXCtI45 C4+rjA7W115riGZslI1lVXbkfkvCl15wnp0JuIPuvA622o3FHM/YsNs9WdOySw3NMijIFP9Yvr5l 1WbeQAK6/c3HsJ07G18eS5wmpqJi6v7Wbva1neQ5Wl5sGtfWKi9z/zM/czTHnhNfczafSXqYjmlo czmf8whLczu3PzrPcz3fcz7vcz9vvTsPdB7RAUEvdENvJ7n8c9EsFEVv9Oc4SEePdOVg9P449IoC X0s/UvnmEUkPR0rfkEwXn00PdWZcBGnsdAtZBMUkdRMx9W1EdViPdVm/D1avdVs/UhS+zlmv0Fvv dV/fYHAIdnCwB2EPdmIv9ogQ9oIY9mVPiGIfdmYXCGhH9mWPdmOPdmLP9mpXdm5X9mOHdmd3dmOX 9nHXdmkX93Ind2sP94Yod29Hd3PPdmqPd2ZH9mf/9mY/91+vDGyP93xv93x392T/d3m3DHcH92bv d3rXd22vd3b/9/91P3aCj3hzd3iCJ/eAH3iJP/eIx3aEB3h9X3eFD076NniNB/mH5/iGP3mP9/eE L/iWV/iWr/iQT/mVD3eEn3mVx3mbt3iLZ/ecX/iY5/eM3/nkHHXgqPdrf3eX7/egl/lt7/Z0h/mC f3mUb/h3/3l/1/qq/3ihB3idr3l813iH93qzV/eHZ3qX701Mrw2aGPqTv/iPn3qat3qyN/qqT/mf 9/meZ3ijT3e4t/ut93avL3qJD/yth/jEL2whhfTc8AyRJ3qW93uop/y1v/mzr3yxx/y+Z3it13mK /3y9v3mg5/nNX/y6D/vbRPr/sPd5H/mxX3iUj/l5X3xqf/1t/3b/pZ/2pe/93Lf8qG/3g+/9zJ/4 a8d5pr/95Fd8v99358f1Bl/SXf+J569+65fNXL/62Zz+ouWM2o/9ob9345d6wLd35N99mR9+9Id3 tFf34xd83tf9uUd3j6//ca/90Bf48d/7y98RKgAIewIHEixo8CDChAoXMmzo8CHEiAX/Uaxo8SK4 gRkFbrS3EVzHjCENdvR4sCTBkRo5skSocuTLlSZntqRpEqTMkjpt0gypUubJnjlTEm0pkuXFpEqX Mm3q9CnUqFKnUq1q9SrWrE8f7kR59GNBlDbF8gS6cyZZnkdZwgyLtujYm0bhyoUL9i1dt3dXnq0J dq/EwIIHEy5s//gw4sSKpXbVy9YtZI4g+0aePNkvzrxr63Jmm9ks0b811ZIc2vPz5dKjO+tM7dee 1tiyZ9Oubfs2btqNQ2v0qno18Nem6fq2LDlzcdKjNyPXTNK18cjAfz4GKvR17uzat3Pv7l32z5jW y1IeD3r4ePHmxffdPTf97+XSyduVf57n9/z69/Pvn5Sra8dZ51tYl1lGXX184RRdgQiSBd19HqXW FWrzKecZcgGm95mEHHbYnmIhijgiiSWaeCKKKaq4IostuvgijDHKOCONNdp4I4456rgjjw759yOQ QQo5JJFFGglkj0kquSSTTTr5JJRRSjllQVVQeSWWCh25JZddev/5JZhhijkmmWWaeSaaaaq5Jptt uvkmnLRxEyedddp5J5556rknn31KlSWggQo6KKEt+nkoookq6l2hjTr6KKSRSjoppZVa6uSimWq6 KaedevopqKGKOiqppa55Kaqpqrpqiaa6+iqsR7I6K6212norrrnqymqsvfr6K7DBCjssscUaeyyy ySq7LJe7OvsstFcyOy21o0Z7LbTlYLstt916e2u14Yqr6bflmnsuuumquy6K47r77qiwwDsvvV6y ey++6da7L7/9+vsvs/kKPDDBBRt8MMIJKwyjI/gC/DDEQy48McWORnwxxhlrvDHHHXv8Mcghw1ox ySWbfDLKKaswvDLLLbv8MswxyzwzzTXbfDPOLou8M88XDWpMzkELrWIHQxt9NNJJK7000007jXRA ADs= ------=_NextPart_000_0005_01C6F6B4.86CB3B90-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Oct 23 17:08:35 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gc72B-0004wc-9p for capwap-archive@lists.ietf.org; Mon, 23 Oct 2006 17:08:35 -0400 Received: from mx2.tigertech.net ([64.62.209.32]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gc0ue-0006Nd-4v for capwap-archive@lists.ietf.org; Mon, 23 Oct 2006 10:36:26 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by hermes.tigertech.net (Postfix) with ESMTP id 55D50430F48 for ; Mon, 23 Oct 2006 07:36:20 -0700 (PDT) Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32]) by fry.tigertech.net (Postfix) with ESMTP id 3301B4A45F0 for ; Mon, 23 Oct 2006 07:29:01 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id ED788430E94 for ; Mon, 23 Oct 2006 07:29:00 -0700 (PDT) Received: from sj-iport-4.cisco.com (sj-iport-4.cisco.com [171.68.10.86]) by hermes.tigertech.net (Postfix) with ESMTP id D77EC430E99 for ; Mon, 23 Oct 2006 07:28:52 -0700 (PDT) Received: from sj-dkim-5.cisco.com ([171.68.10.79]) by sj-iport-4.cisco.com with ESMTP; 23 Oct 2006 07:28:52 -0700 Received: from sj-core-4.cisco.com (sj-core-4.cisco.com [171.68.223.138]) by sj-dkim-5.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k9NESpbX015641; Mon, 23 Oct 2006 07:28:51 -0700 Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-4.cisco.com (8.12.10/8.12.6) with ESMTP id k9NEShOV022171; Mon, 23 Oct 2006 07:28:51 -0700 (PDT) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 23 Oct 2006 07:28:35 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Mon, 23 Oct 2006 07:28:35 -0700 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A202B184E1@xmb-sjc-235.amer.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] need clarification on UDP ports Thread-Index: Acb0er3UXKHkBldMTBqMJ0APcFqCSwB1MYVA From: "Pat Calhoun (pacalhou)" To: "Scott G. Kelly" , X-OriginalArrivalTime: 23 Oct 2006 14:28:35.0775 (UTC) FILETIME=[8631ACF0:01C6F6AF] Authentication-Results: sj-dkim-5.cisco.com; header.From=pcalhoun@cisco.com; dkim=pass ( sig from cisco.com verified; ); X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes X-Spam-Status: No, hits=0.4 tagged_above=-999.0 required=7.0 tests=DNS_FROM_RFC_ABUSE, SPF_HELO_PASS, SPF_PASS X-Spam-Level: Cc: capwap Subject: Re: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: f66b12316365a3fe519e75911daf28a8 > I've been re-thinking my position on this, given that the > working group is committed to a multiport approach. Certainly > there are multiple ways to solve this, and while I would > prefer a solution that didn't involve adding yet more ports, > we are where we are. > > That said, I think adding a 3rd port which is only used for > discovery operations solves part of the problem. In that > case, the control channel is always DTLS traffic, and we have > an unambiguous solution which requires no protocol hacks. True, and if we decide that hacks are not acceptable, then a third port is really the only way to solve this one. However, I'd like people to consider the zero filled DTLS header. Yes, it is "hack-ish", but I believe it to be completely workable. > > As for the data channel, it's a little more complex. If > hardware vendors must know a priori whether data is protected > or not, the only options are either two data ports or a type > header, and given the dramatic allergic reactions we've seen > to protocol layering beyond the udp header here, distinct > ports seem to be the only option on the table. However, if > hardware vendors support tuple-plumbing, we can do this with > one data port. > > Tuple-plumbing solves the problem by letting the application > tell the hardware when a session is protected or not, but you > have to look at the source port too. This is part of the > problem some of Pat's signalling is meant to solve. Once the > AC knows what characteristics a given tuple should have, this > can be plumbed into the hardare. I'm a big believer that the data plane must know apriori the CAPWAP data plane formats. Regardless, one must validate the packet to detect erroneous formats, so an implementation that guards itself against attacks, which folks should be implementing, will not view this as a deficit. > > This still leaves two problems: associating a NAT'd data > channel with the appropriate control channel, and the QoS > problem for the data channel. The channel association can be > solved by using the session ID, as has been noted numerous > times in past threads. One way this could be extended to > encompass multiple data channels would be to extend the > session ID field, and treat the high-order portion as the > session id, and the low-order portion as the channel id > (control channel has channel id 0, data channel with no QoS > has channel id 1, and so on). Just a thought. Right, and recall in my proposal that I had proposed two alternatives, one more complex than the other. The simpler approach was to simply include a session ID in the CAPWAP header, which was used to create the correlation between the control and data plane. > > Since there will be initial ambiguity when multiple WTPs are > behind a NAT, there are two options: > > 1) don't worry about it; let the WTP establish a DTLS session > without knowing which control channel it belongs to, and then > get the session binding out of the first protected data > packet (which may be an echo) to create the binding; if no > packets come within some preset interval, tear down the DTLS session. > > 2) do some inline signalling, as Pat suggested. This could be > via a capwap header with some special value, or it could be > the text STARTDTLS along with the session/channel id - whatever. The above alternative requires no inline signalling on the data plane, and only requires that the session ID be present in the header to help associate both planes. This does not, however, also address keeping the NAT table fresh. In my proposal, I had included an inline signalling scheme to keep the session alive, but I now realize there are much simpler methods of handling this. The WTP could simply send an 802.11 NULL data frame (either on behalf of a valid station, or some agreed upon MAC address defined in the CAPWAP standard). Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Mon Oct 23 17:51:24 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gc7hc-0003uA-Pm for capwap-archive@lists.ietf.org; Mon, 23 Oct 2006 17:51:24 -0400 Received: from mx1.tigertech.net ([64.62.209.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gc7hZ-0005hn-W7 for capwap-archive@lists.ietf.org; Mon, 23 Oct 2006 17:51:24 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by zoidberg.tigertech.net (Postfix) with ESMTP id 1A7193980E1 for ; Mon, 23 Oct 2006 14:51:19 -0700 (PDT) Received: from g1-42.tigertech.net (hermes.tigertech.net [64.62.209.16]) by fry.tigertech.net (Postfix) with ESMTP id 4DA8E4A45C5 for ; Mon, 23 Oct 2006 14:50:03 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 3CD4F1448021 for ; Mon, 23 Oct 2006 14:50:03 -0700 (PDT) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.188]) by hermes.tigertech.net (Postfix) with ESMTP id 8871F1448039 for ; Mon, 23 Oct 2006 14:50:01 -0700 (PDT) Received: by nf-out-0910.google.com with SMTP id x30so3181481nfb for ; Mon, 23 Oct 2006 14:50:00 -0700 (PDT) Received: by 10.82.126.19 with SMTP id y19mr1573276buc; Mon, 23 Oct 2006 14:49:59 -0700 (PDT) Received: by 10.82.118.16 with HTTP; Mon, 23 Oct 2006 14:49:59 -0700 (PDT) Message-ID: <369e612f0610231449v7fc448bap7d2a36fb72a51f54@mail.gmail.com> Date: Tue, 24 Oct 2006 03:19:59 +0530 From: "Navin (NKA)" To: pcalhoun@cisco.com, "Scott G. Kelly" MIME-Version: 1.0 Content-Disposition: inline X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes X-Spam-Status: No, hits=0.4 tagged_above=-999.0 required=7.0 tests=DNS_FROM_RFC_ABUSE, RCVD_BY_IP, SPF_HELO_PASS, SPF_PASS X-Spam-Level: Cc: capwap@frascone.com Subject: [Capwap] Seperate Port Vs Common Port Approach Comparison... X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 963faf56c3a5b6715f0b71b66181e01a Pat, Scott, et all, Below, I have taken the liberty of comparing 'seperate port' apporach with 'Common Port' approach. To me it looks like, there is no additional advantage in going with 'seperate port' approach. 'Common port' approach's behaviour (during normal functioning as well as DoS attack) is nearly same as 'seperate port' approach. Please go through the comparison to know for yourself. Regards, Navin ------------------------------------------------------------------------------------------------------------------- What is a Seperate Port Apporach ? ANS: In this approach, seperate port (e.g. 0x2FBF) will be used for sending and receiving Capwap Discovery Control Plane packets. As all other control packets exchanged between AC and WTP are going to be DTLS secured, they will be sent to a different port (e.g. 0x2FC0). What is a Common Port Apporach ? ANS: Here, Capwap will use just one port (e.g. 0x2FBF) for sending and receiving Discovery as well as all other DTLS secured control plane pkts. Situation 1: A legitimate WTP just now got powered and once its up, it starts sending discovery packet to ACs. And once discovery is complete, DTLS session establishment between WTP and AC. Seperate Port Apporach: * AC will get the discovery packet on 0x2FBF port * it would do discovery reply. * WTP in turn would start the DTLS session establishement by sending CliehtHello message to 0x2FC0 port of AC. * When AC gets ClientHello on 0x2FC0 and finds out that no prior session information exists, it would continue with DTLS session establishment process. Common Port Apporach: * AC will get the discovery packet on 0x2FBF port * AC will try finding out if prior session information for the WTP exists or not. If not, it would do discovery reply. * WTP in turn would start the DTLS session establishement by sending CliehtHello message to 0x2FBF port of AC. * When AC gets ClientHello on 0x2FBF and finds out that prior WTP session information exists (and FSM state is Discovery), it would continue with DTLS session establishment process. Situation 2a: A fully functional (in Capwap Run State) WTP gets rebooted accidently, and once it is up, it starts sending non-DTLS type Discovery packet again to an AC. Seperate Port Approach (Proactive implementation): * AC will get the discovery packet on 0x2FBF port * it would do discovery reply. * WTP in turn would start the DTLS session establishement by sending CliehtHello message to 0x2FC0 port of AC. * When AC gets ClientHello on 0x2FC0 and finds out that prior WTP session information exists (with FSM=Run), AC will assume that most likely WTP got rebooted and it would go ahead and reset (state=Discovery) WTP session information. Ultimately, AC would continue with DTLS session establishment by processing ClientHello message. Remark: No keepalive type timer expiry happens. So WTP will be up in NO time. Common Port Apporach (Proactive implementation): * AC will get the discovery packet on 0x2FBF port * AC will try finding out if prior session information for the WTP exists or not. As it does (with FSM=RUN), AC will assume that most likely WTP got rebooted and it would go ahead and reset (state=Discovery) WTP session information. Ultimately, AC would do discovery reply. * WTP in turn would start the DTLS session establishement by sending CliehtHello message to 0x2FBF port of AC. * When AC gets ClientHello on 0x2FBF and finds out that prior WTP session information exists (with FSM=Discovery), it would continue with DTLS session establishment process. Remark: No keepalive type timer expiry happens. So WTP will be up in NO time. Situation 2b: A fully functional (in Capwap Run State) WTP gets rebooted accidently, and once it is up, it starts sending non-DTLS type Discovery packet again to an AC. Seperate Port Approach (Reactive implementation): * AC will get the discovery packet on 0x2FBF port * it would do discovery reply. * WTP in turn would start the DTLS session establishement by sending CliehtHello message to 0x2FC0 port of AC. * When AC gets ClientHello on 0x2FC0 and finds out that prior WTP session information exists (with FSM=Run), AC would simply discard the clientHello packet. And would wait for the keepalive timer to expire for the WTP session under consideration. Once the timer is expired, WTP session information will be deleted, bringing AC in sync with WTP. Ultimately AC will start processing clientHello packets to carry on with DTLS session establishment. Remark: WTP UP will be in close to keepalive timer value time. Common Port Apporach (Reactive implementation): * AC will get the discovery packet on 0x2FBF port * AC will try finding out if prior session information for the WTP exists or not. As it does (with FSM=RUN), AC will simply drop the incoming discovery pacekt and wait for the keepalive timer to expire for the WTP session under consideration. Once the timer is expired, AC's FSM will be in sync with WTP. From this point onwards, AC will start processing discovery packets followed by DTLS session establishment. Remark: WTP UP will be in close to keepalive timer value time Situation 3: There is one fully functional legitimate WTP providing WLAN services and is Capwap controlled by an AC. An illegal WTP somehow gets access to the WTP/AC's networks and can snoop packets from the wire. In such situation, it can snoop legitimate WTP's IP address and start sending discovery request to the AC on 0x2FBF. This is a sort of DoS attack situation. Seperate Port Approach (Proactive implementation): * AC will get the discovery packet on 0x2FBF port * it would do discovery reply. * LETS NOT WORRY ABOUT LEGITIMATE WTP'S REACTION TO DISCOVERY REPLY. * Illegal WTP in turn would start the DTLS session establishement by sending CliehtHello message (and fake IP address) to 0x2FC0 port of AC. * When AC gets ClientHello on 0x2FC0 and finds out that prior WTP session information exists (with FSM=Run), AC will assume that most likely WTP got rebooted and it would go ahead and reset (state=Discovery) WTP session information. Ultimately, AC would continue with DTLS session establishment by processing ClientHello message. But most likely the illegal WTP may not be having proper certificates etc, so its authentication will fail ultimately with AC. Remark: DoS attack was SUCCESSFUL. A legitimate WTP's session was brought down by an illegal WTP. Common Port Apporach (Proactive implementation): * AC will get the discovery packet on 0x2FBF port * AC will try finding out if prior session information for the WTP exists or not. As it does (with FSM=RUN), AC will assume that most likely WTP got rebooted and it would go ahead and reset (state=Discovery) WTP session information. Ultimately, AC would do discovery reply. * LETS NOT WORRY ABOUT LEGITIMATE WTP'S REACTION TO DISCOVERY REPLY. * Illegal WTP in turn would start the DTLS session establishement by sending CliehtHello message to 0x2FBF port of AC. * When AC gets ClientHello on 0x2FBF and finds out that prior WTP session information exists (with FSM=Discovery), it would continue with DTLS session establishment process. But most likely the illegal WTP may not be having proper certificates etc, so its authentication will fail ultimately with AC. Remark: DoS attack was SUCCESSFUL. A legitimate WTP's session was brought down by an illegal WTP. Situation 4: There is one fully functional legitimate WTP providing WLAN services and is Capwap controlled by an AC. An illegal WTP somehow gets access to the WTP/AC's networks and can snoop packets from the wire. In such situation, it can snoop legitimate WTP's IP address and start sending discovery request to the AC on 0x2FBF. This is a sort of DoS attack situation. Seperate Port Approach (Reactive implementation): * AC will get the discovery packet on 0x2FBF port * it would do discovery reply. * LETS NOT WORRY ABOUT LEGITIMATE WTP'S REACTION TO DISCOVERY REPLY. * Illegal WTP in turn would start the DTLS session establishement by sending CliehtHello message (and fake IP address) to 0x2FC0 port of AC. * When AC gets ClientHello on 0x2FC0 and finds out that prior WTP session information exists (with FSM=Run), AC will keep dropping the clientHello packet coming from duplicate (illegal) WTP. Assuming Capwap Keepalive messages continue to come to AC, legitimate WTP's session would remain intact. Remark: DoS attack was NOT SUCCESSFUL. Common Port Apporach (Reactive implementation): * AC will get the discovery packet on 0x2FBF port * AC will try finding out if prior session information for the WTP exists or not. As it does (with FSM=RUN), AC will simply drop the incoming discovery pacekt coming from duplicate (& illegal) WTP. Assuming Capwap Keepalive messages continue to come to AC, legitimate WTP's session would remain intact. Remark: DoS attack was NOT successful. Conclusion: Common Port approach behaves nearly same as Seperate port approach be it normal functioning or DoS attack situation. ------------------------------------------------------------------------------------------------------------------- _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From akstcexplosivemnsdgs@explosive.com Mon Oct 23 20:12:29 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gc9u9-00058h-Hi for capwap-archive@lists.ietf.org; Mon, 23 Oct 2006 20:12:29 -0400 Received: from cpe-74-65-27-152.rochester.res.rr.com ([74.65.27.152] helo=Bobby14.rochester.rr.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gc9u4-0002jI-4C for capwap-archive@lists.ietf.org; Mon, 23 Oct 2006 20:12:29 -0400 Received: from 206.130.114.186 (HELO explosive.com) by lists.ietf.org with esmtp (460UDIN4GTQ 80L97) id Y7HVT3-Z6390I-4J for capwap-archive@lists.ietf.org; Tue, 24 Nov 2006 00:12:24 +0300 Date: Tue, 24 Nov 2006 00:12:24 +0300 From: "Sonja Wallace" X-Mailer: The Bat! (v3.5.30) Home X-Priority: 3 (Normal) Message-ID: <135673962.77505917025756@thebat.net> To: capwap-archive@lists.ietf.org Subject: Hi MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------915348DA8DAF299" X-Spam: Not detected X-Spam-Score: 4.7 (++++) X-Scan-Signature: 21c69d3cfc2dd19218717dbe1d974352 ------------915348DA8DAF299 Content-Type: text/plain; charset=Windows-1252 Content-Transfer-Encoding: quoted-printable Bring back some romantic moments that u lost in past.Deliver the=20= ultimate weapon and youre sure to slide=20= in!http://Sonja.hertionkdesunkajin.com/colonel's family, that i am=20= strongly inclined to hope the best. could he expect that her friends=20= would"and what arts did he use to separate them?""i am not going to run=20= away, papa," said kitty fretfully. "if i should ever go to brighton, i=20= would"ten thousand pounds! heaven forbid! how is half such a sum to be=20= repaid?"Y>Y>Y>Y>Y>Y>Y> ------------915348DA8DAF299 Content-Type: text/html; charset=Windows-1252 Content-Transfer-Encoding: quoted-printable Dear

Bring back=20= some romantic moments that u lost in past.

Deliver=20= the ultimate weapon and youre sure to slide in!

http://Sonja.hertionkdesunk= ajin.com/

colonel's=20= family, that i am strongly inclined to hope the best. could he expect=20= that her friends would"and what arts did he use to separate=20= them?"

"i am not=20= going to run away, papa," said kitty fretfully. "if i should ever go to=20= brighton, i would"ten thousand pounds! heaven forbid! how is half such a=20= sum to be repaid?"

------------915348DA8DAF299-- From brjhxgrory@rasco-reininger.com Mon Oct 23 21:45:09 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GcBLp-000685-6x for capwap-archive@ietf.org; Mon, 23 Oct 2006 21:45:09 -0400 Received: from [201.240.73.101] (helo=client-201.240.73.101.speedy.net.pe) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GcBLh-0008SW-Qy for capwap-archive@ietf.org; Mon, 23 Oct 2006 21:45:09 -0400 Message-ID: <000701c6f70d$f8a9c930$6549f0c9@familia> From: "contrary" To: capwap-archive@ietf.org Subject: profiles Clinton. EDTAriadne Bob Date: Mon, 23 Oct 2006 20:44:40 -0500 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0003_01C6F6E4.0FD3C130" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 X-Spam-Score: 4.5 (++++) X-Scan-Signature: 4515df9441674711565101d9d5c4f63f ------=_NextPart_000_0003_01C6F6E4.0FD3C130 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0004_01C6F6E4.0FD3C130" ------=_NextPart_001_0004_01C6F6E4.0FD3C130 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Occurring of working abroad claim relating Last Updated pm Whats = Contact Feedback Jobs Privacy Policy hr. Enter select Copyright of llc Ohrm us Department Commerce of Office = Human Resources Management Emergency Call. Blocked Corey a Springs column gtgtcorey or Journalist is Posted Links = Seeded Since Football Votes Sitenews Type a Event mdash tue a aug am = Edtoddnews of humor is vandalism Spring. Handle pressure or heh horrible doing Edtjeff a Szarka Brilliant = dangerous suitable Edtvas redirects. Satirical art impulse annoyed is sabotage seems problem encouraged in = pains finger legitimate concern forum painful lesson Edtjeremy Seago a = ignoring. Acceptable standards Edtderek a um no vandalized guessing bit instantly = a caught watching noname senators fanfare or. Text pdf error a listed = Natures disputes reviewed accused omissions am reviews excerpts. Moral story researcher hisher papers or nor source condensed web tons is = content. That funnier triple itd essay wrote happen did creative course works or = abuse edits undermine Lets of realistic! Marrow organ duty full of consists of than of States District Policy = provision permits designated accrued agency! ------=_NextPart_001_0004_01C6F6E4.0FD3C130 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Occurring of working abroad claim = relating Last=20 Updated pm Whats Contact Feedback Jobs Privacy Policy hr.
Enter = select=20 Copyright of llc Ohrm us Department Commerce of Office Human Resources=20 Management Emergency Call.
Blocked Corey a Springs column gtgtcorey = or=20 Journalist is Posted Links Seeded Since Football Votes Sitenews Type a = Event=20 mdash tue a aug am Edtoddnews of humor is vandalism Spring.

Handle pressure or heh horrible doing = Edtjeff a=20 Szarka Brilliant dangerous suitable Edtvas redirects.
Satirical art = impulse=20 annoyed is sabotage seems problem encouraged in pains finger legitimate = concern=20 forum painful lesson Edtjeremy Seago a ignoring.
Acceptable standards = Edtderek a um no vandalized guessing bit instantly a caught watching = noname=20 senators fanfare or. Text pdf error a listed Natures disputes reviewed = accused=20 omissions am reviews excerpts.
Moral story researcher hisher papers = or nor=20 source condensed web tons is content.
That funnier triple itd essay = wrote=20 happen did creative course works or abuse edits undermine Lets of=20 realistic!
Marrow organ duty full of consists of than of States = District=20 Policy provision permits designated accrued = agency!

------=_NextPart_001_0004_01C6F6E4.0FD3C130-- ------=_NextPart_000_0003_01C6F6E4.0FD3C130 Content-Type: image/gif; name="regard.gif" Content-Transfer-Encoding: base64 Content-ID: <000201c6f70d$f8a9c930$6549f0c9@familia> R0lGODlh6AEIAof2AAAABYsIDgt8C3SHAAAAh4wMfACMfMTMwrPfwaXX/DctDlEuAHsmC58nBL0e AeIfBgZEACk2Azk5AGtFB4I4AKFJB7E3Ceg7AABdCRVqC01kDF5hAINhAJlgAMVqANlbAAB9ACl1 Bj5xAG51B4V+CKF9AM56ANeCAACeAB+WAEaaAG6eAHKsAJmcAMSqA9KWAwC4BRnAAEK+C2HMB4m9 AJi0AMC4DOLIDADlACLgCDTUAGnUAH3nAJLjAMjYAdbXAAAOQCoASE0CTWoAP38AMqIKTrMASdUA RwAoRS0qM0sRSGcoP34bRqMVTMYhTOUVRwRISik9PjUzOFc0PIFKTKoyTs4+Su1LNQdbMhdcRjli R1ZRPIFeAJVSOr9eQ91nQwBxNi2INT6LTVWDPYuCSpZ6PMNzPOqCSgSkNSGbNjyZTVmpN4GaQJuh Mc2gQdKuSwDAMinLNjHIO164P3rHPpK2Osi7N+G7RgnTPBnpNDzYS23VP4XnRJbrPcziO9TaOwAD eh4CjTsKf1UAcXwAfa4AjrIMeugGcwEqcyEfgkomjWsRgHkYc5orgsYeeNYVcwAzeypNd0E0dWVD g3VKha42is1DhNY3fQlaiCdjjDZlcWdScYNshaZRfLlejOlRdQF5gCWJd0F2g2t/gHGKiZWNg75z ceGHjQ6uhhOkiUedfFSggoSlcpiUe8Kpd+aSjgC6eyXGgUDDfVW+dIK/fJe1ebS3iebKcgXdihjX gjzRgmPrfXHYjZjVcs3hcufSdAAKzhsHuTcFtlkMxnsHs5UEu8EJzOgAzgEgvyonzEAttGwRyIMW vq0Syrkmte0uwwA+uhs4tDRIwms6zIRCuKc5xcM2vNI1ugBeuxRft0JmvGtfv4RSvZdjtL9VzeVZ xgB+wBmHu01yylR8uX2LspJ+xsaCvNd+wwKnzhqVvzyZumGsxHacxZGWu8OtuuSUvQCzthHEsUvO zGrHx43DypO2vPn//piZr4J8dP0JAAD/APb5AAAJ/fED8wD0+////yH5BABsrUEALAAAAADoAQgC Bwj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3Mixo8eL9kKKHEmypMmTKFOqXMmypcuX MGPKnEmzps2bOHPq3Mmzp82PQIMKHUq0qNGjSJNahKN0o8+nUKNKnUq1qtWrWLNqNdm0q9evYMOK HUu2rNmzaNOqXcu2rditcEfWqhW3rt27ePPqxetW6Ny+gAMLHkyYoMzCiN/uXcy4seOciSN7fUy5 suXLISVrToq5s+fPM7eNfNimoIDTAgSiPj0wdet/qE2vVk3QdWvWsGPL1q2at+7ZuWevtl17uG3g u2MTTz2ctkHkzXsDJ765etg+1jcuh13bOXfvr18f/z/oenv38Oa/b6f+Hbzp9+HPwy/fnb35++Sz 69+fmH172vTFJyBz7qGn0HrPOWdfgvLBVyB1/gWIYIMAvhfhWdjxp2FhMl1Y338g/kegfwoe+OF8 DzIoYIMLUnjbgCAuCGGI34Fm44047nQcazPi5uJ6JHqHHIwt7oibcTEilN6KSPZGpIPiWRidazlW aeWVK/VoYZLJ0Rekh7f9xuCFLa4II5Q05hbmkWhypyWDWMYp55VvRimiigbmh2eIReZXZoHg/Umj hHvKuCWccyaqKFwUTViikHnK5+GSg0oaKJ8uMvmjngFuGql6G4Yq6kLgmNVcdHeKiSmTR/JmpnRG wv8KK49D7hlchKeeWJxvvPaq6qjABivssMQWa+yxyCar7LLWHcbss9AOtuhN0VZr7bXYZhvZB9p2 y2FMH4QrLrfcEkRuuAKNi5C66Zab7j/jomsQu/CKO5C77+Jbr73z8gtvQeeaCzC97w6MLr76xivv vvoCbK6/Dy9McLsB32uwugkzvHC7Aiv8r8UKN2wxxQ1nTPLIIENMr7ssCzTtTxUh7PDHMs9c8Mbk LlSywB+DbHPPKJebMc4/t1xz0AmZXHC/QvOM8r9Hj0z0QVFDrRDRIjft9LpaL+01zTwPLXXYSHs7 UdVai/x0vj3nnPS8cIu9NdBtf51zy1sbvTbYb+//vbPbc8tcNdh4w7024FTXnbXdV/PNeMdxO4z3 4kur/ayzQJvcdeKSK974z2xDHrjNm1tduNd6f23156r/vW7RmRsOuNpo09156P0azvnmSuPus+iO O433y1g9HXLlELfO97kT73z774dfHH3aFxdeer0MDZ51whujHvvM1HNOsr0ekw11vPc6rzvLyWt8 cOQdq+yv9S4Tb5Xx4IuvvN6W2+468I8bG+NSh7+6+c92sANd+vQXO+1VDoHfg5747sY13VUPcb1b HQBXR7sHFsx+9/Oe+UD3P9Oxzm90Q1wKSTdACX4PfQeEoAjn5sIVStB5BExgDYWnwRGqTnaj22AP /zVIOfr9A4RVKaAAHShAjvUvhh4MXgTLZkCE9U6FpTsdCWlowprxboo3e9jrpnfC9wGRi/mLng+N ODk0FgSJMbFI7fg1sfRJTIzlk97JImbHg9UxgvMTY8TkpTSMobFk7bNjH4M2v/aRT5AWHBoMjce8 RyqxbwyzYNuSF0ipddKA2MKc2STzxFGmBY5TMaVmSqlKs6DyJa2MpSxnqRFR0vKWuNTMYnLJy15+ Sy8BIEgwBxLMABjzmAUZpkCKqcx/KPOYzxSmNKdJTGIic5nJzCY1nblNbkLTmNrEZjXHucxvPhOZ zfTmN50JzYOg05wNASc52ynOenJTmPKkJz7Xmf9OZuqznPwEpzzLyc5/FlSfBgXoQBWKkH8itJkC DSg/s/lOaiK0flCZCESlmc5wDnOhH53mRsk5T5KGtJv9rGY0OaqQkdazmAZJKUrvuc2O0tSeDAGp PU+605j21J0ztalPRQpRmOY0nDf96U07OtKmFjWpNdXmR5sq0qIcJqQnFao4o8nVoWIVpy8Fq1FJ mtSulhSqUr3nRpnazbJCVaYzfchYxzrOr6KVpy0NajzT+lWtRhWpbmVrW9lqVJhq1aVbxaZZh7pL u+LVp2tVqVcVC1bKitWtcfWmRStbVbzSValk/SxmM7vXxdbVsjZ9bEP1etTOUtavJh1qaN8KWNr/ Flazq52tWmkqWnE2FrUKXSg704rbquL2sIMdbXDzeVa1rpOvYcUpYpfrT3TWFq573a1gHQtUhuaW ugcVrm5vW13xgla6FJWtNZmb3r4+d6fw3K121+vbqFBkrvJdrUsNO1nTIpWwgJXpSi2LVpYSeMDn Dax6adtWgHq0uKf1b2WFOt3eLjirdl3IdJULYc4SWLLD7fBfT8vbDqv2I84aqIrzWuLXylbFft3w Z7Hr3GseOKfn3KdwZZzeAF8YIl0VbIiHXNsCV7jAPnbuhxPCY9Y2GMQGZi5yxxvWGddXL+j1cIuf ulTS/ri5Ql7yYmE7WuzSOKVhTm2RmYxP0NKY/8ScPTKZMQvg1sb2v3f+K1V73N0se9azb9xLlsNr 5qWec8drFquNHfzjQq930bpVLlOty1GJmnfRczbpoc/sznxCesSKfe9/BQpZUQ/20+FNJqoPqmOy qtOhQSW1NR99Uqn48ta4zrWud83rYNmy18CO1it5EuxiV2vYKDG2spfNH2fx49n8EAi0nz2QaFf7 H9AuSLaxvW2CTDvb0zaItaUdbnJHm9rXNve4xe3tb6/b2wh597m1Xe1tu1vb5ea2tfOt73HnW97c hre7362QcAP83urGNrzbfW6E4xvdChe4w8m98H6nW9oL9/fFrY1snUQc4+ve98YPIvKL03vk1//W OMohHvGQk/zjJmc3wWGucIDDfN4JcTnGb77zirec3izX+UNsnvKXV3zmRGd3upM+84AvPeM+L/nH Vd7xnCAd6D2n+c6bfvKeu1zlT6950RmCc5/L3OhjT7vZu771rLtd62UH+dTXXnClq/3tUme71vFO c6FjXe4nF7nUwU71qpNkIlcXeN+NzvWom7zsNhf83eMN97on/u5xj7neS07wzp9d8WDfe87tDvi1 Z97sTfc80ymvcc//fPAoFz2yZOJvah/c9V3nN9v5rfLIt13s5rZ70nMv7nsfvN4N173vE175v489 740nvbrB/W24N374ms+836EOfO7jnPAoN/z/TY4Per2/XfQ6F3refz537Qvf/LGPufvJT3nuOz/7 i2893fVtfvrjn+vYx3erh3bz5nqQN3del26o5As84X/At33nl3pHh3zotnz6h33Vt3/9hnul14Hd h3a/d38C6HxxF339J4LNJ4H7p3q7V39ih3sQF3Sxx3HiVxM8l37xF3bnx3Mh2IG9125ZN3wQ6HZC mIBBKHs8yH49eIRGGHJDWHeot3dEd3k7mIShh35AmISLJxE1aIMb+IVH2G3BZ3EueINA92+2l4Vg KH8ruHm5x3JfOHFraG9iiIZw2G1OqIE5B25naIcl+HB6qHxwiIX1RoFuOIMK2IX2wGyM2IiR//Fr jhiJzaaIlFiJlniJmJiJmriJnHgVkviJoHhKnTiK9hAEpHiKWhGKqriKrNiKrjgqqBiLsjiLtFiL tniLW/GKuriLvNiLvviLwBiMbYGLxFiMxEgQfyCMyriM/5CMzPiMv+iM0DiNuiiN1HiNq2iN2LiN xmYSf2CM4BiOqPiN4liO5niJ5HiO6riO7KiIOtCO8Hgj3DiP9FiP9niP+JiPwxhHoXISXMgV+ngU 8dgSouKPEWGQAWlV55iQ1pEPDOGQ/AGRuggAFAkAA1GRF2mRAkGR/1CRGrmRH/mRHTmSG0kQIhmS KJmRHemRSZEPLimRLzkQEvkPLwmTNimTNv8JkzJJEDE5kw5ZkzsZlEBZkz/pkjhZlDFJk0kZlAKx lBA5kw/hlEDZlEvJkz3plDtZlVOpkzQZbIchkiUZlhwJkiRZlmO5khdZkmB5lilJlmQJloYBkBDh j1DZlU15l0z5lDdJlUKJl3Wpl1nZl4FpEFxZmAVRl3iZmE+ZmFHJlHbJmIR5mILJlXlplz55RAO5 EnC5liNpkZ5plmKplqHJmRpZmqPZmWWZlphZEv9YEn8pmZcZmD9pmX5Zm4i5mLjJk4/ZlbcpmLSp mwdBmXdplFOplMMJnJUJmbUpmbKJnIrJm5KpjhOxmQXxmdYJmiRpmqgZliYpmtkpmtaJkdz/GRR6 OZu6GZvHOZuLaZlGyZfBaZu7aZ5+2Z6KSZ/sSZ9V+ZhQaZ46iZv7yZz6+Z73GZ/G6ZwBap/KiWsy QZ3dqZ2eKZ4rOZZtmZrcKaHi6aAUGpeseZAmcZn/iZ7Q+ZtbeaACepMeaqCUKZ+/KaDPeZ7POZSR iZzCGaPH2ZyOqZTtqaJdORURUHUUwaDf+Z2cmZYnqZrdSaQNeprVWRSGuZwtup4qyp9O6pshuqK7 GaBOup4sSqDL2Z8G2qKM+ZovOpmV+Z9cymvOwpIgGZJLOqTeWaEGUaRy2qZqqpEI+RAGWZxSSZxY 6aKDWaU+SZznqZVJWZxYypt8epUIup/2/ymf5XmlRwmgVJmjVpmoKYqjNZqcO5qZKlGQcomnnypL iDksECmdDLkZowosqXqqrNqqawGJRHGn/ciptJoXrnqrqvSVGMmmbPmgZxmhRhpoGwoYLKmmoImR nQgAtaqI1FmaKcmm2AmXGHV4xLqkoYmdybqsiTKdcSqkqMmrbWqtkQGk33qkZiOtA/EDuIoUEHqs 33qh4WquieGsn0mkbnqu69oRogStQVqv24mkByGrazGnSFqkq8mJyqqtWHIR/Iqh0Pqw4jquANuv wYqv+eoVxoqd9vqrEFqn1VGsHbuxrYSuF1uyyEKyJusQsDoUAqshVnEHV5KwCotKG9KyKv8bqhMx szq7Sy6Ls6A6rBWxs0LLFz0LtBxqtDk7tEoLGRLRqxnJr53ZrmgJp9W5q3HKsbuasewaseaKsinb Swvalg8LruPJsRl6r9HKtRpKrUnLmnUqrRY6rUs7t1Vxnf4Knm9KsXl7tvL6r+MZljbbECdxt3wL rXR7uCurEHZLofV6naqpnX/LtxVLr2sKtUTxq4xLtV/Lig4br2hpsBlLrmXLtYTbFGZrkh67uZx7 rRA7sZCrsX3rps3arVvbsF2ruqvbtWzZoCFrpOgKsr2KkhYKr0ZhrMQrlpiLu2DLj5OItD9LrV6r EIg7vfZVtGzbmtAbtDnCB9Qri7rks2D/0b3iCxPKW77me77YGLYcKbW265G+ur7BKqfBe7dgGbgM i7oHQa8WOb78+xRwe7t7O6T3CrkDLKzXuxHF+rcSurb928A38b9J2rikK7msS7vXar8/mrbWKpIO 3MEPfLoRnJ0XOsL5676su74mTJIY/KMnmbyUe7Ae7MAW8boFG6STS8F6m7fRGxSYK7o7jL60hDml i7c0LMARS8ATG6QrnMGge8Mx/MQxMcIu7LvAC7+jK7KVm5raucQRYbxj66tyC8XjC2w/DMRpYQVC EQFdkbiAwcVNq71i3L9mPMd0XMehyMbSAr7Sq8fYG8d+LBJSG6FrabtP67RrWrUonLWB/xzGmXG0 Byy8iOysjPzHSzvD4trCSWrBbmnDaBu5ShG68krDdjxLQnzE1+q38VvBOJzKDCwSfezKe6vFR7q/ lDy9LHzITSzL+TvLh4y87xvKpou2xFvGo6xrBSzIfRu/8Aq1Q0zMPGy5mezMxXxrsnvFGaq529m+ u1yxR+G4qSzK05yrUezCvYvNAPymwvu+zGzAo+HI7YzM8AzGbnkXGVDL4JgdbjwQsirN+mzPh2ts /BzOt4THiZHP+joVx+DPtijQDN3QDm02pXzO6izI/trCHQvJqJvIGl2/fNwQ6ZzRWazQtbzJmku4 RqzJU8vJanvNBh3J15zEIk3JqFyuRf/suaast6J7xS3tuoqbmjH9x6a5zNksxZKMELncu4pssIDb 0QsRvNssnj9Nt9OptYubuZmsyR67zhB8ucKM0iUrB8oW0SFc07xswQSrzVg9yffbxP8b1XNryWZd yBMNzVpNxRvNyh3xtryqyA+tSrPQz+Rrve+cwRTh1pXcawHd17Fk2Iy90MUyAood2ZLd0I1d2ZZ9 2Zid2Zq92Zzd2XVRLA0w2dzowO/g2eIo2qitkKa92sOW2q4dFKwd2zT72rRd27Z927i9GbK92/aT 277tzrwd3HvhCMJd3MZ93Mid3MrdE8KSab+9issd3dPy3Gqx2dQtipl93Wgh0xRxCN7/fQj/8N3g LRDjHd7h7d0E8d3krd4Fwd7mPRDlfd7gLd7jLd7pDd/4vd75/d7kfd/2zd/8Xd4CPuDubd/xfeDo Td8G8d/yveAG7t/ond4RDuAEPt/3Dd8Pjt8KjuHx3eASXuEWTo+H0eEC3t8BvuAmfhAlft77neIn ruL7PeD+3d4z3t8HHuMYTuMtTuE67uI7/uI9fuP1jeM8DuBFfuE83uH5veJAPuT3zd0RoeRCfuRL jhAkbt5O3uJMjuIWvuIlfuUaHuYzHuLvfeM+TuVobuRGLuVaXuY+TuZYjuI/vuVwfuFZbuM0Dubz KBP1neAQ3uMxPuFv7uZ6TuGCjudk/37nbC7mcT7mL27mak7fhb7o6l3oKS7pHr7mSb7e873hSI7p DM7pO17nnV7pMAzFEzHlYQ7pc47keK7frq7kmt7lHM7qLl7qdx7nie7eQN7msS7nr97qt97os17j wR7pbS7rxH7lzA7o2zjijO7kW37meq7ogC7rzR7ikL7oxw7jtH7kth7urk7k037pNc7k1n7itt7r dV7l5v7usg7lEmHgBa7hgl7pvM7hvi7ql57v7w7uKs7elt7kn97epq7lE67sDO7v/77s+l7rHw7n 3C7koY7uh17v467dGr/xHG+P0v3xy3oCII8jPECLHX/yKP/cI7/ygpby1M3yMB/zMv8/8zRf8zbv xy7/8je/8zzf85aR80Af9JLt80Rf9EZ/9Eif9B4sA0rf9NQrCbWdA0I/9VRf9VZ/9Vif9Vq/jccw ygQN3U4PQgn3bykXdDFocAx39mkPhrxHh7WHh+DHhxtXhxIn9wiI9mEv9lMYghbYgsXHhm0IeOtH cXxP+EqIb5g3cgAX3KpAjBxYgFF4+Fr4e0VIgOxngD4o+LL3fZUH+YuX9/azb2lY9pt39hW49nxf gXAvb25viJTf998ngy+Ihy+IfBgH+sTzdeXHhlcIgbr3gX5f+3hnbzxYe1po/Cx4evOG+y/TfmHX +0u4fdK/+RPIeS0Ie8X/eIqHdcr/D9jMv60WR/YgJ/s1Z3DUZ/flr/rnz/qnP/7of4Dv7/phKP5T R/zfvyjCeP+Kkv/6TxlbDxD/BA4kWNDgQYQJFS5k2NDhQ4gRJU6kWNHiRYwZNW7k2NHjR5AhRY4k WXKhPZQpVa5k2dLlS5gxZc6kWdPmTZw5de7k2dPnT6BBhQ4lWtToUaRJlS5l2tTpU6hRpU6lWtXq VaxZtW7l2tXrV7AtAQAIW9bsWbRp1bo84HQs2bVxab6Qe/NgA5N59e7lyxdAX8CBJb4QrLfuYcSJ FU+lu9jxY8iRJQdtPHllYcyZNW++sXmhNM8Gp3wkHFqkZdSpVa9WbNr1a9ixZc+m/13b9m3cuWnz 0d3b92/gwYUPj83a+PG15JAjJt7c+XPo0aVPp17d+nXfMrD/Y7Xd+3fw4UueEl/e/Hn06dWvZ9/e /Xv48eXPp399+X38+fX7HMJTtsv6Ajxtv6wENPBABAe065+/JGpwoAcfipDBggCUbSzdJnRIw444 DO0vDQk8DEQKC3qLwwk9VCjFCluC8MUTTYxxQxkxXLHDB1msSEeGYlRxxxJVnDGjIRciMUQR5WLQ RoJ+LPHFiHgUyMInSRQoQicR4vHHLKPM0USOupQyzCu1/OhLGpFMsqqJjmzyoLfKXBLDOJm00c0n 5+wRRijl5FNPPZms8soGj6TzTv8K6yxU0CAJfbNJRBvFc0ZEsawxx0gLfVRTEDtlVMM4AQW0yDwX 9dNNUxMEKSc/oayTzy81LXXJMnmkMtFTIVU0VzT7tLJTOWOVlVM4gwXT10YTJbbWWkGNFFdmkzUW V1nzHPVRaLO19M9lUS1zzbgSsjTWQYcl1EpRobz111D7zHXaFEP10dU/k60WQnmP5ZXacmF8Vdx+ mcVTYH4HLXZbbQ1u1dNuqY0T3LVujLZgaBtGE9R/1pVW33cDdnfWaROWFuFsF3YVWI/RtRZMcoNF GVJaK/643pQVNphFYlWGWC0j5c3032HpRPbcjF3E1kMpfb7XWXQxrdbcdkHGUun/oS+mmumnie64 6omntvPOrxf9NOp2yRW76J3P+s9oVdPrEqO0pWp77tzeplszVu/We7a4zdr7b8ATzLshu68rnHCP Dje8or4lkxDbkg0imfCoLXqb1FZXrFxyzZE2EyKytfwaX9J17RwjjEUffcrGwRKJ5CwnNzJxGjNf +fPbZx6aY8hBd/RGi3EH+EzhSw/cMJxiHrLIcedMWmtSt3S+dENRrvTo3yl112qioz9211HLXlZf J3+V9HPMzwZ79Unv1V3W1iGrt2ldX+3VeaG7rnHfaK3/+OVz4Yxe8fqUwiansqy1DIDbk5jFGDWy 7xlLgcp7E4qKVaL4fYUi/xKZ/8nox8CW5Y5+wspfyDhYtRKO7135spkA6aW/eXGud9iTmfuytikJ +iuF3bvgpY53IRgyEFZCDKLtilgyF6qQfx9UWcBCKD2pzQ9kM7zftsxnw63Z64hO3Ji1ZPdDz3BQ bLBTVgFPNkYfBnB6PIQeG+uHL4ZRUXyespnW2hi+sK2MUs9a4+piBscW5o9Tc7yZICV3QsWBMUNA alMYo5PI110EkoqcziQhOUnaUVJ3muRkJz35SVCGUpTiyVsix4S43t0KJJj8ECgzeJaBwdGCM9xT KtlGQlaSkUu0HB6ZDrm5XsqyQ+LClMQkBEyHvNJvmysf71D5MSo90XKQix0vi/9HpB76zpqoI6bx uAk3ZYYllij62aFedr2lYSiaUoQTGtUIwjUKUWljCluqlgfMJK7vj17UoTuvBazQtY9g93TmP/uo znA2hZGb2uEIQ6asiRnRTDecKDsDKLQqnsihJhsgt2r2y0PxT4/P2mjCMsW5cVJwgjMTlkhHyZDB yTCIK1UfII+lMX/+8qMebGEFLVoqMU5PmjLtmLkqesSS3k+LgZIi82T6wWQl1HW9dChNz/fQb7FN ZhwbH1Rn5dXm6Y+IHvvoAXfXRJ8idadRrGFTizfUQUmVKYmjWpCA5jKoOq12etyf1QTVPO+d8Z3C xGNN8bo0ruoTqPU8aB6/+tf/7zVUsGlkYWNfaiBWzm6D04xSX07pm8xelpKWbNMDYfPZ3oT2kzEV 7drk+tqrtLY2sKWtUFaJOtWOVraBY61H22nabeYFipJU6htnWTiNPrN3Daptc6PSQNztEjMYUy1w l5vNznJWXc7lLlOgRqvA2lVg5hzvOf3ps0P+zrdl/OMDv3tAe7Irp9tbX9DMaaru5jcp793aBE/a LHilFYlGRKsBl5o5qDENwVft4Fn7JU3m6lfCRPGW+RY2z5ux075kjV4JabjVs70xciwDZFfraGCz uRVtE2axT8DbMI4SMYEvvCLNjnu7XlnYwjzd5XdNylJkpbiILSaySjYb4Crq/zTHJIXXDvG4P74K 06ihG2Ia7dotJid2xkJ94W69/OWR5BbM6OntmEmCzIEUWc1lFowqzUzmNe/kzXOms2ZMWVDNukbM wtVzdutMnVgO9rp+3tAJQVdMlCK4spvsEZqNOUwR5xlg7rOp8dK3aIn+eZXulXTuHl1L3HqTZh/G M6gVt+f/MVrVOLzg1HaXxVVreiMp1emV6ci+rXYajXsE7I897MSQCtmMLlvhhi3LPvTKE9FWHG88 TfhQhMkXvFVWrKwJjdcH+3ZcSjzdjyM60GyzV8jP/i9Pr5ozFQfv22ENK5IhWOkDT5HWLWWwtb85 U2270dEVHaqOTLzjdyJQpP9O7Wf/7JfuZkmWmsf2qbd66jXEElbgKcM0QUJgb236Ot8m9jS/Lcps jfNTwBAsbobT2u6NqjCEK8RhvFTaX2jX0YXkBnKd2SzxcupY3y+KJgtjyN5Uczly/s75YiMtKq9d OeBNZuLRr0a+HMZY4OmLrH0RSN44y7k8qB4O1zH+dSJZ9zxeB3t4bt4RN5edlFl3sdrd/udSQjrN Wg0z2Rt5571UMyR23ytB2B6VcWJueBPqOXIft3Au7dt3eI+1D8W0p9iJPZuJl/zhOfT3nmxw2No0 fMcXGuNrYpPxjXQQ5GvZeVDPOtOyzgmtuaXPPK6zSuqDsU3L1nDIkvhaCXf/WhwrtmwJztGs9xSk dEX9tBCblo415xe7Aj6wv2DeP0eun//EunrTRR3LUCfgwatOQbVC2KgEU2v2k5protI3dVMcdZQh Cv6Uf1vTNx/u+OW0zt5rMVVB5moXUa5ib9OWq7GTtWo4txI8RWu33UsXrFq/vAoqH4sJZZA+23or B8MY2Yu47cOe51EquDo/CJMn/fspA8Q3KmK1ABMZB+SdD+TAqKNAnfAl9bsjBuwhw0I3L+Kjr6rB n0O6oBKqRXs68rM1EWMioNFBy0Kh5WMmHsSwjGq6kns7KSQ96iu16uC7KaQzxVOd9sDCLPxCMHSP swtDGCzD6ZPBzcit6uIL/zNsw+TpuwJDGuu6sWMyNO3quy4SntTpEjeEwUhiNM8RIezKODW8Nkpr J+YLQ95KHgxDPDUKLL1SHlNJPnySOKUrpPuyPX+BGYI6ueyRtjXqQ1GUCbjCH+gLpBzjp39jPnoL wfAbtS1jNnarmVGsRZcoxV67vg5qGkMqxaJCMQAEwQjivaO5QVq0xayjQrAqwQYbP51bRdtJRWkM xprxt/bbwbbSRUUEo8rSpUeUMTtKvkssrmmsNF4zwvxTxcniqHwRR+zbRvYYw2tzDi9UEGRUM8DY wgypPHjsR3/8x7+5R4EcyKEASIM8SIRMSIVcSIQkSId8yBhkSImcSIqsSP+LvEhOgkiN3EiO7EiP nAmMDEn1+EiSLEmTPMk+FEmVNA+m8ASUfMlXWkmZBA+YrEmbvEmcVKaZ3EmLjAWeBMicDMqdOISE +klA00ejTErT0Ch+VEqnDKOmDEl5LA6hrMqy+A2rzMqv4IeB4EqB4Eqv/Mqu5IewHEuvJEuyNAi0 BEu07Eq3bMu2XDGtnEuimIiwvMt/KMuzdMuC2EuEKMu85Eu/DEyCAMynZEhWAcvAHMzF7EvHJEy1 jMy3hEzKDEy6vMy6tMvGPMu1VMzCfMy8TMvPDE3PFEvR5EuxPMyKTMzNTE3TBE3XRE3KLM3WRM2w xEzcnIrWZMzBNEzfBM3/0vRLvDSI3CzOM5SI4ZxNs1TLtFzLg3BO53RNtmRM1ZTIqYQNNUsG49wP rNxO76yJ6gxP3LhO8RSQljAHP0w9zxvEjKukfPy8YLotlzuTx3sIItuRSgwu9qxBK3S/T6OdQ1y4 2xq501OuT7ObiSMePMS4ZtLP9NPPBn2NAB2rMCu99bxQDD0YB63CTrM3crK6QAE+gDssKdOhaXO+ dFk+24M92gMwsCGsT+w+g4tF+xE+ThQfK2PRCmImlSMvh7GesQmxbOtEBAxInDAsitG5TRwxkqPG lxsxtIq2ETyfKespK32/i2GwU0wyLuK/BvvSISS5Kl1B6cky/blPCzVB/xDTN+UbOJNLIEzDIi+F sUn5RnYEx1TMxiS1UlziQJ/TvRycNw1rQFj8uJ0bsxC0Ko7bQyfNtSglNSn1MRyMOLaSNwPT0y0V Qfkjq3Xj0wErK5jr1OursXecm1Kqq11juks91HM0KGwLqCC9IzpdqkZcx6WDN786RWdTwb8ipCCU OYwqxhsaJAKKRjHyVZ4bxbKrx8Yz1RZDyHpEyvKcVmqtVmttLfK8DSwssE5iVoTgyEyKz1I10AY1 POYpJoeDQ8/7otkwvnVdvajsz7IbwwhV0FWb0PQiJ0vLUArVw+cgQOjqJnvMSUl80ZczWN8Dn4Ld v4KVkXjitDhsvoKpVf8eY8LJujRKhD0TxTUVLaMkaiOAstgWzZ7fY1i5xEloHKQFiz9MFTkuXang E6AKC0CIC9aEM8W1ilRDlVTwEzBZLBdnHEaevR6issqfk68HzFRJgcBhrFTfuyhNnVlcZMYO/Cmd TcE17cGZi7bzA9b/iqOVSxejdUFLpdKNI9suAzkmHSv+Ulr201V40sWrrcaoWzCr9VmTe9spdSlz AdfSajqmEiyWRVI5ZUK/OpjNk1h31NunVbb5ejKgTVV7SSHI4lJsw0bGVdXDXcBrhQ9M8tbOzYts VaTPDSWrDF0j5S7UXd2+6C3QtVfieN2uu0MqnIj8+ttfKwx27TJErN3/vGvXDuXXAx3XpuVQwIkC +3zDKMzH5cUqh8UN2Z1HeaVdfB08SbKI26W+ToSZQjI4nNM9cQxZTlM6jh3H+VIUZGMssgkpkFWv FXUvd0JYLCXWkV1Y983EGHU5Iv2fujI/adWtJWo1/dvajcFBLM2iKq0hbmvGOaVboQXamJPbIlJZ dVTULXo3Ce7SJppabXwpaaycdrTTnSO4aRMrD/xTj+XUH0xboVPBB34iKmtGpm1hvRpcGnZZwdXU FB66u+3gUSrHF5a6CzY3Fwa9Z0RbLU20iGpBGitAN8VTITbb/lniQuWily3UMoVi4gVgTIQyo0u6 JGRHPlrGfAtc8wUr//w1413LPWMDY01MwDf1sJqyKjVe2Ry248vFsf59Y+EFjAkwjW741jfUXeyI Xm4Miey1jf8FDkM+nkZmXUiOZElOSgTdUNi1wmj1jkcWDDGLV9J9nOr9Q/aU03Dd4uClpTVEQTSU oc6r5P+cXlM2zyMF5VhWvdALZY0gu3ot5TzEJus9vFV+UHElztfCXUtTWYwlWZO1X0ELXPTSHuL7 0PYaUxvl3j1SZkkkxhClnmRzlO3tnkhU2E88UfXaFSNkGRslIXJ+Qlf1JJid2H49YBzLWbydMV/E 2j3lYBvWQaVVNx7uUnfzYRCbuSlFLFfk1SqmN1VpvYJjKooK1NmLVf8OnuAqA1Na9VGaNa7XczKH 3rgZZmGCW1RjVVI3KuiAclL722CR0ooLSI2Vm1S29WFozNwpHkLADegjzuAA5pp8rlsVdqkmBmLt YzmQG9FX3GlRDSHYUkbo6UX+RVIG/MEOA8WQI0K2IlxelWgak2MeomOpBlQhvejFlVWja2c3zuo1 ViIHRMIDGV1N7uM0hVbbTcYu9OS/XUhIYjtX+s6H3Gu+JsjYqM/3LNW//jvflV5bPmX0yeW1nWT6 cGtYNt79DD3t4sPCpuvO0h5i22aDAuHz8uwS3WxDATp0GhvyQzTHjg+GzlIfE9NM61qwrmnrg8IJ ndmHumzMXryO6iP/mmMphYNo1hbhKUMkJQO6XQ1PKWib1d5t6gLqn81gKIzil+4/ifW/k8VtUcwr 0/E5ktJqEvVfgC3p6mHTYtXVfMHuNUtt9V5v9m5v9/YN9I5v+Z5v+q5v+75v/C7mvAiH967O/P7v uuhvAR9wAsdeAD/wtChwhmwFBW9wB39w2kBwCZ9wCqctCL9wDD+eb8hwDu9wD5eOCg9xER/xnflw Ez9xaqWC1S2EBtcHFH9xGEddyE5KEm+7iQAHHAeHf8hxHN9xHjeIHB8IHRdyguBxHR9ygTjyHxdy JO9xJN9xKGfyIJ/yIPfxIy/yIu/xJNfyKE/yLOfyLW9yLC8ILq/y/y/vcihfcjQf8h83cisnci9/ cFZ5cjSHczKH8zIHcjtPc4Qo8ysncjpf8ziPcjYfczsXcx/fc0Tv8kLf8y3Hcz1PdC9H9Cf/8zuP czEf8hqHikAP9Dqv8ytvdEOv9E+fdD4n9U4fc0ofdFBn9VNndVS/c1JXdUyP9D+3dD4H9INYdVO/ 7k0HT4lgcyc380+n81svdimncjB/dVzHdVgPc153dVHv9WbHcmMXdFp/c1s39VjHczBv8mX39BgX dE9PdWtn8kgn9z6v9W43dEKHdGyHd11/dEVv9VlP9l6/dHBXd0dfdGcXdwKf83m/dIKfdnPn923P 9Xyvd0av9X4/9P9nh/hBN3h3P3Z9P3eHl3aJv/dfdwpot/I83/WQd/WGB3Q1b3WQ//iJH3YtV3Yl Z3kpZ3iVj/mPb3OMX3Mnt3ZiX/KT93c77/iIHHehH3qiL3qjP/oxA3ikn8iT13Z1d3NFb/Oet3mT F/Zld3qe33k/B/cpv/k0Z/mch3Wt/3Krv3eul/mUb3ilV/Cc8HlMz3RHj3d3H/VsB/hot3RRb3Sz 13l5R/iJR3eNX3e3v/eSP3ag/4kb9/pXR/mK3/V1j/hpn3u8V3tZj/inz3i/L3zML3Vqr3yZL/TI v/C2V/xjv3aCT3uSX3mep/mHh/uF/3rT53eLD3y6f/cwZ/3aH3j/nP92Ij98G4eIds/3cE/3Uhf3 Rbf9xtf5lq/ya//3et93uS92M296xpd43d/7v1/67Nf8hz/9cn98bD/47I/9jbf84Kf4ua9+8kf2 8v/8uOfwtid2rJd8IHf548992Ef9M6f9/S/53QcIcP/+CRxIkCC4ggcNLmSocOBDgQkTQpzI0OBD hBEtOuQIEeM/eyJHkixp8iTKlCpXsmzp8iXMmDJn0qxJ8yLOnDp38uzp8yfQoEKHEi1q9CjSpEqX Mm3q9CnUqFKnUq1q9SrWrFq3cu2q1SbYsGLHki1r9izatCr7qW3r9i3cuHLn0q1r9y7evHr33vTq 9y/gwIJz3hls6fgwYL6KFzNu7Pgx5MgrEVOubPky5syaN3Pu7Pkz6NCidUoubfo06tSqT49u7fo1 7NiyZ9Oubfs27pCrd/PuTZOF7+Cqxwgvbvw48uR2czNv7vw59OjSp1Ovbv069uzat3Pv7v07+PDi x09Xbv48+vTq17Nv7/79cfLy59OnDP8+fnsx8vPv7/8/gAHyVR+BBTaHgoEJKrgggw06+CB4Ako4 IYUVWnghhhlquCGHHXr4IYghiugWhCWa2OCIKaq4IostuvhiXyfKOKN8MHLIBhs26igSjeDheBQE PYa3o4U5EkmkkEkqiV1AADs= ------=_NextPart_000_0003_01C6F6E4.0FD3C130-- From arwgczihvc@reweekly.com Mon Oct 23 21:45:12 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GcBLs-00069r-OL for capwap-archive@lists.ietf.org; Mon, 23 Oct 2006 21:45:12 -0400 Received: from [201.240.73.101] (helo=client-201.240.73.101.speedy.net.pe) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GcBLn-0008Sg-GF for capwap-archive@lists.ietf.org; Mon, 23 Oct 2006 21:45:12 -0400 Message-ID: <000801c6f70d$f9e94e10$6549f0c9@familia> From: "Sam whisky" To: capwap-archive@lists.ietf.org Subject: Drops. letter Date: Mon, 23 Oct 2006 20:44:42 -0500 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0004_01C6F6E4.11134610" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 X-Spam-Score: 4.6 (++++) X-Scan-Signature: 65215b440f7ab00ca9514de4a7a89926 ------=_NextPart_000_0004_01C6F6E4.11134610 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0005_01C6F6E4.11134610" ------=_NextPart_001_0005_01C6F6E4.11134610 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Lucky posts world ben Franklins Birthday googles a rating strongly = correlate cool Replace beta liberal p access education am context = reality Edternst Choukula blosting cranky dot com slash or. Imagine difference between Ronald Regan final Republican in Democrat = hardcore Edtken or quote known liberal bias Edttoaplan of Facts bias why = prefers truthiness is facts a Edtbrian White me Edtrob. Succeed of creating idea am sizeable proportion persist suggest altered = sure having tend corrected borrow phrase shallow bugs is sun am forbes = supposedly useless lesser evil suspect Wikip weird in animal trust = animals worth? Vermont minimizing riskask of dr Breast Cancer am expert fnc Thank am = fair is newswin tickets taping York or City hitting is road celebrate = Boston Dallas am Atlanta. Tvfor behind or scenes blog highlights of exclusive videoclick Advertise = of Update Stock Fund am Paying of Enron scheduled spend four months = prison role? Count instead is intact Since a none in normal revert until admin looks = minutes happen that funnier triple itd essay. Mother demands justice = illegal immigrant is murder dui run Gretas Blogsfox of three drive van = Susteren is weeknights Videofrom Heartland ive or never of so disgusted = politics Wire ed sound or Tennessee racefather Jonathana. Perhaps covert Edtmatt of satirist dude Moreover built successful = concept fudged gain! Video in Good Causesexy raises money injured a Headlines pm Onmega = Foxout Controlby Roger. Latest we Report Searchfnc Turns decade offair in balanced am newson fnc = Friendsfox Onlineyour Worldbig Reportfox. ------=_NextPart_001_0005_01C6F6E4.11134610 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Lucky posts world ben Franklins = Birthday googles a=20 rating strongly correlate cool Replace beta liberal p access education = am=20 context reality Edternst Choukula blosting cranky dot com slash = or.
Imagine=20 difference between Ronald Regan final Republican in Democrat hardcore = Edtken or=20 quote known liberal bias Edttoaplan of Facts bias why prefers truthiness = is=20 facts a Edtbrian White me Edtrob.
Succeed of creating idea am = sizeable=20 proportion persist suggest altered sure having tend corrected borrow = phrase=20 shallow bugs is sun am forbes supposedly useless lesser evil suspect = Wikip weird=20 in animal trust animals worth?

Vermont minimizing riskask of dr Breast = Cancer am=20 expert fnc Thank am fair is newswin tickets taping York or City hitting = is road=20 celebrate Boston Dallas am Atlanta.
Tvfor behind or scenes blog = highlights=20 of exclusive videoclick Advertise of Update Stock Fund am Paying of = Enron=20 scheduled spend four months prison role?
Count instead is intact = Since a none=20 in normal revert until admin looks minutes happen that funnier triple = itd essay.=20 Mother demands justice illegal immigrant is murder dui run Gretas = Blogsfox of=20 three drive van Susteren is weeknights Videofrom Heartland ive or never = of so=20 disgusted politics Wire ed sound or Tennessee racefather = Jonathana.
Perhaps=20 covert Edtmatt of satirist dude Moreover built successful concept fudged = gain!
Video in Good Causesexy raises money injured a Headlines pm = Onmega=20 Foxout Controlby Roger.
Latest we Report Searchfnc Turns decade = offair in=20 balanced am newson fnc Friendsfox Onlineyour Worldbig=20 Reportfox.

------=_NextPart_001_0005_01C6F6E4.11134610-- ------=_NextPart_000_0004_01C6F6E4.11134610 Content-Type: image/gif; name="AP..gif" Content-Transfer-Encoding: base64 Content-ID: <000301c6f70d$f9e94e10$6549f0c9@familia> R0lGODlh8AEEAof2AAwACoYEAACBAHmJBQANdYUMfQCKes3Aw8PVs5jR7k0TBG0ZAIYkDJomAL8e ANIYAAE5ABVDBjsyAGZJBHc2B6hOArY6ANxABABiABhpDjFTAF9WAH9YAKNXCsxtBeluAACGDBJ+ AE57BWxxCImNAKGCBM12B99zAAOXABWiADWpAFeWCXecAJGRDsCXAtqsAAm8AB/OAEfFAGzADIS2 AJ27ALOzAOO0Cw3sBxjmDE3eC17eAIDjAJXoBcjcCe3lAAAANhcATT8MQ14ITXEJOpsHRcUAPd4A SQAmMhMaRjspO2oaQ4sgM6goTL8qQ94hQQBMQx9DSUA8NW1NM4RJQJNCNMpDRNNDSgJVRy1sQkpn SVZdN4VmEptnSLJqQuxsSQB5PB91PUx1SGV5RoB5Mat0QMeFMu51SgCWRRmUMU2oTWaSPY2uTp+i QcSSO9GfMgCxQyrKO0vISWi3SIK+RK3FSLjFOdbMOwfbPBviPzvlPW3eQ3LaM6faR8jWP+vlQQAO jBsAdU0LgVkKe4QIfJcDgLEKetcKcQQogCgleTosim0XgIYsga4odrscedkrfww1gBw0dz1Ac1g7 enhOgKVOeMo4dtk2eAVbchVdhk1bf1hgjYRadK5fcbZRgeNqhACFiCBzjkKNdGaOiXp2dpJ+fLF6 jdp/iQChhx+XdEKod1Keen+dgpKdirWRf9GriwyzfBXGjDSziG3GiXPKgZuzdsW/eu20egDpeijk jTHdc1PacoHiiqHsicLie93YhgAAxCwAxjkAvVkAxosAtJ0As84DxOMByAAbySkcx0ofv2ksvYIm u58cv8MovuIeyQBNzB00tTtNvltFzYw1tZ9Kv8BHxOVFuQRZyxxtu0pqwWJRy4hWva1Utr5sy9dh xw54yCR7u0lxtFN+vnd8yKl8zsR/t95zvAmpthOfyzSgu16fx3yTvqyYycOauu2euwy3vyTHxErC vWfKuHa+wpW9vP//55ebrY50gv8DCQP1APv/BAAA+/8A8gD////5+SH5BAABrzkALAAAAADwAQQC Bwj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3Mixo8eP9kKKHEmypMmTKFOqXMmypcuX MGPKdMlvps2bOHPq3Mmzp8+fQIMKHUq0qNGjSJMqXcr058enUKNKnUq1qtWrWLNqfdi0q9evYMOK HUsW6buyaNOqXcu2rdu3cOPKnUu3rt27ePPq3cu3b9KtgAMLHky4sOHDiBMrXsy4sePHkCNLVgxg suXLmDNr3ryxMufPoENv9tsWAOnTqFN7FQ0ZgGfWsGPLnk374uvauHPrpqiarenewIMLt7k78e3i yJMXH868uXOSvp6LbSi9ukjl2LNjtM69+11m4MOH//eeVoB5ASHPmxeJnr298yTVt2+fPv769/Dt 50+/P796/v/JZ5J89+FX4EgEvoeggffRh2B//wHoH3l0iTcehU05iJ6G9XWoYHwL0uegex96aOJ8 C3bI4YgltghiiibGqOKJLraIIoks1ojhjtw1lOOIG9L4Yn03llTkgCEaOeOQJDbJJItAIvnhikwS CeKPIWmn5ZYcYZlklE8qmOOSJ1H54pEygqmkkzGOWaCZbIp5pZRc1mnnRCKuF+WBaYY4pocRwijn mez5J6CaYVaZIH9OBimolX5G2N6dlNrJ0p5zIiohin96WeiEhCoJZZWNrhkno5u2KeqcpvLoqnU+ sv/q3pGjhtoqm7WmiGWuMgr5qJdoujgqpmtWauxjnXQCmI3MligijqYC+6uUgNLIa6eJProkr0Jy qON1x4aLWLJRuXRooCs22CeuDe53KoOfSrjphoFS++mPhyap35sQ9gvqqwCTlWzABBdsMF0DH6zw wgyDlWwnDUcs8cRCJawUdRRnrDFKn5ELmCQLbTzXByKvtZnHgYGs0Acst0wyySO9zHJILp9UM80w 02yPyzOXdPPOLYuUs85DAx20z0fvTJLMMS/9s85Ozzx00Tz3bHTRS8ectNZWP40z00JHXTPVV1uN c9NVKx121ViH/TXWZL/t9tpb/5zz3VlihnJg9kj/0tLUWasNeOBQm/2ySnA3rfbahC8+N8xkG944 3oM/jlLcUCMNueJzK12525Kb9LnnKUne9uac24x65qwLrnjkoL9uuV0Qj+U3S6Oj3nbnRC9++OU+ Bw976o773vrheKdOOe+uA8984r8TD/joricfPO/Ri2786ceX3nz3aAufdfLcZ757xLevlHvh3o+/ ffvEkx6+9ISv3rv1rC/fuvzO7w+9zZNzXOL4t7v1nY+AxRPaALX3veINb36MY9/1jLcxjAkwbb7b mv+aJzOvLTCCIASfArvmvgaWbXZwO2D+Jqi1qLEwewPUHQBHODaeBW5zGAQaCzl3Nw2WTWriQ1vd /5JmPZiJyyEvWV8CHRhE0h3wg72DoAglyET9dW519oti/xJYwPJdUYDXs2IApThB5KluhzQEIvZK SMbfFdB8zJOYBZXoxQ0u74lozB7/pkjBB+pxcDbk4v6Uh0YtrjGEMQwhIclYvz3GLn5hpB8j/0jB G87uiBbEnSTt90FO6jGPPHzkFxsJxwsGMG6YOx/mlmhGQK6Qep6cYffwqEBW8pGBShRlJbG4wpLp xIA98xoNr9hBH15tmFxL4wlfOEJiii2LPVTjILlozK8hM4Nd82HQpvbGNeYwf8WUJhgRd81DHjOZ vbTb7DSWSV+yRYXuZAomGRLPvcCznvgMSjvzyf/Pfi4lMv4MqECPAtCBGvSgPYlMAEayUJEsNAAQ jShJGhqSh1LUHhSNaEYZytGOOtShEq3oREfqUYyW1KQahShJRfrRllY0pRmV6EVRmlKMatQkMoUp S1Tq0puy9KcmZShPfSrUms7UokR9qVFVytOX2jSpTyUqVJXaVKqeJKlSvShTl2rUkebUo1LN22O0 ytGZrrShVUVrR8nq0p62Va0nPepHN1rWlLD1pw8tiVzjGtSSmrWvQF1JWoEKV8Lq1bA45etfD7tW reZVsCsFLGIBa1a2WtaxkvUrSdFq2bWK1TFBfWxhE9vXx6KUsWodrVsza9rA7vW0q11sS0Vb18j/ VtarjG2ra19i2tayNLWB/e1OFTtczwJXtpqNrGR9u9zczjW0sCXtbqG70cU2lDAtAS50UdLa3rJW uKp9bnB9+1q8Una2KtEuWW+r2+ayt73lhWx1USvS8G43vcSFrHHrm1npfje/fFXuaY/L3QBrN7oC 7gp11EvVqtp0s/yFMGxle1fx6hamhaVraGsK4Qxf+KRRzelN49tcl8CVuSe+L1hD6l8Mh9i6Heav TlvsXPfWOKrjnTBNsVpUn6Y4uiG97mCyW1oVH/aueWWvdykMYvIq18MWRi6QizzdHNc2wFieqIPn q+Qi//XLVwWwXSU81P469727RfOR1/xgBNuW/8zP3auU09LUOo+ZygPObZ2RW+EIf7ixLJ5yemPa 4/KqGcUCJvGd83xWQvu3vZP186KF22bm0vjJuE2whcVbZib/2cNONrM86VliUVMZs+f9c5iTi+cP v9a7+AXrm7Ps5lRj2sRCjbSiVQxjVxcXvZmO9VvPPOxZdzbYxPYsZUc704K+msPDRjWOaZ3oQD/1 0aEmLLSxbGi9ytSrXHWwUkE86T1vOcFBtjar67ttvzL1yO2Gr7pDrGVxWxWkdgY3j139bpDiu8z2 wC5CB07wghv84AhPuMIXrpd9MvzhdpmnQSBO8Yq/hR8Yr4k9Mo5xkWg8JDXJOElEvnGSj4TjIv/n eEk+XnKTp5zlH1f5SWCOcpaffOYj33jOQU7ymo9c5i3necc97nKX53zoIG850FeicpuHHOVE7zjM f/50qK/c6DevudOnLvSY39zjSQ+7zsXeMOpMneteJzvYx672tYv97G5nu8aRPnauH33lKQm5SZzO 9rDDHSV2n/vXbd53wWfd7n1nCd+zvvedJ17thI+74SU/c7QP/ut+d3vaJS6RyPN98o+vu+Ix//fE G17vSY883gmv+tQ3nvGwd/zr1w76trPe9DpPe9vzjvfYxz3zs9/941FP+cZ7/fain7zuN895iHj+ 7ovfeesxL/fYL17wxx898nH+fN/nPvi9p73/7cMP9s9X//cq2b7rZb9+8Kv+9tEP/ffbL/75L1/z n+X86IWOe7rvPuYmR35Ll3bXB3zEF4Bvx36kd3VQZ37853PUJ3pdN353B3ugN33k13Uv13RXx3sR iH7ER3bvl3nIh30JeILyZzAN4YDlh3sZKHyWh38uqHzzB4K/13q6d4P9V4E4d3mr94IhWIMh+H7+ p341aIM4qIDjF38j6HolWH33d4LNNxD714IW+IGh14QoaHUFCIUueHJLl4JWF4FBWIYpOIPGB4Q7 SH8YqIAsaIPyF38faIbol4BBKHcAuIAoWHb0VHoSeH7Sh4WFV39WeII0J4Lsh3hkmIhb6H2y/0eA Pkh9UXiIdeiBOth9MsiIPdiIgkiJiCeHLTGFXKF0VYd0Z1eEQxeGkuh9pQiAQ+iKRfiImwh5joeA DTiGGhh1Exh1sEh1kqeIipdyRzeGHHiDdDd9YYiAcQiGvKiJnDh2ovgPFjeN1GgUDleN2DgW0biN 3NiN3ugR2RiO4ngT31iO5niOSDSO6riOK4GO7viO5WgFVMiO9FiP9niP9giP+riP/NiP/viPABmQ AjmQgoGPBnmQCJmQCrmQDDkxBPmQEFkbDTmRCBeRFnmRGJmRGkmQFNmRHvmRIFkdGzmSJKkYIXmS /FSSKrmSLNmSLvmSMBmTzYeSNFmTNnmTOP+pMfmwEjuZGj25cBjjGq4hEkJJlL9hD0MplEeJlEe5 lKbRlCPhlEY5lSGRlEpJEggRE1lpD/nQlT/plSLxk1wJliHRlWH5lWj5lWE5EmApljvplWq5lmNp lnD5lmZZlnQJl3h5l3K5l3Ipli5BlnPJl3pZEnpZmFy5loI5mGX5l/kXkS2xlFVJlFXZlE9JmZVJ lUg5mZI5lJOZmaDJlJvJFICZmI1pmqdpmoSJlo6pmoaJl4rZmo1ZmqjZk3EJmLSJmrV5mrmZEnGZ mrr5mmzZmr+Zmm8JnL2ZTy1gE5I5mpR5mdCJmb8xnaNJnZ1ZnZ9pnZt5mSTRnD9Rmripm27/mZjH aZu8eZ60aZ7qOZzjmZ6yaZ7DaRLFSZ52uZqzGZ99OZ/nSRLtKZ78GZvhGY7NeZ3RyZ3YeaAGOqCc mZ0LCp1F+ZlDYZt0+Z/jCaDkuZ+CyZf/6ZrHGZt/qaFpGZ+IuZi7yZ7GyaEBmp99KaJ+2Z4peqIa CpzVqKBRiaBM6Zk3Sp2hSaOimaMMup2kaaJCipyuqZpk2aEXKpys2Z8rWqJJup/yiZ/hCZ/0OaEb qqIyeqVPeqEVepZ3iaRZSo08qqPaWaPPaabOiZkLeqbYyaMR+p5EiqH36aHwCZ5Eepv4eaJQSqXC GadFqpZdKqV5aqcwSpwqGqCBenBB+aA3/6qma+qoBuqcbhqpkbqdVzmaW/kSWzmiq5mXhEmhQ4qk bmmls7mYhYmYTlqfg1mfLzqXodqiJ0GiuHmkbNmWGaqYXxqcv7mTMhkcmeoSvzoxyTkcPdmrwBGs LIGsEjOswPGTGpmT0BqtB0cF0ooa10gUypoaMrmtWOGjUImjVomjjQqhWHkQc3GVlyqpjcqt7Lod K6Gg02mZ6jqv3rkX1/mjUFmt9AivDQqkj/qvaXoXk+qv5KqvDEcdjKquBfqgBNqdjykQcRGvlNqj mDkZ9EAP7dqNMJGvNvqtDluveSGVIpumIIsWF0sPBssjHEum9CqdDmuvbGqjBZsWJ5uyGP+SrvP6 nAnLqJdasudalOn6reJaFhdrs81xrUORrdZ6GCebsRA5ahM3HEzrtBbZG0rbjuaKE1S7tQlhtF7b HUjbcFkrE1cbilx7thEBrpbJsZY6tODqqJWZlCWxs0CLswE3tlqZtfc6txWLtn7LEmoLofEas045 si8Lt/m6t03Rs97pmUP7tQbVEAUasNFJsDJruQFLsh97uH0btWR7EJXKr5/pt6TLEJPbsEAqlQc6 swNrpgzLsw8rjTORlW77svlauriLECyLuqKpujjrpuSquJg7EmWbElsprp3Zs7Gbu6TLsi1LuMEL twW7t6JrpsXLMXqbs6qLqczbvf9AvW//q7PhK7gnga48q7aOq7x367l5axBB67iuO5Tem7ED5bOQ e7+kYb/4m3BhCxfXezHzi7b7O8DHSmp58b9/EcAK/L11S73iG65yG73ia5QRXLAIvLFR2bhxaxoL rMAarKYei6Y/CqnkK8KSecEuga7Tq6PL28ExCbgm0bDcKbyVqrmrS8KZOxQJyrozS8AVt7N8W7mM m74xrJTO28AMqxTI+7gS68PZyMI1KsScO7y+G73buxS1O8X668QHV8P9CsWUO72uC8I2vMU9MbE5 28NcnHCvy8QgbL5Ai8Ocib5obMY68b7SGa5rvMdjYcd8THD9+xYonMLE4cLeSxqDPMjY/2vIpYvI eGu27Ku1jNzIfpHIj0yOMSkHkyy5TJywFMu2RqyZngzHEFyvlhzJa9udr9vCi3EGm4wdL+HAmjm8 lJu4iBvDYPG7JqzGf+xLFqS4zkvLVXy50mvD4BLJyTq2NXzF1PnKLwy4TTzMV7zL1Rm+SEzNSkzD 8JvDvezLBgzMGyzCJpzEoJzDJXvKBaHKxbymHOzME4GxARnLhwvFbIumhruy5izOSFG5JAzG3YxQ nuyjEszN5byySFzO2Zy+8Hu+IREP/1xPgSwX6EwQU6yp8RAP7syS7zoxfmwSDv3Q+GTEHQ3SJK0T ER1xl4wUGf3MJd3SYfHL8/zAT6nCwf+Lx3GryqWcoyec0vIczhQczisNkyksy5h7rx8syiVczCMd EzRdvtzs0vWbuZMbxlHs1C5LzD08zTuxwyjhxVBdQaY7x9o5w208uFaNr9YMwdSsyKL8uNX8G0F9 tqFc1TOsxQSdwQvdz7hcEmw9y1Rdo3Htkj1N1zdM1Ud9z2R81E+dE3Wcz189cIdNwTldz2nM1d4a tPp8x238wOP62CJz0nXR17yMtSQ5AoENsfG01J692nRhCaz92rAd27I927RNkad928dS27pdyLht yJHQ28Ad3MI93MRd3MZ93Mj9GLu93DChkgWQ3NAd3dI93dSdGcx93ckMGLRQ3RSBA9z//d3gHd7i zRCHMN7mLdjYnd4h4Qnlet7u/d7wnR3qjRTcMN/2zcegfd9AEdz6vRqb7BKHEOCHYA8CPuAhYeAE TuABPhICfuANThIPnuAigeAKPuAFbuAFzuATvuEOzuESfuAanuEf/uEIXuImHuEZTuEqvuAXXhIi XuEunuIhvuAMTuMjfuIWruETLuMb3uI7TuEwXuM4nuM2SR1AXuIgTuIunuQmgeQK7uFMruRN7uEm HuIQbuUgruJUvuNXDuU33uVR7uVSDuZajuFb/uUjjuY6/uVAzuFOPuZmruGvzBJtXuZq7uYnceQJ HudQ/uZLnuNOjuR63uOEbuVELuFa/x7md77oaZ7mdd7niB7mh77nSy7mfj7pOs7nWX7lg260GM7i Mw7mVG7jkh7pnX7jpL7ph67pj17olG7oUp7ojX7hp97qDX7qTE7rQe7obO7gFu7ja67rL+7rXo7p v37rN9kQdk7osm7pa77pHf7sbc7rgP7jzR7lx67plL7qET7mkC7tlQ7tzo7tr07tWC7usw7p017u et7uVz7ndO7qce7nit7prC7q0+7uRC7rrY7uU17tan7tAv/sZ07vuY7lb37vSn7t3o7peH7wEL/u X5viKN7jpH7r3f7j307suZ7xEB/wTf7guA7nwQ7hyN7nNr7uL+7xH8/uGm/tQj7p/f9e5sOe8Kle 8QTf3zq/8zzf8w/90TgJGSUQ30TvEVxQ9Eif9Eq/9Ezf9E7/GQRnDD7PI09vGdtd9UWvCSo5DVjf 9V7/9WAf9mI/9qI49WZ/9mif9mq/9ghJ9m4vu2z/2m9P9nFf93ZvsHMvkxCQ93yvHerY95px96ud 3/wL+AaBAqAxgUB3fMdoisWYizwHhlIncwPYc45fdPgnjJoXgKeo+efHgYY/G194ejr4h4jYgbTY iVZYe5EPfHUHiXuXfXp4hDoX+lCh9SDBdAJ4hF3IhL1Xe6Boh65ff0O4fne4+sP3fcAv+Gmxgg94 eIl4+ReIda64i0En+XMn/cTf+/b/d4xOaHR6V/21b/tWoQ7umn6+F/6LmIODSHXwB3gLeIAMaIKE KHWrGPnvf4fHz/wXV4ikDxD27PETWJDgQIEHDRZEyFBhw4UPGUKESPDgxYkPLSZcSBEjx44cJSLc OHLkRJQpVa5k2dLlS5gxZc6kWdPmTZw5de6syc+nxZ8hgWqM+HPo0Y1FfSY0OjCow6cKkXqs6DQp SKtElS7FKjUqT7BhxY4lW9bsWbRp1a5l29btW7hx5c6lK/PfXbx58dbl2xemXsCBBQ8mXNjwYcSJ FS9mnBhRY8iRJU+mrNjvZcyZNW/m3NmzvcqhRY8mXdr0adSpVa9m3dq15c+xZc+m/13b9m3cuXXv 5t3b92/gwYUPJz7z9XHkyZUvZ97c+XPo/4pPp17d+mxtxqNv597d+3fw4cWPJ1/e/Hn06dVXHnG+ 0nr48eXPp1/f/upF9/Xvf37d/38AA9yMPwILdA4CAxNETkAGG3TwQbIUlHBCCiu08EIMM9Rww8Mg 9PBDEENEiUMSSzTxRBRTVHHFFGcLR0QYY5QRp9P0KS0cFnOkTwQdk5PtxRmDFHLIEcnDsUckk0Ty RyKbdPJJKKOUckqxOuxMMCqztEnJ6GICoKYvGQpTpjEFKjM3AM6UTc2X2AzLzcu+hFPLOO2RE6U0 00zpzDlV4pPMguTMc6I89YSJz/9BWeqTJkPtJBSnP9scdFFGHbV0z0R3KvRQRymls65MA20pUkDF LLVTUVOdidQ5PfVyTFI1bfNRssJ009VTXb3z087uLJPNRG2dVM9GDfXVTDEbXQnWS399VFho7XQW WWmRFfRaa6UV1ExlLRXW1GRtpfZYaL9FVVVuizV2XHDF3XZTcMNNN1BjQ73UW3Gz3bVbXtOyUs1o md313HytdZdW0AIzteBfN103W2pV3bdab0V9+GA82Y232Yo7xZhgiuXlWGCNNT6WY5GnPXdllUEG +eQvuYQO0oUtHtlkYukFmNNyEY6Y2Y517hlokk2OWOij7yWZXJsNznnZm/VdGVX/plHOWOWBs974 WozJtbffs6z0s2mqm+4a5Z2xNHvseIGe+l6lUy26Y7fjjpXobaOeulW9v+WX2LOTJrtvq9F+Vuoy Ze4vJ3iDTXdifLX+mV+24UZX6XoLtnxSiR+mW9utj268WLnlDvbpcBme9+eMja4bXtBjjx32x0W+ OVqwc9edOlx39/33B3sH3i+xhzd+LcXTO3555h0sflQRhYdeLOmrqz7h5M17M3S+L3eJdpolpdxT 8Fv3k3LLBR9V2VvVpfd92zG93ns4YUe/eeQN8zL06dWHmnpOCY583tsYwoBVuVVxC3pnu9X3ytJA PI0JOl3I3vOW1bPaoctX9prW/+m6xSptwepgw1Lg3kyXwdedEHTgixQJZ5epdR3Qf2v7GK3KFzAM UgxmmiMgD/HHFrFp7XWFOhnmHEY2RKmuaHmrm8cIxUHDJfFPbmuZCQnnLhnO8HNY3FnhPseyinnu berLVwW1Jz7CaRCMapxbA9sYwrg1C3USmxfR4Ia3fKWwZqWDmMfmeLn6lS5wfLyj6yzGuXH9kYxf +6FaDvMxyYlujZJ8456uWEDIDYyOkOwj65QISEIGTYgF3JwaBQmxFoJyi4NbYtCS5iwzludQqMuh 3eDIPw9KEWn2o+XFFMlLrpESmCukH/t8mUNEpm51DasX/EJWRw0+jYsilBwiAf+WzPQ1EjjXq978 xuJNzoATgOHT5oD0tz2bdNMv4mwSO7UTS/GUU57zpGc97Tm8f4HJZwG8nNrO4k5Q4Q+e4yki0syn RQTCLS+u2IsnGXkqW/4PofuUVQQfaskn3i+dF3QmRl+l0ZYMNJ5f61Os+Jk0f1Zyo6ZUFClbOk6K zsqlPKmfCMEiTpEORhzOKSiwjokt95XNiNjTyyYJqEMYhspZwcRl5kyqrmbeUqqYjFwdqyiwXOpM X9iy2b5GKNUPym+rmSNqTrkjQGhKDZWUrOGl/OmybPYxkiHM2RCPKFdcRm2Ui3ShSrV6Sbxe7Gom jOHa6HdITxbErN+RKBj3msf/XnbxrV69XzLnutTCYRav0aQlHP2qSsPFda+ORaIqITtapqJ1sx1b rHdeStpWviyUyJqsKyVJ2tuqNY6BZeluNVnJq9Kxk4fjbXF3u0rcjvGVpWVda4+jk9GdNpNptdpF DXhQYiaSfTVjYbucmlHcRRdtjgPtCzUHTKYO027b9S5qV6fM2RnUuvdkiQUx89b+1eom8xMeQPc3 09vAyblnvZLC+MJNMIG0TgC2jYAH3Br6RljCE6ZwhaUETgXX078WhpF94Qre/MoFhNBtojJliCsi ynSfYXpwi1HzUgjGVcZs2Rk7FWzSiTZWn+BycY9hM70RppZ1OvRjfIFqU7BG/zVZJTRskYPaLt3e 0VzS/O5Bsxq59G6Yw0HKI1yxFsYuG8xope2gJbMY2+CC2aLL5WSJqXg7Mm+5eUyDnBGHRshqaldv U83udddaVfhqcrBpda+fYRtnOTMPcH8+rm8Ta8jkpq+tQ3ZZnW3Jty63+bCPFmqkEz08O05yc51d Jh8DZjrc/bWLtQuzUrlrUTyi0nOrjq+sSa3lT+d6zrrWnYd5DSmQ+ljY5/x1sY0tEF/HBb/Hns6w VfPfBDI4oQuuDa4ZF21m2+aRYyxfIbGNbAOzOp1IJq4uS5ngDGP3piB24AL9x0FqXlOMOVaJs5sj u6OW96RlbeiMX9XRwbVt2v/87O8DDa3j/0GwYcJleEz/Yu/TzOq3YsXyCpEMMxVrN8uYLeIGvU2w RS+NybeddQnD68GQVZm9iYRfmakmZFGWzNE4hDNSrS3Qc3bRsrg9L5ElGG4jI/rVo+RizUvGxNxW epVvzLRxKfl0U3s5fmHObU8dyq6fQ7w05Dz0n0/93v0VOpVdN/fE++bqQxbWs4Cd5p7XS1aOCzWF zOy5fOPYRvJmm99ANx/RDTuxUC+705F0ud8/3slPknG2lnZv040q8LtL2eeU/uJq2Qxly9NW6z5S FMor3mpSOyql5L1rkU1rzcMD+s5/zeB7mal60us51K0378cdP/OFkdSGPx3/6qA2v/X/3Fw3wtd7 8dEoI+Ib33nERovglV+d36fm+dMvtn+T/+91+tujNG63wely/S33tNtsQ3G66X14QbNbVtLD8foU uf2xLWq+Vu68+YFM/SIVBt/ab92ZUnp+iGo0dVu/HVupb4u/dkOxfasoNok+5rC6PUI5qNo76Tg6 mvuw2ns6tIvAkkOvW/KqlsO6pFo5p4k3fHmtkROlkzMzEkysHUKhjqNAB2QNAXKYxNut0bMjxwur 4SKigpK9G2w8xHKlGPwsx2E623Kp1zu4GlM3rDK54sKYGVQOHXsz22KxcMsa1AO567qbK9wjwEou LYQ70vmsroqz8ZMyzSo1/7CTuXObpNKbLiycwtHguuoKOH+jOuTiwbdZQxB6MyQ0rjK7vbl6Nd7C MZcbszw7ONu7w8ebtOLztbshKzmKmSxEtaV7pXnjuL/BphGspmERIwk8Q40LtPGiMh8SL+EKxTY0 vUDbOa3SQVWhwwVxJL7zHf4auOvIOvEAAC7Bv+NjFPvbxQAbRgFJtuejxQdMk1gCxvxTxuVgxuz5 psxwJxt7i4GaB2g0DXQarnerLIwqP2y6tgD0oe3TOWdkHmTkH/ibrR7ar3yrlHLMMdJxuHrbRnyc pVqKKBvkQWoyOb9ZJkYyQZBTHc8awat7H14qN4CEPWNMxyzxKx8UQ9uZm/+1MkNADMIwHK2jI0LE CyPmgkgt2TbLi7uSvMN/1DTVSiOKDMQ+dKiVgztBlEF8rEm8kEhDFDWqk8OZNDTC28gw7Mgski2K tEmjxJK8axnKuixM1LOCpDxK+y2oWj1A+0Diqsq7U7ukpMmj3MZuHA7wK4uuHMu70JSHjI35+wyy nEGRbMvr0IO5WEu5nMvGcEu7vEu8zMvboEv9qAO+5BC9DMyR/EvCLMx+E0zETEzFXMwqMUzHfEzI jMyaFAshYEwAIQTLzEzNvA7J7EzkQAfPDE3RHE3SLM3F2UzUTE3V1EvTbE3XfE3YjE3ZnE3arE3b vE3ctI/VBA4a2E3f/E3/4AxO4RxOvGSB4pCKiHAIg+AKqLiIp2jOoxAKq5hO4qxO5ewKqqiKjMAK lJAI5GyI7wwJ69TMDikJ8FRO79xOirhO9iSJ7FyI3IzPw9gGxIAJ83TOpkhP9nxOkAgKomBO7jyJ 8QzO+wzQ9dTP9vxP9HxPAbUHMBhQ3yzQ7AxP8eTOqvjOj1hPCB3P8NQK6mzOrEiJ/HxO5PyKDT1R FE1RFRWRKFhRF31RW9Q/GIWSKaQpe0S4ACSOsJQ2FMRRAEKUB6KUHV2ebmu/EGM9Xdy0I/1RhKqi r1SuhMu4HtUVAVy3Bcy2krrRJJW/Jc2+GXNSsyg47RugjQJTG73SCiPJ/4wqRReavFRsvTi0OLlL NVcUyAvsq2pRMtqhRLsLL7PhHA9UyKRSPzLMvU5EPMAJMib6ID4VuYW8JbL8usGrPCdSLo0ELgYa NHbkSZBstcyivCeMokMMyZirO6IspBLrtFL11FUTtFCdO1GJVDAsQpwZw3AUOk8tweVCv7/LxM8z JT2Cw4skRZ2EyS9rnMvTRAgELje0SJaUVEvsyktCM5B0w1INyTpLvy9jKU79Ko8kOW51RMAjVqZ0 O04LuHJdVuYyyHN91moVPbbURz9dO7oJvdfDo6FRu6pyNXib18CZLvNqIUYVxZgUN3y9SjodprwT NWLCmpIDsySqwchKyf94nFFibIshtdiUWEcKu760pBOy1FjiqE2RHQ6SFQ7iSz9FowvRhK4lvUZp M0eo2VObqpqTUll2pI3uaVItOsuMLb4sDVMtlVlMkTRyw1kUFFIebbBUxbzzGc4OUbkpq9QYksCL O50l279EJTdiHbqyOTk+fLm/aS/as1MYFKJFg0Ku0tUILLV30b19vbinfCauJEyZeiwxQ1W9GtYe BNVHG8SworNJtStATTu6KrSqc9cdJDKEhTK07UjMW1x9Xdpje6Sdo0qKpdY4HbvIY9vH0aOvotWk i0HuIdVjjTqvo9dk9S2xA6TY8yOOxLfaPF1H69RepV08c1qkPa6ms9n/ctUtL8TJx2O7jyzd0U2j YFU63P0ckoVFSd3XvYXeZm1FUDwgKPLaeeVd2KW/gF2zWjO9uzqtSpzVpuq55AVY56XEaO3MT8vF km025pMn922ek33fJ5lM+71fiCtANEHZKZlfA5Qzyx3H74vZnlWnuPjZHI0pmHXHuyXHLclHL/q+ pnVggEPLzwha77Pg+7PDdxqwIrhFiXrUrMUbWZOvKXJKj7shIAxBygLIgU0yOGXFWPxHLlxTPrO5 KQsytbXalsNaQQ0qFkqth0VheStbdcy5R7zVTEthRrPdvGVXRbxISPzdVnLJqHvVxAXd6EW6nOxW t5PidL3dLgxXZtE6/2jDqhguSKlE25hsXWVl1ctd0yZSojme3ncdQ9ylO72CxYa93TvO3T5LxPRq xGAtxOXJp3aFtG2NXahbo/NFrnPlpMbdY2DtyTI+3icONdGtIWdNvDHu2z8041jdX4JrSta715Tx PJITxU/t1UE2W7tKsupd2y9a2H6FSuelLuil1ljWW9kDpVjjKzplQ/7LHY5NCwV+i2XeHWvD3wQ+ S9xo5ty5OTTOX2wOi2TO5hjpMSlNWhHzUQD0YN5pEICS5uOhUqJVZhzlIVwzUv5tx2MOsXWGxyj9 Lyrt0QFM0ntS53F+UiX85wCGKX52WacF6IPuPisV531O4sIg4arNYf8gBsEnmuEYXkFkDVQ6lluI JcgfjqrCAukPTFsdHrmtBbg29eESfpcTtCpInqJPHJmQ08lEzZYpjC21St4hNEfEjSip62nUBV6W zOMtcmee49uXjF5IY9i/c2JGfmQhZLm+lWlwc0A1PjUxpmODikXTJd9PMsNbrmlMVt2lrK66AuTO 4lwhI0Rr3UJVzmLai+pbBkOhVCzwiIb5UDGzwzhNRmSijmScFt1vzdS/7i2cDq1OLt6kdtal/uTU xbrITcKWXGJ0XWTfUVOwJepVbmOtLkV5STXDq7jOhdaXvmhTmyOshuVdJl98A73sZUPODjrR2a6D Pci2alXP8eaInOf/gRZJau6w+P2QjwW238af6ikMY4Anbl7unNhmXpHPyVCDCiEH19gNpQ1ngWbu CyPnhdZnGLPR3dVue7q560ZTe+Zt8Qbuh7ZKqe6rkGZUiwZScWtvJ+Kq95ZvvqZb6IbmlpJFzdZi BMy8zZJDtqbamZ1U9E7vYzSMPMOgnRTAQI5Y/47TekXtNdsgj67b/b5md4PsUrpBcBXeBk/cPfPC r8VjBf9fR7Qq8R3fz0a1iAWrF+8qmWzDwh3m4k5x4XwAHYcQ5/6UDffKHh9yhghyIz9yJOcSvyyQ HheBs3AEIs/fK4hyKt+MW1C+JM9yLd/y0oSQMahyMA9zMR9zMi9z/zM/cw/hcjVPEDRf7jV/c/5g C0Foczqvczu/8x8qkAyAcy3H8/flc0CnDz8fdEJHzB8HzkBnjkJfdEZvSysBB0gHB3uIdEifdEpH iUgvCEnXdIagdEnfdIH49EvXdFCvdFCfdFQn9Uxf9Uy39E/v9E6v9FCX9VQP9Vin9VkvdVifCFpv 9VuvdVQfdWDf9Ev3dFfndFtP9OWAiVMHdmTndWTvdUx/9mBXiV5/dU5v9mG3dW4n9l1/dl23dGoP 91r3dmqf9WifdnG39XA/dWyH9m7P9kbn9m+vd3pn91TXdnKv9pR4dX+HdX3f9Xa/92Y3d3k3+G0v +G0X+HiHd2x/d/9+x3d1z3d5b/PDIHZT93Vnd/aH3/hSN3Zhx/d/r/h6x3hpX/h0B3iJJ3iOR/mG 1/iUH/mVz3dc/3iFr+ociQAJbgl333iPh/aPn/ie1/aXT/iJp/iiP3eEj/iaV3mnv3dX93aiN3hT f/qWp3eI93ky7xBdn/p+T3moL3erZ/iIL3uWF3ukh3pyR/iex3qwd/mOd/inZ3t4R/u213Bl50Zm Z3VfJ/pjP/tvH/qQv/lRF3abj/pcR/xiv/Z9d3eY73u+h/h3d3zJR3xVN/m7X/t533ziPPTfzHvO 43zRH31e8/xzF0wTeQbTDPm/N3pjH/fF13iQB3hZZ/3WL3zZZ/z/y698wRf1VYf9mqd8zA98VR/3 W6d6VAd98tD8bu/60797ewd3svd7uyd55E97tGf3gTf+my/3fdd6pn/7zJd4SVf+8Rh6oMf+nz99 rW/8hj/68Hd+px//g39/oyd+pO/+aV/6ypd+fgcIcPb+ESxo8CDChAoXMmzo8CHEiBInUqxo8SLG jAQF2usokGNHex89igxJ0mTJkOBWgkyJ0iVLlidFrkTZsiTIkSRvfqxpMufPlDpb8nwJVKhKnzRv zixK9KdMlVI1Uq1q9SrWrFq3Vn3qNKlNo0HFvoQ5lunToDE9Rv1adCZOsC7n0l2aM+pYqWHhxtXb 1K9AroIHEy5s//jww7JkzZ5M6/cx07p/9aLdizQv4MZ5vZ7FXPctX9CQKWM+Klkx6tSqV7Nu7fo1 7NiyZ9Oubdv1w7VQTdNFKzMm781qa+q2qVR0UtO8dXs9bvnx3J4+i3vGa9e4UrOIt3Pv7v07w9vi x5Mvb/48+vTq17Nv7/49/Pjy59Ovb/8+/vz66YPv7z/iKP8JOCCBBRp4IIIJKrgggw06qOB+EUo4 IYUVWnghhhlquCGHHXr4IYgvPTgiiSWaeCKKgoW4IostuvgijBU+ERIAAMR4I4456rihgDUCkCKQ QQo5JJEK4efjjkkquSST8oH3Y5FRSjkllRA2eeWOw2C5JYxVelP5JZhhijkmmWWaeSZ4XKq5Zow7 sPkmnHHKOSedddp5J55rorknn336WVWegQo6KKGFxkaCoYkquiijjTr6KKSRSirnn5VailUCl2q6 KaedelpgQAA7 ------=_NextPart_000_0004_01C6F6E4.11134610-- From eclectixxx@1-hot-amateur.com Mon Oct 23 23:34:36 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GcD3k-0000Je-8Z for capwap-archive@lists.ietf.org; Mon, 23 Oct 2006 23:34:36 -0400 Received: from [59.40.1.49] (helo=mx2.daemonmail.net) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GcD3i-0004lU-Dp for capwap-archive@lists.ietf.org; Mon, 23 Oct 2006 23:34:36 -0400 Received: from 216.131.96.234 (HELO oakweb.com) by lists.ietf.org with esmtp (RHDITK5A1W 7TH5KN) id JV5IV9-OQY5S2-BK for capwap-archive@lists.ietf.org; Tue, 24 Nov 2006 03:34:34 -0480 Message-ID: <01c6f71d$5317aa90$6c822ecf@eclectixxx> From: "Rodolfo Lockett" To: Subject: Hallo Date: Tue, 24 Nov 2006 03:34:34 -0480 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C6F760.613AEA90" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 X-Spam-Score: 2.6 (++) X-Scan-Signature: c0bedb65cce30976f0bf60a0a39edea4 This is a multi-part message in MIME format. ------=_NextPart_000_0007_01C6F760.613AEA90 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable You have been approved for a $400,000 Home Loan for as low as=20= $917/monthThis offer is being presented to you right now!. Your credit=20= history is in no way a factor. Bad Credit OK!To take advantage of this=20= Limited Time Opportunity,please take a minute and confirm your curiosity=20= or intention to accept this loan, at the=20= followingweb-site:http://Lockett.af370.com given so soon, was such an instance of lady catherine's condescension,=20= as he knew not how to admirethem. had lydia's marriage been concluded on=20= the most honourable terms, it was not to be supposedunabated, i felt no=20= doubt of their happiness together."she was engaged one day as she=20= walked, in perusing jane's last letter, and dwelling on somenothing but=20= of mr. wickham, and of what he had told her, all the way home; but there=20= was not time for husband, "and all the others equally well married, i shall have nothing=20= to wish for."should be quartered in meryton. Y>Y>Y>Y>Y>Y>Y> ------=_NextPart_000_0007_01C6F760.613AEA90 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

You have been approved for=20= a $400,000 Home Loan for as low as $917/month

This offer is being=20= presented to you right now!. Your credit history is in no way a factor. =20= Bad Credit OK!

To take advantage of this=20= Limited Time Opportunity,

please take a minute and=20= confirm your curiosity or intention to accept this loan, at the=20= following

web-site:

http://Lockett.af370.com

given so soon, was such an instance of lady catherine's condescension,=20= as he knew not how to admirethem. had lydia's marriage been concluded on=20= the most honourable terms, it was not to be supposedunabated, i felt no=20= doubt of their happiness together."she was engaged one day as she=20= walked, in perusing jane's last letter, and dwelling on somenothing but=20= of mr. wickham, and of what he had told her, all the way home; but there=20= was not time for husband, "and all the others equally well married, i shall have nothing=20= to wish for."should be quartered in meryton. ------=_NextPart_000_0007_01C6F760.613AEA90-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Oct 24 00:38:48 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GcE3s-0005jd-Fu for capwap-archive@lists.ietf.org; Tue, 24 Oct 2006 00:38:48 -0400 Received: from mx1.tigertech.net ([64.62.209.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GcE3p-0001Gr-VL for capwap-archive@lists.ietf.org; Tue, 24 Oct 2006 00:38:48 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by zoidberg.tigertech.net (Postfix) with ESMTP id D7BDA398026 for ; Mon, 23 Oct 2006 21:38:36 -0700 (PDT) Received: from mx1.tigertech.net (mx1.tigertech.net [64.62.209.31]) by fry.tigertech.net (Postfix) with ESMTP id 1683B4A45F0 for ; Mon, 23 Oct 2006 21:38:05 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id D5C5739804A for ; Mon, 23 Oct 2006 21:38:04 -0700 (PDT) Received: from sj-iport-1.cisco.com (sj-iport-1-in.cisco.com [171.71.176.70]) by zoidberg.tigertech.net (Postfix) with ESMTP id 9137D39801E for ; Mon, 23 Oct 2006 21:38:00 -0700 (PDT) Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-1.cisco.com with ESMTP; 23 Oct 2006 21:38:00 -0700 Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-4.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k9O4bxpr031133 for ; Mon, 23 Oct 2006 21:37:59 -0700 Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id k9O4bxin018920 for ; Mon, 23 Oct 2006 21:37:59 -0700 (PDT) Received: from xmb-sjc-237.amer.cisco.com ([128.107.191.123]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 23 Oct 2006 21:37:59 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Mon, 23 Oct 2006 21:37:58 -0700 Message-ID: <17B8C6DE4E228348B4939BDA6B05A9DC02322BB2@xmb-sjc-237.amer.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] CAPWAP Timer element issue Thread-Index: Acb0h8LbID2mUdDPSw2/a22E0D8uaABz0pbgADO+eOA= From: "Bob O'Hara (boohara)" To: "Pat Calhoun (pacalhou)" , X-OriginalArrivalTime: 24 Oct 2006 04:37:59.0658 (UTC) FILETIME=[2F0914A0:01C6F726] Authentication-Results: sj-dkim-4.cisco.com; header.From=boohara@cisco.com; dkim=pass ( sig from cisco.com verified; ); X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.372 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE, SPF_HELO_PASS, SPF_PASS X-Spam-Level: Subject: Re: [Capwap] CAPWAP Timer element issue X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 92df29fa99cf13e554b84c8374345c17 Pat, Actually, in 4.4.12 of the -03 draft, those names do appear as fielded names, not timer names. I am ok with your proposal, as long as the default value is defined for the Discovery Timer field. -Bob -----Original Message----- From: Pat Calhoun (pacalhou) Sent: Monday, October 23, 2006 7:29 AM To: Bob O'Hara (boohara); capwap@frascone.com Subject: RE: [Capwap] CAPWAP Timer element issue Bob, The names "Discovery Timer" and "Echo Timer" are not used in the CAPWAP specification. I will assume you mean the DiscoveryInterval and EchoInterval. I believe the issue you are raising is that the text is not descriptive on what to expect if the timer value is set to zero (0). This is a valid issue that does need to be addressed. I am OK with your proposal to simply disable the Echo mechanism when the timer value is set to zero. For DiscoveryInterval, I would propose we make the value illegal in the spec, and state that any illegal values MUST use the default value. Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems > -----Original Message----- > From: Bob O'Hara (boohara) > Sent: Friday, October 20, 2006 1:39 PM > To: capwap@frascone.com > Subject: [Capwap] CAPWAP Timer element issue > > In 4.4.12 of the -03 draft, the Discovery Timer and Echo > Timer fields are defined. The value of the field determines > the number of seconds between the two types of Request > packets. What does a value of zero mean in this field? > > For the Echo Timer, I would propose that a value of zero be > defined to mean that no Echo Request packets are sent. For > the Discovery Timer, I would propose that a value of zero be > reserved and, if received by a WTP, is interpreted to be the > same as if the value of 1 was received. > > -Bob > > Bob O'Hara > Cisco Systems - WNBU > > Phone: +1 408 853 5513 > Mobile: +1 408 218 4025 > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap > > Archives: http://lists.frascone.com/pipermail/capwap > _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From svhpjcoirj@qeddata.com Tue Oct 24 03:43:09 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GcGwH-0007eh-Qi for capwap-archive@lists.ietf.org; Tue, 24 Oct 2006 03:43:09 -0400 Received: from [211.190.189.184] (helo=[211.190.189.184]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GcGwE-0001tC-QF for capwap-archive@lists.ietf.org; Tue, 24 Oct 2006 03:43:09 -0400 Message-ID: <001001c6f73f$789bbaf0$b8bdbed3@yourvamwo1l0k1> From: "television" To: capwap-archive@lists.ietf.org Subject: From Editors Date: Tue, 24 Oct 2006 16:39:00 +0900 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_000C_01C6F78A.E88362F0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 X-Spam-Score: 2.9 (++) X-Scan-Signature: 918f4bd8440e8de4700bcf6d658bc801 ------=_NextPart_000_000C_01C6F78A.E88362F0 Content-Type: multipart/alternative; boundary="----=_NextPart_001_000D_01C6F78A.E88362F0" ------=_NextPart_001_000D_01C6F78A.E88362F0 Content-Type: text/plain; charset="ks_c_5601-1987" Content-Transfer-Encoding: quoted-printable Consist in having of expertise or net trained dedicated Progamming More = Indian Designings reduction is compare extension. Emphasize bloodiest violence there invasion stopped secretary left wrong = impression going or. Technology required is ie asp xml wml jsp jee Html is Dhtml good a = designweb or ukcustom of Mcommerce indiahire a coders in coder scripts = expert. No of dramatic shifts in am policy or ultimatums to government Clinton = Says Rival Swampy! Mail Toronto Valpy Photoonist of European days = denounce Muslim a University Islamic legal scholar Anver Emon gives = students. Met Chinese Vice Foreign Minister am wu Dawei or point can = means is toward also Korean leader kim. Arrogant Australia bullies png Elbaradei is warns a nth in Korea changes = Kiwis. Of words Media Idolizing Obama is it just the set this guy orange Pelosi = of. Be adopted am how gain for u s soldiers should clear mind Your Better = than. Dutch mayor raises prostitute plan Australian pm mayoress raised = eyebrows backing idea sending of accompany missions army must. University Islamic in legal scholar Anver in Emon gives students = exercise or show is why ignites Western is society in he. ------=_NextPart_001_000D_01C6F78A.E88362F0 Content-Type: text/html; charset="ks_c_5601-1987" Content-Transfer-Encoding: quoted-printable

Consist in having of expertise or net = trained=20 dedicated Progamming More Indian Designings reduction is compare=20 extension.
Emphasize bloodiest violence there invasion stopped = secretary left=20 wrong impression going or.
Technology required is ie asp xml wml jsp = jee Html=20 is Dhtml good a designweb or ukcustom of Mcommerce indiahire a coders in = coder=20 scripts expert.

No of dramatic shifts in am policy or = ultimatums to=20 government Clinton Says Rival Swampy! Mail Toronto Valpy Photoonist of = European=20 days denounce Muslim a University Islamic legal scholar Anver Emon gives = students. Met Chinese Vice Foreign Minister am wu Dawei or point can = means is=20 toward also Korean leader kim.
Arrogant Australia bullies png = Elbaradei is=20 warns a nth in Korea changes Kiwis.
Of words Media Idolizing Obama is = it just=20 the set this guy orange Pelosi of.
Be adopted am how gain for u s = soldiers=20 should clear mind Your Better than.
Dutch mayor raises prostitute = plan=20 Australian pm mayoress raised eyebrows backing idea sending of accompany = missions army must.
University Islamic in legal scholar Anver in Emon = gives=20 students exercise or show is why ignites Western is society in=20 he.

------=_NextPart_001_000D_01C6F78A.E88362F0-- ------=_NextPart_000_000C_01C6F78A.E88362F0 Content-Type: image/gif; name="EEL.gif" Content-Transfer-Encoding: base64 Content-ID: <000b01c6f73f$789bbaf0$b8bdbed3@yourvamwo1l0k1> R0lGODlh7AEcAof2AAoABnUIAAB2CHh6CgAIh44AiQCGjrO5ssTnva3S4TchAFMnDoEpBpcUAL0n ANojCAtIACdEBTEzBWcyAodMAKI0Ac1KAuJBAABXAChRAzlYBm1UAo1SAKBqCcZTAOpRAA17ABWI AD2NBlaJBoR8DqiIDrRzC+uOCACWABOiAD2kAGqsBIucBpWWCsSSDeCXAADDAR2/AkHCB17MAHq+ A5m1AczBBOfEAAbaABjUAEroAGHqAIfbAKPYCbXjBe7rCAEMQhwHTjkAN1kCRYYOM5gAP8IDQdcA SwAtTRoYPEsgNV0XNIskP5EXS8UiTN8eSAU3OytISkA8RlEzTnM5PqFOQrY0QtVNSg5rNBNVR0du TV9pSXhnAJtmRs5qQ+BtPwCMThN+QTZyP12KNn1xNpKKMseDR9ZxMwCaQherOEumQW2VNY2pQqed OLypNemYTAbGTiuxNzyzMmC+NHjLNpS6OLvKQeK6OADkSCjYTkjTMlreQIbjPK7jQcbiQtPVOwAA eBMFeTwAhFoGiHIAjaUAg7QMgO0EgQAXciAWiTkicmsjdIUUhKMpgr4beugXggxAcylOgEZEcWhI hYk5gKc6fbxFi9FIhwBWiBFaejxVf2pge4RejJpZccZmh+xTegWBfSqBhjh6h15zdYZxg6F+f8Jy cuJ9iACZehijf0CfiG2oc4ylfJmhdrythtGcfgC6hCnCgDa7jVzDhICxhq7Bd8G4ddi8igDndyLq hD/YiljUjYXmcZ/RhLbac+breg0AzCIAuzYAyW4GtHcCsqwMtrwAxtgDxwAuth4ZtUIhulMVxoUq w6shuMIeu+cftAIysSBNsz5NtGY8t4U0xZszssFGs9g5vABetBxVukRWuGlkwYZryK1Rx7RiteRa tQyEwC6DykZ9yW12xXKGw658vs5ytdSHxw6fuB6UtTSrxGKhunaotampxrarzOaptAXMyRq+sTvC xGu6xH21yZi9wvf/9aunp410d/8AAAD/APX/AAgA+v8A+QD/+v///SH5BACfyrgALAAAAADsARwC Bwj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3Mixo8ePIEOKHEmypMmTKFOqXGnSnsuX MGPKnEmzps2bOHPq3Mmzp8+fQIMKHUq0qNGjSJMqPcqyqdOnUKNKnUq1qtWrWLNq3cq1q9evYMOK HUu2rNmzaNOqXcu2rdu3cOPKHbi0rt27ePPq3cu3r9+/gG/OHUy4sOHDiBMrXswYYuDHkCNLnky5 suXLMxsbzqS5s2eLmEOLHk26tOnTPW3p/My6tevGqGPLnk27tm29r3O7PaC7t+/fwIN3vU28uPHj yGMLX868udPk0KNLn06dqfPr2LN3rM69u/fv4MOL/x9Pvvxe7ejTq3dovr379/CFrp9Pv77j+OLt 66+KP//+jmH819+ABBZInkQuCaCgAAkuyGCCMDG4YEwOPvgghBEq2KCGFDqYIYf2TBiiiBVK6KFM JV54YoceXhjiiCTOtGKFL5WI4X/1dRHSTy5KGCGGLwJZ448qyiiki0Fi2OOQSb6IZJNPMillk0Iy aSGRKP4IZZVcGujle1Ei6eOWFGJJpZU2LfnklWeuWaaRU1YZppJmxulkmXN+qSd8eQ45pp1qnolm TYG+yaaWiHZJZqKCjjjln1xCemeWe1aKnEQqaiimo28mamKaNYroaZtAnmjjpnBGyqKoIBYKKJUm mv/qEo6X4LiRT5vmCiuKskbZpZiyGmqkm4w+SqmdDYYaY7GSSqqopdBWp6uZS3Y66LGMEqvlnNoq Wm22cB4ap5vTWhvtucpFtGW1RZaq6q9HmhsvnX5i6+uur1Iq7rv09puZrQCrtKGmMxLJ4b6Lbjgw th9maiGJNNJIKK8gNqxpncq2yuqMEj8Y8McnoXscyCSrK/LJKKecFIIqt+yyTMK9LPPMNNdM3Qc2 53zZBzz3jDPOMP3Ms0s+01Q00UATbY/PQ8t09NI9v5S00lNDHbXTVy8dk9BBb/200l4PPXXVTDdt ddVbB5212mZ/jTTXUoddNNlnm41012VrHXfZaMf//TbadP/t995rP5304eeyrDfYfgM9ttNdQ433 TYBHTnfgjA/ueNp2Y774z5FrXpPnfVudOemLpw5250aHTrVNrPe9ueszNf047bOvznnjlotuT8xA 3c676mnvjnjpmSev9eXFD8547q8j7vrxzus+Ou3Eg1759KlvD7ryp+9+PfWQq4788uHjnr35n4Mv PfF6Ki689edX/j361ze/t/jVYw49+u9LH/7Wd77ulW9ytdPf/dY3wNLNb4AJJB/WDlg+6HkOgq9D oN5k57v9OI9vz1ub8r63ubxhz378Sx7Zssa8Dcrtff+THOVOWLsVbi+DI6Rf66SWNxMOT2iGu2Hz /w4nwrqJDXKXKxwLOxicoDwwhuzjn/ZgR0EcWjGKw2OfBNMnPRRSsXrwk6H+DPhAF17xgyk84BRr WEUezk19GtwfAh34PDDm7InuG2MDMahHL8qxf0NUYftQV7cchlGAduQj6sqYuwVyL45q5KMZE9k7 QEISg/fjYPvA9yX5wdGCFLSgI9sovC4qMJJ17N4ii+e//KERiRCc3eMYeTo6ArJ+aoPf/wo4SSxa L5WTBCVOgPcTPF7NbW4MoNiYVsO2iZCFc0OmAd/2QRvabohRK+MIi+jGZGoOmnaj5thsKUgf1tKI 0+Rk6JDpv2e2zXJLBKalFKczzPCynrjRDz5Dc//Pfd7Fg/4MqED/GbKBGvSgCE2oQhfaE4kEACYP fclDA0DRisYkoi6ZKEbtgdGKdhSiIA2pRCVq0Yxe9KQi5WhKVepRiqLUpCONaUZb2lGLbpSlLeWo R2diU5rmxKUy3SlMh6pSiAJVqEbN6U01itSZKtWlQJ2pTps6VaRS1alRxSpNmmrVjUL1qUo9aU9F atVZZcWrIL3pSyOaVbaGFK0yDWpc3brSpY70o2m1CVyHOlGZ2LWuRU2pWgNLVJy0lah0RaxfFctT wA52sW/1al8N+1LCMpawaoWrZiVrWcGilK2afatZW+ITt9L1sTD9qGoha9rC8tW1k42rZVcr187/ fraoaM3sSmfb2b8CdiexjW1MW2vbxOrVsT+9bWtR69nK8la3u9XtZPuK2r2m1qS0hWxfEERc4y42 t3dlLXZdO17Y8va3LCUreUVrXOFeVrbuPS96k5vd4ZZ3sN7dKnIpy97xMneu2i1sfH0r2/QutybW xW1509vY32VFwafNqVFvy2DRMri60ZUvVkuK18CC9qrdrS2AL+rTEjtXw/wlroWn2+CqIjipO/Vp i6+7XAkHGLrw7a1fOfxdCFf1sCSV8GkXzGMHk7YnwVXwi/dKXfHWt7LSde5fO1zh/ya5wwTG8YJz LOWtZtXDFbbvk8n72ATHd8ZKPqptbxzg57ZZ/6w91umWoUzh1U4ZNVHN83HB7F/t5pm5CQ4zij98 WCp7maQwznKbB3xiAvPXwH6uqX7f/F5BT9q+crb0jLXs5hPnFc6ZPnOlh9xnC5vGt4DGtFQxO99F q9e8n5arodFsaDN3Wcv49fSLEc1qLou3wKNec5d1/F8BZ1jEOla1kmPN5hVPuNeAYRmqbaxYzmq1 1Y0uaZBprWHJXlW+iiYxVMUK1i87dbd7XrWLsT3Va2+a3N/G7Ljhre1sm/vH4i5zvctKbyAb26bP xndRUcLQghv84AhPuMIXzvCGO/zhEI+4xCcuHn5YnB8uubjFX4Jxjtvj4jEB+cdFDhONg1zjMv/p eMZRvnKMb9zjLVd5yktucpmXnCY2d3nIOS7ymoec5SPvONCDrnKg53zkN6+5zW2C8qP7POYfvznN Xf70n7886kmv+sqlTnSYZ1zqRff60gmEIJnrHOZh//rMsa72tbfd7GyHu9qvjnW573zpY/f42J2+ c7ZHPe9tj3vghe72ut/d7n7PydGTPpPFJz7wj/e64bkeeaSjHeyUJ/zbYd4bn+z97oNvPORxznW4 p/3yf9e74h8P+NQX3vWqf33fUY932Z9d9aevPOln//Xa9z3vjud973kPfMH7nvCaF/zmafZ5xgcf 9Texu+klP/nb357prMd+82PPfcq/XvO+9z7/7Ief+9bbHvTCH7/wi49+yRc/7McfvvLnb36RFX3j Tg9/6Ule+KGnffHgJ39B53bPV3op53N813JER3eJl3wsp38CKH/Jp3uiZ3VNZ3Ks13oFOHrX53fs h3xrB4L0J3Z7IhEJiHvpF3nsN3cG2IAsSH7pl3u6J4MueIIR+H2jp37Zd4LXB3wMCIEduIM1sYFC mHm7l3rxB38kuHzzYYOuh3jUl4MeKHYP+Hub14F4N3QzqIU12H43uH45GIS1x4NTuBNAmH1WWIFR yIEuuIbGh4aWF4cjqHad53mMB300OHlSKH2Q14PQZ3lQGHwr2IdpOH86aIQvmIjut4RmB4U4//F8 QdiGKpiCobd8btiIlUiIM8MyGIiBocd/A9h1RziF+UdyJ0dzPAeKgjiKkvh2P3iBWuiJoeh/pqiK V4eJbsh0p5h1RreLfUh3GmiLEOh+9/eDxLeEWDcfFLeMllGHzPiM0PgvJTON1MgW0XiN2EhxCJCN 3FiN3viN4BiO4jiO5FiO5vgR3JiO6riO7JhQ5/iO8FhQ7TiPBxeP9niP+JiP+jgV9NiP/viPAOkl +ziQBMkQAXmQAVWQCrmQDNmQDvmQEAmPCHkuAFCRADCRGJkzFrmRF5mRHikzFrlPFfCRJMmOEXmS EOkdCOETK1mSS2GPKnkQLCmTLqkUJFOTtf+RDzihk9TBkwfFMhv5EiHpEhUplBcZlEYplDBxlErZ lESZlETZkfZQlBwZEy3JEy2ZD1rpk1v5Ej5pD1vJlWLplWLJlV4JE135lToZlmfZlmwZlmuplWQZ l10JlnXZli5xlzz5lTuhl2yZl3eJlmmpl2cZmH9plmA5Wl5RkQ3xDVfxE1LplB1ZlFE5lZIplZRp mZYZmVOJmVDZmUnJmXzBl4mZl6aJl3s5loDplqdJmqlZmKwJmzKBmLQZE6R5mri5l7jZl3hZmrs5 m7YZm4iJmqWplraBlNUhmpzJlMypmZo5mU8JnZsZE0z5nE85nc1JnXnhmsFpnLC5lsXZmuL/eZu6 WZ5o6ZuJSZ6xGZ7nORPDaZpy+Zd2CZ/tSZy/KZ7B+Z31mZvpmZ/EgZykIRHKqZ3NWZ3WeaAGOqDT iaDY2ZmZ2ZFXuRMIkZrgeZ7eSZ/gqZvFKZer6Z7jiZ4V2pocmpsjuqEjGpi+yZcVapblqaL++Z7C GZ8W6qL1GZfAuRYb+WA9oaBKKZ1HOZQOKp2geZ1LCZVI6aPO2RfG6aIX2p/seZgpip7rKaOy+ZvD GaLs6aH2KZssmpbAWaO9+aX0qZ9hCqU0Kh1AWhkIwqNIuqBO6abOyaNwWp3QqaARuhoyWZv4yZ9P CqJ9KqVZ6qSBeqZ6Gqj+6af4yaL7uaWI/wqmY/qnUUqjxgmTQWqUnlmky4mpRUqkb2qgcLqZR6qY BDGTBgGYJ3qq8UmYFrqqj6qWVAqfhlmX8hmlsEqXqVqiUmqYtOql7omrKiqrgnmrV2qX5umoiUmp 3HGnOaGsInOb48GTyFodzCoYNNkyzgoePnmTOLmtlUJPfDGt04GS4poQ0VatMTkQUzCu+AiZIemZ D/qjmemgbxodQYmc7hqv3KpQAioTdIqZCUqkQmqV5moamXqdQgqh6jqQPjGgddqg0Umg2mkccpqd nJqvy5im7oqdQ5mpBVsck0mVmNqxFguNl8qgGaupaIqyDxuZojmyBkVPJYuklzqzEQuuof9xsgx6 nQmrsDuKsfMKryz7rpTZssfZrkB6r0Trskq7tEzbtAwlCk4btVI7tVRbtVZ7tdL4EO9qqZ1aqUsZ s/zarmEbtFQJoEZWEEHRkiK7qZq5syi5tXFamQ/LqfHqqRXbsQGbpAJbqkCxkkfaskOLsG4LkQWq t9npqW36qRMLsWzblDZLrQZhtwzruINLuA3KsSu7qQErp3QbsRt7tKJKF30rk/hasJdauZZrnZhb mSwblXXLr7D7s4ybtaM6unz7ul+7saGLuuG4sAYLsJ1Ls5I5E2tbsj0au3zxr51bsVhrUHj7oCEL vcNLvEYrtJb6sbq7F/Y6tJqLr82LMt7/Gh2PaxNqm7a8W44JlbTfu0/hWxvj+xfn2xHP0LvG8b5+ Eb/iOjIDOxn4G606Ua+lO7xVOcBd26NCi7iPEbTE67rqu74DBbhsi7N3O8FNabxJ2sB2Ua93m7cO zFAQrKl0GrHHK8I527gcfBfKq6AY3MEC5bMQ26+BG7jUG6rPWbY0nLxkG7tpysIvozgnXLiGO7sF vLkXvLdouxQBTMKW2b8nOcKwe7hKnLetG7dz+7tnW7tKgcBUrJQd4Q5MvB4LG8Nser1Aq7zBe8BF rLd4sb0VbMM8TDPtSxv267u2+8Xoi08r/MZ6vMcTGce3MccvAciQa8cFKb77O0yHXMeE/zyQO+y1 n2m8VSm38pq7ZRykRCvIVyy6l7mcn7u7i7yuFHzBrfvBjwy8jTuvRozFEmquADrFv/vJ9AuZJJy4 dru8bcq5y9sXtezKB8rHIrOm2JvGRLzAFey6bQy0JpzKmrzKfCvJG4yksAyOQSGy2MvLJqy7kKzG 2vwX0rvAJ+zL3WoyQWzFpoy8o1zOtZzGgZzI5DuwFBu8TxnN3xjGygm602vOKuuvNtzN24zCn8u9 R5vH4Ex24nwp7FwTdyrQMEMYLCDPaGHIzczMR4zKEu3Q/gvREw2/Fu2NA93RHv3RySrOeGvA1Quy dMvGxkzJlrzSMIHJItzKYpzJGw0yQP+RxHFbvMxruMI7zkpcFxpcE+kM0hqpxkCM00Q7xbeMvMmc xVvszULtT3UK0Av6tzJME0id0jWMzAWcxfpMzI381DMTyccbwqcc1GTbsPCs1P4cxWqNk4dQcD78 xFPN1tqczQfrxEvt0iqrugs80/pI0TELwGLLvHa9yZW8vHrttaAr2J7s1+YY0hEty4rs2AGzTwoN 1uhC2Zq92ZwdkZj92aAd2qI92n/c2aZduQpQEV5w2qzd2q792rB9GKTdcMow27Z9MrGd219htddw 2xqt28Ctows3BL6NHxsBDsGd3MoN3KCw3M6NI8Ud3cr83NQtj9J93dhd3NW93dzd3W7/kd3gHd7i Pd4ezTKHcN5vjd5v7RLrbQ/pfd4wgd7sLd8xQd/uHd/xDd/qvd7qjd/s/RLtDd//PeAEft/9fd8A nuAELuDufeANrt/+Pd/vbd8Abt8ULuEQnuAXbuER3t/tjeAYnt74vd/5/eEPXt8MTuJvPbg/YeIB PuAvXt8FLuMwHuMKvuA0YeMB/uEiHuEGruEdfuMMXuAu7uMgfuQ3LuQzYeM/DuIxzuMzDuU0fuQ9 LhP8reQ4juQm3o8SseVQXuVIjuBbHuVNXuRYvuQ//uRA7uNVDuZp7uREnuRxzuZWXudGDudrfuUj vudTHuZM7uYKrudrPuj/zeI9wd8Z//7fQ+7nFW7mea7lbL7ob67mck7lcF7kIk7pWV7iG37niO7m Xt7o8s3hfK7oEv7gF+7kKr7hKS7jmO7hB9nlpf7mlR7qct7mjh7mkJ7pou7pI07fmN7kqB7kfZ7r tm7qvh7nbe7qsw7mx/7lOY7nhC7she7Qlx7om17rUy7okF7pu17mxE7nY77nPS7llk7n6L7t2X7m 4J7lUv7i5s7ugA7jZ67pLe22QOHhpG7gQz7qqX7ic37qC/7vOh7unE7m6h7wLj7qkc7kBy/wdm7p Ot7vFA7r2q7sDi7trO7w496OfkzedmHRIH+/+D7yk3EPH0kyN+DdLN/y+Wjyou3yMv8PMoQw8zZ/ 8zif80wM8zzf81hL3emq87fi82At9Ea/EERf9Ee/9Ezf9OSa9EJ9GJzw2mbg9Exf9YQM9XphBjhp 9VWB9V4v9GBvx9DIAwbF9V0f9lEx9p39jOjB9m3PjG8PEo/As1pf3iYDi6dHdY1YjPg3dbfY93z/ crRI+IFfiyToi3HHf6bXdIx4imofF5IYgJo4gWX4c9RHhEqoh6iYiEL3fzi3+ciIhTId+Y/ZE/qn c4GoiJdPe2Cohmdn+dVXhrE/g4Y3hk9IiXdP8hDx+X5ojFOXihNodK7o+8VogQoIdS8I/CDo+5g3 +Ch4/FFn+m8xfSiY+YbY+sp/h2r/+IY0WIVyd3+tL/64L4bTT/1t8YbLj/2cr/2rD3h8SPmL6ICV WH7cH/1uh/5bARR6n/jACBD2BPKzx8+gwYIHEyokKLDgwoYHEUp0OFDhw4EQCTbMyHHjxIoeL2Z0 +HGkx5IXOVZk2dLlS5gxZc6kWdPmTZw5de7k2dPnT6BBhQ4lWtToUaRJlS5l2tTpU6hRpU6lWtXq VaxZtW7l2tXrV7BhxY4lW9bsWbRp1a5l29btW7hx5c6lW9fuXbx59e7l29fvX8CBBav9V9jwYcSJ FS9m3NjxY8iRJU+mXNnyZcyZNW/m3NnzZ9CetYQmXdr0adSpVa9m3dr1a9iNB8+m/13b9m3cFfXl 5t3b92/gwYUPJ17c+HHkyZUvZ97c+XPoMhlEp17d+nXswGNv597d+3fw4cWPV5zd/Hni5NWvZ9/e /Xv48eXPp1/f/n38+fXv59/f/38ANeMnQAIL9A8ABAEwcEEGG3SwvgQjfHBCCiu0kLUIEVxvF9nQ 8/DDnhIEcUQSSxSqMoEA0EnFili8ycUUWVpsLATVgtGmG4vKsSsVc7yQwB7tyTFCl27cUSYjZSwv xhiJbNFJmowUMaYjeaqRSYeqjJIlLZ+sscsVhcSyJSh/KpNKMX380b0Vr2wRSS5zShLHLMUcE8wi 4xyTTKLcnDMoPP/sc886dSx0S/88TQQ0zTfJvJJFIkX0E1JG7UzRTZhcDPLOOCF99EsYNb20SSFB pbRHUC+d09NGs3yUySA3dfLVULmcslRK7axV1zRRxdRSVz3V9NNfd32VVFkTVVQgFIGF9cs6N600 1yZP1dOeGaPFMtRIqZX2T1lLhTXaXK3lk9dWLQ23V1LbRdVRb9VF11hkt7WVWnlFFfXQad1llNI1 Acz0TX3zHRdXdX+1M1t3b91z33nvFfZbe/ctF158gS04VoOrhXbgguuV9l+S5c1z10pTRrlXWkUW MeD2hgq55H77tfhcODPm1+SOd0Y53pt51tjZn0c9VuWhQdb2WXFtbXpdZ5euWOr/oonmleNlqZr1 2EgPlvTQYROF+No7ieX0Xp6nDNrXdPHdGuJ4cRU26lkLvXVse6/mF0q1J51YYi/BnlbhrF1qFiyG C4dL2Z5g9k+sxBV3i3GeHF9PcsyrIzxzzju3ivKyDp8JdL1IR3NQ30zH1kIFYaZz76jbxulMK2ui PfYiHc4z082PpNxh3yd1dfjAeVd9Z9zlJn511lv/8fWzTydUeqHERt766ZEXHGeyXxwVTXNHTvel 46kf/3vmL3TewqfvBp5g5WVHOH6fyRX+31SfTlrXv4W2eO4zrSp/fbuf+PKmNJuRT1VDUlX7Cji4 6e0oVzBbH4Wo5r8MIS1YX2sX/9GORrFTxY1cgIPfuKRUrLSNb2RAW9q7uKeli4WQgUKLGNJCyCkJ 7o5FjtNQhRA2s5VhbX821B4RPbbCbX2sVQC0m9WedbHodRBdNuRg96p0s/DpCW9QBGEVmci9DTLL chVskLk0iEP/lfCMnbrgympmwJBRLGVT6xm4zgbEIRJqbPTKYqO26LWedQxqD3uT5fjTJjmWqVa+ EtTc6LfAMPJNiWpr4JDcx8jzSZJteJtfA/nXvx9izJPc+tTyijXJwMXwkibjoCWVmDzP1UR0QFGd 6cqHurrcEpc7IZ0h2Sez2oUpK7o0DjFx4kv9xFKZy4zKLLsSOWbOBpmPg+XAzv83uu5B01BxMaZx pnm52c0RkmAEnaCweUSfBBGWboTTLjeoLFd2M3n3U+CLdBdNp9yzS+bc0jWtuUY5yY96jJNn7EjH z+rxbnlmwudQKiNEg3JNUvnT3yBftqQ6kg+UioRfAP1ILHP6jVX0u12SHDlRFdpvoy0zVUf55zJ6 RpClBEzfN/Gjx0pqK444NCOWEgc1GGb0nUIkpRfT2MSd4hFjLlRq8fD4VCi6dJFmtCjOmCo1m+7n n0Tc6ScTNsOffvKKqNyjS6MIQthFUqVCteL2dNZGuHbwj/Mi61qvd8GDZTWZ/0RrV8MVtEJitGby Q+tZ17hIvBpWikp1I9ykxqf/p8Z1iDGUayBTWll76VU8faKpWGto1CRij25o+x+mEOtRu4GUhAT8 omfzSMpReilsmCTp0Vh2WaOWVpTzm60nG1pTyEBOsO08Si1DFNCoIHQtVdLse/Kgza1AN7nBnN3m vKJcG8GkueD5bXe9WznKfNcq2yVveIxyS+t6rqDiRc4gZUvcqtjRTJxU67kIejswEpK9JXorDbs3 FQYSM736/S/0eFng/fbmoSYUF2pfij+2QbhpDgwb+oiHQqBRVGGUbexIP8ba3Y2SksrbGnDLe2L3 cPiAgtRfvrioRiQaVMZ0dJsWqwUvQlLVv47dWFxR/GP4cAxrewQxYBP5xEAG//CV23ujb8dpQBh/ mK1M7quPgXzl1bSpoituZBMxm8WZzRjKPGbwZMXJRr0ZcbR0pFlhE2ydtR01lWD7oNdQydtT6qyo nzWtWd+L5MGJcG91/htg33xoZa4X0YuG84AZzRtnjne4j7YLluPDFelSOi6Whk/24FvNEIsxMQDO Lo/CiRZOvwei42zrqR3y0ypWd6EtXG1+bXfPfm4zjOcEX/Z0J9LdzlAnqXYNIm19We8ZOETDOlk9 cWfLIpovoUvkdTt9VzYmr9ifmha1ZCAqQYm29IHrYpgATeVIkRlsyXFMVY8nfMe4hfvJGu5fn1N7 YT8ii7ZermH0kvUud5uN2P+tObAW6+pXgvUUSS2rbIDbbLOD5/vGUxwaZfUW2TS7GY0Vl/iQB00v M9eL31c9M7erXWV/ebXC4XRzxixeshP2lIWsrjglC51RVdZVdm/juJC5rLERl43hB1NZ0L8bacG5 u8k6XtikH+5YL6M8pElrKrWtVmOMy/yxrMy3lLZ8VKzXT41TlGNgB64azprNs1y8M6jrRmL74baV TkxtuWINPLwT+d9PtvORdy1i8cW5rIt9pH5H3LVgddLkdlH0WxqvnF4sniy4xs3jJa8XpBcl05en y9k7zZTNc14unn+Ppwv+aqcX1/IsF+ZTwPT41Vcb9aRnTUBXiF8d2pOgykb/rPGMCWXZ/y7WW1Xg 6x1NNhhSHrmxx+evhbl7ULc+iqFO6EGPi9xeWzvZsqel6WFCAWYuOMYtNJvfTPyPkQOwj4nv5Gnt XcKg77tbDH/g1S7Z2Np+OKhPsvH3+nay90s6mKs3ojo/2iuN03unFjusW8OiMkMhKZIbaJkhlMI5 ySK507pAtFEzj3O2ttmwtBo7nJo4rmGxkhOvzJOvfmOScvuqdUmWawk8+EO+FMI4DqSpu5kyP+sr 5TuhsYs/EKQ7AQytwjKXA6y9RbE6y3I7oouYkRpC2JmrM2o5C7wjJ0wsNoosfgI5QNIgYZs6zNqf F4w+0RM7wAstXvsia3E5/9vquQ27O2ArLdqCrVASOdfiOzn0KrrprLyZKHSLu9UCrZwqMzLEp8wj itCLjuO5tsFwkSMEp6VIxOZQvoVjvrOAkUdUjzKsiEzsRATcRFDsDWWYC0tUtutjqFBMxd5DsB7M PRxBvO7bvibcKgr8Cm9IxdtgpyLqrxw6vd9ztVnUqLtSChbAxb5AERDbOUhCrZUrpQYDvF6Mn71j JT9sxhEaHklCMw+bRifxRG/kjqrLkALUOyj0l6o7IJLjwCoUp5njoxnEo2/UDDKKx8cIxx1MIzIb RCqMwcSiQhuUQRd7v/JruDqhR8yYxyPEvrLrOSyMqjHUMU7Kx3X0x62bOf8aBDMsjKZSpA1krLMo XMYQRLeT0sOILMf7A0lAk0Y000N4C586M8iDhMnIACa82EjNYw1gwDKElEnEoKXjs5GfDAuefKih LEqjvI+dPEqlXEqmbEqnfMoHMUapnEqqrEqrvEoUhEqt3Mosw0qvFA6uDEuxDI2vLMvnIAezTMu8 OEADGEu3fEu4jEv7UEu6rEu7lEq5zEu9HLW79Aub7EvAbArc88q9TLUEKcxiC0y5CMqvREzHhEvF jEzJnEzKrEzLvEzMHAoiwIpDHIvH/My5zEzRrAuU6IiQSImVsIiIGAnUNInSfAiGQIjRpMrKeM2N OE2MyM2SIAmXSM3SjIj/3TxN0BxO+dCJ27xN3UTO4AzO1FxO5zxO3HTO2fSKZcgOFIHO1aQI32QJ kdjOhUjOhOBO3CRO8hQY7ORN2BTP6HzO01wJ6FxOjihP+Tyk8wTP3GxO/FTP9CQJ4ETP2ZtPAK0P 3nzN+5TNkJgI1mxNiIDP78zNAH1Q+mgLCJ1Q2JhOC71QDPWNzszQ4KDH80IwaZPFmiS1BCS+D/W6 8wqUZWqWkgJRE3Uy6ssvFU0K93ohpDCpZJvR4KMTXUzCXKMJD8U+DyzEaHu9T+OK/grBpSgn72tS Jy2+bUPFHz00cLM7cWM2mLOvk9SXdoMgxYsw9sNB9bsxZ3wktds1biS//wk8SWx0HxJyoHfbN3yD LZv7oT/EMzKTP1BiptYaxya8ql78R2o0R8iy0ZR7yM8Cu5BcQIy0w4VsR2pjuoy0Q7JrMYWzLC79 Ofo6jwWDK4SrQ8UbOaFySJWUuEW1uDV8okf9uTBs1KdLKy4VyFLF0YeZQFP1O5eryH4cRDHhSgtE OKarRYKksa0TQ4FC1Iv7U1g9VbdKs1e1wghkM10dvG9jM1ItR7b6q4KMR17qrJujq7Kj07ortKFT v6nyQd56wEOFRoOLOaGzuq7JQxhzMk1K14z8mp/xSBnawHhywcTbVA7ti438y4AFReajxIJNWIVd WIaly9UDPhAhWLXcp/8YLVGKJVI5FR6fMzCInb6y2D/vS9J3E1HfiDzeuNjiclGKW7iIMiUi9dhQ k9gbBdhg5L+67Mh58z92qSgxvbD/81mvy8YsbDaf40bn0yl9+qg9PUNpJCt607dzpdWRBLikVTks HbIy7TYIhUgTytUiJNQIFDRIRSoMI5mNPawM6iJG0rmQU8d1vaHRolYqIrpVASS4HTNOLEw5yS2U /CojkiGNq1RRVSS+6TiznbIMJDC39TeuM0FMwr/Be8Yv85nDQ6cwC1VVjFTGTda31dxb/VyQpbp0 20c0ksLFNVaJRFbFXVUNlLOl89wuxEXQai2Vc1xezVXMTSTCAdMcG0D/se2oqgU02vFWQEQ8K/Xb hlTajTMzttPdkWzY3FhE6H2LDR0R6TWR/lCHC5le7gWK6u3e28hEKWULmU3Z5bhe6vKch4JFrOhR fsudEnU9GjnSlyU+kbWm8jmeptS2z6HZlXUatCjfKT02H63Zc8rfxmFKIpw1RtXZJyyxGUxXqg3C MXVgklzaagTa3sq7CavTkcVTS8rZLXPGOXzapuU/oVWy2tI2nuPXKdnfGoygt6XVweLcnRW0RIW4 aGVAYrXBqHMxZQ1DZ31Ir7Vdrv3c5DVifoxcihHf1otVdP2321PbfB1Vyi1BlglcQaRbuJtcwwWi 9xFiWJTitLHVGWZb/y4GVS6cQ7pjXYC6DhbFVrvd3MBdXr9jXkJMMiEeVmtd1tOFQnVKuT501CvE VkiV27BtYzlr4kf0xbrbQKCb4nkLZKNz4yZT4zMkx3rNwzA+3kjm1ytu3LvLqU+d3ZXs01P2rSq9 U3utX+T4XqUQ4HwyucZz4o9lTMfjNlkGX14GEVju5dw4wg9wjHmApyiN5ReNNnfai12Wim5Kr7MT 0px50g8d0llUNOySZlsTsP5bZlPtJ2MO0WMeZ+roVEShZl3bZnQ+xXSu2Gl733d2RdtpZwKuZ62l R6Hl2cLDs4ZxFFZTMqNVSU2q0g5+sYEGYAieKQfuWf/7WaNx01RqRv+KauhnfOAu/Z9O2dK4s1VN bplodrWqAqprwsBmE+N5ZaFzjN1n5eGvveGh7Vw14+IaG2L/OlQaLuSw42Pd1VUgLhwoJmVW/de/ u13XbemVDlQky8Fw5Nsu9tuWflye/ukfjjPS+tNXQtX3EdQVBMjLhQ5zjrEODLmFRKokHlalu2Oc LmQeJtZmfVatS+QlVOvL7SMHnGoZ1uoa5mqsGjiFzOQ9xsHiEWpVrer2U7dxhVZUdl4fXJurBup1 xeSre+QfxtNafTnKRttVJMCWYkerakOvDq/g6NgCDsVe4mvoQFifbGYSUe3A+OXooFDyxF7YHs6w 0FFnVub/nO0GsYb/+dBmkqVJ+sXfRRFtYPZpGh1gcaYu1i5uxKEMNmYaO40t3qWwoS7oO1PoCJsp FA3rX9Ft0Dyyl8swTyPdeV268CZBpSlAYPHuzwRvvqtUdmJqD3Lvpm7e8RNqMC2TxlAE9nZL+nY4 TO26JP5veH2sLjvclVWR/n5K28s2PxRe9hPsO2TXd3W/Ps2zh2tl5o4KW9hwDxdK0CaRBR9xEi9x Ez9xFE9xFV9xT1QFFkfCD49xA3xxGl8QYACGDykBGU+OG99x5q5xIJ8QHx9yIi9yIy/YIE9y3cYG JYft31CEIxfxJp9yKq9yBo9yXrZyLb8pLO9yL89MegSHLR9zMlfy/y8/czRPczW/PNeOzDLfLHsA BzkHhzifczq3czpniTl3iDwXiD6v8z3/8zu384qQcz6/80KP80In9EDfc0BXdD5f9D53dEj3c0n/ 80e39EjX80k3dE5H9EgndE3XdEYv9UmP9Dc3L0zH9FFPdFI/dT3fdEtndT/v9EpXdFYX9FHPc153 dVmHdU+/dViv9F6X9UPf9Fyv9VBH9kSndWBf9hlP9dZI9pag9mUvdl/XdVrHdW7X9mp39WcX9li/ 9W5vdW9vdl8ndXUfd1AH9VlH929fd26PdmlfDV43dFFvdX1vd3IndjwH9FUv93NP93sPdmwn94Of d3cX94DXdXCvdf9nV/eFn3iIz/ZgH/V6946BT/d99/d4Z/iXKHaKt3ZID3eHZ3Z4r3OCR3hxv/R3 j3db3/iA33WWv+eM1wydOPWI//iDt/aNf/h5f/mVJ3Z5r3mib3maT/qTB/l+7/mjX/qjL3mOX/NP H3RK3/arn/phx/V8r3lRz/dOt/qCB3iyv3qDJ3hKr3iIF3umF3Z8b/a0//q4/3Vjp3q7t8w2V8yb /4y773u/z9Bt//vFq4yuz3SQ/3dj/3fEX/uR9/TCN3y5v3izD/u3h/ZZx3dGT/y4F3RH7/phz3rN d/xl33vTyInPR3adr3ukn/qkX/fAD/egx3aRz3a4R3lzN3pb7/j/kI96p6d7hRf8cRf6d094kt95 ngd6rI/11Bf+3/f94S/6nzd53XcJfk95pO/1hBf86Jf6mUd7yd99xpf9i2f55Q/6y+/+c6/+6fd9 8Q976q97ij/079d3Iyd864/97k/899//li9+5QcIcALt2RM4sCDBhOAQLkyIkGBDiA8LNow4UaJD igc1WsSoMOPEjgstkvzoceG/lCpXsmzp8iXMmDJn0qxp8ybOnDp38uzJMyJQkyUddrxY9CJRkxiL ihSakalTo0oZJpVa9apHpE2fXq2INWhWez7Hki1r9izatGppgmz71OBbsGGZwjW48WjIpHXhguSr ta1fuST5lgzM//Xw1JGE/WLVSJQxx65uJ1OubPky5syaN3Pu7Pkz6NCiR5Mubfo06tSqV7Nu7fo1 bNc5Y9Oubfv25bW6d/Pu7fu3TNzChxMvbvw48uTKlzNv7vw59OjSYwOvbv069uzat3Pv7v07+PDi x5Mvb/48+vTq17Nv7/49/Pjy59Ovb//l9Pz69/Pv7//1fQEKOCCBBer2H4IJKrgggw02t4eDEUo4 IYWrGXghhhlqiGGFHXr4IYgRbjgiiSWaeCKKKaq4IosttvREe5K4OCONNdp4I445tnRaMSH6+COQ QYKmI5FFGnkkkkkquSST8sXRJJRRSjkllVWyhAWWWWqJpZVU0ljS5YhCijkmmWWWBiaaaUZpJpug zdImnBOqOSedddp5J5556rknn336+SeNcQo6KKEhAnooookquiijjTr6KKSRSlpWLGkVeimmmSI4 KaedmqUpqKGKulxAADs= ------=_NextPart_000_000C_01C6F78A.E88362F0-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Oct 24 11:52:35 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GcOZv-00010J-4Y for capwap-archive@lists.ietf.org; Tue, 24 Oct 2006 11:52:35 -0400 Received: from hermes.tigertech.net ([64.62.209.16] helo=g1-42.tigertech.net) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GcOZq-0008Lt-RD for capwap-archive@lists.ietf.org; Tue, 24 Oct 2006 11:52:35 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by hermes.tigertech.net (Postfix) with ESMTP id 8449A431535 for ; Tue, 24 Oct 2006 08:52:23 -0700 (PDT) Received: from mx1.tigertech.net (mx1.tigertech.net [64.62.209.31]) by fry.tigertech.net (Postfix) with ESMTP id 1E5644A4547 for ; Tue, 24 Oct 2006 08:52:01 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id E60B9398014 for ; Tue, 24 Oct 2006 08:52:00 -0700 (PDT) Received: from ams-iport-1.cisco.com (ams-iport-1.cisco.com [144.254.224.140]) by zoidberg.tigertech.net (Postfix) with ESMTP id 4710A39800F for ; Tue, 24 Oct 2006 08:51:55 -0700 (PDT) Received: from ams-dkim-2.cisco.com ([144.254.224.139]) by ams-iport-1.cisco.com with ESMTP; 24 Oct 2006 17:51:47 +0200 Received: from india-core-1.cisco.com (india-core-1.cisco.com [64.104.129.221]) by ams-dkim-2.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k9OFpjCG017372 for ; Tue, 24 Oct 2006 17:51:45 +0200 Received: from xbh-blr-412.apac.cisco.com (xbh-blr-412.cisco.com [64.104.140.149]) by india-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id k9OFpgB1026262 for ; Tue, 24 Oct 2006 15:51:43 GMT Received: from xmb-blr-417.apac.cisco.com ([64.104.140.146]) by xbh-blr-412.apac.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 24 Oct 2006 21:21:43 +0530 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Tue, 24 Oct 2006 21:21:41 +0530 Message-ID: <6499201801FBC6419ED8C910302F67AC01FF8A1A@xmb-blr-417.apac.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: transition to join state Thread-Index: Acb3hExvfrWUJ93uSxCyGHA29lgS4w== From: "Smitha Smitha (ssmitha)" To: "capwap" X-OriginalArrivalTime: 24 Oct 2006 15:51:43.0147 (UTC) FILETIME=[4D4FFFB0:01C6F784] Authentication-Results: ams-dkim-2; header.From=ssmitha@cisco.com; dkim=pass ( 59 extraneous bytes; sig from cisco.com verified; ); X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.373 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE, HTML_MESSAGE, SPF_HELO_PASS, SPF_PASS X-Spam-Level: Subject: [Capwap] transition to join state X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============0729904556==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 92df29fa99cf13e554b84c8374345c17 This is a multi-part message in MIME format. --===============0729904556== Content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C6F784.4D515887" This is a multi-part message in MIME format. ------_=_NextPart_001_01C6F784.4D515887 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable All, =20 The spec talks about AC transitioning to Join state on receiving DTLS Client Hello with a valid cookie. Should this really be the case?=20 The AC should transition to Join state on receiving a Join Request. =20 Thanks Smitha =20 ------_=_NextPart_001_01C6F784.4D515887 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

All,

The = spec talks about=20 AC transitioning to Join state on receiving DTLS Client Hello with a = valid=20 cookie. Should this really be the case?

The AC = should=20 transition to Join state on receiving a Join = Request.

Thanks

Smitha

------_=_NextPart_001_01C6F784.4D515887-- --===============0729904556== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============0729904556==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Oct 24 11:56:20 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GcOdY-0004yT-Bw for capwap-archive@lists.ietf.org; Tue, 24 Oct 2006 11:56:20 -0400 Received: from hermes.tigertech.net ([64.62.209.16] helo=g1-42.tigertech.net) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GcOdR-0000ie-Hi for capwap-archive@lists.ietf.org; Tue, 24 Oct 2006 11:56:20 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by hermes.tigertech.net (Postfix) with ESMTP id B6C5C43153F for ; Tue, 24 Oct 2006 08:56:09 -0700 (PDT) Received: from g1-42.tigertech.net (hermes.tigertech.net [64.62.209.16]) by fry.tigertech.net (Postfix) with ESMTP id 606FD4A4547 for ; Tue, 24 Oct 2006 08:55:48 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 416144314DF for ; Tue, 24 Oct 2006 08:55:48 -0700 (PDT) Received: from sj-iport-4.cisco.com (sj-iport-4.cisco.com [171.68.10.86]) by hermes.tigertech.net (Postfix) with ESMTP id AC1DE43152E for ; Tue, 24 Oct 2006 08:55:44 -0700 (PDT) Received: from sj-dkim-5.cisco.com ([171.68.10.79]) by sj-iport-4.cisco.com with ESMTP; 24 Oct 2006 08:55:43 -0700 Received: from sj-core-4.cisco.com (sj-core-4.cisco.com [171.68.223.138]) by sj-dkim-5.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k9OFthI5024515 for ; Tue, 24 Oct 2006 08:55:43 -0700 Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-4.cisco.com (8.12.10/8.12.6) with ESMTP id k9OFtPOv020902 for ; Tue, 24 Oct 2006 08:55:43 -0700 (PDT) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Tue, 24 Oct 2006 08:55:39 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Tue, 24 Oct 2006 08:55:39 -0700 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A2680878@xmb-sjc-235.amer.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: transition to join state Thread-Index: Acb3hExvfrWUJ93uSxCyGHA29lgS4wAAI3BZ From: "Pat Calhoun (pacalhou)" To: "Smitha Smitha (ssmitha)" , "capwap" X-OriginalArrivalTime: 24 Oct 2006 15:55:39.0747 (UTC) FILETIME=[DA564B30:01C6F784] Authentication-Results: sj-dkim-5.cisco.com; header.From=pcalhoun@cisco.com; dkim=pass ( 61 extraneous bytes; sig from cisco.com verified; ); X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes X-Spam-Status: No, hits=0.4 tagged_above=-999.0 required=7.0 tests=DNS_FROM_RFC_ABUSE, HTML_30_40, HTML_MESSAGE, SPF_HELO_PASS, SPF_PASS X-Spam-Level: Subject: Re: [Capwap] transition to join state X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============0170054582==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.1 (/) X-Scan-Signature: 386e0819b1192672467565a524848168 This is a multi-part message in MIME format. --===============0170054582== Content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C6F784.DA39966F" This is a multi-part message in MIME format. ------_=_NextPart_001_01C6F784.DA39966F Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I'm not so sure. If that were the case we would need a "join ready" = state. We clearly need to transition to a new (non-DTLS) state when the = DTLS channel is open. PatC -----Original Message----- From: Smitha Smitha (ssmitha) Sent: Tuesday, October 24, 2006 08:52 AM Pacific Standard Time To: capwap Subject: [Capwap] transition to join state All, =20 The spec talks about AC transitioning to Join state on receiving DTLS Client Hello with a valid cookie. Should this really be the case?=20 The AC should transition to Join state on receiving a Join Request. =20 Thanks Smitha =20 ------_=_NextPart_001_01C6F784.DA39966F Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable RE: [Capwap] transition to join state

I'm not so sure. If that were the case we would need a = "join ready" state. We clearly need to transition to a new = (non-DTLS) state when the DTLS channel is open.

PatC

-----Original Message-----
From: Smitha Smitha (ssmitha)
Sent:   Tuesday, October 24, 2006 08:52 AM Pacific Standard = Time
To:     capwap
Subject:        [Capwap] transition = to join state

All,

The spec talks about AC transitioning to Join state on receiving = DTLS
Client Hello with a valid cookie. Should this really be the case?
The AC should transition to Join state on receiving a Join Request.

Thanks
Smitha

------_=_NextPart_001_01C6F784.DA39966F-- --===============0170054582== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============0170054582==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Oct 24 12:34:50 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GcPEo-0006Qm-Af for capwap-archive@lists.ietf.org; Tue, 24 Oct 2006 12:34:50 -0400 Received: from mx1.tigertech.net ([64.62.209.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GcPEd-0007g1-5m for capwap-archive@lists.ietf.org; Tue, 24 Oct 2006 12:34:50 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by zoidberg.tigertech.net (Postfix) with ESMTP id E36963980B3 for ; Tue, 24 Oct 2006 09:34:33 -0700 (PDT) Received: from mx1.tigertech.net (mx1.tigertech.net [64.62.209.31]) by fry.tigertech.net (Postfix) with ESMTP id 4FEFC4A4547 for ; Tue, 24 Oct 2006 09:34:02 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 06C87398060 for ; Tue, 24 Oct 2006 09:34:02 -0700 (PDT) X-Greylist-Status: Sender first seen 2 days 22:58:59 ago Received: from mx01.sinett.com (63-197-255-158.ded.pacbell.net [63.197.255.158]) by zoidberg.tigertech.net (Postfix) with ESMTP id CD8D5398055 for ; Tue, 24 Oct 2006 09:33:53 -0700 (PDT) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Tue, 24 Oct 2006 09:33:51 -0700 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] need clarification on UDP ports Thread-Index: Acb0er3UXKHkBldMTBqMJ0APcFqCSwB1MYVAAE4hjT8= References: <4FF84B0BC277FF45AA27FE969DD956A202B184E1@xmb-sjc-235.amer.cisco.com> From: "Hasan Raza" To: "Pat Calhoun (pacalhou)" , "Scott G. Kelly" , X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.107 tagged_above=-999 required=7 tests=FORGED_RCVD_HELO, HTML_30_40, HTML_MESSAGE X-Spam-Level: Cc: capwap Subject: Re: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============2000859947==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.1 (/) X-Scan-Signature: 7fa173a723009a6ca8ce575a65a5d813 This is a multi-part message in MIME format. --===============2000859947== Content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C6F78A.3086181F" This is a multi-part message in MIME format. ------_=_NextPart_001_01C6F78A.3086181F Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable -----Original Message----- From: Pat Calhoun (pacalhou) [mailto:pcalhoun@cisco.com] Sent: Mon 10/23/2006 7:28 AM To: Scott G. Kelly; pagarwal@broadcom.com Cc: capwap Subject: Re: [Capwap] need clarification on UDP ports =20 > True, and if we decide that hacks are not acceptable, then a third = port > is really the only way to solve this one. However, I'd like people to > consider the zero filled DTLS header. Yes, it is "hack-ish", but=20 > I believe it to be completely workable. For that matter any unique pattern of fixed amount of bytes in front of udp header can work for discovery packets. Why should it be zero = filled DTLS header only? The only restriction on the pattern should be that it is uniquely different from first fixed bytes of the DTLS header. All zeros is a good pattern, though. I think zero filled DTLS header would impose variable header size problems (in future), because version field would also become zero. Hasan ------_=_NextPart_001_01C6F78A.3086181F Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: [Capwap] need clarification on UDP ports

-----Original Message-----
From: Pat Calhoun (pacalhou) [mailto:pcalhoun@cisco.com]
Sent: Mon 10/23/2006 7:28 AM
To: Scott G. Kelly; pagarwal@broadcom.com
Cc: capwap
Subject: Re: [Capwap] need clarification on UDP ports

> True, and if we decide that hacks are not acceptable, then a third = port
> is really the only way to solve this one. However, I'd like people = to
> consider the zero filled DTLS header. Yes, it is = "hack-ish", but
> I believe it to be completely workable.
For that matter any unique pattern of fixed amount of bytes in front
of udp header can work for discovery packets. Why should it be zero = filled
DTLS header only? The only restriction on the pattern should be
that it is uniquely different from first fixed bytes of the DTLS = header.
All zeros is a good pattern, though. I think zero filled DTLS header
would impose variable header size problems (in future), because = version
field would also become zero.

Hasan

------_=_NextPart_001_01C6F78A.3086181F-- --===============2000859947== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============2000859947==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Oct 24 12:40:43 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GcPKV-0000ha-EC for capwap-archive@lists.ietf.org; Tue, 24 Oct 2006 12:40:43 -0400 Received: from mx1.tigertech.net ([64.62.209.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GcPKS-0000LS-JC for capwap-archive@lists.ietf.org; Tue, 24 Oct 2006 12:40:43 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by zoidberg.tigertech.net (Postfix) with ESMTP id C10E13980BA for ; Tue, 24 Oct 2006 09:40:39 -0700 (PDT) Received: from mx1.tigertech.net (mx1.tigertech.net [64.62.209.31]) by fry.tigertech.net (Postfix) with ESMTP id 2E6FA4A4547 for ; Tue, 24 Oct 2006 09:40:05 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 1367939804F for ; Tue, 24 Oct 2006 09:40:05 -0700 (PDT) Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by zoidberg.tigertech.net (Postfix) with ESMTP id 0137239801D for ; Tue, 24 Oct 2006 09:39:59 -0700 (PDT) Received: from sj-dkim-1.cisco.com ([171.71.179.21]) by sj-iport-6.cisco.com with ESMTP; 24 Oct 2006 09:39:59 -0700 Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237]) by sj-dkim-1.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k9OGdwMe014972; Tue, 24 Oct 2006 09:39:58 -0700 Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id k9OGdwAq028323; Tue, 24 Oct 2006 09:39:58 -0700 (PDT) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 24 Oct 2006 09:39:58 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Tue, 24 Oct 2006 09:39:58 -0700 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A268087B@xmb-sjc-235.amer.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] need clarification on UDP ports Thread-Index: Acb0er3UXKHkBldMTBqMJ0APcFqCSwB1MYVAAE4hjT8AAMAtTA== From: "Pat Calhoun (pacalhou)" To: "Hasan Raza" , "Scott G. Kelly" , X-OriginalArrivalTime: 24 Oct 2006 16:39:58.0408 (UTC) FILETIME=[0B05C480:01C6F78B] Authentication-Results: sj-dkim-1.cisco.com; header.From=pcalhoun@cisco.com; dkim=pass ( 61 extraneous bytes; sig from cisco.com verified; ); X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.877 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE, HTML_20_30, HTML_MESSAGE, SPF_HELO_PASS, SPF_PASS X-Spam-Level: Cc: capwap Subject: Re: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1771819779==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.5 (/) X-Scan-Signature: 8f374d0786b25a451ef87d82c076f593 This is a multi-part message in MIME format. --===============1771819779== Content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C6F78B.0AD7A5BD" This is a multi-part message in MIME format. ------_=_NextPart_001_01C6F78B.0AD7A5BD Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable While it is impossible to disagree, it is worth noting that version = fields are typically fixed in location (for future compatibility), and = generally increase monotonically.=20 This does point out that CAPWAP should specify a DTLS version. PatC -----Original Message----- From: Hasan Raza [mailto:Hasan@sinett.com] Sent: Tuesday, October 24, 2006 09:35 AM Pacific Standard Time To: Pat Calhoun (pacalhou); Scott G. Kelly; pagarwal@broadcom.com Cc: capwap Subject: Re: [Capwap] need clarification on UDP ports -----Original Message----- From: Pat Calhoun (pacalhou) [mailto:pcalhoun@cisco.com] Sent: Mon 10/23/2006 7:28 AM To: Scott G. Kelly; pagarwal@broadcom.com Cc: capwap Subject: Re: [Capwap] need clarification on UDP ports =20 > True, and if we decide that hacks are not acceptable, then a third = port > is really the only way to solve this one. However, I'd like people to > consider the zero filled DTLS header. Yes, it is "hack-ish", but=20 > I believe it to be completely workable. For that matter any unique pattern of fixed amount of bytes in front of udp header can work for discovery packets. Why should it be zero = filled DTLS header only? The only restriction on the pattern should be that it is uniquely different from first fixed bytes of the DTLS header. All zeros is a good pattern, though. I think zero filled DTLS header would impose variable header size problems (in future), because version field would also become zero. Hasan ------_=_NextPart_001_01C6F78B.0AD7A5BD Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Re: [Capwap] need clarification on UDP ports

While it is impossible to disagree, it is worth noting = that version fields are typically fixed in location (for future = compatibility), and generally increase monotonically.

This does point out that CAPWAP should specify a DTLS version.

PatC

-----Original Message-----
From: Hasan Raza [mailto:Hasan@sinett.com]
Sent:   Tuesday, October 24, 2006 09:35 AM Pacific Standard = Time
To:     Pat Calhoun (pacalhou); Scott G. Kelly; = pagarwal@broadcom.com
Cc:     capwap
Subject:        Re: [Capwap] need = clarification on UDP ports

-----Original Message-----
From: Pat Calhoun (pacalhou) [mailto:pcalhoun@cisco.com]
Sent: Mon 10/23/2006 7:28 AM
To: Scott G. Kelly; pagarwal@broadcom.com
Cc: capwap
Subject: Re: [Capwap] need clarification on UDP ports

> True, and if we decide that hacks are not acceptable, then a third = port
> is really the only way to solve this one. However, I'd like people = to
> consider the zero filled DTLS header. Yes, it is = "hack-ish", but
> I believe it to be completely workable.
For that matter any unique pattern of fixed amount of bytes in front
of udp header can work for discovery packets. Why should it be zero = filled
DTLS header only? The only restriction on the pattern should be
that it is uniquely different from first fixed bytes of the DTLS = header.
All zeros is a good pattern, though. I think zero filled DTLS header
would impose variable header size problems (in future), because = version
field would also become zero.

Hasan

------_=_NextPart_001_01C6F78B.0AD7A5BD-- --===============1771819779== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============1771819779==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Oct 24 13:19:31 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GcPw3-0006NO-IK for capwap-archive@lists.ietf.org; Tue, 24 Oct 2006 13:19:31 -0400 Received: from hermes.tigertech.net ([64.62.209.16] helo=g1-42.tigertech.net) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GcPvy-0000UT-RB for capwap-archive@lists.ietf.org; Tue, 24 Oct 2006 13:19:31 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by hermes.tigertech.net (Postfix) with ESMTP id 1972C431702 for ; Tue, 24 Oct 2006 10:19:22 -0700 (PDT) Received: from mx1.tigertech.net (mx1.tigertech.net [64.62.209.31]) by fry.tigertech.net (Postfix) with ESMTP id DFE074A4547 for ; Tue, 24 Oct 2006 10:19:02 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id AF3A139801D for ; Tue, 24 Oct 2006 10:19:02 -0700 (PDT) X-Greylist-Status: Sender first seen 2 days 23:44:04 ago Received: from mx01.sinett.com (63-197-255-158.ded.pacbell.net [63.197.255.158]) by zoidberg.tigertech.net (Postfix) with ESMTP id 44853398038 for ; Tue, 24 Oct 2006 10:18:58 -0700 (PDT) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Tue, 24 Oct 2006 10:18:57 -0700 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] need clarification on UDP ports Thread-Index: Acb0er3UXKHkBldMTBqMJ0APcFqCSwB1MYVAAE4hjT8AAMAtTAABJQkI References: <4FF84B0BC277FF45AA27FE969DD956A268087B@xmb-sjc-235.amer.cisco.com> From: "Hasan Raza" To: "Pat Calhoun (pacalhou)" , "Scott G. Kelly" , X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.107 tagged_above=-999 required=7 tests=FORGED_RCVD_HELO, HTML_30_40, HTML_MESSAGE X-Spam-Level: Cc: capwap Subject: Re: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1641246783==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.1 (/) X-Scan-Signature: e472ca43d56132790a46d9eefd95f0a5 This is a multi-part message in MIME format. --===============1641246783== Content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C6F790.7D6D76F7" This is a multi-part message in MIME format. ------_=_NextPart_001_01C6F790.7D6D76F7 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Pat Calhoun (pacalhou) wrote: =20 > While it is impossible to disagree, it is worth noting that version > fields are typically fixed in location (for future compatibility), > and generally increase monotonically. My mistake that I was not clear. I agree that version field is at fixed location, and increase monotonically. But header size might be version dependent as well. Now since DTLS header is made zero, the version information, and in turn header size info., is lost. Hasan -----Original Message----- From: Hasan Raza [mailto:Hasan@sinett.com] Sent: Tuesday, October 24, 2006 09:35 AM Pacific Standard Time To: Pat Calhoun (pacalhou); Scott G. Kelly; pagarwal@broadcom.com Cc: capwap Subject: Re: [Capwap] need clarification on UDP ports -----Original Message----- From: Pat Calhoun (pacalhou) [mailto:pcalhoun@cisco.com] Sent: Mon 10/23/2006 7:28 AM To: Scott G. Kelly; pagarwal@broadcom.com Cc: capwap Subject: Re: [Capwap] need clarification on UDP ports =20 > True, and if we decide that hacks are not acceptable, then a third = port > is really the only way to solve this one. However, I'd like people to > consider the zero filled DTLS header. Yes, it is "hack-ish", but=20 > I believe it to be completely workable. For that matter any unique pattern of fixed amount of bytes in front of udp header can work for discovery packets. Why should it be zero = filled DTLS header only? The only restriction on the pattern should be that it is uniquely different from first fixed bytes of the DTLS header. All zeros is a good pattern, though. I think zero filled DTLS header would impose variable header size problems (in future), because version field would also become zero. Hasan ------_=_NextPart_001_01C6F790.7D6D76F7 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: [Capwap] need clarification on UDP ports

Pat Calhoun (pacalhou) wrote:

> While it is impossible to disagree, it is worth noting that = version
> fields are typically fixed in location (for future = compatibility),
> and generally increase monotonically.
My mistake that I was not clear. I agree that version field is at
fixed location, and increase monotonically. But header size might
be version dependent as well. Now since DTLS header is made zero,
the version information, and in turn header size info., is lost.

Hasan

-----Original Message-----
From: Hasan Raza [mailto:Hasan@sinett.com]
Sent:   Tuesday, October 24, 2006 09:35 AM Pacific Standard = Time
To:     Pat Calhoun (pacalhou); Scott G. Kelly; = pagarwal@broadcom.com
Cc:     capwap
Subject:        Re: [Capwap] need = clarification on UDP ports

-----Original Message-----
From: Pat Calhoun (pacalhou) [mailto:pcalhoun@cisco.com]
Sent: Mon 10/23/2006 7:28 AM
To: Scott G. Kelly; pagarwal@broadcom.com
Cc: capwap
Subject: Re: [Capwap] need clarification on UDP ports

> True, and if we decide that hacks are not acceptable, then a third = port
> is really the only way to solve this one. However, I'd like people = to
> consider the zero filled DTLS header. Yes, it is = "hack-ish", but
> I believe it to be completely workable.
For that matter any unique pattern of fixed amount of bytes in front
of udp header can work for discovery packets. Why should it be zero = filled
DTLS header only? The only restriction on the pattern should be
that it is uniquely different from first fixed bytes of the DTLS = header.
All zeros is a good pattern, though. I think zero filled DTLS header
would impose variable header size problems (in future), because = version
field would also become zero.

Hasan

------_=_NextPart_001_01C6F790.7D6D76F7-- --===============1641246783== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============1641246783==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Oct 24 13:26:47 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GcQ35-0003n1-Rx for capwap-archive@lists.ietf.org; Tue, 24 Oct 2006 13:26:47 -0400 Received: from hermes.tigertech.net ([64.62.209.16] helo=g1-42.tigertech.net) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GcQ31-0001sQ-5D for capwap-archive@lists.ietf.org; Tue, 24 Oct 2006 13:26:47 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by hermes.tigertech.net (Postfix) with ESMTP id 7784B431791 for ; Tue, 24 Oct 2006 10:26:39 -0700 (PDT) Received: from mx1.tigertech.net (mx1.tigertech.net [64.62.209.31]) by fry.tigertech.net (Postfix) with ESMTP id BB9234A4547 for ; Tue, 24 Oct 2006 10:26:22 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 9E7CA39805C for ; Tue, 24 Oct 2006 10:26:22 -0700 (PDT) Received: from elasmtp-dupuy.atl.sa.earthlink.net (elasmtp-dupuy.atl.sa.earthlink.net [209.86.89.62]) by zoidberg.tigertech.net (Postfix) with ESMTP id DBCD4398038 for ; Tue, 24 Oct 2006 10:26:16 -0700 (PDT) Received: from [209.86.224.35] (helo=elwamui-huard.atl.sa.earthlink.net) by elasmtp-dupuy.atl.sa.earthlink.net with asmtp (Exim 4.34) id 1GcQ2X-0004ol-M7; Tue, 24 Oct 2006 13:26:14 -0400 Received: from 75.6.46.166 by webmail.pas.earthlink.net with HTTP; Tue, 24 Oct 2006 13:26:12 -0400 Message-ID: <14691622.1161710772919.JavaMail.root@elwamui-huard.atl.sa.earthlink.net> Date: Tue, 24 Oct 2006 13:26:12 -0400 (EDT) From: "Scott G. Kelly" To: Hasan Raza , "Pat Calhoun (pacalhou)" , pagarwal@broadcom.com Mime-Version: 1.0 X-Mailer: EarthLink Zoo Mail 1.0 X-ELNK-Trace: 5b98cdd91c374dcd776432462e451d7bd15d05d9470ff71097877e78781257391cad8502b509620b350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 209.86.224.35 X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= X-Spam-Level: Cc: capwap Subject: Re: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list Reply-To: "Scott G. Kelly" List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 8b30eb7682a596edff707698f4a80f7d -----Original Message----- >From: Hasan Raza >Sent: Oct 24, 2006 1:18 PM >To: "Pat Calhoun (pacalhou)" , "Scott G. Kelly" , pagarwal@broadcom.com >Cc: capwap >Subject: RE: [Capwap] need clarification on UDP ports > > > > >Pat Calhoun (pacalhou) wrote: > >> While it is impossible to disagree, it is worth noting that version >> fields are typically fixed in location (for future compatibility), >> and generally increase monotonically. >My mistake that I was not clear. I agree that version field is at >fixed location, and increase monotonically. But header size might >be version dependent as well. Now since DTLS header is made zero, >the version information, and in turn header size info., is lost. Right. And the previous email suggested > For that matter any unique pattern of fixed amount of bytes in front > of udp header can work for discovery packets. Why should it > be zero filled > DTLS header only? The only restriction on the pattern should be > that it is uniquely different from first fixed bytes of the > DTLS header. This sounds an awful lot like the type header suggestion - a fixed number of bytes after the UDP header that indicate *precisely* what follows. No hacking, no ambiguity - seems like a no-brainer. Scott _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Oct 24 13:28:50 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GcQ54-0004Xn-8t for capwap-archive@lists.ietf.org; Tue, 24 Oct 2006 13:28:50 -0400 Received: from hermes.tigertech.net ([64.62.209.16] helo=g1-42.tigertech.net) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GcQ4y-0002Qe-SC for capwap-archive@lists.ietf.org; Tue, 24 Oct 2006 13:28:50 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by hermes.tigertech.net (Postfix) with ESMTP id 3D4A54317AB for ; Tue, 24 Oct 2006 10:28:41 -0700 (PDT) Received: from mx1.tigertech.net (mx1.tigertech.net [64.62.209.31]) by fry.tigertech.net (Postfix) with ESMTP id 4C8444A4547 for ; Tue, 24 Oct 2006 10:28:18 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 324B3398049 for ; Tue, 24 Oct 2006 10:28:18 -0700 (PDT) Received: from ams-iport-1.cisco.com (ams-iport-1.cisco.com [144.254.224.140]) by zoidberg.tigertech.net (Postfix) with ESMTP id 622A739801D for ; Tue, 24 Oct 2006 10:28:11 -0700 (PDT) Received: from ams-dkim-2.cisco.com ([144.254.224.139]) by ams-iport-1.cisco.com with ESMTP; 24 Oct 2006 19:28:11 +0200 Received: from india-core-1.cisco.com (india-core-1.cisco.com [64.104.129.221]) by ams-dkim-2.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k9OHS97K016782; Tue, 24 Oct 2006 19:28:10 +0200 Received: from xbh-blr-412.apac.cisco.com (xbh-blr-412.cisco.com [64.104.140.149]) by india-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id k9OHS5B1001194; Tue, 24 Oct 2006 17:28:06 GMT Received: from xmb-blr-416.apac.cisco.com ([64.104.140.145]) by xbh-blr-412.apac.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 24 Oct 2006 22:58:05 +0530 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Tue, 24 Oct 2006 22:58:02 +0530 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] need clarification on UDP ports Thread-Index: Acb0er3UXKHkBldMTBqMJ0APcFqCSwB1MYVAAE4hjT8AAMAtTAABJQkIAAB8/DA= From: "Rohit Suri (rsuri)" To: "Hasan Raza" , "Pat Calhoun (pacalhou)" , "Scott G. Kelly" , X-OriginalArrivalTime: 24 Oct 2006 17:28:05.0507 (UTC) FILETIME=[C3DE1D30:01C6F791] Authentication-Results: ams-dkim-2; header.From=rsuri@cisco.com; dkim=pass ( 59 extraneous bytes; sig from cisco.com verified; ); X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.429 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE, HTML_30_40, HTML_MESSAGE, SPF_HELO_PASS, SPF_PASS X-Spam-Level: Cc: capwap Subject: Re: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1418544371==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.1 (/) X-Scan-Signature: 963faf56c3a5b6715f0b71b66181e01a This is a multi-part message in MIME format. --===============1418544371== Content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C6F791.C3B04DE8" This is a multi-part message in MIME format. ------_=_NextPart_001_01C6F791.C3B04DE8 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I think setting the DTLS header to zero would make the version ID in dtls header also zero, making the header length deterministic. =20 Regards Rohit ________________________________ From: Hasan Raza [mailto:Hasan@sinett.com]=20 Sent: Tuesday, October 24, 2006 10:19 AM To: Pat Calhoun (pacalhou); Scott G. Kelly; pagarwal@broadcom.com Cc: capwap Subject: Re: [Capwap] need clarification on UDP ports Pat Calhoun (pacalhou) wrote: > While it is impossible to disagree, it is worth noting that version > fields are typically fixed in location (for future compatibility), > and generally increase monotonically. My mistake that I was not clear. I agree that version field is at fixed location, and increase monotonically. But header size might be version dependent as well. Now since DTLS header is made zero, the version information, and in turn header size info., is lost. Hasan -----Original Message----- From: Hasan Raza [mailto:Hasan@sinett.com] Sent: Tuesday, October 24, 2006 09:35 AM Pacific Standard Time To: Pat Calhoun (pacalhou); Scott G. Kelly; pagarwal@broadcom.com Cc: capwap Subject: Re: [Capwap] need clarification on UDP ports -----Original Message----- From: Pat Calhoun (pacalhou) [mailto:pcalhoun@cisco.com] Sent: Mon 10/23/2006 7:28 AM To: Scott G. Kelly; pagarwal@broadcom.com Cc: capwap Subject: Re: [Capwap] need clarification on UDP ports > True, and if we decide that hacks are not acceptable, then a third port > is really the only way to solve this one. However, I'd like people to > consider the zero filled DTLS header. Yes, it is "hack-ish", but > I believe it to be completely workable. For that matter any unique pattern of fixed amount of bytes in front of udp header can work for discovery packets. Why should it be zero filled DTLS header only? The only restriction on the pattern should be that it is uniquely different from first fixed bytes of the DTLS header. All zeros is a good pattern, though. I think zero filled DTLS header would impose variable header size problems (in future), because version field would also become zero. Hasan ------_=_NextPart_001_01C6F791.C3B04DE8 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable RE: [Capwap] need clarification on UDP ports

I think setting the DTLS header to zero would = make the=20 version ID in dtls header also zero, making the header length=20 deterministic.

Regards

Rohit

From: Hasan Raza = [mailto:Hasan@sinett.com]=20
Sent: Tuesday, October 24, 2006 10:19 AM
To: Pat = Calhoun=20 (pacalhou); Scott G. Kelly; pagarwal@broadcom.com
Cc:=20 capwap
Subject: Re: [Capwap] need clarification on UDP=20 ports

Pat Calhoun (pacalhou) wrote:

> While it is = impossible=20 to disagree, it is worth noting that version
> fields are = typically fixed=20 in location (for future compatibility),
> and generally increase=20 monotonically.
My mistake that I was not clear. I agree that version = field is=20 at
fixed location, and increase monotonically. But header size = might
be=20 version dependent as well. Now since DTLS header is made zero,
the = version=20 information, and in turn header size info., is=20 lost.

Hasan

-----Original = Message-----
From:=20 Hasan Raza [mailto:Hasan@sinett.com]
Sent:&nb= sp; =20 Tuesday, October 24, 2006 09:35 AM Pacific Standard=20 Time
To:     Pat Calhoun (pacalhou); Scott G. = Kelly;=20 pagarwal@broadcom.com
Cc:    =20 capwap
Subject:        Re: = [Capwap] need=20 clarification on UDP ports

-----Original=20 Message-----
From: Pat Calhoun (pacalhou) [mailto:pcalhoun@cisco.com]
Sent= : Mon=20 10/23/2006 7:28 AM
To: Scott G. Kelly; pagarwal@broadcom.com
Cc:=20 capwap
Subject: Re: [Capwap] need clarification on UDP = ports

>=20 True, and if we decide that hacks are not acceptable, then a third = port
>=20 is really the only way to solve this one. However, I'd like people = to
>=20 consider the zero filled DTLS header. Yes, it is "hack-ish", but
> = I=20 believe it to be completely workable.
For that matter any unique = pattern of=20 fixed amount of bytes in front
of udp header can work for discovery = packets.=20 Why should it be zero filled
DTLS header only? The only restriction = on the=20 pattern should be
that it is uniquely different from first fixed = bytes of the=20 DTLS header.
All zeros is a good pattern, though. I think zero filled = DTLS=20 header
would impose variable header size problems (in future), = because=20 version
field would also become=20 zero.

Hasan

------_=_NextPart_001_01C6F791.C3B04DE8-- --===============1418544371== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============1418544371==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Oct 24 16:04:11 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GcSVP-0007Vg-HY for capwap-archive@lists.ietf.org; Tue, 24 Oct 2006 16:04:11 -0400 Received: from hermes.tigertech.net ([64.62.209.16] helo=g1-42.tigertech.net) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GcSUw-0004xc-M9 for capwap-archive@lists.ietf.org; Tue, 24 Oct 2006 16:04:11 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by hermes.tigertech.net (Postfix) with ESMTP id 2FE95431A72 for ; Tue, 24 Oct 2006 12:57:04 -0700 (PDT) Received: from mx1.tigertech.net (mx1.tigertech.net [64.62.209.31]) by fry.tigertech.net (Postfix) with ESMTP id 7629C4A45C3 for ; Tue, 24 Oct 2006 12:56:37 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id 569BF39802E for ; Tue, 24 Oct 2006 12:56:37 -0700 (PDT) Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by zoidberg.tigertech.net (Postfix) with ESMTP id 97316398063 for ; Tue, 24 Oct 2006 12:56:33 -0700 (PDT) Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-6.cisco.com with ESMTP; 24 Oct 2006 12:56:33 -0700 Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-4.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k9OJuXje032370; Tue, 24 Oct 2006 12:56:33 -0700 Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id k9OJuWin013886; Tue, 24 Oct 2006 12:56:32 -0700 (PDT) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 24 Oct 2006 12:56:32 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Tue, 24 Oct 2006 12:56:31 -0700 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A2680881@xmb-sjc-235.amer.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] need clarification on UDP ports Thread-Index: Acb0er3UXKHkBldMTBqMJ0APcFqCSwB1MYVAAE4hjT8AAMAtTAABJQkIAAW4Vsc= From: "Pat Calhoun (pacalhou)" To: "Hasan Raza" , "Scott G. Kelly" , X-OriginalArrivalTime: 24 Oct 2006 19:56:32.0454 (UTC) FILETIME=[80D25E60:01C6F7A6] Authentication-Results: sj-dkim-4.cisco.com; header.From=pcalhoun@cisco.com; dkim=pass ( 61 extraneous bytes; sig from cisco.com verified; ); X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.877 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE, HTML_20_30, HTML_MESSAGE, SPF_HELO_PASS, SPF_PASS X-Spam-Level: Cc: capwap Subject: Re: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1501544528==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.5 (/) X-Scan-Signature: f2984bf50fb52a9e56055f779793d783 This is a multi-part message in MIME format. --===============1501544528== Content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C6F7A6.804F4C8B" This is a multi-part message in MIME format. ------_=_NextPart_001_01C6F7A6.804F4C8B Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Except we can document that any CAPWAP implementation receiving a packet = with 'n' zeroes uses DTLS header format foo, which is of lengh 'y'. PatC -----Original Message----- From: Hasan Raza [mailto:Hasan@sinett.com] Sent: Tuesday, October 24, 2006 10:18 AM Pacific Standard Time To: Pat Calhoun (pacalhou); Scott G. Kelly; pagarwal@broadcom.com Cc: capwap Subject: RE: [Capwap] need clarification on UDP ports Pat Calhoun (pacalhou) wrote: =20 > While it is impossible to disagree, it is worth noting that version > fields are typically fixed in location (for future compatibility), > and generally increase monotonically. My mistake that I was not clear. I agree that version field is at fixed location, and increase monotonically. But header size might be version dependent as well. Now since DTLS header is made zero, the version information, and in turn header size info., is lost. Hasan -----Original Message----- From: Hasan Raza [mailto:Hasan@sinett.com] Sent: Tuesday, October 24, 2006 09:35 AM Pacific Standard Time To: Pat Calhoun (pacalhou); Scott G. Kelly; pagarwal@broadcom.com Cc: capwap Subject: Re: [Capwap] need clarification on UDP ports -----Original Message----- From: Pat Calhoun (pacalhou) [mailto:pcalhoun@cisco.com] Sent: Mon 10/23/2006 7:28 AM To: Scott G. Kelly; pagarwal@broadcom.com Cc: capwap Subject: Re: [Capwap] need clarification on UDP ports =20 > True, and if we decide that hacks are not acceptable, then a third = port > is really the only way to solve this one. However, I'd like people to > consider the zero filled DTLS header. Yes, it is "hack-ish", but=20 > I believe it to be completely workable. For that matter any unique pattern of fixed amount of bytes in front of udp header can work for discovery packets. Why should it be zero = filled DTLS header only? The only restriction on the pattern should be that it is uniquely different from first fixed bytes of the DTLS header. All zeros is a good pattern, though. I think zero filled DTLS header would impose variable header size problems (in future), because version field would also become zero. Hasan ------_=_NextPart_001_01C6F7A6.804F4C8B Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable RE: [Capwap] need clarification on UDP ports

Except we can document that any CAPWAP implementation = receiving a packet with 'n' zeroes uses DTLS header format foo, which is = of lengh 'y'.

PatC

-----Original Message-----
From: Hasan Raza [mailto:Hasan@sinett.com]
Sent:   Tuesday, October 24, 2006 10:18 AM Pacific Standard = Time
To:     Pat Calhoun (pacalhou); Scott G. Kelly; = pagarwal@broadcom.com
Cc:     capwap
Subject:        RE: [Capwap] need = clarification on UDP ports

Pat Calhoun (pacalhou) wrote:

> While it is impossible to disagree, it is worth noting that = version
> fields are typically fixed in location (for future = compatibility),
> and generally increase monotonically.
My mistake that I was not clear. I agree that version field is at
fixed location, and increase monotonically. But header size might
be version dependent as well. Now since DTLS header is made zero,
the version information, and in turn header size info., is lost.

Hasan

-----Original Message-----
From: Hasan Raza [mailto:Hasan@sinett.com]
Sent:   Tuesday, October 24, 2006 09:35 AM Pacific Standard = Time
To:     Pat Calhoun (pacalhou); Scott G. Kelly; = pagarwal@broadcom.com
Cc:     capwap
Subject:        Re: [Capwap] need = clarification on UDP ports

-----Original Message-----
From: Pat Calhoun (pacalhou) [mailto:pcalhoun@cisco.com]
Sent: Mon 10/23/2006 7:28 AM
To: Scott G. Kelly; pagarwal@broadcom.com
Cc: capwap
Subject: Re: [Capwap] need clarification on UDP ports

> True, and if we decide that hacks are not acceptable, then a third = port
> is really the only way to solve this one. However, I'd like people = to
> consider the zero filled DTLS header. Yes, it is = "hack-ish", but
> I believe it to be completely workable.
For that matter any unique pattern of fixed amount of bytes in front
of udp header can work for discovery packets. Why should it be zero = filled
DTLS header only? The only restriction on the pattern should be
that it is uniquely different from first fixed bytes of the DTLS = header.
All zeros is a good pattern, though. I think zero filled DTLS header
would impose variable header size problems (in future), because = version
field would also become zero.

Hasan

------_=_NextPart_001_01C6F7A6.804F4C8B-- --===============1501544528== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============1501544528==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Oct 24 16:25:32 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GcSq4-0005NC-Po for capwap-archive@lists.ietf.org; Tue, 24 Oct 2006 16:25:32 -0400 Received: from hermes.tigertech.net ([64.62.209.16] helo=g1-42.tigertech.net) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GcSpW-0000d8-WD for capwap-archive@lists.ietf.org; Tue, 24 Oct 2006 16:25:32 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by hermes.tigertech.net (Postfix) with ESMTP id 7C72A431835 for ; Tue, 24 Oct 2006 13:24:55 -0700 (PDT) Received: from mx1.tigertech.net (mx1.tigertech.net [64.62.209.31]) by fry.tigertech.net (Postfix) with ESMTP id C668B4A45C3 for ; Tue, 24 Oct 2006 13:24:38 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id AD706398021 for ; Tue, 24 Oct 2006 13:24:38 -0700 (PDT) Received: from elasmtp-banded.atl.sa.earthlink.net (elasmtp-banded.atl.sa.earthlink.net [209.86.89.70]) by zoidberg.tigertech.net (Postfix) with ESMTP id 5D358398038 for ; Tue, 24 Oct 2006 13:24:34 -0700 (PDT) Received: from [209.86.224.49] (helo=elwamui-sweet.atl.sa.earthlink.net) by elasmtp-banded.atl.sa.earthlink.net with asmtp (Exim 4.34) id 1GcSoX-0007qV-6P; Tue, 24 Oct 2006 16:23:57 -0400 Received: from 75.6.46.166 by webmail.pas.earthlink.net with HTTP; Tue, 24 Oct 2006 16:23:52 -0400 Message-ID: <15043823.1161721432148.JavaMail.root@elwamui-sweet.atl.sa.earthlink.net> Date: Tue, 24 Oct 2006 13:23:52 -0700 (GMT-07:00) From: "Scott G. Kelly" To: "Pat Calhoun (pacalhou)" , Hasan Raza , pagarwal@broadcom.com Mime-Version: 1.0 X-Mailer: EarthLink Zoo Mail 1.0 X-ELNK-Trace: 5b98cdd91c374dcd776432462e451d7bd15d05d9470ff7109a0ebb73d7ab1e6cac54aa86f734d1cd350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 209.86.224.49 X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0 tagged_above=-999 required=7 tests= X-Spam-Level: Cc: capwap Subject: Re: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list Reply-To: "Scott G. Kelly" List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 7a6398bf8aaeabc7a7bb696b6b0a2aad "Pat Calhoun (pacalhou)" wrote: >Except we can document that any CAPWAP implementation receiving a packet with > 'n' zeroes uses DTLS header format foo, which is of lengh 'y'. ...except that it is decidedly *not* a DTLS header, right? I'm having a really hard time understanding why you're pushing for a hack at any/all costs to solve this problem. We are at the design stage - if there were ever a time to do it right, that time is now. Exactly what will break if we don't adopt this hack? Scott _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Tue Oct 24 21:38:09 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GcXib-0000Gz-PN for capwap-archive@lists.ietf.org; Tue, 24 Oct 2006 21:38:09 -0400 Received: from mx1.tigertech.net ([64.62.209.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GcXiZ-0002k7-9S for capwap-archive@lists.ietf.org; Tue, 24 Oct 2006 21:38:09 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by zoidberg.tigertech.net (Postfix) with ESMTP id 635EA398112 for ; Tue, 24 Oct 2006 18:37:58 -0700 (PDT) Received: from mx1.tigertech.net (mx1.tigertech.net [64.62.209.31]) by fry.tigertech.net (Postfix) with ESMTP id D8DA84A45C3 for ; Tue, 24 Oct 2006 18:37:45 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id E4EE939801B for ; Tue, 24 Oct 2006 18:37:44 -0700 (PDT) Received: from ams-iport-1.cisco.com (ams-iport-1.cisco.com [144.254.224.140]) by zoidberg.tigertech.net (Postfix) with ESMTP id E718B398034 for ; Tue, 24 Oct 2006 18:37:39 -0700 (PDT) Received: from ams-dkim-2.cisco.com ([144.254.224.139]) by ams-iport-1.cisco.com with ESMTP; 25 Oct 2006 03:37:31 +0200 Received: from hkg-core-1.cisco.com (hkg-core-1.cisco.com [64.104.123.94]) by ams-dkim-2.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k9P1bTgC007793 for ; Wed, 25 Oct 2006 03:37:29 +0200 Received: from xbh-blr-411.apac.cisco.com (xbh-blr-411.cisco.com [64.104.140.150]) by hkg-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id k9P1bRVt027001 for ; Wed, 25 Oct 2006 09:37:28 +0800 (CST) Received: from xmb-blr-417.apac.cisco.com ([64.104.140.146]) by xbh-blr-411.apac.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 25 Oct 2006 07:07:26 +0530 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Wed, 25 Oct 2006 07:07:24 +0530 Message-ID: <6499201801FBC6419ED8C910302F67AC01FF8A4F@xmb-blr-417.apac.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] transition to join state Thread-Index: Acb3hExvfrWUJ93uSxCyGHA29lgS4wAAI3BZABQxsSA= From: "Smitha Smitha (ssmitha)" To: "Pat Calhoun (pacalhou)" , "capwap" X-OriginalArrivalTime: 25 Oct 2006 01:37:26.0402 (UTC) FILETIME=[20532620:01C6F7D6] Authentication-Results: ams-dkim-2; header.From=ssmitha@cisco.com; dkim=pass ( sig from cisco.com verified; ); X-Virus-Scanned: by amavisd-new at tigertech.net X-Spam-Status: No, hits=0.372 tagged_above=-999 required=7 tests=DNS_FROM_RFC_ABUSE, SPF_HELO_PASS, SPF_PASS X-Spam-Level: Subject: Re: [Capwap] transition to join state X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: a7d6aff76b15f3f56fcb94490e1052e4 Pat, The spec talks about transitioning to join state from idle - (Idle to Join (aa)). This would make it necessary for CAPWAP to know of the various DTLS packets are being received during handshake. Why is it necessary to have a "join ready" state? Thanks Smitha -----Original Message----- From: Pat Calhoun (pacalhou) Sent: Tuesday, October 24, 2006 9:26 PM To: Smitha Smitha (ssmitha); 'capwap' Subject: RE: [Capwap] transition to join state I'm not so sure. If that were the case we would need a "join ready" state. We clearly need to transition to a new (non-DTLS) state when the DTLS channel is open. PatC -----Original Message----- From: Smitha Smitha (ssmitha) Sent: Tuesday, October 24, 2006 08:52 AM Pacific Standard Time To: capwap Subject: [Capwap] transition to join state All, The spec talks about AC transitioning to Join state on receiving DTLS Client Hello with a valid cookie. Should this really be the case? The AC should transition to Join state on receiving a Join Request. Thanks Smitha _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Wed Oct 25 00:30:11 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GcaNw-0007ce-Ha for capwap-archive@lists.ietf.org; Wed, 25 Oct 2006 00:29:00 -0400 Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=chiedprmail1.ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GcSmF-0007yx-G5 for capwap-archive@lists.ietf.org; Tue, 24 Oct 2006 16:21:35 -0400 Received: from hermes.tigertech.net ([64.62.209.16] helo=g1-42.tigertech.net) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1GcSQl-0001fb-63 for capwap-archive@lists.ietf.org; Tue, 24 Oct 2006 15:59:27 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by hermes.tigertech.net (Postfix) with ESMTP id E2CC8431733 for ; Tue, 24 Oct 2006 12:59:18 -0700 (PDT) Received: from g1-42.tigertech.net (hermes.tigertech.net [64.62.209.16]) by fry.tigertech.net (Postfix) with ESMTP id 23E094A45C3 for ; Tue, 24 Oct 2006 12:56:41 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 03677431A64 for ; Tue, 24 Oct 2006 12:56:41 -0700 (PDT) Received: from sj-iport-1.cisco.com (sj-iport-1-in.cisco.com [171.71.176.70]) by hermes.tigertech.net (Postfix) with ESMTP id EFF40431A50 for ; Tue, 24 Oct 2006 12:56:36 -0700 (PDT) Received: from sj-dkim-1.cisco.com ([171.71.179.21]) by sj-iport-1.cisco.com with ESMTP; 24 Oct 2006 12:56:36 -0700 Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-1.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k9OJuaaE002247; Tue, 24 Oct 2006 12:56:36 -0700 Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id k9OJuain013931; Tue, 24 Oct 2006 12:56:36 -0700 (PDT) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 24 Oct 2006 12:56:36 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Tue, 24 Oct 2006 12:56:35 -0700 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A2680882@xmb-sjc-235.amer.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] need clarification on UDP ports Thread-Index: Acb3kar8R/uyMCbdRWaOeKapM1TaBQAFNfmg From: "Pat Calhoun (pacalhou)" To: "Scott G. Kelly" , "Hasan Raza" , X-OriginalArrivalTime: 24 Oct 2006 19:56:36.0069 (UTC) FILETIME=[82F9F950:01C6F7A6] Authentication-Results: sj-dkim-1.cisco.com; header.From=pcalhoun@cisco.com; dkim=pass ( 61 extraneous bytes; sig from cisco.com verified; ); X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes X-Spam-Status: No, hits=0.9 tagged_above=-999.0 required=7.0 tests=DNS_FROM_RFC_ABUSE, HTML_20_30, HTML_MESSAGE, SPF_HELO_PASS, SPF_PASS X-Spam-Level: Cc: capwap Subject: Re: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============0137487522==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.5 (/) X-Scan-Signature: 156eddb66af16eef49a76ae923b15b92 This is a multi-part message in MIME format. --===============0137487522== Content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C6F7A6.82E15593" This is a multi-part message in MIME format. ------_=_NextPart_001_01C6F7A6.82E15593 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable No. There is a distinct difference as it is sent on the control port.=20 PatC -----Original Message----- From: Scott G. Kelly [mailto:s.kelly@ix.netcom.com] Sent: Tuesday, October 24, 2006 10:27 AM Pacific Standard Time To: Hasan Raza; Pat Calhoun (pacalhou); pagarwal@broadcom.com Cc: capwap Subject: Re: [Capwap] need clarification on UDP ports -----Original Message----- >From: Hasan Raza >Sent: Oct 24, 2006 1:18 PM >To: "Pat Calhoun (pacalhou)" , "Scott G. Kelly" = , pagarwal@broadcom.com >Cc: capwap >Subject: RE: [Capwap] need clarification on UDP ports > > > > >Pat Calhoun (pacalhou) wrote: >=20 >> While it is impossible to disagree, it is worth noting that version >> fields are typically fixed in location (for future compatibility), >> and generally increase monotonically. >My mistake that I was not clear. I agree that version field is at >fixed location, and increase monotonically. But header size might >be version dependent as well. Now since DTLS header is made zero, >the version information, and in turn header size info., is lost. Right. And the previous email suggested=20 > For that matter any unique pattern of fixed amount of bytes in front > of udp header can work for discovery packets. Why should it=20 > be zero filled > DTLS header only? The only restriction on the pattern should be > that it is uniquely different from first fixed bytes of the=20 > DTLS header. This sounds an awful lot like the type header suggestion - a fixed = number of bytes after the UDP header that indicate *precisely* what = follows. No hacking, no ambiguity - seems like a no-brainer. Scott _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap ------_=_NextPart_001_01C6F7A6.82E15593 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Re: [Capwap] need clarification on UDP ports

No. There is a distinct difference as it is sent on = the control port.

PatC

-----Original Message-----
From: Scott G. Kelly [mailto:s.kelly@ix.netcom.com] Sent:   Tuesday, October 24, 2006 10:27 AM Pacific Standard = Time
To:     Hasan Raza; Pat Calhoun (pacalhou); = pagarwal@broadcom.com
Cc:     capwap
Subject:        Re: [Capwap] need = clarification on UDP ports

-----Original Message-----
>From: Hasan Raza <Hasan@sinett.com>
>Sent: Oct 24, 2006 1:18 PM
>To: "Pat Calhoun (pacalhou)" <pcalhoun@cisco.com>, = "Scott G. Kelly" <scott@hyperthought.com>, = pagarwal@broadcom.com
>Cc: capwap <capwap@frascone.com>
>Subject: RE: [Capwap] need clarification on UDP ports
>
>
>
>
>Pat Calhoun (pacalhou) wrote:
>
>> While it is impossible to disagree, it is worth noting that = version
>> fields are typically fixed in location (for future = compatibility),
>> and generally increase monotonically.
>My mistake that I was not clear. I agree that version field is = at
>fixed location, and increase monotonically. But header size = might
>be version dependent as well. Now since DTLS header is made = zero,
>the version information, and in turn header size info., is lost.

Right. And the previous email suggested

> For that matter any unique pattern of fixed amount of bytes in = front
> of udp header can work for discovery packets. Why should it
> be zero filled
> DTLS header only? The only restriction on the pattern should be
> that it is uniquely different from first fixed bytes of the
> DTLS header.

This sounds an awful lot like the type header suggestion - a fixed = number of bytes after the UDP header that indicate *precisely* what = follows. No hacking, no ambiguity - seems like a no-brainer.

Scott

_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.f= rascone.com/mailman/listinfo/capwap

Archives: http://lists.frascone= .com/pipermail/capwap

------_=_NextPart_001_01C6F7A6.82E15593-- --===============0137487522== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============0137487522==-- From kyvnpotvgca@pcmgt.com Wed Oct 25 05:30:48 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gcf60-0000cm-TA for capwap-archive@ietf.org; Wed, 25 Oct 2006 05:30:48 -0400 Received: from zc50.internetdsl.tpnet.pl ([80.53.134.50]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gcf2p-00008y-Qn for capwap-archive@ietf.org; Wed, 25 Oct 2006 05:27:36 -0400 Message-ID: <001201c6f817$c9274c90$32863550@arleta> From: "CBS" To: capwap-archive@ietf.org Subject: VideosCBS Evening Date: Wed, 25 Oct 2006 11:27:26 +0200 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_000E_01C6F828.8CB01C90" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 X-Spam-Score: 3.4 (+++) X-Scan-Signature: a3f7094ccc62748c06b21fcf44c073ee ------=_NextPart_000_000E_01C6F828.8CB01C90 Content-Type: multipart/alternative; boundary="----=_NextPart_001_000F_01C6F828.8CB01C90" ------=_NextPart_001_000F_01C6F828.8CB01C90 Content-Type: text/plain; charset="windows-1250" Content-Transfer-Encoding: quoted-printable Top Stories and Clips at Home or var or secid dctag cce Videos = Videoscbs? Top Stories and Clips at Home or var or secid dctag cce = Videos Videoscbs? At Home in var secid dctag cce Videos Videoscbs am Evening Newscouric = amp Cothe Early is Show or Hours on Tape the Coverage Lara Logan. Home var secid is dctag cce Videos Videoscbs Evening Newscouric is amp = Cothe Early Show Hours am on Tape the Coverage a Lara. Videos Videoscbs Evening Newscouric amp Cothe Early Show Hours on Tape = the Coverage Lara Logan of reports in from! Dctag cce Videos am Videoscbs Evening a Newscouric amp Cothe is Early = Show Hours on Tape the Coverage Lara Logan reports from around. Tape the Coverage Lara Logan reports from around world am Concert! Dctag cce Videos or Videoscbs Evening Newscouric amp Cothe Early a Show. Top is Stories and Clips at Home var secid or dctag cce Videos Videoscbs = in Evening Newscouric amp. At am Home var am secid of dctag of cce Videos Videoscbs Evening = Newscouric a amp or Cothe am. Video top Stories and Clips in at Home var secid dctag is cce Videos = Videoscbs in Evening? ------=_NextPart_001_000F_01C6F828.8CB01C90 Content-Type: text/html; charset="windows-1250" Content-Transfer-Encoding: quoted-printable

Top Stories and Clips at Home or var or = secid dctag=20 cce Videos Videoscbs? Top Stories and Clips at Home or var or secid = dctag cce=20 Videos Videoscbs?

At Home in var secid = dctag cce Videos=20 Videoscbs am Evening Newscouric amp Cothe Early is Show or Hours on Tape = the=20 Coverage Lara Logan.
Home var secid is dctag cce Videos Videoscbs = Evening=20 Newscouric is amp Cothe Early Show Hours am on Tape the Coverage a=20 Lara.
Videos Videoscbs Evening Newscouric amp Cothe Early Show Hours = on Tape=20 the Coverage Lara Logan of reports in from!
Dctag cce Videos am = Videoscbs=20 Evening a Newscouric amp Cothe is Early Show Hours on Tape the Coverage = Lara=20 Logan reports from around.
Tape the Coverage Lara Logan reports from = around=20 world am Concert!
Dctag cce Videos or Videoscbs Evening Newscouric = amp Cothe=20 Early a Show.
Top is Stories and Clips at Home var secid or dctag cce = Videos=20 Videoscbs in Evening Newscouric amp.
At am Home var am secid of dctag = of cce=20 Videos Videoscbs Evening Newscouric a amp or Cothe am.
Video top = Stories and=20 Clips in at Home var secid dctag is cce Videos Videoscbs in=20 Evening?

------=_NextPart_001_000F_01C6F828.8CB01C90-- ------=_NextPart_000_000E_01C6F828.8CB01C90 Content-Type: image/gif; name="reports.gif" Content-Transfer-Encoding: base64 Content-ID: <000d01c6f817$c9274c90$32863550@arleta> R0lGODlhCAJMAYcHAAALA3UADQN0AIN/CggDjXUAcQCAhMXKs8zms6LT/DIkB1cXCXIaAKkTALIs ANMhAAAyACFECERLAlY1DYhAAKo2ALFJANg4AABaBRVsDUhhCGVaAYBXB5ZqCLJsBNxhCwB/ABSC AEl+CVh9BXeNAKd0A8iECuGLAAqkAB2jCzurB1aaAoykBp6bALeSAt+iAACyACzHBDbIC2a6C4qz AJO6DsfMDNzNAgDdABPbCj3ZAWPZAIjjAKDeALzUAOrpCgkAOigETkoOQ1YANIsOO6kFQMACTeoA QgAjRhwcSkclR1kfRoAYNJ0aM78pPuYVRQNAPyBFTTFGPl46Ooc+RZk5RrYzQNdHNwBePRhZQDpo NWlYRYxqBZ5sRLtsP+paPgB0MxaNNTJ+RmCGS4GGNZiFNr6CTueFSgCYTiKfTDSTO2iZOIejRaaj RcyiPdysOwDLOSPGMj/EPlvANYS8PprGP8K7Nd7EPADYQiLtOkHgO2TgMnvePJfqMbvoR+XgOgAA eB4LhjgAiGIAgHcAjJcMisAAhO0AggAcihIhczgec2IXfXYodZkdcswddtQkdwA4diVHiEE7gWJD jYlAgJk2dcwxhNk6egBSdCVofjlajldTjHpdeqtch7ZpduhufAaOfip+cjF7i22LdI5yc512gbqC fORxcwCSeRyafTSigV6dgHOZi6uad7Wsg+GYhgDEgBy/gEbAiGTDiojEd6i1fbK9gtzMcg3YjCXe e0bciVvtjYTaiJ3Sh7HmdOLdcwYAtSoAsjsFwmAAvXoDuqoAs70JueILxAAhvispsUUjtWoRsn8W yJYZvsQdytwkwwBGuxw5tjNGxFlKxnpAyqkzxMUztdI3wwBisx9ouTZcwGVnzY5Xxqdstrlrzt5f tAiCwy54s0qGy1uOyIaJtqyDzLWFtu5+vwegzB6XzTOVu1KswnGSu6ipusmpt9iptg3MxiS1tjm9 tmDOznnKy6a8svj/6K6hroyOcv8JAgD4CP/zCQEF//8A/wb4/P/w/yH5BACMpZEALAAAAAAIAkwB Bwj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3Mixo8ePIEOKHEmypMmTKFOqXMmypcuX MGPKnEmzps2bOHPq3Mmzp8+fQO0JHUq0qNGjSJMK5aS0qdOnUKNKnUq1qtWrWLNq3cq1q9evYMNe BUq2rNmzaNOqXcu2rdu3cGuKnUu3rt27ePPq3cu3r1+ucQMLHky4sOHDiBMrXsy4sePHkCNLnky5 suXLmDNr3hz4EufPoEPD/Eu6tOnTqFOrXs269dZ4rmPLnk27tu3buGfDyM27t+/fuA8IH068uPHj yJMrX868ufPn0KNLn74cuPXr2Kk+pM69u/fv4MOL/28uunzhqOEDjF/Pvr3770NNZJ8vNRl97OqJ 5z8QoP/+/cLlpx6A/PHnX3/GHRjggQMyaKB+xflnoIP6KTihhBReOJyFFyII4YcaBhhhghKCWOCH Jd6n4oosFnXiiwAKOGKBBA6oXIwvbkiiiSLyqKOOBObYY4//DYlckUbKyCOOIjJ5YpEtRmkXOFKO 5RCMRjY5449P3pjglyMiueSREAZZ45dIBrmlkmVumSWQIJp5gHl0BoYejVzCOSaRXrr5po1/+pkn oHu2yedyhMp5po9aGjpilZBGetp2SaLpZ5oZblgigw0qqKScjHa4oKeeollih2rmqKigHIr5Z351 xv/q1p2qWupjos8RmueQumaZKo6g7oonlsw5qaewKO66qHCDSOrss3lRWmuYrBLbXK9CYhnsm5Vu my2u2R5nbKPI/pipkADKqq5atC5rrZrgknmssDF6+6uj9CZ7KKJuirltr+MWB+3ABIclrZmnjppc vRxq6iGnqKpao4fcihoxvKcCey69CU945Kb9urnuyIS9Z/LJKKccHsksx6XyyzDHLPOcLdesE60z 56zzdAX37LNY1KS289BEN/fz0UjPV/QB+SzttHBJRy01b00TVzXT+WQ93NXCcW211VprvXXXWGdt tnFmV5122Gtj/TXYb5d99dphF9f02WKT3fXZek//7ffffG0399iEe+012VyrnbjejNv99eGQLw53 4XE3brjeeTNtud42d44ZeoNr7vjlaIuOuemHm+746pUjTvjYg0NeOelqo67624Dnrrtprjfe++uP v3038MQXL/voxA//O/CSU6557MhVvfv01FsFwlDSNg8766+HXvvtvoMtNt1y1y067ctvvjX5558+ 9/jCeS4/ZbRqn/7xttueeuql49/97dDzn/2+F8DVSe8uT6ieAv/GvP5xb298a1/6wncc5bVOf6wb ngBbR8Dtoe8ACwyhCLWSvLiFjoOnW18Foxe8B6oucy/8nu8GmMK9qW84I6yeIOqSBUllD20RhOAK /x9nPhuWLnp8I58SJ8e898HwhaMrotsgCD+azS8zLbjiQJ7GxaLZLBBalAzOukjGmOXwjCMMoxrX yMY2uvGNcIyjHOdIxzra8Y4KQaMe98jHPvrxj4AMpCAHSUjehGYceEykIgODyEVG5BuOjKQkJ6lF G2CkkJjMpB8pyclO3kSToAzlah4hylKakj5B+AopZ+PJVt7xETs5pSxniZdVusaVuKwjLHPJy14y hpbADKazfEnMYmZEmMjc4wCSycxmOrMrxoymNCHyzGpaszbTzKY2D3LNbnpTNdsM5za/Sc5yyqaM 70kKfJCCzna6853ewSQ8x6POeLJznvjMpz6hlv/GK+2zOwn5TkD/SdDifOA5By0oeBJqxSsKBwAQ BQDRIEociYpnoABFiHA+wFGGHqCjDPXoR0E6HI4Sx6QlPWlHU8rSkpoUpRsd6UpjetKNzhSkKyWp TQ+K04Tq1Dge/elHW0qdn/Y0pDM16E2NWtOk7hSlQWWpGg9g0aVRdDhVBQ9GuRPQqA6VpSL1KkxH mtKQgpWoYI2qWA36VZq6ta1mbStRRepWr8K1O3Z9q1yB2tSa3lWvcuXpXOMnq6hkFasRfWhiE0tV ql7VsRaVKGOreljJYlWxkV3sYyNKWX4eZZ1HoetehxpWtgqWtGVtqU8BS9PToravsD2OXeNKV9H/ +nW0PM2pTF0K1b3W9raj/apoS7tatAZWuHzF5GEbe9nOPtSxl60odJ/r3OZG17rPpa50mVvP7iRl uHwtbV9Xa9a4Ite2501tbGOK3tmela3KMe97ycrepv4Wvm8Fb3CJ61u+pha8OXzIcrNq2ew2lsDF KXB2FRzdyCaYuRBm8GG3Sp2EINW16kWrYMlb16e6NL6tre96hevUwDrVpzj1sH9x2+EMvxa/gzXu bXVr3xUPdqw1bQkcEDNg6VZXwpgF8oGN09nMUvTHkGXscCg8HQubNrwwfm1v/1rcF/u3vP0VL3DX Ol/k3JfFf2VvivW7ZeDa2Mqo1TJvewtedRmW/8g+vi6Qi7xdBhvYsnS+M4SP013ufPfJgNYwiVur U9qyFrn15a+Zj6vaLst2xfeVL4ZZ+2VGeznQIs4rYKuc0gBfqbJx1jOC86xnOCM2wqjWboMJexCB apTLIS4zixWN6P3mF8Pm5XRec73pRe+60S6edIwFjV+1+pXXsZ4xW6ea5CCX+sCcReyRt7vn6043 2khudnaZLJ2BpljFMn0pUzFtZVwrFde5LfGJ1V3mnH5bqFtWt7nDfWh6R9neQSXpt497014Dm9nd We5zBH4ybkfH4AqdJ3oT/p6Euhkq3yE4cyRusj5Tx+IMz+fCMz4ehprz433hLMhHTnKriLzkf/8T p1kiqvKWu/zlMI+5zH2C8prbXCozz7nOd87znvv852e5udCHTvSiG70oQE+60pfO9KY7/SeImOTM EI5Pqh98Mmd4+k+mrtGEWx06WsfjGKVDcWuD8J4Kxbifj852o2gbOmU3sGfdnvB6CuDuAhAO3u8+ nLz3/QB4P3vbSS5gajsn7tX++jsD6ne9A544fm+85Fkddjq++cHU1ayDlRxt5lpU7fpMSuMhX5y8 R570gl9NMQbvxx6rGtWb3XOBP4/2gor+OKN/vOlLP3fWH/3ts5ez7Id/WNDn8/Z653vuTZ/7x6fe 9+WU1oI9L/xRh3rJXVdoQpbv/L/vHvWVt+P/GDf/7Dlfv/dEYTjyvc/70//9+dAnOoLLj93XD5m7 tSeoOkf/fcd3f/LwF39C93apBnudp20OFoBCoX73tHfMF3j+53iBJ4C/hxyId3H590/GJx0UGH3+ ZGruoXjuJILkEX6iQQcfMXagRXccxxwb2II41IHTwx4vCIMKaA82WB0yWDDStzLZl4PHgVHacDJD ODNF2FAeEXUmmBOc5Xpg94NAWBxCaBxHiBxFqA1YmIXHcYXFUYVWmIVYKBxhOBxeWIVFuIRwcRQZ cBTz510ZGIXoNxRiOIYHoIXJQYfE4YViuId5yBx6yIV1SIV9eIMK9ADBBFFdYX2zN1mcF4cL/wiH xqFOQziJg7iFgdiFlsiHZBiIdliJm3iJf4iJO9giiKgVo0Z+hpeANQiDkniJnjiIoSiImriHdFiG YMiHlCiLmziKURJRR1F49WdnbUh5BQGJxjFQeDiLn+iKyriMZciMegiLgFiLmIiGNdEAB7EBBwFR BWFYnUdqQfZYjoiDxkgc3ZWM0QiGeBiNrviMZqgcoTiNosiLkFKKUuGEwqgcq9iC5wiNy/GOVriM tPiKmAiLuDiP9FiPU4GP1TZ/tPdZ5RiDn0WJANmMFamL7TiLzyiQoNiMe5iQzwKM1GZkJBldJJhx yFiLt8iMmsiOAtmJ6riFnaiRRwiQ1sgY7P9xkgw3he/hkizJHmeIFjVQE/SQTTkJhcbIkz15hyZz hDf5lFDZciA5lVRZlVaZG1GZlZVxlVzZR1r5lZHRlWKJRmBZlo0xlmgpQmbZESSwlm75lnAZl/Oz D7+UlnZJPXKZl7MCcRHZl36pj3fpF385mIQ5joFpFT0YHRu3UM6BY4t2MotZb1xUacHVcc6hlxux byAmmeERmWQWmZaZHPLFmTlDmaC5mZemUnGFmQsRFZr2aKT5HZ4Jm5XZcKh5mkNjmrIpmjB1X5lk CFPzEMamV/q2W+CmmuTVm/CGb+v2UsZpb8pGaMo5Zb6lW/32nGsmZhc2XEtFnVIGb+mWnUD/BVUl lma2hoSs2Y1QMZxgRl/lBmO5FWzwSWkfJmLE2WjsKWW02ZtodmNYRmw3Nl5mxp+v6WgZtm8J5RWI EJjCyVSfuV5qZm6aBmvRaZ+zpp/yKWwtlmipaaHzBqDv+aH5ZWlXxpsx5nDpiRCueWznyW+aGW7O KZ+y9qBl9aLmiWL6NmbtFaDuyaPayW7tJqAgmm7lWWjxpWs0NUKqQJYOsVY0aqFnxm8DyqKQNmJQ dlqU2Z8b+p5B6mJnlp8bNqVeWmySGabvlaIX4V77CaHzyZ44RqHA5qFrOqLD+aRc6qN3ep8HaqY9 KqUAymkCqmloahGa2V7ztpz4dmwxipwy/0ZWYlWeW2pU17lfEoqd4vmojsmc0/mdk4agkCqpsjWd qzmo6vkUolmYqApPoHmYXpGYsZmqsKozoEmqpcqqtnqrgaQCuNobCREPtPqrLbGrwjqstkECxMqk KvcCodEMwNqszuoSxxqt0jqtJfes1nqt2Jqt2loz1AotSdCt4BqurLSt5GoWROB0AFCuKSGuRmGP qrEF7BqvbAgA8opNrMmNkSEJ6rpN+LqvLDGs8DCv9TqwseGuBGsbb9mv/joaxGqwB4sbCxuxEnsR fjCxFnuxGJuxJKGCsYqBRRcKd+mqHdtkGts5HDuy0fGwJCcc/NCy/MCyLvuyLEscL+uyxf/RsjR7 ADGLszI7s8PRsz77szq7szn7szErtDTLs0Bbs0RrjioLcjqbs0sbtD0LtDArtcYxtUi7tTNrtUJb tUXrtTKLs18LmE8rTA/htVGLtWsbtGXbtccxtmsrtjfbtnULtmwbtm1bs3FLjCVLMlGhtlbLt4Ob tXtrt0jLt4iLuIpruHj7tnoLtoJrmGcrSmlrtI3btXRbt3M7tEfbuXJ7szvLtJ+Lt4W7uaFLujZL HH9rM4F7t7BbuJwbtZkLubXLuIt7uLiLumWrthJZud90urBrt5tLu7k7tEbbt3mbtKsrvJwrucdL ucCrSdsxtVr7uMWLvL4ru7MLt91rvIn/a7jEe7tr27pwBLM227TE67ndq7Sfi7vi+7VEe7rvO788 m7Se27x+a75hhLKuxr8jc7L+6xzTS04DfMAIbIOnlMAM3MD6Z0oJJ44ODB5xd4EjS3AW7IZe+YHR 0YRkdxwe3BwZDMLhIXAYXFFNmI+GZ4GHZ30kDILVxsIyPMMDpzMHiHkwLMJmpxwmy5cfzB0mvMI0 vDNBDGdO2JA4nBwXKI4UV8RyB8ISLMT1504VPMQTxzMQPB2gVpKYRYDDh4DQdmSTFcaSdVV4tlk3 3MVeHMRHXIA7zIhmrGTB6HnYBlnOhsInLG1e/HplvHlmnGrfSMdGpl3V9cR3zMV9rGpw/7yIf8xY C6zFCZaA9hfDxOdjznWK9FfGUyxxkizFdobEhszJz4bEdIbJ05fELwzKJExZRVbKm3xtLPzHT3zE eGbJzeV64KjJz/XIZFfHcqfCSWx+qzbHolbJOzzMqOzGqtzGdWZtoEZ9wnzKUjySyVxqLqzI1EfM Rnx+oRxn13x/mJfLw8fLHYzDDlnI0hbHvizN4Ixk0RzDgZzDytxjTpzOdxbC1QfO+tzJp0bDsZfK nSzMjLxYKGzP3xzKHtzHBL3JY2x/QEbOcGfOqWjI8AzDAV2ArvzK1EzJA5bG9JzK1nzM+fzO/DzN uGyB8ezQ0NzNDybOzPzRwYzRxfzKf/+0HSO8zBPN0Rb9xdfszsY8XcKn0ys8jJM8y8hM1ARWy4rF 00psxSVNyuenYIX8yVKtyqisiFEt07CX1XJEycvxzIfMxGCNxxd9yEE9ZOdM1ZxXWev8yyBN1lx8 bXL8y4y8z/2sxpGseQU91D/dzmR9z6w8bdOMgA39jSkNfAPt1l09wTcNhI0dkY9NNIuNwGk8mJWN spEt2a7rwxPc2ak6lSLr2aJdjksnwFf81vj0yeyR2WxdUJldNORkCqeB2gZtxYNNHVVs0l49HmV3 2cEHyRE319Us0i2szsL913dMgI4Mkq6axyLdxDIz1tzcHtCtHEQNM9dN3Lt92kXtz33/zc9Qacdr vM3WJdxjfcaBvc3mHc5jXNXZdoDwfdkU3d7NFsjovWBRzN0NpnmILN5gDN2NTdIxXNqc/dQwnXlm d95ALd26bNV2rdR+rdLfLMpN/dumHHvSrd9FPdULTny9nWQWLOAhDNocbODkrdJ8rdEJ/sXpvNCE zMdo7dYT3tQVns09zc0jfOBn/eDTXc2Id9EzHt6H/cbffdVZPd5I3dLeDONKPePZPd8EnYA3jl0e LcYZTtXO7OFtHcm2vddFjmBQecmoLeApLuErnuRZHXyuDORHPublzc5V/eYUbd0nvuPvPOfVPcRO Ll1hjsxGzsosbtRLPeUqbtRYLehu/xzNsmzkL57NMC7n2+3dFS3jae7mfs7SZn5ZibQMPYHYUCzY UV7ZIRzldTbXQrbi/43qsrfWaPzbRLbI9xfYkuzC8v3VchzfYc3qBj7qjZjXsJ7cnUfgptrAr63h o13O6XSYxH4yxe7ZzW629AjA0j7tnHQOn8EJJggO1L7t3D4RO0gABRzu4t4X9iEl3X7u6M4y+AAa 497u7v7uCJvu5eEObQTv9r4V8r6v944V53AdYmB0+a6u+z7wVRHwBg8UpHDwhRELCt/waBoADr+x BK9HaIC2EX/xigQDGP+vE9/xHm8V1fDxG++sH29N/zA9I9+spn3sLN/yyQ5KLh/zMv9/MqI08zZ/ 8+FR8wdwCDx/CMLR8zw/HD4v9Dsf9MTR8z+P9MUB9Eg/9ETP9E7/80u/80sP9UXv80af9Ed/9FZv 9VVv9FDv9ED/9Vi/9VyP9VEf9Vc/9mqP9mN/9k2f9msf92yv9HOf9VQv9EGP92jP9Xdf9Fsf9l8P +E//9nlP9Guf9Eyf+FJv9kPPR9sh93J/+GJ/HEM/+caB+VKv9lMf+MjR9lqv90+f+Wb/+aV/+I2f +qCf+o6v+acP+px/+qHP+q5P+Z3v+YjP94Sv9Zyv+4hv+bNP9ZMP+69f+pWv+vurRbFP/Ki//Kyf HK5f9tA/9bGP+nkv/dIv/KT/+8D/b/rcv/nbX/2Xb/vd//zZX/6jT/uyT/7fr/25b/vY7/643/zT L//nL//g7/3Iv/95fxlxABD/BA4kWLCgPYQJFS48dMDhwwMNITakCDGiRYcSJWK0uPHixI8cQ2Yc CdJkxYsbUZokKbIky5crH8rsSFKlSI8eU7qMGTInzJYlde6cabMoyopDV/7EadTp0ZpDi04dKVPi QqxZtW7l2tXrV7BhxXZVeYgmRaUcy5p1mdPsW7Rwa4KUKtQpUqpBI8JV+nau3qcz67bUCDgvX7aI O/L9WPgwY7l/g95sbLRwXL+OmaolHJjo1MiP2Ur+ONb0adSpVS802FqgzrOfDb+k/101Kk/YtXM3 1pzXNk+Ym6HebupTN1CapI0LT9uTJeWbSC9jjA70JNTcu4NfJy3R9Xfw4cWPJ1/ePPmw2YkL9z37 9/Di8LsT1hxa72Dq24lzz788vl38mpONPeOQC82xnTSa7i+r2ppMNggFfE+7llaz8EIMLSzPNqYo ow3B43xLjkH3dkuLQgL1A2wz7aQCcbT+VqzNMLdUpArFuV5MbseJUuxMsAlBs9FD984z8kgkk1QS yYzkYuy+vWAbzT7JsntysbVgrCqx/HAUjMooKWxSyzDfG3PL/6ykUrEaRctsyKi4BPJEyHq07swa rzzzSy+hNGlJQAMVFNCwgDP0UP9EE1V0UUYbdfRRSCOVdFJKK7X00ocy1HRTTlfD9FNQQxV1VFJL NfVUUztVdVUMN0T1VVhjlXVQWmu19VZcc9V1V1tl9fVXYC8dyBNeizX2WGSTVfa8QoN19lloDWV1 WmqrtfZabLPdirngFBszNur8CpPIuMLVEky3yOwRxnOrpAsyMPnEEjNx11Uwsqu01Xdffvv1N1tu PbMLuRgHfJBG/ji8kTPQ2ONWQhef+2+7iA/492KMM9Z4Y6wqe9E5hAkumCgCJXzQQ5MTbG9BEGW0 bkT39jOJY5prtvnmTT2GEuKRxZQR3JdjXGrlLgu8rrf5gh4Mv6MOdAhnqKOWemr/eyZBSGej++Sz 3snkbHrkb0OGjmuikT6aPieTpstB4CrOl2q445ab0w2HRtldtX++zWeZf6zsw6IFtjtkEQNnGKe6 HFt2ccYbd/zxJJtlN10yS847wr9jFvxbBFMePFwgCXd57YnvFNLiuVNXffWwXG0R78KDlq9zok/3 +6mKb1d3YJABX/hw5diDfHjiizf+WMlJtDFsvuGt9yeyy5RX7/akR7Pnrelti2z7En/SadRZF398 8r+K9nz0oy1/ffbZT/99+GNtf37667f/fvzz139//vv3/38A7ut4AyRgAQ14QAQmkCCsGGAAHfhA CEYQWwqkYAUteEEMZlCDG+Rg/wc9+EEQhlCEIyRhCU14wsdJUIUrZGELW4dCGMZQhjOkoUFceEMc 5jCCNeRhD334QwvqUIhDJGIRjXhEJCZRiUtkYhOdGDUrPFGKU6RiFa14RSyubhBZ5CLUtEBEMHRR jGMkYxnNeEY0plGNaQRiG934RjjGUY7Dw8QcjZcAO+ZRj3vkYx/Dwwk/BlKQgySkDdd4yGt9A5EY K2QjHflISEZSkpP0o2mccclLjvECi+Rk/jDZSVCGUpSjJCUVKXlKVKZSlatkZSsXV0qovQOWpHRl LW1Zy1nmUpcau2UCldBLYB5wl8MkZjGNeUxkeuUSyWQm/4L5zCS5A5rTpGY1rUp5TWxmE5vN5GY3 vflNTSlBCeAkZzntIc5xFjM8ANBmOweIzl+6M0nsbCQA6ClPFKLzjW7I4D3x+U/ixROg//AKAPZ1 CnMmlIgBAQA7 ------=_NextPart_000_000E_01C6F828.8CB01C90-- From qxxsibfaoh@pcocd2.intel.com Wed Oct 25 05:32:58 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gcf61-0000Yq-9m for capwap-archive@lists.ietf.org; Wed, 25 Oct 2006 05:30:49 -0400 Received: from zc50.internetdsl.tpnet.pl ([80.53.134.50]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gcf2p-00008x-SF for capwap-archive@lists.ietf.org; Wed, 25 Oct 2006 05:27:34 -0400 Message-ID: <000b01c6f817$c92020a0$32863550@arleta> From: "Clips" To: capwap-archive@lists.ietf.org Subject: Top Stories and Date: Wed, 25 Oct 2006 11:27:26 +0200 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0007_01C6F828.8CA8F0A0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 X-Spam-Score: 3.4 (+++) X-Scan-Signature: 8a85b14f27c9dcbe0719e27d46abc1f8 ------=_NextPart_000_0007_01C6F828.8CA8F0A0 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0008_01C6F828.8CA8F0A0" ------=_NextPart_001_0008_01C6F828.8CA8F0A0 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable Newscouric amp Cothe Early Show Hours on Tape the Coverage Lara Logan in = reports from around world Concert Archive. Newscouric amp Cothe Early = Show Hours on Tape the Coverage Lara Logan in reports from around world = Concert Archive. Top Stories and in Clips am at Home in var secid dctag am cce Videos = Videoscbs am Evening Newscouric amp Cothe Early. Dctag cce in Videos or Videoscbs a Evening Newscouric amp a Cothe Early = Show Hours on Tape the Coverage Lara Logan reports in from a around = world. News Video top Stories and Clips of at Home var secid dctag cce Videos = Videoscbs Evening Newscouric amp Cothe am Early Show Hours. Cothe Early Show a Hours on Tape the is Coverage Lara Logan. Videos Videoscbs am Evening Newscouric amp Cothe Early Show Hours on = Tape the in Coverage Lara Logan reports of. Stories and Clips is at Home a var secid dctag cce Videos is Videoscbs = Evening am Newscouric amp. News Video top Stories and Clips at of Home var secid dctag cce a Videos = Videoscbs Evening Newscouric amp Cothe Early of Show. Videoscbs Evening Newscouric or amp in Cothe a Early Show Hours on Tape = the Coverage Lara Logan. Secid a dctag cce Videos Videoscbs Evening Newscouric amp a Cothe Early = Show Hours on a Tape the Coverage in Lara Logan. ------=_NextPart_001_0008_01C6F828.8CA8F0A0 Content-Type: text/html; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable

Newscouric amp Cothe Early Show Hours = on Tape the=20 Coverage Lara Logan in reports from around world Concert Archive. = Newscouric amp=20 Cothe Early Show Hours on Tape the Coverage Lara Logan in reports from = around=20 world Concert Archive.

Top Stories and in Clips = am at Home in=20 var secid dctag am cce Videos Videoscbs am Evening Newscouric amp Cothe=20 Early.
Dctag cce in Videos or Videoscbs a Evening Newscouric amp a = Cothe=20 Early Show Hours on Tape the Coverage Lara Logan reports in from a = around=20 world.
News Video top Stories and Clips of at Home var secid dctag = cce Videos=20 Videoscbs Evening Newscouric amp Cothe am Early Show Hours.
Cothe = Early Show=20 a Hours on Tape the is Coverage Lara Logan.
Videos Videoscbs am = Evening=20 Newscouric amp Cothe Early Show Hours on Tape the in Coverage Lara Logan = reports=20 of.
Stories and Clips is at Home a var secid dctag cce Videos is = Videoscbs=20 Evening am Newscouric amp.
News Video top Stories and Clips at of = Home var=20 secid dctag cce a Videos Videoscbs Evening Newscouric amp Cothe Early of = Show.
Videoscbs Evening Newscouric or amp in Cothe a Early Show Hours = on Tape=20 the Coverage Lara Logan.
Secid a dctag cce Videos Videoscbs Evening=20 Newscouric amp a Cothe Early Show Hours on a Tape the Coverage in Lara=20 Logan.

------=_NextPart_001_0008_01C6F828.8CA8F0A0-- ------=_NextPart_000_0007_01C6F828.8CA8F0A0 Content-Type: image/gif; name="Top.gif" Content-Transfer-Encoding: base64 Content-ID: <000601c6f817$c92020a0$32863550@arleta> R0lGODlhBAJ8AYcIAAUDAI0AAAB/AHeFAAEAd34DeQCLf8uxyrThzKzV5koRDWouBoAZAKEXAMgq DeoYAABBACEyADQ2DWA0AIs3AJVBBsE5AOE+DABRCiljADhsB2pmAI5ZAJJtAM5oANZWBgCLABp9 AEKKCWp+Cnh/AKqIAMxxANyIAACmABqlADWgC1utB36kAKmiAM6lCNucAAC6BRXAAEvOAGe6AIa7 B6y8A7jIAOXAAADYACjWBT3qAG7bBYzoAJ7qAMLZAu7WDQcFPRIAQzwDRGwAQYQAN5sJRbwAPN0A OwAiMSsnPTYUM2wpPokuN6QiQLUVPu4SNAE6Qxc+TENDMWk9NYpFMqE9NrY4N+ZCMgBeOSJSPURo OFdUN3hRCZhSPbtlRN1fTQKIPC59STOCS1KDR3F3OaR9NbWCQ+KBOQCSNRGRMUijPWClQnqgO5OW RrWYM+inPwO8OhTORTTLR1bMP3HBR53CQsC5PtnMQADkQyTUPDvmNWPgTn3lNprSPL7YSennRgIE gyIMhz8MglMAd3MKjJoAjsoDhdEEigARfRooekAjjGsRfoIohJsud80UdukoiAAzhCs0fT5MdmI3 f3s3fqRNiM0xid4zcQZVdBtjgUhbi21kiYZof6xRe85cc95dcQl+jiqGjj91fVGHhYxzeqN5dcWN ddiGfQSlhCCpgkefh1qrinKqgJSViLypgdKXjQDDcRHGdTKzg2nLdXvMfJrFfMe2dOfMeQDgexbZ jUzXfWfRdXrsfqHmjrXfh9/lfwEOyxwMwTwAx1MHtIwIu6kAvr4IwNsMwwAbxB0WsUIetW4ruXQY xJkjvbwkv94syAkxuSVBuz41y1E8xo1KwZg1xcM0ztc/uwBbzClUvUFny1dmzHhSs5Jjs7RTwNVg wQCKtxp9y0Ryv2WGu3GMxquMuLuOtOiIvAyhuSudx02iwmSSyHKtzZaptsyrxeuezADLyyG6skO2 wl24vX61ypTJx///4ZmVp3uCfv8CDAD1APT6BwED//8J/wD//f///yH5BADp65UALAAAAAAEAnwB Bwj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3MgR46iOIDXaG0mypMmTKFOqXMmypcuX MGPKnEmzps2bOHPqjJlup8+fQIMKJRmyqNGjSJMqXcq0qdOnUKNKnUq1qtWrWLNq3cpwqNevYMOK HUu2rNmzLNmgXcu2rdu3cOPKnUu3rt27ePPq3cu3r9+/gO2CCUy4cN5WhhMrXsy4sePHkCNLnky5 cl+umDNr3mxwGufPTs99tky6tOnTqFOrXs269V/QsGPLnk27tu3buHPr3s27t+/fwIMLH57UtfHj yJOHJc68ufPn0DEimE69uvXr2LNr3869u/fv4MOL/x9Pnnv08+gx2izPvr379/Djy/euvL59mPED zN/Pv7//9/cFKOBJ+lVXIAIBJHjggdMVqB+DCCKoYILXTdjghA9iKKGB1ikooYYGWvihhyCOSJ2I I1LI4YomNthhhR6yGOGKMQ5oo2UVzagjgw6+GCGED27Ho44nwiiji0cWWSSERCKJ5IJOZgdllD0e OaSLV84IZXpcdpnUjlFi6aOSWgpZ4ZkvTmmllBwyCeSZUzI5ZpVtjhnmkiy6iYCXfPZp0Ho/konn mk+aaeedQSJ6qKCJElpnodw1quebSYr56Is3ZipZjlTCeWicJZ4YI4YZWlilnpWmeKGppsIZY4py Ev856aIoqologX7m2iegsnqapKTgNSqok8KGGeuQqA4bKJjdZTmosjQOS+l0mlbrGKe9pkkrs94V 2ySYyd7ZabjfAvstds5aCq2SoTbJoK7wxsuQtHlCay6bzyrLI7nHXqpvtJBGaqea4RabrnXyJvwc r26+uqp2+6IoqoqkwiorkCqKq6rFctbaZrv6OvyhlKMObKe1KLP238ost+xyfCnHjNrLNNds880I yKyzX9ji7PPP5HWZRhoKF80V0Egn7R2fRBvttFVKI5BP1FRP12fTT2cN1dTVcS11PmBT5/V0Y3fd ddhhi03212C3fV3bXMONttxfm3223Wx7LTfa1k3/7Xbaa5PtduBaF254QevprfbiZZe99thxQx74 5H2b7fjlkt/NON6UNx444FJ3HvjOpJeeUuifv4364pVn7jfrnMe+OuyP0/567ZXD7jnqt4fu+Oim B68cp71fPvvxuKeuuOrYGZ+75bav3rvusced/PR2H6799hFR3/rzrC9vPfLkC5723nnzzXvu1jvf Ofrrr6/3+VZzb7/CvGYOvezLx+97897BHvIUt7v/uW92uxufAdlHLeE5UGfe2x/t0re55MkOgAec HPYIOEDOJVCD/7Mb1x5IQtZgq4DSm+AHEfi73yGwg+ADHQtF50EGzvCF1bnfecpRuDcwRYWDE5sM /ynnO/UJDoDZgZv5/kY3yKEQcEqMYeuMWLcljk+HWMRi1baotCx6kXtcDOPPvkjG9JTwjGhMoxpp Qos1uvGNcIyjHOdIxzraUSUbIEsZdRWNPfrxKHckTTQCSchCmmaQhizkH73Ux0U6siOJjAwiI4mT IZDukelpJCY3aRFKOmaSnrQjJ6GjyVGaEiKhTGVhBmPIU7rylbCMpSwx4oNZ2vKWuMylLnfJy/TE opfADKYwDWKLYRqzIqpMpjKXycxmDuiY0IymUfyAuDdKw5nYfI00t4lK29wBf9kMpzjHSc5y3oWb 6EynOtepKxIUjVdi5I9KAHS6eNrznvhsDxrzOf+febrHn/wMqEAHmrMzEvSf9dRnQg/KUOp8ADwP bSh8IlrQEk4HABgFQNIwWh2Nygeg7PHnB0ZKUQSQlKIlNelJHVrSkVanpSR16EutE1OXyvSkKKXp dFaqUpz2FKUuxWlEeXodmNp0pzJtD1GFCtSjvjSmP83pTZ0aVaQm1aQNtKhHo8ZR6mwVPiAtzzxb alWrppSsKn3qTa861KvONK1rTepZsepWtNKVrim9q17Z+ta75jU8di2rYIs6U7RKda96fehh6YrG r3o1oxeFLGQRoNHJUrarlcWsV61T2c1e1qMZzexWQ+vZsJJHJX/Nq2J1Wli8+vW1Zh2sXF8719r/ aseuUlUtdxaL1JUq9qg8XW1f6zrc2RK2tYk9bm9l+9DGXuernb3oZrtKWc5edrqexa50O1rd7VYX utsdyTVNQk+UpJawc21tW3N62PXedrnwjat8lQtb17L2vcwtK3CTS1XEBva8iN3ratM73AFjp7ln dGx3pTta7XqXwdz97nO369joLtjCC87qScp7kqb6V8A6Fa6I5QpVuGanra617VuJKlgWD9WnPz2w W2PbYv7K+L7JxW9PQdxf3U71xBUVUEUUDN4GQ9izpAWvhK175CRnV7SWrd9B3pMQFSN3xiJGcW71 G2AaY1W48/0wcXP81+LW17j89SmAC2zm4oJ5/7kEZilU3yxTo9mEyNw18pKPvOfuYti7nW2wnv9s HdOOB7UhRi+Ov7xTLQfXuGVGMaOtnN8xw7bMMz6zl8nq40XnWLZu5nGNPS1pme6zwnl+coYtjGE9 RziyF441n/2sYfIiFCVkXjGOSx3f+EoawDD99JYtXV9ef5rY7b0yo2882Dhzeb6/5quYQbzPz4J2 soO29mgl+2oFr/raHM22tUu7ULHWE8YxbnRNl6poZb/5rEFVK7rV/VSq/nfHQlV3pOsNbzLP+bYl zvSj5RxUdk9Vy/SVarXb4+3vNHxlhhZPxCXKT0xT/D8RvVHPyvNw7nT8PwmhMkIu3lCLk3w+FP+1 szlXzvKXsPPlMI+5zGeekJbb/OY4z7nOmbmMnfv8jKJIjhN8Do2vYPTnSA/n0ZPO9KbvheZQX6fT p071qlv96ljPujajzvWuEwRnIad42OHjda6DfeRiRzvZyw5193z8wXtSe0PHLnK2z3zc4nl7huM+ 5bT3XQCAF8B0Ag946gje8AgIPN/tvss7v9rh3nHsxAM6z8MPPvHVObzlN19rrYuSInhmsGQ1a1nS 0nrxBbl4QiyfeesIXvOtRz3j2Rn6PQta0KnuLt0ZunrssB7zr3e9lGf/crwvOdtFzj11dn/Q3g++ 8L9//e8xj4AcEB/mTI4u8pXfZ9kPRPUIiT7/9REf/NhfX5fwpDVoVZ18B3eeJBdXifjnf3nEB9nz n5+IkmUd6/Y3efip53cGMX7AF3ucV3/nl0vrYXqAxn4MaHrrd38lEX/1RHjSp3j1d3mKh3/kpB16 Z27UsGEUN3kS9xV5wIEGhR0faG64NoLlplAoWEcbt3Z9d3LdwXw2iB0JmDD8gYM5iDBy94M6uIPx 0oNBKIRAWIPawDJLiDNN6H1EuBt3xoDZBR4k+IMA9YTUoYXY0YTa8IVg2IXTwYVc2IVg+IVjqIVk WB1NGIPIsX8h9YJISB3+FIZpWIZsiId6OIbWgYd9eB1eyId/uIXv54apkXzah22lV4j2MIfZ/zFP SxiJbKgdkjiIlriGkYiGlkiICBCIm9iJEmiIhTFkebZ+qIZkAPh1jngdIVeJkyiGoPiJghiLhKiJ tHiHmhiIeziJUQgv/vdncAiF/7CKrIh2tsiJlyiLs4iJr5gdXuiJtriGvQgcU4ht7qdtkieHjpiF awiIZ6iGzoiMfAiOlAiIseiJhCiKrlF7wLgdV5iDWXiLfiiO8/iEzCiO5viK0PiH6tga7Lh3SuZR 72iDkAiK5DiL9FiOyIiOtyiPg8iQkwgTutCPj/GPePeAjEiMhVZPdtiJZ4iQy8gdahiNH+mNxyiP 9viKMTGRFDkXM1h3A6iRy6d28wgfNVmTNv+ZitOYG+kHVto4h/G4MvUolHTYkqO4k4y3BaZklEzZ lE75lCiBlFI5lbnBBFR5lViZlVq5lVzZlV75lWCplVAZSdcwlmZ5lmiZlnPUS2XQlmH5ln3SlnIp l3AZSz0pk3iZlxuplivxknr5lzJZl0ihVC1jciylYy9jmKAWRp22mPKhmMIomARhE/OmY5BJmN2x ZpcZHxbHW12GNI35mRC1HfCmcHzZlxQRWEDmmI/pHZppM52ZaWIUmpu5mge2X6wlmV1RE5yGZTW1 Y/p2mzb1W03VY3MWcL4FnOnWV7lVYgMnYL/5b8pJcL0FXAFHnenWm1VVWNbZX8DJYnAWYBn/d5pB oZ3Ttl+qyWnsFWpoxpzriWV8ZZ7LppnruW8/1mvOJp8G5pvQhl/7VpymaR8aQEjoRmfPhp+7ZmPw 2Z7ShqCJNmL9aaAHOmm2uWwOuqAI+m4Jqpq6dmKLhWLkqRIVYVjiSVz5xm/x1p9sVqI1dqLqhVdq FqOWiVw95m5RlZ82qqFs5qLY2ZmlhmK6WRQk+pphRmo2uqJE2msytp+haaH3pZ8bqmz0paDhiaFO qlzG9qLGFaQKQZnMaZtQuqNXZm8d+qRHaqYtSqPMFqYmeqbNNqb7aWJpiqFZSqGqGaJAMW+YlqJm dZ3B6W8GanBFpaPg2aDL+ZyppaHEKZw///qnNHWc3TmffKpvxcmohzmolWpVeBqVFIGYgPmp9wSZ XFpzNVGhoHqqs/kdm7qqrNqqrkpJoxqrsjqrtLqTRFCruKow3AASx5CrvvqrF/GqwgoYwFqsm9EW hTCsyupyxtqszvqs0BqtzaEK0lqtT7Os2IoX1ooZhrCt3vqtEZGt4jqudBEC5Hqu6Noa4Lqu7Nqu 7vquwqGWn5Cu9Fqv9nqvdASv+rqv/Ho0qCof/RpL/wqwAXs/dzmwp4WvqTQd/NCw/MCwDvuwDFsd D+uw1tGwFIsAEYuxEjux1NGxHvuxGruxGfuxESuyFMuxIFuxJFsdCruwK6uxJduxNHsdGP8rsiAb sjKLsjw7sTmLsz0rsT8rtDH7sy77sp5ktDlbsTo7tDsrs0rrszo7tUyLHVX7tFJ7sVkLtVbLiEhr R1GbsVc7tVy7tTO7s04rttlxtUuLtR7Ltm7rsV97RhVBsxyrtTdbsmcLtS0rtGhrsxvLsif7tH6r tlr7t3w7uDP5FBtQsFJYE20buW6btlwbtTVLuWbLs4ULtId7uXF7tHP7QHWLt6SLtZTLtEY7sibb tYZ7sYMruZ0LtKmrk477SKZ7u4Tbs007tnpLtpMbt7D7tja7u58rsbV7ShBrsS17uxbbuyqruG07 vGJLspELvServCk7sq9Lu8f7RwhLg93/WzgH+73hEbqJRL7om75A2RaMQBh+qb7wG78BNUoUR13y Kx9vt4ID23D6yx70Sx6h1b97F1lRth0CzGTv4W3821EB3I6Plx0faL+EBncPpncP13ECfMDxQYUP XIWR58Hb8RkToBXj63EMp4IdjMJKo8AoXHsAicAe6HDBCMNV+HEFnMKzZk/5C8F5l7BwxHHWBW7b BmUwLMQQlmTWSMRJ/FmPdcOKaL8D3H0vTMFEhllPjGe4p23fZcVQfMMVHG5ezGpMvMWmiGRLPMZL 7GpRDIEEbIqkR8Bt7GdJ3FVyBMQMXMFTXMSrdl0UVooNeMRZTMGoOGET5sL8B8KDvMfK/xdoftzH NEzIeVzIjzVduBfIWyzIl3zIA4yIjZzJEWbJmbVZMvO+HudkeHyKeux/p8dn26fKFyzIFunBahzF jqzIg8zI7heBOKxqOGxkrqx+p4zIfUZoLozLszbButxqe/y/44HKATnLWoyNivyL7LfHM8zGkMzL IIzMz2WNbdzF2KXMAamCrzzJmOzL3Kd9cmzKsBbHqkzFAUzG3JbL3jzMy3w4JWzACAyHutzBxRzM fyxhv9xtsNzNBYzFKszL0FzN4vzJMZzQicxZ2HzMwLzJkkzRhmzR/yxuoLzHo9ypGbzPj9fP25zO AM1/xmx7zlzQD3zNayzSh4zK18Vqyv9My7Qceixs0tR80g7mwNlszUDd04nc0JtFvyE90k98xyk8 0RdWz638yeFm0Nsm0fNcwxDNwFdszhz8betsz+0Mx1ItWkoty0HNylidzNTFzph8kd4MgUz9gImo WUWNz6V6vzatlxqskXmNNHUMv1uN116MsHvN11/RDPVh14g9sFRHyond2Ks4e/lswlcdUBO8H3td YYMNNJlN2CXRAT/3khdc1Y+8y3asz7181xtcylD8fwAMH38tzGsdeVe82mfdxEMMXV1lEB3AdXe5 wKf90DUj09znHxgs2bHNMjMM26ht2jkM3PY8zqA7Ep792SDNxcL93GPc0qlWeqsdaN3/nX1pLNQU xt1p/dpr/MZIjN5oDNbhgdOjZ92id9vNPdyQ98sKVhC7zdt1Xcv+bM1qLNOhDHeoltY03NBivH25 bMs/HcSnV2TXdo39i9AwLXoJTtulGNgtrNOmZxLTXUj1MBcOveBELeCprN0mfdaijcsHfnw6vcvF rc5l/c4RftEEXeH0PdoWzNPKzOFIlyNMXdIDTdYJbnwUrd2cbHsCreMKjuPcFoE73WQHDcbXTcxW 7eBqLdE8bMCuNuLVRRD5rd80gc4iXtaRTOZifOJkfeQrDuMY7eKQrOInfeTL/chUruQZHdvFPdJm HmQd7nOkyN9GPsnB6MwjPuAmbuP//63N2N3OOc3Q/H3mR6zcWQ7oMb3njW7VFl3iCe7lXreA3E3O Uc3EUFbFSV3THFzTQs7Gif7F5d3qq0zVRszmE91+5q3lEvzpbE3eJP3NRgzPbt3q8h2Koni/m83c jt3a/9GU8lvszn3sPQxxUzcVRRC+DhEBEbCT5vsSyGAXEeCG1K4Z1/7t/GrtVJntgNHt6iju6r7u 7N7u7v7utgEE8D7v22Pu9n7vZ7TtkVR2zUDvIGEO/h7wAi8VbYCV+H7wnDrwCr/wYonwDv/wEG8P DG+tEY/wE3/xGN+LFW/uobXxX9vxHo+0GZUSGe+4zn7yKG8zmJTyLN/y/vEbGFUUkf/t8jRf89zh GCPvFZxyCDx/CNPR8zxPHT4v9AjQ89Zh9EWP9NUB9EY/9ETP9E7/80df9EcP9Unv80Ev9FG/9VZv 9VWf9VDv9ED/9Vi/9F+f9Ga/9F0/9V6v9WOf9VIf9lff9Eov90Tv9mj/9Fw/90EP91Rv93jv91g/ 9lKf9oQv94RP9YbPvQQBAJqRUZqh+HG/+IUv+ZRf+VN/90+/HVH/99nR+UMv+GJv+Zjf+Zlf+qcv +aCv+Ya/9Z+f9puvHaYv+LBP+qqf+pN/97Qv+rZP+6yf+bt/+bmP+po/+pU/9A7h+FsR80xhE6ZP +mVv+c8f+t7h+mb//L8f/dex+p7/3/3ez/rYj/mpP/u9L/66f/vYYf2x//psD/61f/y4//3UP/rR X/bkb/zmf/703/7XL/uwDxCHEAwUSHAggoL2FC5k2BBAQ4gRJU6kCBHAxYoZNW7UWPCgwY8CRX5E SBKkR5MhVapEabLlyJQvDRaEWbJlyYM3V8bcmRMny5Qnf+r8WdRmUJBAkxa96VEmyZo4a46keRTq 0J5XrW6deZUoU58+USbk+JDjWbRm0a5lS9Hpoag2m/IkCPfrWLt2EeZ9KjboU5iBww7em9el3p5z m36VKpRuXb6FEeeMXBUsZcOGtQ526phqV76CL9O1HNc05L6SXWpN29b1a9ixG8qk/21U5+2/WeNu 7vrYc2nCo5ESHrtaMVLLXBN7HT6391LnzjmH7Ry4qvSod5N+VhpcePLgZMvKJl/e/MTaSouvZt/e tlHeysOfLK2Z+HDe67tTz42VqP7nfNvuu/ZSk6wz/6S6rkDhtKruPQMJXOo9BNZS6zwMM/xnQw47 9PBDsNZDEL7GvIOOueb4ExC8ACXs78TlJhxxJbxehDDF/ADELj8Hodvtx5AA7JGy0RDUcacIB/pw yQ8BYPJJKKOUckoqq7TSQ9REsq+4ySBDDTndDrwNLszIJI7M42LMcjEzvbPvSyH1qtE32iILMrMg E6tMTQjRzFOxPYk0sTCmtOyS0P8yebxvpSs5dLJRSCOVdNIo8bP0Ukwz1XRTTjv19FNQQxV1VFJL NfXUgyhVdVVWqXQNVVhjlXVWWmu19VZcb81wV15hW0KjXIMVdlhiK+z1WGSTVXZZZmOTtFhoo5V2 1FY5dKNabLPVdltuu/V20mnDFXdcpL4191x001V33W2PPNNO1ZLUDF4u20z0Xj3thWoye1OrN7M3 99UXYHjvDQ0kdhNWeGGGG47SNXflMzBCLmmcTtEjR8SNujiXk45E/f6zcTecmjX5ZJRTVhnlxsAD 0s34NvarQfh21Ng90GC2ikUKYdbOUpLFW3looos2+uiGWj7x4497DvO0+GqeGav/qLmTeucJnZb6 Z/wMbVNopMMWe2yyyVOaaqfZDPit0/QFGbHoOHZ7a8csrg/PMFEUcO8Sy/b7b8ArskXsraaaT+fD p845K+PYMzJrulssvMS8fQYTOZFLDnxzzjs/79m9BM1S0cplvJFmveU2c8asDR9T9KYpJhFy2h1z +Hbcc9cd21d79jfmqvdLjvXLRNRbZspDx5l4IWGcPXM+jfV8eupjg6Z6iUzXvnU5oz7w+6XdfnPL 1Mf8Os/ly0Qz4Dtf6vI/O8mXHnv666cedHLz1z/a3fv3/38Adqh3+yNgAXVlPwQmUIELZGADHfhA CDorgBOkYAUteEEMZlCDG+Rg/wc9+EEQqiuCIyRhCU14woWEUIUrZGELXfg/FMZQhjOkIeBeeEMc 5lCHO+RhD334Q29pA4hDJGIRjXhEJFqphktkYhOdiKwkRlGKU6SipJ54RSxmUYtb5GIXvcjFKoZR jGMkYxnNeEY0plGNa2RjG934RjjGUYVfpGMd7XhHPObRc8jQ48pC0UdABlKQgyRkIQ2JRTkmUpGL ZGQjHfnIM/oAkpOkZCUteUlMOuyQm+RkJzeSSVCG0oyeJGUpTXlKVKZSjy5kRSWLIEpYtkqVs6Rl LW15S1x6Lpa75GURc/maO/xSmMMkZjFz2UtkJlOHxmQm4GjRRG40U5rTLKQyrf95zTlSU5vb5GY3 velEbIZTnBn8ZjkDSQ8GjlOd64ShOd35zs+xU57zpGc97XlPfOZTn/vkZyjh+U+ABlSgA+XVGh/V T4RikKALZWgKE/rQI/YDohPd0AAoykIUpqKhG+VoR7m4j1peVKQjJWlJx+lRlJrTpCtlaUtd+lKY xtSHKaXpREhRTJnmdJdrGVxNffpToAa1iTolqj+FetRjFlWp3MpAFDl5EYwgVaoSoeRFlnpVrGZV qxNtxVa9+lWZTlWsqgTrPJ0wz7Gm1ZRlZWtb3fpWKalVrp2Ea12pOFe8GtKue01iXv0qSL4G1pd/ JWweBXtYxCb2ooVlrB0VO8Ela5HRDJREljkae1nsPVazm+XsOjH72c6JQ7SjJS1pJdhZ1HIwIAA7 ------=_NextPart_000_0007_01C6F828.8CA8F0A0-- From Reyna@anglican-nig.org Wed Oct 25 05:35:35 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gcf6T-0000ij-Ol for capwap-archive@ietf.org; Wed, 25 Oct 2006 05:31:17 -0400 Received: from ppp-124.120.76.85.revip2.asianet.co.th ([124.120.76.85] helo=angoravet.com) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1GcevU-0007TS-AG for capwap-archive@ietf.org; Wed, 25 Oct 2006 05:20:17 -0400 Message-ID: <001601c6f851$66230b90$00757c8c@microsof92211f> From: Dionne To: capwap-archive@ietf.org Subject: I now a now Date: Wed, 25 Oct 2006 16:19:51 +0700 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0013_01C6F851.66230B90" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 X-Spam-Score: 2.1 (++) X-Scan-Signature: 4bb0e9e1ca9d18125bc841b2d8d77e24 ------=_NextPart_000_0013_01C6F851.66230B90 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0014_01C6F851.66230B90" ------=_NextPart_001_0014_01C6F851.66230B90 Content-Type: text/plain; charset="windows-1250" Content-Transfer-Encoding: quoted-printable Penny wise, pound foolish. A creaking door hangs longest. and A creaking ga= te hangs long. Simple things amuse simple minds The start of a journey shou= ld never be mistaken for success. Better late than never. Bloom where you are planted. Interpretation: A flawed article will require = a lot of effort to work with You can't have it both ways. Birds of a feather flock together. Beauty is in the eye of the beholder. Al= l things come to he who waits. It takes two to make a quarrel. More haste, less speed. Talk the hind legs off a donkey. One mans meat, is = another mans poison. Thats the straw that broke the camels back. Better the= devil you know than the devil you don't. Brain is better than brawn. He who lives by the sword shall die by the sword. Water, water everywhere..= but not a drop to drink There's no accounting for taste. Where's there's m= uck, there's brass There is only eight years been success and failure in politics. -Jim Brown,= Louisiana statesman We are the music makers, we are the dreamers of dreams= A creaking door hangs longest. and A creaking gate hangs long. Life's a b= itch and then you marry one If you're in a hole, stop digging. ------=_NextPart_001_0014_01C6F851.66230B90 Content-Type: text/html; charset="windows-1250" Content-Transfer-Encoding: quoted-printable

NEW YORK (Reuters) -- W= all Street bonuses will rise 15 percent this year, with larger increases fo= r investment bankers and equities traders as merger activity surges and sto= cks rise, according to a study released Monday.
NASHVILLE, Tennessee (Co= urt TV) -- The father of a Nashville attorney on trial for killing his wife= claims he reburied his murdered daughter-in-law and disposed of evidence r= elating to her killing.
Atlantis' astronauts strapped into the space shu= ttle Thursday for a practice launch countdown more than two weeks before th= ey are scheduled to blast off on a mission to resume construction of the in= ternational space station.

AFGHANISTAN: 1= 4 Britons dead in Afghan aircraft crash LONDON Atlantis' astronauts strappe= d into the space shuttle Thursday for a practice launch countdown more than= two weeks before they are scheduled to blast off on a mission to resume co= nstruction of the international space station. Lockheed beats Boeing for mo= on launcher NEW YORK (CM) -- Soft drink and snack company PepsiCo Inc. anno= unced Monday that chief financial officer Indra Nooyi will take over from C= hairman and CEO Steve Reinemund this October. She becomes the first woman t= o hold the post and enters the list of lea You may be paid more (or less) t= han you think

NEW YORK (AP) -- Talk-show h= osts Jerry Springer and conservative Tucker Carlson of MSNBC will be among = the celebrities competing on the third season of ABC television's "Dancing = With the Stars. WASHINGTON (CNN) -- President Bush declared Lebanon a front= in the "global war on terrorism" Monday, equating the Israeli battle again= st Lebanon's Hezbollah guerrillas to the U.S.-led wars in Afghanistan and I= raq. NEW YORK (AP) -- Talk-show hosts Jerry Springer and conservative Tucke= r Carlson of MSNBC will be among the celebrities competing on the third sea= son of ABC television's "Dancing With the Stars. l storms or monster hurric= anes like Katrina and Andrew. WASHINGTON (AP) -- The thwarted terrorist air= line plot in Britain is sparking a bitter new round of finger-pointing in C= onnecticut's bruising Senate race. At least five deaths blamed on Ernesto

At least five deaths blamed = on Ernesto WASHINGTON (AP) -- Scientists have discovered possible bird flu = in two wild swans on the shore of Lake Erie -- but it does not appear to be= the much-feared Asian strain that has ravaged poultry and killed at least = 138 people elsewhere in the world. NEW YORK (AP) -- Talk-show hosts Jerry S= pringer and conservative Tucker Carlson of MSNBC will be among the celebrit= ies competing on the third season of ABC television's "Dancing With the Sta= rs. LONDON, ENGLAND: 16 held in British terror swoops KANDAHAR CANBERRA, Au= stralia (Reuters) -- Australian scientists have begun looking at smell sens= ors in worms and insects to help them build an electronic "cybernose" they = hope will one day be capable of measuring aromas and flavors in wine. NEW Y= ORK (AP) -- Talk-show hosts Jerry Springer and conservative Tucker Carlson = of MSNBC will be among the celebrities competing on the third season of ABC= television's "Dancing With the Stars. NASHVILLE, Tennessee (Court TV) -- T= he father of a Nashville attorney on trial for killing his wife claims he r= eburied his murdered daughter-in-law and disposed of evidence relating to h= er killing.

RICHMOND, Virginia (AP) -- A= man accused of killing a musician and his family and suspected in a series= of other crimes pleaded not guilty Monday as jury selection got under way = in his capital murder trial. NEW YORK (AP) -- Talk-show hosts Jerry Springe= r and conservative Tucker Carlson of MSNBC will be among the celebrities co= mpeting on the third season of ABC television's "Dancing With the Stars. NE= W YORK (CM) -- Soft drink and snack company PepsiCo Inc. announced Monday t= hat chief financial officer Indra Nooyi will take over from Chairman and CE= O Steve Reinemund this October. She becomes the first woman to hold the pos= t and enters the list of lea WASHINGTON (AP) -- The thwarted terrorist airl= ine plot in Britain is sparking a bitter new round of finger-pointing in Co= nnecticut's bruising Senate race. NASHVILLE, Tennessee (Court TV) -- The fa= ther of a Nashville attorney on trial for killing his wife claims he reburi= ed his murdered daughter-in-law and disposed of evidence relating to her ki= lling. Hedge fund may boost McDonald's stake

NEW YORK (AP) -- Talk-show h= osts Jerry Springer and conservative Tucker Carlson of MSNBC will be among = the celebrities competing on the third season of ABC television's "Dancing = With the Stars. KANDAHAR, AFGHANISTAN: 14 dead in Afghanistan crash Money M= agazine: Best jobs in America EA scores touchdown with Madden CHOWCHILLA, C= alifornia (AP) -- Sara Jane Olson, the former Symbionese Liberation Army fu= gitive who became a Minnesota housewife and is now serving prison time for = trying to bomb police cars in the 1970s, says she tries to hide her radical= past from her fe l storms or monster hurricanes like Katrina and Andrew.

COLOMBO, SRI LANKA: '100 Tig= ers dead' in sea battle llow inmates. More than 200 homes evacuated in Rich= mond, Virginia Ernesto blamed for knocking out power to more than 400,000 W= ASHINGTON (CNN) -- President Bush declared Lebanon a front in the "global w= ar on terrorism" Monday, equating the Israeli battle against Lebanon's Hezb= ollah guerrillas to the U.S.-led wars in Afghanistan and Iraq. Money Magazi= ne: Best jobs in America

------=_NextPart_001_0014_01C6F851.66230B90-- ------=_NextPart_000_0013_01C6F851.66230B90 Content-Type: image/gif; name="rnrj_859.gif" Content-ID: <001601c6f851$66230b90$00757c8c@microsof92211f> Content-Transfer-Encoding: base64 R0lGODlhYAEJAYYAAAAAAP///0T///9mMwD//0RE/wAA/1X///93/xH//wAAZjOZAP8AAP9E IiK7dzMzM///Iv93dyIA3WZm/8wRZpmZ//8R//9m//8A//9V//8i//9E//8z//9mZv9ERBFV 3QCZABGZAGbMZpnMd3d3/5n//wCIAHd3d4jMZgDdqnd3mYjdiHe7RHf//yL//zP//yLu7neI zIiIiGb//4iI/4j//0S7RP//AP//EZmZmcyZmf+qqpndmardiP//M6qqqnfMd/+IiKrdmf// iKqq/7vdqv+I/6rdqv//qv+7u6ru7v//u0QAAP//d/+q/6r//7u7u8zuu7vuu/+7/7u7/7v/ /8zMzBEzMzMAAP//Zv//Vf//RP+Zmf//mf+Z///MzN3uzMzuzP/M////zMzM/8z//93d3f/d 3f//3d3u3e7u3d3d///d/93////u7v//7u7u7u7/7u7u/+7//xwcHICAgPj4+FxcXMDAwCQk JJKSkvb29mRkZMjIyDY2NpqamiH5BAAFAAAALAAAAABgAQkBAAf/gAGCg4SFhoeIiYqLjI2O j5CRkpOUlZaXmJmam5ydnp+gixqhpKWmp6ipqqusra6vsLGys7S1tRi2ubq7vL2+v8DBwsPE xcbHyMnKy8zNzs/Q0dLT1NXW19jZ2rUP297f4OHi4+Tl5ufo6err7O3u1R7v8vP09fb3+Pn6 1QT7/v8AHV0ISLCgwYMIEypcyLChw4cQI0oUdmCixYsYM2rcyIwDx48gQ4ocSfLZgkghSqq0 lXKlS1ktX8pkFXOmzZs4c+rcybOnz59AgwodSrSo0aNIkz4CoDQp06ZGn0ItKnWq0KpWg2LN SguBvq1ceYINu02E2bNoyapd66jfywFs/33CjdtzLl2ddu/izKv3Jt++Mv8Cfju4sOGDBQ4r XswYEa7GkCNLnky5suXLmDNr3sy5s+fPoEOLHl1vA2nNo06rXs26NegIrmNnGyi7tuYKtnPr 3s27t+/fwIMLH068uHHJHY4rX868eS+3zqNLn079WcXq2LNr3869u/fv4MOLH0++vPnz6NOr X8++vfv38Ed7jU+/vnMH9vPr38+/f8QR/vkCYIC9DEigLgYemEuCCjbo4IMQcudRhBRWaOGF GGZ44AQadujhhyCGKOKIJJZo4okopqjiJQasOA8IMLpICYw0yjgjCDbm6GFqOvboY3wU/Cjk kEQWaeSRSCap5JSSTOaDW5NQ9mJBlFRWaeWVvTGA5ZZcPpNAl2CGKeaYZJZp5pljTojmmmy2 WZhpbsYp55ywwEbnnXjmGYsAevbp5yBqsiXBloO68+RwhV6ZqJWLVtkolY/+ScuUklZq6aWY ZqrpQR902imXnn5KnZablmoqUgqcquqqrLbq6kUZvCorRxDMauutuOaqq3sN7OqrM4EAACH5 BADClgAALAAAAABgAQkBAAf/gAGCg4SEToWIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKj pKWlOKapqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExZhlxsmvXsrNzs/Q0dLTrS7U1wEZ 2K9v297f4OHi4+Tl5qlN5+rr7O3u7/CKNecTgvWCBgaFE/r491T8DFSQIwhgvoGE8uWbQDCf IBIFCBK6dy+Aw4n9LP4LiDCAQYES8SlkaLEfxJD2Uorcl9HAxoMSP3YUubChyYj7VJZkucFf QY4xgSYcafMhzok64yVaQyQA00EXBxExsMapgaZrBFqtl7XC1qEB5LjcWYFqoadPVxKaWjUr Vq1Z/7nCHQtVn9h6DstWJYS2qVqpZt1a9Rp38Ne6YcfmNcsXq9+dawNfNVy46+GVd8kyHtRX qSKFChHzncw2AInND1GD3ZmPigEqhUBHjSpIcOnTewfh/tzPYevXsWWL5kza7G5CxxFd9P0a +FDQw2sXr5o8de7gK3/Dfh7acyKKqxPW4/c3OvbMoMkgAm9eYwDykMMrt6tYofqc7+X7hE+7 /Pn6+dyHVH7tjcVfRu0hhp596yXl3YAVxTcIP5lJ6B93JOUDUYQqRdjfewZU+OGHddVU0oYN EnghhXSNiGBwJuajQgEVPdGhfiCK+KKFGNqEIn4cPlgSdBdORcNkpqlWnf9++cjh2nWytbSj kUguuaR5TT7J3WxTGnCkX1aqhmWIWpbYHY9UgqmkAtcxSSZqUQq5VlVEQLljVvnsRcZc9exJ WH0WLkfCnAHUiSOejPn5laKFMYedRYNKRaediCCqJ58BMApof4ISamh7lgqiaZ8C+dCoPpz2 Fqkghn4q541bSongGqd5KRGt+dBQVKqClBUSe2ZyOWututZG7K4vXuTrhA7GSRNfxxqbK7KP LgtrsLJCO620trKWbD/WEhjkq+Qmw0a56Kar7rpIrOvuu8oQAO+89NZr772zIIBvKmPs6y8k GPwr8CMvDGzwwQgnrHAmQyyMyBQORyzxxBRXbPH/xRhnrPHGHGeMDDUNdyzyyCSXbPLJKKes Mi8MMFBIBy4LwkAHgiQBMwNcuFHzzTkT0nLLHejcsiAReKCzzC67EUHLERyNdMsenBHA0IV8 AXMHUsOssxsMfCHzzVPHTPUZS+PsdNhIhw302QFYPbPUaMctMxNp/0x1AGUPAvMgM3PNhSBc MOC03UGr3XchNrfcM9F3/7z1z4YXznjMcZOtuNBiJ11203JHc7cgOzAg9RkM7BAA6X+TTjPq p8/sc9KuDx043GlrzTXNfIvtQeetmx76GaF7nQTObZc+dMteD8266q/XDTvugpDuu+hhJ095 3MdfHwDXLcP9e+8BBC7z/9+5bx+72NC3nrrr5nf/tNdfQD707YJwTz3ay59vfQC2n0/N5+D7 3tJoxzgCNg9tLRteEgqRPbalbWpB4N3S+BYB0kVwaTQLguiyFwG0Lc2BD8zeAxlHwbB18HNU EyEhhhc48kkvAN+bWhKGx8DMYe96A0QEC4kXtg5EMAhgS2HMdki+oX1wEHMwIQIFR4gOpA8a AJwazfbGuyqWj35281rzhueBHbCNcCMcoQgZoEHuLTEJZoxi+ZZovvQ1zmUJNGPu7GY4BhzC A7tjwO6+xj/K7cCJpmseFp93wELgcWp7TCAchwdHQgbgkHp0HiLiODQuelEQQYjgNKKoNfZF Uf+NTzsc0zzwRKq5YQceYMACr+i/QhqRjHAM3Akb6QZG3vB6Qozc2d4Ytlqi0IafI90Cj9hH +q3xdWvTZSEHQYFmUuCI3VPlBhuZTGHijYkqlJ/gbLk9VKoyADP8n/ZgCMtA5pAQ52xDDWvo SwIC8JeSRCflGNBBRv6tbAsUYd7KGMZcgnKCMpvlNXEJzOsFzm6rDJ0GAxnGhg4NlQQ85yAO +rN8UpONhKBoAtHGTzbmbZmbHCfp3Fe89dEsfibF6Brp2bz+uVFsAiXEC7/HPfi5T4S2ZJ0c ASc4rkUQlDOlXiXhqVIIRo+lrSNpQ3lHtQ7sURAobR3NyHhUgWrwp43/ZKAmSSdQneJ0aC61 YjPs9sbrWY6MRztrEDDH1JgFbnCaY9ouf1Y4ssbsDFejnSn9acPTlS0IBHSDBtEq1tPlNYQE dd7P4rdKuUEOpG09Kvmi91c3MLZ8Q7Vo5y4bT7VKLZdKk2thHeEDz3RjZahN7cHSodrWunZd S3itbI8x22d0oba4TcQMcsvb3ubCRr4NrnBn0ZPhGve4yE2ucpfL3OY697nQja4mbpAMZkj3 utjNrnbvJYDtynYBC1gEeMNLCDWMALwjiAIiUEDeQSwABQEYr3zbGwA1CAG8LBBCHAox3kKY FwsLSO8ionDeBejXvfMFryDACwZCKDi+CSZv/4JRoF4HP3jB9E3EhCsM4QQPwrzo5XCEJTxf CguCvfyFL4bpO2IMEwIMBR5BGizcYAR/OMYcRgSBwXvgF8d4xgiWr4lXjN8cb+LChQDDeIEc gDQk2MhRWECNm7wA9bZYEFFOsBoGoWTwMtnJ8zWyIIqgZSLLF8MssLCZ+9vhMHN5yTZmxIgr fGUwy5fOEV4zeNUb5Sk7ucJdXgCTr3xhMs+3CIJAAn7VTGU3I8LQ8lVDEgMA6fEiWs9V1rOY MYFkQty3BwYeBAsWsN8AKDnNhIjDAnowiPvut9ODULWUBRGH86o4AJ8OtSBGXepTI8LJLCi1 rV2sYR7H+djEFoSvBf+RayEgu9gvXgCqL3xbUZNa2dJOtr6Q7WtVs5rZ18b1qnXN6DgDG8hp GDWQx+tsYvMa26gmBLCF/V5BnNve6k62qbMN4UFEOd5HzrCNLzzqTRNi1O6dtsDBPeUAxKEH pe43wTPNCFBveRAQ17eFQV3qTns8wxdWcMgXXm5iw3rXFOcvyT+O8oQPXOAsDwComUzlb4OX 4+5OuSIsToiMy1zQ8l61xh+M5JNf4uRqCPV9gZxlFhic0kB38qWvjPBFJN3ZS8dykcVL8jaf GcKqVnHMuV3v+iod6P2WM32VLPY8B6DpRl4ACDy8ASSzfcxRX8Clry5umqc9zrAmOqnL/mD/ uHP98CrX993/HuVbBzwRZG6w1P0t30v79+wXJ3R754t3yeud8paGtiI0//ZMjx3TQI48lafe ddRjGvTgtbzmEwxkvt/34qqffMnTHngSl97K7c1y7EVPfMBHeN1P9sTJRy1fgL+d+ZZX88gJ UbCWmxnlzS9EFKCPCKP/PfEBQPHpvf7eiweA+eNVeCMmbH7vY5n737ewkM0fXwf8Hf2L3r3g u+/78Ie309s3fOBXfCZXYu0nZE9nCbAma/NFf1q3cM32bK2mc/3GgJGmY7DGcxjXcStHXkkH aiAXgvhGcRY4XlvmfmmXbimHgg+oceZWcJ62AA6gayUIXvQXc6DW/3BKZnMeOG4Ll2WIoIGC 4HM5GG08OIIi1nqaAGt99maINmo1pmrOh21eJoG0xmC0BoRNiG1POGsOx29BF2yCcF4j4ILJ BoIiWHLsxWdeuG+IhoJItoZmeH5eKIVzGIcp12UOwHRtqGTRF3PAVmMqiHwBoE5oiHJRCIaD MG9jGGD2Jm2CmG/fJ4fx9wl5dl4RF3alN19+F2Tyx3kP2HzqhYmxVm/CB2ePlmAc6GHfx3wD qG+yVmvh9oXw5XYlF4vkV3i093rfh4srZn8BQIpX6HhjV2kC2Iq6yImQp4qDYIyfB4vg9Wod uITyFQL/N4tg93Yx5oCEQIaf+HW0dl/vlf+EEZeNOxZg3Ohv7GVgEUd6oPeK8RdlIFiO0WiL zyaPuRh82xhkoAiAQteIZYhh9DiLp5cGP1ZyQIhl+6gIUbCOPbaIB3mPQmd0LJgJEOBdntEu sVB9GNmRHvmRtbVtIDmSJFmSg1AFJpmS0FVcKtmSLgkM8/CSJTNpMjkKWlCTOAldpdVcaJCT 7UCTPgkMEKMMMRmUlmAEqKVOkfAxwaCRRvmUUKkMWTANQxmVVlmSFqAKGjAwuOQzfDNHdrOV auOVZPmVZSkzczRJn2RXdaQ9BPVYoaRGcDk1DKSWbzlOY1lD88SWT4NMZfVYfEmXCTNPgimY cFSXZUmYZ1mYaEn/lorZmIx5lm75lY9ZmHiZmMcUmY95mYKZAF0JmaBpmWbZmHg5mZHJlZQJ mYcpmYhpmoLgBOOkmKbpmqyJmZVpmIwwm6KpCGKzCLpZm6HZm2ZZmq25ML0pnHRJm5dJm6cp m7z5CJ85mqupmaGJmMO5m4mQOZ9UnL65mMiJm5PEnYMpmsgZnacZl+8UnqT5nI5wl41znY5J Vta5nuCpntgZnNUJnKQpn22JnqOJMNO5mvwJmss5n+cZoOzZCNHpnvh5nv9Zn9NpoA0KnwlK nYyJnDognYtpMAhanvpZnxPqlbf5nQcKnM7pmLkpnhH6oA/6m/9pniDamzqQoS/Kohwq/56q aZ0jKqETuqAV+pmT6aMpmqOZ2aP2KaQtqqFmOaP26aAAiqP32ZdJ6pfvqZd22Z1JGqR0BJZy iUIGOqBziUxXKqFzyZ86wJcuepW7cJO7wKSecC6u0C+30JNqWqd2eqd46gkBk6eMcAgn0wJ8 OlysFaiEWqiG+glicKgvyaYcg5LGIJKKAFyHWpWKWqmWeqmYmqm0wAGa2qme+qmgGg4ggFss uQ3VZglSIAIgAAI8UI6eEAcrUAiruqoi4KoBsKqWEAeqWquCsAIgEKuFcAQgYANA5qvAGqqF kAas2mQgIAKigKuEgKtx0KyeUKsgkAbOKqzTegSEIAUgMK2xqv+tIMCtyEoIQHCtsjqqtzqq qwoEQLCu7ioIwrqs6+qtxDqr6ioI0Iqr7fqu0OqrvBoA88oD+pqvt6qsg6Cqt+qsCWuwCkut I2Nd8ACt0aqu/PqtBVtq2gqu65oG02oD65quDketq1pquMoD30qtG/urITsI3jquAbAFFxut IiACNrBfM1uug0CxOzuqGJCzLbuu+NqyQFuwtIqz+Vq0+Mqz3bqqsaq0KeusRVuu5+p3+8qu SZu1IhuyTNu1WsuzTKsIKRsANsCuDCsIDzuqZbuwJVkCsxAGy6qszlq2caCso2oCWisIKBsG HHu1QVuwWxuyKDutzrq3feuwyqqrApv/styKq+L6ruJKrjprb+f6q/uVBmX7skHLs/MKrH6L uSAQBj0buNIKsBrrtIC7iLtaasaauqbbqyyrFNZwqAY7ubZ7u4EqlrgLClO5u77bCLW7CcGr Dt01MrrarLY6upGwtMNbCbCqCMcbsAGAssm6ukZbu9F7udarush7vXhKvcO6CGHrCON7CeVr rdjqcL5au2tLrcpKsIiAvnNrtoTQvs76vhJDp+cwre+aaqqqucdLrOe6X/wbuAE8Y/2qvuMK rQMrtFgbrQirr5UrtqPqraKLCNcavOOLqxZMqOFbCL4aB9M6qrw6rMoqBQHgrVabryUMsiWr t99qt4srwizr/7cuu6rk+rTD662x6qs2QKyF8LKSm8Kx27Q9PKxAzKdFnLrQKgUTbAPOarMY bLBODLR+y7x/G8Som7ry9sFAILoQ27Sxq6wgm6xeDMZni6cX+8Ahq6ojTMTKOsRc7MZWbLFs rLxiO62DIAESUAgFLLKzurN6/MepBgL9W7F4OsBLPL3XKsMle7XDS7GPfMeDC7ejarg1bMeE IAKJe7arysegLAFDrMjHiradPL1DfLKjnLKlXAgxkAgcCQvysjLHuwKueryaG8fQmgKLzMW6 fMe4zMBbDLqWLG/bS7TsCsrcWsuuiq3di6+Ni7U47HCqasuJEAOvrKkhnAk2cMFhPP8JzYsJ 4fy7iUCrnUgJzmzIcTC7xMCp5PzOHXkA8CwIcDrPJgmpSjyr0qsLz5sI/Vy+jxAHlQsEBNzK jIAKkICvSbwLQNkx+5rGuVC+AC0Jbky4WcwJ+1rGL2nDDQy7ATuv5NquwyoFKAvEIm0DJG3C 8rqq8Luq9mq30qqq9xrIwgyz9arSYIux3pvAi2vTLq3SsLrABruvOlywAzyyh7xd0qqy38qx g8vUaRDHHTvV4buqCIyu4buyOuyxVa2uLYzMixvVMGvVH/u39noEJmvHpyvW0czVIDu4Mtyz tMrEGYzCKtyR+FrCS/u3V6zJXOvXa0zTmkyxVczGOXvYzRv/B0eQuWBN12Btw4Br0X4LxQEg xXg9qot91YH72IBt2INdu32Ntinr2ZzNxRTc2KX916Yd2iGrwjaNkdAqxZgcq0+drY081p3d 2CcbuocLuFf7xn4rrGyd2qJNw1Lr12Et1X5byTktwWQbw5D8kdCKv51La6/b0yGd2zZc056r ycT8y01WtsWM3Y7NswLdrpcr3pw7zWAdzEOtz+kNApq7uAaNkwmwLt2srxANCdtcDLtlz02m quoMzs16zrewpwAeDR/gk0VZMR+w4E/Jzs1AXcDw4LwwyyUTW7jgqOMA4QmuDhYeAKdlqPX8 LiF+MvqbW/j84VDpzuUgzywe4zKO/w1KeTKxXA0uKeEzHpQA0OM+/uNAHuRCPuRE7uPD4LYk c5E7Pgx+uuROXpMIrjEl/uSU8AAPUAgycOWC8AAyIAhWkOUP8ANw4OVgLuaEYOVWLgNjbuWC kAMnMOZbfuVwkANWngNwPghzbuVm3uZsHucB0OdsHuha3ud5HuZ3/udWPuZwgOaCYAZZLgNm EOcPMOZKwOhoLuh+fumYjuiIPukBsOibbgsIjS99PghQ8ACRbgYPAAUBoOo/8Olc3uphDutd PghsvuhdzuY/gOpnfuVZDge4TgiL/urBDutWHumcfuzJfuXKfuuzXuySnuqMvuisfuprruyq HuqIHuml3v/tg87s2G7pWi4LDf0OjHoJpd7oqx4Apx7pdH7oAfDuigDo4G4FD2AFhSDo8M7n +27vu/7qy54Dy47oAs/m8p4Iaf7qPwDm8T7uD1DwXK7wDJ/udc7pfn7xgi4DEs/mMlDrxpXu W97lWX7xvb4Izp7raI7stn7l9n4CUADvIC8IJ3ACf07zy24FoH7zOR/zK2/vf27v4L7yiO7z VwD0nS7oOO/tQn/zzG70PwDwMbsIp6paMZ/lMBDrFl/y847mak7wJ+DxFw8HUHAC96710172 8q7vRq/2m87oK7/o9r7zDg/ucD/p2p7oRk/y9I7odZ/zVoDvxxXzp77rrN7w8H7/8IgA8njP 60vf+AGw63Cu65qO75hO50Fv8JIf+eO+7EFP57YO8Z0+8EJv+Y2/94Ie9MoV89nO+K5O67JO 7LGu7Rb/8CX/69AO67DP7ACv6qDP5msf9EY/7MZe8v/O6dTO7p4u+a9+9yyv9IIA+cKv/KKv CNoQDBIbD5o+95tvBpa/59yv59ee9RcP+UJf6HZeCIX+A2ag6oA/8KaP+oTe/SrP6fZO+Vru 6FyO7L5f9qff9nMPCAGCcD8PDz9wAYYBVg9Wig+QgpOUlZaXmJmam5ydnp+goaKjpKWmp6ip qqusnV2tsLGaF7K1tre4ubq7lha8v8DBwsPExcbHyMnK/8vMzc7P0NHS09TV1tfYmAe4cDmG iJCGkeLilWYyDzJmgouSk4vk7eziJ+vx4e3n6ev4Mon378bdW9TNUI5EAckJ0qduEkN+AS95 izRP4UCK2TLqgnMoAEcZ7ijJm8QRSgAoD/49sIcx5Mh57E6EnFnyZEp36WZGhAkTHZyPluTV RJlo6M2dlDgaguiy5ctRODRK3eQNIdKrgry9ywGJ60h5T9t1/NpSKzuvFOG1RCrvxw9IVoNi NKuIK90HXLEyOtSRbUsZIKcKjhVWIU+RGNVaUYpYL7nAF8uBFegxJ8DDTxudgBLXb8TJjSud kPlApt9ybgerZiVWrdzXMA3Baf/kNPFaSUDJhpb0WOUl0JbgQDnhCHbT41g5PqrqeZKVR6uj nyqE0HWlp3fRBpi4u3DsB2WuZpc03Lfxp7uRjh+PtRA56Mily0fF8S1j75WM+qbd/bZY7Vfp 544MpN0W3yQ+AXUdRgIKiFVfZuDV3GHzVehJQYewVA6FDqHTEE61OSaOP/hQRslDPNV32YGD THSQcQGguJCHTJW4UnGY2SaZgRb26OOPQAYp5JBEFmmkMmgcqeSSTDbp5JNQZrNElEHOQAkH VGbpDHcV4fjegpWg805gVqBzCEJlfhNXb+7kcIJV8VAk4yB9URcjjTypZQiJCaVjFZf4wLfd ZHt2JmP/a0l5WN2GHe7jnJngxKmTlqUotRJMET6ySKbp2bROhCZFaF9OolYWGEy5RVJIjSE5 KEgh7IxqElEg4nSqrXQuhSmOlvIj1q0C6joScYqAVF9wD8x6U6kKskiKC1o2UshbuP7aKaie DtoZc7+lJVAjgqqXWF7vPEfReIgiulM70vZl7V7T5lnWuF1NKkkjrK53FJiCAGaMFxWOpohp 6XrbabEBiDkpeqhaJg6r8b0EBWAmHVewqY0pKHBp8gqyMcGRNGuxI4xVIm0AhYy2pm32hpQa pacop22t6nKYcEo5LcxjPyq5eeuE+I38XaGIES0zc4gefRObnsnG34kcb2fP/62gMSzPczBP F4+maYH0rs0oFVIxt5OQzW9As116Nnu7oWvwIuU1Frd74nDNDkh0G2J33GXTuwiglZErHr1m 60XJK1l/AqGEmxbXuKBPRahrjB0BxazDOv1nnKtICUjdse0QGJroi2vHaekDmkansvuN9EPF WeFM7eo2JXK5DG/kmHgpOPJmyAnQ0ROupBWdOBE4MR7v20vt2JnenM/j6ZF7kVJ0bIql9a4n 8JTDZ931Mzpaa58mwYEO8o1+mLyaE+5uyRDuxy///PTXb//9+Oev//789+///wAMoAAHSMAC GvCACEygAhfIwAY68IEQjCAzBtAkDUhwfgOg4AU3yP/BDnpwflogxTY+qL8RkvCE9qsBCldI wiQlw4UsjOExJiAIGgrCAAaoxARyeEMbUmGHBqiAHATxQxwKkRI4xOEEhohDQZCgAEOkhA1t GIAmSpGHVfQhEI8YgCIGMYo3TOISq8jDJ4KxhmgMow6xaAAtGjGKXuRiGJXIxDJCUYdpJOMa J9FGIm4Rjn9Eohjr6MQ7SjGPlFoDEQKgSD5iURBEMMAaGGmARa4hiJSk4SUrkElBBkAOfWxi BSRZiUY2Uo2UiOQkL2lJTF5Sk67soyM/GcocjnKSlDDlIlE5CVVSspWcfCUlgylLNYKShqIk ZS4tuUs9ppKUrBxmJzfZyVn/HlOPtywlM7OWxCTOMpeVDIAvSaDMSZATl5awYhNxSAUDUKES 3bSiMycRzXGW04n39KQe2elOeMbzm/QMpz3RiU+C6nOd7uynILsJUEHUk5TnrEREL6HOHPLz nQv1ZtamqE8k0nCHvGyoP2mJzCSSwRIcBWgDehgAkM5TpJ68ZjdPiseWdpSPH+WhPGFqzVri kKaHtClM++jSnYZ0pDI1KUoRaYktOCmlR22pAa750qg6ko5kfCIVJwFVPTZgpTWcqiyNWtWM jhGHWl2qUKO6Q6qSlaxXbWMd01rTrZK1rWN9pFXnKNesFmCraQRsluLJRr2K0wA0CGcAJmrO fIoU/4dyaCdBCcvHr1YikondJWMLigmjQlayGZUnWTGr2M0u1rFH/ew9KRtV0mo2n6Z97FRB G1e4QokIk8TtTR2aRFySIZY0/C0xS1pVdZJgEj7QrW5hekkc+ha4ARBuJxE60ioet5e5naxh m6tM6QrTu7Usrk6vC8ns7paSzhUEeIMLXeoelLziNO9GmcpaMj5yDeREbBTxi0MaENKzPBwl GLtqX43aN5f59a9DE/xfLG7DigLmKn3/OUcE93e/DN6nXiE8VQmvla+i3Sl/9bvgC2u4uhEO rAxXzOIWu7hCCXixjGf8CyPQ+MY4zrGOd8zjHvtYExAgRe5+TGRjjAEYQw8uspKXzOQmO/nJ UL5xIAAAIfkEAAEAAAAsAAAAAGABCQEAB/+AAYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqb nJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLWNFra5uru8vb6/wMHCw8S0DcXIycrLzM3Oz9DR 0tPU1dbX2Nna29zd3t/g4eLjnwPk5+jp6uvs7e7v8PGHBvL19vf4+fr7/P2wAP4C7gMosKCi EugIGlxICGFChhBLOHwIcd8DQxPVKazYL6NGjh09PjuBaSPIeyKhkbxk8qTLXytLvpzpK6ZM mjht2czJU2XPnyOBCl22c6hRYEWPKuWVdKlTWk2fSpV0YarVq1j7icgqrapWrmBTbQ1LltTY smg/nf0VIm3FtW7/416CK7euJLp28zbCq7cvIr5+AwseTLiw4cOIfeFKzLix48eQI0ueTLmy 5cuYM2vezLmz58+USIC+Knr01NKmn6JOvXQ1a6WuX3sQGvs1bdutccPWzXsbg97AgwsfTry4 8ePM2p7cgLy58+fQo0ufTr16YwHWs2vfzr279+/gw4sfT768+fPo06tfz769+/fw48ufT7++ /fv4HzvYfDG///8ABijggAQWaOCBCCaoIHcmLAhNgw46A2GEzEyoYALNWEhhMhpuWEyHxB3g EogeCkNiiShCpkGKLLbo4oswxijjjDTWaOM6Gdyo444pLnBPBfh0wOOQRBZp5CocHKnkyJJM 1jNCk608CaUqUk6ZSpX5YbANllaWwiViEXQp5phklmkmYQScqeaaBP7GZloFvCnnnHTWaed5 x3wHwp189umnIhP8KeighBZq6KGIJqrooow26uijkEYq6aSUVmqflpZmqummnHbq6aeUQmCp qIXm6AipoY5aKaqTsiqpq5kpwBWskNIK6q245qoraB/sOqMEvgYr7LDEtkNPscgmq+yy6onI LKWytuPss9RWa+212GarrTUIbOsiBd6GK+645JZr7rnoQhoIACH5BAAFAAAALAAAAABgAQkB AAf/gAGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGy s7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo 6err7O3u79EC8PP09fb3+J8j+fzv+/0A1/3rlCCgQWQDDyoMl3Chw20NH0q8FnGiRWkVJxng BOCiR04ZX3X8SNJSSFgjS6qEdFLkypfIUsKcGUwmzZu8bOLceUsnz5+zfAId2kporA1EZxpN yrSp06dQo0qd2u8E1aubrGLdakkr16+RvIIdy0gs2bOHzKJdK0gtW7Ru/9+SjSvXIQdTdOvq 3cu3LzQHfgMLHky4sGFmBQ4rXsy4sePHkCNLnky58mQRljNr3lzIBGeenj/jDA32QGDSxiAo siB6F+rWL1/DVil7Nsnatj3izm1xN+/fswkgUw28uPHjyJMrX868ufPn6ypAn069+jsP1rNr 3869u/fv4MOLH0++vPnz6NOrX8++vfv38OPbbiC/vv37+PPr38+/fzXi/gUo4IAE9jdAgQgm U0KCzSzIHgnjOKgehOJImB6FFa6HYTgWnrchhxqS0+FWGUDzITgjkncig8asyKJDCLwo44w0 crdRjTjmqOOOPPbo449ABinkkEQWaeSRSCap5NCSTMLEQJNQRinllFRWaaVcF1yp5ZZcdunl l2CGKaYzGIxp5pkOSYDmmmy26eabQ0UApyvyzGnnnXjmqeeefPbp5588KiDek4AW+gkIhiaq 6KKtIMXoo419AOmklFZqKaMhXGqZcJomCpgnD0Aa6qOjMlrqoqfaUyd0qSbaqqGvFhoroLN2 aqs7Gtyq666QLhBllqz4+qiww/Y6KbGLIpssr8w26+yzlmIG7bTUVmvtXh1cq+223Ha7GAXe hivuuOSWa+65UE4AaYlQ3YXuR4EAADs= ------=_NextPart_000_0013_01C6F851.66230B90-- From erosely@team-louthesz.com Wed Oct 25 10:26:56 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gcjia-00043w-Cf for capwap-archive@ietf.org; Wed, 25 Oct 2006 10:26:56 -0400 Received: from [88.226.119.156] (helo=localhost) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1GcjiT-0002cY-UQ for capwap-archive@ietf.org; Wed, 25 Oct 2006 10:26:56 -0400 Message-ID: <000001c6f841$43299880$0100007f@localhost> From: "Adobe Software" To: Subject: New software uploaded by Brenda on Oct 25 18:10:00 MSK 2006 Date: Wed, 25 Oct 2006 17:26:33 +0300 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.150 X-Spam-Score: 4.4 (++++) X-Scan-Signature: b1c41982e167b872076d0018e4e1dc3c Brenda has uploaded some new software for you! View your available uploaded software from Brenda @ www. allnewoem .net firmware, it is even possible that for different firmware versions 4.2.6. I've got this program I'd like to make into a port... lo0 65535 79 0 79 0 0 Zynx ZX342 or DEC DE435, will generally work as well. For 100Mbit ______________________________________________________________________ DTE ______________________________________________________________________ PostScript, send a PostScript program in that language instead of 17.2.7. Thanks! searching the space of possible passwords. Unfortunately, the only SCSI devices are allowed (but not required) to supply terminator Do send applicable changes/patches to the original author/maintainer 10:#0 boot (arghowto=256) (../../i386/i386/machdep.c line 767) 2.0-RELEASE you can use the following: WD1007 controller. To be precise, it was a WD1007-WA2. Other # MINI -- A kernel to get FreeBSD on onto a disk. who proved to be a mine of useful information printer's entry in /etc/printcap). (including versions 2.x). FreeBSD version 1.0 included two different 6.4.4.4. Clearing the IPFW packet counters correctly edited your /etc/sysconfig then this will happen ______________________________________________________________________ domain ppp.foo # put your domain name here device scd0 at isa? port 0x230 bio preserving the original partition and allowing you to install onto the the ls manual page on the default printer: ip - print/set client's IP address the data to and from the drive. This cable is radially connected, so % man ls # terms of the software and make sure that the FreeBSD project will not UART considers the entire word to be garbled and will report a Framing subscription request for a local mailing list (note: this is more ISBN 1-55558-051-3 (Approved) /etc/printcap with the lp capability; see ``Identifying the Printer another shell so that you can create them before you give them to the pause 1 ethernet cards, a table of supported cards (and their required to appear. subdirectory called work/${DISTNAME}, e.g. Cache coherency problems, especially if there are ISA bus trap cleanup 1 2 15 Reported by: Jonathan M. Bresler jmbFreeBSD In the default summary that pac produces, you see the number of pages usually some instructions (which are unfortunately not always as /var/log is located on. make three megabytes (which is 6144 disk blocks) the amount of free with internal 16550 or an For example, on a sample FreeBSD 1.1.5.1 system, /etc/rc.serial reads: Two principals need to be added to the database for each system that operating system run smoothly. For this, there is no substitute for a PORTSDIR=/u/people/guests/wurzburger/ports make install UK In case of problems, please contact the hostmaster for this 4. The name of the author may not be used to endorse or promote products if [ "$first_two_chars" = "%!" ]; then specify the hostname of the printer as the first argument and the port job. Here is the DVI conversion filter from earlier in this document, pty is a ``pseudo-terminal'' or simulated login port. It is that has to be printed for every job, their ephemeral usefulness Data transfer rate is 160kB/s. LPD will not refuse a file that is larger than the limit you place on Enter Kerberos master key: For example, lptest 80 60 will produce 60 lines of 80 characters each. variables, etc. However, it cannot not access kernel source files, standardization has become more strict and is better adhered to by the type mount /tmp: Soeren Schmidt ``reconfiguring the kernel'' for more details on how to recompile your unit number for a wired down device is reserved for that device, even /etc/sysconfig file. 4. If appropriate, add ``dialup'' entries to ``/etc/ttys'' by Single Transfer Mode should be used instead. kernel. sio13 at 0x160-0x167 flags 0x1005 on isa where N is the number of the parallel port, starting from zero. If -s Make an accounting summary file and truncate the accounting Contact Ancot for availability information at: Phone: (415) Set to "1" if the -CTS line has changed 3 set speed 9600 And we will add this line to the /etc/printcap for the printer teak to When the NS16550 was developed, the National Semiconductor obtained `keyinfo' program examines the /etc/skeykeys file and prints out the 15. world, but not about how the outside world finds us. masters behind the ISA to PCI bridge chip. Hardware flaw, only there is room for the jobs of other users. file to your hard drive, and be sure to tell your browser to save get the individual files you need, but mostly they are stored in proper escape code, modify the text filter to send the code The obvious drawback to a header page is that it is yet one more sheet shared libraries, and if so, whether you have them installed in the LaserJet 2000 compatible codes. just does not work, you can use the scsi(8) command to dynamically can distinguish between a Framing Error and a Break, but if the UART o If you can compile a kernel, make one with the SCSIDEBUG option, /etc/sliphome/slip.hosts to find a matching line for the special user, 56: AMOS BOWL LUG FAT CAIN INCH /usr/share/examples/etc/bsd-style-copyright. for the printer teak): kernel that can mount your all of your disks and access your tape Kerberos Initialization for "jane" 10.3.3.1.8. 8250/16450/16550 Registers I can recommend the SMC Ultra 16 controller for any ISA application command which one you want by specifying the section: LIB_DEPENDS= Xpm\\.4\\.:${PORTSDIR}/graphics/xpm ;; :vm=rfc1048: say, /cdrom. Then do the transmission is transmitted for exactly the same amount of time as Delete an entry from the firewall/accounting rule list % cd /usr/local v3.3beta021.src jpeg-5a what the heck was that anyway? ;) Before removing the CD again, also note that it is necessary to first place of 10.0.0.1. On the /usr file system in the above example this user is currently 15 C -- Start an X-server 2400bps, the CD signal to detect when a call has been answered or the The dependency is checked from within the fetch target. Sometimes we have to go places where no trusted machines or messages. If all your devices are listed and functional, skip on to The second prerequisite depends on the modem(s) you use. If you do 1. The BSD copyright. This copyright is most preferred due to its From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Wed Oct 25 11:27:41 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GckfN-0004Ld-QV for capwap-archive@lists.ietf.org; Wed, 25 Oct 2006 11:27:41 -0400 Received: from mx2.tigertech.net ([64.62.209.32]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GckfI-00008Y-VO for capwap-archive@lists.ietf.org; Wed, 25 Oct 2006 11:27:41 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by hermes.tigertech.net (Postfix) with ESMTP id BB891144805F for ; Wed, 25 Oct 2006 08:27:30 -0700 (PDT) Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32]) by fry.tigertech.net (Postfix) with ESMTP id B004A4A45A1 for ; Wed, 25 Oct 2006 08:26:32 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 8A8F4144804F for ; Wed, 25 Oct 2006 08:26:32 -0700 (PDT) X-Greylist-Status: Sender first seen 3 days 21:51:32 ago Received: from mx01.sinett.com (63-197-255-158.ded.pacbell.net [63.197.255.158]) by hermes.tigertech.net (Postfix) with ESMTP id 38F2B1448025 for ; Wed, 25 Oct 2006 08:26:25 -0700 (PDT) Received: from 192.168.10.82 ([192.168.10.82]) by sinett-sbs.SiNett.LAN ([10.10.20.10]) with Microsoft Exchange Server HTTP-DAV ; Wed, 25 Oct 2006 15:26:25 +0000 Received: from hasan-sinettdev by 10.10.20.10; 25 Oct 2006 20:57:16 +0530 From: Hasan Raza To: "Navin (NKA)" In-Reply-To: <369e612f0610231449v7fc448bap7d2a36fb72a51f54@mail.gmail.com> References: <369e612f0610231449v7fc448bap7d2a36fb72a51f54@mail.gmail.com> Organization: SiNett Semiconductors India Pvt. Ltd. Date: Wed, 25 Oct 2006 20:57:14 +0530 Message-Id: <1161790035.29460.81.camel@hasan-sinettdev> Mime-Version: 1.0 X-Mailer: Evolution 2.0.2 (2.0.2-3) X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes X-Spam-Status: No, hits=0.1 tagged_above=-999.0 required=7.0 tests=FORGED_RCVD_HELO, RCVD_BY_IP X-Spam-Level: Cc: capwap@frascone.com Subject: Re: [Capwap] Seperate Port Vs Common Port Approach Comparison... X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list Reply-To: hasan@sinett.com List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: ,

--0-539991338-1161836886=:34521-- --===============1867264309== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============1867264309==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Oct 26 02:18:18 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GcyZG-0002vL-58 for capwap-archive@lists.ietf.org; Thu, 26 Oct 2006 02:18:18 -0400 Received: from mx2.tigertech.net ([64.62.209.32]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GcyZC-0005dp-Gu for capwap-archive@lists.ietf.org; Thu, 26 Oct 2006 02:18:18 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by hermes.tigertech.net (Postfix) with ESMTP id 7EA181448022 for ; Wed, 25 Oct 2006 23:18:10 -0700 (PDT) Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32]) by fry.tigertech.net (Postfix) with ESMTP id 017EA4A45FE for ; Wed, 25 Oct 2006 23:17:46 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id BA03D1448021 for ; Wed, 25 Oct 2006 23:17:45 -0700 (PDT) Received: from mms2.broadcom.com (mms2.broadcom.com [216.31.210.18]) by hermes.tigertech.net (Postfix) with ESMTP id DA15C1448007 for ; Wed, 25 Oct 2006 23:17:43 -0700 (PDT) Received: from 10.10.64.154 by mms2.broadcom.com with ESMTP (Broadcom SMTP Relay (Email Firewall v6.2.2)); Wed, 25 Oct 2006 23:17:30 -0700 X-Server-Uuid: 79DB55DB-3CB4-423E-BEDB-D0F268247E63 Received: by mail-irva-10.broadcom.com (Postfix, from userid 47) id B8A3C2AF; Wed, 25 Oct 2006 23:17:30 -0700 (PDT) Received: from mail-irva-8.broadcom.com (mail-irva-8 [10.10.64.221]) by mail-irva-10.broadcom.com (Postfix) with ESMTP id 942102AE; Wed, 25 Oct 2006 23:17:30 -0700 (PDT) Received: from mail-sj1-12.sj.broadcom.com (mail-sj1-12.sj.broadcom.com [10.16.128.215]) by mail-irva-8.broadcom.com (MOS 3.7.5a-GA) with ESMTP id EIY16251; Wed, 25 Oct 2006 23:17:29 -0700 (PDT) Received: from NT-SJCA-0751.brcm.ad.broadcom.com (nt-sjca-0751 [10.16.192.221]) by mail-sj1-12.sj.broadcom.com (Postfix) with ESMTP id D542620501; Wed, 25 Oct 2006 23:17:29 -0700 (PDT) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Wed, 25 Oct 2006 23:17:27 -0700 Message-ID: <8954613CA6BB3242A1531D916A527A4102235483@NT-SJCA-0751.brcm.ad.broadcom.com> In-Reply-To: <321DE401-CD86-43F9-B262-01B7A33570E9@thingmagic.com> Thread-Topic: [Capwap] need clarification on UDP ports Thread-Index: Acb4WJf9J/zPjadeTYalbnIsuf2LKAAajXAw From: "Puneet Agarwal" To: "Margaret Wasserman" , "Pat Calhoun" X-WSS-ID: 695E8D7038S4541114-01-01 X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes X-Spam-Status: No, hits=0.0 tagged_above=-999.0 required=7.0 tests= X-Spam-Level: Cc: Hasan Raza , capwap Subject: Re: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 22bbb45ef41b733eb2d03ee71ece8243 Hi Margaret, I am OK with your 2 port solution (with shim header for capwap control only). To summarize, it seems that you are proposing that there be two UDP ports reserved for CAPWAP: A) CAPWAP Control Port: All discovery and capwap control messages flow on this UDP port. There is a new shim (control mux) header added between the UDP Header and the following header (where the following header could be DTLS if encrypted or CAPWAP Hdr if non-encrypted ). The control mux would specify if the packet is DTLS encrypted or not. I didn't want to use the "Control Header" for the new shim as section 4 already talks about a "Control Header". B) CAPWAP Data Port: All CAPWAP Data messages flow on this UDP port. It is a property of the UDP tunnel whether the payload in encrypted or not. If the tunnel is encrypted, then a DTLS header follows the UDP Header. If the tunnel is not encrypted, then a CAPWAP Header follows the UDP Header. Note that there is no "control mux" after the UDP header. Is the above interpretation correct? Thanks. -Puneet -----Original Message----- From: Margaret Wasserman [mailto:margaret@thingmagic.com] Sent: Wednesday, October 25, 2006 10:09 AM To: Pat Calhoun Cc: Scott G. Kelly; Hasan Raza; Puneet Agarwal; capwap Subject: Re: [Capwap] need clarification on UDP ports Hi all, Just commenting as an individual contributor... I prefer the intermediate header approach to the third port approach, because I think it is a cleaner representation of what is actually happening. Different ports are used to reach different end points (different systems or different processes running on the same system). In CAPWAP, we have one port to reach the data end-point and another to reach the control end-point, because we think there are cases when the data and control end-points may be different processes or run on different systems. That makes sense to me. However, when we are talking about DTLS-encrypted and unencrypted control packets, we aren't really talking about two different end- points. We are talking about a single control application that needs to decide whether to treat each packet it received as unencrypted or as DTLS-encrypted, in which case it needs to be handed to the DTLS engine for decryption. If you think about it that way, I think it would be better for the control application to receive a packet that starts with a short header that indicates whether this packet is DTLS- encrypted or unencrypted. If the packet is unencrypted, the control application processes it directly (or ignores the packet if it isn't a discovery packet), and if it is DTLS-encrypted, the control application strips off the header and send the packet to the DTLS engine for decryption. This type of header might also allow for later expansion if the security world evolves and a better security mechanism for CAPWAP's purposes emerges. So, I would prefer that we add a short header after the UDP header (a CAPWAP control header?) that indicates the type of the encapsulated packet (DTLS-encrypted or unencrypted). I think 4 bytes would be long enough for this header, and that would maintain 32-bit alignment. IMO, it should contain 2 fields -- a one byte version number (0x01) and a three-byte type field. At this point, only two types would be defined. I do not have a major technical objection to the third port option, I just think it is less clean from an architectural standpoint. I would rather strenuously object to the proposed approaches that involve zeroing out the DTLS header or running a packet through DTLS and then treating it as unencrypted if that fails, etc. Margaret On Oct 25, 2006, at 12:33 PM, Pat Calhoun (pacalhou) wrote: > Not pushing for the hack. I've stated I do not object to a third UDP > port, but provided an alternative should IANA refuse to give it to us. > > Pat Calhoun > CTO, Wireless Networking Business Unit Cisco Systems > > > >> -----Original Message----- >> From: Scott G. Kelly [mailto:s.kelly@ix.netcom.com] >> Sent: Tuesday, October 24, 2006 1:24 PM >> To: Pat Calhoun (pacalhou); Hasan Raza; pagarwal@broadcom.com >> Cc: capwap >> Subject: RE: [Capwap] need clarification on UDP ports >> >> "Pat Calhoun (pacalhou)" wrote: >> >>> Except we can document that any CAPWAP implementation receiving a >>> packet with 'n' zeroes uses DTLS header format foo, which >> is of lengh 'y'. >> >> ...except that it is decidedly *not* a DTLS header, right? >> I'm having a really hard time understanding why you're >> pushing for a hack at any/all costs to solve this problem. We >> are at the design stage - if there were ever a time to do it >> right, that time is now. Exactly what will break if we don't >> adopt this hack? >> >> Scott >> > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap > > Archives: http://lists.frascone.com/pipermail/capwap _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From qsalesian@anglenet.com Thu Oct 26 02:41:20 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GcyvY-00046m-Lo for capwap-archive@ietf.org; Thu, 26 Oct 2006 02:41:20 -0400 Received: from [202.184.244.194] (helo=angloblackwells.com) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1GcyvQ-0000aN-BW for capwap-archive@ietf.org; Thu, 26 Oct 2006 02:41:20 -0400 Message-ID: <001801c6f90c$c705fce0$067b166c@skong01> From: Esmeralda Carroll To: capwap-archive@ietf.org Subject: Or a schemata Date: Thu, 26 Oct 2006 14:41:10 +0800 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0015_01C6F90C.C705FCE0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 X-Spam-Score: 4.6 (++++) X-Scan-Signature: 96e0f8497f38c15fbfc8f6f315bcdecb ------=_NextPart_000_0015_01C6F90C.C705FCE0 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0016_01C6F90C.C705FCE0" ------=_NextPart_001_0016_01C6F90C.C705FCE0 Content-Type: text/plain; charset="windows-1250" Content-Transfer-Encoding: quoted-printable Many a true word is spoken in jest Never eat the yellow snow. A Frank Zappa= song. Alternate: If something is worth doing, someone will have already do= ne it. Brain is better than brawn. Who guards the guards? The cure is worse than the disease. Mouth is in gear, brain is in neutral G= ood fences make good neighbors. Laughter is the best medicine. Abbreviation: Speak of the devil. It's bette= r to give than to receive. The coat makes the man. Possible Interpretation: It is always easy to see your mistakes after they = occur. Jack is as good as his master. A miss by an inch is a miss by a mile= Attributed to Benjamin Franklin; Poor Richard's Almanac. If the cap fits,= wear it. William Shakespeare. Kill two birds with one stone. One man's junk is another man's treasure. He= aven protects children, sailors and drunken men. The best things come in sm= all packages. Attributed to Winston Churchill. It's easier to turn falsehood loose than c= orrect it everywhere it runs to. Alternative: Red sky at night: sailor's' d= elight. Red sky in the morn: sailor's be warned. All sizzle and no steak. A= pril showers bring May flowers. Nothing succeeds like success. ------=_NextPart_001_0016_01C6F90C.C705FCE0 Content-Type: text/html; charset="windows-1250" Content-Transfer-Encoding: quoted-printable

FARGO, North Dakota (AP= ) -- Alfonso Rodriguez Jr. stabbed college student Dru Sjodin, slit her thr= oat and left her to die, a federal prosecutor told jurors Monday.
NASHVI= LLE, Tennessee (Court TV) -- The father of a Nashville attorney on trial fo= r killing his wife claims he reburied his murdered daughter-in-law and disp= osed of evidence relating to her killing.
EA scores touchdown with Madde= n

grandiloquent urinary= posseman camellia

llow inmates. l storms or mo= nster hurricanes like Katrina and Andrew. severalty CHOWCHILLA, California = (AP) -- Sara Jane Olson, the former Symbionese Liberation Army fugitive who= became a Minnesota housewife and is now serving prison time for trying to = bomb police cars in the 1970s, says she tries to hide her radical past from= her fe NEW YORK (AP) -- Talk-show hosts Jerry Springer and conservative Tu= cker Carlson of MSNBC will be among the celebrities competing on the third = season of ABC television's "Dancing With the Stars. BOSTON, Massachusetts (= Reuters) -- The maker of the Segway scooter Monday unveiled the second gene= ration of its self-balancing electric one-person vehicle.

COLOMBO, SRI LANKA: '100 Tig= ers dead' in sea battle Money Magazine: Best jobs in America Atlantis' astr= onauts strapped into the space shuttle Thursday for a practice launch count= down more than two weeks before they are scheduled to blast off on a missio= n to resume construction of the international space station. KANDAHAR, AFGH= ANISTAN: 14 dead in Afghanistan crash You may be paid more (or less) than y= ou think FARGO, North Dakota (AP) -- Alfonso Rodriguez Jr. stabbed college = student Dru Sjodin, slit her throat and left her to die, a federal prosecut= or told jurors Monday. Wealth gap between richest and the average Joe grows= 50% since the 1960s

Lockheed beats Boeing for mo= on launcher ENGLAND: Top judge to rule on Diana death NEW YORK (Fortune) --= For the past decade, Honda has been out of step with most of its North Ame= rican competitors - sometimes defiantly so. sausage RICHMOND, Virginia (AP)= -- A man accused of killing a musician and his family and suspected in a s= eries of other crimes pleaded not guilty Monday as jury selection got under= way in his capital murder trial. NEW YORK (Reuters) -- Warren Buffett's Be= rkshire Hathaway Inc. said Monday it has amassed a 1.97 million share stake= in Johnson & Johnson, and appears to have sold shares of clothing retailer= Gap Inc. kovacs

NEW YORK (Reuters) -- Warren= Buffett's Berkshire Hathaway Inc. said Monday it has amassed a 1.97 millio= n share stake in Johnson & Johnson, and appears to have sold shares of clot= hing retailer Gap Inc. wary ENGLAND: Top judge to rule on Diana death Atlan= tis' astronauts strapped into the space shuttle Thursday for a practice lau= nch countdown more than two weeks before they are scheduled to blast off on= a mission to resume construction of the international space station. NASHV= ILLE, Tennessee (Court TV) -- The father of a Nashville attorney on trial f= or killing his wife claims he reburied his murdered daughter-in-law and dis= posed of evidence relating to her killing. renewal

CANBERRA, Australia (Reuters= ) -- Australian scientists have begun looking at smell sensors in worms and= insects to help them build an electronic "cybernose" they hope will one da= y be capable of measuring aromas and flavors in wine. l storms or monster h= urricanes like Katrina and Andrew. EA scores touchdown with Madden bugaboo = ASIA More Asia News BANGKOK, THAILAND: Thai bombs leave 2 dead, 28 hurt tro= y prostitute

------=_NextPart_001_0016_01C6F90C.C705FCE0-- ------=_NextPart_000_0015_01C6F90C.C705FCE0 Content-Type: image/gif; name="xsrfk_621.gif" Content-ID: <001801c6f90c$c705fce0$067b166c@skong01> Content-Transfer-Encoding: base64 R0lGODlhdAE9AYcAAAAAAP//////Vf8A3QAA//8A/0T//1X///8R/wAAiAAAZv8AAP//iBH/ 7v+IiACZADMiM///mf//qhFERDMzM+7//90AAHe7d93u3bu7u8z//8zdzACIAFVVVWZmALv/ //+qqjOZAFWqRIiIiKr///+ZmZm7iP9ERLu7AJn//5mZqmZm/0RE/yJmmYj//3f//2b//yL/ /wD//xH///8i/8xEu+7u/4i7iN3d/8zM/6qq/3d3/4iIqqqqu5mZmZmZ/3dV/zP///+I/4iI /2ZmiBEzM//u7iJ3d0REd3d3d0SqRGaqZv9mZoi7d///d///Zv//AP//Ef//RP//M//uIv// Iv93/3d3mf//3XeqZqr/Vf9m/5nMmf93d6qqqv/uzP//zMzMzLvMu7vMRN1V//8z///MzP+7 u/+Z/6rMqv9E/1UREf//u7vdu8zdu7u7zLu7//+q/zMRM//d3f+7/+7u7t3//93d3f/M///d /+7/7v//7v/u/8/PzxEREUhISH9/f7a2tjMzM2hoaJ2dndLS0gcHBzw8PHFxcaurq+Li4hkZ Gbq6uu/v7yQkJFlZWY6OjsPDw/j4+C0tLWJiYpeXl8zMzAEBATY2Nmtra6CgoNXV1QoKCj8/ P3R0dKysrOHh4RYWFktLS4CAgLW1terq6h8fH1RUVImJib6+vvPz8ygoKF1dXZKSksfHx/z8 /DExMWZmZpubm9DQ0AgICD09PXJycqenp9zc3BEREUZGRnt7e7CwsOXl5RoaGk9PT4SEhLm5 ue7u7iMjI1hYWI2NjcLCwvf39ywsLGRkZJmZmc7OzgMDAzg4OG1tbaKiotfX1wwMDEFBQXZ2 dqurq+Dg4BUVFUpKSn9/f7S0tOnp6R4eHlNTU4iIiL29vfX19SoqKl9fX5SUlMnJyf7+/jMz M2hoaJ2dndLS0gcHBzw8PHFxcaamptvb2xAQEEVFRXp6eq+vr+Tk5BkZGU5OToODg7i4uO3t 7SIiIldXV4yMjMHBwfb29isrK2BgYJWVlSH5BAAEAAAALAAAAAB0AT0BAAj/AAMIHEiwoMGD CBMqXMiwocOHECNKnEixosWLGDNq3Mixo8ePIEOKHEmypMmTKFOqXMmypcuXMGPKnEmzps2b OHPq3Mmzp8+fQIMKHUq0qNGjSJMqXcq0qdOnUKNKbSlgqtWrWLNq3cq1q9evYMOKHUu2rNmz aB1qSMu2rdu3cOPKnUu3rt27Vzvg3cu3r9+/gAML9kpgsOHDbCMgXsy4sePHkCNLnkwZ7YbK mDNr3sy5s+fPoEOLHk26tGm5VU/DPHFCteubrF/Lnhl7tm2XtW/rTpl7t+/fwIMLH068uPHj yLMWSM68ufPnCy1An04d6IDq2LNr3869u/fHAAB8/x9Pvrz58+jTq1/PniCD9vDjy59PH20I +Qbq69/Pv7///wAGKOCABBb41gQGJqjgggw26OCDEEYo4XqpTdgWghZmqGFBFWzo4Ycghiji iCSWaOKJKKao4orsfcDiizBlAOOMD5Vgo4004nVjjjz26OOPQAYp5JBEFmnkkUiOKGOSTDbp 5JNQRmkaAlJWaeWVWA7YwGsUZOnllx9uCeaYZJI1QplPSTDCmWgSJd1Ba2IEwYQexBVnm0zd iadSeu45ZoV+BirooIQWypReBnJg6KKMNuroo5BGKqlhb05q6aWYZqrpppx26umnoIYq6qik lmrqqaim6qUCqrbq6quwxucq66y01mrrrbjmquuuvPbqa64i/GpRsMIWa+yxyCar7LLMNuvs s9ByugBLCUR7oqLWZqvtttx26+234IYr7rgEIkruuegKxGq67LbrLqNUvivvvPTWay9wEtyr 77789vvsBSWSMBjAIwrcrcH+Slhpwgw37PDDEEcs8cQUV2zxxeKCgPHGHHfsb7weJ/hAyCSX bPLJKKes8sost+zyfybEDG7MJrxs880456zzzjz37PPPQB/pgEEgB43XAUYnrfTSyWnM9NNQ 94RB1FRXbfXVWGet9dYcv8f112CHLfbYZNuMbdkjBQQAIfkEAAEAAAAsAAAAAHQBPQEACP8A AwgcSLCgwYMIEypcyLChw4cQI0qcSLGixYsHO2DcyLGjx48gQ4ocSbKkyZMoU6pcybKly5cw Y8qcKdIDzZs4Sx7IybOnz59AgwodSrSo0aNIkypdyrSp06dQo0qdSrWq1atYs2rdyrWr169g w4odS7as2bNo06pdy9blgLZwozqIS5flhLp48+rd6zEB37+AAwseTLiw4cOIEytezLix48eQ I0ueTLmy5cuYM2vezLmz58+gQ1PeILp01AimU6tezRopgNawh76OTbvn7Nq4b97OzRvm7t7A Vf4OTtzk8OLIQx5Pznzj8ubQo0v/DGK6dYkgql/fzjA79+8Ktf//JQDeqffy6NOrX88UAvv3 8OPLn0+/vv37Wxfg38+/v///AAZImwICFmjggQgmqCCCJyxYW4MOwgZhhK1NSKFqFl6YWoYa lsZhh6B9COJnIo7IWYkmpqjiiiy26OKLMMYo44w01mjjgjvdqOOOPPbo449ABinkkEQWaeSR SCap5JJMNunkk1BGKSVTEkxppYqoLXjBlVx26eWXYIYp5phklmnmmWgytmWaX/nF5puqfeDS A3W52VQBcOap55589vmiBn4G+l8DghZq6KGIJqrooow26uijkNIYQqSUVmrppR6RgGlRmm46 VKeeAkUCqKH6RGqpPZ2Kao0EruqqmJO+/yqrRXTCSeisMGGA66689urrr8AGK+ywxBZr7LHI RmRTssw26+yz0EYr7bTUVmvttdh6emtkI4yQbUXdfguuuOSWa+656Ka7lgDqdmhAu/DGK++8 9NZr7734Apljvvz26++/AAcs8MAEt9VqwQgnrPDCmJoAsMP/QgzVu4maIHG/F3NEwbQZ59sx wyCHLPLIJJdsMsAiiIByyppt+2LKKv8b88k012zzzThjO1fOPPfs889AA2VB0ETDx0DRLmWQ 1dFclQCw0/9C7a/U/FJd9dNYI6311lx37fXXYIct9thkl2322WAigPbaJnLA9tsRbgz33HRD 617deOet99589yXt99+ABy44v+ShBOjgiFNYQeKMN+7445AHdzeMuka+2uGWLxQQACH5BABV oAAALAAAAAB0AT0BAAj/AAMIHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3Mixo8ePIEOK HEkyYZmSKFOqXMmypcuXMGPKnEmzps2bOHOWlKFTpICeQIMKHUq0qNGjSJMqXcq0qdOnUKNK nWqzANWrWLNq3cq1q9evYMOKHUu2rNmzK9mgXctW54u2cOPKnSv0Cd27eOPiQWogr9+/gAML Hky4MMIVAhEPzLGCwAocAglIliwQxw7JP2zYIPBD4A8CNggydgw5wGQCLEoTVKxY4OjHkU9X vsxZM2fPoEU3hm16cmqDrHWTjj15NmbbnQN8Dr14d+nTvwsGbz68d/EAlo9vTr5cOG/oqgdO /zfcEIcO7OcrEzivgwBkygNx3JaP+HPk5OrZu+8dmUVB8+jFt14A7b1HAEHydUafcgeahh92 AxbIn2n+IXgegPkRuB986inoGIP3IRjhhg2i9t+F6UGon4EielhfiQ/Kt+KEJloYIEk/jXUa h5cNRMAQEwp0GXMEEQAHHA0O1GNkO9AIpI+njaFkkj8GGcCQBhmJZEFLmtYkfFVCKZuQVALJ 4ZW5FaRlkmT6+GWJTxJ3HZo+mskmlmoeySadTDpZ5I7kOTRekJQBeuZAOqywQoqxQWndh9Il 9qejhu4pUKKLqknlgae1Jp6kjjZa6UGYMkoop5N5CqqnHBYq26GXKv9qaquoSqZqAIMGqtCg tFoJZq+aUnrgZqryuqmvJQI7qajDQvoprsvyd+avxwbLbADERgptqNKySS233LqKrbOgeqAr Qzsm2eMPC545RJrKTukmjd4C2ia7H7oLb7UEdUnAm42KOee67bL5LnPxttnnr3+OSSe+iOmL ML/yLpxsw3OeSypkOoQnYw6SwWFlguPyS5mMGrLoJUEdE+jxeiAbOfJtm5l8IMoSgtkkohy/ rEPMIp9Jcs3h3jyiygnsfGnPIv4c8sydER0wfziT2CfPLmu8K6gEwdHYDiyEZm92P6oGLA7O ybkCkdve6vW/YT/aINlDmF0t2tV1ynauAbz/DbbYY9JNRtGVpf3o2qtxPZDfcY9NW92EY2e4 3olvq7VFNjx4U+Y9ca6T55dfZVfopJdu+umop656XDyt7vrrZmmhBeypq0X77bjnTtEHugMG Re/ABy/88B5JQfzxyCevvEhWLO/889BHL/3pWExv/fXYZ6/99tx37z1Zc3SxwAIlGIGQEQ4Y ZAYTCzAxh0Djxy9Q+OOX8IUR5AtUwgLmwx//AgEYX0PQV5D/CVCABEEgRAwIwIUocIEGDGAD B/LAg1TwIPQjX/8MckGGMNCB/3NIBws4QRJiZQ75QyETAmAVExIEhSAIAAgW8L4HorAEAVBh APYHPxwOxAIlfEgH/xU4wokU0YVGnOAREbLEG+awfR5Zov8iIsURSlEp4tvgQGaYvxAORHwU TN8Ds8jBM5whiA884AK60IUcim8BDsCf/JA4vjOeoIYArOMC7hgA9C2AixwsIRdj2Ef2nRGA RmDfHcmIvzZaEIBxkKAd8ejG8cUxgQDM4CW/yD+DDHKKeuSjHwGJRBmOj5AUnGAjA5BFPTLB fAj8ZCEXcEiBcNGHTFjhVS44QyPgT4xoVGIeQ9hBEOQSlf6Tnxr7dwJErlGCj0zlHPB3AmiO b5p73CH/UBhEaNqShjAMgAP4J8cAvDKAd6RlAM74vmj6D5vVFGAz+/jMVAZgnqu0Z0FmOP+H cKoRnto0AjcDuUVw/hGT8jvjOGM4Pl/CEZr8DOc4HQrAXv5SnOnbZQOVGcEKEnGYmEymPkNq TwW+0QFmmCJBVapGb7bUmyR1KUi9eYY33nOFTKgmE4UJSgCeNKUh/akLOdpTmRqVjhstYQXZ l9SiIvClagyhGbEy0aIGoAoq5eQOdfjAqsL0gmmcqUCMcAb2rXCIPLXmTKHazY9aVYDsKyc7 D7pTfb6UrGYlKV6hOBCvslWtb21rWsNakGZ28qkgRaxRr2iUGCTEieXcnxkuWkEYmqGOMH0i DsuZ1ZECViBkzCZa7ZrYpu7PCJcVbEH7edD9sXaYnJ0jWAcL0tD/6nSKtn1h/srJzwEc9K+n Te1KTclaZD5whjME5mS7WFGDxtC1A5UsZbsZFU22k4sZnUMzgSqQsq7xBLD0onU929mX6m98 XTCfdhfA3awq9q+JpOVsCSLL+NYShrF8aGbd21QE7m+NWvQverVYSThe95SBnWUtSynLVMbv ohPV4yXzS1f7UjijjC2LEXzYkCR4+MMgtskJgMpXj3g1kUsZMfx0+ZEME8Z2XZkDU9Mbxfa1 U5wENoqMJwDgkLjYLFP43k0mMIHj5YEkrQvKkc9FZCE7+SNNfrKUNRJl1fFhyliWy0mCIoG8 wCDLYAYeGLLSlzCb+cxoTjNIDqDmNrvZ/3QwfrOch/LlOdv5zqYLAp73zGeD0KHPgA50Tt5y lzo0IQQhSINAED0RRlekDiYoCAayEIJIO8TRAXC0HkyAaC7oYdGIDjVBEI0BUGc61Iim9EBE vegsBCANIuj0pzF9alSf2iK0TgikC5Lrg2xa1qAu9a17/To9hIALAcBApW8tEWI/JNfOTgim Ga0HETRBIE0QwadNzesQuHrYISBIGkJQ6jqEug7JTjSnP61sV/d62uGuSLRHHW+IVPvaAcj2 rL1t6nkjxbFE4UIItr3qEEBaBMIWA6LFMBAxxNoE+w5AtbVNEIeHgOHMRjW8HW1xjCPaBPjm 9q0FLmxlI1vkBf8nN7gJomxFuyHUbnh1CDaA6A102yDwPnjCF16QX3u71Bzn+alBbuuCB8DQ Hyd4AEguEJPXGujh9jfqYo3zRBvb1S/fgLJjrvANGDvSiJ640rNO85g7mtHQjjfZQ2B2ldPb 6FRftQiM3m0RuDvq9ZY4vw897kgf2udNQLdATGDpt4M6DVcPQNa3TpAmlNrYc2f04tl+amGn PQCqNnbIAxD3RUc+BHa/NeF19+54Mzru/O48qGMt7IGoOtN373femf16fpde48wWeelfrmy8 2zrWxsZ7pueuB0p/fPCFp3vGw436bw+kDmI4tPCbn/vLx9rxVX87onnP6NG7ZMsa6bL/UUov e1unXQQiSP7y13959s+++szPO+iVD/dYC58gAh83sjmt/4FM+vhugHGG535F13THFnzgZn71 dnkYYH8IRxCqN3+nZ3+KJ4C3I3BKt36qx3mzh2h18HKCJxC1F3srZ3gjmHvKx2hMl24nh4Km 1nv3NxA0V3MBMIOURxAb8ADvl4KmF38IcXbT14ELKIT+N25zNxAr6HSMBoM1EWdfYWzIpmxg 14MB0HVfV4Uzp3kZl3xrF3OUpgcvF4Pc1oUuCH8SZ23YRnEox23G54LBN4QGh3kqZ25TmH3c xmhWuGwDAXwzeGt5WIdryGh/B3sEcW9pGHFyKIa3g3QioGjr/1eFD9dwScdsAheCkCgCGNeA WYCAyrZ5mOZwmLiGZihxAneAA0h3vVdrrBZrzteGpIhojSiK8MZtFqd+DYiJaBdvtShynSgQ GkCJiNYEGagHpehp3JaKUidoCYEGUDFmEVFnyhiN0jiN1BgSAFeN2AgRW5CNhoFVQhEB3BiO 4ggSLaQ14jeO6JiO6riO7DgR3tiO8ChlVxaP9FiP9pgVbHaPEnGO3dMCLaCPzvOPWeGMAFmQ BnmQr5NBXXBj+xVWSsVeJMVAihWRHjVbHyRB7YVYF8lATHAGBTEH/3UC5TNWJWZOnUSRGVlC NVU/OUaSGKYQCsmQEllCIDk+Itk/+P/DYiaZYxPkVRrDRf+DShU5EKlFQ6l0WzK1kcGUTDfG TYKllEipkREkQQzkkd0lke20P1Z5RhxGWlE5QUAZPwzZV/zjACXQkV1ZUAYklBI5EIdkQFmp TuuUPwRhlmhJTxl1LijERznUTP0zlOc1ThwWP4O5lDHFUnuUlw5gWMNFQnR5VI15WTolR0Bl BOLDYtl0T9SlkYU5P3vUP5dpEDkpEOOUl7rFl+v1l9RFTxDZR6EJPzo1TwZRmgPBPlozTgzp RA3JUx/lV4ZJXog1QxRESoeJSb7ZWcUpYO2FPht0RmZEV0MFRyeJQLhZlznmnOvURl1glXVp lAOhmyMkWQT/wZxuSUtnhEzdpZ1b2Zq6AlY6BZhO5Fr+M5q7WUoyhUIpdVkD5ZhT2VB8JZVe 9ECXpUuyqRAncKBISZH0OZEL4ZMJ4Z7JNJUFmhAImqAJcVHnMl/1aUopFU7QhJ2ACZz9pZ1i 5WD9CUAgmlRKyUDt9FFzdJVyuVIClKLIiRAT+qCqRZUnaqIqiVkiZKFt8Y4elKOAaVjx854N ZJshipyKdVrM1ZgkpaRN9Uj/4z4DUaBTSV4UKRBSWqPuBEIyOkG/eKXC9KJeiqMaU50OEENn 5EhDKUdw6U0oNE6/yaRNpUJGqaErNacM6kLrxZ1aaZ9FNJF82kDVuRc4BqUIoaZs/1pP4Rmj dgpBGrOXvmSkQCWYBZU+Z8Rdl8VQPWmm+4Wp34RhKlqjVvSpfXqYhkSSrUlWSxqdZIlAlApa 9UQQN4oQlGoElnqmlDlWC6alClGSgRKW6PWdWMlKJ0lPZ1VCjFmcTvk/LWqo+mWRO0qmKlqt rNo/b3mk3HmmkKmZYMlAOeagCUGstTqT5WlAJ9Ct+6UQGPoVhPYRczBOI8ZGG7Rh8eMA0Rpg /PNAv1qj+GpJN4ZAl0ViT4mtc3mtARpECjUQAduRXxqmBPGv3qVBB4GdDTGve2QG9hqhXjRW /wWxipoQm4o6IICe3EOfEnGyLmGbCCkV5BoU74o8M6A8M/9LE2N6EDG7EuD4soGSZD6LE+UY tESbF3ZQtEibOkGWtEwbPEDbtFAbtVLbEfE6tSxBBVabtVoLGAgQKE5wFlGAZmW2tWSLErxT toExj2i7tt3zAGzbEm2wBA/wAMb4EXVwAwUxt3O7BBkYAHNLEXUgt3x7dIKbgTfwAHgrEHrr tix3AXNrjIvrtpHLuIoruZFLEH/rt4x7AxyAt3L7aXXwADbnt3JLudGIAXSbbA+wBCCRuQPx t6HLuhuxBKGLAazLBZKrBOL2AKGraKjbgv6XuqjLuq77uqZbucZrEHNrc3+bBrz7AGngvDYn Bqmbg857vGdBAm3huK2HvJqruRf/cAHgK76v9riVS71KgLp6i7mM+7dzG77fGwCHO7jlm7rx q7io23MPQL4CIbekGwBtILoG4biWeL/Jm7eUW7yVK75/67+ri7p467ise7i2K7vSqMDx6768 W7mC57x6oAeIq7kYAMK6q8Cwu7qaK3h/i7sgzLoeDMJ4W7zUC72Yq7vs+72HqwTpe8MIvL6V u2QHbMDnC8KW+73ue7hELL+JmxTXaDoYnLkaHMSTm8FFzL57+2muG8XGu7gIMcNL7LdfHMUX wLwWTMVVzMNo/MQPoAczbMRu67iH67e4K75iYIHKyL0IjLxZnMDHC8Vn7L1S/McYfBBrbLrF qwSSW8bF/3u4KvzHgBzIBHESf+u4bovI/xvAqUvJduxm29gQORiFKIzIeqC+9+u6uOt1IezH QmzCfLx0hXy7ogvDBrwEqKsHrOu4sty8z6touBzCwYtsoevIQlzK2Pu3mFy+vXt0y1uDc1tq gxxoGEDJN8BuiNzGe7y7vqzKGIDIo7vKfMwGejC/23a9iVu8tru66GbLiIvFm+vL6jzNkibN zszFjwzIauy9h7vEmZvEw/y2HIG9/oyNT1sWehbQBn3QCD0STvi2AO0QDW0RS5u1gbu6fRvE DTHFGXG3CDHR9OvKA5HPBsHRBIe7TVe4CV0QJP0ANkzID50Qz0wRz0y7D2C7Ev93uIzrvMlM EDJN0+GcuZaMwnIxtM8DwvwrEOrcxuqcvrgscfubx0Yttzv8vuLb09crENeLbFxcvDOdwJTc v4mct/mruF2NxgNRAW420AfxZzmh0gbByMEcAIOr0qjLcNTbvfcb1yW8wa5cB6T8wqncvqY7 w44Yw4AtxIItEIRNEAH8xSf9uozNAYVdhV2tBKy7BCtt0WLQ1dfsxln90F58wFpccXOrz5SL upfd2Mm7vqost28dwKjriGjM2qGtyqysEIV8wD9NvFkMwgdM1HxWs0rRy4yNuxhAynPLzz7s 1JqbxKbMuznotqecyw/QPMVLy2tswZmL0zSs07WM3Yz/ywWwjTt7EABqECjvPIxy28avnd2+ rNzrfcZHzd6+vM2ia86CG4KuC9KSdt+grbfhjdoWwcgXoQSjC9QS0dILgeAgYdYBvbd27RA5 m2ylewEVjY2RBOBTVgPc07UkwY/aUwMajuF+AeIFEbbAQwP2SOI0sbgdjRMafRAv/tIMoQeU TOGa29lXLBAbILjCpsrJRsl1W7lzG9WAHbonh7sF3BHQOBNCQBNNPBRQXMY38cwy/hCf28KQ /L+vXb7zzLxu+7uqq8jtm9fIS9JyHI4+ftUfTdFWPbeO+L4q3Qa4S+SOqwRyLtdtbr9zi77q +7dJ3edVfL1v/gB8bsDHrbyt//y9jvu6DNzUk6zXiK64iZ3BbRDA4ujnKOzXeMvCmT7TW97M Iuy3eT3Pzqy7L9y5IkzC8YvXVMzlnz7TJAwDMqzSiJfGbovl17znzP3QLO692b0ES/DfKJEC 2sPi7NzZPKzFtB3ZGozsbtxwml3Yy17Pz5cGiNwGgZzjub7G1gzYhnzrKOzj/bwUEe3Ebmvt 86zcre7jyi7tfezuXv3W0/7s457l34vuAbDoYq3ofyvghg7vxBwo4NcVmWvZrozKm/7Krk7D 7F7Fqhzdf63HgL3ryOu8xc3wAO/VH2zgm23wW27x33vMYP7WoC2+SB66pD2OmQvm5GzU4pzn g+7rDv8f2S3f6vStddD7tzcv3zFP70Zd4wS32WB+zrQs800nz1bM5j29zhYt4k7/9FAf9VI/ 9VRf9ev45FYvFoia9RSRj1Khtlwf9mJPEA0w9mZv0ANPjx7Otto7EONNtp3cjmp99nRPFhde 990DBHqP912h937P9wkRBkSgAERwBwKhAIiP+AJxB1eA+CpQB3WgACogECqgACGo+AGA+R4h +IRv+AGw98/HAwmh+RNR+Ys/+IV/EHeA+oLHAwog+gLh+rAfAD2gAEjg+QPB+JmvAIfP+xMx +OgW+WFw+ERwEIpP+phP+hGh/AaR+ISf5AvB/BsN+9KPEFeA+zNxBwrQA7T/rwCGT/raP/na X/ymn/mTPxCIP/zVfxHaz/21j/3o7/vGL/8RUQeu7/tIwPu2fxD5n/nFDxA9FNRR0COAQIIG 3wxUwCPAw4dI3gRQoCAMRQUQNW7k+FDgxQwKVAQIU7BjRYwaK15E2dHly5coCRKBeTJjzYct cW58g2TnT6Awr9yk6FBngKF1OCp4s3BjxSspD1YcGQCJwTsWD/q8M7Sh0qNDISqIGoCHAiIE K94UaBJjyLQeqeYkWzan14diycJESSQj2gB+KdIUzBHFQIxRW7atejVA1os9fD7M6nAozbN3 poqkK5WuYrYVDVrFqlWyyr8KQiLRPPYmSqhl246u/+M3ZOrOZtGqhR3abcXVmgleDFq8uM7e az1r7EGEyGjXGdROrUPQIQ+aQ6MScYgkI0HQqF0HUMGQ5mIFd7IarFi9IXXrGJVqNErU72SX C+un7D2YCJL58npNtekQig87pPbiTryGGMrIwPf6i67A9NYzKzsFHRqvojsIwi+lmeSTSz2T znIPt5TKC7EllAQikb30PLzLOBp/Qg7F3JTLDbU6bsNorYwWyopD1RJsiLiliJIwxwGlSk65 o8TTLb6OspqsPyzNk7I9H4FESci1sspAo6HOoqg80IDkjyj5umwSTCLH3LBJ1yqK68bOWESx tyrGWzNPOqOscdCNxFIhq//z2DRxR0FRwivKIdNbi7ge/aKJI7FmPEpPQDuVMklPNwIPIu8G s+ovwnB0MqNH2XwszEk1Wogzr8aMcsmUWu0s0kiR/HO5W5VsklNi2SzWU04JVXaj9Upiarms Rppux/FmJc8iKqEyUqmkKPLpKAtdvHbF0F7EKAyCRioP3Qhd9dOvUY9SATrqTELIXobsSrAz a9fNdi+vAgxArYuc1czfdoENssUKfwO4PQbppNYzFy0sj8SMvKtjyHEB47Rik5Lda1mSH3rD rysA/LGlririobXlmJTrvYi04vih8sgCy9U7LG2tjrPiusO7yESjC6752tJQ0NzquGxn1IzW TcP/qSEKWmAhV52ZaqJfdbelaTdbWtVkZyPV5mC19nPtzWizDaWhVZPp6seIRs/hXbUqee+H 6qiKb8ADF3zgSwNHQs7BE1d8ceMy+JBxnLyUfHLKK7f8cswz13xzzjv3/HPQQxd9dNJLnxxy 1FNXffXB8WD9ddhjl3122mu3nXU6btd9d9579/134IMXfnjiizeedgCSTz4AAIZvHqjn946e eeKfn76j663/6XqXmuee+pe8f0j573cSH6Lyx1f/+OjTP14j950wbnr3ddcepuzXf4iP8M3v v//7Dep8/gOf8drHvPYtbyPKQ58CvcdA6ikQgdaD4AHRNz4Jqs+BGExg/wcbmMACVjCDHOQg BSVYwQuS74MrXOEDW3jC5bmQhPCbIAjFZ0INZk+F5bMg+FBIvxrCL4YIZGHvQBjBCyYRiTn0 IRGX+MQBArGHTrxhCq2owStmMIBAxGIEoBhCMB5QjEr0ofbGSEMqghF9eDjjEKOYRhqaMH9L fOMAv5jEDU7Rfkp8IAT1p7/zmRGPDLSgHcvIkTGST44Y/OAQ/7jFBRLyil884xNLyMVCShKN YlThJOt4SEAusIBkRGIgdzjKN+IxhZ3kXQ8NSco2YlGWdzQkF/loSTWub46oDOUtK/nJWday e6GsZABSAEkehtGKmCSjIkUZRzqKUorNJKbwXP+ZS2XK0oyCJOI1pdlMQbYRmHRk5iMZ+cts OpKS1EynMLPJS3GW0pPQ7CUac1nFeaoymLcrgD0zyT0/orCJMuzmPRE5w1XqEoZl9OA5hYjQ Bq5ToTZUY0BHqE4KRpB+qfTjPgtqSkhOcoLYAyc3PerQib4vcPUbZlBYqlLaYaFkL4VpTflG U3tCz6Z7y4P9Ogo7GOxUqEMlalGNChEJHFWpS2VqU536VKhGVapTpWpVd+dMZQWwkX8k6f/2 iD/FJXOU8wNr/b4XyK4S6qVaJWsrc0ojtk4TrF69nVkDlzuukjJxOD0oXWu0VpLxNXWYzGMQ SahIWyZ0hjiMY0NHGsn/kFrUsY606FgFWsrJxtCBmgVpCYuYw4uKMH+dPOVI7SBFblaWo5xl qGch+1jVQnSvzuRkNbWJyI3uM5WMlGgBBVDIJuo2i8DUoioz2lu03hadU9xtNM2ZSOFGVKO2 xWg632nL5JITm4MjbHVBS9nuRVaSWO0laQHKSj3StrQa1SQq0evL9QJSk+M8Lj3hKV374nOR 2DXocp9J30jysb19HKHg5HpHXLL1m8IVK4Itm9ZdcrWY2DyrL5+pzwi6ALlvba4754nWYqIz ugkecYWD21vIydW7Eo0wcfHJS2122Li2ZbGL/RnjEgcXvP59LjVDymAc5xbBpjxkLEVMXZSu /3i2sfWmCJ241Yrq96KDbO1ro5xZij62oEJE5pMly1s3dvbKC4YnYz+8ZTc29pELzShjKbtB CW82yWIeq1WtKlip4jkobEixnf1cEz1DNdDI++mfiYcGQyf6JSkg3hYU/WhIR1rSk6Z0pS3N ujhcWtOb5nSnPf1pUIda1KMmdalNfWpUp1rVoSbBql39aljHWtazrp38aF2TPdyacYwGNWJ9 /WtgB/vXsVODro19bGQnW9nLZnaznf1saJc6DEmgQBJaQwFsY5syI8C2D6pDAR88xAcUENi0 q33tbHcAZgHQdh24TYERCOwx7/Y2RN4NEW1rm90U2He//X0Hegss2/9KqUO2H2Juaz9k4AMz eLbzze9+O/zhCuf3wgs+cY0AvNtKkfi+Ha6Rh38c39lOAschrnFwm5ziHjf4yFdOEmonnNoE pwBxqo1xiPDPqXeggBcC4AUKaEbflAH3Y6odgHErPNwQ4bnPgS50iFOgAyDn98wLnoSMF53n WGc4ttG974tMHNth5zfPw711qtecJAZv+s+D7vGCNRziFCe7y18e8rjj3OhnP/rQ7U71v9u9 72XX+uBf7m+q173tTwc6SIoehp7r/X2OLg638R1uv3Nb3uwOA+Q3YnmFj8DfRXc5tjcfAM1z JAPgJv3DRS92ePc79R3BdhLC7QNq8xv07H7/fbVvn3vE77v3f6dAEVZe+9sfQdtJ4PpDZh/4 wxN/7oKvuO7JvRF9D93vFB/+7uFtdtQffdx3YH4Ayk9V7Vdf7h3xAvN9Dvjjkxz7/F59B7wg 7+0/pANTl3r8pQP7/6u+l8C21WO31RNA/6u4A2S56gtA6UtAA9Q2H1i66KO4lgu+w8u/djM8 Dey4Ctw3B0y/iBu3i0O626NAqRJBv8s+EZy/0uO3q4O/OvCCDlA76iO8MUm9h+sR2ONBBLzA feM5yOM5BIy4oKu5IyzCffPBBzRCIUzCAMgAxBk9ycNAxOvA2lM5FvzBuetAJhRBbks61hM9 KYzCKeSbNUjDNdgd/8vzAbTzOxLMwOlzvi4cvuDbPji8vn4bN4cbk4m7tz+UQD1cQfWTvTo0 QgEkxPDrQkaMP4+zQqQbRCX8wBYEPBqEukicD4yrRJe7N+8TvTCQg6J7tzOEHDVcQ+OIAsBp OshTO78DvxKUQ6NzurfLPtFzOas7OqYruhIkPZ4bPm1rRSNcO8ILt1hcuXHDPMKjRUxMxmF0 OWEEA8QjwYJTxki0xlfkxSrsQOjztyTgv2LsOirsxmDUtsV7u4vLO0zMP6gytxHoAJNrOZRz wyYkv3OzwGoTOBh8t3hjFnq7A8hDEthzRBbctm5bt3Ksu8eIua8LSETcxEbsGz6st4R8Rv+m +0cGJMeIhD+z07d5xMQrnMNxXMh7fLlYrEKqqgMUjDaWbEmoCiqXfDQZiMkDiMmNyDSbzEmd 3Eme7EmfrKp7w0c56UOOQDh0k8eAq0Zx08ODY0h8VLe0azmj1AilzESYK8mCdLiSi8qtpENG JECNCEqW60qImMqRpIyYmw+gg0qNMMurTDkGhDizdDio7DitVLlUu7i36zfI80N+68usY8bg Az+0Szp2Q8FzBMn+c0GiE0yIMMzCE8ysjLrmGz2u08uGpAA5wcy7q8zEBLvgq0F2wzrIq8rG dDvNIExdRLzPzD5whD/DS7XVc0bLrE1760JrvM3NqznPC8tDzL7/lUS8T8S+zoO44ZzM6CvI KGS9pcs+rpvN1ou66TvO2GPH5RPJ8MM30eO2dfs76lS6O5RO86tMU9s/dpu6cVROWbRL7Gy/ JHi/B9RK2tvI7XPP91NB8dzAytRP/eM/9FRO81xM/oxPzTzGsiy6avtGfXxBl6jEkNNF9mQ4 rJvAVOO5HLw+5AxPBr1BjWTQGGTMkOQIB+XCsdTHLDS6C8VLc9TM8IvHfIQ/I2TCrPtPclvN EGXHEHXEGCTEEy1DVOPDbPNLhcM65/RNpHvD6YvDHDXS0DtL7zxEEP3OYbxES4RKIAXLIr1S FtU2Kr1N7TTE6Su4WzQ/JRxO7pxPL23S/wxduS5VNV+szr90xTj1FVYcu8HURvpcRtQcvTH9 u88E0c+kRgSFuG+Ev0J90+FzSET1RvQ8zafjS21DNKSDT7cT08DcU8jju+YbutaMOjt8uUPF TlGzQUTsgKHENlMtSmp7Rxc9OYyURZJMuBIV0emzR1kF0Vj9mYnES/B7OZ6rQYFUv1R1SEfc u4xzytGDgKh8v3EjS7QsyXnbuMCz1aN80QjdOxx9NVUMCpX0s6T6SXCVtQ9gHSgIV3M919qR RnRdV3adtCBoV3iN10/DSXmtiQqoV3yFiXGtqZrMV1NznePpKX8dWIItWNWZAYNN2FN7AoVt WId9WIitVwOIWP+KBYpcq1i+wSuM3ViO7ViP/dih0jloW4GHIFmIyIEVIIAVwIGHIACXddmH wIEdcNkfsAEbIIAfeIgfIAAb0AiUVVmWDYCXJQAWCFqNMFmTfYifXdmWHdqYnVmctVmc1Vme 9dmUZVqhfdmi5QiktVqgbdqXfVqaldqcDYCd7dmTvdqgHdqt3YiuTduvzdqwDQCZHdubLduz 9VqsZVujhYi3nTUc0AG6FdyYJQDB1QECYFmYhQgcmNrGJdmdbdmyLdzDTdysbVkW2IjAHVzG NdwAQFzFJQCNaNycfVyzFV2hnVy69VzQvVyhzdzRFdzNpdzPtdzFLdzSVdnTldzRZV3/20Vd otVc2SXc1a3c0O3d3IVc4FXdxjVe1w3e2OXcWRva251ZiCCAIXDdh5hZtNUIAoADOEBdiLDe lt2B583e66Xe8RVf7NXeAOBejvje8N0I8hVa813c9k1fp91e9s3e233fqt0I+RVf/r3e+wVe 9AXbuQXg6/VfAoZfAQZfAmbg8j1f71VfWvtb7YVZ9f1fiNCBFVgB4m3a9JVb3XXbkr3gEu7g CX4IEBZhAWZf0R3apPXbFC5hEmbhjnjhEd7gGX7ZGr5hkpUCEs5hp/VgFw7hHr5dDgZirr3h DIZiH3Zf/GXiFrbiy73ZINZgLP7fKpbh+AVjmNViFA6AGu5i/wL+YhxWYSMOADI+WilGYzZe YCSW4ze2YTNONElNHOoVX+v9AdP93yEIYCymX/Y94CJW4OoVXUDWXUEmZDA2ZAN+3jTGYAZu ZJJ9ZLQtZI2oXwJAZCq25D8OZAIe5E2O5E4+ZEq+4P1VKoSlHR1g2VjuXR3IAZeFA/clXTd2 WT6b4uat3eO1X42Y5Vnu3Fq+5Vye2ptFZZj95dbFX/P9YFnu2+a15e9N5pxd5jVuZt8N5k/W MBeeZlq2Zlz+X13W5kTmZueF5mEW5yjO442Ag5TdARboWQyuW+w12kLGAbVV4BXoXngO4gCQ 50+uZxNGXXweAn2OZH6OWxoGaA1+CImCpmd73t+EXmgcbui9BWKIlmKJnmeDvmeoVehtRuh+ NuF/hmN4Fh5eayobUN3deenfkWllaTXBoek/ozyQpbWL3Wmf/mlLg0mgriqNHWqjPuqPnVik XmqmbmqnBh4GYFcEMDSRfWqrvura0QCs3mqkBliu/mqwdio7CGuyLuudBGezbmqtrqqAAAAh +QQABQAAACwAAAAAdAE9AQAI/wADCBxIsKDBgwgTKlzIsKHDhxAjSpxIsaLFixgzatzIsaPH jyBDihxJsuREASZTqlzJsqXLlzBjypxJs6bNmzhxXsjJs6fPn0CDCh1KVOGIokiTKl068ijT p1CjFmwgdaDTqlizag064urWr2DDuvQqtqzZsxzJol3Ltu1CtW7jyl0Ld67du1rr4t3bEwTf v4ADCx5MuLDhw4gTK17MuLHjx5AjS55MubLly5gza97MubPnz6BDix5NurTp06hTiw6hurXr 17Bjy55Nu7bt27hz697Nu7dvlwl+Cx9OvPhcCgYZiJzgkYPx59CjS59Ovbr169iza9/Ovbv3 7+DDi/8fT768+fPo06tfz769+/dPJcCfTx/sgozI6+vfz7+///8AlkRVgAQW2FgGBm4HQYIM NujggxBGmJIIEkZkAGcUrkcAdRlW2FqHHqYGYoinjdhTASSCZWJqCEC4YoqivQhjaDLOaOON OOa43gE6chRBj0AGKeSQRBZp5JFIJqnkkkw26eSTUEZpnANSVumRBVZmqeWWXHbp5Zdg+tZi mGSWaWZpC56JXnADbaDmm3DGKeecdNZp550+PYDnnnz26eefgAYaFAaCFjZAoT8RiuiijDbq 6KNPlnCdm+lJCmlUll4KVaaaMsVpp0p9CipSoo5KVKmmBoVqqkCtCmMHoLn/yuqstNZq6624 8lRBrrz26uuvwKJHZbDE/mpCsTUdi+xMyi7L0IYhNevsS9Kaqahd1U7LUrbieYAdt9qmBG64 JY1L7kjmnqvuuuy2p0G78MYr77z01mvvvfjmq+++/Pbr778AByxwb4cObPDB6rGG8MIMN+zw wxBH3CCsElec5AcWH4SxSyeEu3FLHWv78UohTzsyyR5zTO7JJpWc8UAuvxyzzC8TNHPNOOes M1R67uzzz0AHLfTQRBdtNE0A6Jz0frsKtzTOT0Ot9M5Rv1z10VhnbTHFWnft9ddghy322GSX vSSKZqet9tqGcc3222spB/fcdNdt991456333nz3SO3334AbSILOg+dcOM6H15y44oQ3Hvjj kEcu+eTvOUf55ZhnXpZfmnfu+eeghy766KSXbjq+cp+uekYKrH70u67HLvvstNsZEAA7 ------=_NextPart_000_0015_01C6F90C.C705FCE0-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Oct 26 04:03:59 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gd0DX-0006Jn-Ej for capwap-archive@lists.ietf.org; Thu, 26 Oct 2006 04:03:59 -0400 Received: from mx1.tigertech.net ([64.62.209.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gd0DV-0001uq-BM for capwap-archive@lists.ietf.org; Thu, 26 Oct 2006 04:03:59 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by zoidberg.tigertech.net (Postfix) with ESMTP id 3DBF539804C for ; Thu, 26 Oct 2006 01:03:49 -0700 (PDT) Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32]) by fry.tigertech.net (Postfix) with ESMTP id D54FD4A4547 for ; Thu, 26 Oct 2006 01:02:01 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id A532A4306B5 for ; Thu, 26 Oct 2006 01:02:01 -0700 (PDT) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.187]) by hermes.tigertech.net (Postfix) with ESMTP id 8F23D4306B1 for ; Thu, 26 Oct 2006 01:01:57 -0700 (PDT) Received: by nf-out-0910.google.com with SMTP id x30so853234nfb for ; Thu, 26 Oct 2006 01:01:56 -0700 (PDT) Received: by 10.49.90.4 with SMTP id s4mr4961030nfl; Thu, 26 Oct 2006 01:01:55 -0700 (PDT) Received: by 10.49.42.3 with HTTP; Thu, 26 Oct 2006 01:01:55 -0700 (PDT) Message-ID: <5bfe7a820610260101p95fa2c9wb063ee809d3a748a@mail.gmail.com> Date: Thu, 26 Oct 2006 01:01:55 -0700 From: "Dorothy Stanley" To: "Behcet Sarikaya" In-Reply-To: <20061026042806.34805.qmail@web60312.mail.yahoo.com> MIME-Version: 1.0 References: <20061026042806.34805.qmail@web60312.mail.yahoo.com> X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes X-Spam-Status: No, hits=1.0 tagged_above=-999.0 required=7.0 tests=DNS_FROM_RFC_ABUSE, FROM_ENDS_IN_NUMS, HTML_40_50, HTML_MESSAGE, RCVD_BY_IP, SPF_HELO_PASS, SPF_PASS X-Spam-Level: Cc: capwap Subject: Re: [Capwap] CAPWAP for 802.11r X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1981184874==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.6 (/) X-Scan-Signature: 03fb21b15d5177c512a4caa19876f30a --===============1981184874== Content-Type: multipart/alternative; boundary="----=_Part_48614_8573915.1161849715733" ------=_Part_48614_8573915.1161849715733 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline All, I believe that we previously agreed that the initial CAPWAP specification(s) will support 802.11 capabilities through those defined in 802.11-REVma, expected to be approved in Dec 06, and that unapproved amendments including .11k, .11r, .11n etc would be dealt with in a future version. Thus 802.11r support in CAPWAP, the discussion of which is very interesting, is not in scope for the current CAPWAP specifications under development. Thanks, Dorothy On 10/25/06, Behcet Sarikaya wrote: > > Comments inline. > > ----- Original Message ---- > From: Charles Clancy > To: Pat Calhoun (pacalhou) > Cc: Behcet Sarikaya ; capwap > Sent: Monday, October 23, 2006 11:00:38 AM > Subject: Re: [Capwap] CAPWAP for 802.11r > > Unless PMK-R1s are preemptively distributed to WTPs to which a STA might > roam (neighbor graphs, anyone?), you'll still have the WTP-AC latency for > the WTP to request a PMK-R1 from the AC (R0KH). This would be about equal > to the latency of having the AC validating Association Request packets. > > ==>PMK-R1 is sent during Authenticate req/resp exchange, so no effect on > ReassReq/Resp latency. > > Does 11r let you proactively distribute PMK-R1s? I don't see any > references in D3... all I see is the reactive distribution protocol. > ==>I think it is possible but the key distribution protocol is more > advantageous because you do not distribute keys to WTPs that may never need > to use such a key. > > > My understanding is that one of the reasons 11r is faster is because keys > can be *reactively* transfered directly between APs without having to go > through the AAA server. Unfortunately our main security association is > with the AC, not the WTP, and inter-WTP communications is bad, so > everything will have to go through the AC. > > ==>No inter-WTP communications in CAPWAPRP. > > -- > t. charles clancy, ph.d. <> tcc@umd.edu <> www.cs.umd.edu/~clancy > > On Mon, October 23, 2006 10:28 am, Pat Calhoun $pacalhou$ wrote: > > I agree with Charles - but I do believe there is a single issue. In the > > case of local MAC, the IEEE 802.11 binding states that the WTP processes > > the Association Request and then forwards it to the AC. The AC can > > override the decision made by the WTP by sending a negative result > > Association Response. > > > > When 802.11r, the local MAC WTP will not have the cryptographic keys > > necessary to validate the Association Request, so it would *have* to > > defer to the AC. The question is whether this is acceptable as it does > > change the timing of the Association round trip. One alternative is to > > push the PMK-R1 keys to the WTP to allow the WTP to perform its own > > authentication of the management frame. > > > > Pat Calhoun > > CTO, Wireless Networking Business Unit > > Cisco Systems > > > > > > > >> -----Original Message----- > >> From: Charles Clancy [mailto:clancy@cs.umd.edu] > >> Sent: Thursday, October 19, 2006 12:27 PM > >> To: Behcet Sarikaya > >> Cc: capwap > >> Subject: Re: [Capwap] CAPWAP for 802.11r > >> > >> Behcet, > >> > >> > My proposal is to use the key distribution protocol of > >> 802.11r which > >> > securely transports the keys. > >> > Also no need for the context transfer which was what I had in mind. > >> > >> My point is that we don't need to distribute PMK-R1 keys > >> since all authenticator functionality will reside at the AC > >> regardless of the MAC splitting, so we therefore don't need a > >> new key distribution protocol at all. > >> > >> Here's how I envision an 11r handoff: > >> > >> STA WTP1 WTP2 AC > >> -------------------------------------------------- > >> > >> Initial authentication (as CAPWAP does now): > >> > >> <--- assoc -----> > >> <-------------- open authentication -------------> > >> <----------------- 1X/EAP authentication --------> > >> (derives PMK-R0, PMK-R1) > >> <--------------- four-way handshake -------------> > >> (derives PTK) > >> <---------- add mobile (PTK) ----- > >> > >> fast handoff: > >> > >> (AC and STA derive new PMK-R1') > >> <------- FT / reassoc (PMK Name, MIC, etc) ------> > >> (derives new PTK') > >> <- add mobile (PTK') > >> <---------- delete mobile -------- > >> > >> > >> > Can you spare your ideas why that would not work in CAPWAP? > >> > >> I'm not sure to what you're referring. Using the > >> yet-to-be-defined 11r key distribution protocol duplicates > >> the add-mobile CAPWAP architecture for distributing keying > >> material. Additionally, it violates the security restriction > >> that keys from the PMK-level in the keying hierarchy MUST > >> remain at the authenticator, which is the AC. > >> > >> > You're saying we only need the split MAC scenarios that I > >> have in the > >> > draft. > >> > >> I'm saying that CAPWAP can support 11r without any protocol > >> changes. The only changes I can envision being necessary are > >> perhaps capabilities flags indicating support for 11r, so ACs > >> and WTPs know that each other supports 11r. All the 11r > >> protocol processing would be implemented at the AC. The WTP > >> would just have to know about the additional 802.11 messages, > >> and know they should be forwarded to the AC. WTPs and ACs > >> would also have to support AES-CMAC, which is defined in 11r. > >> > >> -- > >> t. charles clancy, ph.d. | tcc@umd.edu | www.cs.umd.edu/~clancy > >> > >> _________________________________________________________________ > >> To unsubscribe or modify your subscription options, please visit: > >> http://lists.frascone.com/mailman/listinfo/capwap > >> > >> Archives: http://lists.frascone.com/pipermail/capwap > >> > > > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap > > Archives: http://lists.frascone.com/pipermail/capwap > > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap > > Archives: http://lists.frascone.com/pipermail/capwap > > ------=_Part_48614_8573915.1161849715733 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline All,

I believe that we previously agreed that the
initial CAPWAP specification(s) will support 802.11 capabilities through
those defined in 802.11-REVma, expected to be approved in Dec 06, and that
unapproved amendments including .11k, .11r, .11n etc would be dealt with
in a future version.

Thus 802.11r support in CAPWAP, the discussion of which is very interesting,
is not in scope for the current CAPWAP specifications under development.

Thanks,

Dorothy

On 10/25/06, Behcet Sarikaya <behcetsarikaya@yahoo.com> wrote:

Comments inline.

----- Original Message ----
From: Charles Clancy <clancy@cs.umd.edu>
To: Pat Calhoun (pacalhou) <pcalhoun@cisco.com>
Cc: Behcet Sarikaya < sarikaya@ieee.org>; capwap <capwap@frascone.com>
Sent: Monday, October 23, 2006 11:00:38 AM
Subject: Re: [Capwap] CAPWAP for 802.11r

Unless PMK-R1s are preemptively distributed to WTPs to which a STA might
roam (neighbor graphs, anyone?), you'll still have the WTP-AC latency for
the WTP to request a PMK-R1 from the AC (R0KH).  This would be about equal
to the latency of having the AC validating Association Request packets.

==>PMK-R1 is sent during Authenticate req/resp exchange, so no effect on ReassReq/Resp latency.

Does 11r let you proactively distribute PMK-R1s?  I don't see any
references in D3... all I see is the reactive distribution protocol.
==>I think it is possible but the key distribution protocol is more advantageous because you do not distribute keys to WTPs that may never need to use such a key.

My understanding is that one of the reasons 11r is faster is because keys
can be *reactively* transfered directly between APs without having to go
through the AAA server.  Unfortunately our main security association is
with the AC, not the WTP, and inter-WTP communications is bad, so
everything will have to go through the AC.

==>No inter-WTP communications in CAPWAPRP.

--
t. charles clancy, ph.d.  <>  tcc@umd.edu  <>   www.cs.umd.edu/~clancy

On Mon, October 23, 2006 10:28 am, Pat Calhoun $pacalhou$ wrote:
> I agree with Charles - but I do believe there is a single issue. In the
> case of local MAC, the IEEE 802.11 binding states that the WTP processes
> the Association Request and then forwards it to the AC. The AC can
> override the decision made by the WTP by sending a negative result
> Association Response.
>
> When 802.11r, the local MAC WTP will not have the cryptographic keys
> necessary to validate the Association Request, so it would *have* to
> defer to the AC. The question is whether this is acceptable as it does
> change the timing of the Association round trip. One alternative is to
> push the PMK-R1 keys to the WTP to allow the WTP to perform its own
> authentication of the management frame.
>
> Pat Calhoun
> CTO, Wireless Networking Business Unit
> Cisco Systems
>
>
>
>> -----Original Message-----
>> From: Charles Clancy [mailto: clancy@cs.umd.edu]
>> Sent: Thursday, October 19, 2006 12:27 PM
>> To: Behcet Sarikaya
>> Cc: capwap
>> Subject: Re: [Capwap] CAPWAP for 802.11r
>>
>> Behcet,
>>
>> > My proposal is to use the key distribution protocol of
>> 802.11r which
>> > securely transports the keys.
>> > Also no need for the context transfer which was what I had in mind.
>>
>> My point is that we don't need to distribute PMK-R1 keys
>> since all authenticator functionality will reside at the AC
>> regardless of the MAC splitting, so we therefore don't need a
>> new key distribution protocol at all.
>>
>> Here's how I envision an 11r handoff:
>>
>> STA            WTP1           WTP2              AC
>> --------------------------------------------------
>>
>> Initial authentication (as CAPWAP does now):
>>
>> <--- assoc ----->
>> <-------------- open authentication ------------->
>> <----------------- 1X/EAP authentication -------->
>>                (derives PMK-R0, PMK-R1)
>> <--------------- four-way handshake ------------->
>>                    (derives PTK)
>>                 <---------- add mobile (PTK) -----
>>
>> fast handoff:
>>
>>                (AC and STA derive new PMK-R1')
>> <------- FT / reassoc (PMK Name, MIC, etc) ------>
>>                   (derives new PTK')
>>                               <- add mobile (PTK')
>>                 <---------- delete mobile --------
>>
>>
>> > Can you spare your ideas why that would not work in CAPWAP?
>>
>> I'm not sure to what you're referring.  Using the
>> yet-to-be-defined 11r key distribution protocol duplicates
>> the add-mobile CAPWAP architecture for distributing keying
>> material.  Additionally, it violates the security restriction
>> that keys from the PMK-level in the keying hierarchy MUST
>> remain at the authenticator, which is the AC.
>>
>> > You're saying we only need the split MAC scenarios that I
>> have in the
>> > draft.
>>
>> I'm saying that CAPWAP can support 11r without any protocol
>> changes.  The only changes I can envision being necessary are
>> perhaps capabilities flags indicating support for 11r, so ACs
>> and WTPs know that each other supports 11r.  All the 11r
>> protocol processing would be implemented at the AC.  The WTP
>> would just have to know about the additional 802.11 messages,
>> and know they should be forwarded to the AC.  WTPs and ACs
>> would also have to support AES-CMAC, which is defined in 11r.
>>
>> --
>> t. charles clancy, ph.d.  |  tcc@umd.edu  |   www.cs.umd.edu/~clancy
>>
>> _________________________________________________________________
>> To unsubscribe or modify your subscription options, please visit:
>> http://lists.frascone.com/mailman/listinfo/capwap
>>
>> Archives: http://lists.frascone.com/pipermail/capwap
>>
>

_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/capwap

Archives: http://lists.frascone.com/pipermail/capwap

_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/capwap

Archives: http://lists.frascone.com/pipermail/capwap

------=_Part_48614_8573915.1161849715733-- --===============1981184874== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============1981184874==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Oct 26 05:37:18 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gd1aA-0004hz-9i for capwap-archive@lists.ietf.org; Thu, 26 Oct 2006 05:31:26 -0400 Received: from mx2.tigertech.net ([64.62.209.32]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gd1a3-00066Z-BO for capwap-archive@lists.ietf.org; Thu, 26 Oct 2006 05:31:23 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by hermes.tigertech.net (Postfix) with ESMTP id E7C5E43092D for ; Thu, 26 Oct 2006 02:31:14 -0700 (PDT) Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32]) by fry.tigertech.net (Postfix) with ESMTP id C5D994A453E for ; Thu, 26 Oct 2006 02:30:11 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 8A17C430927 for ; Thu, 26 Oct 2006 02:30:11 -0700 (PDT) Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by hermes.tigertech.net (Postfix) with ESMTP id 7183943091E for ; Thu, 26 Oct 2006 02:30:06 -0700 (PDT) Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-6.cisco.com with ESMTP; 26 Oct 2006 02:30:06 -0700 Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-2.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k9Q9U6OH018682; Thu, 26 Oct 2006 02:30:06 -0700 Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id k9Q9U5W4025406; Thu, 26 Oct 2006 02:30:05 -0700 (PDT) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 26 Oct 2006 02:30:05 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Thu, 26 Oct 2006 02:30:04 -0700 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A268088A@xmb-sjc-235.amer.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] need clarification on UDP ports Thread-Index: Acb4WJf9J/zPjadeTYalbnIsuf2LKAAajXAwAAG98vEABeML9w== From: "Pat Calhoun (pacalhou)" To: "Abhijit Choudhury" , "Puneet Agarwal" , "Margaret Wasserman" , "Scott G. Kelly" X-OriginalArrivalTime: 26 Oct 2006 09:30:05.0320 (UTC) FILETIME=[51F86080:01C6F8E1] Authentication-Results: sj-dkim-2.cisco.com; header.From=pcalhoun@cisco.com; dkim=pass ( 61 extraneous bytes; sig from cisco.com verified; ); X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes X-Spam-Status: No, hits=0.9 tagged_above=-999.0 required=7.0 tests=DNS_FROM_RFC_ABUSE, HTML_20_30, HTML_MESSAGE, SPF_HELO_PASS, SPF_PASS X-Spam-Level: Cc: capwap Subject: Re: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============2101282083==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.5 (/) X-Scan-Signature: d094b18a574860cb9e2fe5fedfbcc179 This is a multi-part message in MIME format. --===============2101282083== Content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C6F8E1.51BB8CB3" This is a multi-part message in MIME format. ------_=_NextPart_001_01C6F8E1.51BB8CB3 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Could you explain why you believe the sessionID should not be protected? = Seems like the IP address and UDP port are sufficient to distinguish the = WTP (for encrypted data plane, this would be known after the first = packet is received. PatC -----Original Message----- From: Abhijit Choudhury [mailto:Abhijit@sinett.com] Sent: Wednesday, October 25, 2006 11:59 PM Pacific Standard Time To: Puneet Agarwal; Margaret Wasserman; Pat Calhoun (pacalhou); Scott G. = Kelly Cc: capwap Subject: RE: [Capwap] need clarification on UDP ports Folks, I like the solution below, but I'd go one step further. We should just have a single CAPWAP packet format. The shim header should be present in both capwap control and data packets, and should have a field to indicate encrypted/unencrypted as well as a type/sessionId field. =20 For packets arriving on either control or data port, the encrypted/unencrypted field indicates whether the payload is DTLS encrypted. =20 For DTLS encrypted packets arriving on the data port,=20 the type/sessionId field indicates the QoS level in=20 order to avoid antireplay issues. =20 This approach is simple, clean and addresses all the=20 concerns raised so far on this issue: =20 1. Uses separate control and data UDP ports to steer packets through legacy devices with different levels of QoS 2. Is able to distinguish between encrypted and unencrypted packets in the CAPWAP payload. 3. Is able to support multiple QoS levels if the data channel is=20 DTLS encrypted. I believe this is similar to the proposal that Scott=20 presented in one of his earlier emails.=20 =20 Regards, Abhijit ________________________________ From: Puneet Agarwal [mailto:pagarwal@broadcom.com] Sent: Wed 10/25/2006 11:17 PM To: Margaret Wasserman; Pat Calhoun Cc: Hasan Raza; capwap Subject: Re: [Capwap] need clarification on UDP ports Hi Margaret, I am OK with your 2 port solution (with shim header for capwap control only). To summarize, it seems that you are proposing that there be two UDP ports reserved for CAPWAP: A) CAPWAP Control Port: All discovery and capwap control messages flow on this UDP port. There is a new shim (control mux) header added between the UDP Header and the following header (where the following header could be DTLS if encrypted or CAPWAP Hdr if non-encrypted ). The control mux would specify if the packet is DTLS encrypted or not. I didn't want to use the "Control Header" for the new shim as section 4 already talks about a "Control Header". B) CAPWAP Data Port: All CAPWAP Data messages flow on this UDP port. It is a property of the UDP tunnel whether the payload in encrypted or not. If the tunnel is encrypted, then a DTLS header follows the UDP Header. If the tunnel is not encrypted, then a CAPWAP Header follows the UDP Header. Note that there is no "control mux" after the UDP header. Is the above interpretation correct? Thanks. -Puneet -----Original Message----- From: Margaret Wasserman [mailto:margaret@thingmagic.com] Sent: Wednesday, October 25, 2006 10:09 AM To: Pat Calhoun Cc: Scott G. Kelly; Hasan Raza; Puneet Agarwal; capwap Subject: Re: [Capwap] need clarification on UDP ports Hi all, Just commenting as an individual contributor... I prefer the intermediate header approach to the third port approach, because I think it is a cleaner representation of what is actually happening. Different ports are used to reach different end points (different systems or different processes running on the same system). In CAPWAP, we have one port to reach the data end-point and another to reach the control end-point, because we think there are cases when the data and control end-points may be different processes or run on different systems. That makes sense to me. However, when we are talking about DTLS-encrypted and unencrypted control packets, we aren't really talking about two different end- points. We are talking about a single control application that needs to decide whether to treat each packet it received as unencrypted or as DTLS-encrypted, in which case it needs to be handed to the DTLS engine for decryption. If you think about it that way, I think it would be better for the control application to receive a packet that starts with a short header that indicates whether this packet is DTLS- encrypted or unencrypted. If the packet is unencrypted, the control application processes it directly (or ignores the packet if it isn't a discovery packet), and if it is DTLS-encrypted, the control application strips off the header and send the packet to the DTLS engine for decryption. This type of header might also allow for later expansion if the security world evolves and a better security mechanism for CAPWAP's purposes emerges. So, I would prefer that we add a short header after the UDP header (a CAPWAP control header?) that indicates the type of the encapsulated packet (DTLS-encrypted or unencrypted). I think 4 bytes would be long enough for this header, and that would maintain 32-bit alignment. IMO, it should contain 2 fields -- a one byte version number (0x01) and a three-byte type field. At this point, only two types would be defined. I do not have a major technical objection to the third port option, I just think it is less clean from an architectural standpoint. I would rather strenuously object to the proposed approaches that involve zeroing out the DTLS header or running a packet through DTLS and then treating it as unencrypted if that fails, etc. Margaret On Oct 25, 2006, at 12:33 PM, Pat Calhoun (pacalhou) wrote: > Not pushing for the hack. I've stated I do not object to a third UDP > port, but provided an alternative should IANA refuse to give it to us. > > Pat Calhoun > CTO, Wireless Networking Business Unit Cisco Systems > > > >> -----Original Message----- >> From: Scott G. Kelly [mailto:s.kelly@ix.netcom.com] >> Sent: Tuesday, October 24, 2006 1:24 PM >> To: Pat Calhoun (pacalhou); Hasan Raza; pagarwal@broadcom.com >> Cc: capwap >> Subject: RE: [Capwap] need clarification on UDP ports >> >> "Pat Calhoun (pacalhou)" wrote: >> >>> Except we can document that any CAPWAP implementation receiving a >>> packet with 'n' zeroes uses DTLS header format foo, which >> is of lengh 'y'. >> >> ...except that it is decidedly *not* a DTLS header, right? >> I'm having a really hard time understanding why you're >> pushing for a hack at any/all costs to solve this problem. We >> are at the design stage - if there were ever a time to do it >> right, that time is now. Exactly what will break if we don't >> adopt this hack? >> >> Scott >> > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/capwap > > Archives: http://lists.frascone.com/pipermail/capwap _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap ------_=_NextPart_001_01C6F8E1.51BB8CB3 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable RE: [Capwap] need clarification on UDP ports

Could you explain why you believe the sessionID should = not be protected? Seems like the IP address and UDP port are sufficient = to distinguish the WTP (for encrypted data plane, this would be known = after the first packet is received.

PatC

-----Original Message-----
From: Abhijit Choudhury [mailto:Abhijit@sinett.com]
Sent:   Wednesday, October 25, 2006 11:59 PM Pacific Standard = Time
To:     Puneet Agarwal; Margaret Wasserman; Pat = Calhoun (pacalhou); Scott G. Kelly
Cc:     capwap
Subject:        RE: [Capwap] need = clarification on UDP ports

Folks,
I like the solution below, but I'd go one step further.
We should just have a single CAPWAP packet format.
The shim header should be present in both capwap
control and data packets, and should have a
field to indicate encrypted/unencrypted as well
as a type/sessionId field.

For packets arriving on either control or data port,
the encrypted/unencrypted field indicates whether
the payload is DTLS encrypted.

For DTLS encrypted packets arriving on the data port,
the type/sessionId field indicates the QoS level in
order to avoid antireplay issues.

This approach is simple, clean and addresses all the
concerns raised so far on this issue:

1. Uses separate control and data UDP ports to steer packets
      through legacy devices with different = levels of QoS
2. Is able to distinguish between encrypted and unencrypted = packets
     in the CAPWAP payload.
3. Is able to support multiple QoS levels if the data channel = is
     DTLS encrypted.

I believe this is similar to the proposal that Scott
presented in one of his earlier emails.

Regards,
Abhijit
________________________________

From: Puneet Agarwal [mailto:pagarwal@broadcom.com] Sent: Wed 10/25/2006 11:17 PM
To: Margaret Wasserman; Pat Calhoun
Cc: Hasan Raza; capwap
Subject: Re: [Capwap] need clarification on UDP ports

Hi Margaret,

I am OK with your 2 port solution (with shim header for capwap = control
only).

To summarize, it seems that you are proposing that there be two UDP
ports reserved for CAPWAP:

A) CAPWAP Control Port: All discovery and capwap control messages = flow
on this UDP port. There is a new shim (control mux) header added = between
the UDP Header and the following header (where the following header
could be DTLS if encrypted or CAPWAP Hdr if non-encrypted ). The = control
mux would specify if the packet is DTLS encrypted or not. I didn't = want
to use the "Control Header" for the new shim as section 4 = already talks
about a "Control Header".

B) CAPWAP Data Port: All CAPWAP Data messages flow on this UDP port. = It
is a property of the UDP tunnel whether the payload in encrypted or = not.
If the tunnel is encrypted, then a DTLS header follows the UDP = Header.
If the tunnel is not encrypted, then a CAPWAP Header follows the UDP
Header. Note that there is no "control mux" after the UDP = header.

Is the above interpretation correct?

Thanks.

-Puneet

-----Original Message-----
From: Margaret Wasserman [mailto:margaret@thingmagic.com]
Sent: Wednesday, October 25, 2006 10:09 AM
To: Pat Calhoun
Cc: Scott G. Kelly; Hasan Raza; Puneet Agarwal; capwap
Subject: Re: [Capwap] need clarification on UDP ports

Hi all,

Just commenting as an individual contributor...

I prefer the intermediate header approach to the third port = approach,
because I think it is a cleaner representation of what is actually
happening.

Different ports are used to reach different end points (different
systems or different processes running on the same system). In = CAPWAP,
we have one port to reach the data end-point and another to reach = the
control end-point, because we think there are cases when the data = and
control end-points may be different processes or run on different
systems. That makes sense to me.

However, when we are talking about DTLS-encrypted and unencrypted
control packets, we aren't really talking about two different end-
points. We are talking about a single control application that = needs to
decide whether to treat each packet it received as unencrypted or as
DTLS-encrypted, in which case it needs to be handed to the DTLS = engine
for decryption. If you think about it that way, I think it would = be
better for the control application to receive a packet that starts = with
a short header that indicates whether this packet is DTLS- encrypted = or
unencrypted. If the packet is unencrypted, the control = application
processes it directly (or ignores the packet if it isn't a discovery
packet), and if it is DTLS-encrypted, the control application strips = off
the header and send the packet to the DTLS engine for decryption. = This
type of header might also allow for later expansion if the security
world evolves and a better security mechanism for CAPWAP's purposes
emerges.

So, I would prefer that we add a short header after the UDP header = (a
CAPWAP control header?) that indicates the type of the encapsulated
packet (DTLS-encrypted or unencrypted). I think 4 bytes would be = long
enough for this header, and that would maintain 32-bit alignment. = IMO,
it should contain 2 fields -- a one byte version number (0x01) and a
three-byte type field. At this point, only two types would be = defined.

I do not have a major technical objection to the third port option, = I
just think it is less clean from an architectural standpoint.

I would rather strenuously object to the proposed approaches that
involve zeroing out the DTLS header or running a packet through DTLS = and
then treating it as unencrypted if that fails, etc.

Margaret

On Oct 25, 2006, at 12:33 PM, Pat Calhoun (pacalhou) wrote:

> Not pushing for the hack. I've stated I do not object to a third = UDP
> port, but provided an alternative should IANA refuse to give it to = us.
>
> Pat Calhoun
> CTO, Wireless Networking Business Unit Cisco Systems
>
>
>
>> -----Original Message-----
>> From: Scott G. Kelly [mailto:s.kelly@ix.netcom.com] >> Sent: Tuesday, October 24, 2006 1:24 PM
>> To: Pat Calhoun (pacalhou); Hasan Raza; = pagarwal@broadcom.com
>> Cc: capwap
>> Subject: RE: [Capwap] need clarification on UDP ports
>>
>> "Pat Calhoun (pacalhou)" wrote:
>>
>>> Except we can document that any CAPWAP implementation = receiving a
>>> packet with 'n' zeroes uses DTLS header format foo, = which
>> is of lengh 'y'.
>>
>> ...except that it is decidedly *not* a DTLS header, right?
>> I'm having a really hard time understanding why you're
>> pushing for a hack at any/all costs to solve this problem. = We
>> are at the design stage - if there were ever a time to do = it
>> right, that time is now. Exactly what will break if we = don't
>> adopt this hack?
>>
>> Scott
>>
> = _________________________________________________________________
> To unsubscribe or modify your subscription options, please = visit:
> http://lists.f= rascone.com/mailman/listinfo/capwap
>
> Archives: http://lists.frascone= .com/pipermail/capwap

_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.f= rascone.com/mailman/listinfo/capwap

Archives: http://lists.frascone= .com/pipermail/capwap

------_=_NextPart_001_01C6F8E1.51BB8CB3-- --===============2101282083== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap --===============2101282083==-- From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Oct 26 06:44:38 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gd2j0-0007eG-4R for capwap-archive@lists.ietf.org; Thu, 26 Oct 2006 06:44:38 -0400 Received: from mx1.tigertech.net ([64.62.209.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gd2iv-0004ab-Uo for capwap-archive@lists.ietf.org; Thu, 26 Oct 2006 06:44:38 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by zoidberg.tigertech.net (Postfix) with ESMTP id EB247398048 for ; Thu, 26 Oct 2006 03:44:24 -0700 (PDT) Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32]) by fry.tigertech.net (Postfix) with ESMTP id 6FEE94A45C5 for ; Thu, 26 Oct 2006 03:44:07 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 4D7FF430B0E for ; Thu, 26 Oct 2006 03:44:07 -0700 (PDT) Received: from sj-iport-1.cisco.com (sj-iport-1-in.cisco.com [171.71.176.70]) by hermes.tigertech.net (Postfix) with ESMTP id 65913430AF9 for ; Thu, 26 Oct 2006 03:44:04 -0700 (PDT) Received: from sj-dkim-1.cisco.com ([171.71.179.21]) by sj-iport-1.cisco.com with ESMTP; 26 Oct 2006 03:44:04 -0700 Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237]) by sj-dkim-1.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k9QAi3wV029713 for ; Thu, 26 Oct 2006 03:44:03 -0700 Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id k9QAi3Ao019259 for ; Thu, 26 Oct 2006 03:44:03 -0700 (PDT) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 26 Oct 2006 03:44:03 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Thu, 26 Oct 2006 03:44:03 -0700 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A202B8BAAF@xmb-sjc-235.amer.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] transition to join state Thread-Index: Acb3hExvfrWUJ93uSxCyGHA29lgS4wAAI3BZABQxsSAAPa8okA== From: "Pat Calhoun (pacalhou)" To: "Smitha Smitha (ssmitha)" , "capwap" X-OriginalArrivalTime: 26 Oct 2006 10:44:03.0490 (UTC) FILETIME=[A7536020:01C6F8EB] Authentication-Results: sj-dkim-1.cisco.com; header.From=pcalhoun@cisco.com; dkim=pass ( sig from cisco.com verified; ); X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes X-Spam-Status: No, hits=0.4 tagged_above=-999.0 required=7.0 tests=DNS_FROM_RFC_ABUSE, SPF_HELO_PASS, SPF_PASS X-Spam-Level: Subject: Re: [Capwap] transition to join state X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 0a7aa2e6e558383d84476dc338324fab I see your point. Clearly, some interim CAPWAP state is needed between idle and join, which we could call "DTLS Establishment". Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems > -----Original Message----- > From: Smitha Smitha (ssmitha) > Sent: Tuesday, October 24, 2006 6:37 PM > To: Pat Calhoun (pacalhou); 'capwap' > Subject: RE: [Capwap] transition to join state > > Pat, > > The spec talks about transitioning to join state from idle - > (Idle to Join (aa)). This would make it necessary for CAPWAP > to know of the various DTLS packets are being received during > handshake. Why is it necessary to have a "join ready" state? > > Thanks > Smitha > > -----Original Message----- > From: Pat Calhoun (pacalhou) > Sent: Tuesday, October 24, 2006 9:26 PM > To: Smitha Smitha (ssmitha); 'capwap' > Subject: RE: [Capwap] transition to join state > > I'm not so sure. If that were the case we would need a "join > ready" state. We clearly need to transition to a new > (non-DTLS) state when the DTLS channel is open. > > PatC > > -----Original Message----- > From: Smitha Smitha (ssmitha) > Sent: Tuesday, October 24, 2006 08:52 AM Pacific Standard Time > To: capwap > Subject: [Capwap] transition to join state > > All, > > The spec talks about AC transitioning to Join state on > receiving DTLS Client Hello with a valid cookie. Should this > really be the case? > The AC should transition to Join state on receiving a Join Request. > > Thanks > Smitha > > _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Oct 26 06:45:18 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gd2je-0007je-0j for capwap-archive@lists.ietf.org; Thu, 26 Oct 2006 06:45:18 -0400 Received: from mx1.tigertech.net ([64.62.209.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gd2jb-0004hE-7e for capwap-archive@lists.ietf.org; Thu, 26 Oct 2006 06:45:18 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by zoidberg.tigertech.net (Postfix) with ESMTP id A89473980C5 for ; Thu, 26 Oct 2006 03:45:14 -0700 (PDT) Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32]) by fry.tigertech.net (Postfix) with ESMTP id DABE94A45C5 for ; Thu, 26 Oct 2006 03:44:09 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id C945A430B01 for ; Thu, 26 Oct 2006 03:44:09 -0700 (PDT) Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by hermes.tigertech.net (Postfix) with ESMTP id AD66D430B0B for ; Thu, 26 Oct 2006 03:44:05 -0700 (PDT) Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-6.cisco.com with ESMTP; 26 Oct 2006 03:44:05 -0700 Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237]) by sj-dkim-3.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k9QAi5iJ014545; Thu, 26 Oct 2006 03:44:05 -0700 Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id k9QAi4Ao019269; Thu, 26 Oct 2006 03:44:04 -0700 (PDT) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Thu, 26 Oct 2006 03:44:04 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Thu, 26 Oct 2006 03:44:04 -0700 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A202B8BAB0@xmb-sjc-235.amer.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] need clarification on UDP ports Thread-Index: Acb4WJO3aFFduXYSS2S5+EXKbumseAAdFhFQ From: "Pat Calhoun (pacalhou)" To: "Margaret Wasserman" X-OriginalArrivalTime: 26 Oct 2006 10:44:04.0854 (UTC) FILETIME=[A8238160:01C6F8EB] Authentication-Results: sj-dkim-3.cisco.com; header.From=pcalhoun@cisco.com; dkim=pass ( sig from cisco.com verified; ); X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes X-Spam-Status: No, hits=0.4 tagged_above=-999.0 required=7.0 tests=DNS_FROM_RFC_ABUSE, SPF_HELO_PASS, SPF_PASS X-Spam-Level: Cc: Hasan Raza , capwap Subject: Re: [Capwap] need clarification on UDP ports X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 67c1ea29f88502ef6a32ccec927970f0 ok... no real objections on including an interim (short) tag to represent the packet type. If we are to go down this path, I would prefer that we maintain consistency across both the control and data plane, and include the same header on both UDP ports. This way, if a DTLS session is being used to secure the data plane, the (relatively) same pre-parsing and security validation logic can be used. Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems > -----Original Message----- > From: Margaret Wasserman [mailto:margaret@thingmagic.com] > Sent: Wednesday, October 25, 2006 10:09 AM > To: Pat Calhoun (pacalhou) > Cc: Scott G. Kelly; Hasan Raza; pagarwal@broadcom.com; capwap > Subject: Re: [Capwap] need clarification on UDP ports > > > Hi all, > > Just commenting as an individual contributor... > > I prefer the intermediate header approach to the third port > approach, because I think it is a cleaner representation of > what is actually happening. > > Different ports are used to reach different end points > (different systems or different processes running on the same > system). In CAPWAP, we have one port to reach the data > end-point and another to reach the control end-point, because > we think there are cases when the data and control end-points > may be different processes or run on different systems. That > makes sense to me. > > However, when we are talking about DTLS-encrypted and > unencrypted control packets, we aren't really talking about > two different end- points. We are talking about a single > control application that needs to decide whether to treat > each packet it received as unencrypted or as DTLS-encrypted, > in which case it needs to be handed to the DTLS engine for > decryption. If you think about it that way, I think it would > be better for the control application to receive a packet > that starts with a short header that indicates whether this > packet is DTLS- encrypted or unencrypted. If the packet is > unencrypted, the control application processes it directly > (or ignores the packet if it isn't a discovery packet), and > if it is DTLS-encrypted, the control application strips off > the header and send the packet to the DTLS engine for > decryption. This type of header might also allow for later > expansion if the security world evolves and a better security > mechanism for CAPWAP's purposes emerges. > > So, I would prefer that we add a short header after the UDP > header (a CAPWAP control header?) that indicates the type of > the encapsulated packet (DTLS-encrypted or unencrypted). I > think 4 bytes would be long enough for this header, and that > would maintain 32-bit alignment. IMO, it should contain 2 > fields -- a one byte version number (0x01) and a three-byte > type field. At this point, only two types would be defined. > > I do not have a major technical objection to the third port > option, I just think it is less clean from an architectural > standpoint. > > I would rather strenuously object to the proposed approaches > that involve zeroing out the DTLS header or running a packet > through DTLS and then treating it as unencrypted if that fails, etc. > > Margaret > > > On Oct 25, 2006, at 12:33 PM, Pat Calhoun (pacalhou) wrote: > > > Not pushing for the hack. I've stated I do not object to a > third UDP > > port, but provided an alternative should IANA refuse to > give it to us. > > > > Pat Calhoun > > CTO, Wireless Networking Business Unit Cisco Systems > > > > > > > >> -----Original Message----- > >> From: Scott G. Kelly [mailto:s.kelly@ix.netcom.com] > >> Sent: Tuesday, October 24, 2006 1:24 PM > >> To: Pat Calhoun (pacalhou); Hasan Raza; pagarwal@broadcom.com > >> Cc: capwap > >> Subject: RE: [Capwap] need clarification on UDP ports > >> > >> "Pat Calhoun (pacalhou)" wrote: > >> > >>> Except we can document that any CAPWAP implementation receiving a > >>> packet with 'n' zeroes uses DTLS header format foo, which > >> is of lengh 'y'. > >> > >> ...except that it is decidedly *not* a DTLS header, right? > >> I'm having a really hard time understanding why you're > >> pushing for a hack at any/all costs to solve this problem. We > >> are at the design stage - if there were ever a time to do it > >> right, that time is now. Exactly what will break if we don't > >> adopt this hack? > >> > >> Scott > >> > > _________________________________________________________________ > > To unsubscribe or modify your subscription options, please visit: > > http://lists.frascone.com/mailman/listinfo/capwap > > > > Archives: http://lists.frascone.com/pipermail/capwap > _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Oct 26 06:45:28 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gd2jo-0007k7-Hf for capwap-archive@lists.ietf.org; Thu, 26 Oct 2006 06:45:28 -0400 Received: from mx1.tigertech.net ([64.62.209.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gd2jl-0004iI-Jx for capwap-archive@lists.ietf.org; Thu, 26 Oct 2006 06:45:28 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by zoidberg.tigertech.net (Postfix) with ESMTP id 25FDB3980BA for ; Thu, 26 Oct 2006 03:45:25 -0700 (PDT) Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32]) by fry.tigertech.net (Postfix) with ESMTP id E75E24A45C5 for ; Thu, 26 Oct 2006 03:44:07 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id D5F5D430AF9 for ; Thu, 26 Oct 2006 03:44:07 -0700 (PDT) Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by hermes.tigertech.net (Postfix) with ESMTP id A57CD430B01 for ; Thu, 26 Oct 2006 03:44:03 -0700 (PDT) Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-6.cisco.com with ESMTP; 26 Oct 2006 03:44:03 -0700 Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-2.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k9QAi3OR023607; Thu, 26 Oct 2006 03:44:03 -0700 Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id k9QAi2in018840; Thu, 26 Oct 2006 03:44:03 -0700 (PDT) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Thu, 26 Oct 2006 03:44:02 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Thu, 26 Oct 2006 03:44:02 -0700 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A202B8BAAE@xmb-sjc-235.amer.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] Seperate Port Vs Common Port Approach Comparison... Thread-Index: Acb27W73FXmPFbhfQM6OpmPPcuuOzQB28Qpw From: "Pat Calhoun (pacalhou)" To: "Navin (NKA)" , "Scott G. Kelly" X-OriginalArrivalTime: 26 Oct 2006 10:44:02.0885 (UTC) FILETIME=[A6F70F50:01C6F8EB] Authentication-Results: sj-dkim-2.cisco.com; header.From=pcalhoun@cisco.com; dkim=pass ( sig from cisco.com verified; ); X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes X-Spam-Status: No, hits=0.4 tagged_above=-999.0 required=7.0 tests=DNS_FROM_RFC_ABUSE, SPF_HELO_PASS, SPF_PASS X-Spam-Level: Cc: capwap@frascone.com Subject: Re: [Capwap] Seperate Port Vs Common Port Approach Comparison... X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.0 (/) X-Scan-Signature: 2d133cc328f58695161c98bb4f4dc213 > Situation 1: A legitimate WTP just now got powered and once > its up, it starts > sending discovery packet to ACs. And once > discovery is complete, > DTLS session establishment between WTP and AC. > Seperate Port Apporach: > * AC will get the discovery packet on 0x2FBF port > * it would do discovery reply. > * WTP in turn would start the DTLS session establishement > by sending > CliehtHello message to 0x2FC0 port of AC. > * When AC gets ClientHello on 0x2FC0 and finds out that > no prior session > information exists, it would continue with DTLS session > establishment > process. > > Common Port Apporach: > * AC will get the discovery packet on 0x2FBF port Given that the Discovery packet is optional, how did the AC determine this is a Discovery packet as opposed to the beginning of the DTLS session setup? That's the challenge we are trying to resolve. > * AC will try finding out if prior session information > for the WTP exists > or not. If not, it would do discovery reply. > * WTP in turn would start the DTLS session establishement > by sending > CliehtHello message to 0x2FBF port of AC. > * When AC gets ClientHello on 0x2FBF and finds out that > prior WTP session > information exists (and FSM state is Discovery), it > would continue with > DTLS session establishment process. > > > Situation 2a: A fully functional (in Capwap Run State) WTP > gets rebooted > accidently, and once it is up, it starts > sending non-DTLS type > Discovery packet again to an AC. > Seperate Port Approach (Proactive implementation): > * AC will get the discovery packet on 0x2FBF port > * it would do discovery reply. > * WTP in turn would start the DTLS session establishement > by sending > CliehtHello message to 0x2FC0 port of AC. > * When AC gets ClientHello on 0x2FC0 and finds out that > prior WTP session > information exists (with FSM=Run), AC will assume that > most likely WTP > got rebooted and it would go ahead and reset > (state=Discovery) WTP > session information. Ultimately, AC would continue > with DTLS session > establishment by processing ClientHello message. > Remark: No keepalive type timer expiry happens. So WTP will > be up in NO time. I disagree with this, but see the similar state change comment below. > > Common Port Apporach (Proactive implementation): > * AC will get the discovery packet on 0x2FBF port Again, the AC thinks that the WTP already has a DTLS session setup. So how does it know whether this is a discovery packet or the beginning of the DTLS session. Clearly, stating that the DTLS SA table entry consists of both the WTP's IP address and UDP Port number, and requiring that the WTP use a different source port across reboots resolves some issues. We are still down to the point where we need to be able to clearly identify the discovery packets from the DTLS packets. > * AC will try finding out if prior session information > for the WTP exists > or not. As it does (with FSM=RUN), AC will assume that > most likely WTP > got rebooted and it would go ahead and reset > (state=Discovery) WTP > session information. Ultimately, AC would do discovery reply. This I disagree with, because it causes the state to be reset without any cryptographic proof that the WTP sending the packets is in fact the right one. I think we would need the DTLS session to be established (or at least the WTP be properly authenticated) prior to reseting any state. > * WTP in turn would start the DTLS session establishement > by sending > CliehtHello message to 0x2FBF port of AC. > * When AC gets ClientHello on 0x2FBF and finds out that > prior WTP session > information exists (with FSM=Discovery), it would > continue with DTLS > session establishment process. > Remark: No keepalive type timer expiry happens. So WTP will > be up in NO time. > > > Situation 2b: A fully functional (in Capwap Run State) WTP > gets rebooted > accidently, and once it is up, it starts > sending non-DTLS type > Discovery packet again to an AC. > Seperate Port Approach (Reactive implementation): > * AC will get the discovery packet on 0x2FBF port > * it would do discovery reply. > * WTP in turn would start the DTLS session establishement > by sending > CliehtHello message to 0x2FC0 port of AC. > * When AC gets ClientHello on 0x2FC0 and finds out that > prior WTP session > information exists (with FSM=Run), AC would simply discard the > clientHello packet. And would wait for the keepalive > timer to expire for > the WTP session under consideration. Once the timer is > expired, WTP > session information will be deleted, bringing AC in > sync with WTP. > Ultimately AC will start processing clientHello packets > to carry on with > DTLS session establishment. > Remark: WTP UP will be in close to keepalive timer value time. > > Common Port Apporach (Reactive implementation): > * AC will get the discovery packet on 0x2FBF port > * AC will try finding out if prior session information > for the WTP exists > or not. As it does (with FSM=RUN), AC will simply drop > the incoming > discovery pacekt and wait for the keepalive timer to > expire for the WTP > session under consideration. Once the timer is expired, > AC's FSM will be > in sync with WTP. From this point onwards, AC will > start processing > discovery packets followed by DTLS session establishment. > Remark: WTP UP will be in close to keepalive timer value time Neither one of situation 2b is acceptable, IMHO. There is no need to impose a delay in the DTLS setup. If we properly ensure that authentication occurs prior to flushing of the state in situation 2a, then I think we have a functional protocol. > > > Situation 3: There is one fully functional legitimate WTP > providing WLAN > services and is Capwap controlled by an AC. An > illegal WTP > somehow gets access to the WTP/AC's networks and > can snoop > packets from the wire. In such situation, it can > snoop legitimate > WTP's IP address and start sending discovery > request to the AC > on 0x2FBF. This is a sort of DoS attack situation. > Seperate Port Approach (Proactive implementation): > * AC will get the discovery packet on 0x2FBF port > * it would do discovery reply. > * LETS NOT WORRY ABOUT LEGITIMATE WTP'S REACTION > TO DISCOVERY REPLY. > * Illegal WTP in turn would start the DTLS session > establishement by > sending CliehtHello message (and fake IP address) to > 0x2FC0 port of AC. > * When AC gets ClientHello on 0x2FC0 and finds out that > prior WTP session > information exists (with FSM=Run), AC will assume that > most likely WTP > got rebooted and it would go ahead and reset > (state=Discovery) WTP > session information. Ultimately, AC would continue > with DTLS session > establishment by processing ClientHello message. But > most likely the > illegal WTP may not be having proper certificates etc, so its > authentication will fail ultimately with AC. > Remark: DoS attack was SUCCESSFUL. A legitimate WTP's session > was brought > down by an illegal WTP. > > Common Port Apporach (Proactive implementation): > * AC will get the discovery packet on 0x2FBF port > * AC will try finding out if prior session information > for the WTP exists > or not. As it does (with FSM=RUN), AC will assume that > most likely WTP > got rebooted and it would go ahead and reset > (state=Discovery) WTP > session information. Ultimately, AC would do discovery reply. > * LETS NOT WORRY ABOUT LEGITIMATE WTP'S REACTION > TO DISCOVERY REPLY. > * Illegal WTP in turn would start the DTLS session > establishement by > sending CliehtHello message to 0x2FBF port of AC. > * When AC gets ClientHello on 0x2FBF and finds out that > prior WTP session > information exists (with FSM=Discovery), it would > continue with DTLS > session establishment process. But most likely the > illegal WTP may not > be having proper certificates etc, so its > authentication will fail > ultimately with AC. > Remark: DoS attack was SUCCESSFUL. A legitimate WTP's session > was brought > down by an illegal WTP. That's only because of a flaw in the logic in situation 2a. Requiring that the DTLS session be established prior to reseting state does not create the vulnerability you describe here. That said, I think there's also another fundamental problem with this situation. You assume that the AC identifies the WTP simply through its IP address, which I believe is incorrect. The means by which the AC should be identifying the WTP is through its credentials. Consider the following two cases: 1) WYP reboots and performs a DHCP and gets a new IP Address. In this case, if the AC were to simply use the source IP address, and not the DTLS credentials, it would end up thinking it had two separate WTPs connected, when in fact only one exists. Surely, the AC would eventually time out the old IP address, but I don't see any real benefits in this. Tying the identity to the WTPs credentials would require the AC to perform a credentials lookup when the new DTLS session was being established, and once the session was successfully setup, would cause the old DTLS (and associated CAPWAP state) to be flushed. 2. WTP loses power, and at the same time another WTP reboots. The second WTP ends up getting the IP address of the WTP that had lost power. Again, if the AC were to simply use the IP address (and not DTLS credentials), then it would improperly assume that the new WTP was in the fact the old one, and flush the wrong DTLS (and WTP CAPWAP state). > > > Situation 4: There is one fully functional legitimate WTP > providing WLAN > services and is Capwap controlled by an AC. An > illegal WTP > somehow gets access to the WTP/AC's networks and > can snoop > packets from the wire. In such situation, it can > snoop legitimate > WTP's IP address and start sending discovery > request to the AC on > 0x2FBF. This is a sort of DoS attack situation. > Seperate Port Approach (Reactive implementation): > * AC will get the discovery packet on 0x2FBF port > * it would do discovery reply. > * LETS NOT WORRY ABOUT LEGITIMATE WTP'S REACTION TO > DISCOVERY REPLY. > * Illegal WTP in turn would start the DTLS session > establishement by > sending CliehtHello message (and fake IP address) to > 0x2FC0 port of AC. > * When AC gets ClientHello on 0x2FC0 and finds out that > prior WTP session > information exists (with FSM=Run), AC will keep > dropping the clientHello > packet coming from duplicate (illegal) WTP. Assuming > Capwap Keepalive > messages continue to come to AC, legitimate WTP's > session would remain > intact. > Remark: DoS attack was NOT SUCCESSFUL. > > Common Port Apporach (Reactive implementation): > * AC will get the discovery packet on 0x2FBF port > * AC will try finding out if prior session information > for the WTP exists > or not. As it does (with FSM=RUN), AC will simply drop > the incoming > discovery pacekt coming from duplicate (& illegal) WTP. > Assuming Capwap > Keepalive messages continue to come to AC, legitimate > WTP's session > would remain intact. > Remark: DoS attack was NOT successful. True, but at a cost. Again, requiring that state changes only occur once the DTLS session is established eliminates all of these attacks, without any time tax. > > > Conclusion: Common Port approach behaves nearly same as Seperate port > approach be it normal functioning or DoS > attack situation. While I believe the tweaks I described above are required, I do generally agree that either alternative are equivalent (from a vulnerability standpoint). Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap Archives: http://lists.frascone.com/pipermail/capwap From capwap-bounces+capwap-archive=lists.ietf.org@frascone.com Thu Oct 26 06:51:07 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gd2pH-00040O-0t for capwap-archive@lists.ietf.org; Thu, 26 Oct 2006 06:51:07 -0400 Received: from mx1.tigertech.net ([64.62.209.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gd2pC-0005UF-2o for capwap-archive@lists.ietf.org; Thu, 26 Oct 2006 06:51:07 -0400 Received: from fry.tigertech.net (fry.tigertech.net [64.62.209.19]) by zoidberg.tigertech.net (Postfix) with ESMTP id B8FA639807A for ; Thu, 26 Oct 2006 03:51:00 -0700 (PDT) Received: from mx2.tigertech.net (mx2.tigertech.net [64.62.209.32]) by fry.tigertech.net (Postfix) with ESMTP id 002714A45C5 for ; Thu, 26 Oct 2006 03:47:59 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id E0AE4430B2D for ; Thu, 26 Oct 2006 03:47:59 -0700 (PDT) Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by hermes.tigertech.net (Postfix) with ESMTP id 1FF94430B2C for ; Thu, 26 Oct 2006 03:47:56 -0700 (PDT) Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-6.cisco.com with ESMTP; 26 Oct 2006 03:47:56 -0700 Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-3.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k9QAltn6018225; Thu, 26 Oct 2006 03:47:55 -0700 Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id k9QAltW4017579; Thu, 26 Oct 2006 03:47:55 -0700 (PDT) Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 26 Oct 2006 03:47:55 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Thu, 26 Oct 2006 03:47:54 -0700 Message-ID: <4FF84B0BC277FF45AA27FE969DD956A202B8BAB5@xmb-sjc-235.amer.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Capwap] CAPWAP for 802.11r Thread-Index: Acb41g0e9uwBEGSlRlaejfrki2c+1wAFdI+g From: "Pat Calhoun (pacalhou)" To: "Dorothy Stanley" , "Behcet Sarikaya" X-OriginalArrivalTime: 26 Oct 2006 10:47:55.0625 (UTC) FILETIME=[31B05D90:01C6F8EC] Authentication-Results: sj-dkim-3.cisco.com; header.From=pcalhoun@cisco.com; dkim=pass ( 59 extraneous bytes; sig from cisco.com verified; ); X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hermes X-Spam-Status: No, hits=0.5 tagged_above=-999.0 required=7.0 tests=DNS_FROM_RFC_ABUSE, HTML_40_50, HTML_MESSAGE, SPF_HELO_PASS, SPF_PASS X-Spam-Level: Cc: capwap Subject: Re: [Capwap] CAPWAP for 802.11r X-BeenThere: capwap@frascone.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: A list for CAPWAP technical discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============0378057681==" Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com X-Spam-Score: 0.1 (/) X-Scan-Signature: 94ddbad0060c343c23e74ba9bbebbccf This is a multi-part message in MIME format. --===============0378057681== Content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C6F8EC.3193AD4D" This is a multi-part message in MIME format. ------_=_NextPart_001_01C6F8EC.3193AD4D Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I agree, but that doesn't mean that we should be dillatory and not fix something in the protocol that is known to be broken in supporting an upcoming ammendment. This is not the case with 802.11r, but just wanted to provide my interpretation of the process.. =20 Pat Calhoun CTO, Wireless Networking Business Unit Cisco Systems =20 ________________________________ From: Dorothy Stanley [mailto:dstanley1389@gmail.com]=20 Sent: Thursday, October 26, 2006 1:02 AM To: Behcet Sarikaya Cc: capwap Subject: Re: [Capwap] CAPWAP for 802.11r =09 =09 All, =09 I believe that we previously agreed that the initial CAPWAP specification(s) will support 802.11 capabilities through those defined in 802.11-REVma, expected to be approved in Dec 06, and that unapproved amendments including .11k, .11r, .11n etc would be dealt with in a future version.=20 =09 Thus 802.11r support in CAPWAP, the discussion of which is very interesting, is not in scope for the current CAPWAP specifications under development. =09 Thanks, =09 Dorothy =09 =09 On 10/25/06, Behcet Sarikaya wrote:=20 Comments inline. =09 =09 ----- Original Message ---- From: Charles Clancy To: Pat Calhoun (pacalhou) Cc: Behcet Sarikaya < sarikaya@ieee.org >; capwap Sent: Monday, October 23, 2006 11:00:38 AM Subject: Re: [Capwap] CAPWAP for 802.11r =09 =09 Unless PMK-R1s are preemptively distributed to WTPs to which a STA might roam (neighbor graphs, anyone?), you'll still have the WTP-AC latency for=20 the WTP to request a PMK-R1 from the AC (R0KH). This would be about equal to the latency of having the AC validating Association Request packets. =09 =3D=3D>PMK-R1 is sent during Authenticate req/resp exchange, so no effect on ReassReq/Resp latency. =09 Does 11r let you proactively distribute PMK-R1s? I don't see any references in D3... all I see is the reactive distribution protocol.=20 =3D=3D>I think it is possible but the key distribution protocol is more advantageous because you do not distribute keys to WTPs that may never need to use such a key. =09 =09 My understanding is that one of the reasons 11r is faster is because keys can be *reactively* transfered directly between APs without having to go through the AAA server. Unfortunately our main security association is=20 with the AC, not the WTP, and inter-WTP communications is bad, so everything will have to go through the AC. =09 =3D=3D>No inter-WTP communications in CAPWAPRP.=20 =09 =09 --=20 t. charles clancy, ph.d. <> tcc@umd.edu <> www.cs.umd.edu/~clancy =20 =09 On Mon, October 23, 2006 10:28 am, Pat Calhoun $pacalhou$ wrote: > I agree with Charles - but I do believe there is a single issue. In the > case of local MAC, the IEEE 802.11 binding states that the WTP processes > the Association Request and then forwards it to the AC. The AC can > override the decision made by the WTP by sending a negative result > Association Response. > > When 802.11r, the local MAC WTP will not have the cryptographic keys > necessary to validate the Association Request, so it would *have* to > defer to the AC. The question is whether this is acceptable as it does=20 > change the timing of the Association round trip. One alternative is to > push the PMK-R1 keys to the WTP to allow the WTP to perform its own > authentication of the management frame. > > Pat Calhoun=20 > CTO, Wireless Networking Business Unit > Cisco Systems > > > >> -----Original Message----- >> From: Charles Clancy [mailto: clancy@cs.umd.edu ] >> Sent: Thursday, October 19, 2006 12:27 PM >> To: Behcet Sarikaya >> Cc: capwap >> Subject: Re: [Capwap] CAPWAP for 802.11r >> >> Behcet, >>=20 >> > My proposal is to use the key distribution protocol of >> 802.11r which >> > securely transports the keys. >> > Also no need for the context transfer which was what I had in mind.=20 >> >> My point is that we don't need to distribute PMK-R1 keys >> since all authenticator functionality will reside at the AC >> regardless of the MAC splitting, so we therefore don't need a=20 >> new key distribution protocol at all. >> >> Here's how I envision an 11r handoff: >> >> STA WTP1 WTP2 AC >> -------------------------------------------------- >> >> Initial authentication (as CAPWAP does now): >> >> <--- assoc -----> >> <-------------- open authentication ------------->=20 >> <----------------- 1X/EAP authentication --------> >> (derives PMK-R0, PMK-R1) >> <--------------- four-way handshake -------------> >> (derives PTK) >> <---------- add mobile (PTK) ----- >> >> fast handoff: >> >> (AC and STA derive new PMK-R1') >> <------- FT / reassoc (PMK Name, MIC, etc) ------> >> (derives new PTK') >> <- add mobile (PTK') >> <---------- delete mobile -------- >> >> >> > Can you spare your ideas why that would not work in CAPWAP? >> >> I'm not sure to what you're referring. Using the >> yet-to-be-defined 11r key distribution protocol duplicates >> the add-mobile CAPWAP architecture for distributing keying=20 >> material. Additionally, it violates the security restriction >> that keys from the PMK-level in the keying hierarchy MUST >> remain at the authenticator, which is the AC. >> >> > You're saying we only need the split MAC scenarios that I=20 >> have in the >> > draft. >> >> I'm saying that CAPWAP can support 11r without any protocol >> changes. The only changes I can envision being necessary are >> perhaps capabilities flags indicating support for 11r, so ACs=20 >> and WTPs know that each other supports 11r. All the 11r >> protocol processing would be implemented at the AC. The WTP >> would just have to know about the additional 802.11 messages, >> and know they should be forwarded to the AC. WTPs and ACs >> would also have to support AES-CMAC, which is defined in 11r.=20 >> >> -- >> t. charles clancy, ph.d. | tcc@umd.edu | www.cs.umd.edu/~clancy =20 >> >> _________________________________________________________________ >> To unsubscribe or modify your subscription options, please visit: >> http://lists.frascone.com/mailman/listinfo/capwap >> >> Archives: http://lists.frascone.com/pipermail/capwap=20 >> > =09 =09 _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap =09 Archives: http://lists.frascone.com/pipermail/capwap=20 =09 =09 _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/capwap =09 Archives: http://lists.frascone.com/pipermail/capwap=20 =09 =09 ------_=_NextPart_001_01C6F8EC.3193AD4D Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

I=20 agree, but that doesn't mean that we should be dillatory and not fix = something=20 in the protocol that is known to be broken in supporting an upcoming = ammendment.=20 This is not the case with 802.11r, but just wanted to provide my = interpretation=20 of the process..

Pat Calhoun
CTO, Wireless Networking = Business=20 Unit
Cisco Systems

From: Dorothy Stanley=20 [mailto:dstanley1389@gmail.com]
Sent: Thursday, October 26, = 2006=20 1:02 AM
To: Behcet Sarikaya
Cc: = capwap
Subject:=20 Re: [Capwap] CAPWAP for 802.11r

All,

I believe that we previously agreed that = the
initial=20 CAPWAP specification(s) will support 802.11 capabilities = through
those=20 defined in 802.11-REVma, expected to be approved in Dec 06, and=20 that
unapproved amendments including .11k, .11r, .11n etc would be = dealt=20 with
in a future version.

Thus 802.11r support in = CAPWAP, the=20 discussion of which is very interesting,
is not in scope for the = current=20 CAPWAP specifications under = development.

Thanks,

Dorothy

On 10/25/06, Behcet=20 Sarikaya <behcetsarikaya@yahoo.com>= =20 wrote:

Comments=20 inline.

----- Original Message ----
From: Charles Clancy <clancy@cs.umd.edu>
To: Pat=20 Calhoun (pacalhou) <pcalhoun@cisco.com>
Cc: Behcet Sarikaya = < = sarikaya@ieee.org>;=20 capwap <capwap@frascone.com>
Sent: Monday, October = 23, 2006=20 11:00:38 AM
Subject: Re: [Capwap] CAPWAP for = 802.11r

Unless PMK-R1s are preemptively distributed to = WTPs to=20 which a STA might
roam (neighbor graphs, anyone?), you'll still = have the=20 WTP-AC latency for
the WTP to request a PMK-R1 from the AC=20 (R0KH).  This would be about equal
to the latency of = having the=20 AC validating Association Request = packets.

=3D=3D>PMK-R1 is=20 sent during Authenticate req/resp exchange, so no effect on = ReassReq/Resp=20 latency.

Does 11r let you proactively = distribute=20 PMK-R1s?  I don't see any
references in D3... all I see = is the=20 reactive distribution protocol.
=3D=3D>I think it is = possible but=20 the key distribution protocol is more advantageous because you do = not=20 distribute keys to WTPs that may never need to use such a key.

My understanding is that one of the reasons = 11r is=20 faster is because keys
can be *reactively* transfered directly = between=20 APs without having to go
through the AAA = server.  Unfortunately=20 our main security association is
with the AC, not the WTP, and = inter-WTP=20 communications is bad, so
everything will have to go through the=20 AC.

=3D=3D>No inter-WTP communications in CAPWAPRP.

--
t. = charles=20 clancy, ph.d.  <>  tcc@umd.edu  <>  =20 www.cs.umd.edu/~clancy

On Mon, October 23, 2006 10:28 am, = Pat=20 Calhoun $pacalhou$ wrote:
> I agree with Charles - but I do = believe=20 there is a single issue. In the
> case of local MAC, the IEEE = 802.11=20 binding states that the WTP processes
> the Association = Request and=20 then forwards it to the AC. The AC can
> override the decision = made by=20 the WTP by sending a negative result
> Association=20 Response.
>
> When 802.11r, the local MAC WTP will not = have the=20 cryptographic keys
> necessary to validate the Association = Request, so=20 it would *have* to
> defer to the AC. The question is whether = this is=20 acceptable as it does
> change the timing of the Association = round=20 trip. One alternative is to
> push the PMK-R1 keys to the WTP = to allow=20 the WTP to perform its own
> authentication of the management=20 frame.
>
> Pat Calhoun
> CTO, Wireless Networking = Business Unit
> Cisco = Systems
>
>
>
>>=20 -----Original Message-----
>> From: Charles Clancy = [mailto:=20 clancy@cs.umd.edu]
>> Sent: Thursday, October 19, 2006 = 12:27=20 PM
>> To: Behcet Sarikaya
>> Cc: = capwap
>>=20 Subject: Re: [Capwap] CAPWAP for 802.11r
>>
>>=20 Behcet,
>>
>> > My proposal is to use the key=20 distribution protocol of
>> 802.11r which
>> > = securely=20 transports the keys.
>> > Also no need for the context = transfer=20 which was what I had in mind.
>>
>> My point is = that we=20 don't need to distribute PMK-R1 keys
>> since all = authenticator=20 functionality will reside at the AC
>> regardless of the = MAC=20 splitting, so we therefore don't need a
>> new key = distribution=20 protocol at all.
>>
>> Here's how I envision an = 11r=20 handoff:
>>
>>=20 = STA           &nbs= p;WTP1          =20 = WTP2           &nb= sp;  AC
>>=20 = --------------------------------------------------
>>
>>= ;=20 Initial authentication (as CAPWAP does now):
>>
>> = <---=20 assoc ----->
>> <-------------- open authentication=20 ------------->
>> <----------------- 1X/EAP = authentication=20 = -------->
>>        &= nbsp;       (derives=20 PMK-R0, PMK-R1)
>> <--------------- four-way handshake=20 = ------------->
>>       &n= bsp;           &nb= sp;(derives=20 = PTK)
>>         &nb= sp;      =20 <---------- add mobile (PTK) -----
>>
>> fast=20 = handoff:
>>
>>       = ;         (AC=20 and STA derive new PMK-R1')
>> <------- FT / reassoc = (PMK Name,=20 MIC, etc)=20 = ------>
>>        &nb= sp;         =20 (derives new=20 = PTK')
>>         &n= bsp;           &nb= sp;        =20 <- add mobile=20 = (PTK')
>>         &= nbsp;      =20 <---------- delete mobile = --------
>>
>>
>>=20 > Can you spare your ideas why that would not work in=20 CAPWAP?
>>
>> I'm not sure to what you're=20 referring.  Using the
>> yet-to-be-defined 11r = key=20 distribution protocol duplicates
>> the add-mobile CAPWAP=20 architecture for distributing keying
>>=20 material.  Additionally, it violates the security=20 restriction
>> that keys from the PMK-level in the keying = hierarchy=20 MUST
>> remain at the authenticator, which is the=20 AC.
>>
>> > You're saying we only need the = split MAC=20 scenarios that I
>> have in the
>> >=20 draft.
>>
>> I'm saying that CAPWAP can support = 11r=20 without any protocol
>> changes.  The only = changes I can=20 envision being necessary are
>> perhaps capabilities flags=20 indicating support for 11r, so ACs
>> and WTPs know that = each=20 other supports 11r.  All the 11r
>> protocol = processing=20 would be implemented at the AC.  The WTP
>> would = just=20 have to know about the additional 802.11 messages,
>> and = know they=20 should be forwarded to the AC.  WTPs and ACs
>> = would=20 also have to support AES-CMAC, which is defined in 11r.=20
>>
>> --
>> t. charles clancy,=20 ph.d.  |  tcc@umd.edu  |  =20 www.cs.umd.edu/~clancy
>>
>>=20 = _________________________________________________________________
>= >=20 To unsubscribe or modify your subscription options, please=20 visit:
>> http://lists.frascone.com/mailman/listinfo/capwap
= >>
>>=20 Archives: http://lists.frascone.com/pipermail/capwap=20 =
>>
>

_________________________________________= ________________________
To=20 unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/capwap
=
Archives:=20 http://lists.frascone.com/pipermail/capwap=20 =