As a co-author of the document, I believe the document is = ready for adoption. Feel free to comment so we can improve the document for= its next iteration.

BR,=C2=A0

Daniel

On Mon, Aug 17= , 2015 at 1:49 PM, Susan Hares <shares@ndzh.com> wrote:

This begins a 2 week WG adoption call for d= raft-mglt-i2rs-security-requirements.=C2=A0 This draft discusses the securi= ty requirements for the I2RS environment.=C2=A0 You can find the draft at:<= u>

=C2=A0

https://tools.ietf.org/html/draft-m= glt-i2rs-security-environment-reqs-00

=C2=A0

A security reviewer w= ill review this draft during the time 8/20 to 8/25.=C2=A0=C2=A0 We will pos= t the security directorate review to this discussion.

=C2=A0

Sue Hare= s

=C2=A0

_______________________________________________
i2rs mailing list
i2rs@ietf.org
https://www.ietf.org/mailman/listinfo/i2rs

--089e013cbd6808ee81051dd28810-- From nobody Fri Aug 21 06:50:54 2015 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 586831A9050 for ; Fri, 21 Aug 2015 06:50:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.277 X-Spam-Level: X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PFdfFxgtwbDm for ; Fri, 21 Aug 2015 06:50:51 -0700 (PDT) Received: from mail-io0-x22f.google.com (mail-io0-x22f.google.com [IPv6:2607:f8b0:4001:c06::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 096401A905B for ; Fri, 21 Aug 2015 06:50:51 -0700 (PDT) Received: by iodv127 with SMTP id v127so81889380iod.3 for ; Fri, 21 Aug 2015 06:50:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=1iK3l16MLAUbtF/PzWDvQualG1igZFHfeCo1VQwhJc8=; b=jXXG7M8x59eme3H7T4AJVO8FMpXmTz1WCi+FOW13eLeGE5wsTkEtdGMQUr8rUQONjY b2V/bh3G2OVz1QqoglLrytQeQ/AYTwnDRV8TX9Q1Zyyt1my83QHedZl46kMHRk6WzHox zuMZ97VGj+tnliBTeyKaYPRyWBislXRFID3mTJ5e4V5nUGyjF0d4cxaXVHSO/p3Z7qCu IJfv7/rR2DSGck+lYYsd5xHopc1MgQDnwpuVZSDi8qxc3msqQfA65y07xE5JxUKWax76 q8x9WXzRCGltME65YfyHcH8A76D9b4Q7Y7U6Feut/ENkxlxhaKDrSwoxXpV/sxyHEX00 ubCw== MIME-Version: 1.0 X-Received: by 10.107.37.12 with SMTP id l12mr5231317iol.92.1440165050468; Fri, 21 Aug 2015 06:50:50 -0700 (PDT) Sender: mglt.ietf@gmail.com Received: by 10.79.21.196 with HTTP; Fri, 21 Aug 2015 06:50:50 -0700 (PDT) In-Reply-To: <019b01d0d914$24c02590$6e4070b0$@ndzh.com> References: <019b01d0d914$24c02590$6e4070b0$@ndzh.com> Date: Fri, 21 Aug 2015 09:50:50 -0400 X-Google-Sender-Auth: VUbSVjUvTzF15xVwnc1uvByRUHI Message-ID: From: Daniel Migault To: Susan Hares Content-Type: multipart/alternative; boundary=001a1141b24e404f7d051dd28e5a Archived-At: Cc: Jeffrey Haas , i2rs@ietf.org Subject: Re: [i2rs] WG adoption - draft-hares-i2rs-auth-trans-04 (8/17 to 8/31) X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Interface to The Internet Routing System $IRS$" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Aug 2015 13:50:53 -0000 --001a1141b24e404f7d051dd28e5a Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable As a co-author of the document, I believe the document is ready for adoption. Feel free to comment so we can improve the document for its next iteration. I also support the two documents as it appears to be much cleaner to have two separate documents. BR, Daniel On Mon, Aug 17, 2015 at 1:42 PM, Susan Hares wrote: > This is a 2 week WG adoption call for the > draft-hares-i2rs-auth-trans-04.txt which provides the security requiremen= ts > for the I2RS protocol. > > > > To be adopted, this draft does not need to be perfect, but a good > direction for the I2RS protocol security. > > > > Please note that Juergen=E2=80=99s review of this draft has the following= feedback: > > =E2=80=A2 Requirements 1, 2, 5, 6, 7, 9, 11, 13, 14, 15, 16, 18, 19= , 20 =E2=80=93 > were ok, > > =E2=80=A2 Editorial requirements 3 and 4 need clarifications on wor= ds, and > requirement 10 is ambiguous, and > > =E2=80=A2 Requirements 8, 12, and the multiple message sequence (wa= s > req-17) are not security protocols, > > =E2=80=A2 Technical question: Why should we support an insecure pro= tocol. > > > > A security directorate reviewer will review this draft starting on 8/20. > I will post these reviews and the document changes. Please suggest chang= es > to requirement 3, 4, and 10; and if I2RS should support an insecure > protocol. > > > > Once we get the security reviewers feedback on 8, 12, and the multiple > messages =E2=80=93 I will post the feedback and we=E2=80=99ll discuss rea= l time. > > > > *Sue Hares * > > > > _______________________________________________ > i2rs mailing list > i2rs@ietf.org > https://www.ietf.org/mailman/listinfo/i2rs > > --001a1141b24e404f7d051dd28e5a Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

As a co-author of the document, I believe the document is = ready for adoption. Feel free to comment so we can improve the document for= its next iteration.

I also support the two documents as= it appears to be much cleaner to have two separate documents.

BR,=C2=A0

Daniel

On Mon, Aug 17, 2015 at 1:42 PM, Susan Ha= res <shares@ndzh.com> wrote:

This is a 2 week WG adoption call for the draft-hares-i2rs-auth-trans-= 04.txt which provides the security requirements for the I2RS protocol. =C2= =A0
=C2=A0
To be adopted, this draft does not need to be perfect, but = a good direction for the I2RS protocol security.
=C2=A0
Please note t= hat Juergen=E2=80=99s review of this draft has the following feedback:
=E2= =80=A2=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0 Requirements 1, 2, 5, = 6, 7, 9, 11, 13, 14, 15, 16, 18, 19, 20 =E2=80=93 were ok,
=E2=80=A2=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0 Editorial requirements 3 and 4 need c= larifications on words, and requirement 10 is ambiguous, and =
=E2=80=A2=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0 Requirements 8, 12, and the multip= le message sequence (was req-17) are not security protocols, =
=E2=80=A2=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0 Technical question: Why should we = support an insecure protocol.
<= /u>=C2=A0
A security directorate reviewer = will review this draft starting on 8/20.=C2=A0 I will post these reviews an= d the document changes.=C2=A0 Please suggest changes to requirement 3, 4, a= nd 10; and if I2RS should support an insecure protocol.
<= p class=3D"MsoNormal">=C2=A0
Once w= e get the security reviewers feedback on 8, 12, and the multiple messages = =E2=80=93 I will post the feedback and we=E2=80=99ll discuss real time. =
=C2=A0
Sue Hares
= =C2=A0

__________________________________________= _____
i2rs mailing list
i2rs@ietf.org
https://www.ietf.org/mailman/listinfo/i2rs

--001a1141b24e404f7d051dd28e5a-- From nobody Fri Aug 21 08:26:52 2015 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0877C1A0372 for ; Fri, 21 Aug 2015 08:26:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.277 X-Spam-Level: X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qGU3m2gZ71g0 for ; Fri, 21 Aug 2015 08:26:49 -0700 (PDT) Received: from mail-io0-x22c.google.com (mail-io0-x22c.google.com [IPv6:2607:f8b0:4001:c06::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F2CE1A0262 for ; Fri, 21 Aug 2015 08:26:49 -0700 (PDT) Received: by iodt126 with SMTP id t126so85532511iod.2 for ; Fri, 21 Aug 2015 08:26:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=SOQjGkXBQVy0MT5pPtXtCxw+ATwf8//shcaBmmSLsuw=; b=TOmho1xKAM4wPDTP+/7Z9SPBEQ83kv74gnamQPJTLHaBw84hg/t11XXv/Ii5hj4ABH kC+Zn1ZTbnI3jlgZ0XlF+2gr9sSliUFe0dPUXJl77FZ0e2B3ubmK9iW/gPASjb0Jjhuz gTMyjKnqGfT74lrTTFMAr3TIRw29SaPhGBGHkspGYF73TbJy9exA8rjjkDGWd+cVVnzz /vOmPzAFrH8ZDeXVvdrVghRbO4IZVXnNKDfvWXbjz9b7Ojsl+uq6XMyI09Vvx8tAlfyC XQxTFI1Mh7z0SzVLeoUCR0bLu80XxTWvbe2RLGEmnApbN2iYDdly5kcaAuMt7kjzuf4y schQ== MIME-Version: 1.0 X-Received: by 10.107.37.12 with SMTP id l12mr5613280iol.92.1440170808888; Fri, 21 Aug 2015 08:26:48 -0700 (PDT) Sender: mglt.ietf@gmail.com Received: by 10.79.21.196 with HTTP; Fri, 21 Aug 2015 08:26:48 -0700 (PDT) In-Reply-To: <01a801d0d915$1558b4e0$400a1ea0$@ndzh.com> References: <01a801d0d915$1558b4e0$400a1ea0$@ndzh.com> Date: Fri, 21 Aug 2015 11:26:48 -0400 X-Google-Sender-Auth: YQmK1qKs4JoLrmI8hY5Hn5AbcUM Message-ID: From: Daniel Migault To: Susan Hares Content-Type: multipart/alternative; boundary=001a1141b24e7ad033051dd3e5d3 Archived-At: Cc: Jeffrey Haas , i2rs@ietf.org, Joel Halpern , Alia Atlas Subject: Re: [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG adoption call (8/17 to 8/31) X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Interface to The Internet Routing System $IRS$" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Aug 2015 15:26:51 -0000 --001a1141b24e7ad033051dd3e5d3 Content-Type: text/plain; charset=UTF-8 Hi, Please note that the subject of the email may be misleading as it indicates a different draft name from the one indicated in the link. For clarification, the draft we consider is the one indicated by the link. BR, Daniel On Mon, Aug 17, 2015 at 1:49 PM, Susan Hares wrote: > This begins a 2 week WG adoption call for > draft-mglt-i2rs-security-requirements. This draft discusses the security > requirements for the I2RS environment. You can find the draft at: > > > > https://tools.ietf.org/html/draft-mglt-i2rs-security-environment-reqs-00 > > > > A security reviewer will review this draft during the time 8/20 to 8/25. > We will post the security directorate review to this discussion. > > > > Sue Hares > > > > _______________________________________________ > i2rs mailing list > i2rs@ietf.org > https://www.ietf.org/mailman/listinfo/i2rs > > --001a1141b24e7ad033051dd3e5d3 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Hi,=C2=A0

Please note that the subject = of the email may be misleading as it indicates a different draft name from = the one indicated in the link. For clarification, the draft we consider is = the one indicated by the link.=C2=A0

BR,=C2=A0

Daniel

On Mon, Aug 17, 2015 at 1:49 PM, Susan Hares <= shares@ndzh.com>= ; wrote:

This begins a 2 week= WG adoption call for draft-mglt-i2rs-security-requirements.=C2=A0 This dra= ft discusses the security requirements for the I2RS environment.=C2=A0 You = can find the draft at:
=C2= =A0
https://to= ols.ietf.org/html/draft-mglt-i2rs-security-environment-reqs-00
=C2=A0
A security reviewer will review this draft during the time 8/20 to 8/25= .=C2=A0=C2=A0 We will post the security directorate review to this discussi= on.
=C2=A0
Sue Hares
= =C2=A0

__________________________________________= _____
i2rs mailing list
i2rs@ietf.org
https://www.ietf.org/mailman/listinfo/i2rs

--001a1141b24e7ad033051dd3e5d3-- From nobody Fri Aug 21 08:52:48 2015 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 527041AC3C2 for ; Fri, 21 Aug 2015 08:52:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.602 X-Spam-Level: X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9RRa46AZYxWh for ; Fri, 21 Aug 2015 08:52:45 -0700 (PDT) Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A4081AC3C4 for ; Fri, 21 Aug 2015 08:52:45 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id 4BEC825520E; Fri, 21 Aug 2015 08:52:45 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net Received: from Joels-MacBook-Pro.local (209-255-163-147.ip.mcleodusa.net [209.255.163.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id 8B335255223; Fri, 21 Aug 2015 08:52:44 -0700 (PDT) To: Linda Dunbar , "i2rs@ietf.org" References: <01a801d0d915$1558b4e0$400a1ea0$@ndzh.com> <4A95BA014132FF49AE685FAB4B9F17F657D1422E@dfweml701-chm> From: Joel Halpern Direct Message-ID: <55D7494B.1090903@joelhalpern.com> Date: Fri, 21 Aug 2015 11:52:43 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 In-Reply-To: <4A95BA014132FF49AE685FAB4B9F17F657D1422E@dfweml701-chm> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit Archived-At: Cc: 'Jeffrey Haas' , "daniel.migault@ericsson.com" , 'Joel Halpern' , 'Alia Atlas' Subject: Re: [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG adoption call (8/17 to 8/31) X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Interface to The Internet Routing System $IRS$" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Aug 2015 15:52:47 -0000 First, there may be some confusion because the announcement. I presume that you are talking about the -environments documents. If the WG concludes that a different chapter structure is useful, we can of course change it. Given that the goal is environment description, I am not sure your proposed structure is significantly better than the existing one. I believe your comment about the text reading "where security functions may be hosted" is well taken, and we should remove that text when we next revise the document. The isolation text is about the need to keep things separate, and the various possible means are degrees / approaches to separation. Isolation is not about treating things differently, nor is it explicitly about using different protocols. So the point of isolation is not that there are different security requirements, but that in order to avoid corss-effects, things should be kept separate. Yours, Joel On 8/20/15 6:42 PM, Linda Dunbar wrote: > I support the WG adoption because I think the I2RS WG needs it. However, > I hope the authors can consider/address the following suggestions/comments: > > When you think about the I2RS security, there are following different > aspects: > > -Communication channel between I2RS client and Agent (and the channel > between I2RS client and applications): > > The channel can be > > oVia physical Private network (e.g. within a secured direct connect > within one site), > > owithin one administrative domain, via virtual private network > > oSecured connection, such as TLS or IPSec > > oPublic internet > > o.. > > -Authentication & Authorization > > othe authentication & authorization requirement for different > communication channels can be different. Therefore, should have separate > sections to address specific requirement for each communication > channels between I2RS agent <-> clients (and client <-> applications) > > The current Section 4 of the draft already has very good description on > the subject. I think 4.4.1 and 4.42 can be separated out of the section. > > -Encryption for the actual content between Client and Agent > > -DoS Design requirement (currently in Section 5.2.1) > > -Management of conflict with other plane (e.g. the management plane, > multi-headed control, which has been discussed extensively in ephemeral > draft) > > I think the draft should be organized from the aspects of the security > to I2RS as suggested above. > > Here are some detailed questions and comments to the requirements listed > in the document: > > Section 1: > > The second paragraph stated the security recommendations must > �specifying where security functions may be hosted�. First of all I > don�t see the draft address this aspect. Second, I think �where > security functions are hosted� is orthogonal to �I2RS security� . > > Section 3: > > what does isolating two planes mean? does it mean they have different > security requirement/issues? Or does it mean they need different protocols? > > What are the key differences with regard to the security requirements > for I2RS plane and for management plane? Section 3.1 describes the > interaction between I2RS plane and management plane. But I see the > security requirement for the management plane is similar to I2RS plane . > If you think that they are very different, can you elaborate more? > > Section 3.4 has title �Recommendations�, but the content are all > requirements. Why not name the section �Requirement�? > > REQ 2: Does it that a different IP address than the one used by the > management system? > > How is REQ 22 different from REQ 21? > > REQ 27 is hard to enforce. How about say something like "shouldn't send > any information beyond what have been defined by the I2RS data model"? > > REQ 30: simply controlling the resource can hardly prevent DoS. > Malicious client can occupy the resource while the valid one can't access. > > Thanks for consideration, > > Linda > > *From:*i2rs [mailto:i2rs-bounces@ietf.org] *On Behalf Of *Susan Hares > *Sent:* Monday, August 17, 2015 12:50 PM > *To:* i2rs@ietf.org > *Cc:* 'Jeffrey Haas'; daniel.migault@ericsson.com; 'Joel Halpern'; > shares@ndzh.com; 'Alia Atlas' > *Subject:* [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG > adoption call (8/17 to 8/31) > > This begins a 2 week WG adoption call for > draft-mglt-i2rs-security-requirements. This draft discusses the > security requirements for the I2RS environment. You can find the draft at: > > https://tools.ietf.org/html/draft-mglt-i2rs-security-environment-reqs-00 > > A security reviewer will review this draft during the time 8/20 to > 8/25. We will post the security directorate review to this discussion. > > Sue Hares > From nobody Fri Aug 21 09:49:10 2015 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACD2F1AC426 for ; Fri, 21 Aug 2015 09:49:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.211 X-Spam-Level: X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NMDZqmcwiSsi for ; Fri, 21 Aug 2015 09:48:59 -0700 (PDT) Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61FD71AC42D for ; Fri, 21 Aug 2015 09:48:58 -0700 (PDT) Received: from 172.18.7.190 (EHLO lhreml404-hub.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CAF79698; Fri, 21 Aug 2015 16:48:54 +0000 (GMT) Received: from DFWEML704-CHM.china.huawei.com (10.193.5.141) by lhreml404-hub.china.huawei.com (10.201.5.218) with Microsoft SMTP Server (TLS) id 14.3.235.1; Fri, 21 Aug 2015 17:48:54 +0100 Received: from DFWEML701-CHM.china.huawei.com ([10.193.5.50]) by dfweml704-chm ([10.193.5.141]) with mapi id 14.03.0235.001; Fri, 21 Aug 2015 09:48:42 -0700 From: Linda Dunbar To: Joel Halpern Direct , "i2rs@ietf.org" Thread-Topic: [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG adoption call (8/17 to 8/31) Thread-Index: AdDZFQfGZ2x8EJ+fRrOcN4ltvsrslgCdyKQgADX7GYAADNx6AA== Date: Fri, 21 Aug 2015 16:48:42 +0000 Message-ID: <4A95BA014132FF49AE685FAB4B9F17F657D15893@dfweml701-chm> References: <01a801d0d915$1558b4e0$400a1ea0$@ndzh.com> <4A95BA014132FF49AE685FAB4B9F17F657D1422E@dfweml701-chm> <55D7494B.1090903@joelhalpern.com> In-Reply-To: <55D7494B.1090903@joelhalpern.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.192.11.159] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Cc: 'Jeffrey Haas' , "daniel.migault@ericsson.com" , 'Joel Halpern' , 'Alia Atlas' Subject: Re: [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG adoption call (8/17 to 8/31) X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Interface to The Internet Routing System $IRS$" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Aug 2015 16:49:06 -0000 Joel,=20 The document that I reviewed and provided comment is " http://datatracker.i= etf.org/doc/draft-mglt-i2rs-security-requirements/" I started to review " draft-mglt-i2rs-security-environment-reqs-00" today,= and find out it has the similar Table of content as the "draft-mglt-i2rs-s= ecurity-requirements-00". What is the intent of the "environment-reqs"? su= pplement to "i2rs-security-requirement" or be replaced by, or something els= e?=20 Linda -----Original Message----- From: Joel Halpern Direct [mailto:jmh.direct@joelhalpern.com]=20 Sent: Friday, August 21, 2015 10:53 AM To: Linda Dunbar; i2rs@ietf.org Cc: 'Jeffrey Haas'; daniel.migault@ericsson.com; 'Joel Halpern'; 'Alia Atla= s' Subject: Re: [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG adop= tion call (8/17 to 8/31) First, there may be some confusion because the announcement. I presume tha= t you are talking about the -environments documents. If the WG concludes that a different chapter structure is useful, we can of= course change it. Given that the goal is environment description, I am no= t sure your proposed structure is significantly better than the existing on= e. I believe your comment about the text reading "where security functions ma= y be hosted" is well taken, and we should remove that text when we next rev= ise the document. The isolation text is about the need to keep things separate, and the vario= us possible means are degrees / approaches to separation.=20 Isolation is not about treating things differently, nor is it explicitly ab= out using different protocols. So the point of isolation is not that there= are different security requirements, but that in order to avoid corss-effe= cts, things should be kept separate. Yours, Joel On 8/20/15 6:42 PM, Linda Dunbar wrote: > I support the WG adoption because I think the I2RS WG needs it.=20 > However, I hope the authors can consider/address the following suggestion= s/comments: > > When you think about the I2RS security, there are following different > aspects: > > -Communication channel between I2RS client and Agent (and the channel=20 > between I2RS client and applications): > > The channel can be > > oVia physical Private network (e.g. within a secured direct connect=20 > within one site), > > owithin one administrative domain, via virtual private network > > oSecured connection, such as TLS or IPSec > > oPublic internet > > o.. > > -Authentication & Authorization > > othe authentication & authorization requirement for different=20 > communication channels can be different. Therefore, should have=20 > separate sections to address specific requirement for each=20 > communication channels between I2RS agent <-> clients (and client <->=20 > applications) > > The current Section 4 of the draft already has very good description=20 > on the subject. I think 4.4.1 and 4.42 can be separated out of the sectio= n. > > -Encryption for the actual content between Client and Agent > > -DoS Design requirement (currently in Section 5.2.1) > > -Management of conflict with other plane (e.g. the management plane,=20 > multi-headed control, which has been discussed extensively in=20 > ephemeral > draft) > > I think the draft should be organized from the aspects of the security=20 > to I2RS as suggested above. > > Here are some detailed questions and comments to the requirements=20 > listed in the document: > > Section 1: > > The second paragraph stated the security recommendations must=20 > "specifying where security functions may be hosted". First of all I > don't see the draft address this aspect. Second, I think "where > security functions are hosted" is orthogonal to "I2RS security" . > > Section 3: > > what does isolating two planes mean? does it mean they have different=20 > security requirement/issues? Or does it mean they need different protocol= s? > > What are the key differences with regard to the security requirements=20 > for I2RS plane and for management plane? Section 3.1 describes the=20 > interaction between I2RS plane and management plane. But I see the=20 > security requirement for the management plane is similar to I2RS plane . > If you think that they are very different, can you elaborate more? > > Section 3.4 has title "Recommendations", but the content are all=20 > requirements. Why not name the section "Requirement"? > > REQ 2: Does it that a different IP address than the one used by the=20 > management system? > > How is REQ 22 different from REQ 21? > > REQ 27 is hard to enforce. How about say something like "shouldn't=20 > send any information beyond what have been defined by the I2RS data model= "? > > REQ 30: simply controlling the resource can hardly prevent DoS. > Malicious client can occupy the resource while the valid one can't access= . > > Thanks for consideration, > > Linda > > *From:*i2rs [mailto:i2rs-bounces@ietf.org] *On Behalf Of *Susan Hares > *Sent:* Monday, August 17, 2015 12:50 PM > *To:* i2rs@ietf.org > *Cc:* 'Jeffrey Haas'; daniel.migault@ericsson.com; 'Joel Halpern';=20 > shares@ndzh.com; 'Alia Atlas' > *Subject:* [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG=20 > adoption call (8/17 to 8/31) > > This begins a 2 week WG adoption call for=20 > draft-mglt-i2rs-security-requirements. This draft discusses the=20 > security requirements for the I2RS environment. You can find the draft a= t: > > https://tools.ietf.org/html/draft-mglt-i2rs-security-environment-reqs- > 00 > > A security reviewer will review this draft during the time 8/20 to > 8/25. We will post the security directorate review to this discussion. > > Sue Hares > From nobody Fri Aug 21 09:51:50 2015 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CF6B1AC42F for ; Fri, 21 Aug 2015 09:51:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.602 X-Spam-Level: X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fTM5yRQiQJEH for ; Fri, 21 Aug 2015 09:51:47 -0700 (PDT) Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A8F41AC42B for ; Fri, 21 Aug 2015 09:51:47 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id 043AD2551FD; Fri, 21 Aug 2015 09:51:47 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net Received: from Joels-MacBook-Pro.local (209-255-163-147.ip.mcleodusa.net [209.255.163.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id 808582551F9; Fri, 21 Aug 2015 09:51:46 -0700 (PDT) To: Linda Dunbar , "i2rs@ietf.org" References: <01a801d0d915$1558b4e0$400a1ea0$@ndzh.com> <4A95BA014132FF49AE685FAB4B9F17F657D1422E@dfweml701-chm> <55D7494B.1090903@joelhalpern.com> <4A95BA014132FF49AE685FAB4B9F17F657D15893@dfweml701-chm> From: "Joel M. Halpern" Message-ID: <55D75721.10003@joelhalpern.com> Date: Fri, 21 Aug 2015 12:51:45 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 In-Reply-To: <4A95BA014132FF49AE685FAB4B9F17F657D15893@dfweml701-chm> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG adoption call (8/17 to 8/31) X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Interface to The Internet Routing System $IRS$" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Aug 2015 16:51:49 -0000 draft-mglt-security-requirements was replaced by draft-mglt-i2rs-security-environment, and some of the first documents content were moved into Sue's document which was also last called. When the last call was issued, it provided the correct URL, but accidentally copied the draft name from the earlier draft. Once we realized this, Daniel sent his note to the list to try to explain. Yours, Joel On 8/21/15 12:48 PM, Linda Dunbar wrote: > Joel, > > The document that I reviewed and provided comment is " http://datatracker.ietf.org/doc/draft-mglt-i2rs-security-requirements/" > > I started to review " draft-mglt-i2rs-security-environment-reqs-00" today, and find out it has the similar Table of content as the "draft-mglt-i2rs-security-requirements-00". What is the intent of the "environment-reqs"? supplement to "i2rs-security-requirement" or be replaced by, or something else? > > > Linda > -----Original Message----- > From: Joel Halpern Direct [mailto:jmh.direct@joelhalpern.com] > Sent: Friday, August 21, 2015 10:53 AM > To: Linda Dunbar; i2rs@ietf.org > Cc: 'Jeffrey Haas'; daniel.migault@ericsson.com; 'Joel Halpern'; 'Alia Atlas' > Subject: Re: [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG adoption call (8/17 to 8/31) > > First, there may be some confusion because the announcement. I presume that you are talking about the -environments documents. > > If the WG concludes that a different chapter structure is useful, we can of course change it. Given that the goal is environment description, I am not sure your proposed structure is significantly better than the existing one. > > I believe your comment about the text reading "where security functions may be hosted" is well taken, and we should remove that text when we next revise the document. > > The isolation text is about the need to keep things separate, and the various possible means are degrees / approaches to separation. > Isolation is not about treating things differently, nor is it explicitly about using different protocols. So the point of isolation is not that there are different security requirements, but that in order to avoid corss-effects, things should be kept separate. > > Yours, > Joel > > On 8/20/15 6:42 PM, Linda Dunbar wrote: >> I support the WG adoption because I think the I2RS WG needs it. >> However, I hope the authors can consider/address the following suggestions/comments: >> >> When you think about the I2RS security, there are following different >> aspects: >> >> -Communication channel between I2RS client and Agent (and the channel >> between I2RS client and applications): >> >> The channel can be >> >> oVia physical Private network (e.g. within a secured direct connect >> within one site), >> >> owithin one administrative domain, via virtual private network >> >> oSecured connection, such as TLS or IPSec >> >> oPublic internet >> >> o.. >> >> -Authentication & Authorization >> >> othe authentication & authorization requirement for different >> communication channels can be different. Therefore, should have >> separate sections to address specific requirement for each >> communication channels between I2RS agent <-> clients (and client <-> >> applications) >> >> The current Section 4 of the draft already has very good description >> on the subject. I think 4.4.1 and 4.42 can be separated out of the section. >> >> -Encryption for the actual content between Client and Agent >> >> -DoS Design requirement (currently in Section 5.2.1) >> >> -Management of conflict with other plane (e.g. the management plane, >> multi-headed control, which has been discussed extensively in >> ephemeral >> draft) >> >> I think the draft should be organized from the aspects of the security >> to I2RS as suggested above. >> >> Here are some detailed questions and comments to the requirements >> listed in the document: >> >> Section 1: >> >> The second paragraph stated the security recommendations must >> "specifying where security functions may be hosted". First of all I >> don't see the draft address this aspect. Second, I think "where >> security functions are hosted" is orthogonal to "I2RS security" . >> >> Section 3: >> >> what does isolating two planes mean? does it mean they have different >> security requirement/issues? Or does it mean they need different protocols? >> >> What are the key differences with regard to the security requirements >> for I2RS plane and for management plane? Section 3.1 describes the >> interaction between I2RS plane and management plane. But I see the >> security requirement for the management plane is similar to I2RS plane . >> If you think that they are very different, can you elaborate more? >> >> Section 3.4 has title "Recommendations", but the content are all >> requirements. Why not name the section "Requirement"? >> >> REQ 2: Does it that a different IP address than the one used by the >> management system? >> >> How is REQ 22 different from REQ 21? >> >> REQ 27 is hard to enforce. How about say something like "shouldn't >> send any information beyond what have been defined by the I2RS data model"? >> >> REQ 30: simply controlling the resource can hardly prevent DoS. >> Malicious client can occupy the resource while the valid one can't access. >> >> Thanks for consideration, >> >> Linda >> >> *From:*i2rs [mailto:i2rs-bounces@ietf.org] *On Behalf Of *Susan Hares >> *Sent:* Monday, August 17, 2015 12:50 PM >> *To:* i2rs@ietf.org >> *Cc:* 'Jeffrey Haas'; daniel.migault@ericsson.com; 'Joel Halpern'; >> shares@ndzh.com; 'Alia Atlas' >> *Subject:* [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG >> adoption call (8/17 to 8/31) >> >> This begins a 2 week WG adoption call for >> draft-mglt-i2rs-security-requirements. This draft discusses the >> security requirements for the I2RS environment. You can find the draft at: >> >> https://tools.ietf.org/html/draft-mglt-i2rs-security-environment-reqs- >> 00 >> >> A security reviewer will review this draft during the time 8/20 to >> 8/25. We will post the security directorate review to this discussion. >> >> Sue Hares >> From nobody Fri Aug 21 09:57:04 2015 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54FEB1AC439 for ; Fri, 21 Aug 2015 09:57:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.211 X-Spam-Level: X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Re8ery5n4LV4 for ; Fri, 21 Aug 2015 09:57:00 -0700 (PDT) Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBCED1AC436 for ; Fri, 21 Aug 2015 09:56:59 -0700 (PDT) Received: from 172.18.7.190 (EHLO lhreml406-hub.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CAF80110; Fri, 21 Aug 2015 16:56:57 +0000 (GMT) Received: from DFWEML702-CHM.china.huawei.com (10.193.5.72) by lhreml406-hub.china.huawei.com (10.201.5.243) with Microsoft SMTP Server (TLS) id 14.3.235.1; Fri, 21 Aug 2015 17:56:57 +0100 Received: from DFWEML701-CHM.china.huawei.com ([10.193.5.50]) by dfweml702-chm ([10.193.5.72]) with mapi id 14.03.0235.001; Fri, 21 Aug 2015 09:56:45 -0700 From: Linda Dunbar To: Joel Halpern Direct , "i2rs@ietf.org" Thread-Topic: [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG adoption call (8/17 to 8/31) Thread-Index: AdDZFQfGZ2x8EJ+fRrOcN4ltvsrslgCdyKQgADX7GYAADKYKYA== Date: Fri, 21 Aug 2015 16:56:44 +0000 Message-ID: <4A95BA014132FF49AE685FAB4B9F17F657D158B0@dfweml701-chm> References: <01a801d0d915$1558b4e0$400a1ea0$@ndzh.com> <4A95BA014132FF49AE685FAB4B9F17F657D1422E@dfweml701-chm> <55D7494B.1090903@joelhalpern.com> In-Reply-To: <55D7494B.1090903@joelhalpern.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.192.11.159] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Cc: 'Jeffrey Haas' , "daniel.migault@ericsson.com" , 'Joel Halpern' , 'Alia Atlas' Subject: Re: [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG adoption call (8/17 to 8/31) X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Interface to The Internet Routing System $IRS$" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Aug 2015 16:57:02 -0000 Joel,=20 If it is the "environmental one", it is more important to differentiate the= requirements for different environments on how the I2RS client & Agent are= connected.=20 One of our customers stated that their environment has a single Controller = (or the I2RS client) directly connected to their devices via their internal= network, where the connection is physically isolated from other network an= d protected by separate mechanisms, they don't need all those sophisticated= authentication procedure.=20 We need to address this environment, i.e. having a simpler security require= ment for this environment than the environment where I2RS Client is connect= ed via public network.=20 Linda -----Original Message----- From: Joel Halpern Direct [mailto:jmh.direct@joelhalpern.com]=20 Sent: Friday, August 21, 2015 10:53 AM To: Linda Dunbar; i2rs@ietf.org Cc: 'Jeffrey Haas'; daniel.migault@ericsson.com; 'Joel Halpern'; 'Alia Atla= s' Subject: Re: [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG adop= tion call (8/17 to 8/31) First, there may be some confusion because the announcement. I presume tha= t you are talking about the -environments documents. If the WG concludes that a different chapter structure is useful, we can of= course change it. Given that the goal is environment description, I am no= t sure your proposed structure is significantly better than the existing on= e. I believe your comment about the text reading "where security functions ma= y be hosted" is well taken, and we should remove that text when we next rev= ise the document. The isolation text is about the need to keep things separate, and the vario= us possible means are degrees / approaches to separation.=20 Isolation is not about treating things differently, nor is it explicitly ab= out using different protocols. So the point of isolation is not that there= are different security requirements, but that in order to avoid corss-effe= cts, things should be kept separate. Yours, Joel On 8/20/15 6:42 PM, Linda Dunbar wrote: > I support the WG adoption because I think the I2RS WG needs it.=20 > However, I hope the authors can consider/address the following suggestion= s/comments: > > When you think about the I2RS security, there are following different > aspects: > > -Communication channel between I2RS client and Agent (and the channel=20 > between I2RS client and applications): > > The channel can be > > oVia physical Private network (e.g. within a secured direct connect=20 > within one site), > > owithin one administrative domain, via virtual private network > > oSecured connection, such as TLS or IPSec > > oPublic internet > > o.. > > -Authentication & Authorization > > othe authentication & authorization requirement for different=20 > communication channels can be different. Therefore, should have=20 > separate sections to address specific requirement for each=20 > communication channels between I2RS agent <-> clients (and client <->=20 > applications) > > The current Section 4 of the draft already has very good description=20 > on the subject. I think 4.4.1 and 4.42 can be separated out of the sectio= n. > > -Encryption for the actual content between Client and Agent > > -DoS Design requirement (currently in Section 5.2.1) > > -Management of conflict with other plane (e.g. the management plane,=20 > multi-headed control, which has been discussed extensively in=20 > ephemeral > draft) > > I think the draft should be organized from the aspects of the security=20 > to I2RS as suggested above. > > Here are some detailed questions and comments to the requirements=20 > listed in the document: > > Section 1: > > The second paragraph stated the security recommendations must=20 > "specifying where security functions may be hosted". First of all I > don't see the draft address this aspect. Second, I think "where > security functions are hosted" is orthogonal to "I2RS security" . > > Section 3: > > what does isolating two planes mean? does it mean they have different=20 > security requirement/issues? Or does it mean they need different protocol= s? > > What are the key differences with regard to the security requirements=20 > for I2RS plane and for management plane? Section 3.1 describes the=20 > interaction between I2RS plane and management plane. But I see the=20 > security requirement for the management plane is similar to I2RS plane . > If you think that they are very different, can you elaborate more? > > Section 3.4 has title "Recommendations", but the content are all=20 > requirements. Why not name the section "Requirement"? > > REQ 2: Does it that a different IP address than the one used by the=20 > management system? > > How is REQ 22 different from REQ 21? > > REQ 27 is hard to enforce. How about say something like "shouldn't=20 > send any information beyond what have been defined by the I2RS data model= "? > > REQ 30: simply controlling the resource can hardly prevent DoS. > Malicious client can occupy the resource while the valid one can't access= . > > Thanks for consideration, > > Linda > > *From:*i2rs [mailto:i2rs-bounces@ietf.org] *On Behalf Of *Susan Hares > *Sent:* Monday, August 17, 2015 12:50 PM > *To:* i2rs@ietf.org > *Cc:* 'Jeffrey Haas'; daniel.migault@ericsson.com; 'Joel Halpern';=20 > shares@ndzh.com; 'Alia Atlas' > *Subject:* [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG=20 > adoption call (8/17 to 8/31) > > This begins a 2 week WG adoption call for=20 > draft-mglt-i2rs-security-requirements. This draft discusses the=20 > security requirements for the I2RS environment. You can find the draft a= t: > > https://tools.ietf.org/html/draft-mglt-i2rs-security-environment-reqs- > 00 > > A security reviewer will review this draft during the time 8/20 to > 8/25. We will post the security directorate review to this discussion. > > Sue Hares > From nobody Fri Aug 21 10:19:46 2015 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2AA41AC445 for ; Fri, 21 Aug 2015 10:19:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.602 X-Spam-Level: X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tmuDU8IBukLF for ; Fri, 21 Aug 2015 10:19:43 -0700 (PDT) Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B775B1A889C for ; Fri, 21 Aug 2015 10:19:43 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id 6B20E250CB5; Fri, 21 Aug 2015 10:19:43 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net Received: from Joels-MacBook-Pro.local (209-255-163-147.ip.mcleodusa.net [209.255.163.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id AB3E32408EA; Fri, 21 Aug 2015 10:19:42 -0700 (PDT) To: Linda Dunbar , "i2rs@ietf.org" References: <01a801d0d915$1558b4e0$400a1ea0$@ndzh.com> <4A95BA014132FF49AE685FAB4B9F17F657D1422E@dfweml701-chm> <55D7494B.1090903@joelhalpern.com> <4A95BA014132FF49AE685FAB4B9F17F657D158B0@dfweml701-chm> From: "Joel M. Halpern" Message-ID: <55D75DAD.6040604@joelhalpern.com> Date: Fri, 21 Aug 2015 13:19:41 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 In-Reply-To: <4A95BA014132FF49AE685FAB4B9F17F657D158B0@dfweml701-chm> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Cc: 'Jeffrey Haas' , "daniel.migault@ericsson.com" , 'Alia Atlas' Subject: Re: [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG adoption call (8/17 to 8/31) X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Interface to The Internet Routing System $IRS$" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Aug 2015 17:19:45 -0000 Yes, one of the two last calls is for the environment document. Having a dedicated physical channel is one of the ways identified in the draft to provide the required isolation. While such an environment is clearly supportable, I do not think we should reduce the internal protocol requirements (such as MTI security for the control channel) just because there are circumstances where such it won't be needed. I don't expect that we will build different protocol stacks for the different deployments. The purpose of this draft is to describe the environmental assumptions, which assumptions can be met in various ways. Yours, Joel On 8/21/15 12:56 PM, Linda Dunbar wrote: > Joel, > > If it is the "environmental one", it is more important to differentiate the requirements for different environments on how the I2RS client & Agent are connected. > > One of our customers stated that their environment has a single Controller (or the I2RS client) directly connected to their devices via their internal network, where the connection is physically isolated from other network and protected by separate mechanisms, they don't need all those sophisticated authentication procedure. > > We need to address this environment, i.e. having a simpler security requirement for this environment than the environment where I2RS Client is connected via public network. > > Linda > > > -----Original Message----- > From: Joel Halpern Direct [mailto:jmh.direct@joelhalpern.com] > Sent: Friday, August 21, 2015 10:53 AM > To: Linda Dunbar; i2rs@ietf.org > Cc: 'Jeffrey Haas'; daniel.migault@ericsson.com; 'Joel Halpern'; 'Alia Atlas' > Subject: Re: [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG adoption call (8/17 to 8/31) > > First, there may be some confusion because the announcement. I presume that you are talking about the -environments documents. > > If the WG concludes that a different chapter structure is useful, we can of course change it. Given that the goal is environment description, I am not sure your proposed structure is significantly better than the existing one. > > I believe your comment about the text reading "where security functions may be hosted" is well taken, and we should remove that text when we next revise the document. > > The isolation text is about the need to keep things separate, and the various possible means are degrees / approaches to separation. > Isolation is not about treating things differently, nor is it explicitly about using different protocols. So the point of isolation is not that there are different security requirements, but that in order to avoid corss-effects, things should be kept separate. > > Yours, > Joel > > On 8/20/15 6:42 PM, Linda Dunbar wrote: >> I support the WG adoption because I think the I2RS WG needs it. >> However, I hope the authors can consider/address the following suggestions/comments: >> >> When you think about the I2RS security, there are following different >> aspects: >> >> -Communication channel between I2RS client and Agent (and the channel >> between I2RS client and applications): >> >> The channel can be >> >> oVia physical Private network (e.g. within a secured direct connect >> within one site), >> >> owithin one administrative domain, via virtual private network >> >> oSecured connection, such as TLS or IPSec >> >> oPublic internet >> >> o.. >> >> -Authentication & Authorization >> >> othe authentication & authorization requirement for different >> communication channels can be different. Therefore, should have >> separate sections to address specific requirement for each >> communication channels between I2RS agent <-> clients (and client <-> >> applications) >> >> The current Section 4 of the draft already has very good description >> on the subject. I think 4.4.1 and 4.42 can be separated out of the section. >> >> -Encryption for the actual content between Client and Agent >> >> -DoS Design requirement (currently in Section 5.2.1) >> >> -Management of conflict with other plane (e.g. the management plane, >> multi-headed control, which has been discussed extensively in >> ephemeral >> draft) >> >> I think the draft should be organized from the aspects of the security >> to I2RS as suggested above. >> >> Here are some detailed questions and comments to the requirements >> listed in the document: >> >> Section 1: >> >> The second paragraph stated the security recommendations must >> "specifying where security functions may be hosted". First of all I >> don't see the draft address this aspect. Second, I think "where >> security functions are hosted" is orthogonal to "I2RS security" . >> >> Section 3: >> >> what does isolating two planes mean? does it mean they have different >> security requirement/issues? Or does it mean they need different protocols? >> >> What are the key differences with regard to the security requirements >> for I2RS plane and for management plane? Section 3.1 describes the >> interaction between I2RS plane and management plane. But I see the >> security requirement for the management plane is similar to I2RS plane . >> If you think that they are very different, can you elaborate more? >> >> Section 3.4 has title "Recommendations", but the content are all >> requirements. Why not name the section "Requirement"? >> >> REQ 2: Does it that a different IP address than the one used by the >> management system? >> >> How is REQ 22 different from REQ 21? >> >> REQ 27 is hard to enforce. How about say something like "shouldn't >> send any information beyond what have been defined by the I2RS data model"? >> >> REQ 30: simply controlling the resource can hardly prevent DoS. >> Malicious client can occupy the resource while the valid one can't access. >> >> Thanks for consideration, >> >> Linda >> >> *From:*i2rs [mailto:i2rs-bounces@ietf.org] *On Behalf Of *Susan Hares >> *Sent:* Monday, August 17, 2015 12:50 PM >> *To:* i2rs@ietf.org >> *Cc:* 'Jeffrey Haas'; daniel.migault@ericsson.com; 'Joel Halpern'; >> shares@ndzh.com; 'Alia Atlas' >> *Subject:* [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG >> adoption call (8/17 to 8/31) >> >> This begins a 2 week WG adoption call for >> draft-mglt-i2rs-security-requirements. This draft discusses the >> security requirements for the I2RS environment. You can find the draft at: >> >> https://tools.ietf.org/html/draft-mglt-i2rs-security-environment-reqs- >> 00 >> >> A security reviewer will review this draft during the time 8/20 to >> 8/25. We will post the security directorate review to this discussion. >> >> Sue Hares >> > From nobody Mon Aug 24 10:37:32 2015 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E79A1A00BF for ; Mon, 24 Aug 2015 10:37:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.21 X-Spam-Level: X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oq76UusaQIsM for ; Mon, 24 Aug 2015 10:37:23 -0700 (PDT) Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC0401A879C for ; Mon, 24 Aug 2015 10:37:21 -0700 (PDT) Received: from 172.18.7.190 (EHLO lhreml402-hub.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CAJ04481; Mon, 24 Aug 2015 17:37:18 +0000 (GMT) Received: from DFWEML703-CHM.china.huawei.com (10.193.5.130) by lhreml402-hub.china.huawei.com (10.201.5.241) with Microsoft SMTP Server (TLS) id 14.3.235.1; Mon, 24 Aug 2015 18:37:17 +0100 Received: from DFWEML701-CHM.china.huawei.com ([10.193.5.50]) by dfweml703-chm ([10.193.5.130]) with mapi id 14.03.0235.001; Mon, 24 Aug 2015 10:37:11 -0700 From: Linda Dunbar To: "Joel M. Halpern" , "i2rs@ietf.org" Thread-Topic: Review comments to draft-mglt-i2rs-security-environment-reqs-00 (was RE: [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG adoption call (8/17 to 8/31) Thread-Index: AdDZFQfGZ2x8EJ+fRrOcN4ltvsrslgCdyKQgADX7GYAADKYKYP//sxyA//vLgGA= Date: Mon, 24 Aug 2015 17:37:09 +0000 Message-ID: <4A95BA014132FF49AE685FAB4B9F17F657D173F6@dfweml701-chm> References: <01a801d0d915$1558b4e0$400a1ea0$@ndzh.com> <4A95BA014132FF49AE685FAB4B9F17F657D1422E@dfweml701-chm> <55D7494B.1090903@joelhalpern.com> <4A95BA014132FF49AE685FAB4B9F17F657D158B0@dfweml701-chm> <55D75DAD.6040604@joelhalpern.com> In-Reply-To: <55D75DAD.6040604@joelhalpern.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.192.11.236] Content-Type: multipart/alternative; boundary="_000_4A95BA014132FF49AE685FAB4B9F17F657D173F6dfweml701chm_" MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Cc: 'Jeffrey Haas' , "daniel.migault@ericsson.com" , 'Alia Atlas' Subject: [i2rs] Review comments to draft-mglt-i2rs-security-environment-reqs-00 (was RE: draft-mglt-i2rs-security-requirements-00 2 Week WG adoption call (8/17 to 8/31) X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Interface to The Internet Routing System $IRS$" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Aug 2015 17:37:30 -0000 --_000_4A95BA014132FF49AE685FAB4B9F17F657D173F6dfweml701chm_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Joel, Agree with you that "we don't need to build different protocol stacks for t= he different deployments". But the "environment-req" draft is not about "Protocol", but about security= issues under different "environment". Among all our customers who are interested in I2RS, majority of them (>90%)= will deploy them in a closed environment, i.e. physically secured connect= ion between I2RS agent and I2RS client. Therefore, it is important to "prov= ides an analysis of the security issues of" of this commonly deployed envir= onment. I suggest adding this Figure to Section 1 of the document: Closed (over open Chnl ###>) Open (over secure Chnl --->) +---------------------------------+ | *********************** | *********************** | | * Application A * | * Application B * | | * * | * * | | * +----------------+ * | * +----------------+ * | | * | Client A | * | * | Client B | * | | * +----------------+ * | * +----------------+ * | | ******* ^ ************* | ***** ^ ****** ^ ****** | | # | | | | | # | | | |-----| | # | | | | ************ v * * * * ********| ***************** v * v ******** | * +---------------------+ | * +---------------------+ * | * | Agent 1 | | * | Agent 2 | * | * +---------------------+ | * +---------------------+ * | * ^ ^ ^ ^ | * ^ ^ ^ ^ * Just think about this fact: today's router configuration in production envi= ronment can only be performed by a few authorized people with EMS/NMS physi= cally and securely separated. If the majority of the I2RS environment req= uirement is about open connection, I2RS WG will spend a lot energy developi= ng the very sophisticated protocols which is expensive to develop and harde= r to deploy. I am not against this development, but IMHO, to gain wider and quicker I2R= S deployment in production environment, it is necessary to have a very lean= I2RS solution first, and to have a well documented security requirement fo= r the common deployment environment. E.g. a single Controller (or the I2RS = client) directly connected to their devices via their internal network, whe= re the connection is physically isolated from other network and protected b= y separate mechanisms. Also remember, many operators will use I2RS to cont= rol a small number of selective routers (mostly routers at ingress/egress b= oundary) for value added services. Some of my detailed questions and comments to the "security-requirements" = are still applicable to the "environment-req" document because they have th= e same text. Plus a few more for the "environment-req" document. Hope the a= uthors can address them. Section 3: What are the key differences with regard to the security requirements= for I2RS plane and for management plane? Section 3.1 describes the inter= action between I2RS plane and management plane. But I see the security requ= irement for the management plane are all applicable to the security require= ment to I2RS plane . If you think that they are very different, can you ela= borate more? Section 3.4 has title "Recommendations", but the content are all requiremen= ts. Why not name the section "Requirement"? REQ 2: Does it that a different IP address than the one used by the managem= ent system? REQ 21: is more about I2RS requirement, less about "Security" requirement. REQ 24: isn't it the general goal of I2RS? Not really security per se. (sho= uld be included in the general I2RS requirement or architecture). REQ 26: simply controlling the resource can hardly prevent DoS. Malicious c= lient can occupy the resource while the valid one can't access. Thanks for your consideration, Linda -----Original Message----- From: i2rs [mailto:i2rs-bounces@ietf.org] On Behalf Of Joel M. Halpern Sent: Friday, August 21, 2015 12:20 PM To: Linda Dunbar; i2rs@ietf.org Cc: 'Jeffrey Haas'; daniel.migault@ericsson.com; 'Alia Atlas' Subject: Re: [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG adop= tion call (8/17 to 8/31) Yes, one of the two last calls is for the environment document. Having a dedicated physical channel is one of the ways identified in the dr= aft to provide the required isolation. While such an environment is clearly supportable, I do not think we should = reduce the internal protocol requirements (such as MTI security for the con= trol channel) just because there are circumstances where such it won't be n= eeded. I don't expect that we will build different protocol stacks for the= different deployments. The purpose of this draft is to describe the environmental assumptions, whi= ch assumptions can be met in various ways. Yours, Joel On 8/21/15 12:56 PM, Linda Dunbar wrote: > Joel, > > If it is the "environmental one", it is more important to differentiate t= he requirements for different environments on how the I2RS client & Agent a= re connected. > > One of our customers stated that their environment has a single Controlle= r (or the I2RS client) directly connected to their devices via their intern= al network, where the connection is physically isolated from other network = and protected by separate mechanisms, they don't need all those sophisticat= ed authentication procedure. > > We need to address this environment, i.e. having a simpler security requi= rement for this environment than the environment where I2RS Client is conne= cted via public network. > > Linda > > > -----Original Message----- > From: Joel Halpern Direct [mailto:jmh.direct@joelhalpern.com] > Sent: Friday, August 21, 2015 10:53 AM > To: Linda Dunbar; i2rs@ietf.org > Cc: 'Jeffrey Haas'; daniel.migault@ericsson.com; 'Joel Halpern'; 'Alia Atlas' > Subject: Re: [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG > adoption call (8/17 to 8/31) > > First, there may be some confusion because the announcement. I presume t= hat you are talking about the -environments documents. > > If the WG concludes that a different chapter structure is useful, we can = of course change it. Given that the goal is environment description, I am = not sure your proposed structure is significantly better than the existing = one. > > I believe your comment about the text reading "where security functions = may be hosted" is well taken, and we should remove that text when we next r= evise the document. > > The isolation text is about the need to keep things separate, and the var= ious possible means are degrees / approaches to separation. > Isolation is not about treating things differently, nor is it explicitly = about using different protocols. So the point of isolation is not that the= re are different security requirements, but that in order to avoid corss-ef= fects, things should be kept separate. > > Yours, > Joel > > On 8/20/15 6:42 PM, Linda Dunbar wrote: >> I support the WG adoption because I think the I2RS WG needs it. >> However, I hope the authors can consider/address the following suggestio= ns/comments: >> >> When you think about the I2RS security, there are following >> different >> aspects: >> >> -Communication channel between I2RS client and Agent (and the channel >> between I2RS client and applications): >> >> The channel can be >> >> oVia physical Private network (e.g. within a secured direct connect >> within one site), >> >> owithin one administrative domain, via virtual private network >> >> oSecured connection, such as TLS or IPSec >> >> oPublic internet >> >> o.. >> >> -Authentication & Authorization >> >> othe authentication & authorization requirement for different >> communication channels can be different. Therefore, should have >> separate sections to address specific requirement for each >> communication channels between I2RS agent <-> clients (and client <-> >> applications) >> >> The current Section 4 of the draft already has very good description >> on the subject. I think 4.4.1 and 4.42 can be separated out of the secti= on. >> >> -Encryption for the actual content between Client and Agent >> >> -DoS Design requirement (currently in Section 5.2.1) >> >> -Management of conflict with other plane (e.g. the management plane, >> multi-headed control, which has been discussed extensively in >> ephemeral >> draft) >> >> I think the draft should be organized from the aspects of the >> security to I2RS as suggested above. >> >> Here are some detailed questions and comments to the requirements >> listed in the document: >> >> Section 1: >> >> The second paragraph stated the security recommendations must >> "specifying where security functions may be hosted". First of all I >> don't see the draft address this aspect. Second, I think "where >> security functions are hosted" is orthogonal to "I2RS security" . >> >> Section 3: >> >> what does isolating two planes mean? does it mean they have different >> security requirement/issues? Or does it mean they need different protoco= ls? >> >> What are the key differences with regard to the security requirements >> for I2RS plane and for management plane? Section 3.1 describes the >> interaction between I2RS plane and management plane. But I see the >> security requirement for the management plane is similar to I2RS plane . >> If you think that they are very different, can you elaborate more? >> >> Section 3.4 has title "Recommendations", but the content are all >> requirements. Why not name the section "Requirement"? >> >> REQ 2: Does it that a different IP address than the one used by the >> management system? >> >> How is REQ 22 different from REQ 21? >> >> REQ 27 is hard to enforce. How about say something like "shouldn't >> send any information beyond what have been defined by the I2RS data mode= l"? >> >> REQ 30: simply controlling the resource can hardly prevent DoS. >> Malicious client can occupy the resource while the valid one can't acces= s. >> >> Thanks for consideration, >> >> Linda >> >> *From:*i2rs [mailto:i2rs-bounces@ietf.org] *On Behalf Of *Susan Hares >> *Sent:* Monday, August 17, 2015 12:50 PM >> *To:* i2rs@ietf.org >> *Cc:* 'Jeffrey Haas'; daniel.migault@ericsson.com; 'Joel Halpern'; >> shares@ndzh.com; 'Alia Atlas' >> *Subject:* [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG >> adoption call (8/17 to 8/31) >> >> This begins a 2 week WG adoption call for >> draft-mglt-i2rs-security-requirements. This draft discusses the >> security requirements for the I2RS environment. You can find the draft = at: >> >> https://tools.ietf.org/html/draft-mglt-i2rs-security-environment-reqs >> - >> 00 >> >> A security reviewer will review this draft during the time 8/20 to >> 8/25. We will post the security directorate review to this discussion. >> >> Sue Hares >> > _______________________________________________ i2rs mailing list i2rs@ietf.org https://www.ietf.org/mailman/listinfo/i2rs --_000_4A95BA014132FF49AE685FAB4B9F17F657D173F6dfweml701chm_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Joel,

Agree with you that “we don’t= need to build different protocol stacks for t= he different deployments”.

But the “environment-req” draft is= not about “Protocol”, but about security issues under differen= t “environment”.

Among all our customers who are interested in = I2RS, majority of them (>90%) will deploy them in a closed environment, = i.e. physically secured connection between I2RS agent and I2RS client= . Therefore, it is important to “provides an analysis of the security iss= ues of” of this commonly deployed environment.

I suggest adding this Figure to Section 1 of t= he document:

Closed (over open Chnl ###>) &= nbsp; Open (over secure Chnl --->)=

+---------------------------------+

| ***********************= | *********************** = |

| * = ; Application A * | &n= bsp; * Application B * |

| * = ; &n= bsp; * | = * &n= bsp; * |

| * +-----= -----------+ * | * += ;----------------+ * |

| * | &nb= sp; Client A | * | &nb= sp; * | Client B | * = |

| * +-----= -----------+ * | * += ;----------------+ * |

| ******* ^ ********= ***** | ***** ^ ****** ^ ******&n= bsp; |

| &= nbsp; # &= nbsp; | &n= bsp; | &nb= sp; | |-----|

| &= nbsp; # &nbs= p; | = ; &n= bsp; | |

| ************ v * * * * ********| ***= ************** v * v ********

| * +---------------------+ &nb= sp; | * +---------------------+ = *

| * | Agent 1 &= nbsp; | | = * | Agent 2 &nb= sp; | *

| * +---------------------+ &nb= sp; | * +---------------------+ = *

| * ^ &nb= sp; ^ ^ ^ = | * ^ &nb= sp; ^ ^ ^ = *

Just think about this fact: today’s rout= er configuration in production environment can only be performed by a few a= uthorized people with EMS/NMS physically and securely separated. If the ma= jority of the I2RS environment requirement is about open connection, I2RS WG will spend a lot energy developing the ve= ry sophisticated protocols which is expensive to develop and harder to depl= oy.

I am not against this development, but IMHO, = to gain wider and quicker I2RS deployment in production environment, it is = necessary to have a very lean I2RS= solution first, and to have a well documented security requirement for the common deployment environment. E.g.= a single Controller (or the I2RS client) directly connected to their devic= es via their internal network, where the connection is physically isolated = from other network and protected by separate mechanisms. Also remember, many operators will use I2RS to con= trol a small number of selective routers (mostly routers at ingress/egress = boundary) for value added services.

Some of my detailed questions and comments to= the “security-requirements” are still applicable to the “= ;environment-req” document because they have the same text. Plus a fe= w more for the “environment-req” document. Hope the authors can address them.

Section 3:

What are the key = differences with regard to the security requirements for I2RS plane a= nd for management plane? Section 3.1 describes the interaction betwee= n I2RS plane and management plane. But I see the security requirement for the management plane are all applicable to the sec= urity requirement to I2RS plane . If you think that they are very different= , can you elaborate more?

Section 3.4 has title “Recommendations&#= 8221;, but the content are all requirements. Why not name the section ̶= 0;Requirement”?

REQ 2: Does it that a different IP address tha= n the one used by the management system?

REQ 21: is more about I2RS requirement, less a= bout “Security” requirement.

REQ 24: isn’t it the general goal of I2R= S? Not really security per se. (should be included in the general I2RS requ= irement or architecture).

REQ 26: simply controlling the resource can ha= rdly prevent DoS. Malicious client can occupy the resource while the valid = one can't access.

Thanks for your consideration,

Linda

-= ----Original Message-----
From: i2rs [mailto:i2rs-bounces@ie= tf.org] On Behalf Of Joel M. Halpern
Sent: Friday, August 21, 2015 12:20 PM
To: Linda Dunbar; i2rs@ietf.org
Cc: 'Jeffrey Haas'; daniel.migault@ericsson.com; 'Alia Atlas'
Subject: Re: [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG adop= tion call (8/17 to 8/31)

Y= es, one of the two last calls is for the environment document.

&= nbsp;

H= aving a dedicated physical channel is one of the ways identified in the dra= ft to provide the required isolation.

&= nbsp;

W= hile such an environment is clearly supportable, I do not think we should r= educe the internal protocol requirements (such as MTI security for the cont= rol channel) just because there are circumstances where such it won't be needed. I don't expect that we will build diff= erent protocol stacks for the different deployments.

&= nbsp;

T= he purpose of this draft is to describe the environmental assumptions, whic= h assumptions can be met in various ways.

&= nbsp;

Y= ours,

J= oel

&= nbsp;

O= n 8/21/15 12:56 PM, Linda Dunbar wrote:

&= gt; Joel,

&= gt;

&= gt; If it is the "environmental one", it is more important to dif= ferentiate the requirements for different environments on how the I2RS clie= nt & Agent are connected.

&= gt;

&= gt; One of our customers stated that their environment has a single Control= ler (or the I2RS client) directly connected to their devices via their inte= rnal network, where the connection is physically isolated from other network and protected by separate mechanisms, they don'= t need all those sophisticated authentication procedure.

&= gt;

&= gt; We need to address this environment, i.e. having a simpler security req= uirement for this environment than the environment where I2RS Client is con= nected via public network.

&= gt;

&= gt; Linda

&= gt;

&= gt; -----Original Message-----

&= gt; From: Joel Halpern Direct [mailto:jmh.direct@joelhalpern.com]

&= gt; Sent: Friday, August 21, 2015 10:53 AM

&= gt; To: Linda Dunbar; i2rs@ietf.org

&= gt; Cc: 'Jeffrey Haas'; dani= el.migault@ericsson.com; 'Joel Halpern'; 'Alia Atlas'

&= gt; Subject: Re: [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG =

&= gt; adoption call (8/17 to 8/31)

&= gt;

&= gt; First, there may be some confusion because the announcement. I pr= esume that you are talking about the -environments documents.=

&= gt;

&= gt; If the WG concludes that a different chapter structure is useful, we ca= n of course change it. Given that the goal is environment description= , I am not sure your proposed structure is significantly better than the existing one.

&= gt;

&= gt; I believe your comment about the text reading "where securit= y functions may be hosted" is well taken, and we should remove that te= xt when we next revise the document.

&= gt;

&= gt; The isolation text is about the need to keep things separate, and the v= arious possible means are degrees / approaches to separation.=

&= gt; Isolation is not about treating things differently, nor is it explicitl= y about using different protocols. So the point of isolation is not t= hat there are different security requirements, but that in order to avoid corss-effects, things should be kept separate.

&= gt;

&= gt; Yours,

&= gt; Joel

&= gt;

&= gt; On 8/20/15 6:42 PM, Linda Dunbar wrote:

&= gt;> I support the WG adoption because I think the I2RS WG needs it.

&= gt;> However, I hope the authors can consider/address the following sugg= estions/comments:

&= gt;>

&= gt;> When you think about the I2RS security, there are following <= /span>

&= gt;> different

&= gt;> aspects:

&= gt;>

&= gt;> -Communication channel between I2RS client and Agent (and the chann= el

&= gt;> between I2RS client and applications):

&= gt;>

&= gt;> The channel can be

&= gt;>

&= gt;> oVia physical Private network (e.g. within a secured direct connect=

&= gt;> within one site),

&= gt;>

&= gt;> owithin one administrative domain, via virtual private networ= k

&= gt;>

&= gt;> oSecured connection, such as TLS or IPSec

&= gt;>

&= gt;> oPublic internet

&= gt;>

&= gt;> o..

&= gt;>

&= gt;> -Authentication & Authorization

&= gt;>

&= gt;> othe authentication & authorization requirement for different <= /span>

&= gt;> communication channels can be different. Therefore, should have

&= gt;> separate sections to address specific requirement for each

&= gt;> communication channels between I2RS agent <-> clients (and cl= ient <->

&= gt;> applications)

&= gt;>

&= gt;> The current Section 4 of the draft already has very good descriptio= n

&= gt;> on the subject. I think 4.4.1 and 4.42 can be separated out of the = section.

&= gt;>

&= gt;> -Encryption for the actual content between Client and Agent<= /font>

&= gt;>

&= gt;> -DoS Design requirement (currently in Section 5.2.1)<= /div>

&= gt;>

&= gt;> -Management of conflict with other plane (e.g. the management plane= ,

&= gt;> multi-headed control, which has been discussed extensively in

&= gt;> ephemeral

&= gt;> draft)

&= gt;>

&= gt;> I think the draft should be organized from the aspects of the

&= gt;> security to I2RS as suggested above.

&= gt;>

&= gt;> Here are some detailed questions and comments to the requirements <= /span>

&= gt;> listed in the document:

&= gt;>

&= gt;> Section 1:

&= gt;>

&= gt;> The second paragraph stated the security recommendations must

&= gt;> "specifying where security functions may be hosted". Firs= t of all I

&= gt;> don't see the draft address this aspect. Second, I think = ; "where

&= gt;> security functions are hosted" is orthogonal to "I2RS sec= urity" .

&= gt;>

&= gt;> Section 3:

&= gt;>

&= gt;> what does isolating two planes mean? does it mean they have differe= nt

&= gt;> security requirement/issues? Or does it mean they need different pr= otocols?

&= gt;>

&= gt;> What are the key differences with regard to the security requiremen= ts

&= gt;> for I2RS plane and for management plane? Section 3.1 de= scribes the

&= gt;> interaction between I2RS plane and management plane. But I see the =

&= gt;> security requirement for the management plane is similar to I2RS pl= ane .

&= gt;> If you think that they are very different, can you elaborate more?<= /span>

&= gt;>

&= gt;> Section 3.4 has title "Recommendations", but the content = are all

&= gt;> requirements. Why not name the section "Requirement"?

&= gt;>

&= gt;> REQ 2: Does it that a different IP address than the one used by the=

&= gt;> management system?

&= gt;>

&= gt;> How is REQ 22 different from REQ 21?

&= gt;>

&= gt;> REQ 27 is hard to enforce. How about say something like "shoul= dn't

&= gt;> send any information beyond what have been defined by the I2RS data= model"?

&= gt;>

&= gt;> REQ 30: simply controlling the resource can hardly prevent DoS.

&= gt;> Malicious client can occupy the resource while the valid one can't = access.

&= gt;>

&= gt;> Thanks for consideration,

&= gt;>

&= gt;> Linda

&= gt;>

&= gt;> *From:*i2rs [mailto:i2rs-b= ounces@ietf.org] *On Behalf Of *Susan Hares

&= gt;> *Sent:* Monday, August 17, 2015 12:50 PM

&= gt;> *To:* i2rs@ietf.org

&= gt;> *Cc:* 'Jeffrey Haas'; daniel.migault@ericsson.com; 'Joel Halpern';

&= gt;> shares@ndzh.com; 'Alia Atlas= '

&= gt;> *Subject:* [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week W= G

&= gt;> adoption call (8/17 to 8/31)

&= gt;>

&= gt;> This begins a 2 week WG adoption call for

&= gt;> draft-mglt-i2rs-security-requirements. This draft discusses t= he

&= gt;> security requirements for the I2RS environment. You can find = the draft at:

&= gt;>

&= gt;> https://tools.ietf.org/html/draft-mglt-i2rs-security-environ= ment-reqs

&= gt;> -

&= gt;> 00

&= gt;>

&= gt;> A security reviewer will review this draft during the time 8/20 to<= /span>

&= gt;> 8/25. We will post the security directorate review to t= his discussion.

&= gt;>

&= gt;> Sue Hares

&= gt;>

&= gt;

&= nbsp;

_= ______________________________________________

i= 2rs mailing list

i2rs@ietf.or= g

https://www.ietf.org/mailman/listinfo/i2rs

--_000_4A95BA014132FF49AE685FAB4B9F17F657D173F6dfweml701chm_-- From nobody Mon Aug 24 10:41:37 2015 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEE801ACE51 for ; Mon, 24 Aug 2015 10:41:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.86 X-Spam-Level: X-Spam-Status: No, score=-3.86 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g_G8iD-GPgn5 for ; Mon, 24 Aug 2015 10:41:33 -0700 (PDT) Received: from atlas3.jacobs-university.de (atlas3.jacobs-university.de [212.201.44.18]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C20801ACE48 for ; Mon, 24 Aug 2015 10:41:33 -0700 (PDT) Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222]) by atlas3.jacobs-university.de (Postfix) with ESMTP id 8AFD911ED; Mon, 24 Aug 2015 19:41:32 +0200 (CEST) X-Virus-Scanned: amavisd-new at jacobs-university.de Received: from atlas3.jacobs-university.de ([10.70.0.220]) by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new, port 10030) with ESMTP id tMvBVBvRy8UC; Mon, 24 Aug 2015 19:41:31 +0200 (CEST) Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hermes.jacobs-university.de", Issuer "Jacobs University CA - G01" (verified OK)) by atlas3.jacobs-university.de (Postfix) with ESMTPS; Mon, 24 Aug 2015 19:41:31 +0200 (CEST) Received: from localhost (demetrius4.jacobs-university.de [212.201.44.49]) by hermes.jacobs-university.de (Postfix) with ESMTP id BFEFD20060; Mon, 24 Aug 2015 19:41:31 +0200 (CEST) X-Virus-Scanned: amavisd-new at jacobs-university.de Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius4.jacobs-university.de [212.201.44.32]) (amavisd-new, port 10024) with ESMTP id gnY-yfFxsNe3; Mon, 24 Aug 2015 19:41:31 +0200 (CEST) Received: from elstar.local (elstar.jacobs.jacobs-university.de [10.50.231.133]) by hermes.jacobs-university.de (Postfix) with ESMTP id CA0AA2005C; Mon, 24 Aug 2015 19:41:29 +0200 (CEST) Received: by elstar.local (Postfix, from userid 501) id DCBFD3657C80; Mon, 24 Aug 2015 19:41:25 +0200 (CEST) Date: Mon, 24 Aug 2015 19:41:25 +0200 From: Juergen Schoenwaelder To: Linda Dunbar Message-ID: <20150824174125.GB80057@elstar.local> Mail-Followup-To: Linda Dunbar , "Joel M. Halpern" , "i2rs@ietf.org" , 'Jeffrey Haas' , "daniel.migault@ericsson.com" , 'Alia Atlas' References: <01a801d0d915$1558b4e0$400a1ea0$@ndzh.com> <4A95BA014132FF49AE685FAB4B9F17F657D1422E@dfweml701-chm> <55D7494B.1090903@joelhalpern.com> <4A95BA014132FF49AE685FAB4B9F17F657D158B0@dfweml701-chm> <55D75DAD.6040604@joelhalpern.com> <4A95BA014132FF49AE685FAB4B9F17F657D173F6@dfweml701-chm> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4A95BA014132FF49AE685FAB4B9F17F657D173F6@dfweml701-chm> User-Agent: Mutt/1.4.2.3i Archived-At: Cc: 'Jeffrey Haas' , "i2rs@ietf.org" , "daniel.migault@ericsson.com" , "Joel M. Halpern" , 'Alia Atlas' Subject: Re: [i2rs] Review comments to draft-mglt-i2rs-security-environment-reqs-00 (was RE: draft-mglt-i2rs-security-requirements-00 2 Week WG adoption call (8/17 to 8/31) X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: Juergen Schoenwaelder List-Id: "Interface to The Internet Routing System $IRS$" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Aug 2015 17:41:36 -0000 On Mon, Aug 24, 2015 at 05:37:09PM +0000, Linda Dunbar wrote: > Joel, > > Agree with you that "we don't need to build different protocol stacks for the different deployments". > But the "environment-req" draft is not about "Protocol", but about security issues under different "environment". > For me, this reads as another reason for having one security requirements document instead of two... /js -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany Fax: +49 421 200 3103 From nobody Mon Aug 24 10:55:07 2015 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB9011A8AF0 for ; Mon, 24 Aug 2015 10:55:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.277 X-Spam-Level: X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hB-SCfDhjvWh for ; Mon, 24 Aug 2015 10:55:02 -0700 (PDT) Received: from mail-io0-x22f.google.com (mail-io0-x22f.google.com [IPv6:2607:f8b0:4001:c06::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F34571ACDCA for ; Mon, 24 Aug 2015 10:55:01 -0700 (PDT) Received: by iodt126 with SMTP id t126so158330000iod.2 for ; Mon, 24 Aug 2015 10:55:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:cc:content-type; bh=2CkJCchvtTxe5ZtWTA55V7ChZ/Md6X25U3a7g29pKBM=; b=G6Ik+q1NFE0+hBkXQRUidPDBI12khD0nKkwiojRz6pD5/Ana+wfjpWoJTqfoGWrn0g OtZkCRid+PPOr4WN8oMSB51JFLPbBJ0ozPvGJRRHrT/l9U2mx1xY7B+BW3xs9G/syXTr UOYPHq9VS8s+qypQ53m8dsgna/+RhaZ01swTE9K7wtreSXs77kWqBT8pTdAW8g7VXlk9 c2JJzGSKp44EIZyVla5orP6fXhfKg4NRFDNiDrwqjb55CtKxPjJH2en01loLML8tuPpi rs2JilRPYaLDwfO+A/DLjFHrG1+gDQvaXBzMt6+jlQKrHgYO55Cw/5bxSyXM3KxB0auv EsJQ== MIME-Version: 1.0 X-Received: by 10.107.9.156 with SMTP id 28mr20497403ioj.173.1440438901390; Mon, 24 Aug 2015 10:55:01 -0700 (PDT) Sender: mglt.ietf@gmail.com Received: by 10.79.21.196 with HTTP; Mon, 24 Aug 2015 10:55:01 -0700 (PDT) Date: Mon, 24 Aug 2015 13:55:01 -0400 X-Google-Sender-Auth: 1-Uh9BY4FQWJtPfxzldW4ZwmGpk Message-ID: From: Daniel Migault To: Linda Dunbar Content-Type: multipart/alternative; boundary=001a113ec2f209c500051e1251b7 Archived-At: Cc: Jeffrey Haas , "i2rs@ietf.org" , "Joel M. Halpern" , Alia Atlas Subject: Re: [i2rs] Review comments to draft-mglt-i2rs-security-environment-reqs-00 (was RE: draft-mglt-i2rs-security-requirements-00 2 Week WG adoption call (8/17 to 8/31) X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Interface to The Internet Routing System $IRS$" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Aug 2015 17:55:06 -0000 --001a113ec2f209c500051e1251b7 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi Linda, Thank you for your comments. I agree we need to address more specifically or explicitly the "most common" use case. I agree with your comments and we will consider them to improve and clarify the text of the next version. Thank you. To me the i2rs plane provides a limited number of functionnalities that may be provided to different independant tenants. BR, Daniel On Mon, Aug 24, 2015 at 1:37 PM, Linda Dunbar wrote: > Joel, > > Agree with you that =E2=80=9Cwe don=E2=80=99t need to build different pro= tocol stacks for > the different deployments=E2=80=9D. > But the =E2=80=9Cenvironment-req=E2=80=9D draft is not about =E2=80=9CPro= tocol=E2=80=9D, but about > security issues under different =E2=80=9Cenvironment=E2=80=9D. > > Among all our customers who are interested in I2RS, majority of them > (>90%) will deploy them in a closed environment, i.e. physically secured > connection between I2RS agent and I2RS client. Therefore, it is important > to =E2=80=9Cprovides an analysis of the security issues of=E2=80=9D of th= is commonly > deployed environment. > > I suggest adding this Figure to Section 1 of the document: > > Closed (over open Chnl ###>) Open (over secure Chnl --->) > +---------------------------------+ > | *********************** | *********************** | > | * Application A * | * Application B * | > | * * | * * | > | * +----------------+ * | * +----------------+ * | > | * | Client A | * | * | Client B | * | > | * +----------------+ * | * +----------------+ * | > | ******* ^ ************* | ***** ^ ****** ^ ****** | > | # | | | | > | # | | | |-----| > | # | | | > | ************ v * * * * ********| ***************** v * v ******** > | * +---------------------+ | * +---------------------+ * > | * | Agent 1 | | * | Agent 2 | * > | * +---------------------+ | * +---------------------+ * > | * ^ ^ ^ ^ | * ^ ^ ^ ^ * > > > > Just think about this fact: today=E2=80=99s router configuration in produ= ction > environment can only be performed by a few authorized people with EMS/NMS > physically and securely separated. If the majority of the I2RS environmen= t > requirement is about open connection, I2RS WG will spend a lot energy > developing the very sophisticated protocols which is expensive to develop > and harder to deploy. > > I am not against this development, but IMHO, to gain wider and quicker > I2RS deployment in production environment, it is necessary to have a very > *lean* I2RS solution first, and to have a well documented security > requirement for the common deployment environment. E.g. a single Controll= er > (or the I2RS client) directly connected to their devices via their intern= al > network, where the connection is physically isolated from other network a= nd > protected by separate mechanisms. Also remember, many operators will use > I2RS to control a small number of selective routers (mostly routers at > ingress/egress boundary) for value added services. > > > > Some of my detailed questions and comments to the =E2=80=9Csecurity-requi= rements=E2=80=9D > are still applicable to the =E2=80=9Cenvironment-req=E2=80=9D document be= cause they have > the same text. Plus a few more for the =E2=80=9Cenvironment-req=E2=80=9D = document. Hope the > authors can address them. > > > Section 3: > > What are the key differences with regard to the security requirements for > I2RS plane and for management plane? Section 3.1 describes the > interaction between I2RS plane and management plane. But I see the securi= ty > requirement for the management plane are all applicable to the security > requirement to I2RS plane . If you think that they are very different, ca= n > you elaborate more? > > Section 3.4 has title =E2=80=9CRecommendations=E2=80=9D, but the content = are all > requirements. Why not name the section =E2=80=9CRequirement=E2=80=9D? > > REQ 2: Does it that a different IP address than the one used by the > management system? > > REQ 21: is more about I2RS requirement, less about =E2=80=9CSecurity=E2= =80=9D requirement. > > REQ 24: isn=E2=80=99t it the general goal of I2RS? Not really security pe= r se. > (should be included in the general I2RS requirement or architecture). > > > REQ 26: simply controlling the resource can hardly prevent DoS. Malicious > client can occupy the resource while the valid one can't access. > > Thanks for your consideration, > Linda > > > -----Original Message----- > From: i2rs [mailto:i2rs-bounces@ietf.org ] On > Behalf Of Joel M. Halpern > Sent: Friday, August 21, 2015 12:20 PM > To: Linda Dunbar; i2rs@ietf.org > Cc: 'Jeffrey Haas'; daniel.migault@ericsson.com; 'Alia Atlas' > Subject: Re: [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG > adoption call (8/17 to 8/31) > > Yes, one of the two last calls is for the environment document. > > Having a dedicated physical channel is one of the ways identified in the > draft to provide the required isolation. > > While such an environment is clearly supportable, I do not think we shoul= d > reduce the internal protocol requirements (such as MTI security for the > control channel) just because there are circumstances where such it won't > be needed. I don't expect that we will build different protocol stacks f= or > the different deployments. > > The purpose of this draft is to describe the environmental assumptions, > which assumptions can be met in various ways. > > Yours, > Joel > > On 8/21/15 12:56 PM, Linda Dunbar wrote: > > Joel, > > > > If it is the "environmental one", it is more important to differentiate > the requirements for different environments on how the I2RS client & Agen= t > are connected. > > > > One of our customers stated that their environment has a single > Controller (or the I2RS client) directly connected to their devices via > their internal network, where the connection is physically isolated from > other network and protected by separate mechanisms, they don't need all > those sophisticated authentication procedure. > > > > We need to address this environment, i.e. having a simpler security > requirement for this environment than the environment where I2RS Client i= s > connected via public network. > > > > Linda > > > > > > -----Original Message----- > > From: Joel Halpern Direct [mailto:jmh.direct@joelhalpern.com > ] > > Sent: Friday, August 21, 2015 10:53 AM > > To: Linda Dunbar; i2rs@ietf.org > > Cc: 'Jeffrey Haas'; daniel.migault@ericsson.com; 'Joel Halpern'; 'Alia > Atlas' > > Subject: Re: [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG > > adoption call (8/17 to 8/31) > > > > First, there may be some confusion because the announcement. I presume > that you are talking about the -environments documents. > > > > If the WG concludes that a different chapter structure is useful, we ca= n > of course change it. Given that the goal is environment description, I a= m > not sure your proposed structure is significantly better than the existin= g > one. > > > > I believe your comment about the text reading "where security function= s > may be hosted" is well taken, and we should remove that text when we next > revise the document. > > > > The isolation text is about the need to keep things separate, and the > various possible means are degrees / approaches to separation. > > Isolation is not about treating things differently, nor is it explicitl= y > about using different protocols. So the point of isolation is not that > there are different security requirements, but that in order to avoid > corss-effects, things should be kept separate. > > > > Yours, > > Joel > > > > On 8/20/15 6:42 PM, Linda Dunbar wrote: > >> I support the WG adoption because I think the I2RS WG needs it. > >> However, I hope the authors can consider/address the following > suggestions/comments: > >> > >> When you think about the I2RS security, there are following > >> different > >> aspects: > >> > >> -Communication channel between I2RS client and Agent (and the channel > >> between I2RS client and applications): > >> > >> The channel can be > >> > >> oVia physical Private network (e.g. within a secured direct connect > >> within one site), > >> > >> owithin one administrative domain, via virtual private network > >> > >> oSecured connection, such as TLS or IPSec > >> > >> oPublic internet > >> > >> o.. > >> > >> -Authentication & Authorization > >> > >> othe authentication & authorization requirement for different > >> communication channels can be different. Therefore, should have > >> separate sections to address specific requirement for each > >> communication channels between I2RS agent <-> clients (and client <-> > >> applications) > >> > >> The current Section 4 of the draft already has very good description > >> on the subject. I think 4.4.1 and 4.42 can be separated out of the > section. > >> > >> -Encryption for the actual content between Client and Agent > >> > >> -DoS Design requirement (currently in Section 5.2.1) > >> > >> -Management of conflict with other plane (e.g. the management plane, > >> multi-headed control, which has been discussed extensively in > >> ephemeral > >> draft) > >> > >> I think the draft should be organized from the aspects of the > >> security to I2RS as suggested above. > >> > >> Here are some detailed questions and comments to the requirements > >> listed in the document: > >> > >> Section 1: > >> > >> The second paragraph stated the security recommendations must > >> "specifying where security functions may be hosted". First of all I > >> don't see the draft address this aspect. Second, I think "where > >> security functions are hosted" is orthogonal to "I2RS security" . > >> > >> Section 3: > >> > >> what does isolating two planes mean? does it mean they have different > >> security requirement/issues? Or does it mean they need different > protocols? > >> > >> What are the key differences with regard to the security requirements > >> for I2RS plane and for management plane? Section 3.1 describes the > >> interaction between I2RS plane and management plane. But I see the > >> security requirement for the management plane is similar to I2RS plane= . > >> If you think that they are very different, can you elaborate more? > >> > >> Section 3.4 has title "Recommendations", but the content are all > >> requirements. Why not name the section "Requirement"? > >> > >> REQ 2: Does it that a different IP address than the one used by the > >> management system? > >> > >> How is REQ 22 different from REQ 21? > >> > >> REQ 27 is hard to enforce. How about say something like "shouldn't > >> send any information beyond what have been defined by the I2RS data > model"? > >> > >> REQ 30: simply controlling the resource can hardly prevent DoS. > >> Malicious client can occupy the resource while the valid one can't > access. > >> > >> Thanks for consideration, > >> > >> Linda > >> > >> *From:*i2rs [mailto:i2rs-bounces@ietf.org ] *On > Behalf Of *Susan Hares > >> *Sent:* Monday, August 17, 2015 12:50 PM > >> *To:* i2rs@ietf.org > >> *Cc:* 'Jeffrey Haas'; daniel.migault@ericsson.com; 'Joel Halpern'; > >> shares@ndzh.com; 'Alia Atlas' > >> *Subject:* [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG > >> adoption call (8/17 to 8/31) > >> > >> This begins a 2 week WG adoption call for > >> draft-mglt-i2rs-security-requirements. This draft discusses the > >> security requirements for the I2RS environment. You can find the draf= t > at: > >> > >> https://tools.ietf.org/html/draft-mglt-i2rs-security-environment-reqs > >> - > >> 00 > >> > >> A security reviewer will review this draft during the time 8/20 to > >> 8/25. We will post the security directorate review to this discussio= n. > >> > >> Sue Hares > >> > > > > _______________________________________________ > i2rs mailing list > i2rs@ietf.org > https://www.ietf.org/mailman/listinfo/i2rs > > > _______________________________________________ > i2rs mailing list > i2rs@ietf.org > https://www.ietf.org/mailman/listinfo/i2rs > > --001a113ec2f209c500051e1251b7 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Hi Linda,

Thank you for your = comments. I agree we need to address more specifically or explicitly the &q= uot;most common" use case. I agree with your comments and we will cons= ider them to improve and clarify the text of the next version. Thank you. T= o me the i2rs plane provides a limited number of functionnalities that may = be provided to different independant tenants.=C2=A0

BR,
<= /div>Daniel

=C2=A0

<= div class=3D"gmail_quote">On Mon, Aug 24, 2015 at 1:37 PM, Linda Dunbar <linda.dunbar@huawei.com> wrote:

Joel,

=C2=A0

Agree with you that =E2=80=9Cwe don=E2=80=99t need to build different protocol stacks f= or the different deployments=E2=80=9D.

But the =E2=80=9Cenvironment-req=E2=80=9D draf= t is not about =E2=80=9CProtocol=E2=80=9D, but about security issues under = different =E2=80=9Cenvironment=E2=80=9D.

=C2=A0

Among all our customers who are interested in = I2RS, majority of them (>90%) will deploy them in a closed environment, = i.e. physically secured=C2=A0 connection between I2RS agent and I2RS client= . Therefore, it is important to =E2=80=9Cprovides an analysis of the security issues = of=E2=80=9D= of this commonly deployed environment.

=C2=A0

I suggest adding this Figure to Section 1 of t= he document:

=C2=A0

Closed=C2=A0 (over open Chnl ###>)=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Open (over secure Chnl --->)

+---------------------------------+

|=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ***********************= =C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ***********************=C2=A0 = |

|=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 *=C2=A0=C2=A0=C2=A0= Application A=C2=A0=C2=A0=C2=A0 *=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0 *=C2=A0=C2=A0=C2=A0 Application B=C2=A0=C2=A0=C2=A0 *=C2=A0 |

|=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 *=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0 *=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 *= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 *=C2=A0 |

|=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 *=C2=A0 +----------= ------+ *=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 *=C2=A0 +------------= ----+ *=C2=A0 |

|=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 *=C2=A0 |=C2=A0=C2= =A0 Client A=C2=A0=C2=A0=C2=A0=C2=A0 | *=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0 *=C2=A0 |=C2=A0=C2=A0 Client B=C2=A0=C2=A0=C2=A0=C2=A0 | *=C2=A0 = |

|=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 *=C2=A0 +----------= ------+ *=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 *=C2=A0 +------------= ----+ *=C2=A0 |

|=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ******* ^ *********= ****=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ***** ^ ****** ^ ******=C2= =A0 |

|=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 #=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |

|=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 #=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0 |=C2=A0=C2=A0 |-----|

|=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 #=C2=A0=C2=A0 =C2=A0=C2=A0 =C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0 |=C2=A0=C2=A0 |

|=C2=A0 ************ v * * * * ********|=C2=A0=C2=A0 ****= ************* v * v ********

|=C2=A0 *=C2=A0 +---------------------+=C2=A0=C2=A0=C2=A0= =C2=A0 |=C2=A0=C2=A0 *=C2=A0 +---------------------+=C2=A0=C2=A0=C2=A0=C2= =A0 *

|=C2=A0 *=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0 Agent 1=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0 |=C2= =A0=C2=A0 *=C2=A0 |=C2=A0=C2=A0=C2=A0 Agent 2=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0 *

|=C2=A0 *=C2=A0 +---------------------+=C2=A0=C2=A0=C2=A0= =C2=A0 |=C2=A0=C2=A0 *=C2=A0 +---------------------+=C2=A0=C2=A0=C2=A0=C2= =A0 *

|=C2=A0 *=C2=A0=C2=A0=C2=A0=C2=A0 ^=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0 ^=C2=A0 ^=C2=A0=C2=A0 ^=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0 |=C2=A0=C2=A0 *=C2=A0=C2=A0=C2=A0=C2=A0 ^=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0 ^=C2=A0 ^=C2=A0=C2=A0 ^=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0 *

=C2=A0

=C2=A0

=C2=A0

Just think about this fact: today=E2=80=99s ro= uter configuration in production environment can only be performed by a few= authorized people with EMS/NMS physically and securely separated. If the = majority of the I2RS environment requirement is about open connection, I2RS WG will spend a lot energy developing the ve= ry sophisticated protocols which is expensive to develop and harder to depl= oy.

=C2=A0

I am not against this development, but IMHO, = to gain wider and quicker I2RS deployment in production environment, it is = necessary to have a very lean I2RS= solution first, and to have a well documented security requirement for the common deployment environment. E.g.= a single Controller (or the I2RS client) directly connected to their devic= es via their internal network, where the connection is physically isolated = from other network and protected by separate mechanisms. Also remember, many operators will use I2RS to con= trol a small number of selective routers (mostly routers at ingress/egress = boundary) for value added services.

=C2=A0

=C2=A0

=C2=A0

Some of my detailed questions and comments to= the =E2=80=9Csecurity-requirements=E2=80=9D are still applicable to the = =E2=80=9Cenvironment-req=E2=80=9D document because they have the same text.= Plus a few more for the =E2=80=9Cenvironment-req=E2=80=9D document. Hope t= he authors can address them.

=C2=A0

=C2=A0

Section 3:

=C2=A0

What are the key d= ifferences with regard to the security requirements for =C2=A0I2RS plane an= d for management plane?=C2=A0 Section 3.1 describes the interaction between= I2RS plane and management plane. But I see the security requirement for the management plane are all applicable to the sec= urity requirement to I2RS plane . If you think that they are very different= , can you elaborate more?

=C2=A0

Section 3.4 has title =E2=80=9CRecommendations= =E2=80=9D, but the content are all requirements. Why not name the section = =E2=80=9CRequirement=E2=80=9D?

=C2=A0

REQ 2: Does it that a different IP address tha= n the one used by the management system?

=C2=A0

REQ 21: is more about I2RS requirement, less a= bout =E2=80=9CSecurity=E2=80=9D requirement.

=C2=A0

REQ 24: isn=E2=80=99t it the general goal of I= 2RS? Not really security per se. (should be included in the general I2RS re= quirement or architecture).

=C2=A0

=C2=A0

REQ 26: simply controlling the resource can ha= rdly prevent DoS. Malicious client can occupy the resource while the valid = one can't access.

=C2=A0

Thanks for your consideration,

Linda

=C2=A0

=C2=A0

--= ---Original Message-----
From: i2rs [mail= to:i2rs-bounces@ietf.org] On Behalf Of Joel M. Halpern
Sent: Friday, August 21, 2015 12:20 PM
To: Linda Dunbar; i2rs@i= etf.org
Cc: 'Jeffrey Haas'; daniel.migault@ericsson.com; 'Alia Atlas'
Subject: Re: [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG adop= tion call (8/17 to 8/31)

=C2=A0

Ye= s, one of the two last calls is for the environment document.=

= =C2=A0

Ha= ving a dedicated physical channel is one of the ways identified in the draf= t to provide the required isolation.

= =C2=A0

Wh= ile such an environment is clearly supportable, I do not think we should re= duce the internal protocol requirements (such as MTI security for the contr= ol channel) just because there are circumstances where such it won't be needed.=C2=A0 I don't expect that we will bu= ild different protocol stacks for the different deployments.<= /div>
= =C2=A0

Th= e purpose of this draft is to describe the environmental assumptions, which= assumptions can be met in various ways.

= =C2=A0

Yo= urs,

Jo= el

= =C2=A0

On= 8/21/15 12:56 PM, Linda Dunbar wrote:

&g= t; Joel,

&g= t;

&g= t; If it is the "environmental one", it is more important to diff= erentiate the requirements for different environments on how the I2RS clien= t & Agent are connected.

&g= t;

&g= t; One of our customers stated that their environment has a single Controll= er (or the I2RS client) directly connected to their devices via their inter= nal network, where the connection is physically isolated from other network and protected by separate mechanisms, they don&= #39;t need all those sophisticated authentication procedure.<= /div>
&g= t;

&g= t; We need to address this environment, i.e. having a simpler security requ= irement for this environment than the environment where I2RS Client is conn= ected via public network.

&g= t;

&g= t; Linda

&g= t;

&g= t;

&g= t; -----Original Message-----

&g= t; From: Joel Halpern Direct [mailto:jmh.direct@joelhalpern.com]
&g= t; Sent: Friday, August 21, 2015 10:53 AM

&g= t; To: Linda Dunbar; i2r= s@ietf.org

&g= t; Cc: 'Jeffrey Haas'; daniel.migault@ericsson.com; 'Joel Halpern'= ;; 'Alia Atlas'

&g= t; Subject: Re: [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG <= /span>

&g= t; adoption call (8/17 to 8/31)

&g= t;

&g= t; First, there may be some confusion because the announcement.=C2=A0 I pre= sume that you are talking about the -environments documents.<= /div>
&g= t;

&g= t; If the WG concludes that a different chapter structure is useful, we can= of course change it.=C2=A0 Given that the goal is environment description,= I am not sure your proposed structure is significantly better than the existing one.

&g= t;

&g= t; I believe your comment about the text=C2=A0 reading "where security= functions may be hosted" is well taken, and we should remove that tex= t when we next revise the document.

&g= t;

&g= t; The isolation text is about the need to keep things separate, and the va= rious possible means are degrees / approaches to separation.<= /div>
&g= t; Isolation is not about treating things differently, nor is it explicitly= about using different protocols.=C2=A0 So the point of isolation is not th= at there are different security requirements, but that in order to avoid corss-effects, things should be kept separate.

&g= t;

&g= t; Yours,

&g= t; Joel

&g= t;

&g= t; On 8/20/15 6:42 PM, Linda Dunbar wrote:

&g= t;> I support the WG adoption because I think the I2RS WG needs it.

&g= t;> However, I hope the authors can consider/address the following sugge= stions/comments:

&g= t;>

&g= t;> When you think about the I2RS security,=C2=A0 there are following

&g= t;> different

&g= t;> aspects:

&g= t;>

&g= t;> -Communication channel between I2RS client and Agent (and the channe= l

&g= t;> between I2RS client and applications):

&g= t;>

&g= t;> The channel can be

&g= t;>

&g= t;> oVia physical Private network (e.g. within a secured direct connect =

&g= t;> within one site),

&g= t;>

&g= t;> owithin one administrative domain,=C2=A0 via virtual private network=

&g= t;>

&g= t;> oSecured connection, such as TLS or IPSec

&g= t;>

&g= t;> oPublic internet

&g= t;>

&g= t;> o..

&g= t;>

&g= t;> -Authentication & Authorization

&g= t;>

&g= t;> othe authentication & authorization requirement for different

&g= t;> communication channels can be different. Therefore, should have

&g= t;> separate sections to address specific requirement=C2=A0 for each

&g= t;> communication channels between I2RS agent <-> clients (and cli= ent <->

&g= t;> applications)

&g= t;>

&g= t;> The current Section 4 of the draft already has very good description=

&g= t;> on the subject. I think 4.4.1 and 4.42 can be separated out of the s= ection.

&g= t;>

&g= t;> -Encryption for the actual content between Client and Agent

&g= t;>

&g= t;> -DoS Design requirement (currently in Section 5.2.1)
&g= t;>

&g= t;> -Management of conflict with other plane (e.g. the management plane,=

&g= t;> multi-headed control, which has been discussed extensively in

&g= t;> ephemeral

&g= t;> draft)

&g= t;>

&g= t;> I think the draft should be organized from the aspects of the

&g= t;> security to I2RS as suggested above.

&g= t;>

&g= t;> Here are some detailed questions and comments to the requirements

&g= t;> listed in the document:

&g= t;>

&g= t;> Section 1:

&g= t;>

&g= t;> The second paragraph stated the security recommendations must

&g= t;> "specifying where security functions may be hosted". First= of all I

&g= t;> don't see the draft address this aspect. Second, I think=C2=A0= =C2=A0 "where

&g= t;> security functions are hosted" is orthogonal to "I2RS secu= rity" .

&g= t;>

&g= t;> Section 3:

&g= t;>

&g= t;> what does isolating two planes mean? does it mean they have differen= t

&g= t;> security requirement/issues? Or does it mean they need different pro= tocols?

&g= t;>

&g= t;> What are the key differences with regard to the security requirement= s

&g= t;> for=C2=A0 I2RS plane and for management plane?=C2=A0 Section 3.1 des= cribes the

&g= t;> interaction between I2RS plane and management plane. But I see the <= /span>

&g= t;> security requirement for the management plane is similar to I2RS pla= ne .

&g= t;> If you think that they are very different, can you elaborate more?

&g= t;>

&g= t;> Section 3.4 has title "Recommendations", but the content a= re all

&g= t;> requirements. Why not name the section "Requirement"?

&g= t;>

&g= t;> REQ 2: Does it that a different IP address than the one used by the =

&g= t;> management system?

&g= t;>

&g= t;> How is REQ 22 different from REQ 21?

&g= t;>

&g= t;> REQ 27 is hard to enforce. How about say something like "should= n't

&g= t;> send any information beyond what have been defined by the I2RS data = model"?

&g= t;>

&g= t;> REQ 30: simply controlling the resource can hardly prevent DoS.

&g= t;> Malicious client can occupy the resource while the valid one can'= ;t access.

&g= t;>

&g= t;> Thanks for consideration,

&g= t;>

&g= t;> Linda

&g= t;>

&g= t;> *From:*i2rs [mailto:i2rs-bounces@ietf.org] *On Behalf Of *Susan Hares

&g= t;> *Sent:* Monday, August 17, 2015 12:50 PM

&g= t;> *To:* i2rs@ietf.o= rg

&g= t;> *Cc:* 'Jeffrey Haas'; daniel.migault@ericsson.com; 'Joel Halpe= rn';

&g= t;> shares@ndzh.com= ; 'Alia Atlas'

&g= t;> *Subject:* [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG=

&g= t;> adoption call (8/17 to 8/31)

&g= t;>

&g= t;> This begins a 2 week WG adoption call for

&g= t;> draft-mglt-i2rs-security-requirements.=C2=A0 This draft discusses th= e

&g= t;> security requirements for the I2RS environment.=C2=A0 You can find t= he draft at:

&g= t;>

&g= t;> https://tools.ietf.org/html/draft-mglt-i2rs= -security-environment-reqs

&g= t;> -

&g= t;> 00

&g= t;>

&g= t;> A security reviewer will review this draft during the time 8/20 to

&g= t;> 8/25.=C2=A0=C2=A0 We will post the security directorate review to th= is discussion.

&g= t;>

&g= t;> Sue Hares

&g= t;>

&g= t;

= =C2=A0

__= _____________________________________________

i2= rs mailing list

i2rs@ietf.org

https://www.ietf.org/mailman/listinfo/i2rs

=C2=A0

_______________________________________________
i2rs mailing list
i2rs@ietf.org
https://www.ietf.org/mailman/listinfo/i2rs

--001a113ec2f209c500051e1251b7-- From nobody Mon Aug 24 11:02:51 2015 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 474A91A003B for ; Mon, 24 Aug 2015 11:02:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.978 X-Spam-Level: X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4zBDANPhawHG for ; Mon, 24 Aug 2015 11:02:45 -0700 (PDT) Received: from mail-lb0-f172.google.com (mail-lb0-f172.google.com [209.85.217.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC5431A1B19 for ; Mon, 24 Aug 2015 11:02:44 -0700 (PDT) Received: by lbbpu9 with SMTP id pu9so84985538lbb.3 for ; Mon, 24 Aug 2015 11:02:43 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=xTJevIxklr7PHW8/4MuAQyuh3zI/2qKNJ3ZkFBL2WHA=; b=CPWg7MGl75go6DQd5qAQMXT7j4vNShppfEeESEzYES82RbtjwlN2HrVfTODKbGZlW3 OY9KqIV/undlJZ80zV6qoHEQQ9+O98Cq244bnQ83qRyZ9eRf5oABoHdDuMvAWT9lnAe+ TzM2nKu8Q3bjpwu592QLKM/HB7PsuQyjR4mf4wkOApjVhPfwo5zt8XMhbkcDobY+AcYl kNYQ3fYdu5cp0vkafaK3kXZ9bwtJ9JuZ/1KQRYUsnUu2l8bUWs7fmt/jDSxDacFYA97P MdjUCGN64JnuRgcv43QLf5UTwrHLnBxkb3ryDhZNHD2peN8v59mbx94BDeNLYb8wfyVY 4QwQ== X-Gm-Message-State: ALoCoQm2j3WlOzanEKjMWK4GonhIQy/QDQjOCrQoGv9TKt/VPtvkOtcKTu5ase6/zFAeaWcC4vjF MIME-Version: 1.0 X-Received: by 10.112.154.106 with SMTP id vn10mr21574528lbb.38.1440439363240; Mon, 24 Aug 2015 11:02:43 -0700 (PDT) Received: by 10.112.200.104 with HTTP; Mon, 24 Aug 2015 11:02:43 -0700 (PDT) In-Reply-To: <4A95BA014132FF49AE685FAB4B9F17F657D173F6@dfweml701-chm> References: <01a801d0d915$1558b4e0$400a1ea0$@ndzh.com> <4A95BA014132FF49AE685FAB4B9F17F657D1422E@dfweml701-chm> <55D7494B.1090903@joelhalpern.com> <4A95BA014132FF49AE685FAB4B9F17F657D158B0@dfweml701-chm> <55D75DAD.6040604@joelhalpern.com> <4A95BA014132FF49AE685FAB4B9F17F657D173F6@dfweml701-chm> Date: Mon, 24 Aug 2015 11:02:43 -0700 Message-ID: From: Andy Bierman To: Linda Dunbar Content-Type: multipart/alternative; boundary=089e0122af2a911d32051e126c51 Archived-At: Cc: Jeffrey Haas , "i2rs@ietf.org" , "daniel.migault@ericsson.com" , "Joel M. Halpern" , Alia Atlas Subject: Re: [i2rs] Review comments to draft-mglt-i2rs-security-environment-reqs-00 (was RE: draft-mglt-i2rs-security-requirements-00 2 Week WG adoption call (8/17 to 8/31) X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Interface to The Internet Routing System $IRS$" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Aug 2015 18:02:50 -0000 --089e0122af2a911d32051e126c51 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi, I will leave it to the Security ADs to decide whether a non-secure transpor= t for I2RS should be standardized. The "lean" I2RS seems to be a proprietary controller and agent with no multi-headed control support. This will almost certainly mean that the router will not work if any "unofficial" controller is used instead of the vendor controller. If this really is the expected usage then why bother with a standard? Andy On Mon, Aug 24, 2015 at 10:37 AM, Linda Dunbar wrote: > Joel, > > Agree with you that =E2=80=9Cwe don=E2=80=99t need to build different pro= tocol stacks for > the different deployments=E2=80=9D. > But the =E2=80=9Cenvironment-req=E2=80=9D draft is not about =E2=80=9CPro= tocol=E2=80=9D, but about > security issues under different =E2=80=9Cenvironment=E2=80=9D. > > Among all our customers who are interested in I2RS, majority of them > (>90%) will deploy them in a closed environment, i.e. physically secured > connection between I2RS agent and I2RS client. Therefore, it is important > to =E2=80=9Cprovides an analysis of the security issues of=E2=80=9D of th= is commonly > deployed environment. > > I suggest adding this Figure to Section 1 of the document: > > Closed (over open Chnl ###>) Open (over secure Chnl --->) > +---------------------------------+ > | *********************** | *********************** | > | * Application A * | * Application B * | > | * * | * * | > | * +----------------+ * | * +----------------+ * | > | * | Client A | * | * | Client B | * | > | * +----------------+ * | * +----------------+ * | > | ******* ^ ************* | ***** ^ ****** ^ ****** | > | # | | | | > | # | | | |-----| > | # | | | > | ************ v * * * * ********| ***************** v * v ******** > | * +---------------------+ | * +---------------------+ * > | * | Agent 1 | | * | Agent 2 | * > | * +---------------------+ | * +---------------------+ * > | * ^ ^ ^ ^ | * ^ ^ ^ ^ * > > > > Just think about this fact: today=E2=80=99s router configuration in produ= ction > environment can only be performed by a few authorized people with EMS/NMS > physically and securely separated. If the majority of the I2RS environmen= t > requirement is about open connection, I2RS WG will spend a lot energy > developing the very sophisticated protocols which is expensive to develop > and harder to deploy. > > I am not against this development, but IMHO, to gain wider and quicker > I2RS deployment in production environment, it is necessary to have a very > *lean* I2RS solution first, and to have a well documented security > requirement for the common deployment environment. E.g. a single Controll= er > (or the I2RS client) directly connected to their devices via their intern= al > network, where the connection is physically isolated from other network a= nd > protected by separate mechanisms. Also remember, many operators will use > I2RS to control a small number of selective routers (mostly routers at > ingress/egress boundary) for value added services. > > > > Some of my detailed questions and comments to the =E2=80=9Csecurity-requi= rements=E2=80=9D > are still applicable to the =E2=80=9Cenvironment-req=E2=80=9D document be= cause they have > the same text. Plus a few more for the =E2=80=9Cenvironment-req=E2=80=9D = document. Hope the > authors can address them. > > > Section 3: > > What are the key differences with regard to the security requirements for > I2RS plane and for management plane? Section 3.1 describes the > interaction between I2RS plane and management plane. But I see the securi= ty > requirement for the management plane are all applicable to the security > requirement to I2RS plane . If you think that they are very different, ca= n > you elaborate more? > > Section 3.4 has title =E2=80=9CRecommendations=E2=80=9D, but the content = are all > requirements. Why not name the section =E2=80=9CRequirement=E2=80=9D? > > REQ 2: Does it that a different IP address than the one used by the > management system? > > REQ 21: is more about I2RS requirement, less about =E2=80=9CSecurity=E2= =80=9D requirement. > > REQ 24: isn=E2=80=99t it the general goal of I2RS? Not really security pe= r se. > (should be included in the general I2RS requirement or architecture). > > > REQ 26: simply controlling the resource can hardly prevent DoS. Malicious > client can occupy the resource while the valid one can't access. > > Thanks for your consideration, > Linda > > > -----Original Message----- > From: i2rs [mailto:i2rs-bounces@ietf.org ] On > Behalf Of Joel M. Halpern > Sent: Friday, August 21, 2015 12:20 PM > To: Linda Dunbar; i2rs@ietf.org > Cc: 'Jeffrey Haas'; daniel.migault@ericsson.com; 'Alia Atlas' > Subject: Re: [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG > adoption call (8/17 to 8/31) > > Yes, one of the two last calls is for the environment document. > > Having a dedicated physical channel is one of the ways identified in the > draft to provide the required isolation. > > While such an environment is clearly supportable, I do not think we shoul= d > reduce the internal protocol requirements (such as MTI security for the > control channel) just because there are circumstances where such it won't > be needed. I don't expect that we will build different protocol stacks f= or > the different deployments. > > The purpose of this draft is to describe the environmental assumptions, > which assumptions can be met in various ways. > > Yours, > Joel > > On 8/21/15 12:56 PM, Linda Dunbar wrote: > > Joel, > > > > If it is the "environmental one", it is more important to differentiate > the requirements for different environments on how the I2RS client & Agen= t > are connected. > > > > One of our customers stated that their environment has a single > Controller (or the I2RS client) directly connected to their devices via > their internal network, where the connection is physically isolated from > other network and protected by separate mechanisms, they don't need all > those sophisticated authentication procedure. > > > > We need to address this environment, i.e. having a simpler security > requirement for this environment than the environment where I2RS Client i= s > connected via public network. > > > > Linda > > > > > > -----Original Message----- > > From: Joel Halpern Direct [mailto:jmh.direct@joelhalpern.com > ] > > Sent: Friday, August 21, 2015 10:53 AM > > To: Linda Dunbar; i2rs@ietf.org > > Cc: 'Jeffrey Haas'; daniel.migault@ericsson.com; 'Joel Halpern'; 'Alia > Atlas' > > Subject: Re: [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG > > adoption call (8/17 to 8/31) > > > > First, there may be some confusion because the announcement. I presume > that you are talking about the -environments documents. > > > > If the WG concludes that a different chapter structure is useful, we ca= n > of course change it. Given that the goal is environment description, I a= m > not sure your proposed structure is significantly better than the existin= g > one. > > > > I believe your comment about the text reading "where security function= s > may be hosted" is well taken, and we should remove that text when we next > revise the document. > > > > The isolation text is about the need to keep things separate, and the > various possible means are degrees / approaches to separation. > > Isolation is not about treating things differently, nor is it explicitl= y > about using different protocols. So the point of isolation is not that > there are different security requirements, but that in order to avoid > corss-effects, things should be kept separate. > > > > Yours, > > Joel > > > > On 8/20/15 6:42 PM, Linda Dunbar wrote: > >> I support the WG adoption because I think the I2RS WG needs it. > >> However, I hope the authors can consider/address the following > suggestions/comments: > >> > >> When you think about the I2RS security, there are following > >> different > >> aspects: > >> > >> -Communication channel between I2RS client and Agent (and the channel > >> between I2RS client and applications): > >> > >> The channel can be > >> > >> oVia physical Private network (e.g. within a secured direct connect > >> within one site), > >> > >> owithin one administrative domain, via virtual private network > >> > >> oSecured connection, such as TLS or IPSec > >> > >> oPublic internet > >> > >> o.. > >> > >> -Authentication & Authorization > >> > >> othe authentication & authorization requirement for different > >> communication channels can be different. Therefore, should have > >> separate sections to address specific requirement for each > >> communication channels between I2RS agent <-> clients (and client <-> > >> applications) > >> > >> The current Section 4 of the draft already has very good description > >> on the subject. I think 4.4.1 and 4.42 can be separated out of the > section. > >> > >> -Encryption for the actual content between Client and Agent > >> > >> -DoS Design requirement (currently in Section 5.2.1) > >> > >> -Management of conflict with other plane (e.g. the management plane, > >> multi-headed control, which has been discussed extensively in > >> ephemeral > >> draft) > >> > >> I think the draft should be organized from the aspects of the > >> security to I2RS as suggested above. > >> > >> Here are some detailed questions and comments to the requirements > >> listed in the document: > >> > >> Section 1: > >> > >> The second paragraph stated the security recommendations must > >> "specifying where security functions may be hosted". First of all I > >> don't see the draft address this aspect. Second, I think "where > >> security functions are hosted" is orthogonal to "I2RS security" . > >> > >> Section 3: > >> > >> what does isolating two planes mean? does it mean they have different > >> security requirement/issues? Or does it mean they need different > protocols? > >> > >> What are the key differences with regard to the security requirements > >> for I2RS plane and for management plane? Section 3.1 describes the > >> interaction between I2RS plane and management plane. But I see the > >> security requirement for the management plane is similar to I2RS plane= . > >> If you think that they are very different, can you elaborate more? > >> > >> Section 3.4 has title "Recommendations", but the content are all > >> requirements. Why not name the section "Requirement"? > >> > >> REQ 2: Does it that a different IP address than the one used by the > >> management system? > >> > >> How is REQ 22 different from REQ 21? > >> > >> REQ 27 is hard to enforce. How about say something like "shouldn't > >> send any information beyond what have been defined by the I2RS data > model"? > >> > >> REQ 30: simply controlling the resource can hardly prevent DoS. > >> Malicious client can occupy the resource while the valid one can't > access. > >> > >> Thanks for consideration, > >> > >> Linda > >> > >> *From:*i2rs [mailto:i2rs-bounces@ietf.org ] *On > Behalf Of *Susan Hares > >> *Sent:* Monday, August 17, 2015 12:50 PM > >> *To:* i2rs@ietf.org > >> *Cc:* 'Jeffrey Haas'; daniel.migault@ericsson.com; 'Joel Halpern'; > >> shares@ndzh.com; 'Alia Atlas' > >> *Subject:* [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG > >> adoption call (8/17 to 8/31) > >> > >> This begins a 2 week WG adoption call for > >> draft-mglt-i2rs-security-requirements. This draft discusses the > >> security requirements for the I2RS environment. You can find the draf= t > at: > >> > >> https://tools.ietf.org/html/draft-mglt-i2rs-security-environment-reqs > >> - > >> 00 > >> > >> A security reviewer will review this draft during the time 8/20 to > >> 8/25. We will post the security directorate review to this discussio= n. > >> > >> Sue Hares > >> > > > > _______________________________________________ > i2rs mailing list > i2rs@ietf.org > https://www.ietf.org/mailman/listinfo/i2rs > > > _______________________________________________ > i2rs mailing list > i2rs@ietf.org > https://www.ietf.org/mailman/listinfo/i2rs > > --089e0122af2a911d32051e126c51 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Hi,

I will leave it to the Security ADs= to decide whether a non-secure transport

for I2RS should be stan= dardized.

The "lean" I2RS seems to be a = proprietary controller and agent

with no multi-headed control sup= port. This will almost certainly

mean that the router will not wo= rk if any "unofficial"

controller is used instead of th= e vendor controller.

If this really is the expected usage then why bother wi= th a standard?

Andy

On Mon, Aug 24, 2015 at 10:37 AM, Li= nda Dunbar <linda.dunbar@huawei.com> wrote:

Joel,

=C2=A0

Agree with you that =E2=80=9Cwe don=E2=80=99t need to build different protocol stacks f= or the different deployments=E2=80=9D.

But the =E2=80=9Cenvironment-req=E2=80=9D draf= t is not about =E2=80=9CProtocol=E2=80=9D, but about security issues under = different =E2=80=9Cenvironment=E2=80=9D.

=C2=A0

Among all our customers who are interested in = I2RS, majority of them (>90%) will deploy them in a closed environment, = i.e. physically secured=C2=A0 connection between I2RS agent and I2RS client= . Therefore, it is important to =E2=80=9Cprovides an analysis of the security issues = of=E2=80=9D= of this commonly deployed environment.

=C2=A0

I suggest adding this Figure to Section 1 of t= he document:

=C2=A0

Closed=C2=A0 (over open Chnl ###>)=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Open (over secure Chnl --->)

+---------------------------------+

|=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ***********************= =C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ***********************=C2=A0 = |

|=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 *=C2=A0=C2=A0=C2=A0= Application A=C2=A0=C2=A0=C2=A0 *=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0 *=C2=A0=C2=A0=C2=A0 Application B=C2=A0=C2=A0=C2=A0 *=C2=A0 |

|=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 *=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0 *=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 *= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 *=C2=A0 |

|=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 *=C2=A0 +----------= ------+ *=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 *=C2=A0 +------------= ----+ *=C2=A0 |

|=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 *=C2=A0 +----------= ------+ *=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 *=C2=A0 +------------= ----+ *=C2=A0 |

|=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ******* ^ *********= ****=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ***** ^ ****** ^ ******=C2= =A0 |

|=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 #=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |

|=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 #=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0 |=C2=A0=C2=A0 |-----|

|=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 #=C2=A0=C2=A0 =C2=A0=C2=A0 =C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0 |=C2=A0=C2=A0 |

|=C2=A0 ************ v * * * * ********|=C2=A0=C2=A0 ****= ************* v * v ********

|=C2=A0 *=C2=A0 +---------------------+=C2=A0=C2=A0=C2=A0= =C2=A0 |=C2=A0=C2=A0 *=C2=A0 +---------------------+=C2=A0=C2=A0=C2=A0=C2= =A0 *

|=C2=A0 *=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0 Agent 1=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0 |=C2= =A0=C2=A0 *=C2=A0 |=C2=A0=C2=A0=C2=A0 Agent 2=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0 *

|=C2=A0 *=C2=A0 +---------------------+=C2=A0=C2=A0=C2=A0= =C2=A0 |=C2=A0=C2=A0 *=C2=A0 +---------------------+=C2=A0=C2=A0=C2=A0=C2= =A0 *

|=C2=A0 *=C2=A0=C2=A0=C2=A0=C2=A0 ^=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0 ^=C2=A0 ^=C2=A0=C2=A0 ^=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0 |=C2=A0=C2=A0 *=C2=A0=C2=A0=C2=A0=C2=A0 ^=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0 ^=C2=A0 ^=C2=A0=C2=A0 ^=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0 *

=C2=A0

Just think about this fact: today=E2=80=99s ro= uter configuration in production environment can only be performed by a few= authorized people with EMS/NMS physically and securely separated. If the = majority of the I2RS environment requirement is about open connection, I2RS WG will spend a lot energy developing the ve= ry sophisticated protocols which is expensive to develop and harder to depl= oy.

=C2=A0

Some of my detailed questions and comments to= the =E2=80=9Csecurity-requirements=E2=80=9D are still applicable to the = =E2=80=9Cenvironment-req=E2=80=9D document because they have the same text.= Plus a few more for the =E2=80=9Cenvironment-req=E2=80=9D document. Hope t= he authors can address them.

=C2=A0

Section 3:

=C2=A0

What are the key d= ifferences with regard to the security requirements for =C2=A0I2RS plane an= d for management plane?=C2=A0 Section 3.1 describes the interaction between= I2RS plane and management plane. But I see the security requirement for the management plane are all applicable to the sec= urity requirement to I2RS plane . If you think that they are very different= , can you elaborate more?

=C2=A0

Section 3.4 has title =E2=80=9CRecommendations= =E2=80=9D, but the content are all requirements. Why not name the section = =E2=80=9CRequirement=E2=80=9D?

=C2=A0

REQ 2: Does it that a different IP address tha= n the one used by the management system?

=C2=A0

REQ 21: is more about I2RS requirement, less a= bout =E2=80=9CSecurity=E2=80=9D requirement.

=C2=A0

REQ 24: isn=E2=80=99t it the general goal of I= 2RS? Not really security per se. (should be included in the general I2RS re= quirement or architecture).

=C2=A0

REQ 26: simply controlling the resource can ha= rdly prevent DoS. Malicious client can occupy the resource while the valid = one can't access.

=C2=A0

Thanks for your consideration,

Linda

=C2=A0

--= ---Original Message-----
From: i2rs [mail= to:i2rs-bounces@ietf.org] On Behalf Of Joel M. Halpern
Sent: Friday, August 21, 2015 12:20 PM
To: Linda Dunbar; i2rs@i= etf.org
Cc: 'Jeffrey Haas'; daniel.migault@ericsson.com; 'Alia Atlas'
Subject: Re: [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG adop= tion call (8/17 to 8/31)

=C2=A0

Ye= s, one of the two last calls is for the environment document.=

= =C2=A0

Ha= ving a dedicated physical channel is one of the ways identified in the draf= t to provide the required isolation.

= =C2=A0

Wh= ile such an environment is clearly supportable, I do not think we should re= duce the internal protocol requirements (such as MTI security for the contr= ol channel) just because there are circumstances where such it won't be needed.=C2=A0 I don't expect that we will bu= ild different protocol stacks for the different deployments.<= /div>

= =C2=A0

Th= e purpose of this draft is to describe the environmental assumptions, which= assumptions can be met in various ways.

= =C2=A0

Yo= urs,

Jo= el

= =C2=A0

On= 8/21/15 12:56 PM, Linda Dunbar wrote:

&g= t; Joel,

&g= t;

&g= t; If it is the "environmental one", it is more important to diff= erentiate the requirements for different environments on how the I2RS clien= t & Agent are connected.

&g= t;

&g= t; One of our customers stated that their environment has a single Controll= er (or the I2RS client) directly connected to their devices via their inter= nal network, where the connection is physically isolated from other network and protected by separate mechanisms, they don&= #39;t need all those sophisticated authentication procedure.<= /div>

&g= t;

&g= t; We need to address this environment, i.e. having a simpler security requ= irement for this environment than the environment where I2RS Client is conn= ected via public network.

&g= t;

&g= t; Linda

&g= t;

&g= t; -----Original Message-----

&g= t; From: Joel Halpern Direct [mailto:jmh.direct@joelhalpern.com]

&g= t; Sent: Friday, August 21, 2015 10:53 AM

&g= t; To: Linda Dunbar; i2r= s@ietf.org

&g= t; Cc: 'Jeffrey Haas'; daniel.migault@ericsson.com; 'Joel Halpern'= ;; 'Alia Atlas'

&g= t; Subject: Re: [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG <= /span>

&g= t; adoption call (8/17 to 8/31)

&g= t;

&g= t; First, there may be some confusion because the announcement.=C2=A0 I pre= sume that you are talking about the -environments documents.<= /div>

&g= t;

&g= t; If the WG concludes that a different chapter structure is useful, we can= of course change it.=C2=A0 Given that the goal is environment description,= I am not sure your proposed structure is significantly better than the existing one.

&g= t;

&g= t; I believe your comment about the text=C2=A0 reading "where security= functions may be hosted" is well taken, and we should remove that tex= t when we next revise the document.

&g= t;

&g= t; The isolation text is about the need to keep things separate, and the va= rious possible means are degrees / approaches to separation.<= /div>

&g= t; Isolation is not about treating things differently, nor is it explicitly= about using different protocols.=C2=A0 So the point of isolation is not th= at there are different security requirements, but that in order to avoid corss-effects, things should be kept separate.

&g= t;

&g= t; Yours,

&g= t; Joel

&g= t;

&g= t; On 8/20/15 6:42 PM, Linda Dunbar wrote:

&g= t;> I support the WG adoption because I think the I2RS WG needs it.

&g= t;> However, I hope the authors can consider/address the following sugge= stions/comments:

&g= t;>

&g= t;> When you think about the I2RS security,=C2=A0 there are following

&g= t;> different

&g= t;> aspects:

&g= t;>

&g= t;> -Communication channel between I2RS client and Agent (and the channe= l

&g= t;> between I2RS client and applications):

&g= t;>

&g= t;> The channel can be

&g= t;>

&g= t;> oVia physical Private network (e.g. within a secured direct connect =

&g= t;> within one site),

&g= t;>

&g= t;> owithin one administrative domain,=C2=A0 via virtual private network=

&g= t;>

&g= t;> oSecured connection, such as TLS or IPSec

&g= t;>

&g= t;> oPublic internet

&g= t;>

&g= t;> o..

&g= t;>

&g= t;> -Authentication & Authorization

&g= t;>

&g= t;> othe authentication & authorization requirement for different

&g= t;> communication channels can be different. Therefore, should have

&g= t;> separate sections to address specific requirement=C2=A0 for each

&g= t;> communication channels between I2RS agent <-> clients (and cli= ent <->

&g= t;> applications)

&g= t;>

&g= t;> The current Section 4 of the draft already has very good description=

&g= t;> on the subject. I think 4.4.1 and 4.42 can be separated out of the s= ection.

&g= t;>

&g= t;> -Encryption for the actual content between Client and Agent

&g= t;>

&g= t;> -DoS Design requirement (currently in Section 5.2.1)

&g= t;>

&g= t;> -Management of conflict with other plane (e.g. the management plane,=

&g= t;> multi-headed control, which has been discussed extensively in

&g= t;> ephemeral

&g= t;> draft)

&g= t;>

&g= t;> I think the draft should be organized from the aspects of the

&g= t;> security to I2RS as suggested above.

&g= t;>

&g= t;> Here are some detailed questions and comments to the requirements

&g= t;> listed in the document:

&g= t;>

&g= t;> Section 1:

&g= t;>

&g= t;> The second paragraph stated the security recommendations must

&g= t;> "specifying where security functions may be hosted". First= of all I

&g= t;> don't see the draft address this aspect. Second, I think=C2=A0= =C2=A0 "where

&g= t;> security functions are hosted" is orthogonal to "I2RS secu= rity" .

&g= t;>

&g= t;> Section 3:

&g= t;>

&g= t;> what does isolating two planes mean? does it mean they have differen= t

&g= t;> security requirement/issues? Or does it mean they need different pro= tocols?

&g= t;>

&g= t;> What are the key differences with regard to the security requirement= s

&g= t;> for=C2=A0 I2RS plane and for management plane?=C2=A0 Section 3.1 des= cribes the

&g= t;> interaction between I2RS plane and management plane. But I see the <= /span>

&g= t;> security requirement for the management plane is similar to I2RS pla= ne .

&g= t;> If you think that they are very different, can you elaborate more?

&g= t;>

&g= t;> Section 3.4 has title "Recommendations", but the content a= re all

&g= t;> requirements. Why not name the section "Requirement"?

&g= t;>

&g= t;> REQ 2: Does it that a different IP address than the one used by the =

&g= t;> management system?

&g= t;>

&g= t;> How is REQ 22 different from REQ 21?

&g= t;>

&g= t;> REQ 27 is hard to enforce. How about say something like "should= n't

&g= t;> send any information beyond what have been defined by the I2RS data = model"?

&g= t;>

&g= t;> REQ 30: simply controlling the resource can hardly prevent DoS.

&g= t;> Malicious client can occupy the resource while the valid one can'= ;t access.

&g= t;>

&g= t;> Thanks for consideration,

&g= t;>

&g= t;> Linda

&g= t;>

&g= t;> *From:*i2rs [mailto:i2rs-bounces@ietf.org] *On Behalf Of *Susan Hares

&g= t;> *Sent:* Monday, August 17, 2015 12:50 PM

&g= t;> *To:* i2rs@ietf.o= rg

&g= t;> *Cc:* 'Jeffrey Haas'; daniel.migault@ericsson.com; 'Joel Halpe= rn';

&g= t;> shares@ndzh.com= ; 'Alia Atlas'

&g= t;> *Subject:* [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG=

&g= t;> adoption call (8/17 to 8/31)

&g= t;>

&g= t;> This begins a 2 week WG adoption call for

&g= t;> draft-mglt-i2rs-security-requirements.=C2=A0 This draft discusses th= e

&g= t;> security requirements for the I2RS environment.=C2=A0 You can find t= he draft at:

&g= t;>

&g= t;> https://tools.ietf.org/html/draft-mglt-i2rs= -security-environment-reqs

&g= t;> -

&g= t;> 00

&g= t;>

&g= t;> A security reviewer will review this draft during the time 8/20 to

&g= t;> 8/25.=C2=A0=C2=A0 We will post the security directorate review to th= is discussion.

&g= t;>

&g= t;> Sue Hares

&g= t;>

&g= t;

= =C2=A0

__= _____________________________________________

i2= rs mailing list

i2rs@ietf.org

https://www.ietf.org/mailman/listinfo/i2rs

=C2=A0

_______________________________________________
i2rs mailing list
i2rs@ietf.org
https://www.ietf.org/mailman/listinfo/i2rs

--089e0122af2a911d32051e126c51-- From nobody Mon Aug 24 15:09:24 2015 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C7C71A9151 for ; Mon, 24 Aug 2015 15:09:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.21 X-Spam-Level: X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rt578D1OMhkr for ; Mon, 24 Aug 2015 15:09:17 -0700 (PDT) Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E220F1ACC8C for ; Mon, 24 Aug 2015 15:09:15 -0700 (PDT) Received: from 172.18.7.190 (EHLO lhreml402-hub.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CAJ18722; Mon, 24 Aug 2015 22:09:13 +0000 (GMT) Received: from DFWEML702-CHM.china.huawei.com (10.193.5.72) by lhreml402-hub.china.huawei.com (10.201.5.241) with Microsoft SMTP Server (TLS) id 14.3.235.1; Mon, 24 Aug 2015 23:09:12 +0100 Received: from DFWEML701-CHM.china.huawei.com ([10.193.5.50]) by dfweml702-chm ([10.193.5.72]) with mapi id 14.03.0235.001; Mon, 24 Aug 2015 15:09:08 -0700 From: Linda Dunbar To: Daniel Migault Thread-Topic: Suggested section/text to be added to draft-mglt-i2rs-security-environment-reqs-00 to address security threats in Closed Envionment. Thread-Index: AQHQ3pX/GdxJqOcIRUi5ANb5HmY8FZ4bs7/w Date: Mon, 24 Aug 2015 22:09:07 +0000 Message-ID: <4A95BA014132FF49AE685FAB4B9F17F657D1757E@dfweml701-chm> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [10.192.11.236] Content-Type: multipart/mixed; boundary="_004_4A95BA014132FF49AE685FAB4B9F17F657D1757Edfweml701chm_" MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Cc: Jeffrey Haas , "i2rs@ietf.org" , "Joel M. Halpern" , Alia Atlas Subject: [i2rs] Suggested section/text to be added to draft-mglt-i2rs-security-environment-reqs-00 to address security threats in Closed Envionment. X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Interface to The Internet Routing System $IRS$" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Aug 2015 22:09:23 -0000 --_004_4A95BA014132FF49AE685FAB4B9F17F657D1757Edfweml701chm_ Content-Type: multipart/alternative; boundary="_000_4A95BA014132FF49AE685FAB4B9F17F657D1757Edfweml701chm_" --_000_4A95BA014132FF49AE685FAB4B9F17F657D1757Edfweml701chm_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 RGFuaWVsLA0KDQpUaGFuayB5b3UgZm9yIHdpbGxpbmcgdG8gYWRkcmVzcyBteSBjb21tZW50cy4g VG8gbWFrZSBpdCBlYXNpZXIgZm9yIHlvdSwgSSBwdXQgdG9nZXRoZXIgYSBzZWN0aW9uIHRvIGRl c2NyaWJlIHRoZSBzZWN1cml0eSB0aHJlYXRzIGluIENsb3NlZCBFbnZpcm9ubWVudCBhbmQgbmVj ZXNzYXJ5IHJlcXVpcmVtZW50IGZvciBJMlJTLiBTZWUgdGhlIGF0dGFjaGVkLg0KDQpDbG9zZWQg ZW52aXJvbm1lbnQgZGVwbG95bWVudCBjYW4gZWFzaWx5IGdpdmUgcGVvcGxlIGEgc2Vuc2Ugb2Yg c2VjdXJlIGJlY2F1c2UgdGhlIGxpbmtzIGJldHdlZW4gSTJSUyBDbGllbnQgYW5kIEkyUlMgQWdl bnQgYXJlIGd1aWRlZCBieSBhIHBoeXNpY2FsIOKAnFdhbGzigJ0uICBUaGUgZmFsc2Ugc2Vuc2Ug b2Yg4oCcU2VjdXJl4oCdIGlzIGFjdHVhbGx5IG1vcmUgZGFuZ2Vyb3VzIGJlY2F1c2UgaXQgY2Fu IGVhc2lseSBtYWtlIHRoZSBkZXBsb3ltZW50IG1pc3MgdGhlIGNydWNpYWwgc2VjdXJpdHkgcHJv Y2VkdXJlLg0KDQpUaGVyZWZvcmUsIEkgdGhpbmsgaXQgaXMgaW1wb3J0YW50IHRvIGhhdmUgYSBk ZWRpY2F0ZWQgc2VjdGlvbiBvbiBzZWN1cml0eSB0aHJlYXRzIGFuZCByZXF1aXJlbWVudCBmb3Ig dGhlIENsb3NlZCBFbnZpcm9ubWVudC4NCg0KTGluZGENCg0KRnJvbTogbWdsdC5pZXRmQGdtYWls LmNvbSBbbWFpbHRvOm1nbHQuaWV0ZkBnbWFpbC5jb21dIE9uIEJlaGFsZiBPZiBEYW5pZWwgTWln YXVsdA0KU2VudDogTW9uZGF5LCBBdWd1c3QgMjQsIDIwMTUgMTI6NTUgUE0NClRvOiBMaW5kYSBE dW5iYXINCkNjOiBKb2VsIE0uIEhhbHBlcm47IGkycnNAaWV0Zi5vcmc7IEplZmZyZXkgSGFhczsg QWxpYSBBdGxhcw0KU3ViamVjdDogUmU6IFtpMnJzXSBSZXZpZXcgY29tbWVudHMgdG8gZHJhZnQt bWdsdC1pMnJzLXNlY3VyaXR5LWVudmlyb25tZW50LXJlcXMtMDAgKHdhcyBSRTogZHJhZnQtbWds dC1pMnJzLXNlY3VyaXR5LXJlcXVpcmVtZW50cy0wMCAyIFdlZWsgV0cgYWRvcHRpb24gY2FsbCAo OC8xNyB0byA4LzMxKQ0KDQpIaSBMaW5kYSwNClRoYW5rIHlvdSBmb3IgeW91ciBjb21tZW50cy4g SSBhZ3JlZSB3ZSBuZWVkIHRvIGFkZHJlc3MgbW9yZSBzcGVjaWZpY2FsbHkgb3IgZXhwbGljaXRs eSB0aGUgIm1vc3QgY29tbW9uIiB1c2UgY2FzZS4gSSBhZ3JlZSB3aXRoIHlvdXIgY29tbWVudHMg YW5kIHdlIHdpbGwgY29uc2lkZXIgdGhlbSB0byBpbXByb3ZlIGFuZCBjbGFyaWZ5IHRoZSB0ZXh0 IG9mIHRoZSBuZXh0IHZlcnNpb24uIFRoYW5rIHlvdS4gVG8gbWUgdGhlIGkycnMgcGxhbmUgcHJv dmlkZXMgYSBsaW1pdGVkIG51bWJlciBvZiBmdW5jdGlvbm5hbGl0aWVzIHRoYXQgbWF5IGJlIHBy b3ZpZGVkIHRvIGRpZmZlcmVudCBpbmRlcGVuZGFudCB0ZW5hbnRzLg0KQlIsDQpEYW5pZWwNCg0K DQpPbiBNb24sIEF1ZyAyNCwgMjAxNSBhdCAxOjM3IFBNLCBMaW5kYSBEdW5iYXIgPGxpbmRhLmR1 bmJhckBodWF3ZWkuY29tPG1haWx0bzpsaW5kYS5kdW5iYXJAaHVhd2VpLmNvbT4+IHdyb3RlOg0K Sm9lbCwNCg0KQWdyZWUgd2l0aCB5b3UgdGhhdCDigJx3ZSBkb27igJl0IG5lZWQgdG8gYnVpbGQg ZGlmZmVyZW50IHByb3RvY29sIHN0YWNrcyBmb3IgdGhlIGRpZmZlcmVudCBkZXBsb3ltZW50c+KA nS4NCkJ1dCB0aGUg4oCcZW52aXJvbm1lbnQtcmVx4oCdIGRyYWZ0IGlzIG5vdCBhYm91dCDigJxQ cm90b2NvbOKAnSwgYnV0IGFib3V0IHNlY3VyaXR5IGlzc3VlcyB1bmRlciBkaWZmZXJlbnQg4oCc ZW52aXJvbm1lbnTigJ0uDQoNCkFtb25nIGFsbCBvdXIgY3VzdG9tZXJzIHdobyBhcmUgaW50ZXJl c3RlZCBpbiBJMlJTLCBtYWpvcml0eSBvZiB0aGVtICg+OTAlKSB3aWxsIGRlcGxveSB0aGVtIGlu IGEgY2xvc2VkIGVudmlyb25tZW50LCBpLmUuIHBoeXNpY2FsbHkgc2VjdXJlZCAgY29ubmVjdGlv biBiZXR3ZWVuIEkyUlMgYWdlbnQgYW5kIEkyUlMgY2xpZW50LiBUaGVyZWZvcmUsIGl0IGlzIGlt cG9ydGFudCB0byDigJxwcm92aWRlcyBhbiBhbmFseXNpcyBvZiB0aGUgc2VjdXJpdHkgaXNzdWVz IG9m4oCdIG9mIHRoaXMgY29tbW9ubHkgZGVwbG95ZWQgZW52aXJvbm1lbnQuDQoNCkkgc3VnZ2Vz dCBhZGRpbmcgdGhpcyBGaWd1cmUgdG8gU2VjdGlvbiAxIG9mIHRoZSBkb2N1bWVudDoNCg0KQ2xv c2VkICAob3ZlciBvcGVuIENobmwgIyMjPikgICAgICAgICAgT3BlbiAob3ZlciBzZWN1cmUgQ2hu bCAtLS0+KQ0KKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSsNCnwgICAgICAqKioq KioqKioqKioqKioqKioqKioqKiAgIHwgICAgICAqKioqKioqKioqKioqKioqKioqKioqKiAgfA0K fCAgICAgICAqICAgIEFwcGxpY2F0aW9uIEEgICAgKiAgIHwgICAgICAqICAgIEFwcGxpY2F0aW9u IEIgICAgKiAgfA0KfCAgICAgICAqICAgICAgICAgICAgICAgICAgICAgKiAgIHwgICAgICAqICAg ICAgICAgICAgICAgICAgICAgKiAgfA0KfCAgICAgICAqICArLS0tLS0tLS0tLS0tLS0tLSsgKiAg IHwgICAgICAqICArLS0tLS0tLS0tLS0tLS0tLSsgKiAgfA0KfCAgICAgICAqICB8ICAgQ2xpZW50 IEEgICAgIHwgKiAgIHwgICAgICAqICB8ICAgQ2xpZW50IEIgICAgIHwgKiAgfA0KfCAgICAgICAq ICArLS0tLS0tLS0tLS0tLS0tLSsgKiAgIHwgICAgICAqICArLS0tLS0tLS0tLS0tLS0tLSsgKiAg fA0KfCAgICAgICAqKioqKioqIF4gKioqKioqKioqKioqKiAgIHwgICAgICAqKioqKiBeICoqKioq KiBeICoqKioqKiAgfA0KfCAgICAgICAgICAgICAgICMgICAgICAgICAgICAgICAgIHwgICAgICAg ICAgICB8ICAgICAgICB8ICAgICAgICAgfA0KfCAgICAgICAgICAgICAgICMgICAgICAgICAgICAg ICAgIHwgICAgICAgICAgICB8ICAgICAgICB8ICAgfC0tLS0tfA0KfCAgICAgICAgICAgICAgICMg ICAgICAgICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgfCAgIHwNCnwgICoqKioqKioqKioq KiB2ICogKiAqICogKioqKioqKip8ICAgKioqKioqKioqKioqKioqKiogdiAqIHYgKioqKioqKioN CnwgICogICstLS0tLS0tLS0tLS0tLS0tLS0tLS0rICAgICB8ICAgKiAgKy0tLS0tLS0tLS0tLS0t LS0tLS0tLSsgICAgICoNCnwgICogIHwgICAgIEFnZW50IDEgICAgICAgICB8ICAgICB8ICAgKiAg fCAgICBBZ2VudCAyICAgICAgICAgIHwgICAgICoNCnwgICogICstLS0tLS0tLS0tLS0tLS0tLS0t LS0rICAgICB8ICAgKiAgKy0tLS0tLS0tLS0tLS0tLS0tLS0tLSsgICAgICoNCnwgICogICAgIF4g ICAgICAgIF4gIF4gICBeICAgICAgICB8ICAgKiAgICAgXiAgICAgICAgXiAgXiAgIF4gICAgICAg ICoNCg0KDQoNCkp1c3QgdGhpbmsgYWJvdXQgdGhpcyBmYWN0OiB0b2RheeKAmXMgcm91dGVyIGNv bmZpZ3VyYXRpb24gaW4gcHJvZHVjdGlvbiBlbnZpcm9ubWVudCBjYW4gb25seSBiZSBwZXJmb3Jt ZWQgYnkgYSBmZXcgYXV0aG9yaXplZCBwZW9wbGUgd2l0aCBFTVMvTk1TIHBoeXNpY2FsbHkgYW5k IHNlY3VyZWx5IHNlcGFyYXRlZC4gSWYgdGhlIG1ham9yaXR5IG9mIHRoZSBJMlJTIGVudmlyb25t ZW50IHJlcXVpcmVtZW50IGlzIGFib3V0IG9wZW4gY29ubmVjdGlvbiwgSTJSUyBXRyB3aWxsIHNw ZW5kIGEgbG90IGVuZXJneSBkZXZlbG9waW5nIHRoZSB2ZXJ5IHNvcGhpc3RpY2F0ZWQgcHJvdG9j b2xzIHdoaWNoIGlzIGV4cGVuc2l2ZSB0byBkZXZlbG9wIGFuZCBoYXJkZXIgdG8gZGVwbG95Lg0K DQpJIGFtIG5vdCBhZ2FpbnN0IHRoaXMgZGV2ZWxvcG1lbnQsIGJ1dCBJTUhPLCB0byBnYWluIHdp ZGVyIGFuZCBxdWlja2VyIEkyUlMgZGVwbG95bWVudCBpbiBwcm9kdWN0aW9uIGVudmlyb25tZW50 LCBpdCBpcyBuZWNlc3NhcnkgdG8gaGF2ZSBhIHZlcnkgbGVhbiBJMlJTIHNvbHV0aW9uIGZpcnN0 LCBhbmQgdG8gaGF2ZSBhIHdlbGwgZG9jdW1lbnRlZCBzZWN1cml0eSByZXF1aXJlbWVudCBmb3Ig dGhlIGNvbW1vbiBkZXBsb3ltZW50IGVudmlyb25tZW50LiBFLmcuIGEgc2luZ2xlIENvbnRyb2xs ZXIgKG9yIHRoZSBJMlJTIGNsaWVudCkgZGlyZWN0bHkgY29ubmVjdGVkIHRvIHRoZWlyIGRldmlj ZXMgdmlhIHRoZWlyIGludGVybmFsIG5ldHdvcmssIHdoZXJlIHRoZSBjb25uZWN0aW9uIGlzIHBo eXNpY2FsbHkgaXNvbGF0ZWQgZnJvbSBvdGhlciBuZXR3b3JrIGFuZCBwcm90ZWN0ZWQgYnkgc2Vw YXJhdGUgbWVjaGFuaXNtcy4gQWxzbyByZW1lbWJlciwgbWFueSBvcGVyYXRvcnMgd2lsbCB1c2Ug STJSUyB0byBjb250cm9sIGEgc21hbGwgbnVtYmVyIG9mIHNlbGVjdGl2ZSByb3V0ZXJzIChtb3N0 bHkgcm91dGVycyBhdCBpbmdyZXNzL2VncmVzcyBib3VuZGFyeSkgZm9yIHZhbHVlIGFkZGVkIHNl cnZpY2VzLg0KDQoNCg0KU29tZSBvZiBteSBkZXRhaWxlZCBxdWVzdGlvbnMgYW5kIGNvbW1lbnRz IHRvIHRoZSDigJxzZWN1cml0eS1yZXF1aXJlbWVudHPigJ0gYXJlIHN0aWxsIGFwcGxpY2FibGUg dG8gdGhlIOKAnGVudmlyb25tZW50LXJlceKAnSBkb2N1bWVudCBiZWNhdXNlIHRoZXkgaGF2ZSB0 aGUgc2FtZSB0ZXh0LiBQbHVzIGEgZmV3IG1vcmUgZm9yIHRoZSDigJxlbnZpcm9ubWVudC1yZXHi gJ0gZG9jdW1lbnQuIEhvcGUgdGhlIGF1dGhvcnMgY2FuIGFkZHJlc3MgdGhlbS4NCg0KDQpTZWN0 aW9uIDM6DQoNCldoYXQgYXJlIHRoZSBrZXkgZGlmZmVyZW5jZXMgd2l0aCByZWdhcmQgdG8gdGhl IHNlY3VyaXR5IHJlcXVpcmVtZW50cyBmb3IgIEkyUlMgcGxhbmUgYW5kIGZvciBtYW5hZ2VtZW50 IHBsYW5lPyAgU2VjdGlvbiAzLjEgZGVzY3JpYmVzIHRoZSBpbnRlcmFjdGlvbiBiZXR3ZWVuIEky UlMgcGxhbmUgYW5kIG1hbmFnZW1lbnQgcGxhbmUuIEJ1dCBJIHNlZSB0aGUgc2VjdXJpdHkgcmVx dWlyZW1lbnQgZm9yIHRoZSBtYW5hZ2VtZW50IHBsYW5lIGFyZSBhbGwgYXBwbGljYWJsZSB0byB0 aGUgc2VjdXJpdHkgcmVxdWlyZW1lbnQgdG8gSTJSUyBwbGFuZSAuIElmIHlvdSB0aGluayB0aGF0 IHRoZXkgYXJlIHZlcnkgZGlmZmVyZW50LCBjYW4geW91IGVsYWJvcmF0ZSBtb3JlPw0KDQpTZWN0 aW9uIDMuNCBoYXMgdGl0bGUg4oCcUmVjb21tZW5kYXRpb25z4oCdLCBidXQgdGhlIGNvbnRlbnQg YXJlIGFsbCByZXF1aXJlbWVudHMuIFdoeSBub3QgbmFtZSB0aGUgc2VjdGlvbiDigJxSZXF1aXJl bWVudOKAnT8NCg0KUkVRIDI6IERvZXMgaXQgdGhhdCBhIGRpZmZlcmVudCBJUCBhZGRyZXNzIHRo YW4gdGhlIG9uZSB1c2VkIGJ5IHRoZSBtYW5hZ2VtZW50IHN5c3RlbT8NCg0KUkVRIDIxOiBpcyBt b3JlIGFib3V0IEkyUlMgcmVxdWlyZW1lbnQsIGxlc3MgYWJvdXQg4oCcU2VjdXJpdHnigJ0gcmVx dWlyZW1lbnQuDQoNClJFUSAyNDogaXNu4oCZdCBpdCB0aGUgZ2VuZXJhbCBnb2FsIG9mIEkyUlM/ IE5vdCByZWFsbHkgc2VjdXJpdHkgcGVyIHNlLiAoc2hvdWxkIGJlIGluY2x1ZGVkIGluIHRoZSBn ZW5lcmFsIEkyUlMgcmVxdWlyZW1lbnQgb3IgYXJjaGl0ZWN0dXJlKS4NCg0KDQpSRVEgMjY6IHNp bXBseSBjb250cm9sbGluZyB0aGUgcmVzb3VyY2UgY2FuIGhhcmRseSBwcmV2ZW50IERvUy4gTWFs aWNpb3VzIGNsaWVudCBjYW4gb2NjdXB5IHRoZSByZXNvdXJjZSB3aGlsZSB0aGUgdmFsaWQgb25l IGNhbid0IGFjY2Vzcy4NCg0KVGhhbmtzIGZvciB5b3VyIGNvbnNpZGVyYXRpb24sDQpMaW5kYQ0K DQoNCi0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQpGcm9tOiBpMnJzIFttYWlsdG86aTJycy1i b3VuY2VzQGlldGYub3JnXSBPbiBCZWhhbGYgT2YgSm9lbCBNLiBIYWxwZXJuDQpTZW50OiBGcmlk YXksIEF1Z3VzdCAyMSwgMjAxNSAxMjoyMCBQTQ0KVG86IExpbmRhIER1bmJhcjsgaTJyc0BpZXRm Lm9yZzxtYWlsdG86aTJyc0BpZXRmLm9yZz4NCkNjOiAnSmVmZnJleSBIYWFzJzsgZGFuaWVsLm1p Z2F1bHRAZXJpY3Nzb24uY29tPG1haWx0bzpkYW5pZWwubWlnYXVsdEBlcmljc3Nvbi5jb20+OyAn QWxpYSBBdGxhcycNClN1YmplY3Q6IFJlOiBbaTJyc10gZHJhZnQtbWdsdC1pMnJzLXNlY3VyaXR5 LXJlcXVpcmVtZW50cy0wMCAyIFdlZWsgV0cgYWRvcHRpb24gY2FsbCAoOC8xNyB0byA4LzMxKQ0K DQpZZXMsIG9uZSBvZiB0aGUgdHdvIGxhc3QgY2FsbHMgaXMgZm9yIHRoZSBlbnZpcm9ubWVudCBk b2N1bWVudC4NCg0KSGF2aW5nIGEgZGVkaWNhdGVkIHBoeXNpY2FsIGNoYW5uZWwgaXMgb25lIG9m IHRoZSB3YXlzIGlkZW50aWZpZWQgaW4gdGhlIGRyYWZ0IHRvIHByb3ZpZGUgdGhlIHJlcXVpcmVk IGlzb2xhdGlvbi4NCg0KV2hpbGUgc3VjaCBhbiBlbnZpcm9ubWVudCBpcyBjbGVhcmx5IHN1cHBv cnRhYmxlLCBJIGRvIG5vdCB0aGluayB3ZSBzaG91bGQgcmVkdWNlIHRoZSBpbnRlcm5hbCBwcm90 b2NvbCByZXF1aXJlbWVudHMgKHN1Y2ggYXMgTVRJIHNlY3VyaXR5IGZvciB0aGUgY29udHJvbCBj aGFubmVsKSBqdXN0IGJlY2F1c2UgdGhlcmUgYXJlIGNpcmN1bXN0YW5jZXMgd2hlcmUgc3VjaCBp dCB3b24ndCBiZSBuZWVkZWQuICBJIGRvbid0IGV4cGVjdCB0aGF0IHdlIHdpbGwgYnVpbGQgZGlm ZmVyZW50IHByb3RvY29sIHN0YWNrcyBmb3IgdGhlIGRpZmZlcmVudCBkZXBsb3ltZW50cy4NCg0K VGhlIHB1cnBvc2Ugb2YgdGhpcyBkcmFmdCBpcyB0byBkZXNjcmliZSB0aGUgZW52aXJvbm1lbnRh bCBhc3N1bXB0aW9ucywgd2hpY2ggYXNzdW1wdGlvbnMgY2FuIGJlIG1ldCBpbiB2YXJpb3VzIHdh eXMuDQoNCllvdXJzLA0KSm9lbA0KDQpPbiA4LzIxLzE1IDEyOjU2IFBNLCBMaW5kYSBEdW5iYXIg d3JvdGU6DQo+IEpvZWwsDQo+DQo+IElmIGl0IGlzIHRoZSAiZW52aXJvbm1lbnRhbCBvbmUiLCBp dCBpcyBtb3JlIGltcG9ydGFudCB0byBkaWZmZXJlbnRpYXRlIHRoZSByZXF1aXJlbWVudHMgZm9y IGRpZmZlcmVudCBlbnZpcm9ubWVudHMgb24gaG93IHRoZSBJMlJTIGNsaWVudCAmIEFnZW50IGFy ZSBjb25uZWN0ZWQuDQo+DQo+IE9uZSBvZiBvdXIgY3VzdG9tZXJzIHN0YXRlZCB0aGF0IHRoZWly IGVudmlyb25tZW50IGhhcyBhIHNpbmdsZSBDb250cm9sbGVyIChvciB0aGUgSTJSUyBjbGllbnQp IGRpcmVjdGx5IGNvbm5lY3RlZCB0byB0aGVpciBkZXZpY2VzIHZpYSB0aGVpciBpbnRlcm5hbCBu ZXR3b3JrLCB3aGVyZSB0aGUgY29ubmVjdGlvbiBpcyBwaHlzaWNhbGx5IGlzb2xhdGVkIGZyb20g b3RoZXIgbmV0d29yayBhbmQgcHJvdGVjdGVkIGJ5IHNlcGFyYXRlIG1lY2hhbmlzbXMsIHRoZXkg ZG9uJ3QgbmVlZCBhbGwgdGhvc2Ugc29waGlzdGljYXRlZCBhdXRoZW50aWNhdGlvbiBwcm9jZWR1 cmUuDQo+DQo+IFdlIG5lZWQgdG8gYWRkcmVzcyB0aGlzIGVudmlyb25tZW50LCBpLmUuIGhhdmlu ZyBhIHNpbXBsZXIgc2VjdXJpdHkgcmVxdWlyZW1lbnQgZm9yIHRoaXMgZW52aXJvbm1lbnQgdGhh biB0aGUgZW52aXJvbm1lbnQgd2hlcmUgSTJSUyBDbGllbnQgaXMgY29ubmVjdGVkIHZpYSBwdWJs aWMgbmV0d29yay4NCj4NCj4gTGluZGENCj4NCj4NCj4gLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0t LS0NCj4gRnJvbTogSm9lbCBIYWxwZXJuIERpcmVjdCBbbWFpbHRvOmptaC5kaXJlY3RAam9lbGhh bHBlcm4uY29tXQ0KPiBTZW50OiBGcmlkYXksIEF1Z3VzdCAyMSwgMjAxNSAxMDo1MyBBTQ0KPiBU bzogTGluZGEgRHVuYmFyOyBpMnJzQGlldGYub3JnPG1haWx0bzppMnJzQGlldGYub3JnPg0KPiBD YzogJ0plZmZyZXkgSGFhcyc7IGRhbmllbC5taWdhdWx0QGVyaWNzc29uLmNvbTxtYWlsdG86ZGFu aWVsLm1pZ2F1bHRAZXJpY3Nzb24uY29tPjsgJ0pvZWwgSGFscGVybic7ICdBbGlhIEF0bGFzJw0K PiBTdWJqZWN0OiBSZTogW2kycnNdIGRyYWZ0LW1nbHQtaTJycy1zZWN1cml0eS1yZXF1aXJlbWVu dHMtMDAgMiBXZWVrIFdHDQo+IGFkb3B0aW9uIGNhbGwgKDgvMTcgdG8gOC8zMSkNCj4NCj4gRmly c3QsIHRoZXJlIG1heSBiZSBzb21lIGNvbmZ1c2lvbiBiZWNhdXNlIHRoZSBhbm5vdW5jZW1lbnQu ICBJIHByZXN1bWUgdGhhdCB5b3UgYXJlIHRhbGtpbmcgYWJvdXQgdGhlIC1lbnZpcm9ubWVudHMg ZG9jdW1lbnRzLg0KPg0KPiBJZiB0aGUgV0cgY29uY2x1ZGVzIHRoYXQgYSBkaWZmZXJlbnQgY2hh cHRlciBzdHJ1Y3R1cmUgaXMgdXNlZnVsLCB3ZSBjYW4gb2YgY291cnNlIGNoYW5nZSBpdC4gIEdp dmVuIHRoYXQgdGhlIGdvYWwgaXMgZW52aXJvbm1lbnQgZGVzY3JpcHRpb24sIEkgYW0gbm90IHN1 cmUgeW91ciBwcm9wb3NlZCBzdHJ1Y3R1cmUgaXMgc2lnbmlmaWNhbnRseSBiZXR0ZXIgdGhhbiB0 aGUgZXhpc3Rpbmcgb25lLg0KPg0KPiBJIGJlbGlldmUgeW91ciBjb21tZW50IGFib3V0IHRoZSB0 ZXh0ICByZWFkaW5nICJ3aGVyZSBzZWN1cml0eSBmdW5jdGlvbnMgbWF5IGJlIGhvc3RlZCIgaXMg d2VsbCB0YWtlbiwgYW5kIHdlIHNob3VsZCByZW1vdmUgdGhhdCB0ZXh0IHdoZW4gd2UgbmV4dCBy ZXZpc2UgdGhlIGRvY3VtZW50Lg0KPg0KPiBUaGUgaXNvbGF0aW9uIHRleHQgaXMgYWJvdXQgdGhl IG5lZWQgdG8ga2VlcCB0aGluZ3Mgc2VwYXJhdGUsIGFuZCB0aGUgdmFyaW91cyBwb3NzaWJsZSBt ZWFucyBhcmUgZGVncmVlcyAvIGFwcHJvYWNoZXMgdG8gc2VwYXJhdGlvbi4NCj4gSXNvbGF0aW9u IGlzIG5vdCBhYm91dCB0cmVhdGluZyB0aGluZ3MgZGlmZmVyZW50bHksIG5vciBpcyBpdCBleHBs aWNpdGx5IGFib3V0IHVzaW5nIGRpZmZlcmVudCBwcm90b2NvbHMuICBTbyB0aGUgcG9pbnQgb2Yg aXNvbGF0aW9uIGlzIG5vdCB0aGF0IHRoZXJlIGFyZSBkaWZmZXJlbnQgc2VjdXJpdHkgcmVxdWly ZW1lbnRzLCBidXQgdGhhdCBpbiBvcmRlciB0byBhdm9pZCBjb3Jzcy1lZmZlY3RzLCB0aGluZ3Mg c2hvdWxkIGJlIGtlcHQgc2VwYXJhdGUuDQo+DQo+IFlvdXJzLA0KPiBKb2VsDQo+DQo+IE9uIDgv MjAvMTUgNjo0MiBQTSwgTGluZGEgRHVuYmFyIHdyb3RlOg0KPj4gSSBzdXBwb3J0IHRoZSBXRyBh ZG9wdGlvbiBiZWNhdXNlIEkgdGhpbmsgdGhlIEkyUlMgV0cgbmVlZHMgaXQuDQo+PiBIb3dldmVy LCBJIGhvcGUgdGhlIGF1dGhvcnMgY2FuIGNvbnNpZGVyL2FkZHJlc3MgdGhlIGZvbGxvd2luZyBz dWdnZXN0aW9ucy9jb21tZW50czoNCj4+DQo+PiBXaGVuIHlvdSB0aGluayBhYm91dCB0aGUgSTJS UyBzZWN1cml0eSwgIHRoZXJlIGFyZSBmb2xsb3dpbmcNCj4+IGRpZmZlcmVudA0KPj4gYXNwZWN0 czoNCj4+DQo+PiAtQ29tbXVuaWNhdGlvbiBjaGFubmVsIGJldHdlZW4gSTJSUyBjbGllbnQgYW5k IEFnZW50IChhbmQgdGhlIGNoYW5uZWwNCj4+IGJldHdlZW4gSTJSUyBjbGllbnQgYW5kIGFwcGxp Y2F0aW9ucyk6DQo+Pg0KPj4gVGhlIGNoYW5uZWwgY2FuIGJlDQo+Pg0KPj4gb1ZpYSBwaHlzaWNh bCBQcml2YXRlIG5ldHdvcmsgKGUuZy4gd2l0aGluIGEgc2VjdXJlZCBkaXJlY3QgY29ubmVjdA0K Pj4gd2l0aGluIG9uZSBzaXRlKSwNCj4+DQo+PiBvd2l0aGluIG9uZSBhZG1pbmlzdHJhdGl2ZSBk b21haW4sICB2aWEgdmlydHVhbCBwcml2YXRlIG5ldHdvcmsNCj4+DQo+PiBvU2VjdXJlZCBjb25u ZWN0aW9uLCBzdWNoIGFzIFRMUyBvciBJUFNlYw0KPj4NCj4+IG9QdWJsaWMgaW50ZXJuZXQNCj4+ DQo+PiBvLi4NCj4+DQo+PiAtQXV0aGVudGljYXRpb24gJiBBdXRob3JpemF0aW9uDQo+Pg0KPj4g b3RoZSBhdXRoZW50aWNhdGlvbiAmIGF1dGhvcml6YXRpb24gcmVxdWlyZW1lbnQgZm9yIGRpZmZl cmVudA0KPj4gY29tbXVuaWNhdGlvbiBjaGFubmVscyBjYW4gYmUgZGlmZmVyZW50LiBUaGVyZWZv cmUsIHNob3VsZCBoYXZlDQo+PiBzZXBhcmF0ZSBzZWN0aW9ucyB0byBhZGRyZXNzIHNwZWNpZmlj IHJlcXVpcmVtZW50ICBmb3IgZWFjaA0KPj4gY29tbXVuaWNhdGlvbiBjaGFubmVscyBiZXR3ZWVu IEkyUlMgYWdlbnQgPC0+IGNsaWVudHMgKGFuZCBjbGllbnQgPC0+DQo+PiBhcHBsaWNhdGlvbnMp DQo+Pg0KPj4gVGhlIGN1cnJlbnQgU2VjdGlvbiA0IG9mIHRoZSBkcmFmdCBhbHJlYWR5IGhhcyB2 ZXJ5IGdvb2QgZGVzY3JpcHRpb24NCj4+IG9uIHRoZSBzdWJqZWN0LiBJIHRoaW5rIDQuNC4xIGFu ZCA0LjQyIGNhbiBiZSBzZXBhcmF0ZWQgb3V0IG9mIHRoZSBzZWN0aW9uLg0KPj4NCj4+IC1FbmNy eXB0aW9uIGZvciB0aGUgYWN0dWFsIGNvbnRlbnQgYmV0d2VlbiBDbGllbnQgYW5kIEFnZW50DQo+ Pg0KPj4gLURvUyBEZXNpZ24gcmVxdWlyZW1lbnQgKGN1cnJlbnRseSBpbiBTZWN0aW9uIDUuMi4x KQ0KPj4NCj4+IC1NYW5hZ2VtZW50IG9mIGNvbmZsaWN0IHdpdGggb3RoZXIgcGxhbmUgKGUuZy4g dGhlIG1hbmFnZW1lbnQgcGxhbmUsDQo+PiBtdWx0aS1oZWFkZWQgY29udHJvbCwgd2hpY2ggaGFz IGJlZW4gZGlzY3Vzc2VkIGV4dGVuc2l2ZWx5IGluDQo+PiBlcGhlbWVyYWwNCj4+IGRyYWZ0KQ0K Pj4NCj4+IEkgdGhpbmsgdGhlIGRyYWZ0IHNob3VsZCBiZSBvcmdhbml6ZWQgZnJvbSB0aGUgYXNw ZWN0cyBvZiB0aGUNCj4+IHNlY3VyaXR5IHRvIEkyUlMgYXMgc3VnZ2VzdGVkIGFib3ZlLg0KPj4N Cj4+IEhlcmUgYXJlIHNvbWUgZGV0YWlsZWQgcXVlc3Rpb25zIGFuZCBjb21tZW50cyB0byB0aGUg cmVxdWlyZW1lbnRzDQo+PiBsaXN0ZWQgaW4gdGhlIGRvY3VtZW50Og0KPj4NCj4+IFNlY3Rpb24g MToNCj4+DQo+PiBUaGUgc2Vjb25kIHBhcmFncmFwaCBzdGF0ZWQgdGhlIHNlY3VyaXR5IHJlY29t bWVuZGF0aW9ucyBtdXN0DQo+PiAic3BlY2lmeWluZyB3aGVyZSBzZWN1cml0eSBmdW5jdGlvbnMg bWF5IGJlIGhvc3RlZCIuIEZpcnN0IG9mIGFsbCBJDQo+PiBkb24ndCBzZWUgdGhlIGRyYWZ0IGFk ZHJlc3MgdGhpcyBhc3BlY3QuIFNlY29uZCwgSSB0aGluayAgICJ3aGVyZQ0KPj4gc2VjdXJpdHkg ZnVuY3Rpb25zIGFyZSBob3N0ZWQiIGlzIG9ydGhvZ29uYWwgdG8gIkkyUlMgc2VjdXJpdHkiIC4N Cj4+DQo+PiBTZWN0aW9uIDM6DQo+Pg0KPj4gd2hhdCBkb2VzIGlzb2xhdGluZyB0d28gcGxhbmVz IG1lYW4/IGRvZXMgaXQgbWVhbiB0aGV5IGhhdmUgZGlmZmVyZW50DQo+PiBzZWN1cml0eSByZXF1 aXJlbWVudC9pc3N1ZXM/IE9yIGRvZXMgaXQgbWVhbiB0aGV5IG5lZWQgZGlmZmVyZW50IHByb3Rv Y29scz8NCj4+DQo+PiBXaGF0IGFyZSB0aGUga2V5IGRpZmZlcmVuY2VzIHdpdGggcmVnYXJkIHRv IHRoZSBzZWN1cml0eSByZXF1aXJlbWVudHMNCj4+IGZvciAgSTJSUyBwbGFuZSBhbmQgZm9yIG1h bmFnZW1lbnQgcGxhbmU/ICBTZWN0aW9uIDMuMSBkZXNjcmliZXMgdGhlDQo+PiBpbnRlcmFjdGlv biBiZXR3ZWVuIEkyUlMgcGxhbmUgYW5kIG1hbmFnZW1lbnQgcGxhbmUuIEJ1dCBJIHNlZSB0aGUN Cj4+IHNlY3VyaXR5IHJlcXVpcmVtZW50IGZvciB0aGUgbWFuYWdlbWVudCBwbGFuZSBpcyBzaW1p bGFyIHRvIEkyUlMgcGxhbmUgLg0KPj4gSWYgeW91IHRoaW5rIHRoYXQgdGhleSBhcmUgdmVyeSBk aWZmZXJlbnQsIGNhbiB5b3UgZWxhYm9yYXRlIG1vcmU/DQo+Pg0KPj4gU2VjdGlvbiAzLjQgaGFz IHRpdGxlICJSZWNvbW1lbmRhdGlvbnMiLCBidXQgdGhlIGNvbnRlbnQgYXJlIGFsbA0KPj4gcmVx dWlyZW1lbnRzLiBXaHkgbm90IG5hbWUgdGhlIHNlY3Rpb24gIlJlcXVpcmVtZW50Ij8NCj4+DQo+ PiBSRVEgMjogRG9lcyBpdCB0aGF0IGEgZGlmZmVyZW50IElQIGFkZHJlc3MgdGhhbiB0aGUgb25l IHVzZWQgYnkgdGhlDQo+PiBtYW5hZ2VtZW50IHN5c3RlbT8NCj4+DQo+PiBIb3cgaXMgUkVRIDIy IGRpZmZlcmVudCBmcm9tIFJFUSAyMT8NCj4+DQo+PiBSRVEgMjcgaXMgaGFyZCB0byBlbmZvcmNl LiBIb3cgYWJvdXQgc2F5IHNvbWV0aGluZyBsaWtlICJzaG91bGRuJ3QNCj4+IHNlbmQgYW55IGlu Zm9ybWF0aW9uIGJleW9uZCB3aGF0IGhhdmUgYmVlbiBkZWZpbmVkIGJ5IHRoZSBJMlJTIGRhdGEg bW9kZWwiPw0KPj4NCj4+IFJFUSAzMDogc2ltcGx5IGNvbnRyb2xsaW5nIHRoZSByZXNvdXJjZSBj YW4gaGFyZGx5IHByZXZlbnQgRG9TLg0KPj4gTWFsaWNpb3VzIGNsaWVudCBjYW4gb2NjdXB5IHRo ZSByZXNvdXJjZSB3aGlsZSB0aGUgdmFsaWQgb25lIGNhbid0IGFjY2Vzcy4NCj4+DQo+PiBUaGFu a3MgZm9yIGNvbnNpZGVyYXRpb24sDQo+Pg0KPj4gTGluZGENCj4+DQo+PiAqRnJvbToqaTJycyBb bWFpbHRvOmkycnMtYm91bmNlc0BpZXRmLm9yZ10gKk9uIEJlaGFsZiBPZiAqU3VzYW4gSGFyZXMN Cj4+ICpTZW50OiogTW9uZGF5LCBBdWd1c3QgMTcsIDIwMTUgMTI6NTAgUE0NCj4+ICpUbzoqIGky cnNAaWV0Zi5vcmc8bWFpbHRvOmkycnNAaWV0Zi5vcmc+DQo+PiAqQ2M6KiAnSmVmZnJleSBIYWFz JzsgZGFuaWVsLm1pZ2F1bHRAZXJpY3Nzb24uY29tPG1haWx0bzpkYW5pZWwubWlnYXVsdEBlcmlj c3Nvbi5jb20+OyAnSm9lbCBIYWxwZXJuJzsNCj4+IHNoYXJlc0BuZHpoLmNvbTxtYWlsdG86c2hh cmVzQG5kemguY29tPjsgJ0FsaWEgQXRsYXMnDQo+PiAqU3ViamVjdDoqIFtpMnJzXSBkcmFmdC1t Z2x0LWkycnMtc2VjdXJpdHktcmVxdWlyZW1lbnRzLTAwIDIgV2VlayBXRw0KPj4gYWRvcHRpb24g Y2FsbCAoOC8xNyB0byA4LzMxKQ0KPj4NCj4+IFRoaXMgYmVnaW5zIGEgMiB3ZWVrIFdHIGFkb3B0 aW9uIGNhbGwgZm9yDQo+PiBkcmFmdC1tZ2x0LWkycnMtc2VjdXJpdHktcmVxdWlyZW1lbnRzLiAg VGhpcyBkcmFmdCBkaXNjdXNzZXMgdGhlDQo+PiBzZWN1cml0eSByZXF1aXJlbWVudHMgZm9yIHRo ZSBJMlJTIGVudmlyb25tZW50LiAgWW91IGNhbiBmaW5kIHRoZSBkcmFmdCBhdDoNCj4+DQo+PiBo dHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtbWdsdC1pMnJzLXNlY3VyaXR5LWVudmly b25tZW50LXJlcXMNCj4+IC0NCj4+IDAwDQo+Pg0KPj4gQSBzZWN1cml0eSByZXZpZXdlciB3aWxs IHJldmlldyB0aGlzIGRyYWZ0IGR1cmluZyB0aGUgdGltZSA4LzIwIHRvDQo+PiA4LzI1LiAgIFdl IHdpbGwgcG9zdCB0aGUgc2VjdXJpdHkgZGlyZWN0b3JhdGUgcmV2aWV3IHRvIHRoaXMgZGlzY3Vz c2lvbi4NCj4+DQo+PiBTdWUgSGFyZXMNCj4+DQo+DQoNCl9fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fDQppMnJzIG1haWxpbmcgbGlzdA0KaTJyc0BpZXRmLm9y ZzxtYWlsdG86aTJyc0BpZXRmLm9yZz4NCmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlz dGluZm8vaTJycw0KDQoNCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fDQppMnJzIG1haWxpbmcgbGlzdA0KaTJyc0BpZXRmLm9yZzxtYWlsdG86aTJyc0BpZXRm Lm9yZz4NCmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vaTJycw0KDQo= --_000_4A95BA014132FF49AE685FAB4B9F17F657D1757Edfweml701chm_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTIgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 Q291cmllcjsNCglwYW5vc2UtMToyIDcgNCA5IDIgMiA1IDIgNCA0O30NCkBmb250LWZhY2UNCgl7 Zm9udC1mYW1pbHk6U2ltU3VuOw0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAxIDE7fQ0KQGZv bnQtZmFjZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAz IDUgNCA2IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5v c2UtMToyIDE1IDUgMiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OlRh aG9tYTsNCglwYW5vc2UtMToyIDExIDYgNCAzIDUgNCA0IDIgNDt9DQpAZm9udC1mYWNlDQoJe2Zv bnQtZmFtaWx5OiJcQFNpbVN1biI7DQoJcGFub3NlLTE6MiAxIDYgMCAzIDEgMSAxIDEgMTt9DQpA Zm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OkNvbnNvbGFzOw0KCXBhbm9zZS0xOjIgMTEgNiA5IDIg MiA0IDMgMiA0O30NCi8qIFN0eWxlIERlZmluaXRpb25zICovDQpwLk1zb05vcm1hbCwgbGkuTXNv Tm9ybWFsLCBkaXYuTXNvTm9ybWFsDQoJe21hcmdpbjowaW47DQoJbWFyZ2luLWJvdHRvbTouMDAw MXB0Ow0KCWZvbnQtc2l6ZToxMi4wcHQ7DQoJZm9udC1mYW1pbHk6IlRpbWVzIE5ldyBSb21hbiIs InNlcmlmIjt9DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0 eTo5OTsNCgljb2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNp dGVkLCBzcGFuLk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsN Cgljb2xvcjpwdXJwbGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpwLk1zb0FjZXRh dGUsIGxpLk1zb0FjZXRhdGUsIGRpdi5Nc29BY2V0YXRlDQoJe21zby1zdHlsZS1wcmlvcml0eTo5 OTsNCgltc28tc3R5bGUtbGluazoiQmFsbG9vbiBUZXh0IENoYXIiOw0KCW1hcmdpbjowaW47DQoJ bWFyZ2luLWJvdHRvbTouMDAwMXB0Ow0KCWZvbnQtc2l6ZTo4LjBwdDsNCglmb250LWZhbWlseToi VGFob21hIiwic2Fucy1zZXJpZiI7fQ0Kc3Bhbi5FbWFpbFN0eWxlMTcNCgl7bXNvLXN0eWxlLXR5 cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLCJzYW5zLXNlcmlmIjsN Cgljb2xvcjojMUY0OTdEO30NCnNwYW4uQmFsbG9vblRleHRDaGFyDQoJe21zby1zdHlsZS1uYW1l OiJCYWxsb29uIFRleHQgQ2hhciI7DQoJbXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCW1zby1zdHls ZS1saW5rOiJCYWxsb29uIFRleHQiOw0KCWZvbnQtZmFtaWx5OiJUYWhvbWEiLCJzYW5zLXNlcmlm Ijt9DQouTXNvQ2hwRGVmYXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTt9DQpAcGFn ZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo4LjVpbiAxMS4waW47DQoJbWFyZ2luOjEuMGluIDEuMGlu IDEuMGluIDEuMGluO30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0K LS0+PC9zdHlsZT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpl eHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+DQo8L3htbD48IVtlbmRpZl0tLT48IS0tW2lmIGd0 ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlbGF5b3V0IHY6ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6 ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPg0KPC9vOnNoYXBlbGF5b3V0PjwveG1sPjwhW2VuZGlmXS0t Pg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tVVMiIGxpbms9ImJsdWUiIHZsaW5rPSJwdXJwbGUi Pg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDss JnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5EYW5pZWwsDQo8bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYm cXVvdDs7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6 JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0Qi PlRoYW5rIHlvdSBmb3Igd2lsbGluZyB0byBhZGRyZXNzIG15IGNvbW1lbnRzLiBUbyBtYWtlIGl0 IGVhc2llciBmb3IgeW91LCBJIHB1dCB0b2dldGhlciBhIHNlY3Rpb24gdG8gZGVzY3JpYmUgdGhl IHNlY3VyaXR5IHRocmVhdHMgaW4gQ2xvc2VkIEVudmlyb25tZW50IGFuZA0KIG5lY2Vzc2FyeSBy ZXF1aXJlbWVudCBmb3IgSTJSUy4gU2VlIHRoZSBhdHRhY2hlZC4gPG86cD48L286cD48L3NwYW4+ PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7 Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2Nv bG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0Nh bGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5DbG9zZWQg ZW52aXJvbm1lbnQgZGVwbG95bWVudCBjYW4gZWFzaWx5IGdpdmUgcGVvcGxlIGEgc2Vuc2Ugb2Yg c2VjdXJlIGJlY2F1c2UgdGhlIGxpbmtzIGJldHdlZW4gSTJSUyBDbGllbnQgYW5kIEkyUlMgQWdl bnQgYXJlIGd1aWRlZCBieSBhIHBoeXNpY2FsIOKAnFdhbGzigJ0uDQogJm5ic3A7VGhlIGZhbHNl IHNlbnNlIG9mIOKAnFNlY3VyZeKAnSBpcyBhY3R1YWxseSBtb3JlIGRhbmdlcm91cyBiZWNhdXNl IGl0IGNhbiBlYXNpbHkgbWFrZSB0aGUgZGVwbG95bWVudCBtaXNzIHRoZSBjcnVjaWFsIHNlY3Vy aXR5IHByb2NlZHVyZS4NCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGli cmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNw OzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMt c2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+VGhlcmVmb3JlLCBJIHRoaW5rIGl0IGlzIGltcG9y dGFudCB0byBoYXZlIGEgZGVkaWNhdGVkIHNlY3Rpb24gb24gc2VjdXJpdHkgdGhyZWF0cyBhbmQg cmVxdWlyZW1lbnQgZm9yIHRoZSBDbG9zZWQgRW52aXJvbm1lbnQuDQo8bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBw dDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7 Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPkxpbmRh PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtz YW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwv cD4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci10b3A6c29saWQgI0I1QzRERiAxLjBw dDtwYWRkaW5nOjMuMHB0IDBpbiAwaW4gMGluIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxz cGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1RhaG9tYSZxdW90 OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij5Gcm9tOjwvc3Bhbj48L2I+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VGFob21hJnF1b3Q7LCZxdW90O3NhbnMt c2VyaWYmcXVvdDsiPiBtZ2x0LmlldGZAZ21haWwuY29tIFttYWlsdG86bWdsdC5pZXRmQGdtYWls LmNvbV0NCjxiPk9uIEJlaGFsZiBPZiA8L2I+RGFuaWVsIE1pZ2F1bHQ8YnI+DQo8Yj5TZW50Ojwv Yj4gTW9uZGF5LCBBdWd1c3QgMjQsIDIwMTUgMTI6NTUgUE08YnI+DQo8Yj5Ubzo8L2I+IExpbmRh IER1bmJhcjxicj4NCjxiPkNjOjwvYj4gSm9lbCBNLiBIYWxwZXJuOyBpMnJzQGlldGYub3JnOyBK ZWZmcmV5IEhhYXM7IEFsaWEgQXRsYXM8YnI+DQo8Yj5TdWJqZWN0OjwvYj4gUmU6IFtpMnJzXSBS ZXZpZXcgY29tbWVudHMgdG8gZHJhZnQtbWdsdC1pMnJzLXNlY3VyaXR5LWVudmlyb25tZW50LXJl cXMtMDAgKHdhcyBSRTogZHJhZnQtbWdsdC1pMnJzLXNlY3VyaXR5LXJlcXVpcmVtZW50cy0wMCAy IFdlZWsgV0cgYWRvcHRpb24gY2FsbCAoOC8xNyB0byA4LzMxKTxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8 ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1h cmdpbi1ib3R0b206MTIuMHB0Ij5IaSBMaW5kYSwgPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tYm90dG9tOjEyLjBwdCI+VGhhbmsgeW91 IGZvciB5b3VyIGNvbW1lbnRzLiBJIGFncmVlIHdlIG5lZWQgdG8gYWRkcmVzcyBtb3JlIHNwZWNp ZmljYWxseSBvciBleHBsaWNpdGx5IHRoZSAmcXVvdDttb3N0IGNvbW1vbiZxdW90OyB1c2UgY2Fz ZS4gSSBhZ3JlZSB3aXRoIHlvdXIgY29tbWVudHMgYW5kIHdlIHdpbGwgY29uc2lkZXIgdGhlbSB0 byBpbXByb3ZlIGFuZCBjbGFyaWZ5IHRoZSB0ZXh0IG9mIHRoZQ0KIG5leHQgdmVyc2lvbi4gVGhh bmsgeW91LiBUbyBtZSB0aGUgaTJycyBwbGFuZSBwcm92aWRlcyBhIGxpbWl0ZWQgbnVtYmVyIG9m IGZ1bmN0aW9ubmFsaXRpZXMgdGhhdCBtYXkgYmUgcHJvdmlkZWQgdG8gZGlmZmVyZW50IGluZGVw ZW5kYW50IHRlbmFudHMuJm5ic3A7DQo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+QlIsIDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj5EYW5pZWw8bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPk9uIE1vbiwgQXVnIDI0LCAyMDE1IGF0IDE6MzcgUE0sIExpbmRhIER1bmJhciAm bHQ7PGEgaHJlZj0ibWFpbHRvOmxpbmRhLmR1bmJhckBodWF3ZWkuY29tIiB0YXJnZXQ9Il9ibGFu ayI+bGluZGEuZHVuYmFyQGh1YXdlaS5jb208L2E+Jmd0OyB3cm90ZTo8bzpwPjwvbzpwPjwvcD4N CjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlm JnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPkpvZWwsDQo8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlm JnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVv dDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+Jm5i c3A7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90 O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5z LXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPkFncmVlIHdpdGggeW91IHRoYXQg4oCcPC9zcGFu PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkm cXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjpibGFjayI+d2UgZG9u4oCZdCBuZWVk IHRvIGJ1aWxkIGRpZmZlcmVudCBwcm90b2NvbCBzdGFja3MgZm9yDQogdGhlIGRpZmZlcmVudCBk ZXBsb3ltZW50c+KAnS4gPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQt ZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48 L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90 OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPkJ1dCB0aGUg4oCcZW52aXJv bm1lbnQtcmVx4oCdIGRyYWZ0IGlzIG5vdCBhYm91dCDigJxQcm90b2NvbOKAnSwgYnV0IGFib3V0 IHNlY3VyaXR5IGlzc3VlcyB1bmRlciBkaWZmZXJlbnQg4oCcZW52aXJvbm1lbnTigJ0uDQo8L3Nw YW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJy aSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYm cXVvdDs7Y29sb3I6IzFGNDk3RCI+Jm5ic3A7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6 MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZx dW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPkFtb25n IGFsbCBvdXIgY3VzdG9tZXJzIHdobyBhcmUgaW50ZXJlc3RlZCBpbiBJMlJTLCBtYWpvcml0eSBv ZiB0aGVtICgmZ3Q7OTAlKSB3aWxsIGRlcGxveSB0aGVtIGluIGEgY2xvc2VkIGVudmlyb25tZW50 LCBpLmUuIHBoeXNpY2FsbHkgc2VjdXJlZCZuYnNwOyBjb25uZWN0aW9uIGJldHdlZW4NCiBJMlJT IGFnZW50IGFuZCBJMlJTIGNsaWVudC4gVGhlcmVmb3JlLCBpdCBpcyBpbXBvcnRhbnQgdG8g4oCc PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OkNvdXJpZXI7 Y29sb3I6YmxhY2siPnByb3ZpZGVzIGFuIGFuYWx5c2lzIG9mIHRoZSBzZWN1cml0eSBpc3N1ZXMg b2bigJ0NCjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTom cXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+ b2YgdGhpcyBjb21tb25seSBkZXBsb3llZCBlbnZpcm9ubWVudC4NCjwvc3Bhbj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90 O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2NvbG9y OiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250 LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVv dDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5JIHN1Z2dlc3QgYWRkaW5n IHRoaXMgRmlndXJlIHRvIFNlY3Rpb24gMSBvZiB0aGUgZG9jdW1lbnQ6PC9zcGFuPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1 b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9u dC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9y OiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250 LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3 JnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPkNsb3NlZCZuYnNwOyAob3ZlciBvcGVuIENobmwgIyMjJmd0 OykmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsg T3BlbiAob3ZlciBzZWN1cmUgQ2hubCAtLS0mZ3Q7KTwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1z aXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2Vy aWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZx dW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPiYjNDM7LS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tJiM0Mzs8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4w cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7 Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtDb3Vy aWVyIE5ldyZxdW90Oztjb2xvcjojMUY0OTdEIj58Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7ICoqKioqKioqKioqKioqKioqKioqKioqJm5ic3A7Jm5ic3A7IHwmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsgKioqKioqKioqKioqKioqKioqKioqKiombmJzcDsgfDwvc3Bhbj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7 LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0 O2ZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPnwmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgKiZuYnNwOyZuYnNwOyZuYnNwOyBBcHBs aWNhdGlvbiBBJm5ic3A7Jm5ic3A7Jm5ic3A7ICombmJzcDsmbmJzcDsgfCZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyAqJm5ic3A7Jm5ic3A7Jm5ic3A7IEFwcGxpY2F0aW9uIEImbmJzcDsm bmJzcDsmbmJzcDsgKiZuYnNwOyB8PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0 O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+ PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q291cmll ciBOZXcmcXVvdDs7Y29sb3I6IzFGNDk3RCI+fCZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyAqJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7ICombmJzcDsmbmJzcDsgfCZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyAqJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7ICombmJzcDsgfDwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBw dDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsi PjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NvdXJp ZXIgTmV3JnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPnwmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsgKiZuYnNwOyAmIzQzOy0tLS0tLS0tLS0tLS0tLS0mIzQzOyAqJm5ic3A7Jm5ic3A7 IHwmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgKiZuYnNwOyAmIzQzOy0tLS0tLS0tLS0t LS0tLS0mIzQzOyAqJm5ic3A7IHw8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7 Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtDb3VyaWVy IE5ldyZxdW90Oztjb2xvcjojMUY0OTdEIj58Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7ICombmJzcDsgfCZuYnNwOyZuYnNwOyBDbGllbnQgQSZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyB8ICombmJzcDsmbmJzcDsgfCZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAqJm5i c3A7IHwmbmJzcDsmbmJzcDsgQ2xpZW50IEImbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgfCAqJm5i c3A7IHw8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1 b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xv cjojMUY0OTdEIj58Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICombmJzcDsg JiM0MzstLS0tLS0tLS0tLS0tLS0tJiM0MzsgKiZuYnNwOyZuYnNwOyB8Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7ICombmJzcDsgJiM0MzstLS0tLS0tLS0tLS0tLS0tJiM0MzsgKiZuYnNw OyB8PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90 O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDs7Y29sb3I6 IzFGNDk3RCI+fCZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAqKioqKioqIF4g KioqKioqKioqKioqKiZuYnNwOyZuYnNwOyB8Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 ICoqKioqIF4gKioqKioqIF4gKioqKioqJm5ic3A7IHw8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNl cmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTom cXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjojMUY0OTdEIj58Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7ICMmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgfCZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyB8Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHwmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgfDwvc3Bhbj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZx dW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2Zv bnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPnwmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsgIyZuYnNwOyZuYnNwOyAmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsg fCZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyB8Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHwm bmJzcDsmbmJzcDsgfC0tLS0tfDwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtm b250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIg TmV3JnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPnwmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgIyZu YnNwOyZuYnNwOyAmbmJzcDsmbmJzcDsgJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7IHwmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgfCZuYnNwOyZuYnNwOyB8PC9zcGFuPjxzcGFuIHN0eWxl PSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7 c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1m YW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDs7Y29sb3I6IzFGNDk3RCI+fCZuYnNwOyAqKioq KioqKioqKiogdiAqICogKiAqICoqKioqKioqfCZuYnNwOyZuYnNwOyAqKioqKioqKioqKioqKioq KiB2ICogdiAqKioqKioqKjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250 LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3 JnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPnwmbmJzcDsgKiZuYnNwOyAmIzQzOy0tLS0tLS0tLS0tLS0t LS0tLS0tLSYjNDM7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHwmbmJzcDsmbmJzcDsgKiZuYnNw OyAmIzQzOy0tLS0tLS0tLS0tLS0tLS0tLS0tLSYjNDM7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 ICo8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjoj MUY0OTdEIj58Jm5ic3A7ICombmJzcDsgfCZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBBZ2VudCAx Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHwmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsgfCZuYnNwOyZuYnNwOyAqJm5ic3A7IHwmbmJzcDsmbmJzcDsmbmJz cDsgQWdlbnQgMiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyB8Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICo8L3NwYW4+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5z LXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWls eTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjojMUY0OTdEIj58Jm5ic3A7ICombmJzcDsg JiM0MzstLS0tLS0tLS0tLS0tLS0tLS0tLS0mIzQzOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB8 Jm5ic3A7Jm5ic3A7ICombmJzcDsgJiM0MzstLS0tLS0tLS0tLS0tLS0tLS0tLS0mIzQzOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyAqPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0 O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+ PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q291cmll ciBOZXcmcXVvdDs7Y29sb3I6IzFGNDk3RCI+fCZuYnNwOyAqJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7IF4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgXiZuYnNwOyBe Jm5ic3A7Jm5ic3A7IF4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsg fCZuYnNwOyZuYnNwOyAqJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IF4mbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgXiZuYnNwOyBeJm5ic3A7Jm5ic3A7IF4mbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgKjwvc3Bhbj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3Nh bnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2NvbG9yOiMx RjQ5N0QiPiZuYnNwOzwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZh bWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2NvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7 LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0 O2NvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBw dDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsi PjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGli cmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5KdXN0IHRoaW5r IGFib3V0IHRoaXMgZmFjdDogdG9kYXnigJlzIHJvdXRlciBjb25maWd1cmF0aW9uIGluIHByb2R1 Y3Rpb24gZW52aXJvbm1lbnQgY2FuIG9ubHkgYmUgcGVyZm9ybWVkIGJ5IGEgZmV3IGF1dGhvcml6 ZWQgcGVvcGxlIHdpdGggRU1TL05NUyBwaHlzaWNhbGx5DQogYW5kIHNlY3VyZWx5IHNlcGFyYXRl ZC4gSWYgdGhlIG1ham9yaXR5IG9mIHRoZSBJMlJTIGVudmlyb25tZW50IHJlcXVpcmVtZW50IGlz IGFib3V0IG9wZW4gY29ubmVjdGlvbiwgSTJSUyBXRyB3aWxsIHNwZW5kIGEgbG90IGVuZXJneSBk ZXZlbG9waW5nIHRoZSB2ZXJ5IHNvcGhpc3RpY2F0ZWQgcHJvdG9jb2xzIHdoaWNoIGlzIGV4cGVu c2l2ZSB0byBkZXZlbG9wIGFuZCBoYXJkZXIgdG8gZGVwbG95Lg0KPC9zcGFuPjxzcGFuIHN0eWxl PSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7 c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Y29sb3I6 IzFGNDk3RCI+Jm5ic3A7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQt ZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48 L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90 OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPkkgYW0gbm90IGFnYWluc3Qg dGhpcyBkZXZlbG9wbWVudCwgYnV0IElNSE8sIHRvIGdhaW4gd2lkZXIgYW5kIHF1aWNrZXIgSTJS UyBkZXBsb3ltZW50IGluIHByb2R1Y3Rpb24gZW52aXJvbm1lbnQsIGl0IGlzIG5lY2Vzc2FyeSB0 byBoYXZlIGEgdmVyeQ0KPC9zcGFuPjxiPjx1PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0 O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztj b2xvcjpyZWQiPmxlYW48L3NwYW4+PC91PjwvYj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBw dDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7 Y29sb3I6IzFGNDk3RCI+IEkyUlMgc29sdXRpb24gZmlyc3QsIGFuZCB0byBoYXZlIGEgd2VsbCBk b2N1bWVudGVkIHNlY3VyaXR5IHJlcXVpcmVtZW50DQogZm9yIHRoZSBjb21tb24gZGVwbG95bWVu dCBlbnZpcm9ubWVudC4gRS5nLiBhIHNpbmdsZSBDb250cm9sbGVyIChvciB0aGUgSTJSUyBjbGll bnQpIGRpcmVjdGx5IGNvbm5lY3RlZCB0byB0aGVpciBkZXZpY2VzIHZpYSB0aGVpciBpbnRlcm5h bCBuZXR3b3JrLCB3aGVyZSB0aGUgY29ubmVjdGlvbiBpcyBwaHlzaWNhbGx5IGlzb2xhdGVkIGZy b20gb3RoZXIgbmV0d29yayBhbmQgcHJvdGVjdGVkIGJ5IHNlcGFyYXRlIG1lY2hhbmlzbXMuIEFs c28gcmVtZW1iZXIsDQogbWFueSBvcGVyYXRvcnMgd2lsbCB1c2UgSTJSUyB0byBjb250cm9sIGEg c21hbGwgbnVtYmVyIG9mIHNlbGVjdGl2ZSByb3V0ZXJzIChtb3N0bHkgcm91dGVycyBhdCBpbmdy ZXNzL2VncmVzcyBib3VuZGFyeSkgZm9yIHZhbHVlIGFkZGVkIHNlcnZpY2VzLg0KPC9zcGFuPjxz cGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVv dDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4w cHQ7Y29sb3I6IzFGNDk3RCI+Jm5ic3A7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEu MHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90 OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Y29sb3I6IzFGNDk3RCI+Jm5ic3A7 PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0Nh bGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQ7Y29sb3I6IzFGNDk3RCI+Jm5ic3A7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1z ZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6 JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0Qi PlNvbWUgb2YgbXkgZGV0YWlsZWQgcXVlc3Rpb25zIGFuZCBjb21tZW50cyB0byB0aGUg4oCcc2Vj dXJpdHktcmVxdWlyZW1lbnRz4oCdIGFyZSBzdGlsbCBhcHBsaWNhYmxlIHRvIHRoZSDigJxlbnZp cm9ubWVudC1yZXHigJ0gZG9jdW1lbnQgYmVjYXVzZSB0aGV5IGhhdmUgdGhlIHNhbWUNCiB0ZXh0 LiBQbHVzIGEgZmV3IG1vcmUgZm9yIHRoZSDigJxlbnZpcm9ubWVudC1yZXHigJ0gZG9jdW1lbnQu IEhvcGUgdGhlIGF1dGhvcnMgY2FuIGFkZHJlc3MgdGhlbS4NCjwvc3Bhbj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3Nh bnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2NvbG9yOiMx RjQ5N0QiPiZuYnNwOzwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZh bWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2NvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7 LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0 O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztj b2xvcjojMUY0OTdEIj5TZWN0aW9uIDM6DQo8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox MS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1 b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtjb2xvcjojMUY0OTdEIj4mbmJz cDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMt c2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+V2hhdCBhcmUgdGhlIGtleSBkaWZmZXJlbmNlcyB3 aXRoIHJlZ2FyZCB0byB0aGUgc2VjdXJpdHkgcmVxdWlyZW1lbnRzIGZvciAmbmJzcDtJMlJTIHBs YW5lIGFuZCBmb3IgbWFuYWdlbWVudCBwbGFuZT8mbmJzcDsgU2VjdGlvbiAzLjEgZGVzY3JpYmVz IHRoZSBpbnRlcmFjdGlvbiBiZXR3ZWVuDQogSTJSUyBwbGFuZSBhbmQgbWFuYWdlbWVudCBwbGFu ZS4gQnV0IEkgc2VlIHRoZSBzZWN1cml0eSByZXF1aXJlbWVudCBmb3IgdGhlIG1hbmFnZW1lbnQg cGxhbmUgYXJlIGFsbCBhcHBsaWNhYmxlIHRvIHRoZSBzZWN1cml0eSByZXF1aXJlbWVudCB0byBJ MlJTIHBsYW5lIC4gSWYgeW91IHRoaW5rIHRoYXQgdGhleSBhcmUgdmVyeSBkaWZmZXJlbnQsIGNh biB5b3UgZWxhYm9yYXRlIG1vcmU/DQo8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4w cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7 Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtjb2xvcjojMUY0OTdEIj4mbmJzcDs8 L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2Fs aWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1z aXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2Vy aWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+U2VjdGlvbiAzLjQgaGFzIHRpdGxlIOKAnFJlY29tbWVu ZGF0aW9uc+KAnSwgYnV0IHRoZSBjb250ZW50IGFyZSBhbGwgcmVxdWlyZW1lbnRzLiBXaHkgbm90 IG5hbWUgdGhlIHNlY3Rpb24g4oCcUmVxdWlyZW1lbnTigJ0/DQo8L3NwYW4+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtz YW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZh bWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFG NDk3RCI+Jm5ic3A7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFt aWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286 cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90Oywm cXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPlJFUSAyOiBEb2VzIGl0IHRoYXQg YSBkaWZmZXJlbnQgSVAgYWRkcmVzcyB0aGFuIHRoZSBvbmUgdXNlZCBieSB0aGUgbWFuYWdlbWVu dCBzeXN0ZW0/PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5 OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48 L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVv dDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90 O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQt ZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjoj MUY0OTdEIj5SRVEgMjE6IGlzIG1vcmUgYWJvdXQgSTJSUyByZXF1aXJlbWVudCwgbGVzcyBhYm91 dCDigJxTZWN1cml0eeKAnSByZXF1aXJlbWVudC4NCjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1z aXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2Vy aWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZx dW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj4m bmJzcDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1 b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3Nh bnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+UkVRIDI0OiBpc27igJl0IGl0IHRoZSBnZW5l cmFsIGdvYWwgb2YgSTJSUz8gTm90IHJlYWxseSBzZWN1cml0eSBwZXIgc2UuIChzaG91bGQgYmUg aW5jbHVkZWQgaW4gdGhlIGdlbmVyYWwgSTJSUyByZXF1aXJlbWVudCBvciBhcmNoaXRlY3R1cmUp Lg0KPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90 O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5z LXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMt c2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2NvbG9yOiMxRjQ5 N0QiPiZuYnNwOzwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWls eTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+ PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1 b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5SRVEgMjY6IHNpbXBseSBjb250cm9s bGluZyB0aGUgcmVzb3VyY2UgY2FuIGhhcmRseSBwcmV2ZW50IERvUy4gTWFsaWNpb3VzIGNsaWVu dCBjYW4gb2NjdXB5IHRoZSByZXNvdXJjZSB3aGlsZSB0aGUgdmFsaWQgb25lIGNhbid0IGFjY2Vz cy48L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMt c2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+Jm5ic3A7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1z ZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6 JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0Qi PlRoYW5rcyBmb3IgeW91ciBjb25zaWRlcmF0aW9uLA0KPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1z ZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6 JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0Qi PkxpbmRhPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZx dW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3Nw YW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMC41cHQiPiZuYnNwOzwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEx LjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVv dDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0Ij4mbmJzcDs8L3NwYW4+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90Oywm cXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxk aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtm b250LWZhbWlseTpDb25zb2xhcyI+LS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS08YnI+DQpGcm9t OiBpMnJzIFs8YSBocmVmPSJtYWlsdG86aTJycy1ib3VuY2VzQGlldGYub3JnIiB0YXJnZXQ9Il9i bGFuayI+bWFpbHRvOmkycnMtYm91bmNlc0BpZXRmLm9yZzwvYT5dIE9uIEJlaGFsZiBPZiBKb2Vs IE0uIEhhbHBlcm48YnI+DQpTZW50OiBGcmlkYXksIEF1Z3VzdCAyMSwgMjAxNSAxMjoyMCBQTTxi cj4NClRvOiBMaW5kYSBEdW5iYXI7IDxhIGhyZWY9Im1haWx0bzppMnJzQGlldGYub3JnIiB0YXJn ZXQ9Il9ibGFuayI+aTJyc0BpZXRmLm9yZzwvYT48YnI+DQpDYzogJ0plZmZyZXkgSGFhcyc7IDxh IGhyZWY9Im1haWx0bzpkYW5pZWwubWlnYXVsdEBlcmljc3Nvbi5jb20iIHRhcmdldD0iX2JsYW5r Ij4NCmRhbmllbC5taWdhdWx0QGVyaWNzc29uLmNvbTwvYT47ICdBbGlhIEF0bGFzJzxicj4NClN1 YmplY3Q6IFJlOiBbaTJyc10gZHJhZnQtbWdsdC1pMnJzLXNlY3VyaXR5LXJlcXVpcmVtZW50cy0w MCAyIFdlZWsgV0cgYWRvcHRpb24gY2FsbCAoOC8xNyB0byA4LzMxKTwvc3Bhbj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90 O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0Ij4mbmJz cDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+WWVzLCBvbmUgb2YgdGhlIHR3byBs YXN0IGNhbGxzIGlzIGZvciB0aGUgZW52aXJvbm1lbnQgZG9jdW1lbnQuPC9zcGFuPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1 b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9u dC1mYW1pbHk6Q29uc29sYXMiPiZuYnNwOzwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEx LjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVv dDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFz Ij5IYXZpbmcgYSBkZWRpY2F0ZWQgcGh5c2ljYWwgY2hhbm5lbCBpcyBvbmUgb2YgdGhlIHdheXMg aWRlbnRpZmllZCBpbiB0aGUgZHJhZnQgdG8gcHJvdmlkZSB0aGUgcmVxdWlyZWQgaXNvbGF0aW9u Ljwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtD YWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mbmJzcDs8L3NwYW4+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVv dDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250 LWZhbWlseTpDb25zb2xhcyI+V2hpbGUgc3VjaCBhbiBlbnZpcm9ubWVudCBpcyBjbGVhcmx5IHN1 cHBvcnRhYmxlLCBJIGRvIG5vdCB0aGluayB3ZSBzaG91bGQgcmVkdWNlIHRoZSBpbnRlcm5hbCBw cm90b2NvbCByZXF1aXJlbWVudHMgKHN1Y2ggYXMgTVRJIHNlY3VyaXR5IGZvciB0aGUgY29udHJv bCBjaGFubmVsKSBqdXN0IGJlY2F1c2UgdGhlcmUgYXJlDQogY2lyY3Vtc3RhbmNlcyB3aGVyZSBz dWNoIGl0IHdvbid0IGJlIG5lZWRlZC4mbmJzcDsgSSBkb24ndCBleHBlY3QgdGhhdCB3ZSB3aWxs IGJ1aWxkIGRpZmZlcmVudCBwcm90b2NvbCBzdGFja3MgZm9yIHRoZSBkaWZmZXJlbnQgZGVwbG95 bWVudHMuPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZx dW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3Nw YW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZuYnNwOzwvc3Bhbj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7 LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0 O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj5UaGUgcHVycG9zZSBvZiB0aGlzIGRyYWZ0IGlzIHRvIGRl c2NyaWJlIHRoZSBlbnZpcm9ubWVudGFsIGFzc3VtcHRpb25zLCB3aGljaCBhc3N1bXB0aW9ucyBj YW4gYmUgbWV0IGluIHZhcmlvdXMgd2F5cy48L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox MS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1 b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xh cyI+Jm5ic3A7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5 OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48 L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPllvdXJzLDwvc3Bhbj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1 b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2 Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAu NXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj5Kb2VsPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJp ZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29u c29sYXMiPiZuYnNwOzwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZh bWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj5PbiA4LzIxLzE1 IDEyOjU2IFBNLCBMaW5kYSBEdW5iYXIgd3JvdGU6PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJp ZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29u c29sYXMiPiZndDsgSm9lbCw8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9u dC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0Ozwv c3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxp YnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFu PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJm b250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7IElmIGl0IGlzIHRoZSAm cXVvdDtlbnZpcm9ubWVudGFsIG9uZSZxdW90OywgaXQgaXMgbW9yZSBpbXBvcnRhbnQgdG8gZGlm ZmVyZW50aWF0ZSB0aGUgcmVxdWlyZW1lbnRzIGZvciBkaWZmZXJlbnQgZW52aXJvbm1lbnRzIG9u IGhvdyB0aGUgSTJSUyBjbGllbnQgJmFtcDsgQWdlbnQgYXJlIGNvbm5lY3RlZC48L3NwYW4+PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90 OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4N CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVw dDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0Ozwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYm cXVvdDsiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5 OkNvbnNvbGFzIj4mZ3Q7IE9uZSBvZiBvdXIgY3VzdG9tZXJzIHN0YXRlZCB0aGF0IHRoZWlyIGVu dmlyb25tZW50IGhhcyBhIHNpbmdsZSBDb250cm9sbGVyIChvciB0aGUgSTJSUyBjbGllbnQpIGRp cmVjdGx5IGNvbm5lY3RlZCB0byB0aGVpciBkZXZpY2VzIHZpYSB0aGVpciBpbnRlcm5hbCBuZXR3 b3JrLCB3aGVyZSB0aGUgY29ubmVjdGlvbiBpcw0KIHBoeXNpY2FsbHkgaXNvbGF0ZWQgZnJvbSBv dGhlciBuZXR3b3JrIGFuZCBwcm90ZWN0ZWQgYnkgc2VwYXJhdGUgbWVjaGFuaXNtcywgdGhleSBk b24ndCBuZWVkIGFsbCB0aG9zZSBzb3BoaXN0aWNhdGVkIGF1dGhlbnRpY2F0aW9uIHByb2NlZHVy ZS48L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0Ozwvc3Bhbj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90 O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0 O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7IFdlIG5lZWQgdG8gYWRkcmVzcyB0aGlzIGVudmly b25tZW50LCBpLmUuIGhhdmluZyBhIHNpbXBsZXIgc2VjdXJpdHkgcmVxdWlyZW1lbnQgZm9yIHRo aXMgZW52aXJvbm1lbnQgdGhhbiB0aGUgZW52aXJvbm1lbnQgd2hlcmUgSTJSUyBDbGllbnQgaXMg Y29ubmVjdGVkIHZpYSBwdWJsaWMgbmV0d29yay48L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlm JnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25z b2xhcyI+Jmd0Ozwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWls eTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+Jm5ic3A7 PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7IExp bmRhPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90 O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDs8L3NwYW4+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVv dDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4N CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVw dDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0Ozwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYm cXVvdDsiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5 OkNvbnNvbGFzIj4mZ3Q7IC0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tPC9zcGFuPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1 b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9u dC1mYW1pbHk6Q29uc29sYXMiPiZndDsgRnJvbTogSm9lbCBIYWxwZXJuIERpcmVjdCBbPGEgaHJl Zj0ibWFpbHRvOmptaC5kaXJlY3RAam9lbGhhbHBlcm4uY29tIiB0YXJnZXQ9Il9ibGFuayI+bWFp bHRvOmptaC5kaXJlY3RAam9lbGhhbHBlcm4uY29tPC9hPl08L3NwYW4+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5z LXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWls eTpDb25zb2xhcyI+Jmd0OyBTZW50OiBGcmlkYXksIEF1Z3VzdCAyMSwgMjAxNSAxMDo1MyBBTTwv c3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxp YnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7IFRvOiBMaW5kYSBEdW5iYXI7DQo8 YSBocmVmPSJtYWlsdG86aTJyc0BpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPmkycnNAaWV0Zi5v cmc8L2E+PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZx dW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3Nw YW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsgQ2M6ICdKZWZmcmV5 IEhhYXMnOw0KPGEgaHJlZj0ibWFpbHRvOmRhbmllbC5taWdhdWx0QGVyaWNzc29uLmNvbSIgdGFy Z2V0PSJfYmxhbmsiPmRhbmllbC5taWdhdWx0QGVyaWNzc29uLmNvbTwvYT47ICdKb2VsIEhhbHBl cm4nOyAnQWxpYSBBdGxhcyc8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9u dC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyBT dWJqZWN0OiBSZTogW2kycnNdIGRyYWZ0LW1nbHQtaTJycy1zZWN1cml0eS1yZXF1aXJlbWVudHMt MDAgMiBXZWVrIFdHDQo8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1m YW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwv bzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyBhZG9w dGlvbiBjYWxsICg4LzE3IHRvIDgvMzEpPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEu MHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90 OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMi PiZndDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1 b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPiZuYnNwOzwvbzpw Pjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyBGaXJzdCwg dGhlcmUgbWF5IGJlIHNvbWUgY29uZnVzaW9uIGJlY2F1c2UgdGhlIGFubm91bmNlbWVudC4mbmJz cDsgSSBwcmVzdW1lIHRoYXQgeW91IGFyZSB0YWxraW5nIGFib3V0IHRoZSAtZW52aXJvbm1lbnRz IGRvY3VtZW50cy48L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1p bHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0Ozwvc3Bhbj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1 b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4N CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7IElmIHRoZSBXRyBjb25jbHVkZXMg dGhhdCBhIGRpZmZlcmVudCBjaGFwdGVyIHN0cnVjdHVyZSBpcyB1c2VmdWwsIHdlIGNhbiBvZiBj b3Vyc2UgY2hhbmdlIGl0LiZuYnNwOyBHaXZlbiB0aGF0IHRoZSBnb2FsIGlzIGVudmlyb25tZW50 IGRlc2NyaXB0aW9uLCBJIGFtIG5vdCBzdXJlIHlvdXIgcHJvcG9zZWQgc3RydWN0dXJlIGlzDQog c2lnbmlmaWNhbnRseSBiZXR0ZXIgdGhhbiB0aGUgZXhpc3Rpbmcgb25lLjwvc3Bhbj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZx dW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2Zv bnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEu MHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90 OyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29u c29sYXMiPiZndDsgSSBiZWxpZXZlIHlvdXIgY29tbWVudCBhYm91dCB0aGUgdGV4dCZuYnNwOyBy ZWFkaW5nICZxdW90O3doZXJlIHNlY3VyaXR5IGZ1bmN0aW9ucyBtYXkgYmUgaG9zdGVkJnF1b3Q7 IGlzIHdlbGwgdGFrZW4sIGFuZCB3ZSBzaG91bGQgcmVtb3ZlIHRoYXQgdGV4dCB3aGVuIHdlIG5l eHQgcmV2aXNlIHRoZSBkb2N1bWVudC48L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4w cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7 Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+ Jmd0Ozwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVv dDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+Jm5ic3A7PC9vOnA+ PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7IFRoZSBpc29s YXRpb24gdGV4dCBpcyBhYm91dCB0aGUgbmVlZCB0byBrZWVwIHRoaW5ncyBzZXBhcmF0ZSwgYW5k IHRoZSB2YXJpb3VzIHBvc3NpYmxlIG1lYW5zIGFyZSBkZWdyZWVzIC8gYXBwcm9hY2hlcyB0byBz ZXBhcmF0aW9uLjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWls eTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+ PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7IElzb2xhdGlv biBpcyBub3QgYWJvdXQgdHJlYXRpbmcgdGhpbmdzIGRpZmZlcmVudGx5LCBub3IgaXMgaXQgZXhw bGljaXRseSBhYm91dCB1c2luZyBkaWZmZXJlbnQgcHJvdG9jb2xzLiZuYnNwOyBTbyB0aGUgcG9p bnQgb2YgaXNvbGF0aW9uIGlzIG5vdCB0aGF0IHRoZXJlIGFyZSBkaWZmZXJlbnQgc2VjdXJpdHkg cmVxdWlyZW1lbnRzLA0KIGJ1dCB0aGF0IGluIG9yZGVyIHRvIGF2b2lkIGNvcnNzLWVmZmVjdHMs IHRoaW5ncyBzaG91bGQgYmUga2VwdCBzZXBhcmF0ZS48L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNl cmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpD b25zb2xhcyI+Jmd0Ozwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZh bWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+Jm5i c3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7 IFlvdXJzLDwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTom cXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9z cGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxl PSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7IEpvZWw8L3NwYW4+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZx dW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEw LjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0Ozwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1z aXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2Vy aWYmcXVvdDsiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFt aWx5OkNvbnNvbGFzIj4mZ3Q7IE9uIDgvMjAvMTUgNjo0MiBQTSwgTGluZGEgRHVuYmFyIHdyb3Rl Ojwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtD YWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0OyBJIHN1cHBvcnQgdGhl IFdHIGFkb3B0aW9uIGJlY2F1c2UgSSB0aGluayB0aGUgSTJSUyBXRyBuZWVkcyBpdC48L3NwYW4+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZx dW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEw LjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDsgSG93ZXZlciwgSSBob3BlIHRoZSBh dXRob3JzIGNhbiBjb25zaWRlci9hZGRyZXNzIHRoZSBmb2xsb3dpbmcgc3VnZ2VzdGlvbnMvY29t bWVudHM6PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZx dW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3Nw YW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7PC9zcGFuPjxz cGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVv dDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7IFdoZW4geW91IHRoaW5rIGFi b3V0IHRoZSBJMlJTIHNlY3VyaXR5LCZuYnNwOyB0aGVyZSBhcmUgZm9sbG93aW5nDQo8L3NwYW4+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZx dW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEw LjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDsgZGlmZmVyZW50PC9zcGFuPjxzcGFu IHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDss JnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7 Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7IGFzcGVjdHM6PC9zcGFuPjxzcGFuIHN0eWxl PSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7 c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1m YW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEu MHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90 OyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29u c29sYXMiPiZndDsmZ3Q7IC1Db21tdW5pY2F0aW9uIGNoYW5uZWwgYmV0d2VlbiBJMlJTIGNsaWVu dCBhbmQgQWdlbnQgKGFuZCB0aGUgY2hhbm5lbA0KPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJp ZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29u c29sYXMiPiZndDsmZ3Q7IGJldHdlZW4gSTJSUyBjbGllbnQgYW5kIGFwcGxpY2F0aW9ucyk6PC9z cGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGli cmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7PC9zcGFuPjxzcGFuIHN0eWxl PSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7 c2Fucy1zZXJpZiZxdW90OyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7 Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7IFRoZSBjaGFubmVsIGNhbiBiZTwvc3Bhbj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1 b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2 Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAu NXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0Ozwvc3Bhbj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMt c2VyaWYmcXVvdDsiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQt ZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0OyBvVmlhIHBoeXNpY2FsIFByaXZhdGUgbmV0d29yayAo ZS5nLiB3aXRoaW4gYSBzZWN1cmVkIGRpcmVjdCBjb25uZWN0DQo8L3NwYW4+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtz YW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZh bWlseTpDb25zb2xhcyI+Jmd0OyZndDsgd2l0aGluIG9uZSBzaXRlKSw8L3NwYW4+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVv dDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250 LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox MS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1 b3Q7Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpD b25zb2xhcyI+Jmd0OyZndDsgb3dpdGhpbiBvbmUgYWRtaW5pc3RyYXRpdmUgZG9tYWluLCZuYnNw OyB2aWEgdmlydHVhbCBwcml2YXRlIG5ldHdvcms8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlm JnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25z b2xhcyI+Jmd0OyZndDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1m YW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPiZu YnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0 OyZndDsgb1NlY3VyZWQgY29ubmVjdGlvbiwgc3VjaCBhcyBUTFMgb3IgSVBTZWM8L3NwYW4+PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90 OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4N CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVw dDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNl cmlmJnF1b3Q7Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZh bWlseTpDb25zb2xhcyI+Jmd0OyZndDsgb1B1YmxpYyBpbnRlcm5ldDwvc3Bhbj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90 O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQt ZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0Ozwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEx LjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVv dDsiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNv bnNvbGFzIj4mZ3Q7Jmd0OyBvLi48L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7 Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0 OyZndDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1 b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPiZuYnNwOzwvbzpw Pjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDsgLUF1 dGhlbnRpY2F0aW9uICZhbXA7IEF1dGhvcml6YXRpb248L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNl cmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpD b25zb2xhcyI+Jmd0OyZndDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9u dC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpw PiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+ Jmd0OyZndDsgb3RoZSBhdXRoZW50aWNhdGlvbiAmYW1wOyBhdXRob3JpemF0aW9uIHJlcXVpcmVt ZW50IGZvciBkaWZmZXJlbnQNCjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtm b250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7 Jmd0OyBjb21tdW5pY2F0aW9uIGNoYW5uZWxzIGNhbiBiZSBkaWZmZXJlbnQuIFRoZXJlZm9yZSwg c2hvdWxkIGhhdmUNCjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZh bWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0OyBz ZXBhcmF0ZSBzZWN0aW9ucyB0byBhZGRyZXNzIHNwZWNpZmljIHJlcXVpcmVtZW50Jm5ic3A7IGZv ciBlYWNoDQo8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6 JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDsgY29tbXVu aWNhdGlvbiBjaGFubmVscyBiZXR3ZWVuIEkyUlMgYWdlbnQgJmx0Oy0mZ3Q7IGNsaWVudHMgKGFu ZCBjbGllbnQgJmx0Oy0mZ3Q7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2Zv bnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86 cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsm Z3Q7IGFwcGxpY2F0aW9ucyk8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9u dC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZn dDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPiZuYnNwOzwvbzpwPjwv c3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDsgVGhlIGN1 cnJlbnQgU2VjdGlvbiA0IG9mIHRoZSBkcmFmdCBhbHJlYWR5IGhhcyB2ZXJ5IGdvb2QgZGVzY3Jp cHRpb24NCjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTom cXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9z cGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxl PSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0OyBvbiB0aGUg c3ViamVjdC4gSSB0aGluayA0LjQuMSBhbmQgNC40MiBjYW4gYmUgc2VwYXJhdGVkIG91dCBvZiB0 aGUgc2VjdGlvbi48L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1p bHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDs8L3Nw YW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJy aSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDsgLUVuY3J5cHRpb24g Zm9yIHRoZSBhY3R1YWwgY29udGVudCBiZXR3ZWVuIENsaWVudCBhbmQgQWdlbnQ8L3NwYW4+PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90 OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4N CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVw dDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNl cmlmJnF1b3Q7Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZh bWlseTpDb25zb2xhcyI+Jmd0OyZndDsgLURvUyBEZXNpZ24gcmVxdWlyZW1lbnQgKGN1cnJlbnRs eSBpbiBTZWN0aW9uIDUuMi4xKTwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtm b250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7 Jmd0Ozwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVv dDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+Jm5ic3A7PC9vOnA+ PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0OyAtTWFu YWdlbWVudCBvZiBjb25mbGljdCB3aXRoIG90aGVyIHBsYW5lIChlLmcuIHRoZSBtYW5hZ2VtZW50 IHBsYW5lLA0KPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5 OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48 L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7IG11bHRp LWhlYWRlZCBjb250cm9sLCB3aGljaCBoYXMgYmVlbiBkaXNjdXNzZWQgZXh0ZW5zaXZlbHkgaW4N Cjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtD YWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0OyBlcGhlbWVyYWw8L3Nw YW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJy aSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDsgZHJhZnQpPC9zcGFuPjxzcGFu IHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDss JnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7 Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJp ZiZxdW90OyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1p bHk6Q29uc29sYXMiPiZndDsmZ3Q7IEkgdGhpbmsgdGhlIGRyYWZ0IHNob3VsZCBiZSBvcmdhbml6 ZWQgZnJvbSB0aGUgYXNwZWN0cyBvZiB0aGUNCjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYm cXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNv bGFzIj4mZ3Q7Jmd0OyBzZWN1cml0eSB0byBJMlJTIGFzIHN1Z2dlc3RlZCBhYm92ZS48L3NwYW4+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZx dW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEw LjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5z LXNlcmlmJnF1b3Q7Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250 LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDsgSGVyZSBhcmUgc29tZSBkZXRhaWxlZCBxdWVzdGlv bnMgYW5kIGNvbW1lbnRzIHRvIHRoZSByZXF1aXJlbWVudHMNCjwvc3Bhbj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3Nh bnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFt aWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0OyBsaXN0ZWQgaW4gdGhlIGRvY3VtZW50Ojwvc3Bhbj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7 LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0 O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0Ozwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1z aXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2Vy aWYmcXVvdDsiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFt aWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0OyBTZWN0aW9uIDE6PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1z ZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6 Q29uc29sYXMiPiZndDsmZ3Q7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2Zv bnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86 cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMi PiZndDsmZ3Q7IFRoZSBzZWNvbmQgcGFyYWdyYXBoIHN0YXRlZCB0aGUgc2VjdXJpdHkgcmVjb21t ZW5kYXRpb25zIG11c3QNCjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250 LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0 OyAmcXVvdDtzcGVjaWZ5aW5nIHdoZXJlIHNlY3VyaXR5IGZ1bmN0aW9ucyBtYXkgYmUgaG9zdGVk JnF1b3Q7LiBGaXJzdCBvZiBhbGwgSTwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBw dDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsi PjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4m Z3Q7Jmd0OyBkb24ndCBzZWUgdGhlIGRyYWZ0IGFkZHJlc3MgdGhpcyBhc3BlY3QuIFNlY29uZCwg SSB0aGluayZuYnNwOyZuYnNwOyAmcXVvdDt3aGVyZTwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1z aXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2Vy aWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNv bnNvbGFzIj4mZ3Q7Jmd0OyBzZWN1cml0eSBmdW5jdGlvbnMgYXJlIGhvc3RlZCZxdW90OyBpcyBv cnRob2dvbmFsIHRvICZxdW90O0kyUlMgc2VjdXJpdHkmcXVvdDsgLjwvc3Bhbj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90 O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQt ZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0Ozwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEx LjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVv dDsiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNv bnNvbGFzIj4mZ3Q7Jmd0OyBTZWN0aW9uIDM6PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6 MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZx dW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29s YXMiPiZndDsmZ3Q7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFt aWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD4mbmJz cDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsm Z3Q7IHdoYXQgZG9lcyBpc29sYXRpbmcgdHdvIHBsYW5lcyBtZWFuPyBkb2VzIGl0IG1lYW4gdGhl eSBoYXZlIGRpZmZlcmVudA0KPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2Zv bnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86 cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsm Z3Q7IHNlY3VyaXR5IHJlcXVpcmVtZW50L2lzc3Vlcz8gT3IgZG9lcyBpdCBtZWFuIHRoZXkgbmVl ZCBkaWZmZXJlbnQgcHJvdG9jb2xzPzwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBw dDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsi PjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4m Z3Q7Jmd0Ozwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTom cXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+Jm5ic3A7PC9v OnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0OyBX aGF0IGFyZSB0aGUga2V5IGRpZmZlcmVuY2VzIHdpdGggcmVnYXJkIHRvIHRoZSBzZWN1cml0eSBy ZXF1aXJlbWVudHMNCjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZh bWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0OyBm b3ImbmJzcDsgSTJSUyBwbGFuZSBhbmQgZm9yIG1hbmFnZW1lbnQgcGxhbmU/Jm5ic3A7IFNlY3Rp b24gMy4xIGRlc2NyaWJlcyB0aGUNCjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBw dDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsi PjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4m Z3Q7Jmd0OyBpbnRlcmFjdGlvbiBiZXR3ZWVuIEkyUlMgcGxhbmUgYW5kIG1hbmFnZW1lbnQgcGxh bmUuIEJ1dCBJIHNlZSB0aGUNCjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtm b250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7 Jmd0OyBzZWN1cml0eSByZXF1aXJlbWVudCBmb3IgdGhlIG1hbmFnZW1lbnQgcGxhbmUgaXMgc2lt aWxhciB0byBJMlJTIHBsYW5lIC48L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7 Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0 OyZndDsgSWYgeW91IHRoaW5rIHRoYXQgdGhleSBhcmUgdmVyeSBkaWZmZXJlbnQsIGNhbiB5b3Ug ZWxhYm9yYXRlIG1vcmU/PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQt ZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48 L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7 PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0Nh bGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD4mbmJzcDs8L286cD48L3Nw YW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7IFNlY3Rpb24g My40IGhhcyB0aXRsZSAmcXVvdDtSZWNvbW1lbmRhdGlvbnMmcXVvdDssIGJ1dCB0aGUgY29udGVu dCBhcmUgYWxsDQo8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1p bHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDsgcmVx dWlyZW1lbnRzLiBXaHkgbm90IG5hbWUgdGhlIHNlY3Rpb24gJnF1b3Q7UmVxdWlyZW1lbnQmcXVv dDs/PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90 O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7PC9zcGFuPjxzcGFu IHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDss JnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9k aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox MC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7IFJFUSAyOiBEb2VzIGl0IHRoYXQg YSBkaWZmZXJlbnQgSVAgYWRkcmVzcyB0aGFuIHRoZSBvbmUgdXNlZCBieSB0aGUNCjwvc3Bhbj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1 b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2 Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAu NXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0OyBtYW5hZ2VtZW50IHN5c3RlbT88L3Nw YW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJy aSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDs8L3NwYW4+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtz YW5zLXNlcmlmJnF1b3Q7Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxk aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtm b250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDsgSG93IGlzIFJFUSAyMiBkaWZmZXJlbnQgZnJv bSBSRVEgMjE/PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5 OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48 L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7PC9zcGFu PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkm cXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7IFJFUSAyNyBpcyBoYXJk IHRvIGVuZm9yY2UuIEhvdyBhYm91dCBzYXkgc29tZXRoaW5nIGxpa2UgJnF1b3Q7c2hvdWxkbid0 DQo8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDsgc2VuZCBhbnkgaW5m b3JtYXRpb24gYmV5b25kIHdoYXQgaGF2ZSBiZWVuIGRlZmluZWQgYnkgdGhlIEkyUlMgZGF0YSBt b2RlbCZxdW90Oz88L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1p bHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDs8L3Nw YW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJy aSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDsgUkVRIDMwOiBzaW1w bHkgY29udHJvbGxpbmcgdGhlIHJlc291cmNlIGNhbiBoYXJkbHkgcHJldmVudCBEb1MuPC9zcGFu PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkm cXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9k aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox MC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7IE1hbGljaW91cyBjbGllbnQgY2Fu IG9jY3VweSB0aGUgcmVzb3VyY2Ugd2hpbGUgdGhlIHZhbGlkIG9uZSBjYW4ndCBhY2Nlc3MuPC9z cGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGli cmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7PC9zcGFuPjxzcGFuIHN0eWxl PSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7 c2Fucy1zZXJpZiZxdW90OyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7 Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7IFRoYW5rcyBmb3IgY29uc2lkZXJhdGlvbiw8 L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2Fs aWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1z aXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDs8L3NwYW4+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVv dDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4N CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVw dDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDsgTGluZGE8L3NwYW4+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtz YW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZh bWlseTpDb25zb2xhcyI+Jmd0OyZndDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4w cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7 Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25z b2xhcyI+Jmd0OyZndDsgKkZyb206KmkycnMgWzxhIGhyZWY9Im1haWx0bzppMnJzLWJvdW5jZXNA aWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5tYWlsdG86aTJycy1ib3VuY2VzQGlldGYub3JnPC9h Pl0gKk9uIEJlaGFsZiBPZiAqU3VzYW4gSGFyZXM8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlm JnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25z b2xhcyI+Jmd0OyZndDsgKlNlbnQ6KiBNb25kYXksIEF1Z3VzdCAxNywgMjAxNSAxMjo1MCBQTTwv c3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxp YnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0OyAqVG86Kg0KPGEgaHJlZj0i bWFpbHRvOmkycnNAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5pMnJzQGlldGYub3JnPC9hPjwv c3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxp YnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0OyAqQ2M6KiAnSmVmZnJleSBI YWFzJzsNCjxhIGhyZWY9Im1haWx0bzpkYW5pZWwubWlnYXVsdEBlcmljc3Nvbi5jb20iIHRhcmdl dD0iX2JsYW5rIj5kYW5pZWwubWlnYXVsdEBlcmljc3Nvbi5jb208L2E+OyAnSm9lbCBIYWxwZXJu JzsNCjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVv dDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFu PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJm b250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0OyA8YSBocmVmPSJt YWlsdG86c2hhcmVzQG5kemguY29tIiB0YXJnZXQ9Il9ibGFuayI+DQpzaGFyZXNAbmR6aC5jb208 L2E+OyAnQWxpYSBBdGxhcyc8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9u dC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZn dDsgKlN1YmplY3Q6KiBbaTJyc10gZHJhZnQtbWdsdC1pMnJzLXNlY3VyaXR5LXJlcXVpcmVtZW50 cy0wMCAyIFdlZWsgV0cNCjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250 LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0 OyBhZG9wdGlvbiBjYWxsICg4LzE3IHRvIDgvMzEpPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJp ZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29u c29sYXMiPiZndDsmZ3Q7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQt ZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD4m bmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZn dDsmZ3Q7IFRoaXMgYmVnaW5zIGEgMiB3ZWVrIFdHIGFkb3B0aW9uIGNhbGwgZm9yDQo8L3NwYW4+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZx dW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEw LjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDsgZHJhZnQtbWdsdC1pMnJzLXNlY3Vy aXR5LXJlcXVpcmVtZW50cy4mbmJzcDsgVGhpcyBkcmFmdCBkaXNjdXNzZXMgdGhlDQo8L3NwYW4+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZx dW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEw LjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDsgc2VjdXJpdHkgcmVxdWlyZW1lbnRz IGZvciB0aGUgSTJSUyBlbnZpcm9ubWVudC4mbmJzcDsgWW91IGNhbiBmaW5kIHRoZSBkcmFmdCBh dDo8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDs8L3NwYW4+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90Oywm cXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEw LjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDsgPGEgaHJlZj0iaHR0cHM6Ly90b29s cy5pZXRmLm9yZy9odG1sL2RyYWZ0LW1nbHQtaTJycy1zZWN1cml0eS1lbnZpcm9ubWVudC1yZXFz IiB0YXJnZXQ9Il9ibGFuayI+DQpodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtbWds dC1pMnJzLXNlY3VyaXR5LWVudmlyb25tZW50LXJlcXM8L2E+PC9zcGFuPjxzcGFuIHN0eWxlPSJm b250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fu cy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1p bHk6Q29uc29sYXMiPiZndDsmZ3Q7IC08L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4w cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7 Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+ Jmd0OyZndDsgMDA8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1p bHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDs8L3Nw YW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJy aSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDsgQSBzZWN1cml0eSBy ZXZpZXdlciB3aWxsIHJldmlldyB0aGlzIGRyYWZ0IGR1cmluZyB0aGUgdGltZSA4LzIwIHRvPC9z cGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGli cmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7IDgvMjUuJm5ic3A7Jm5ic3A7 IFdlIHdpbGwgcG9zdCB0aGUgc2VjdXJpdHkgZGlyZWN0b3JhdGUgcmV2aWV3IHRvIHRoaXMgZGlz Y3Vzc2lvbi48L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6 JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDs8L3NwYW4+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZx dW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1z aXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDsgU3VlIEhhcmVzPC9zcGFu PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkm cXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9k aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox MC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7PC9zcGFuPjxzcGFuIHN0eWxlPSJm b250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fu cy1zZXJpZiZxdW90OyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9u dC1mYW1pbHk6Q29uc29sYXMiPiZndDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4w cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7 Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25z b2xhcyI+Jm5ic3A7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFt aWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286 cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPl9fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fPC9zcGFuPjxzcGFuIHN0eWxlPSJm b250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fu cy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1p bHk6Q29uc29sYXMiPmkycnMgbWFpbGluZyBsaXN0PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJp ZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQiPjxhIGhyZWY9Im1haWx0 bzppMnJzQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5 OkNvbnNvbGFzIj5pMnJzQGlldGYub3JnPC9zcGFuPjwvYT48L3NwYW4+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5z LXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdCI+PGEgaHJlZj0i aHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9pMnJzIiB0YXJnZXQ9Il9ibGFu ayI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkNvbnNvbGFzIj5odHRwczovL3d3dy5pZXRmLm9y Zy9tYWlsbWFuL2xpc3RpbmZvL2kycnM8L3NwYW4+PC9hPjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMt c2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0Ij4mbmJzcDs8L3Nw YW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJy aSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1ib3R0b206 MTIuMHB0Ij48YnI+DQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fXzxicj4NCmkycnMgbWFpbGluZyBsaXN0PGJyPg0KPGEgaHJlZj0ibWFpbHRvOmkycnNAaWV0 Zi5vcmciPmkycnNAaWV0Zi5vcmc8L2E+PGJyPg0KPGEgaHJlZj0iaHR0cHM6Ly93d3cuaWV0Zi5v cmcvbWFpbG1hbi9saXN0aW5mby9pMnJzIiB0YXJnZXQ9Il9ibGFuayI+aHR0cHM6Ly93d3cuaWV0 Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9pMnJzPC9hPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+ DQo8L2Rpdj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_4A95BA014132FF49AE685FAB4B9F17F657D1757Edfweml701chm_-- --_004_4A95BA014132FF49AE685FAB4B9F17F657D1757Edfweml701chm_ Content-Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document; name="I2RS security requirement for closed enviroment.docx" Content-Description: I2RS security requirement for closed enviroment.docx Content-Disposition: attachment; filename="I2RS security requirement for closed enviroment.docx"; size=17389; creation-date="Mon, 24 Aug 2015 19:50:54 GMT"; modification-date="Mon, 24 Aug 2015 22:07:48 GMT" Content-Transfer-Encoding: base64 UEsDBBQABgAIAAAAIQDJMTxZgAEAACIGAAATAAgCW0NvbnRlbnRfVHlwZXNdLnhtbCCiBAIooAAC AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0 VMtOwzAQvCPxD5GvKHHLASHUtAceR6hE+QDX3rQR8UNep4+/Z5OUCEGbAmkvkZz1zszO7no02egi WoHH3JqUDZMBi8BIq3KzSNnb7Cm+ZREGYZQorIGUbQHZZHx5MZptHWBE2QZTtgzB3XGOcglaYGId GIpk1msR6OgX3An5LhbArweDGy6tCWBCHCoMNh49QCbKIkSPG/rdKPFQIIvum4sVV8qEc0UuRSCl fGXUN5Z4x5BQZn0Hl7nDK5LB+F6GKnKYYJf3Qtb4XEE0FT48C00y+Np6xZWVpaYakm6YPTptluUS 2vwKzXkrAZE810XSRrTIzaf+gzpMqefgKfP0QlrooyIwbAvA0ytocLvoyayptw45DUdvfqjGT4GK qR8OfMihnZ+D/iOEQO6fo/gd8q/KlyUGq3s70MD8pf5AGw+8/g5709cwXfXWq5fRozAT8wJ68/3Y vRb6qIg1zF/P1vov4F1C2uGX1v/DjM8Hs8re03Jev/DjDwAAAP//AwBQSwMEFAAGAAgAAAAhAJlV fgUEAQAA4QIAAAsACAJfcmVscy8ucmVscyCiBAIooAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACsks9Kw0AQxu+C77DMvZm0iog06UWE3kTi Awy70ySY/cPuVNu3dy2IBmrSg8ed+eab33zsenOwg3rnmHrvKlgWJSh22pvetRW8Nk+Le1BJyBka vOMKjpxgU19frV94IMlDqetDUtnFpQo6kfCAmHTHllLhA7vc2floSfIzthhIv1HLuCrLO4y/PaAe eaqtqSBuzQ2o5hjy5nlvv9v1mh+93lt2cmYF8kHYGTaLEDNblD5foxqKLUsFxuvnXE5IIRQZG/A8 0epyor+vRctChoRQ+8jTPF+KKaDl5UDzEY0VP+l8+GgwR3TKdorm9j9p9D6JtzPxnDTfSDj6mPUn AAAA//8DAFBLAwQUAAYACAAAACEAs76LHQkBAAC2AwAAHAAIAXdvcmQvX3JlbHMvZG9jdW1lbnQu eG1sLnJlbHMgogQBKKAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACsk89KxDAQxu+C7xDm btOuuohsuhcR9qr1AdJ2+gebpCSzat/eobDbLi710ktgvpDv+80w2e1/TCe+0IfWWQVJFINAW7iy tbWCj+z17glEIG1L3TmLCgYMsE9vb3Zv2GniR6Fp+yDYxQYFDVH/LGUoGjQ6RK5HyzeV80YTl76W vS4+dY1yE8db6ecekF54ikOpwB/KexDZ0HPy/96uqtoCX1xxNGjpSoQMSMSdBfbUvkZScFIi5gR5 HWGzKgINHc9wAhjrpfhkzXh7NDl6nsFEcJaWILZrQhCvB04AYynHM1lieFyToXKWMp13M46ztATx sCbEN+bvf1ZyJp5A5MVvS38BAAD//wMAUEsDBBQABgAIAAAAIQCakOcukxIAANjZAAARAAAAd29y ZC9kb2N1bWVudC54bWzsXetuG7kV/l+g70AoQFEkvsjyZpO4ay0cX4AAReo66W76J8B4RFmER8Pp DCVVQX7sg7TAPkseZZ+k5/AikRRH1nrjNUcdB4ikmdGIPNfvXDj87vt/jzMypWXFeH7cOdjrdgjN Uz5g+c1x5x/vL3ZfdkglknyQZDynx505rTrf9//4h+9mRwOeTsY0FwRukVdHUzg7EqI42t+v0hEd J9UeL2gOJ4e8HCcCPpY3++OkvJ0UuykfF4lg1yxjYr7f63a/7ejb8OPOpMyP9C12xywtecWHAr9y xIdDllL9Yr5RbvK76ptnesjyF/dLmsEYeF6NWFGZu43vezeY4sjcZLpuEtNxZq6bFZv82qBMZsCP caaGPePloCh5SqsKjp6pk4s7HnTX/bYmIN5i8Y1NhuD+phnJOGH54jYoHR7/F8zbA+btq9/ex1st JwK06IMsXfPBHF8LMjsCWRxcHXe63ZfPD0/PDjrm0BkdJpNMrJ65xEPw9xwulje5LPGl1C8XPBcV 3CSpUsaOO6d8UjJakrd0hrceneTV6tG0ci/cxxtWn+D6aZIdd3rdjj5yine2ju3r34XXAn8fX1cm 9vzli97rXmhi7pmYJwbzfHQiz45E/8PeATmjRcbn0ha9S2melIwj4YUkfx0TLi66356eh5jgyl3L BCX7dZIOdEbTfVQVSQomoChpRcsp7fTfjyjJqQB9vyVilAiS8jynKeiigDMOg0CYQI0Wiq9ZE4N8 had2UhQZS5Xz2FmZSrzjftO7ekdOM4ZeG3w6kZ9PbvBjmuTkuuFsYXmDeIEQKKOCZnOSZryiAwBe U1byXNqxP7M9ukeK0bwCOcvgmooWSZkISjKW34LTYWIE0wVMRpLBmOWsEnCWTSkZcHTLO6Bti/sj DnPunrFbSorJNQgxYbmgJejpDuElqfiYzka0pHAYxEHMKHxTXv3D5dsd8ubyHU0JFeneCqEbpb+2 aTKztHV6qRxaWbR2ICF3iCRQosyYMXDmLndrmGK2R8AgTHD90FUj8U8kMCFsxpsixP3TpS6fSlvx 5WfbWBD4O5Z/f7oRf4EP1vV/A5F1fG1Q1DwwdAkx1QJSG8225M+9XCIky2dL4AtwGQABBCjw9WQI JgbuiGALzBeghN43iw9XkwwOJBPBFaaOArZbgETRQutiDK69/2zX/nOYG4m69Xf9URkhio+aNi31 +2f+6GNge40JQ92v/3MmEtR8z8ncQ/Mt1dgOzY+B2/3PDusse7Sa/7iKT6m+/Pzl53UT0HmOGChd o1frRh/UGUsNHtWF1cbjyJMVxNNywE30gZ/6zbk/zDw9Df+F9CJiFjTaCN1DsVuz9GAJcVSK9T4h egNKorSeQNWQVTGAuxFwIWwsn4K/ci1Qi2ChCFWXiEfi6JJXDC6l2Qg27DyUqqn/CYgn/iNW4pCc 2OfiNBeuRjUvsNgAmMcg/mEBWnUhjbLTSrpB5kOy/9rIvsch6FXgw/MSK3xiXkCu76ZMxu9EUgqd 8GsYCTyfBFY3NMHzfIDTC3ost8pvJ/YDiVULFrXpFcwgf5X4rOlW0Gii0kVP45xiekQxjYyKP3pg b93Ym5lokcaxdf5Om9VXUdqtix8b5vmMg18aH/XOV+EY8Ff/oz+qRhLbJTXiLg9+BAGGCyN0fUB3 SBoytOVc1S362Mn6JpRzn9TpUnyVp+0o5z41Jd3P5g2+wlEXtwaV3wNN6/W8jS68fvCvAlRcLnk5 logAeV2SwhI6X/Oj8O219giz3c2iryL1Qs0Xih8l3bdHru9lSu9qjnEtr2yL2zr7auBjfJ7/s42V yVNPgYJJulAWMr6JAeb3O9KCs9EpR8vdxDeX3drOwMhMd/8HT4AWSbUYiWqh3mcqOU+0OviziMF/ 18EOf6zx2ho0NTIYV724dQNHmbYaox891GykTEuBvkfgo/S0PuvRemvwFI+yOBZ7gbbZW/swuane Omynpe3T66LWGb6I4rD+h7qBxufMDYoln21H7o+/deO/dYU+GKF6+dbeXRops2DWZ4FBJ7EB13/W DTR2WW99PIiU9SwJfOLEBs1+Rg7jY6/n4zGOtQIV+daJVnzBbY3cVzByuj/YilYsHrTY+p7PdYk6 yeLpnWq4IR+J03kjYZy8slW7h6gBKRynaL6g/eIN2EI3StiklNdGtMvnxETu7QyKN6/kiXlX96oS dq0uPpwu2pQ36VFzzP/c6ud9nnbWHK9o+G5elX4S83H1FQWkVc7fRzlR+VwOqM/ks4SurePc4jDR 5TtIgnScUjEX2unroYmAIyu3hNNL9UuA4oM0hhm+Oprj6rUh7KhfkBgd4cOSs6T6yuKCVgMe4Bmu izJVG6ptW2LSM1nBAl1jmoM2anVqQnOQlZ8iU+h21v+e+hNctOI0xOFDj6cncIsZROd6sDDvD7bN w3+dPPwyAetTOFL/3aQmOG08pOEA46H/HEK3OdYtqCiGC1mqmGgQcpuseYg9DRAPQ0COaxBX6rge /V2P3epd4/XOsaM1j7xoAfPvucOI1sZFopSo5/gfGBtoXpe5m9YqPrBV1LzQnOgZDixfLV60FnLr ktgbecY2vHqgTN2DIRNrAXW7ZOCRlwygiql/5KN5t/ysjq2caVXuQVVuSX+bI8iFGn5s4Pr02gGT FlFZsvqlPO7lW7jwto2gNoiggkTyHoVjGXP3jBQaa8lK+6y9Dmjf13gaRriYGdjH5ohw2ImUyN2q 7oo3q4JmmR1wxpCj7p+O8myjkS+rMTGMO8wh8uTJE9xPyJvQonRhrXtx7bT1zINHX/Fqu6TVwoYZ tzWViPlRW0Syhm9mFF1dKSxjyB53WkEj7vp3+4Gp7pntNOIN4ynuOOby1GoLbUTF1tpbTfukiqYT 2BTRM4UrbQMrXsmwLrJp38dRRTqVsF0hUI9Y8V1B09I973bDezG7Z7bQtGxCj7sir/9PIp2+6vW+ eY4AWe5ZfCeR1N7k+nIpSTqWRbRhNm2IYbtymFAMAOiu9foW9R4dYe55TiGEj6Ogaa9uoI74xjDU GpsOew/DM6XFnLypqgmt5Ca9V/RfE1ZSuWfyJB9A+KgCS2L5cGfeQaN38OLw9YtXnj57B63MgXtG 6rM+FKE+u0bKGudja06Yy6vsIwNaZHwuWYz7MDvsjMRghedCk4rB1t3+gBvGkRvcVbxuDghsNQaI wXL0C8phV3WS1I1X2brotQC2e88rSvgQ3mDk4U8nBlqHZR52jU+TCYxdjMxe9XV7o/uTMnqBMnV+ 2Du4+KYT7zzlRu/+DOIdrmoOSSCGvZmwAR2Q6zlJSDGaVyxNMvLLT//5McmyX3767x55P2KVL38E Da82Z+PkVnHXsstjVlUkLScpg5tJkUU/DfFxSgcgvpvsdu86VTvH456JHD4bIW6IodHMTgXjOQCq JJt/AmSFurvgohiVNBEVYbk83hyZTzNegaRbSBCFGzSAg5CCjAsOEkqnNBdyYsMkA7PlGV6ctYYk 5/mUlTxHHLKJPF+8ePHy5OUCU1rw0T0TuTzHa9LAZq1yBiyYbauu1yOX1+fPT867UXiZvhjxyc1I NEe9EJ2MkinLb2rRoTKCEVE5jFkSUsEsADb6xDfGHBFJRLPoS/ChHsFYN+SGkJ4MIHpPBURJKc9z eAcGG+xy3axiYwTPAaSXZMxXIbqRnaYwoiEkD2twySeCllWt3DSECVOWAOCAmQAQIzkVM17e7pDZ iAJuR0ymdQSxGuAXg95BeVjFswR1Z1jyMeFwbWm+L9NkgMSFUi7A/es4HVMs78YnMxWf1A2+IRz2 kKNXGY3KxwiUMTYueCkShMic0HExgpTWJxTGZAWpbKHBi3ZKfQC/1r7TBvUC3HXcKFxlQQW8Ci2M LNCD19LoWduZtXWMVcFMeQa30D38kKp59eJM73er88o1T9d1rU8wG+/WFO1MgHtGRU6qfothii6k Fe/EHLCcHtpfWSUukzKBTYeLkd5wOIZKW3Dmbn/5r575o2b0cULxbD+fJZW4olgQooPL5Ia+hhzG LezHXPvU5w97vb2D9dbZjduvlMeJyWFaFsF3kzGE8f21e79ET120pDGSNYyI9VPLG03y8MykR9P5 7AwSebnrUiKpCPZPfVkxYAJj2NiFPUx5lU/15xWFaTn3R9UkaveXmWVnGkGM4GKgFiNApPuWzhSy +zXPLK1FArIkAqFPSYe0LDG9CaEPRt8Ob7zI7bB3ePHyMIpMclh3rSqIlVDwpxSDLofHb2Eb1fmD HLGCm6Zwpw812OZQ3QonMXLUEaM/ftvWRqQI/bcqg+YPN14h35HJOl+yk3ygJF2BHn86sVIfmw2g pMr98cZLfk/a/YFHSuiwvQw5rHgp3xoWbBR4uNWWXmIjCCy15TZSbjUsuGdq0m5t8gkgoUqAib5p VV5nQiLKHIVNCIBe7Pzx5xCDFelX/qiM2GJ0HT9loXVCYJudhcr9CcVA5hq5YHmaTQb0yBly0KZ4 wapKmbrmxI5g3TPS0OhDSI1N8/v5ZKz0kGXTDORCbqnWVREinHszMMee64rF4gutDbNs2HuHvV68 u46x8UouhIwFDfUJxDDk/oyJEcTmLB1tH+VlAiUpigzajbHXFLqF+Xg8yfEjFC39CUfBD2h5hkFC 6wR0N6v+C3sCOwQaoTE7xET9cgP0RmcHvcPuqyhSQ31IncRI6ho/UwlaFEjiSmCjFaThEiGS9FYK k8z9pBmDdlxskQGtwVKAmJQrXJNXQg1ws75dz7Kth8Gr3olBsD47yuhQHHcOetrrtH5l6VfCvL46 /7ufwbt7dX0UVoJ5ChUedhMe+HIku+OdRCv2+ch+attaSz9lqR92AUvthPaTMc+ZgG7IATjakvEB ri7J5iqvBUuaYC2I7O9U3wB3PCl2Bd8doBOAJiO2O06yGSaOqjko/3iTsLXVV0wdjE7yB3q4ab2+ smcHSmSkLHhqgL1BcnF8bC4w3DYdgykJU5pUsDAgGyglg/Uq0OA1ZDdKkSA+h7Nwcgi9WDQBF4hw 6oaXc3CRWnNBKUtYJE1BnwbYq5yOkvwG3kIjKINVPaCefAYfbWizR34cwTNcMIUIP7j6axC4piWv YHENKHaWlGNYL6YGCT8GfpaW2Iu6ifK6Ad+V01JjBGh7PHAwRF7XChAggWvu2lwcKm79Num1RV5s 9+r5iMOxWev4EoO16FuO2re9UYxvC1uPnIIzRBvYSbtDrifCPhEjM8KuZfdOxx27EoTnpeqkGA2C B0vDXUvGtMYGT2pq1vZwm8kU19gGXaHOlJi5Wo7fPSO9npVWMX3HMfR1A+qNwfqGFaO2tcmqQ1jd QZaHCffcYKS2XHBgdYhoKd6on8H0CXh3Qt3VZWF9t00ApSsodm3BPdOK0J3AaVHEBDOqngAQqFpB zm3TWpDLAI31vQDg16p8zVqP/wEAAP//7FdNb9swDP0rhK/rR+q0WxssAYp0HXrYkKUFdlZkxhIq S5okx0t//SjZaV2327UpsFMk6oNP5PMj45gV2fHsczPRdbVwcSDVRkEz2TA1zUaPazfFznYWbce9 A649566NDp52Mc+lnGZzUzuJDr5jk5FVXGr/0sr9840Jin/Y+co7AP5hHm9OmFobAUh+6dd2/iP4 N8XSTMLsLoYmpAClaDqC7bwslgtH4RyN8/H1+TjbB6jwu1ITbxnHaWYdenQbzGYCwSI6D8N37APk WSODgEZILobw3lmYIVCgh2/YixDf5MtbmCuJOgzxvbcYc1NVtZacBRw+ZS9C7Yeo3l2Ahw/Yh7C+ rmtMA9HBOlNJj+nr6xH9ACp2L3UJMgDzwMAHtDYafDCathtgITB+/3TwsqQP5Oj5JxxrUYyA3eUx Kv7VST4eXcQKmMrAFa5ZrcLLlUXPlC7pqrGOhVfhmo6c7Mrhm1a5Pau4r6d7+eUHyA/5BO5IZ3uZ pgSyALxlw04cIJWVtIvFtIJgm5T0FUJltAzGYUFl0UlTkJootT0ARnlB7eu4QvRoT5Cv2h4Gc1iQ 5NCWIA8rphrmEPyWOFX9J8zbt2j/Isy4R5iWCl6YWhVtfqlL4kavZdlmXVDTJAwtro0DZFwQrwKW xm2fWEYMcvirRkp+AbSNC6ZLGq62pDWkNEqZhqY81Vt/BD8F6iQy5OulI+mBO+M9FkRAxVzlocNH foi56AhA8ReSeeRh8diO9tSmk6ZbWo/W+UWen56lFtWWt7EVb6L05Kej1MbT+OycxqlTt+U3Fq8M xpL9tN3iZCmiWnXTlQnBVE/zTsu6VYGsQGqNP5G20UVrY0JvWtYhTTt33Kj4N6BrWuORhKIw/KuT SSelxoUMXEyz8ce0SmrVPjy15CtTbNOAjtQVfeqzPwAAAP//AwBQSwMEFAAGAAgAAAAhAJa1reKW BgAAUBsAABUAAAB3b3JkL3RoZW1lL3RoZW1lMS54bWzsWU9v2zYUvw/YdyB0b2MndhoHdYrYsZst TRvEboceaYmW2FCiQNJJfRva44ABw7phhxXYbYdhW4EW2KX7NNk6bB3Qr7BHUpLFWF6SNtiKrT4k Evnj+/8eH6mr1+7HDB0SISlP2l79cs1DJPF5QJOw7d0e9i+teUgqnASY8YS0vSmR3rWN99+7itdV RGKCYH0i13Hbi5RK15eWpA/DWF7mKUlgbsxFjBW8inApEPgI6MZsablWW12KMU08lOAYyN4aj6lP 0FCT9DZy4j0Gr4mSesBnYqBJE2eFwQYHdY2QU9llAh1i1vaAT8CPhuS+8hDDUsFE26uZn7e0cXUJ r2eLmFqwtrSub37ZumxBcLBseIpwVDCt9xutK1sFfQNgah7X6/W6vXpBzwCw74OmVpYyzUZ/rd7J aZZA9nGedrfWrDVcfIn+ypzMrU6n02xlsliiBmQfG3P4tdpqY3PZwRuQxTfn8I3OZre76uANyOJX 5/D9K63Vhos3oIjR5GAOrR3a72fUC8iYs+1K+BrA12oZfIaCaCiiS7MY80QtirUY3+OiDwANZFjR BKlpSsbYhyju4ngkKNYM8DrBpRk75Mu5Ic0LSV/QVLW9D1MMGTGj9+r596+eP0XHD54dP/jp+OHD 4wc/WkLOqm2chOVVL7/97M/HH6M/nn7z8tEX1XhZxv/6wye//Px5NRDSZybOiy+f/PbsyYuvPv39 u0cV8E2BR2X4kMZEopvkCO3zGBQzVnElJyNxvhXDCNPyis0klDjBmksF/Z6KHPTNKWaZdxw5OsS1 4B0B5aMKeH1yzxF4EImJohWcd6LYAe5yzjpcVFphR/MqmXk4ScJq5mJSxu1jfFjFu4sTx7+9SQp1 Mw9LR/FuRBwx9xhOFA5JQhTSc/yAkArt7lLq2HWX+oJLPlboLkUdTCtNMqQjJ5pmi7ZpDH6ZVukM /nZss3sHdTir0nqLHLpIyArMKoQfEuaY8TqeKBxXkRzimJUNfgOrqErIwVT4ZVxPKvB0SBhHvYBI WbXmlgB9S07fwVCxKt2+y6axixSKHlTRvIE5LyO3+EE3wnFahR3QJCpjP5AHEKIY7XFVBd/lbobo d/ADTha6+w4ljrtPrwa3aeiINAsQPTMR2pdQqp0KHNPk78oxo1CPbQxcXDmGAvji68cVkfW2FuJN 2JOqMmH7RPldhDtZdLtcBPTtr7lbeJLsEQjz+Y3nXcl9V3K9/3zJXZTPZy20s9oKZVf3DbYpNi1y vLBDHlPGBmrKyA1pmmQJ+0TQh0G9zpwOSXFiSiN4zOq6gwsFNmuQ4OojqqJBhFNosOueJhLKjHQo UcolHOzMcCVtjYcmXdljYVMfGGw9kFjt8sAOr+jh/FxQkDG7TWgOnzmjFU3grMxWrmREQe3XYVbX Qp2ZW92IZkqdw61QGXw4rxoMFtaEBgRB2wJWXoXzuWYNBxPMSKDtbvfe3C3GCxfpIhnhgGQ+0nrP +6hunJTHirkJgNip8JE+5J1itRK3lib7BtzO4qQyu8YCdrn33sRLeQTPvKTz9kQ6sqScnCxBR22v 1VxuesjHadsbw5kWHuMUvC51z4dZCBdDvhI27E9NZpPlM2+2csXcJKjDNYW1+5zCTh1IhVRbWEY2 NMxUFgIs0Zys/MtNMOtFKWAj/TWkWFmDYPjXpAA7uq4l4zHxVdnZpRFtO/ualVI+UUQMouAIjdhE 7GNwvw5V0CegEq4mTEXQL3CPpq1tptzinCVd+fbK4Ow4ZmmEs3KrUzTPZAs3eVzIYN5K4oFulbIb 5c6vikn5C1KlHMb/M1X0fgI3BSuB9oAP17gCI52vbY8LFXGoQmlE/b6AxsHUDogWuIuFaQgquEw2 /wU51P9tzlkaJq3hwKf2aYgEhf1IRYKQPShLJvpOIVbP9i5LkmWETESVxJWpFXtEDgkb6hq4qvd2 D0UQ6qaaZGXA4E7Gn/ueZdAo1E1OOd+cGlLsvTYH/unOxyYzKOXWYdPQ5PYvRKzYVe16szzfe8uK 6IlZm9XIswKYlbaCVpb2rynCObdaW7HmNF5u5sKBF+c1hsGiIUrhvgfpP7D/UeEz+2VCb6hDvg+1 FcGHBk0Mwgai+pJtPJAukHZwBI2THbTBpElZ02atk7ZavllfcKdb8D1hbC3ZWfx9TmMXzZnLzsnF izR2ZmHH1nZsoanBsydTFIbG+UHGOMZ80ip/deKje+DoLbjfnzAlTTDBNyWBofUcmDyA5LcczdKN vwAAAP//AwBQSwMEFAAGAAgAAAAhAJSDnvCiBAAAfg0AABEAAAB3b3JkL3NldHRpbmdzLnhtbJxX XbObNhB970z/g4fn+lofgICJbwYE9GNu0kyd/AAZyzYTQIyQr3Pz67uAiZN2m8n0yWLP7mq1Z0HH r15/apvVs7ZDbbqtRx+It9JdZQ51d9p6H96X68hbDU51B9WYTm+9Fz14rx9//unVNRm0c+A2rCBF NyRm611slwzVWbdqWLd1Zc1gjm5dmTYxx2Nd6duPd4uwW+/sXJ9sNregB9PrDrIdjW2VGx6MPW3m yNxUl1Z3bsMICTdWN8pBwcO57oclW/t/s8FW5yXJ8/cO8dw2i9+Vku953o57NfbwJeJHyhsDemsq PQzQ2baZj9uqulvSDM2P5Jn7+VTvrbIvXyV5BNo+G9OurkmvbQUNBc4p8TYjcDBvjcvroW/Uyzt1 0pm5AO221sMEQ13muHPKaYgeet0004xUjVZQ3TU5WdW2CjidLXNKfVSXxr1X+50zPTg9K6hfsNuO 1VlZVTltd72qIJs0nbOmWfymgqRpewv9mGuEWeqVG6u9DLosntSLuTjYanNN7hAM82EYfcbFX8a4 JSEhnAnCxZxrRO8IISTIKYqkYR4yFMlYkYU4ErIU36cgJMOzlQGNUywbFTwTMYrkQZr6KFIEaYbG MObnMsdimAgpLVEkpYWPVs1KyliGxXDGy4jjyH+xwAULGcoCT4Vk6Em5DChDe81LX3KUH1+KIouw 2oIgjAV60iASDGcuiJnvo7UFKU9Jge4jeRahLIQU+oYyF9KQ4ecJhU8JWrUgJMKzAZIX6LwJ4kNL saoFp0SgvRYFgxKwmIj6cYiyEHGSEbRvUcAl/jZGIScpOiFRJGIusQpiRiRD2Y5DHgt04uOcBBSt OoXmhGjVaUiKAM2WClb4aG2pCFiKTkgqWeDjFUhBczymCGmKxmRUFBJlLuNBgH9dACl89DxZAGyj b30G350CnQPJBREoCzIQMkb3kSFlPjqjMobvWICxLSXnMcqPLMI4R98sWYg0QrsjSyYY+i7AgJQ+ etKcMk7QffJSRPi3t6BC+mhHC85oiZ6nAOYCdA4KyWAUse4UBWMcPU8pRJSi/JQlCeW0D9yzt9u1 TUbd9M4+vppXJdzdq3a+4KVq97ZWqzejsoLbuU329mNWdwu+16Dw9NfI7rJfwPV6BoZWNU0J+mAB QFTNyAE0Sq6PU+LmjbKne+aJjjaxqPWgj398yTaKH21/tebSz1mvVvW/dwcwLxtSf6a3TerOPdXt Yh8u+90S1YHA+goCxfTnsx0Tbu4NuiYONLEeO/SkutOiOXS3/rAblZNWg0uHWm29z+e1fDtGg5xp 7G6U0vqN6nvQRuC3P9Gt19Sns6NjmIMn0Gcfp4f9id0wNmHwNGLTg6rGw4L3bTE6zEvwui3uNr7Y +N3mLzb/bgsWW3C3hYstHG3nFxCZoBI/gmRdlqP9aJrGXPXht8W49f5lmpswnFWvgepRRIKiM8lk AB4nw+o50Z9AwepD7eBfSl8fWvVp6zESTGNw8wY1CxrxG98x0+jcf2NdHZQDDqa7ZfNN8KQv/1EL 6GVd1TCju5d2f9esD3PhTT24ne5B3jpj4ciT7v1lmov7H6fHvwEAAP//AwBQSwMEFAAGAAgAAAAh AGQsEMo6AQAApQIAABQAAAB3b3JkL3dlYlNldHRpbmdzLnhtbJRSy27CMBC8V+o/RL4Xh9JSFJEg IcSpp5Z+gLE3xJLttWyTFL6+S9IHfRzKyeud2fXsjueLV2uyFkLU6Eo2HuUsAydRabcr2ctmfTNj WUzCKWHQQckOENmiur6ad0UH22dIiZgxoy4uFqFkTUq+4DzKBqyII/TgCKsxWJHoGnYc61pLWKHc W3CJ3+b5lAcwIpGC2Ggf2Xu37j/dOgzKB5QQIwmxZuhnhXasIo1Kt/H9zLpCKxpx8jC9m87uJ+Oe sEV1WOmWwFYYQhk/0a0Ij1Cnj2z+mX3Su+aP9Ab9b+4SU0L7I0+Cliqc3khfNY5Wy4gYjyUjAyjw QtKy+1iiQVqs2CccZJgzZZdVbr8puqw2nE9+SSnvXeiHHsJqPpy9MeiTtvoIawzLgF2EQAYQfva5 qjcAAAD//wMAUEsDBBQABgAIAAAAIQDX+shQbQcAAPA6AAAPAAAAd29yZC9zdHlsZXMueG1stJvf U9s4EMffb+b+B4/fKSEpSWGadii0V2ZaShuYe1ZshWjqWDlbKdC//lZrWzg2tnex+9T6h/az0q6+ a0D79v3DJvJ+ySRVOp77R69GvifjQIcqvpv7tzefDt74XmpEHIpIx3LuP8rUf//u77/e3p+m5jGS qQcG4vQ0mftrY7anh4dpsJYbkb7SWxnDs5VONsLAZXJ3qFcrFcgLHew2MjaH49FoepjISBiAp2u1 Tf3c2j3F2r1Owm2iA5mm4O0myuxthIr9d+BeqIMLuRK7yKT2MrlO8sv8Cv/5pGOTevenIg2UugHH YYobFevk81mcKh+eSJGas1SJ8sOP+T37fG1fLD90I4PUlAx+UKHyDy00/Q3Dfolo7o/HxZ1z68Te vUjEd8U9GR/cLsrOzP3f64PzK3trCXbnvkgOFmfW2CHOtPi3NOPt3vzhCl3ZigDWDsyIlZEQQwiJ NRopG+vxbFpc/NhFcEPsjM4haABgZbNwWVl0CC0EepElCjyVqy86+CnDhYEHcx9ZcPP28jpROlHm ce6fnFgm3FzIjfqswlDavMzv3cZrFcp/1zK+TWX4dP/7J8yy3GKgd7EB96czTIQoDT8+BHJrswxM x8IG+coOiKzZtMRBh3bqyZvsRoWKN/8rkEdZDJ+lrKWwO8lD/1tBOOtdb9DYzqg8AbTL8nXS38Tr /iaO+5vA5O23FrP+XoB+9o1IlhulrKQH1eggS77yOkxOWlLWjqhlUeeIWtJ0jqjlSOeIWkp0jqhl QOeIWsA7R9Ti2zmiFs7WEYFA4apm0QRXg7Sxb5SJpB3fKkBHPaUuLzXetUjEXSK2a8/W1qrbbWK5 2C0NzVWU05eL5cIkOr7rXBGoznbrvliTP262a5Eq+KjpWPpxz6W/EctIev8kKuxEHWfJV5sTfpg8 W8KuIxHItY5CmXg38iGLKGP8lfYW2VdGp3M9w/pF3a2Nt1hjye2ETRsWvXklMvtfVIpr0LqZpg1T 6TJOiuG0IS+bjX+VodptiqUhfI1MMz1nhLmCQBfbl+i1DVF9d3XOwgaAMoWsXPCngPYJ/mfFhW/f xpjif1aKXmif4H9WuF5oH/OjPb5spbkQyU+PtL1m7L17riOdrHZRsQc65WHG3sEOQZsCexM7+ySR mLF38J58emdBAD+5UfKUHYsnHWVQ2OHIKLjZ6HNhB6Uie0eMGbEDVGGNGax+WssAsUX3h/yl7O+e uMUAVdp9a3Zu50nDCkAJIn1Df99p0/0NPW7QPCrlMoZfl6TSo9EmDTuPSsvzKat3jBj3K3wMUL8K yAD1K4UMUEN+NH/zuJpIh/QvjgwWW5ZdFcO0IyvzjK3MDsQrAQPVTcL3V8Pubc6Fet0kUNgBqtdN AoUdnUotc3WTwBqsbhJYDVWjOUZlTeVMil03yyD3JUCY0TDiTQANI94E0DDiTQD1F+9uyHDiTWCx tcFpalm8CSB8hfOjvgOVxZsAYmtDpnb574yKuodW2n+4HUC8CRR2gOriTaCwo9Mk3gQWvsLJhArL SR2BNYx4E0DDiDcBNIx4E0DDiDcBNIx4E0D9xbsbMpx4E1hsbXCaWhZvAogtDw5UFm8CCF/haMOz 4o27/o+LN4HCDlBdvAkUdnQqguo+UgksdoAqLCfeBBa+wkmGnIXJzZnUMOJNmNEw4k0ADSPeBNAw 4k0A9Rfvbshw4k1gsbXBaWpZvAkgtjw4UFm8CSC2Njwr3rgZ/7h4EyjsANXFm0BhR6ciqE7nCCx2 gCosJ94EFuZLb/EmgPCVl4I4MxpGvAkzGka8CaBhxJsA6i/e3ZDhxJvAYmuD09SyeBNAbHlwoLJ4 E0BsbXhWvHGP/HHxJlDYAaqLN4HCjk5FUJ14E1jsAFVYTuoIrGHEmwDCxOwt3gQQvvICEO4iTpiG EW/CjIYRbwKov3h3Q4YTbwKLrQ1OU8viTQCx5cGByuJNALG1wZ6zhfOi5OOpRw1JQD1nUJxqIAPH DUGiAvMJ/pArmUAzk+w+HdITWMyQQWxID+oUP2j906Md7J40JAgZpZaR0nik+xFP6ZQaESazlk6C m2/n3uesAaY2DlNq/+QNdA+V24WwPck2DoGf5nELLTvb4mS5tQYNQra1K28Bwla0S2gIytt67GDb 5wMvYlNVfhv/bptT8f/Q9hYW74xG5yfj8evjvMEJTdadCNbgRQC9Ui1O5Efh3ekkPAhfdanhvDy6 9dSsUTiXn5t/+rrK3ts7vQm3YA0b/Db2jHiLz3iGvHX1PHwli3fdQWjbQpe6PHTnrfBts4yyRjT4 z2VsQwGdf/i3tSzk4YPIzMLzcxlFXwW2rRm9bX41kiuTPT0aYZ2smFpqY/SmeXyCx8jRk+cMwBKX ncku7SSa1z7ebZYygT6wlvW/0ra+YL/afuJmJ2KzcLudB95jXlNXvdm3vU3ltpH1xaVvzSmshE+P 0belgIa8b7a/rrbh6skCp/FwUPNWHI1Gxxd50ue9igrzw0Z37s+gZQItBNBjAk0JOxHlTQZwFyZb dCfmm6GYfvrufwAAAP//AwBQSwMEFAAGAAgAAAAhAKXgFQz2AAAAbAEAABMACAFkb2NQcm9wcy9j dXN0b20ueG1sIKIEASigAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnJDLboMwEEX3lfIP lveOjQMtIEPUQLLuIu3eMoYg4YdshxZV/fcapY99ljN3dObMsP2HmsAsnR+NrmCyJRBILUw36qGC r+cTyiHwgeuOT0bLCi7Sw329eWAvzljpwig9iAjtK3gJwZYYe3GRivttjHVMeuMUD7F0AzZ9PwrZ GnFVUgdMCXnE4uqDUcj+4eCNV87hXmRnxGrn386Ljbo1+4EvoFdh7Cr42WZN22YkQ/RYNCghyQEV u+IJkZwQeqDNqXg+fkFg12EKgeYqnu77iQ+RNodysu8+uDpJU5KmWZ5Qhv+7DP/uqxleRW5vqr8B AAD//wMAUEsDBBQABgAIAAAAIQDG+8K1/QEAAP0DAAAQAAgBZG9jUHJvcHMvYXBwLnhtbCCiBAEo oAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJxTy27bMBC8F+g/CDo3ol91DYNmUDgofEgb A1aSM0utJKIUSZC0G/fru5RihW57qk+7s4vheHZEb186lZ3AeWn0Jp8WkzwDLUwldbPJH8svN6s8 84HriiujYZOfwee37P07unfGggsSfIYU2m/yNgS7JsSLFjruCxxrnNTGdTxg6xpi6loKuDPi2IEO ZDaZLAm8BNAVVDd2JMwHxvUp/C9pZUTU55/Ks0XBjJbQWcUDsG9RjioqEzpKRpSWJnBVyg7YdD7F wdjSPW/AsxklQ0Gfjas8Wy6WlAwl3bbccRHQQzZfrj5RkgD0s7VKCh7QXvZVCme8qUP20BuRRQJK 0hWK5hxAHJ0MZzahJG3pvdQoZY7wUKE2xxvHbevZKgocO3oQXMEWLWA1Vx4oeQPoDng8755LVExP YX0CEYzLvPyFB57l2XfuIRq3yU/cSa4DGhjXhqavlfXBsVIGhdw4G/q+TNfSWi4YOou7WFwvRnDQ gINrdf0L/qHG/xb+IXaaiu01DFITOUk5vvEH69Z0lusz2x35T5BZCaLVRpkmZntrig/3oSrwqq9b 8Qw//KMtzV0M1Ku/12CSiWcZ2oPlAi+3mM8+pulIRvSAIYIKz30hfAPoDm/hVHwVk6UbqC47fw9i 3p6Gr5lNZ8UEf33ALhimZPzM2G8AAAD//wMAUEsDBBQABgAIAAAAIQD7WCKFTgEAAHkCAAARAAgB ZG9jUHJvcHMvY29yZS54bWwgogQBKKAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACMkstO wzAQRfdI/EPkfWInfVCsJJUAddVKSBSB2Fn2tLWIHcs2ffw9TtKGVLBgOb7XZ+6Mnc+Pqor2YJ2s dYHShKAINK+F1NsCva4X8QxFzjMtWFVrKNAJHJqXtzc5N5TXFp5tbcB6CS4KJO0oNwXaeW8oxo7v QDGXBIcO4qa2ivlQ2i02jH+yLeCMkClW4JlgnuEGGJueiM5IwXuk+bJVCxAcQwUKtHc4TVL84/Vg lfvzQqsMnEr6kwkzneMO2YJ3Yu8+OtkbD4dDchi1MUL+FL+vli/tqLHUza44oDIXnHILzNe2XN6N JmSc48FRs76KOb8Km95IEA+n3vVbacwW9rJ5o3Ka42EZ+rRjdc1ARCEo7ca6KG+jx6f1ApUZSScx mcXZeJ3e0wmhhHw0oa7uN8G7A3WO9j9illFyd028AMo28fVnKb8BAAD//wMAUEsDBBQABgAIAAAA IQCBFtgQWgIAAEoIAAASAAAAd29yZC9mb250VGFibGUueG1svJVNjtowFMf3lXqHyPtOHBMgoAmj ES3LWXSm6toEByzFdmQHMpyhy96jN+ht2nv0xXYoH5mWqNUQ8fXy/PL8899/3949iyLYMW24kimK bjAKmMzUist1ij49Ld4lKDAVlStaKMlStGcG3c3evrmtp7mSlQlgvDRTnaJNVZXTMDTZhglqblTJ JNzLlRa0gr96Hao85xl7r7KtYLIKCcajULOCVvBss+GlQb5afU21WulVqVXGjIFmReHqCcolmvnu gnoqqYCun7hgJnhgdfBRCeoSSiqVYRHk7GiRIkzgGuEBHuIY3gR+xShsKmUbqg2rDonYhXMqeLFv o9rWtfklr7JNG99RzemyYG6M4Wu4sTVLnKIPGGNyv1ggF4lSNIfIOIkjHyHQlHtNfGRwiMAyQWO2 jk2JXB2IQB0/yvYZunW6IDJXW82ZbphYXJc0xkBgYqk0NOJeNIRaMS3dnE9w5PyZrXqwGLwGi0cu HrdOFLSoHkAx7er9/Pblx/evfh4XeolALxgoRe3lEs/0koxc+FQvdFspX/c6ufhFbYHAMpMkWTTR c0TR6C9yiWGQFdn1cvkMW6zxBNMplqFv7uirEwUm/xNFO3FAEfknn6M4wOncOcnRqOtRPO7FUhUv cBiCFAi8xyANAjYy7sGhv4W0vP20XxnEnBZ8qXknCYIX1kQbU41hi8BnN4lOMzU1N8bln7jHn80U k2MzbUR+Pz9Efptpa6+dkrBEo4k15eslMacCQNAXSDTHiTtWmuOlH4n+mmiOlUsSOO4g0W6gfyHh zxcz+wUAAP//AwBQSwMEFAAGAAgAAAAhAFPqMPZZBQAACTYAABIAAAB3b3JkL251bWJlcmluZy54 bWzsW81u2zgQvi+w72AI8DGx/qUYdQpbtYAudosFmsWeZZmOidUfKNlurn2ZfYR9rL7CDknJlRTZ sWQrZQNfYoTkDDkzHM7H4ejd+y9hMNgikuI4mkjKrSwNUOTHSxw9TqS/HtwbWxqkmRctvSCO0ER6 Qqn0/v7XX97txtEmXCACAwfAI0rHW+heZ1kyHo1Sf41CL72NExRB5yomoZfBv+RxFHrkn01y48dh 4mV4gQOcPY1UWTalnE08kTYkGucsbkLskziNVxklGcerFfZR/lNQkFPm5ZQfYn8ToihjM44ICmAN cZSucZIW3MKu3EDEdcFke0yIbRgU43bJKbMtibcDPYcBX/YuJsuExD5KU2j9wDv3HBX52Ny5AimL PcUpS6jOWawk9HC0Z0O3R83+e+PdgvFGfO4RZfVdENDFPWwmb5FmxPOzT5twUPnv43IiyWxIlOIl 9G29AFqMqas7piuNKHG4CTL8O9qi4OEpQcUY1hrQVj4qC5Og6NNmum1bc5n3BFvageGnmAu2PMmK wQofBfvdDfeNS+Tj0MtZA+UD+rLvGyq3e8a/+QWbAK0y3pz8SeiycUTloc0TyVLB83bjtRc9MtfT TLa20W6cDyachrhxlKV0JI6AbIlWHghP2cJQNgZ+YTmUf1kshanwbLGGqnCSqReTbKi1Fk6R7ard qB25MS5jN+2S0g118QTULyzg0Ggvo65XjcisekkrGpcXcmgKKKfZi5xDq72otlwzKbXxJU1q9SXq 0BZQWrtHaYd3rQVWFQiP5XCpUHufZ16ImyUQ8iIm4QG1jElU486xZnOTruMQJlk/LQhe/kHxygFk 4liWOZ1rOZdyCGcSZ0ngTyRXm02d2YzjompQZ2pg4LwEVhabIEA5+KhhlRu+XGjtC6l4qY/xRHLi DcGIDD6hHTUd8tJsmmLvAW4KABxDHMVknrcx005Bt8+o/PRZU2sgBJNzLcq6fCfLskany+BSAHcB eoc5FSodUWrcVqlKPQS9iP+atbruSWsq0xHbe7nWjMtr7dvXf9vq7dlBcKre/gaUTS+5cO0DLM21 Vm1rh6/5JiorSOlDQf+1VpBdA6inKujzU7iI4Z66106poZ1qdKaIsmpE8DjQQzWEnKqY2jnWl8dx /yprTQyP07W2N9X8pKp61/keBwmj2kEuhscZcEAytzn5Kp8rqORgXDulhnYeZz1TjQgeZ1g10CaY x0Gms7ahxPA4U+94hJ/vcS0xMU/FlDGx5pqqqVpzHraa83QvY2LXndlzXbf3wQ8MVWTr9jabwnbS ZaXpCto7Ju5qoVosuWLickpUgVeBTgdpTat9RWhRMbFyJ0iEFhYTmz88QguKiWlEhgP19FeI172F CouJ668ApyKb8yN09ZVHVEwM8bHbxipB4LeJiY2OZ/UrxThhMbHa8Qg/3+NaYmL+gFfGxIZs6Kbm 6udhYkuf6pA1PJ4ntmxHdpyp05C97x0Tt37Rbo4lV0xcwcTXPPFEuuaJaQnMkeeHb1+veeIDz12t X2YAynWDLq8UoYXFxNc8sXS04uuaJ6bP5A2lcNc8MZzuHWLcz5Mn5jVfFUzsKJam6MYxTPxT1XO2 zqS0LmOg3lMt/eDKa1Wm2qGes2/Jfmg9Z/3S8tbKOfuWT4Rqznoy7q1Wc/YuZ9NTWrczBiqrofYY SnOharVLNWf91svKpc4r96smToWq5uxdWsGqOVnxZvnZoZdqToiLMAf8pV+U8Bq/Ur3nR/opBvu0 hOXlIMkHI2mIrZDx2NRIxj4SOUDGc4CNZEXVatNs/DBtJNOoHx6YjRebN5KpZTJOzj/huv8fAAD/ /wMAUEsBAi0AFAAGAAgAAAAhAMkxPFmAAQAAIgYAABMAAAAAAAAAAAAAAAAAAAAAAFtDb250ZW50 X1R5cGVzXS54bWxQSwECLQAUAAYACAAAACEAmVV+BQQBAADhAgAACwAAAAAAAAAAAAAAAAC5AwAA X3JlbHMvLnJlbHNQSwECLQAUAAYACAAAACEAs76LHQkBAAC2AwAAHAAAAAAAAAAAAAAAAADuBgAA d29yZC9fcmVscy9kb2N1bWVudC54bWwucmVsc1BLAQItABQABgAIAAAAIQCakOcukxIAANjZAAAR AAAAAAAAAAAAAAAAADkJAAB3b3JkL2RvY3VtZW50LnhtbFBLAQItABQABgAIAAAAIQCWta3ilgYA AFAbAAAVAAAAAAAAAAAAAAAAAPsbAAB3b3JkL3RoZW1lL3RoZW1lMS54bWxQSwECLQAUAAYACAAA ACEAlIOe8KIEAAB+DQAAEQAAAAAAAAAAAAAAAADEIgAAd29yZC9zZXR0aW5ncy54bWxQSwECLQAU AAYACAAAACEAZCwQyjoBAAClAgAAFAAAAAAAAAAAAAAAAACVJwAAd29yZC93ZWJTZXR0aW5ncy54 bWxQSwECLQAUAAYACAAAACEA1/rIUG0HAADwOgAADwAAAAAAAAAAAAAAAAABKQAAd29yZC9zdHls ZXMueG1sUEsBAi0AFAAGAAgAAAAhAKXgFQz2AAAAbAEAABMAAAAAAAAAAAAAAAAAmzAAAGRvY1By b3BzL2N1c3RvbS54bWxQSwECLQAUAAYACAAAACEAxvvCtf0BAAD9AwAAEAAAAAAAAAAAAAAAAADK MgAAZG9jUHJvcHMvYXBwLnhtbFBLAQItABQABgAIAAAAIQD7WCKFTgEAAHkCAAARAAAAAAAAAAAA AAAAAP01AABkb2NQcm9wcy9jb3JlLnhtbFBLAQItABQABgAIAAAAIQCBFtgQWgIAAEoIAAASAAAA AAAAAAAAAAAAAII4AAB3b3JkL2ZvbnRUYWJsZS54bWxQSwECLQAUAAYACAAAACEAU+ow9lkFAAAJ NgAAEgAAAAAAAAAAAAAAAAAMOwAAd29yZC9udW1iZXJpbmcueG1sUEsFBgAAAAANAA0AQgMAAJVA AAAAAA== --_004_4A95BA014132FF49AE685FAB4B9F17F657D1757Edfweml701chm_-- From nobody Tue Aug 25 09:21:31 2015 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE36A1A0078 for ; Tue, 25 Aug 2015 09:21:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.21 X-Spam-Level: X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X6EUgbqCQKEI for ; Tue, 25 Aug 2015 09:21:23 -0700 (PDT) Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 898051A006D for ; Tue, 25 Aug 2015 09:21:20 -0700 (PDT) Received: from 172.18.7.190 (EHLO lhreml405-hub.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id BWT12611; Tue, 25 Aug 2015 16:21:18 +0000 (GMT) Received: from DFWEML706-CHM.china.huawei.com (10.193.5.225) by lhreml405-hub.china.huawei.com (10.201.5.242) with Microsoft SMTP Server (TLS) id 14.3.235.1; Tue, 25 Aug 2015 17:21:17 +0100 Received: from DFWEML701-CHM.china.huawei.com ([10.193.5.50]) by dfweml706-chm ([10.193.5.225]) with mapi id 14.03.0235.001; Tue, 25 Aug 2015 09:21:05 -0700 From: Linda Dunbar To: Linda Dunbar , Daniel Migault Thread-Topic: [i2rs] Suggested section/text to be added to draft-mglt-i2rs-security-environment-reqs-00 to address security threats in Closed Envionment. Thread-Index: AQHQ3rxzm+gQg6/jUU6oO53mC16Ds54c5ePA Date: Tue, 25 Aug 2015 16:21:04 +0000 Message-ID: <4A95BA014132FF49AE685FAB4B9F17F657D17BA5@dfweml701-chm> References: <4A95BA014132FF49AE685FAB4B9F17F657D1757E@dfweml701-chm> In-Reply-To: <4A95BA014132FF49AE685FAB4B9F17F657D1757E@dfweml701-chm> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [10.192.11.236] Content-Type: multipart/mixed; boundary="_004_4A95BA014132FF49AE685FAB4B9F17F657D17BA5dfweml701chm_" MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Cc: Jeffrey Haas , "i2rs@ietf.org" , "Joel M. Halpern" , Susan Hares , Alia Atlas Subject: Re: [i2rs] Suggested section/text to be added to draft-mglt-i2rs-security-environment-reqs-00 to address security threats in Closed Envionment. X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Interface to The Internet Routing System $IRS$" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Aug 2015 16:21:29 -0000 --_004_4A95BA014132FF49AE685FAB4B9F17F657D17BA5dfweml701chm_ Content-Type: multipart/alternative; boundary="_000_4A95BA014132FF49AE685FAB4B9F17F657D17BA5dfweml701chm_" --_000_4A95BA014132FF49AE685FAB4B9F17F657D17BA5dfweml701chm_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 RGFuaWVsLA0KDQpJIGFkZGVkIDMgbW9yZSBJMlJTIHNlY3VyaXR5IHJlcXVpcmVtZW50cyBmb3Ig dGhlIOKAnENsb3NlZCBFbnZpcm9ubWVudOKAnSwgcGxlYXNlIHVzZSB0aGUgcmV2aXNlZCBzZWN0 aW9uIGF0dGFjaGVkLg0KDQpDaGVlcnMsDQpMaW5kYQ0KDQpGcm9tOiBpMnJzIFttYWlsdG86aTJy cy1ib3VuY2VzQGlldGYub3JnXSBPbiBCZWhhbGYgT2YgTGluZGEgRHVuYmFyDQpTZW50OiBNb25k YXksIEF1Z3VzdCAyNCwgMjAxNSA1OjA5IFBNDQpUbzogRGFuaWVsIE1pZ2F1bHQNCkNjOiBKZWZm cmV5IEhhYXM7IGkycnNAaWV0Zi5vcmc7IEpvZWwgTS4gSGFscGVybjsgQWxpYSBBdGxhcw0KU3Vi amVjdDogW2kycnNdIFN1Z2dlc3RlZCBzZWN0aW9uL3RleHQgdG8gYmUgYWRkZWQgdG8gZHJhZnQt bWdsdC1pMnJzLXNlY3VyaXR5LWVudmlyb25tZW50LXJlcXMtMDAgdG8gYWRkcmVzcyBzZWN1cml0 eSB0aHJlYXRzIGluIENsb3NlZCBFbnZpb25tZW50Lg0KDQpEYW5pZWwsDQoNClRoYW5rIHlvdSBm b3Igd2lsbGluZyB0byBhZGRyZXNzIG15IGNvbW1lbnRzLiBUbyBtYWtlIGl0IGVhc2llciBmb3Ig eW91LCBJIHB1dCB0b2dldGhlciBhIHNlY3Rpb24gdG8gZGVzY3JpYmUgdGhlIHNlY3VyaXR5IHRo cmVhdHMgaW4gQ2xvc2VkIEVudmlyb25tZW50IGFuZCBuZWNlc3NhcnkgcmVxdWlyZW1lbnQgZm9y IEkyUlMuIFNlZSB0aGUgYXR0YWNoZWQuDQoNCkNsb3NlZCBlbnZpcm9ubWVudCBkZXBsb3ltZW50 IGNhbiBlYXNpbHkgZ2l2ZSBwZW9wbGUgYSBzZW5zZSBvZiBzZWN1cmUgYmVjYXVzZSB0aGUgbGlu a3MgYmV0d2VlbiBJMlJTIENsaWVudCBhbmQgSTJSUyBBZ2VudCBhcmUgZ3VpZGVkIGJ5IGEgcGh5 c2ljYWwg4oCcV2FsbOKAnS4gIFRoZSBmYWxzZSBzZW5zZSBvZiDigJxTZWN1cmXigJ0gaXMgYWN0 dWFsbHkgbW9yZSBkYW5nZXJvdXMgYmVjYXVzZSBpdCBjYW4gZWFzaWx5IG1ha2UgdGhlIGRlcGxv eW1lbnQgbWlzcyB0aGUgY3J1Y2lhbCBzZWN1cml0eSBwcm9jZWR1cmUuDQoNClRoZXJlZm9yZSwg SSB0aGluayBpdCBpcyBpbXBvcnRhbnQgdG8gaGF2ZSBhIGRlZGljYXRlZCBzZWN0aW9uIG9uIHNl Y3VyaXR5IHRocmVhdHMgYW5kIHJlcXVpcmVtZW50IGZvciB0aGUgQ2xvc2VkIEVudmlyb25tZW50 Lg0KDQpMaW5kYQ0KDQpGcm9tOiBtZ2x0LmlldGZAZ21haWwuY29tPG1haWx0bzptZ2x0LmlldGZA Z21haWwuY29tPiBbbWFpbHRvOm1nbHQuaWV0ZkBnbWFpbC5jb21dIE9uIEJlaGFsZiBPZiBEYW5p ZWwgTWlnYXVsdA0KU2VudDogTW9uZGF5LCBBdWd1c3QgMjQsIDIwMTUgMTI6NTUgUE0NClRvOiBM aW5kYSBEdW5iYXINCkNjOiBKb2VsIE0uIEhhbHBlcm47IGkycnNAaWV0Zi5vcmc8bWFpbHRvOmky cnNAaWV0Zi5vcmc+OyBKZWZmcmV5IEhhYXM7IEFsaWEgQXRsYXMNClN1YmplY3Q6IFJlOiBbaTJy c10gUmV2aWV3IGNvbW1lbnRzIHRvIGRyYWZ0LW1nbHQtaTJycy1zZWN1cml0eS1lbnZpcm9ubWVu dC1yZXFzLTAwICh3YXMgUkU6IGRyYWZ0LW1nbHQtaTJycy1zZWN1cml0eS1yZXF1aXJlbWVudHMt MDAgMiBXZWVrIFdHIGFkb3B0aW9uIGNhbGwgKDgvMTcgdG8gOC8zMSkNCg0KSGkgTGluZGEsDQpU aGFuayB5b3UgZm9yIHlvdXIgY29tbWVudHMuIEkgYWdyZWUgd2UgbmVlZCB0byBhZGRyZXNzIG1v cmUgc3BlY2lmaWNhbGx5IG9yIGV4cGxpY2l0bHkgdGhlICJtb3N0IGNvbW1vbiIgdXNlIGNhc2Uu IEkgYWdyZWUgd2l0aCB5b3VyIGNvbW1lbnRzIGFuZCB3ZSB3aWxsIGNvbnNpZGVyIHRoZW0gdG8g aW1wcm92ZSBhbmQgY2xhcmlmeSB0aGUgdGV4dCBvZiB0aGUgbmV4dCB2ZXJzaW9uLiBUaGFuayB5 b3UuIFRvIG1lIHRoZSBpMnJzIHBsYW5lIHByb3ZpZGVzIGEgbGltaXRlZCBudW1iZXIgb2YgZnVu Y3Rpb25uYWxpdGllcyB0aGF0IG1heSBiZSBwcm92aWRlZCB0byBkaWZmZXJlbnQgaW5kZXBlbmRh bnQgdGVuYW50cy4NCkJSLA0KRGFuaWVsDQoNCg0KT24gTW9uLCBBdWcgMjQsIDIwMTUgYXQgMToz NyBQTSwgTGluZGEgRHVuYmFyIDxsaW5kYS5kdW5iYXJAaHVhd2VpLmNvbTxtYWlsdG86bGluZGEu ZHVuYmFyQGh1YXdlaS5jb20+PiB3cm90ZToNCkpvZWwsDQoNCkFncmVlIHdpdGggeW91IHRoYXQg 4oCcd2UgZG9u4oCZdCBuZWVkIHRvIGJ1aWxkIGRpZmZlcmVudCBwcm90b2NvbCBzdGFja3MgZm9y IHRoZSBkaWZmZXJlbnQgZGVwbG95bWVudHPigJ0uDQpCdXQgdGhlIOKAnGVudmlyb25tZW50LXJl ceKAnSBkcmFmdCBpcyBub3QgYWJvdXQg4oCcUHJvdG9jb2zigJ0sIGJ1dCBhYm91dCBzZWN1cml0 eSBpc3N1ZXMgdW5kZXIgZGlmZmVyZW50IOKAnGVudmlyb25tZW504oCdLg0KDQpBbW9uZyBhbGwg b3VyIGN1c3RvbWVycyB3aG8gYXJlIGludGVyZXN0ZWQgaW4gSTJSUywgbWFqb3JpdHkgb2YgdGhl bSAoPjkwJSkgd2lsbCBkZXBsb3kgdGhlbSBpbiBhIGNsb3NlZCBlbnZpcm9ubWVudCwgaS5lLiBw aHlzaWNhbGx5IHNlY3VyZWQgIGNvbm5lY3Rpb24gYmV0d2VlbiBJMlJTIGFnZW50IGFuZCBJMlJT IGNsaWVudC4gVGhlcmVmb3JlLCBpdCBpcyBpbXBvcnRhbnQgdG8g4oCccHJvdmlkZXMgYW4gYW5h bHlzaXMgb2YgdGhlIHNlY3VyaXR5IGlzc3VlcyBvZuKAnSBvZiB0aGlzIGNvbW1vbmx5IGRlcGxv eWVkIGVudmlyb25tZW50Lg0KDQpJIHN1Z2dlc3QgYWRkaW5nIHRoaXMgRmlndXJlIHRvIFNlY3Rp b24gMSBvZiB0aGUgZG9jdW1lbnQ6DQoNCkNsb3NlZCAgKG92ZXIgb3BlbiBDaG5sICMjIz4pICAg ICAgICAgIE9wZW4gKG92ZXIgc2VjdXJlIENobmwgLS0tPikNCistLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0rDQp8ICAgICAgKioqKioqKioqKioqKioqKioqKioqKiogICB8ICAgICAg KioqKioqKioqKioqKioqKioqKioqKiogIHwNCnwgICAgICAgKiAgICBBcHBsaWNhdGlvbiBBICAg ICogICB8ICAgICAgKiAgICBBcHBsaWNhdGlvbiBCICAgICogIHwNCnwgICAgICAgKiAgICAgICAg ICAgICAgICAgICAgICogICB8ICAgICAgKiAgICAgICAgICAgICAgICAgICAgICogIHwNCnwgICAg ICAgKiAgKy0tLS0tLS0tLS0tLS0tLS0rICogICB8ICAgICAgKiAgKy0tLS0tLS0tLS0tLS0tLS0r ICogIHwNCnwgICAgICAgKiAgfCAgIENsaWVudCBBICAgICB8ICogICB8ICAgICAgKiAgfCAgIENs aWVudCBCICAgICB8ICogIHwNCnwgICAgICAgKiAgKy0tLS0tLS0tLS0tLS0tLS0rICogICB8ICAg ICAgKiAgKy0tLS0tLS0tLS0tLS0tLS0rICogIHwNCnwgICAgICAgKioqKioqKiBeICoqKioqKioq KioqKiogICB8ICAgICAgKioqKiogXiAqKioqKiogXiAqKioqKiogIHwNCnwgICAgICAgICAgICAg ICAjICAgICAgICAgICAgICAgICB8ICAgICAgICAgICAgfCAgICAgICAgfCAgICAgICAgIHwNCnwg ICAgICAgICAgICAgICAjICAgICAgICAgICAgICAgICB8ICAgICAgICAgICAgfCAgICAgICAgfCAg IHwtLS0tLXwNCnwgICAgICAgICAgICAgICAjICAgICAgICAgICAgICAgfCAgICAgICAgICAgICAg ICAgICAgIHwgICB8DQp8ICAqKioqKioqKioqKiogdiAqICogKiAqICoqKioqKioqfCAgICoqKioq KioqKioqKioqKioqIHYgKiB2ICoqKioqKioqDQp8ICAqICArLS0tLS0tLS0tLS0tLS0tLS0tLS0t KyAgICAgfCAgICogICstLS0tLS0tLS0tLS0tLS0tLS0tLS0rICAgICAqDQp8ICAqICB8ICAgICBB Z2VudCAxICAgICAgICAgfCAgICAgfCAgICogIHwgICAgQWdlbnQgMiAgICAgICAgICB8ICAgICAq DQp8ICAqICArLS0tLS0tLS0tLS0tLS0tLS0tLS0tKyAgICAgfCAgICogICstLS0tLS0tLS0tLS0t LS0tLS0tLS0rICAgICAqDQp8ICAqICAgICBeICAgICAgICBeICBeICAgXiAgICAgICAgfCAgICog ICAgIF4gICAgICAgIF4gIF4gICBeICAgICAgICAqDQoNCg0KDQpKdXN0IHRoaW5rIGFib3V0IHRo aXMgZmFjdDogdG9kYXnigJlzIHJvdXRlciBjb25maWd1cmF0aW9uIGluIHByb2R1Y3Rpb24gZW52 aXJvbm1lbnQgY2FuIG9ubHkgYmUgcGVyZm9ybWVkIGJ5IGEgZmV3IGF1dGhvcml6ZWQgcGVvcGxl IHdpdGggRU1TL05NUyBwaHlzaWNhbGx5IGFuZCBzZWN1cmVseSBzZXBhcmF0ZWQuIElmIHRoZSBt YWpvcml0eSBvZiB0aGUgSTJSUyBlbnZpcm9ubWVudCByZXF1aXJlbWVudCBpcyBhYm91dCBvcGVu IGNvbm5lY3Rpb24sIEkyUlMgV0cgd2lsbCBzcGVuZCBhIGxvdCBlbmVyZ3kgZGV2ZWxvcGluZyB0 aGUgdmVyeSBzb3BoaXN0aWNhdGVkIHByb3RvY29scyB3aGljaCBpcyBleHBlbnNpdmUgdG8gZGV2 ZWxvcCBhbmQgaGFyZGVyIHRvIGRlcGxveS4NCg0KSSBhbSBub3QgYWdhaW5zdCB0aGlzIGRldmVs b3BtZW50LCBidXQgSU1ITywgdG8gZ2FpbiB3aWRlciBhbmQgcXVpY2tlciBJMlJTIGRlcGxveW1l bnQgaW4gcHJvZHVjdGlvbiBlbnZpcm9ubWVudCwgaXQgaXMgbmVjZXNzYXJ5IHRvIGhhdmUgYSB2 ZXJ5IGxlYW4gSTJSUyBzb2x1dGlvbiBmaXJzdCwgYW5kIHRvIGhhdmUgYSB3ZWxsIGRvY3VtZW50 ZWQgc2VjdXJpdHkgcmVxdWlyZW1lbnQgZm9yIHRoZSBjb21tb24gZGVwbG95bWVudCBlbnZpcm9u bWVudC4gRS5nLiBhIHNpbmdsZSBDb250cm9sbGVyIChvciB0aGUgSTJSUyBjbGllbnQpIGRpcmVj dGx5IGNvbm5lY3RlZCB0byB0aGVpciBkZXZpY2VzIHZpYSB0aGVpciBpbnRlcm5hbCBuZXR3b3Jr LCB3aGVyZSB0aGUgY29ubmVjdGlvbiBpcyBwaHlzaWNhbGx5IGlzb2xhdGVkIGZyb20gb3RoZXIg bmV0d29yayBhbmQgcHJvdGVjdGVkIGJ5IHNlcGFyYXRlIG1lY2hhbmlzbXMuIEFsc28gcmVtZW1i ZXIsIG1hbnkgb3BlcmF0b3JzIHdpbGwgdXNlIEkyUlMgdG8gY29udHJvbCBhIHNtYWxsIG51bWJl ciBvZiBzZWxlY3RpdmUgcm91dGVycyAobW9zdGx5IHJvdXRlcnMgYXQgaW5ncmVzcy9lZ3Jlc3Mg Ym91bmRhcnkpIGZvciB2YWx1ZSBhZGRlZCBzZXJ2aWNlcy4NCg0KDQoNClNvbWUgb2YgbXkgZGV0 YWlsZWQgcXVlc3Rpb25zIGFuZCBjb21tZW50cyB0byB0aGUg4oCcc2VjdXJpdHktcmVxdWlyZW1l bnRz4oCdIGFyZSBzdGlsbCBhcHBsaWNhYmxlIHRvIHRoZSDigJxlbnZpcm9ubWVudC1yZXHigJ0g ZG9jdW1lbnQgYmVjYXVzZSB0aGV5IGhhdmUgdGhlIHNhbWUgdGV4dC4gUGx1cyBhIGZldyBtb3Jl IGZvciB0aGUg4oCcZW52aXJvbm1lbnQtcmVx4oCdIGRvY3VtZW50LiBIb3BlIHRoZSBhdXRob3Jz IGNhbiBhZGRyZXNzIHRoZW0uDQoNCg0KU2VjdGlvbiAzOg0KDQpXaGF0IGFyZSB0aGUga2V5IGRp ZmZlcmVuY2VzIHdpdGggcmVnYXJkIHRvIHRoZSBzZWN1cml0eSByZXF1aXJlbWVudHMgZm9yICBJ MlJTIHBsYW5lIGFuZCBmb3IgbWFuYWdlbWVudCBwbGFuZT8gIFNlY3Rpb24gMy4xIGRlc2NyaWJl cyB0aGUgaW50ZXJhY3Rpb24gYmV0d2VlbiBJMlJTIHBsYW5lIGFuZCBtYW5hZ2VtZW50IHBsYW5l LiBCdXQgSSBzZWUgdGhlIHNlY3VyaXR5IHJlcXVpcmVtZW50IGZvciB0aGUgbWFuYWdlbWVudCBw bGFuZSBhcmUgYWxsIGFwcGxpY2FibGUgdG8gdGhlIHNlY3VyaXR5IHJlcXVpcmVtZW50IHRvIEky UlMgcGxhbmUgLiBJZiB5b3UgdGhpbmsgdGhhdCB0aGV5IGFyZSB2ZXJ5IGRpZmZlcmVudCwgY2Fu IHlvdSBlbGFib3JhdGUgbW9yZT8NCg0KU2VjdGlvbiAzLjQgaGFzIHRpdGxlIOKAnFJlY29tbWVu ZGF0aW9uc+KAnSwgYnV0IHRoZSBjb250ZW50IGFyZSBhbGwgcmVxdWlyZW1lbnRzLiBXaHkgbm90 IG5hbWUgdGhlIHNlY3Rpb24g4oCcUmVxdWlyZW1lbnTigJ0/DQoNClJFUSAyOiBEb2VzIGl0IHRo YXQgYSBkaWZmZXJlbnQgSVAgYWRkcmVzcyB0aGFuIHRoZSBvbmUgdXNlZCBieSB0aGUgbWFuYWdl bWVudCBzeXN0ZW0/DQoNClJFUSAyMTogaXMgbW9yZSBhYm91dCBJMlJTIHJlcXVpcmVtZW50LCBs ZXNzIGFib3V0IOKAnFNlY3VyaXR54oCdIHJlcXVpcmVtZW50Lg0KDQpSRVEgMjQ6IGlzbuKAmXQg aXQgdGhlIGdlbmVyYWwgZ29hbCBvZiBJMlJTPyBOb3QgcmVhbGx5IHNlY3VyaXR5IHBlciBzZS4g KHNob3VsZCBiZSBpbmNsdWRlZCBpbiB0aGUgZ2VuZXJhbCBJMlJTIHJlcXVpcmVtZW50IG9yIGFy Y2hpdGVjdHVyZSkuDQoNCg0KUkVRIDI2OiBzaW1wbHkgY29udHJvbGxpbmcgdGhlIHJlc291cmNl IGNhbiBoYXJkbHkgcHJldmVudCBEb1MuIE1hbGljaW91cyBjbGllbnQgY2FuIG9jY3VweSB0aGUg cmVzb3VyY2Ugd2hpbGUgdGhlIHZhbGlkIG9uZSBjYW4ndCBhY2Nlc3MuDQoNClRoYW5rcyBmb3Ig eW91ciBjb25zaWRlcmF0aW9uLA0KTGluZGENCg0KDQotLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0t LQ0KRnJvbTogaTJycyBbbWFpbHRvOmkycnMtYm91bmNlc0BpZXRmLm9yZ10gT24gQmVoYWxmIE9m IEpvZWwgTS4gSGFscGVybg0KU2VudDogRnJpZGF5LCBBdWd1c3QgMjEsIDIwMTUgMTI6MjAgUE0N ClRvOiBMaW5kYSBEdW5iYXI7IGkycnNAaWV0Zi5vcmc8bWFpbHRvOmkycnNAaWV0Zi5vcmc+DQpD YzogJ0plZmZyZXkgSGFhcyc7IGRhbmllbC5taWdhdWx0QGVyaWNzc29uLmNvbTxtYWlsdG86ZGFu aWVsLm1pZ2F1bHRAZXJpY3Nzb24uY29tPjsgJ0FsaWEgQXRsYXMnDQpTdWJqZWN0OiBSZTogW2ky cnNdIGRyYWZ0LW1nbHQtaTJycy1zZWN1cml0eS1yZXF1aXJlbWVudHMtMDAgMiBXZWVrIFdHIGFk b3B0aW9uIGNhbGwgKDgvMTcgdG8gOC8zMSkNCg0KWWVzLCBvbmUgb2YgdGhlIHR3byBsYXN0IGNh bGxzIGlzIGZvciB0aGUgZW52aXJvbm1lbnQgZG9jdW1lbnQuDQoNCkhhdmluZyBhIGRlZGljYXRl ZCBwaHlzaWNhbCBjaGFubmVsIGlzIG9uZSBvZiB0aGUgd2F5cyBpZGVudGlmaWVkIGluIHRoZSBk cmFmdCB0byBwcm92aWRlIHRoZSByZXF1aXJlZCBpc29sYXRpb24uDQoNCldoaWxlIHN1Y2ggYW4g ZW52aXJvbm1lbnQgaXMgY2xlYXJseSBzdXBwb3J0YWJsZSwgSSBkbyBub3QgdGhpbmsgd2Ugc2hv dWxkIHJlZHVjZSB0aGUgaW50ZXJuYWwgcHJvdG9jb2wgcmVxdWlyZW1lbnRzIChzdWNoIGFzIE1U SSBzZWN1cml0eSBmb3IgdGhlIGNvbnRyb2wgY2hhbm5lbCkganVzdCBiZWNhdXNlIHRoZXJlIGFy ZSBjaXJjdW1zdGFuY2VzIHdoZXJlIHN1Y2ggaXQgd29uJ3QgYmUgbmVlZGVkLiAgSSBkb24ndCBl eHBlY3QgdGhhdCB3ZSB3aWxsIGJ1aWxkIGRpZmZlcmVudCBwcm90b2NvbCBzdGFja3MgZm9yIHRo ZSBkaWZmZXJlbnQgZGVwbG95bWVudHMuDQoNClRoZSBwdXJwb3NlIG9mIHRoaXMgZHJhZnQgaXMg dG8gZGVzY3JpYmUgdGhlIGVudmlyb25tZW50YWwgYXNzdW1wdGlvbnMsIHdoaWNoIGFzc3VtcHRp b25zIGNhbiBiZSBtZXQgaW4gdmFyaW91cyB3YXlzLg0KDQpZb3VycywNCkpvZWwNCg0KT24gOC8y MS8xNSAxMjo1NiBQTSwgTGluZGEgRHVuYmFyIHdyb3RlOg0KPiBKb2VsLA0KPg0KPiBJZiBpdCBp cyB0aGUgImVudmlyb25tZW50YWwgb25lIiwgaXQgaXMgbW9yZSBpbXBvcnRhbnQgdG8gZGlmZmVy ZW50aWF0ZSB0aGUgcmVxdWlyZW1lbnRzIGZvciBkaWZmZXJlbnQgZW52aXJvbm1lbnRzIG9uIGhv dyB0aGUgSTJSUyBjbGllbnQgJiBBZ2VudCBhcmUgY29ubmVjdGVkLg0KPg0KPiBPbmUgb2Ygb3Vy IGN1c3RvbWVycyBzdGF0ZWQgdGhhdCB0aGVpciBlbnZpcm9ubWVudCBoYXMgYSBzaW5nbGUgQ29u dHJvbGxlciAob3IgdGhlIEkyUlMgY2xpZW50KSBkaXJlY3RseSBjb25uZWN0ZWQgdG8gdGhlaXIg ZGV2aWNlcyB2aWEgdGhlaXIgaW50ZXJuYWwgbmV0d29yaywgd2hlcmUgdGhlIGNvbm5lY3Rpb24g aXMgcGh5c2ljYWxseSBpc29sYXRlZCBmcm9tIG90aGVyIG5ldHdvcmsgYW5kIHByb3RlY3RlZCBi eSBzZXBhcmF0ZSBtZWNoYW5pc21zLCB0aGV5IGRvbid0IG5lZWQgYWxsIHRob3NlIHNvcGhpc3Rp Y2F0ZWQgYXV0aGVudGljYXRpb24gcHJvY2VkdXJlLg0KPg0KPiBXZSBuZWVkIHRvIGFkZHJlc3Mg dGhpcyBlbnZpcm9ubWVudCwgaS5lLiBoYXZpbmcgYSBzaW1wbGVyIHNlY3VyaXR5IHJlcXVpcmVt ZW50IGZvciB0aGlzIGVudmlyb25tZW50IHRoYW4gdGhlIGVudmlyb25tZW50IHdoZXJlIEkyUlMg Q2xpZW50IGlzIGNvbm5lY3RlZCB2aWEgcHVibGljIG5ldHdvcmsuDQo+DQo+IExpbmRhDQo+DQo+ DQo+IC0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQo+IEZyb206IEpvZWwgSGFscGVybiBEaXJl Y3QgW21haWx0bzpqbWguZGlyZWN0QGpvZWxoYWxwZXJuLmNvbV0NCj4gU2VudDogRnJpZGF5LCBB dWd1c3QgMjEsIDIwMTUgMTA6NTMgQU0NCj4gVG86IExpbmRhIER1bmJhcjsgaTJyc0BpZXRmLm9y ZzxtYWlsdG86aTJyc0BpZXRmLm9yZz4NCj4gQ2M6ICdKZWZmcmV5IEhhYXMnOyBkYW5pZWwubWln YXVsdEBlcmljc3Nvbi5jb208bWFpbHRvOmRhbmllbC5taWdhdWx0QGVyaWNzc29uLmNvbT47ICdK b2VsIEhhbHBlcm4nOyAnQWxpYSBBdGxhcycNCj4gU3ViamVjdDogUmU6IFtpMnJzXSBkcmFmdC1t Z2x0LWkycnMtc2VjdXJpdHktcmVxdWlyZW1lbnRzLTAwIDIgV2VlayBXRw0KPiBhZG9wdGlvbiBj YWxsICg4LzE3IHRvIDgvMzEpDQo+DQo+IEZpcnN0LCB0aGVyZSBtYXkgYmUgc29tZSBjb25mdXNp b24gYmVjYXVzZSB0aGUgYW5ub3VuY2VtZW50LiAgSSBwcmVzdW1lIHRoYXQgeW91IGFyZSB0YWxr aW5nIGFib3V0IHRoZSAtZW52aXJvbm1lbnRzIGRvY3VtZW50cy4NCj4NCj4gSWYgdGhlIFdHIGNv bmNsdWRlcyB0aGF0IGEgZGlmZmVyZW50IGNoYXB0ZXIgc3RydWN0dXJlIGlzIHVzZWZ1bCwgd2Ug Y2FuIG9mIGNvdXJzZSBjaGFuZ2UgaXQuICBHaXZlbiB0aGF0IHRoZSBnb2FsIGlzIGVudmlyb25t ZW50IGRlc2NyaXB0aW9uLCBJIGFtIG5vdCBzdXJlIHlvdXIgcHJvcG9zZWQgc3RydWN0dXJlIGlz IHNpZ25pZmljYW50bHkgYmV0dGVyIHRoYW4gdGhlIGV4aXN0aW5nIG9uZS4NCj4NCj4gSSBiZWxp ZXZlIHlvdXIgY29tbWVudCBhYm91dCB0aGUgdGV4dCAgcmVhZGluZyAid2hlcmUgc2VjdXJpdHkg ZnVuY3Rpb25zIG1heSBiZSBob3N0ZWQiIGlzIHdlbGwgdGFrZW4sIGFuZCB3ZSBzaG91bGQgcmVt b3ZlIHRoYXQgdGV4dCB3aGVuIHdlIG5leHQgcmV2aXNlIHRoZSBkb2N1bWVudC4NCj4NCj4gVGhl IGlzb2xhdGlvbiB0ZXh0IGlzIGFib3V0IHRoZSBuZWVkIHRvIGtlZXAgdGhpbmdzIHNlcGFyYXRl LCBhbmQgdGhlIHZhcmlvdXMgcG9zc2libGUgbWVhbnMgYXJlIGRlZ3JlZXMgLyBhcHByb2FjaGVz IHRvIHNlcGFyYXRpb24uDQo+IElzb2xhdGlvbiBpcyBub3QgYWJvdXQgdHJlYXRpbmcgdGhpbmdz IGRpZmZlcmVudGx5LCBub3IgaXMgaXQgZXhwbGljaXRseSBhYm91dCB1c2luZyBkaWZmZXJlbnQg cHJvdG9jb2xzLiAgU28gdGhlIHBvaW50IG9mIGlzb2xhdGlvbiBpcyBub3QgdGhhdCB0aGVyZSBh cmUgZGlmZmVyZW50IHNlY3VyaXR5IHJlcXVpcmVtZW50cywgYnV0IHRoYXQgaW4gb3JkZXIgdG8g YXZvaWQgY29yc3MtZWZmZWN0cywgdGhpbmdzIHNob3VsZCBiZSBrZXB0IHNlcGFyYXRlLg0KPg0K PiBZb3VycywNCj4gSm9lbA0KPg0KPiBPbiA4LzIwLzE1IDY6NDIgUE0sIExpbmRhIER1bmJhciB3 cm90ZToNCj4+IEkgc3VwcG9ydCB0aGUgV0cgYWRvcHRpb24gYmVjYXVzZSBJIHRoaW5rIHRoZSBJ MlJTIFdHIG5lZWRzIGl0Lg0KPj4gSG93ZXZlciwgSSBob3BlIHRoZSBhdXRob3JzIGNhbiBjb25z aWRlci9hZGRyZXNzIHRoZSBmb2xsb3dpbmcgc3VnZ2VzdGlvbnMvY29tbWVudHM6DQo+Pg0KPj4g V2hlbiB5b3UgdGhpbmsgYWJvdXQgdGhlIEkyUlMgc2VjdXJpdHksICB0aGVyZSBhcmUgZm9sbG93 aW5nDQo+PiBkaWZmZXJlbnQNCj4+IGFzcGVjdHM6DQo+Pg0KPj4gLUNvbW11bmljYXRpb24gY2hh bm5lbCBiZXR3ZWVuIEkyUlMgY2xpZW50IGFuZCBBZ2VudCAoYW5kIHRoZSBjaGFubmVsDQo+PiBi ZXR3ZWVuIEkyUlMgY2xpZW50IGFuZCBhcHBsaWNhdGlvbnMpOg0KPj4NCj4+IFRoZSBjaGFubmVs IGNhbiBiZQ0KPj4NCj4+IG9WaWEgcGh5c2ljYWwgUHJpdmF0ZSBuZXR3b3JrIChlLmcuIHdpdGhp biBhIHNlY3VyZWQgZGlyZWN0IGNvbm5lY3QNCj4+IHdpdGhpbiBvbmUgc2l0ZSksDQo+Pg0KPj4g b3dpdGhpbiBvbmUgYWRtaW5pc3RyYXRpdmUgZG9tYWluLCAgdmlhIHZpcnR1YWwgcHJpdmF0ZSBu ZXR3b3JrDQo+Pg0KPj4gb1NlY3VyZWQgY29ubmVjdGlvbiwgc3VjaCBhcyBUTFMgb3IgSVBTZWMN Cj4+DQo+PiBvUHVibGljIGludGVybmV0DQo+Pg0KPj4gby4uDQo+Pg0KPj4gLUF1dGhlbnRpY2F0 aW9uICYgQXV0aG9yaXphdGlvbg0KPj4NCj4+IG90aGUgYXV0aGVudGljYXRpb24gJiBhdXRob3Jp emF0aW9uIHJlcXVpcmVtZW50IGZvciBkaWZmZXJlbnQNCj4+IGNvbW11bmljYXRpb24gY2hhbm5l bHMgY2FuIGJlIGRpZmZlcmVudC4gVGhlcmVmb3JlLCBzaG91bGQgaGF2ZQ0KPj4gc2VwYXJhdGUg c2VjdGlvbnMgdG8gYWRkcmVzcyBzcGVjaWZpYyByZXF1aXJlbWVudCAgZm9yIGVhY2gNCj4+IGNv bW11bmljYXRpb24gY2hhbm5lbHMgYmV0d2VlbiBJMlJTIGFnZW50IDwtPiBjbGllbnRzIChhbmQg Y2xpZW50IDwtPg0KPj4gYXBwbGljYXRpb25zKQ0KPj4NCj4+IFRoZSBjdXJyZW50IFNlY3Rpb24g NCBvZiB0aGUgZHJhZnQgYWxyZWFkeSBoYXMgdmVyeSBnb29kIGRlc2NyaXB0aW9uDQo+PiBvbiB0 aGUgc3ViamVjdC4gSSB0aGluayA0LjQuMSBhbmQgNC40MiBjYW4gYmUgc2VwYXJhdGVkIG91dCBv ZiB0aGUgc2VjdGlvbi4NCj4+DQo+PiAtRW5jcnlwdGlvbiBmb3IgdGhlIGFjdHVhbCBjb250ZW50 IGJldHdlZW4gQ2xpZW50IGFuZCBBZ2VudA0KPj4NCj4+IC1Eb1MgRGVzaWduIHJlcXVpcmVtZW50 IChjdXJyZW50bHkgaW4gU2VjdGlvbiA1LjIuMSkNCj4+DQo+PiAtTWFuYWdlbWVudCBvZiBjb25m bGljdCB3aXRoIG90aGVyIHBsYW5lIChlLmcuIHRoZSBtYW5hZ2VtZW50IHBsYW5lLA0KPj4gbXVs dGktaGVhZGVkIGNvbnRyb2wsIHdoaWNoIGhhcyBiZWVuIGRpc2N1c3NlZCBleHRlbnNpdmVseSBp bg0KPj4gZXBoZW1lcmFsDQo+PiBkcmFmdCkNCj4+DQo+PiBJIHRoaW5rIHRoZSBkcmFmdCBzaG91 bGQgYmUgb3JnYW5pemVkIGZyb20gdGhlIGFzcGVjdHMgb2YgdGhlDQo+PiBzZWN1cml0eSB0byBJ MlJTIGFzIHN1Z2dlc3RlZCBhYm92ZS4NCj4+DQo+PiBIZXJlIGFyZSBzb21lIGRldGFpbGVkIHF1 ZXN0aW9ucyBhbmQgY29tbWVudHMgdG8gdGhlIHJlcXVpcmVtZW50cw0KPj4gbGlzdGVkIGluIHRo ZSBkb2N1bWVudDoNCj4+DQo+PiBTZWN0aW9uIDE6DQo+Pg0KPj4gVGhlIHNlY29uZCBwYXJhZ3Jh cGggc3RhdGVkIHRoZSBzZWN1cml0eSByZWNvbW1lbmRhdGlvbnMgbXVzdA0KPj4gInNwZWNpZnlp bmcgd2hlcmUgc2VjdXJpdHkgZnVuY3Rpb25zIG1heSBiZSBob3N0ZWQiLiBGaXJzdCBvZiBhbGwg SQ0KPj4gZG9uJ3Qgc2VlIHRoZSBkcmFmdCBhZGRyZXNzIHRoaXMgYXNwZWN0LiBTZWNvbmQsIEkg dGhpbmsgICAid2hlcmUNCj4+IHNlY3VyaXR5IGZ1bmN0aW9ucyBhcmUgaG9zdGVkIiBpcyBvcnRo b2dvbmFsIHRvICJJMlJTIHNlY3VyaXR5IiAuDQo+Pg0KPj4gU2VjdGlvbiAzOg0KPj4NCj4+IHdo YXQgZG9lcyBpc29sYXRpbmcgdHdvIHBsYW5lcyBtZWFuPyBkb2VzIGl0IG1lYW4gdGhleSBoYXZl IGRpZmZlcmVudA0KPj4gc2VjdXJpdHkgcmVxdWlyZW1lbnQvaXNzdWVzPyBPciBkb2VzIGl0IG1l YW4gdGhleSBuZWVkIGRpZmZlcmVudCBwcm90b2NvbHM/DQo+Pg0KPj4gV2hhdCBhcmUgdGhlIGtl eSBkaWZmZXJlbmNlcyB3aXRoIHJlZ2FyZCB0byB0aGUgc2VjdXJpdHkgcmVxdWlyZW1lbnRzDQo+ PiBmb3IgIEkyUlMgcGxhbmUgYW5kIGZvciBtYW5hZ2VtZW50IHBsYW5lPyAgU2VjdGlvbiAzLjEg ZGVzY3JpYmVzIHRoZQ0KPj4gaW50ZXJhY3Rpb24gYmV0d2VlbiBJMlJTIHBsYW5lIGFuZCBtYW5h Z2VtZW50IHBsYW5lLiBCdXQgSSBzZWUgdGhlDQo+PiBzZWN1cml0eSByZXF1aXJlbWVudCBmb3Ig dGhlIG1hbmFnZW1lbnQgcGxhbmUgaXMgc2ltaWxhciB0byBJMlJTIHBsYW5lIC4NCj4+IElmIHlv dSB0aGluayB0aGF0IHRoZXkgYXJlIHZlcnkgZGlmZmVyZW50LCBjYW4geW91IGVsYWJvcmF0ZSBt b3JlPw0KPj4NCj4+IFNlY3Rpb24gMy40IGhhcyB0aXRsZSAiUmVjb21tZW5kYXRpb25zIiwgYnV0 IHRoZSBjb250ZW50IGFyZSBhbGwNCj4+IHJlcXVpcmVtZW50cy4gV2h5IG5vdCBuYW1lIHRoZSBz ZWN0aW9uICJSZXF1aXJlbWVudCI/DQo+Pg0KPj4gUkVRIDI6IERvZXMgaXQgdGhhdCBhIGRpZmZl cmVudCBJUCBhZGRyZXNzIHRoYW4gdGhlIG9uZSB1c2VkIGJ5IHRoZQ0KPj4gbWFuYWdlbWVudCBz eXN0ZW0/DQo+Pg0KPj4gSG93IGlzIFJFUSAyMiBkaWZmZXJlbnQgZnJvbSBSRVEgMjE/DQo+Pg0K Pj4gUkVRIDI3IGlzIGhhcmQgdG8gZW5mb3JjZS4gSG93IGFib3V0IHNheSBzb21ldGhpbmcgbGlr ZSAic2hvdWxkbid0DQo+PiBzZW5kIGFueSBpbmZvcm1hdGlvbiBiZXlvbmQgd2hhdCBoYXZlIGJl ZW4gZGVmaW5lZCBieSB0aGUgSTJSUyBkYXRhIG1vZGVsIj8NCj4+DQo+PiBSRVEgMzA6IHNpbXBs eSBjb250cm9sbGluZyB0aGUgcmVzb3VyY2UgY2FuIGhhcmRseSBwcmV2ZW50IERvUy4NCj4+IE1h bGljaW91cyBjbGllbnQgY2FuIG9jY3VweSB0aGUgcmVzb3VyY2Ugd2hpbGUgdGhlIHZhbGlkIG9u ZSBjYW4ndCBhY2Nlc3MuDQo+Pg0KPj4gVGhhbmtzIGZvciBjb25zaWRlcmF0aW9uLA0KPj4NCj4+ IExpbmRhDQo+Pg0KPj4gKkZyb206KmkycnMgW21haWx0bzppMnJzLWJvdW5jZXNAaWV0Zi5vcmdd ICpPbiBCZWhhbGYgT2YgKlN1c2FuIEhhcmVzDQo+PiAqU2VudDoqIE1vbmRheSwgQXVndXN0IDE3 LCAyMDE1IDEyOjUwIFBNDQo+PiAqVG86KiBpMnJzQGlldGYub3JnPG1haWx0bzppMnJzQGlldGYu b3JnPg0KPj4gKkNjOiogJ0plZmZyZXkgSGFhcyc7IGRhbmllbC5taWdhdWx0QGVyaWNzc29uLmNv bTxtYWlsdG86ZGFuaWVsLm1pZ2F1bHRAZXJpY3Nzb24uY29tPjsgJ0pvZWwgSGFscGVybic7DQo+ PiBzaGFyZXNAbmR6aC5jb208bWFpbHRvOnNoYXJlc0BuZHpoLmNvbT47ICdBbGlhIEF0bGFzJw0K Pj4gKlN1YmplY3Q6KiBbaTJyc10gZHJhZnQtbWdsdC1pMnJzLXNlY3VyaXR5LXJlcXVpcmVtZW50 cy0wMCAyIFdlZWsgV0cNCj4+IGFkb3B0aW9uIGNhbGwgKDgvMTcgdG8gOC8zMSkNCj4+DQo+PiBU aGlzIGJlZ2lucyBhIDIgd2VlayBXRyBhZG9wdGlvbiBjYWxsIGZvcg0KPj4gZHJhZnQtbWdsdC1p MnJzLXNlY3VyaXR5LXJlcXVpcmVtZW50cy4gIFRoaXMgZHJhZnQgZGlzY3Vzc2VzIHRoZQ0KPj4g c2VjdXJpdHkgcmVxdWlyZW1lbnRzIGZvciB0aGUgSTJSUyBlbnZpcm9ubWVudC4gIFlvdSBjYW4g ZmluZCB0aGUgZHJhZnQgYXQ6DQo+Pg0KPj4gaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2Ry YWZ0LW1nbHQtaTJycy1zZWN1cml0eS1lbnZpcm9ubWVudC1yZXFzDQo+PiAtDQo+PiAwMA0KPj4N Cj4+IEEgc2VjdXJpdHkgcmV2aWV3ZXIgd2lsbCByZXZpZXcgdGhpcyBkcmFmdCBkdXJpbmcgdGhl IHRpbWUgOC8yMCB0bw0KPj4gOC8yNS4gICBXZSB3aWxsIHBvc3QgdGhlIHNlY3VyaXR5IGRpcmVj dG9yYXRlIHJldmlldyB0byB0aGlzIGRpc2N1c3Npb24uDQo+Pg0KPj4gU3VlIEhhcmVzDQo+Pg0K Pg0KDQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KaTJy cyBtYWlsaW5nIGxpc3QNCmkycnNAaWV0Zi5vcmc8bWFpbHRvOmkycnNAaWV0Zi5vcmc+DQpodHRw czovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2kycnMNCg0KDQpfX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KaTJycyBtYWlsaW5nIGxpc3QNCmky cnNAaWV0Zi5vcmc8bWFpbHRvOmkycnNAaWV0Zi5vcmc+DQpodHRwczovL3d3dy5pZXRmLm9yZy9t YWlsbWFuL2xpc3RpbmZvL2kycnMNCg0K --_000_4A95BA014132FF49AE685FAB4B9F17F657D17BA5dfweml701chm_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTIgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 Q291cmllcjsNCglwYW5vc2UtMToyIDcgNCA5IDIgMiA1IDIgNCA0O30NCkBmb250LWZhY2UNCgl7 Zm9udC1mYW1pbHk6U2ltU3VuOw0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAxIDE7fQ0KQGZv bnQtZmFjZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAz IDUgNCA2IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5v c2UtMToyIDE1IDUgMiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OlRh aG9tYTsNCglwYW5vc2UtMToyIDExIDYgNCAzIDUgNCA0IDIgNDt9DQpAZm9udC1mYWNlDQoJe2Zv bnQtZmFtaWx5OkNvbnNvbGFzOw0KCXBhbm9zZS0xOjIgMTEgNiA5IDIgMiA0IDMgMiA0O30NCkBm b250LWZhY2UNCgl7Zm9udC1mYW1pbHk6IlxAU2ltU3VuIjsNCglwYW5vc2UtMToyIDEgNiAwIDMg MSAxIDEgMSAxO30NCi8qIFN0eWxlIERlZmluaXRpb25zICovDQpwLk1zb05vcm1hbCwgbGkuTXNv Tm9ybWFsLCBkaXYuTXNvTm9ybWFsDQoJe21hcmdpbjowaW47DQoJbWFyZ2luLWJvdHRvbTouMDAw MXB0Ow0KCWZvbnQtc2l6ZToxMi4wcHQ7DQoJZm9udC1mYW1pbHk6IlRpbWVzIE5ldyBSb21hbiIs InNlcmlmIjt9DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0 eTo5OTsNCgljb2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNp dGVkLCBzcGFuLk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsN Cgljb2xvcjpwdXJwbGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpwLk1zb0FjZXRh dGUsIGxpLk1zb0FjZXRhdGUsIGRpdi5Nc29BY2V0YXRlDQoJe21zby1zdHlsZS1wcmlvcml0eTo5 OTsNCgltc28tc3R5bGUtbGluazoiQmFsbG9vbiBUZXh0IENoYXIiOw0KCW1hcmdpbjowaW47DQoJ bWFyZ2luLWJvdHRvbTouMDAwMXB0Ow0KCWZvbnQtc2l6ZTo4LjBwdDsNCglmb250LWZhbWlseToi VGFob21hIiwic2Fucy1zZXJpZiI7fQ0Kc3Bhbi5CYWxsb29uVGV4dENoYXINCgl7bXNvLXN0eWxl LW5hbWU6IkJhbGxvb24gVGV4dCBDaGFyIjsNCgltc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJbXNv LXN0eWxlLWxpbms6IkJhbGxvb24gVGV4dCI7DQoJZm9udC1mYW1pbHk6IlRhaG9tYSIsInNhbnMt c2VyaWYiO30NCnNwYW4uRW1haWxTdHlsZTE5DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsOw0K CWZvbnQtZmFtaWx5OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7DQoJY29sb3I6IzFGNDk3RDt9DQpz cGFuLkVtYWlsU3R5bGUyMA0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1yZXBseTsNCglmb250 LWZhbWlseToiQ2FsaWJyaSIsInNhbnMtc2VyaWYiOw0KCWNvbG9yOiMxRjQ5N0Q7fQ0KLk1zb0No cERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1zaXplOjEwLjBw dDt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo4LjVpbiAxMS4waW47DQoJbWFyZ2luOjEu MGluIDEuMGluIDEuMGluIDEuMGluO30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2Vj dGlvbjE7fQ0KLS0+PC9zdHlsZT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlZGVm YXVsdHMgdjpleHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+DQo8L3htbD48IVtlbmRpZl0tLT48 IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlbGF5b3V0IHY6ZXh0PSJlZGl0Ij4NCjxv OmlkbWFwIHY6ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPg0KPC9vOnNoYXBlbGF5b3V0PjwveG1sPjwh W2VuZGlmXS0tPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tVVMiIGxpbms9ImJsdWUiIHZsaW5r PSJwdXJwbGUiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGli cmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5EYW5pZWwsDQo8 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3Nh bnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9u dC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9y OiMxRjQ5N0QiPkkgYWRkZWQgMyBtb3JlIEkyUlMgc2VjdXJpdHkgcmVxdWlyZW1lbnRzIGZvciB0 aGUg4oCcQ2xvc2VkIEVudmlyb25tZW504oCdLCBwbGVhc2UgdXNlIHRoZSByZXZpc2VkIHNlY3Rp b24gYXR0YWNoZWQuDQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJp JnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNl cmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPkNoZWVycywNCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQt ZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjoj MUY0OTdEIj5MaW5kYTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkm cXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwv bzpwPjwvc3Bhbj48L3A+DQo8ZGl2Pg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLXRv cDpzb2xpZCAjQjVDNERGIDEuMHB0O3BhZGRpbmc6My4wcHQgMGluIDBpbiAwaW4iPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1p bHk6JnF1b3Q7VGFob21hJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPkZyb206PC9zcGFu PjwvYj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtUYWhv bWEmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+IGkycnMgW21haWx0bzppMnJzLWJvdW5j ZXNAaWV0Zi5vcmddDQo8Yj5PbiBCZWhhbGYgT2YgPC9iPkxpbmRhIER1bmJhcjxicj4NCjxiPlNl bnQ6PC9iPiBNb25kYXksIEF1Z3VzdCAyNCwgMjAxNSA1OjA5IFBNPGJyPg0KPGI+VG86PC9iPiBE YW5pZWwgTWlnYXVsdDxicj4NCjxiPkNjOjwvYj4gSmVmZnJleSBIYWFzOyBpMnJzQGlldGYub3Jn OyBKb2VsIE0uIEhhbHBlcm47IEFsaWEgQXRsYXM8YnI+DQo8Yj5TdWJqZWN0OjwvYj4gW2kycnNd IFN1Z2dlc3RlZCBzZWN0aW9uL3RleHQgdG8gYmUgYWRkZWQgdG8gZHJhZnQtbWdsdC1pMnJzLXNl Y3VyaXR5LWVudmlyb25tZW50LXJlcXMtMDAgdG8gYWRkcmVzcyBzZWN1cml0eSB0aHJlYXRzIGlu IENsb3NlZCBFbnZpb25tZW50LjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90 O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5EYW5p ZWwsDQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZx dW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4w cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7 O2NvbG9yOiMxRjQ5N0QiPlRoYW5rIHlvdSBmb3Igd2lsbGluZyB0byBhZGRyZXNzIG15IGNvbW1l bnRzLiBUbyBtYWtlIGl0IGVhc2llciBmb3IgeW91LCBJIHB1dCB0b2dldGhlciBhIHNlY3Rpb24g dG8gZGVzY3JpYmUgdGhlIHNlY3VyaXR5IHRocmVhdHMgaW4gQ2xvc2VkIEVudmlyb25tZW50IGFu ZA0KIG5lY2Vzc2FyeSByZXF1aXJlbWVudCBmb3IgSTJSUy4gU2VlIHRoZSBhdHRhY2hlZC4gPG86 cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5z LXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQt ZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjoj MUY0OTdEIj5DbG9zZWQgZW52aXJvbm1lbnQgZGVwbG95bWVudCBjYW4gZWFzaWx5IGdpdmUgcGVv cGxlIGEgc2Vuc2Ugb2Ygc2VjdXJlIGJlY2F1c2UgdGhlIGxpbmtzIGJldHdlZW4gSTJSUyBDbGll bnQgYW5kIEkyUlMgQWdlbnQgYXJlIGd1aWRlZCBieSBhIHBoeXNpY2FsIOKAnFdhbGzigJ0uDQog Jm5ic3A7VGhlIGZhbHNlIHNlbnNlIG9mIOKAnFNlY3VyZeKAnSBpcyBhY3R1YWxseSBtb3JlIGRh bmdlcm91cyBiZWNhdXNlIGl0IGNhbiBlYXNpbHkgbWFrZSB0aGUgZGVwbG95bWVudCBtaXNzIHRo ZSBjcnVjaWFsIHNlY3VyaXR5IHByb2NlZHVyZS4NCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFt aWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0 OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1 b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+VGhlcmVmb3JlLCBJIHRo aW5rIGl0IGlzIGltcG9ydGFudCB0byBoYXZlIGEgZGVkaWNhdGVkIHNlY3Rpb24gb24gc2VjdXJp dHkgdGhyZWF0cyBhbmQgcmVxdWlyZW1lbnQgZm9yIHRoZSBDbG9zZWQgRW52aXJvbm1lbnQuDQo8 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3Nh bnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9u dC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9y OiMxRjQ5N0QiPkxpbmRhPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJy aSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7 PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci10b3A6c29s aWQgI0I1QzRERiAxLjBwdDtwYWRkaW5nOjMuMHB0IDBpbiAwaW4gMGluIj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZx dW90O1RhaG9tYSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij5Gcm9tOjwvc3Bhbj48L2I+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VGFob21hJnF1 b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPg0KPGEgaHJlZj0ibWFpbHRvOm1nbHQuaWV0ZkBn bWFpbC5jb20iPm1nbHQuaWV0ZkBnbWFpbC5jb208L2E+IFs8YSBocmVmPSJtYWlsdG86bWdsdC5p ZXRmQGdtYWlsLmNvbSI+bWFpbHRvOm1nbHQuaWV0ZkBnbWFpbC5jb208L2E+XQ0KPGI+T24gQmVo YWxmIE9mIDwvYj5EYW5pZWwgTWlnYXVsdDxicj4NCjxiPlNlbnQ6PC9iPiBNb25kYXksIEF1Z3Vz dCAyNCwgMjAxNSAxMjo1NSBQTTxicj4NCjxiPlRvOjwvYj4gTGluZGEgRHVuYmFyPGJyPg0KPGI+ Q2M6PC9iPiBKb2VsIE0uIEhhbHBlcm47IDxhIGhyZWY9Im1haWx0bzppMnJzQGlldGYub3JnIj5p MnJzQGlldGYub3JnPC9hPjsgSmVmZnJleSBIYWFzOyBBbGlhIEF0bGFzPGJyPg0KPGI+U3ViamVj dDo8L2I+IFJlOiBbaTJyc10gUmV2aWV3IGNvbW1lbnRzIHRvIGRyYWZ0LW1nbHQtaTJycy1zZWN1 cml0eS1lbnZpcm9ubWVudC1yZXFzLTAwICh3YXMgUkU6IGRyYWZ0LW1nbHQtaTJycy1zZWN1cml0 eS1yZXF1aXJlbWVudHMtMDAgMiBXZWVrIFdHIGFkb3B0aW9uIGNhbGwgKDgvMTcgdG8gOC8zMSk8 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+ Jm5ic3A7PC9vOnA+PC9wPg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tYm90dG9tOjEyLjBwdCI+SGkgTGluZGEsIDxvOnA+PC9v OnA+PC9wPg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWJvdHRv bToxMi4wcHQiPlRoYW5rIHlvdSBmb3IgeW91ciBjb21tZW50cy4gSSBhZ3JlZSB3ZSBuZWVkIHRv IGFkZHJlc3MgbW9yZSBzcGVjaWZpY2FsbHkgb3IgZXhwbGljaXRseSB0aGUgJnF1b3Q7bW9zdCBj b21tb24mcXVvdDsgdXNlIGNhc2UuIEkgYWdyZWUgd2l0aCB5b3VyIGNvbW1lbnRzIGFuZCB3ZSB3 aWxsIGNvbnNpZGVyIHRoZW0gdG8gaW1wcm92ZSBhbmQgY2xhcmlmeSB0aGUgdGV4dCBvZiB0aGUN CiBuZXh0IHZlcnNpb24uIFRoYW5rIHlvdS4gVG8gbWUgdGhlIGkycnMgcGxhbmUgcHJvdmlkZXMg YSBsaW1pdGVkIG51bWJlciBvZiBmdW5jdGlvbm5hbGl0aWVzIHRoYXQgbWF5IGJlIHByb3ZpZGVk IHRvIGRpZmZlcmVudCBpbmRlcGVuZGFudCB0ZW5hbnRzLiZuYnNwOw0KPG86cD48L286cD48L3A+ DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkJSLCA8bzpwPjwvbzpwPjwvcD4NCjwvZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+RGFuaWVsPG86cD48L286cD48L3A+DQo8ZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4N CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5PbiBNb24sIEF1ZyAyNCwgMjAxNSBhdCAxOjM3 IFBNLCBMaW5kYSBEdW5iYXIgJmx0OzxhIGhyZWY9Im1haWx0bzpsaW5kYS5kdW5iYXJAaHVhd2Vp LmNvbSIgdGFyZ2V0PSJfYmxhbmsiPmxpbmRhLmR1bmJhckBodWF3ZWkuY29tPC9hPiZndDsgd3Jv dGU6PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVv dDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5Kb2VsLA0KPC9zcGFuPjxz cGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVv dDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4w cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7 O2NvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBw dDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsi PjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGli cmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5BZ3JlZSB3aXRo IHlvdSB0aGF0IOKAnDwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZh bWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6Ymxh Y2siPndlIGRvbuKAmXQgbmVlZCB0byBidWlsZCBkaWZmZXJlbnQgcHJvdG9jb2wgc3RhY2tzIGZv cg0KIHRoZSBkaWZmZXJlbnQgZGVwbG95bWVudHPigJ0uIDwvc3Bhbj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMt c2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5 OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdE Ij5CdXQgdGhlIOKAnGVudmlyb25tZW50LXJlceKAnSBkcmFmdCBpcyBub3QgYWJvdXQg4oCcUHJv dG9jb2zigJ0sIGJ1dCBhYm91dCBzZWN1cml0eSBpc3N1ZXMgdW5kZXIgZGlmZmVyZW50IOKAnGVu dmlyb25tZW504oCdLg0KPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQt ZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48 L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90 OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7 LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0 O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztj b2xvcjojMUY0OTdEIj5BbW9uZyBhbGwgb3VyIGN1c3RvbWVycyB3aG8gYXJlIGludGVyZXN0ZWQg aW4gSTJSUywgbWFqb3JpdHkgb2YgdGhlbSAoJmd0OzkwJSkgd2lsbCBkZXBsb3kgdGhlbSBpbiBh IGNsb3NlZCBlbnZpcm9ubWVudCwgaS5lLiBwaHlzaWNhbGx5IHNlY3VyZWQmbmJzcDsgY29ubmVj dGlvbiBiZXR3ZWVuDQogSTJSUyBhZ2VudCBhbmQgSTJSUyBjbGllbnQuIFRoZXJlZm9yZSwgaXQg aXMgaW1wb3J0YW50IHRvIOKAnDwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtm b250LWZhbWlseTpDb3VyaWVyO2NvbG9yOmJsYWNrIj5wcm92aWRlcyBhbiBhbmFseXNpcyBvZiB0 aGUgc2VjdXJpdHkgaXNzdWVzIG9m4oCdDQo8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox MS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1 b3Q7O2NvbG9yOiMxRjQ5N0QiPm9mIHRoaXMgY29tbW9ubHkgZGVwbG95ZWQgZW52aXJvbm1lbnQu DQo8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjExLjBwdDtjb2xvcjojMUY0OTdEIj4mbmJzcDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5z LXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWls eTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3 RCI+SSBzdWdnZXN0IGFkZGluZyB0aGlzIEZpZ3VyZSB0byBTZWN0aW9uIDEgb2YgdGhlIGRvY3Vt ZW50Ojwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVv dDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFu PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJm b250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fu cy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj4mbmJzcDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5z LXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWls eTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjojMUY0OTdEIj5DbG9zZWQmbmJzcDsgKG92 ZXIgb3BlbiBDaG5sICMjIyZndDspJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7IE9wZW4gKG92ZXIgc2VjdXJlIENobmwgLS0tJmd0Oyk8L3NwYW4+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZx dW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEw LjBwdDtmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjojMUY0OTdEIj4m IzQzOy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSYjNDM7PC9zcGFuPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1 b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9u dC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDs7Y29sb3I6IzFGNDk3RCI+fCZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAqKioqKioqKioqKioqKioqKioqKioqKiZuYnNwOyZuYnNw OyB8Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICoqKioqKioqKioqKioqKioqKioqKioq Jm5ic3A7IHw8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6 JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztj b2xvcjojMUY0OTdEIj58Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICombmJz cDsmbmJzcDsmbmJzcDsgQXBwbGljYXRpb24gQSZuYnNwOyZuYnNwOyZuYnNwOyAqJm5ic3A7Jm5i c3A7IHwmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgKiZuYnNwOyZuYnNwOyZuYnNwOyBB cHBsaWNhdGlvbiBCJm5ic3A7Jm5ic3A7Jm5ic3A7ICombmJzcDsgfDwvc3Bhbj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90 O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQt ZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPnwmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgKiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAqJm5ic3A7Jm5ic3A7IHwmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgKiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAqJm5ic3A7IHw8L3NwYW4+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVv dDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250 LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjojMUY0OTdEIj58Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICombmJzcDsgJiM0MzstLS0tLS0tLS0tLS0tLS0t JiM0MzsgKiZuYnNwOyZuYnNwOyB8Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICombmJz cDsgJiM0MzstLS0tLS0tLS0tLS0tLS0tJiM0MzsgKiZuYnNwOyB8PC9zcGFuPjxzcGFuIHN0eWxl PSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7 c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1m YW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDs7Y29sb3I6IzFGNDk3RCI+fCZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAqJm5ic3A7IHwmbmJzcDsmbmJzcDsgQ2xpZW50IEEm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgfCAqJm5ic3A7Jm5ic3A7IHwmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsgKiZuYnNwOyB8Jm5ic3A7Jm5ic3A7IENsaWVudCBCJm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7IHwgKiZuYnNwOyB8PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEu MHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90 OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q291 cmllciBOZXcmcXVvdDs7Y29sb3I6IzFGNDk3RCI+fCZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyAqJm5ic3A7ICYjNDM7LS0tLS0tLS0tLS0tLS0tLSYjNDM7ICombmJzcDsmbmJz cDsgfCZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAqJm5ic3A7ICYjNDM7LS0tLS0tLS0t LS0tLS0tLSYjNDM7ICombmJzcDsgfDwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBw dDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsi PjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NvdXJp ZXIgTmV3JnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPnwmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsgKioqKioqKiBeICoqKioqKioqKioqKiombmJzcDsmbmJzcDsgfCZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyAqKioqKiBeICoqKioqKiBeICoqKioqKiZuYnNwOyB8PC9zcGFu PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkm cXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9k aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox MC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDs7Y29sb3I6IzFGNDk3RCI+ fCZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAjJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7IHwmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgfCZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyB8Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7IHw8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1 b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xv cjojMUY0OTdEIj58Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICMmbmJzcDsmbmJzcDsgJm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7IHwmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgfCZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyB8Jm5ic3A7Jm5ic3A7IHwtLS0tLXw8L3NwYW4+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtz YW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZh bWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjojMUY0OTdEIj58Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7ICMmbmJzcDsmbmJzcDsgJm5ic3A7Jm5ic3A7ICZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB8Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHwmbmJzcDsmbmJzcDsg fDwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtD YWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOiMx RjQ5N0QiPnwmbmJzcDsgKioqKioqKioqKioqIHYgKiAqICogKiAqKioqKioqKnwmbmJzcDsmbmJz cDsgKioqKioqKioqKioqKioqKiogdiAqIHYgKioqKioqKio8L3NwYW4+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5z LXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWls eTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjojMUY0OTdEIj58Jm5ic3A7ICombmJzcDsg JiM0MzstLS0tLS0tLS0tLS0tLS0tLS0tLS0mIzQzOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB8 Jm5ic3A7Jm5ic3A7ICombmJzcDsgJiM0MzstLS0tLS0tLS0tLS0tLS0tLS0tLS0mIzQzOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyAqPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0 O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+ PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q291cmll ciBOZXcmcXVvdDs7Y29sb3I6IzFGNDk3RCI+fCZuYnNwOyAqJm5ic3A7IHwmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsgQWdlbnQgMSZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyB8Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHwmbmJzcDsmbmJzcDsgKiZuYnNw OyB8Jm5ic3A7Jm5ic3A7Jm5ic3A7IEFnZW50IDImbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgfCZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAqPC9z cGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGli cmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDs7Y29sb3I6IzFGNDk3 RCI+fCZuYnNwOyAqJm5ic3A7ICYjNDM7LS0tLS0tLS0tLS0tLS0tLS0tLS0tJiM0MzsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsgfCZuYnNwOyZuYnNwOyAqJm5ic3A7ICYjNDM7LS0tLS0tLS0tLS0t LS0tLS0tLS0tJiM0MzsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgKjwvc3Bhbj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90 O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQt ZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPnwmbmJzcDsgKiZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBeJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7IF4mbmJzcDsgXiZuYnNwOyZuYnNwOyBeJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7IHwmbmJzcDsmbmJzcDsgKiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyBeJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IF4mbmJzcDsgXiZu YnNwOyZuYnNwOyBeJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICo8 L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2Fs aWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1z aXplOjExLjBwdDtjb2xvcjojMUY0OTdEIj4mbmJzcDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNl cmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtjb2xvcjojMUY0OTdE Ij4mbmJzcDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6 JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjExLjBwdDtjb2xvcjojMUY0OTdEIj4mbmJzcDs8L3NwYW4+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVv dDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250 LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6 IzFGNDk3RCI+SnVzdCB0aGluayBhYm91dCB0aGlzIGZhY3Q6IHRvZGF54oCZcyByb3V0ZXIgY29u ZmlndXJhdGlvbiBpbiBwcm9kdWN0aW9uIGVudmlyb25tZW50IGNhbiBvbmx5IGJlIHBlcmZvcm1l ZCBieSBhIGZldyBhdXRob3JpemVkIHBlb3BsZSB3aXRoIEVNUy9OTVMgcGh5c2ljYWxseQ0KIGFu ZCBzZWN1cmVseSBzZXBhcmF0ZWQuIElmIHRoZSBtYWpvcml0eSBvZiB0aGUgSTJSUyBlbnZpcm9u bWVudCByZXF1aXJlbWVudCBpcyBhYm91dCBvcGVuIGNvbm5lY3Rpb24sIEkyUlMgV0cgd2lsbCBz cGVuZCBhIGxvdCBlbmVyZ3kgZGV2ZWxvcGluZyB0aGUgdmVyeSBzb3BoaXN0aWNhdGVkIHByb3Rv Y29scyB3aGljaCBpcyBleHBlbnNpdmUgdG8gZGV2ZWxvcCBhbmQgaGFyZGVyIHRvIGRlcGxveS4N Cjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtD YWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6MTEuMHB0O2NvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMt c2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5 OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdE Ij5JIGFtIG5vdCBhZ2FpbnN0IHRoaXMgZGV2ZWxvcG1lbnQsIGJ1dCBJTUhPLCB0byBnYWluIHdp ZGVyIGFuZCBxdWlja2VyIEkyUlMgZGVwbG95bWVudCBpbiBwcm9kdWN0aW9uIGVudmlyb25tZW50 LCBpdCBpcyBuZWNlc3NhcnkgdG8gaGF2ZSBhIHZlcnkNCjwvc3Bhbj48Yj48dT48c3BhbiBzdHls ZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90 O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6cmVkIj5sZWFuPC9zcGFuPjwvdT48L2I+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVv dDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPiBJMlJTIHNvbHV0aW9uIGZpcnN0LCBh bmQgdG8gaGF2ZSBhIHdlbGwgZG9jdW1lbnRlZCBzZWN1cml0eSByZXF1aXJlbWVudA0KIGZvciB0 aGUgY29tbW9uIGRlcGxveW1lbnQgZW52aXJvbm1lbnQuIEUuZy4gYSBzaW5nbGUgQ29udHJvbGxl ciAob3IgdGhlIEkyUlMgY2xpZW50KSBkaXJlY3RseSBjb25uZWN0ZWQgdG8gdGhlaXIgZGV2aWNl cyB2aWEgdGhlaXIgaW50ZXJuYWwgbmV0d29yaywgd2hlcmUgdGhlIGNvbm5lY3Rpb24gaXMgcGh5 c2ljYWxseSBpc29sYXRlZCBmcm9tIG90aGVyIG5ldHdvcmsgYW5kIHByb3RlY3RlZCBieSBzZXBh cmF0ZSBtZWNoYW5pc21zLiBBbHNvIHJlbWVtYmVyLA0KIG1hbnkgb3BlcmF0b3JzIHdpbGwgdXNl IEkyUlMgdG8gY29udHJvbCBhIHNtYWxsIG51bWJlciBvZiBzZWxlY3RpdmUgcm91dGVycyAobW9z dGx5IHJvdXRlcnMgYXQgaW5ncmVzcy9lZ3Jlc3MgYm91bmRhcnkpIGZvciB2YWx1ZSBhZGRlZCBz ZXJ2aWNlcy4NCjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWls eTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+ PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTEuMHB0O2NvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZx dW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2Nv bG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtm b250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2NvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bh bj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJp JnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwv ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6 MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZx dW90Oztjb2xvcjojMUY0OTdEIj5Tb21lIG9mIG15IGRldGFpbGVkIHF1ZXN0aW9ucyBhbmQgY29t bWVudHMgdG8gdGhlIOKAnHNlY3VyaXR5LXJlcXVpcmVtZW50c+KAnSBhcmUgc3RpbGwgYXBwbGlj YWJsZSB0byB0aGUg4oCcZW52aXJvbm1lbnQtcmVx4oCdIGRvY3VtZW50IGJlY2F1c2UgdGhleSBo YXZlIHRoZSBzYW1lDQogdGV4dC4gUGx1cyBhIGZldyBtb3JlIGZvciB0aGUg4oCcZW52aXJvbm1l bnQtcmVx4oCdIGRvY3VtZW50LiBIb3BlIHRoZSBhdXRob3JzIGNhbiBhZGRyZXNzIHRoZW0uDQo8 L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2Fs aWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1z aXplOjExLjBwdDtjb2xvcjojMUY0OTdEIj4mbmJzcDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNl cmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtjb2xvcjojMUY0OTdE Ij4mbmJzcDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6 JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90 O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+U2VjdGlvbiAzOg0KPC9zcGFuPjxzcGFu IHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDss JnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7 Y29sb3I6IzFGNDk3RCI+Jm5ic3A7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0 O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+ PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJy aSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPldoYXQgYXJlIHRo ZSBrZXkgZGlmZmVyZW5jZXMgd2l0aCByZWdhcmQgdG8gdGhlIHNlY3VyaXR5IHJlcXVpcmVtZW50 cyBmb3IgJm5ic3A7STJSUyBwbGFuZSBhbmQgZm9yIG1hbmFnZW1lbnQgcGxhbmU/Jm5ic3A7IFNl Y3Rpb24gMy4xIGRlc2NyaWJlcyB0aGUgaW50ZXJhY3Rpb24gYmV0d2Vlbg0KIEkyUlMgcGxhbmUg YW5kIG1hbmFnZW1lbnQgcGxhbmUuIEJ1dCBJIHNlZSB0aGUgc2VjdXJpdHkgcmVxdWlyZW1lbnQg Zm9yIHRoZSBtYW5hZ2VtZW50IHBsYW5lIGFyZSBhbGwgYXBwbGljYWJsZSB0byB0aGUgc2VjdXJp dHkgcmVxdWlyZW1lbnQgdG8gSTJSUyBwbGFuZSAuIElmIHlvdSB0aGluayB0aGF0IHRoZXkgYXJl IHZlcnkgZGlmZmVyZW50LCBjYW4geW91IGVsYWJvcmF0ZSBtb3JlPw0KPC9zcGFuPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1 b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Y29s b3I6IzFGNDk3RCI+Jm5ic3A7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2Zv bnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86 cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZx dW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPlNlY3Rpb24gMy40IGhh cyB0aXRsZSDigJxSZWNvbW1lbmRhdGlvbnPigJ0sIGJ1dCB0aGUgY29udGVudCBhcmUgYWxsIHJl cXVpcmVtZW50cy4gV2h5IG5vdCBuYW1lIHRoZSBzZWN0aW9uIOKAnFJlcXVpcmVtZW504oCdPw0K PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0Nh bGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNl cmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1z aXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2Vy aWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZx dW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5S RVEgMjogRG9lcyBpdCB0aGF0IGEgZGlmZmVyZW50IElQIGFkZHJlc3MgdGhhbiB0aGUgb25lIHVz ZWQgYnkgdGhlIG1hbmFnZW1lbnQgc3lzdGVtPzwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYm cXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90 O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj4mbmJz cDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMt c2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+UkVRIDIxOiBpcyBtb3JlIGFib3V0IEkyUlMgcmVx dWlyZW1lbnQsIGxlc3MgYWJvdXQg4oCcU2VjdXJpdHnigJ0gcmVxdWlyZW1lbnQuDQo8L3NwYW4+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZx dW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEx LjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVv dDs7Y29sb3I6IzFGNDk3RCI+Jm5ic3A7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEu MHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90 OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2Fs aWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPlJFUSAyNDog aXNu4oCZdCBpdCB0aGUgZ2VuZXJhbCBnb2FsIG9mIEkyUlM/IE5vdCByZWFsbHkgc2VjdXJpdHkg cGVyIHNlLiAoc2hvdWxkIGJlIGluY2x1ZGVkIGluIHRoZSBnZW5lcmFsIEkyUlMgcmVxdWlyZW1l bnQgb3IgYXJjaGl0ZWN0dXJlKS4NCjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBw dDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsi PjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGli cmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj4mbmJzcDs8L3Nw YW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJy aSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjExLjBwdDtjb2xvcjojMUY0OTdEIj4mbmJzcDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlm JnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVv dDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+UkVR IDI2OiBzaW1wbHkgY29udHJvbGxpbmcgdGhlIHJlc291cmNlIGNhbiBoYXJkbHkgcHJldmVudCBE b1MuIE1hbGljaW91cyBjbGllbnQgY2FuIG9jY3VweSB0aGUgcmVzb3VyY2Ugd2hpbGUgdGhlIHZh bGlkIG9uZSBjYW4ndCBhY2Nlc3MuPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0 O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+ PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJy aSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bh bj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJp JnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwv ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6 MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZx dW90Oztjb2xvcjojMUY0OTdEIj5UaGFua3MgZm9yIHlvdXIgY29uc2lkZXJhdGlvbiwNCjwvc3Bh bj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJp JnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwv ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6 MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZx dW90Oztjb2xvcjojMUY0OTdEIj5MaW5kYTwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEx LjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVv dDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0Ij4mbmJzcDs8L3NwYW4+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90Oywm cXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxk aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdCI+ Jm5ic3A7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZx dW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3Nw YW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPi0tLS0tT3JpZ2luYWwgTWVz c2FnZS0tLS0tPGJyPg0KRnJvbTogaTJycyBbPGEgaHJlZj0ibWFpbHRvOmkycnMtYm91bmNlc0Bp ZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPm1haWx0bzppMnJzLWJvdW5jZXNAaWV0Zi5vcmc8L2E+ XSBPbiBCZWhhbGYgT2YgSm9lbCBNLiBIYWxwZXJuPGJyPg0KU2VudDogRnJpZGF5LCBBdWd1c3Qg MjEsIDIwMTUgMTI6MjAgUE08YnI+DQpUbzogTGluZGEgRHVuYmFyOyA8YSBocmVmPSJtYWlsdG86 aTJyc0BpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPmkycnNAaWV0Zi5vcmc8L2E+PGJyPg0KQ2M6 ICdKZWZmcmV5IEhhYXMnOyA8YSBocmVmPSJtYWlsdG86ZGFuaWVsLm1pZ2F1bHRAZXJpY3Nzb24u Y29tIiB0YXJnZXQ9Il9ibGFuayI+DQpkYW5pZWwubWlnYXVsdEBlcmljc3Nvbi5jb208L2E+OyAn QWxpYSBBdGxhcyc8YnI+DQpTdWJqZWN0OiBSZTogW2kycnNdIGRyYWZ0LW1nbHQtaTJycy1zZWN1 cml0eS1yZXF1aXJlbWVudHMtMDAgMiBXZWVrIFdHIGFkb3B0aW9uIGNhbGwgKDgvMTcgdG8gOC8z MSk8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjEwLjVwdCI+Jm5ic3A7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0 O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+ PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPlll cywgb25lIG9mIHRoZSB0d28gbGFzdCBjYWxscyBpcyBmb3IgdGhlIGVudmlyb25tZW50IGRvY3Vt ZW50Ljwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVv dDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFu PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJm b250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mbmJzcDs8L3NwYW4+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90Oywm cXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxk aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtm b250LWZhbWlseTpDb25zb2xhcyI+SGF2aW5nIGEgZGVkaWNhdGVkIHBoeXNpY2FsIGNoYW5uZWwg aXMgb25lIG9mIHRoZSB3YXlzIGlkZW50aWZpZWQgaW4gdGhlIGRyYWZ0IHRvIHByb3ZpZGUgdGhl IHJlcXVpcmVkIGlzb2xhdGlvbi48L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7 Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jm5i c3A7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90 O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPldoaWxlIHN1Y2ggYW4gZW52aXJv bm1lbnQgaXMgY2xlYXJseSBzdXBwb3J0YWJsZSwgSSBkbyBub3QgdGhpbmsgd2Ugc2hvdWxkIHJl ZHVjZSB0aGUgaW50ZXJuYWwgcHJvdG9jb2wgcmVxdWlyZW1lbnRzIChzdWNoIGFzIE1USSBzZWN1 cml0eSBmb3IgdGhlIGNvbnRyb2wgY2hhbm5lbCkganVzdCBiZWNhdXNlIHRoZXJlIGFyZQ0KIGNp cmN1bXN0YW5jZXMgd2hlcmUgc3VjaCBpdCB3b24ndCBiZSBuZWVkZWQuJm5ic3A7IEkgZG9uJ3Qg ZXhwZWN0IHRoYXQgd2Ugd2lsbCBidWlsZCBkaWZmZXJlbnQgcHJvdG9jb2wgc3RhY2tzIGZvciB0 aGUgZGlmZmVyZW50IGRlcGxveW1lbnRzLjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEx LjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVv dDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFz Ij4mbmJzcDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6 JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+VGhlIHB1cnBvc2Ugb2Yg dGhpcyBkcmFmdCBpcyB0byBkZXNjcmliZSB0aGUgZW52aXJvbm1lbnRhbCBhc3N1bXB0aW9ucywg d2hpY2ggYXNzdW1wdGlvbnMgY2FuIGJlIG1ldCBpbiB2YXJpb3VzIHdheXMuPC9zcGFuPjxzcGFu IHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDss JnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7 Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZuYnNwOzwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYm cXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNv bGFzIj5Zb3Vycyw8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1p bHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Sm9lbDwvc3Bhbj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1 b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2 Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAu NXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mbmJzcDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNl cmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpD b25zb2xhcyI+T24gOC8yMS8xNSAxMjo1NiBQTSwgTGluZGEgRHVuYmFyIHdyb3RlOjwvc3Bhbj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1 b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2 Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAu NXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7IEpvZWwsPC9zcGFuPjxzcGFuIHN0eWxlPSJm b250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fu cy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1p bHk6Q29uc29sYXMiPiZndDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9u dC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpw PiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+ Jmd0OyBJZiBpdCBpcyB0aGUgJnF1b3Q7ZW52aXJvbm1lbnRhbCBvbmUmcXVvdDssIGl0IGlzIG1v cmUgaW1wb3J0YW50IHRvIGRpZmZlcmVudGlhdGUgdGhlIHJlcXVpcmVtZW50cyBmb3IgZGlmZmVy ZW50IGVudmlyb25tZW50cyBvbiBob3cgdGhlIEkyUlMgY2xpZW50ICZhbXA7IEFnZW50IGFyZSBj b25uZWN0ZWQuPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5 OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48 L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDs8L3NwYW4+PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90 OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyBPbmUgb2Ygb3VyIGN1c3RvbWVycyBz dGF0ZWQgdGhhdCB0aGVpciBlbnZpcm9ubWVudCBoYXMgYSBzaW5nbGUgQ29udHJvbGxlciAob3Ig dGhlIEkyUlMgY2xpZW50KSBkaXJlY3RseSBjb25uZWN0ZWQgdG8gdGhlaXIgZGV2aWNlcyB2aWEg dGhlaXIgaW50ZXJuYWwgbmV0d29yaywgd2hlcmUgdGhlIGNvbm5lY3Rpb24gaXMNCiBwaHlzaWNh bGx5IGlzb2xhdGVkIGZyb20gb3RoZXIgbmV0d29yayBhbmQgcHJvdGVjdGVkIGJ5IHNlcGFyYXRl IG1lY2hhbmlzbXMsIHRoZXkgZG9uJ3QgbmVlZCBhbGwgdGhvc2Ugc29waGlzdGljYXRlZCBhdXRo ZW50aWNhdGlvbiBwcm9jZWR1cmUuPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0 O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+ PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZn dDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPiZuYnNwOzwvbzpwPjwv c3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyBXZSBuZWVkIHRv IGFkZHJlc3MgdGhpcyBlbnZpcm9ubWVudCwgaS5lLiBoYXZpbmcgYSBzaW1wbGVyIHNlY3VyaXR5 IHJlcXVpcmVtZW50IGZvciB0aGlzIGVudmlyb25tZW50IHRoYW4gdGhlIGVudmlyb25tZW50IHdo ZXJlIEkyUlMgQ2xpZW50IGlzIGNvbm5lY3RlZCB2aWEgcHVibGljIG5ldHdvcmsuPC9zcGFuPjxz cGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVv dDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41 cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlm JnF1b3Q7Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWls eTpDb25zb2xhcyI+Jmd0OyBMaW5kYTwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBw dDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsi PjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4m Z3Q7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90 O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD4mbmJzcDs8L286cD48 L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDs8L3NwYW4+PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90 OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyAtLS0tLU9yaWdpbmFsIE1lc3NhZ2Ut LS0tLTwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVv dDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFu PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJm b250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7IEZyb206IEpvZWwgSGFs cGVybiBEaXJlY3QgWzxhIGhyZWY9Im1haWx0bzpqbWguZGlyZWN0QGpvZWxoYWxwZXJuLmNvbSIg dGFyZ2V0PSJfYmxhbmsiPm1haWx0bzpqbWguZGlyZWN0QGpvZWxoYWxwZXJuLmNvbTwvYT5dPC9z cGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGli cmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsgU2VudDogRnJpZGF5LCBBdWd1c3Qg MjEsIDIwMTUgMTA6NTMgQU08L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9u dC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyBU bzogTGluZGEgRHVuYmFyOw0KPGEgaHJlZj0ibWFpbHRvOmkycnNAaWV0Zi5vcmciIHRhcmdldD0i X2JsYW5rIj5pMnJzQGlldGYub3JnPC9hPjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEx LjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVv dDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFz Ij4mZ3Q7IENjOiAnSmVmZnJleSBIYWFzJzsNCjxhIGhyZWY9Im1haWx0bzpkYW5pZWwubWlnYXVs dEBlcmljc3Nvbi5jb20iIHRhcmdldD0iX2JsYW5rIj5kYW5pZWwubWlnYXVsdEBlcmljc3Nvbi5j b208L2E+OyAnSm9lbCBIYWxwZXJuJzsgJ0FsaWEgQXRsYXMnPC9zcGFuPjxzcGFuIHN0eWxlPSJm b250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fu cy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1p bHk6Q29uc29sYXMiPiZndDsgU3ViamVjdDogUmU6IFtpMnJzXSBkcmFmdC1tZ2x0LWkycnMtc2Vj dXJpdHktcmVxdWlyZW1lbnRzLTAwIDIgV2VlayBXRw0KPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1z ZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6 Q29uc29sYXMiPiZndDsgYWRvcHRpb24gY2FsbCAoOC8xNyB0byA4LzMxKTwvc3Bhbj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZx dW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2Zv bnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEu MHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90 OyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29u c29sYXMiPiZndDsgRmlyc3QsIHRoZXJlIG1heSBiZSBzb21lIGNvbmZ1c2lvbiBiZWNhdXNlIHRo ZSBhbm5vdW5jZW1lbnQuJm5ic3A7IEkgcHJlc3VtZSB0aGF0IHlvdSBhcmUgdGFsa2luZyBhYm91 dCB0aGUgLWVudmlyb25tZW50cyBkb2N1bWVudHMuPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJp ZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29u c29sYXMiPiZndDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1p bHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPiZuYnNw OzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyBJ ZiB0aGUgV0cgY29uY2x1ZGVzIHRoYXQgYSBkaWZmZXJlbnQgY2hhcHRlciBzdHJ1Y3R1cmUgaXMg dXNlZnVsLCB3ZSBjYW4gb2YgY291cnNlIGNoYW5nZSBpdC4mbmJzcDsgR2l2ZW4gdGhhdCB0aGUg Z29hbCBpcyBlbnZpcm9ubWVudCBkZXNjcmlwdGlvbiwgSSBhbSBub3Qgc3VyZSB5b3VyIHByb3Bv c2VkIHN0cnVjdHVyZSBpcw0KIHNpZ25pZmljYW50bHkgYmV0dGVyIHRoYW4gdGhlIGV4aXN0aW5n IG9uZS48L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1 b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0Ozwvc3Bhbj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZx dW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2 Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAu NXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7IEkgYmVsaWV2ZSB5b3VyIGNvbW1lbnQgYWJv dXQgdGhlIHRleHQmbmJzcDsgcmVhZGluZyAmcXVvdDt3aGVyZSBzZWN1cml0eSBmdW5jdGlvbnMg bWF5IGJlIGhvc3RlZCZxdW90OyBpcyB3ZWxsIHRha2VuLCBhbmQgd2Ugc2hvdWxkIHJlbW92ZSB0 aGF0IHRleHQgd2hlbiB3ZSBuZXh0IHJldmlzZSB0aGUgZG9jdW1lbnQuPC9zcGFuPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1 b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9u dC1mYW1pbHk6Q29uc29sYXMiPiZndDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4w cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7 Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25z b2xhcyI+Jmd0OyBUaGUgaXNvbGF0aW9uIHRleHQgaXMgYWJvdXQgdGhlIG5lZWQgdG8ga2VlcCB0 aGluZ3Mgc2VwYXJhdGUsIGFuZCB0aGUgdmFyaW91cyBwb3NzaWJsZSBtZWFucyBhcmUgZGVncmVl cyAvIGFwcHJvYWNoZXMgdG8gc2VwYXJhdGlvbi48L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlm JnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25z b2xhcyI+Jmd0OyBJc29sYXRpb24gaXMgbm90IGFib3V0IHRyZWF0aW5nIHRoaW5ncyBkaWZmZXJl bnRseSwgbm9yIGlzIGl0IGV4cGxpY2l0bHkgYWJvdXQgdXNpbmcgZGlmZmVyZW50IHByb3RvY29s cy4mbmJzcDsgU28gdGhlIHBvaW50IG9mIGlzb2xhdGlvbiBpcyBub3QgdGhhdCB0aGVyZSBhcmUg ZGlmZmVyZW50IHNlY3VyaXR5IHJlcXVpcmVtZW50cywNCiBidXQgdGhhdCBpbiBvcmRlciB0byBh dm9pZCBjb3Jzcy1lZmZlY3RzLCB0aGluZ3Mgc2hvdWxkIGJlIGtlcHQgc2VwYXJhdGUuPC9zcGFu PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkm cXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9k aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox MC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNl cmlmJnF1b3Q7Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZh bWlseTpDb25zb2xhcyI+Jmd0OyBZb3Vycyw8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox MS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1 b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xh cyI+Jmd0OyBKb2VsPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFt aWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286 cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDs8L3NwYW4+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZx dW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1z aXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyBPbiA4LzIwLzE1IDY6NDIgUE0s IExpbmRhIER1bmJhciB3cm90ZTo8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7 Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0 OyZndDsgSSBzdXBwb3J0IHRoZSBXRyBhZG9wdGlvbiBiZWNhdXNlIEkgdGhpbmsgdGhlIEkyUlMg V0cgbmVlZHMgaXQuPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFt aWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286 cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7IEhv d2V2ZXIsIEkgaG9wZSB0aGUgYXV0aG9ycyBjYW4gY29uc2lkZXIvYWRkcmVzcyB0aGUgZm9sbG93 aW5nIHN1Z2dlc3Rpb25zL2NvbW1lbnRzOjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEx LjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVv dDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFz Ij4mZ3Q7Jmd0Ozwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWls eTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+Jm5ic3A7 PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0 OyBXaGVuIHlvdSB0aGluayBhYm91dCB0aGUgSTJSUyBzZWN1cml0eSwmbmJzcDsgdGhlcmUgYXJl IGZvbGxvd2luZw0KPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFt aWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286 cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7IGRp ZmZlcmVudDwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTom cXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9z cGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxl PSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0OyBhc3BlY3Rz Ojwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtD YWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0Ozwvc3Bhbj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZx dW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2 Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAu NXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0OyAtQ29tbXVuaWNhdGlvbiBjaGFubmVs IGJldHdlZW4gSTJSUyBjbGllbnQgYW5kIEFnZW50IChhbmQgdGhlIGNoYW5uZWwNCjwvc3Bhbj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1 b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2 Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAu NXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0OyBiZXR3ZWVuIEkyUlMgY2xpZW50IGFu ZCBhcHBsaWNhdGlvbnMpOjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250 LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0 Ozwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtD YWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+Jm5ic3A7PC9vOnA+PC9z cGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxl PSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0OyBUaGUgY2hh bm5lbCBjYW4gYmU8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1p bHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDs8L3Nw YW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJy aSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDsgb1ZpYSBwaHlzaWNh bCBQcml2YXRlIG5ldHdvcmsgKGUuZy4gd2l0aGluIGEgc2VjdXJlZCBkaXJlY3QgY29ubmVjdA0K PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0Nh bGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7IHdpdGhpbiBvbmUgc2l0 ZSksPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90 O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7PC9zcGFuPjxzcGFu IHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDss JnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9k aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox MC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7IG93aXRoaW4gb25lIGFkbWluaXN0 cmF0aXZlIGRvbWFpbiwmbmJzcDsgdmlhIHZpcnR1YWwgcHJpdmF0ZSBuZXR3b3JrPC9zcGFuPjxz cGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVv dDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41 cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1z ZXJpZiZxdW90OyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1m YW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7IG9TZWN1cmVkIGNvbm5lY3Rpb24sIHN1Y2ggYXMgVExT IG9yIElQU2VjPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5 OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48 L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7PC9zcGFu PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkm cXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7IG9QdWJsaWMgaW50ZXJu ZXQ8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDs8L3NwYW4+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90Oywm cXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEw LjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDsgby4uPC9zcGFuPjxzcGFuIHN0eWxl PSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7 c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1m YW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEu MHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90 OyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29u c29sYXMiPiZndDsmZ3Q7IC1BdXRoZW50aWNhdGlvbiAmYW1wOyBBdXRob3JpemF0aW9uPC9zcGFu PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkm cXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9k aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox MC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7PC9zcGFuPjxzcGFuIHN0eWxlPSJm b250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fu cy1zZXJpZiZxdW90OyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9u dC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7IG90aGUgYXV0aGVudGljYXRpb24gJmFtcDsgYXV0 aG9yaXphdGlvbiByZXF1aXJlbWVudCBmb3IgZGlmZmVyZW50DQo8L3NwYW4+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtz YW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZh bWlseTpDb25zb2xhcyI+Jmd0OyZndDsgY29tbXVuaWNhdGlvbiBjaGFubmVscyBjYW4gYmUgZGlm ZmVyZW50LiBUaGVyZWZvcmUsIHNob3VsZCBoYXZlDQo8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNl cmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpD b25zb2xhcyI+Jmd0OyZndDsgc2VwYXJhdGUgc2VjdGlvbnMgdG8gYWRkcmVzcyBzcGVjaWZpYyBy ZXF1aXJlbWVudCZuYnNwOyBmb3IgZWFjaA0KPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6 MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZx dW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29s YXMiPiZndDsmZ3Q7IGNvbW11bmljYXRpb24gY2hhbm5lbHMgYmV0d2VlbiBJMlJTIGFnZW50ICZs dDstJmd0OyBjbGllbnRzIChhbmQgY2xpZW50ICZsdDstJmd0Ozwvc3Bhbj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3Nh bnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFt aWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0OyBhcHBsaWNhdGlvbnMpPC9zcGFuPjxzcGFuIHN0eWxlPSJm b250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fu cy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1p bHk6Q29uc29sYXMiPiZndDsmZ3Q7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0 O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+ PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29s YXMiPiZndDsmZ3Q7IFRoZSBjdXJyZW50IFNlY3Rpb24gNCBvZiB0aGUgZHJhZnQgYWxyZWFkeSBo YXMgdmVyeSBnb29kIGRlc2NyaXB0aW9uDQo8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox MS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1 b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xh cyI+Jmd0OyZndDsgb24gdGhlIHN1YmplY3QuIEkgdGhpbmsgNC40LjEgYW5kIDQuNDIgY2FuIGJl IHNlcGFyYXRlZCBvdXQgb2YgdGhlIHNlY3Rpb24uPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJp ZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29u c29sYXMiPiZndDsmZ3Q7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQt ZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD4m bmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZn dDsmZ3Q7IC1FbmNyeXB0aW9uIGZvciB0aGUgYWN0dWFsIGNvbnRlbnQgYmV0d2VlbiBDbGllbnQg YW5kIEFnZW50PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5 OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48 L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7PC9zcGFu PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkm cXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7IC1Eb1MgRGVzaWduIHJl cXVpcmVtZW50IChjdXJyZW50bHkgaW4gU2VjdGlvbiA1LjIuMSk8L3NwYW4+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtz YW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZh bWlseTpDb25zb2xhcyI+Jmd0OyZndDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4w cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7 Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25z b2xhcyI+Jmd0OyZndDsgLU1hbmFnZW1lbnQgb2YgY29uZmxpY3Qgd2l0aCBvdGhlciBwbGFuZSAo ZS5nLiB0aGUgbWFuYWdlbWVudCBwbGFuZSwNCjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYm cXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNv bGFzIj4mZ3Q7Jmd0OyBtdWx0aS1oZWFkZWQgY29udHJvbCwgd2hpY2ggaGFzIGJlZW4gZGlzY3Vz c2VkIGV4dGVuc2l2ZWx5IGluDQo8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7 Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0 OyZndDsgZXBoZW1lcmFsPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQt ZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48 L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7 IGRyYWZ0KTwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTom cXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9z cGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxl PSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0Ozwvc3Bhbj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1 b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4N CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0OyBJIHRoaW5rIHRoZSBkcmFm dCBzaG91bGQgYmUgb3JnYW5pemVkIGZyb20gdGhlIGFzcGVjdHMgb2YgdGhlDQo8L3NwYW4+PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90 OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4N CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVw dDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDsgc2VjdXJpdHkgdG8gSTJSUyBhcyBzdWdn ZXN0ZWQgYWJvdmUuPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFt aWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286 cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7PC9z cGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGli cmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7IEhlcmUgYXJlIHNv bWUgZGV0YWlsZWQgcXVlc3Rpb25zIGFuZCBjb21tZW50cyB0byB0aGUgcmVxdWlyZW1lbnRzDQo8 L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2Fs aWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1z aXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDsgbGlzdGVkIGluIHRoZSBk b2N1bWVudDo8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6 JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDs8L3NwYW4+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZx dW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1z aXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDsgU2VjdGlvbiAxOjwvc3Bh bj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJp JnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwv ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6 MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0Ozwvc3Bhbj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3Nh bnMtc2VyaWYmcXVvdDsiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2Zv bnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0OyBUaGUgc2Vjb25kIHBhcmFncmFwaCBzdGF0ZWQg dGhlIHNlY3VyaXR5IHJlY29tbWVuZGF0aW9ucyBtdXN0DQo8L3NwYW4+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5z LXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWls eTpDb25zb2xhcyI+Jmd0OyZndDsgJnF1b3Q7c3BlY2lmeWluZyB3aGVyZSBzZWN1cml0eSBmdW5j dGlvbnMgbWF5IGJlIGhvc3RlZCZxdW90Oy4gRmlyc3Qgb2YgYWxsIEk8L3NwYW4+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVv dDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250 LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDsgZG9uJ3Qgc2VlIHRoZSBkcmFmdCBhZGRyZXNzIHRo aXMgYXNwZWN0LiBTZWNvbmQsIEkgdGhpbmsmbmJzcDsmbmJzcDsgJnF1b3Q7d2hlcmU8L3NwYW4+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZx dW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEw LjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDsgc2VjdXJpdHkgZnVuY3Rpb25zIGFy ZSBob3N0ZWQmcXVvdDsgaXMgb3J0aG9nb25hbCB0byAmcXVvdDtJMlJTIHNlY3VyaXR5JnF1b3Q7 IC48L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDs8L3NwYW4+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90Oywm cXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEw LjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDsgU2VjdGlvbiAzOjwvc3Bhbj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7 LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0 O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0Ozwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1z aXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2Vy aWYmcXVvdDsiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFt aWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0OyB3aGF0IGRvZXMgaXNvbGF0aW5nIHR3byBwbGFuZXMgbWVh bj8gZG9lcyBpdCBtZWFuIHRoZXkgaGF2ZSBkaWZmZXJlbnQNCjwvc3Bhbj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3Nh bnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFt aWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0OyBzZWN1cml0eSByZXF1aXJlbWVudC9pc3N1ZXM/IE9yIGRv ZXMgaXQgbWVhbiB0aGV5IG5lZWQgZGlmZmVyZW50IHByb3RvY29scz88L3NwYW4+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVv dDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250 LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox MS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1 b3Q7Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpD b25zb2xhcyI+Jmd0OyZndDsgV2hhdCBhcmUgdGhlIGtleSBkaWZmZXJlbmNlcyB3aXRoIHJlZ2Fy ZCB0byB0aGUgc2VjdXJpdHkgcmVxdWlyZW1lbnRzDQo8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNl cmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpD b25zb2xhcyI+Jmd0OyZndDsgZm9yJm5ic3A7IEkyUlMgcGxhbmUgYW5kIGZvciBtYW5hZ2VtZW50 IHBsYW5lPyZuYnNwOyBTZWN0aW9uIDMuMSBkZXNjcmliZXMgdGhlDQo8L3NwYW4+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVv dDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250 LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDsgaW50ZXJhY3Rpb24gYmV0d2VlbiBJMlJTIHBsYW5l IGFuZCBtYW5hZ2VtZW50IHBsYW5lLiBCdXQgSSBzZWUgdGhlDQo8L3NwYW4+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtz YW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZh bWlseTpDb25zb2xhcyI+Jmd0OyZndDsgc2VjdXJpdHkgcmVxdWlyZW1lbnQgZm9yIHRoZSBtYW5h Z2VtZW50IHBsYW5lIGlzIHNpbWlsYXIgdG8gSTJSUyBwbGFuZSAuPC9zcGFuPjxzcGFuIHN0eWxl PSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7 c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1m YW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7IElmIHlvdSB0aGluayB0aGF0IHRoZXkgYXJlIHZlcnkg ZGlmZmVyZW50LCBjYW4geW91IGVsYWJvcmF0ZSBtb3JlPzwvc3Bhbj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMt c2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5 OkNvbnNvbGFzIj4mZ3Q7Jmd0Ozwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtm b250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxv OnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFz Ij4mZ3Q7Jmd0OyBTZWN0aW9uIDMuNCBoYXMgdGl0bGUgJnF1b3Q7UmVjb21tZW5kYXRpb25zJnF1 b3Q7LCBidXQgdGhlIGNvbnRlbnQgYXJlIGFsbA0KPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJp ZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29u c29sYXMiPiZndDsmZ3Q7IHJlcXVpcmVtZW50cy4gV2h5IG5vdCBuYW1lIHRoZSBzZWN0aW9uICZx dW90O1JlcXVpcmVtZW50JnF1b3Q7Pzwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBw dDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsi PjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4m Z3Q7Jmd0Ozwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTom cXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+Jm5ic3A7PC9v OnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0OyBS RVEgMjogRG9lcyBpdCB0aGF0IGEgZGlmZmVyZW50IElQIGFkZHJlc3MgdGhhbiB0aGUgb25lIHVz ZWQgYnkgdGhlDQo8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1p bHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZndDsgbWFu YWdlbWVudCBzeXN0ZW0/PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQt ZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48 L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7 PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0Nh bGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD4mbmJzcDs8L286cD48L3Nw YW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7IEhvdyBpcyBS RVEgMjIgZGlmZmVyZW50IGZyb20gUkVRIDIxPzwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYm cXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNv bGFzIj4mZ3Q7Jmd0Ozwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZh bWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+Jm5i c3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7 Jmd0OyBSRVEgMjcgaXMgaGFyZCB0byBlbmZvcmNlLiBIb3cgYWJvdXQgc2F5IHNvbWV0aGluZyBs aWtlICZxdW90O3Nob3VsZG4ndA0KPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0 O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+ PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZn dDsmZ3Q7IHNlbmQgYW55IGluZm9ybWF0aW9uIGJleW9uZCB3aGF0IGhhdmUgYmVlbiBkZWZpbmVk IGJ5IHRoZSBJMlJTIGRhdGEgbW9kZWwmcXVvdDs/PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJp ZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29u c29sYXMiPiZndDsmZ3Q7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQt ZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD4m bmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZn dDsmZ3Q7IFJFUSAzMDogc2ltcGx5IGNvbnRyb2xsaW5nIHRoZSByZXNvdXJjZSBjYW4gaGFyZGx5 IHByZXZlbnQgRG9TLjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZh bWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0OyBN YWxpY2lvdXMgY2xpZW50IGNhbiBvY2N1cHkgdGhlIHJlc291cmNlIHdoaWxlIHRoZSB2YWxpZCBv bmUgY2FuJ3QgYWNjZXNzLjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250 LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0 Ozwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtD YWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+Jm5ic3A7PC9vOnA+PC9z cGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxl PSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0OyBUaGFua3Mg Zm9yIGNvbnNpZGVyYXRpb24sPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2Zv bnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86 cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsm Z3Q7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90 O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD4mbmJzcDs8L286cD48 L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7IExpbmRh PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0Nh bGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7PC9zcGFuPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1 b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41 cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7ICpGcm9tOippMnJzIFs8YSBocmVmPSJt YWlsdG86aTJycy1ib3VuY2VzQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+bWFpbHRvOmkycnMt Ym91bmNlc0BpZXRmLm9yZzwvYT5dICpPbiBCZWhhbGYgT2YgKlN1c2FuIEhhcmVzPC9zcGFuPjxz cGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVv dDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41 cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7ICpTZW50OiogTW9uZGF5LCBBdWd1c3Qg MTcsIDIwMTUgMTI6NTAgUE08L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9u dC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZn dDsgKlRvOioNCjxhIGhyZWY9Im1haWx0bzppMnJzQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+ aTJyc0BpZXRmLm9yZzwvYT48L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9u dC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+Jmd0OyZn dDsgKkNjOiogJ0plZmZyZXkgSGFhcyc7DQo8YSBocmVmPSJtYWlsdG86ZGFuaWVsLm1pZ2F1bHRA ZXJpY3Nzb24uY29tIiB0YXJnZXQ9Il9ibGFuayI+ZGFuaWVsLm1pZ2F1bHRAZXJpY3Nzb24uY29t PC9hPjsgJ0pvZWwgSGFscGVybic7DQo8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4w cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7 Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTpDb25zb2xhcyI+ Jmd0OyZndDsgPGEgaHJlZj0ibWFpbHRvOnNoYXJlc0BuZHpoLmNvbSIgdGFyZ2V0PSJfYmxhbmsi Pg0Kc2hhcmVzQG5kemguY29tPC9hPjsgJ0FsaWEgQXRsYXMnPC9zcGFuPjxzcGFuIHN0eWxlPSJm b250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fu cy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1p bHk6Q29uc29sYXMiPiZndDsmZ3Q7ICpTdWJqZWN0OiogW2kycnNdIGRyYWZ0LW1nbHQtaTJycy1z ZWN1cml0eS1yZXF1aXJlbWVudHMtMDAgMiBXZWVrIFdHDQo8L3NwYW4+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5z LXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWls eTpDb25zb2xhcyI+Jmd0OyZndDsgYWRvcHRpb24gY2FsbCAoOC8xNyB0byA4LzMxKTwvc3Bhbj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1 b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2 Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAu NXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0Ozwvc3Bhbj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMt c2VyaWYmcXVvdDsiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQt ZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0OyBUaGlzIGJlZ2lucyBhIDIgd2VlayBXRyBhZG9wdGlv biBjYWxsIGZvcg0KPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFt aWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286 cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7IGRy YWZ0LW1nbHQtaTJycy1zZWN1cml0eS1yZXF1aXJlbWVudHMuJm5ic3A7IFRoaXMgZHJhZnQgZGlz Y3Vzc2VzIHRoZQ0KPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFt aWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286 cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7IHNl Y3VyaXR5IHJlcXVpcmVtZW50cyBmb3IgdGhlIEkyUlMgZW52aXJvbm1lbnQuJm5ic3A7IFlvdSBj YW4gZmluZCB0aGUgZHJhZnQgYXQ6PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0 O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+ PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZn dDsmZ3Q7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZx dW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD4mbmJzcDs8L286 cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7IDxh IGhyZWY9Imh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1tZ2x0LWkycnMtc2VjdXJp dHktZW52aXJvbm1lbnQtcmVxcyIgdGFyZ2V0PSJfYmxhbmsiPg0KaHR0cHM6Ly90b29scy5pZXRm Lm9yZy9odG1sL2RyYWZ0LW1nbHQtaTJycy1zZWN1cml0eS1lbnZpcm9ubWVudC1yZXFzPC9hPjwv c3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxp YnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0OyAtPC9zcGFuPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1 b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9u dC1mYW1pbHk6Q29uc29sYXMiPiZndDsmZ3Q7IDAwPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJp ZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29u c29sYXMiPiZndDsmZ3Q7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQt ZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD4m bmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZn dDsmZ3Q7IEEgc2VjdXJpdHkgcmV2aWV3ZXIgd2lsbCByZXZpZXcgdGhpcyBkcmFmdCBkdXJpbmcg dGhlIHRpbWUgOC8yMCB0bzwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250 LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0 OyA4LzI1LiZuYnNwOyZuYnNwOyBXZSB3aWxsIHBvc3QgdGhlIHNlY3VyaXR5IGRpcmVjdG9yYXRl IHJldmlldyB0byB0aGlzIGRpc2N1c3Npb24uPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6 MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZx dW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29s YXMiPiZndDsmZ3Q7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFt aWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD4mbmJz cDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZndDsm Z3Q7IFN1ZSBIYXJlczwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZh bWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7Jmd0Ozwv c3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxp YnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFu PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJm b250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mZ3Q7PC9zcGFuPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1 b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41 cHQ7Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZuYnNwOzwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1z aXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2Vy aWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNv bnNvbGFzIj5fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXzwv c3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxp YnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTAuNXB0O2ZvbnQtZmFtaWx5OkNvbnNvbGFzIj5pMnJzIG1haWxpbmcgbGlzdDwvc3Bhbj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1 b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2 Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAu NXB0Ij48YSBocmVmPSJtYWlsdG86aTJyc0BpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPjxzcGFu IHN0eWxlPSJmb250LWZhbWlseTpDb25zb2xhcyI+aTJyc0BpZXRmLm9yZzwvc3Bhbj48L2E+PC9z cGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGli cmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48L286cD48L3NwYW4+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZToxMC41cHQiPjxhIGhyZWY9Imh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8v aTJycyIgdGFyZ2V0PSJfYmxhbmsiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpDb25zb2xhcyI+ aHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9pMnJzPC9zcGFuPjwvYT48L3Nw YW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJy aSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjEwLjVwdCI+Jm5ic3A7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQt ZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PG86cD48 L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0 eWxlPSJtYXJnaW4tYm90dG9tOjEyLjBwdCI+PGJyPg0KX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX188YnI+DQppMnJzIG1haWxpbmcgbGlzdDxicj4NCjxhIGhy ZWY9Im1haWx0bzppMnJzQGlldGYub3JnIj5pMnJzQGlldGYub3JnPC9hPjxicj4NCjxhIGhyZWY9 Imh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vaTJycyIgdGFyZ2V0PSJfYmxh bmsiPmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vaTJyczwvYT48bzpwPjwv bzpwPjwvcD4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48 L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_4A95BA014132FF49AE685FAB4B9F17F657D17BA5dfweml701chm_-- --_004_4A95BA014132FF49AE685FAB4B9F17F657D17BA5dfweml701chm_ Content-Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document; name="I2RS security requirement for closed enviroment v1.docx" Content-Description: I2RS security requirement for closed enviroment v1.docx Content-Disposition: attachment; filename="I2RS security requirement for closed enviroment v1.docx"; size=18064; creation-date="Mon, 24 Aug 2015 19:50:54 GMT"; modification-date="Mon, 24 Aug 2015 22:56:48 GMT" Content-Transfer-Encoding: base64 UEsDBBQABgAIAAAAIQDJMTxZgAEAACIGAAATAAgCW0NvbnRlbnRfVHlwZXNdLnhtbCCiBAIooAAC AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0 VMtOwzAQvCPxD5GvKHHLASHUtAceR6hE+QDX3rQR8UNep4+/Z5OUCEGbAmkvkZz1zszO7no02egi WoHH3JqUDZMBi8BIq3KzSNnb7Cm+ZREGYZQorIGUbQHZZHx5MZptHWBE2QZTtgzB3XGOcglaYGId GIpk1msR6OgX3An5LhbArweDGy6tCWBCHCoMNh49QCbKIkSPG/rdKPFQIIvum4sVV8qEc0UuRSCl fGXUN5Z4x5BQZn0Hl7nDK5LB+F6GKnKYYJf3Qtb4XEE0FT48C00y+Np6xZWVpaYakm6YPTptluUS 2vwKzXkrAZE810XSRrTIzaf+gzpMqefgKfP0QlrooyIwbAvA0ytocLvoyayptw45DUdvfqjGT4GK qR8OfMihnZ+D/iOEQO6fo/gd8q/KlyUGq3s70MD8pf5AGw+8/g5709cwXfXWq5fRozAT8wJ68/3Y vRb6qIg1zF/P1vov4F1C2uGX1v/DjM8Hs8re03Jev/DjDwAAAP//AwBQSwMEFAAGAAgAAAAhAJlV fgUEAQAA4QIAAAsACAJfcmVscy8ucmVscyCiBAIooAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACsks9Kw0AQxu+C77DMvZm0iog06UWE3kTi Awy70ySY/cPuVNu3dy2IBmrSg8ed+eab33zsenOwg3rnmHrvKlgWJSh22pvetRW8Nk+Le1BJyBka vOMKjpxgU19frV94IMlDqetDUtnFpQo6kfCAmHTHllLhA7vc2floSfIzthhIv1HLuCrLO4y/PaAe eaqtqSBuzQ2o5hjy5nlvv9v1mh+93lt2cmYF8kHYGTaLEDNblD5foxqKLUsFxuvnXE5IIRQZG/A8 0epyor+vRctChoRQ+8jTPF+KKaDl5UDzEY0VP+l8+GgwR3TKdorm9j9p9D6JtzPxnDTfSDj6mPUn AAAA//8DAFBLAwQUAAYACAAAACEAs76LHQkBAAC2AwAAHAAIAXdvcmQvX3JlbHMvZG9jdW1lbnQu eG1sLnJlbHMgogQBKKAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACsk89KxDAQxu+C7xDm btOuuohsuhcR9qr1AdJ2+gebpCSzat/eobDbLi710ktgvpDv+80w2e1/TCe+0IfWWQVJFINAW7iy tbWCj+z17glEIG1L3TmLCgYMsE9vb3Zv2GniR6Fp+yDYxQYFDVH/LGUoGjQ6RK5HyzeV80YTl76W vS4+dY1yE8db6ecekF54ikOpwB/KexDZ0HPy/96uqtoCX1xxNGjpSoQMSMSdBfbUvkZScFIi5gR5 HWGzKgINHc9wAhjrpfhkzXh7NDl6nsFEcJaWILZrQhCvB04AYynHM1lieFyToXKWMp13M46ztATx sCbEN+bvf1ZyJp5A5MVvS38BAAD//wMAUEsDBBQABgAIAAAAIQBJoYaLFxUAAAcBAQARAAAAd29y ZC9kb2N1bWVudC54bWzsXetu28gV/l+g7zBQgKLY+ConceKuVTi+AAGKNHXS3e2fADQ1sghTJEuO rCrIj32NAi2wz7KPsk/Sc+YizQyHstYbx4cqHSCSSIqaOdfvXGb47Z//NUnZLS+rJM+Oe/s7ez3G szgfJtn1ce/vHy62X/ZYJaJsGKV5xo97c171/jz4/e++nR0N83g64ZlgcIusOrqFs2MhiqPd3Soe 80lU7eQFz+DkKC8nkYCP5fXuJCpvpsV2nE+KSCRXSZqI+W5/b+9FT98mP+5Ny+xI32J7ksRlXuUj gV85ykejJOb6xXyjXOd31TfP9JDlL+6WPIUx5Fk1TorK3G1y37vBFMfmJrerJnE7Sc11s2KdXxuW 0Qz4MUnVsGd5OSzKPOZVBUfP1MnFHff3Vv22JiDeYvGNdYbg/qYZySRKssVtUDo8/i+YtwPM21W/ vYu3Wk4EaDEAWbrKh3N8LdjsCGRxeHnc29t7+fzg9Gy/Zw6d8VE0TUX9zDs8BH/P4WJ5k3clvpT6 5SLPRAU3iao4SY57p/m0THjJ3vIZ3np8klX1o3HlXriLN6w+wfW3UXrc6+/19JFTvLN1bFf/LrwW +Pv4WpvY85eH/df90MTcM5QnBvN8dCLPjsTgh519dsaLNJ9LW/Q+5llUJjkSXkjyNzHh4mLvxel5 iAmu3HVMULLfJOlAZzTdR1URxWACipJXvLzlvcGHMWcZF6DvN0yMI8HiPMt4DLoo4IzDIBAmUKOF 4mvWUJCv8NROiiJNYuU8tmpToTvuN/3L9+w0TdBrg09n8vPJNX6Mo4xdtZwtSdYiXiAESrng6ZzF aV7xIQCv26TMM2nH/pjs8B1WjOcVyFkK11S8iMpIcJYm2Q04nUSMYbqAyVg0nCRZUgk4m9xyNszR LW+Bti3ujzjMuXua3HBWTK9AiFmSCV6Cnm6xvGRVPuGzMS85HAZxEDMO35RXf/fu7RZ78+49jxkX 8U6N0K3SX9s0mVnaOr1UDq0sWjuQkFtMEihSZswYOHOXuzVMMdsjYBAmuH7ospX4hwhMCJvxtgjx 4HSpy6fSVvz8k20sGPwdy78/XIs/wQfr+r+CyDq+NihqHhh6BzHVAlIbzbbkz71cIiTLZ0vgC3AZ AAEEKPD1aAQmBu6IYAvMF6CE/rPFh8tpCgeiqcgVpiYB2y1AomihdZGCax883bb/HOYSUbfBtj8q I0T0qGnTUr9/6o+eAtsbTBjqfvOfM5Gg5ntO5h6ab6nGZmg+BW4PPjuss+xRPf9xSU+pfv7p559W TUDnOShQukGvVo0+qDOWGjyqC2uMx5EnNcTTccBN9IGf+s25P8w8fRP+C+kFYRa02gjdQ7E7s/Rg CXFUitU+gbwBZSStJ1A1ZFUM4G4FXAgby2/AX7kWqEOwUIRqSsQjcXTJi4JLaTeCDTsPpWrqfwbi if+YlThkJ/Y5mubC1aj2BRZrAHMK4h8WoLoLaZWdVtINMh+S/ddG9j0OQa9CPjovscIn5gXk+q7L aPJeRKXQCb+WkcDzSWB1QxM8z4Y4vaDHcqv8dmI/kFi1YFGXXsEM8heJz9puBY0mKl30NM4pphOK aWRU/NEDe6vG3s5EizSOnfN32qy+iNJuXPzYMs9nHPxqPrx4+ezFq5MeBRBm0nC+jSExto/+qFom DauGT1AG0O2sGjJ1XzNYMx3iQkhdG9LdsUbCulK+6hR+7EJNG0r5T5qUhl7VcTNK+U30xkwuIbva kODwR0/B1TYMVbdNfLbbJ/zhG4vZER/XS/zqZRCNxWjmZVGCeRLPJa/2Wl2exFvZ8kVCrpV5EkKp hdUqLjXcV20KlmnQ6F3R4LSLvsqMLqypT+52WdJa+sYeflv44rOAhMRvjkXxyWuLSPuAmj36Fgi4 K0brwIe7WltdtCGb2jcOUxgm04vdPi8rGljT8HQrWGIL1RDpTQxm4/eTB2ejC4ZWQZ7eXLYb+/qJ wZXBd54ALUpiFIlq5S2eqtI60+rgz4KCB2+C2v5Y6doaNDU1E7OQEBTls4uD81eHVGoY7aGsWprU NF6krLVO7NGzr600Er4zoSu3TWJAzwSvWVpxEeKdpRX38g5Qfr3dV7DZfJMBpRv8rO5Aowwow1BC ume98L7JhlDDmz80DZSesTOBFvtsY01//B3S/K1bQDXWPhQDkPgK5psdWXwWGABNTdb/0TRQ6rJ+ j5qTmlJz+0Tn48G/PMoOawEfj6kWK5aWb52A2hfczsh9ASOnF6BJexYmf6d3YMqtTQJxK8E1VnEZ +0/PrHrYWnV0s4/Mae2WME5e2andQ5TmDYxAoi9ov3iD4MKhe1ci2SitMyjevLIn5l3TqwKbjkyA 7+5c4JdzgTblTQbfHPM/d/p5n+10KScz3IyT4bt5VfrJzMf6KwpIp5wP5yhdivvqqD6zzzJm6Bzn BsNVVw7ADEvHKRVzoZ2+HhokTqyAFU6fNq8xpxdIGGb46miOq9eWsKN5xwtyhA9LzpLqK9sfCZVw w/NokwbIALkL1TYtQeKZrGDHV2v619bqxmtD/5qVn2K37Bvzb/XC0BaYO2i99wRu0RVCzvVgmOQP tktCfJkkxDIB61OYKIJtU5+mNh7ScIDx0H8Oobsc6wbkWMOFLFVMNAi5S9Y8xEOzsKQLATk2RtQK iR79XUjS6V3r9c6xow0dbR1g/pqPsNPaKANUtHtMPShq39hA87rM3XRW8YGtouaF5kTfcGD5avGi s5Abl8ReyzN24dUDPM7zQZGJta9F1074yO2EqGLqH/to3i0/q2O1M53KPajKLelvcwS50MCPNVyf XuFu0iIqS9bc5utevoFLeboIao0IKkgkb789y5i7Z6TQWBsrdJs590D7vsQmReEiYOBBiUcsh0fd M/k41LvizargaWoHnBRy1IPTcZauNfJlNYbCuMMcYk+ePMEHVnoTWpQurHUvrp3WKInCzHTzu3FM a0yFwqgb+NFYRGoDJ8JzQsa40woacde/2zvyu2c204iT1a4wT/GRti5PrbbQVrRoWQ/v1T6p4vEU nrrt2Y9a20DNKxnWEZv2fRwV0amEZZBBPaLmu4KmZe98b+91H7FOWSVD27S4ZzbQtKxDj7sir/9P Ip2+6vefPV8IzZ1Egr0iz/bN5VKSdCyLaMM8FUw/HOxRVmuiKFB6ONkd6/Ut6j36LjU7nlMI4WMK oHLQbxqoI74Uhtpg09+jE07EnL2pqimvWJQN2SX/5zQp+YRngk2zIYSPKrBklg935h00evuHB68P XxkF1TvHeAetzIF7RuqzPkRQn41nU1y2xvnYmhPmcp19bMiLNJ9LFsdRHVrSlVgeVUk691HjwkC0 hCPXyW0N+S7mgMBWYwAKfBgUPC9SziJH5634oyU0ZxXPKs7yEbzByMOfDgVah/WXXfE4msLYxZiz NMluKjgiZhxiwjf9y/dmMxW03f6kjKVCmTo/6O9fPCOxw194nnIy/gzoskU1h0QQw15PkyEfsqs5 i1gxnldJHKXslx//832Upr/8+N8d9mGcVL78MTS82pxNohvFXcsuT5KqYnE5jRO4mRRZ9NMQH8d8 COK74/J6HR+82t1aANDgViLw2QhxSwyNZnYskjwDQBWl80+ArFB3F1wU45JHomJJJo+3R+bjNK9A 0i0kiMINGpCDkIKMixwklN8idMQJj6IUzJZneHHWGpKcZ7dJmWeIQ9aR54vDw5cnLxeY0pJn90wX DqLVbN5xBXo7whYYbFadM2DBbFt1tRq5vD5/fnK+R8LLDMQ4n16PRXvUC9HJOLpNsmvXutfQFiEq hyUpYhXMAmCjT3xjzBGREJrFwEJSTUNW/ofQoMOkZ0OI3mMBUVKcZxm8A4MNdrlpVtQYkWcA0ks2 yesQ3chOWxjREpKHxajMp4KXVaPctIQJt0kEgANmAkCMZRA25eXNFpuNOeB2hChaRxCrAX4x6B2U J6nyNELdGZX5hOVwbWm+L9NkgMSFUi7A/as4TSmWd+OTmYpPmgbfEg57yNHyldRM2xuBMpZMirwU EULknPFJMYaU1icUxqiGVDbQ4JGd0gDA70lRpBC8Y+RmUC/AXceNwlUWVMCr0MLIAj14LY2etZ1Z Wceo44g4T+EWuocfUjWvDs/w+YMQ2uu8cgNqd61PMBPg1hTvKMlaBktnAor3Yg5YTg/tL0kl3kVl dF1GxVg9IfFRE984Y0xVBGfu9pf/6pmTmBgIAIE0WBpV4pJjQYgP30XX/DXkMG7k8zEb5PKHnf7O /mrr7Mbtl8rjWPL3qOTHJRCWRfDdJAGWiMHKxxORpy5aUopkDSNinWhvNcnDM5MeTeezU0jkZa5L oWF/xODUlxUDJhDoURf2MOVVPtWfFwnTcu6Pqk3UHiwzy840ghjhN6KjR3VSBvwQ0dGwlMuSCIQ+ JR/xssT0JoQ+GH07vIEp2CJ20D+4eHlAIpMcnpVVBbESCv6UKOhyePwWtlGdP8gRK7hpC3cGUINt D9WtcBIjRx0x+uMnqgiDtyqD5g+XrpBvyWSdL9nYK2GBHn86VKmPzQZQUs398dIlvyft/sCJEjps L0MOiy7lO8OCjQIPt9rSS2wEgaWGMEbKrYYF94xqWFDLJlCiiDXgUBDygWlVXmVCCGWOwiYEQC92 /vhzIEHgyh+VEVuMrulTFlonBLbZWajcnxAFMjfIRZLF6XTIj5whB22KF6yqlKlrTuwst3tGGhp9 yDI0d+b3s+lENQMm6W0KciEf7bSncv9w7s3QHHuuKxaLL3TBMYS1inZi8MFhrxfvrmIsXcmFkLHg oT4BCkMezBIxhtg8icebR3mZQImWFUvoFs4nk2mGBUwoWvoTJsEPaHmGQULrBHQ3q/4LewJbDBqh MTuUiOblBuiNzvb7B3uvSKSGBpA6oUjqBj9TCV4USOJKYKMVpOEiIaL4RgqTjIjjNIF2XGyRAa3B UoCYljWuySuhBrhe365n2VbD4Lp3SiBYnx2lfCSOe/t97XU6v7L0K2FeX57/bWUG79n54fP+OQ0l ip/ut0eJjmTLu5M9xeYd2SRtm2DpfCydwtZeqXLQUzLJs0RAi+MQvGeZ5ENcMpLOVbIK1inBAg/Z tKm+AT52WmyLfHuIlh06h5LtSZTOMBtUzUGjJ+vEop0SYj5gfJI90I6lG6CEFFVw8NQfFXBR7iuB QICSDastBqeAuMJSqSyYNE2rqEsJZp1KWOKPli6JWQWLT9KhsvmwJgqaCEfJtbLrkAOCs3ByBP1+ PAKYhZD9Oi/nAMO0IwEfUcJCfA7mfYj98PE4yq7hLTQbJ7ByDLxFPoOPNnzeYd+PYU0opqnhB+u/ BsmRuMwrWMAFfiaNygmsSVSDhB8DLMdL7Hdex5dotTOaqBuF9/bPD4Ors9zLZQ7CUlyd7OxQ3r2W bCHKi58eHLHJtBK4PBSb0qUMJNmohJY9WEEKCJ6zkzjmsKIUmzdVtVc2+Fc7qg4msby6BwiDJawS xMBqHi5wcRJ2vzbfFrthQVTrF6mfwtNGvn/58d8CVjGDHEJrvhJraY6UmuOoRgB07BodqBCHZfPY RCDVApdUgq4gCIIgBUcMrbuCyfHWR2DPfjlMj0SLYS70w0JsloK4sDqYpXvtKoPT2GjUxoqD3Msb snR0NSRIglUNWQESuPi0q4iga7vHEk5suu27AurlGVfxhYI/7Xpuv36Y4rT9gDnF9Qxb7Goq7BPt AV/bd0Jb6koQxu2qRRdzcoDx4nDvqDGt1PKkDZ1D9nDbyRTX2AZdoQ6kzFwtx++ekV7Pirq6PgCV 7gWimhpaWDEaG0ytarDVo+nk7rAXrNYfBqhyuezL6tPTUrxWV5np1vLuhL+lm3P03dYJuVxBsSu8 7plOhO4ETotWEmC72ocl0DsAQcW6FXmXAZd3VeTdyxv41VXkE1hv/ZbPHjZp21yRd7hIARaHDR/m etpcfm8JmaWDoIh/19+3xKqrPmrttHHzIXCTi/YFkqRubJBrixCT7AkJ27V6o4iVHnT6RCCZCc0M d3U1yMjpK+Asujk6gNB03VibehVItvu0p0zaukYPy/AADFjZ56GqKJ7zgppMPjovcW2jmBf8uAf7 ZkzIPWcJKx3rDLwVj1mCtjaoLX39Hhs3tPvVQXrnPO5V8uicRw6b+OtwWW7IUn0CYyN79E275MpK UnucRzt7bJRbePCGkP8JAAAA///kWM1S2zAQfpUdX8sE4wTSZEhmAqSdHtpJ4dCzkDe2poqkSjJp OPU1+np9kq5kB/JHD73gtAeCpZW0v7Pf7uol5sClQOVdB76UqMCXCMbiXBSVJaIvLbpSyxyEA261 c5ifAJPMLhwQoSLKPUKBCi3zmHfg8nQ59OPwa+OvGV8uhwZo6UR+O0rS9Co9m/bfJuutG5yzSvp9 ymxjKz4yoxeXQ6FyuipxTlfOsjQ5DZu2ptl3mlQhMnNciFFyrSsr0MInXAZ+5US5/V3utg/GB90j nX9gcpSsWbjH6/Dyxl7QMfCl/6bhTweinjO7I/yrCkgege8LOXSGcRwl5F+H9gGT8e3087bDSPy1 CkGB3rR/nk2TV7dwCCm2FVkbgrbO1uM3L4naNpt2XxK0dTY9HL/DvehtRah+8CFdIiVL5QWT4DWg cpRQj9zcBAfMAzNGCs680MoBswisItQgTWkvoAPXSiF/JjvkpLpckQ24XZl4Ju4JvwKj6S2B9UPG aoOWTkYWBD+Mcn3kSQws/vrxk86BWzmPC5hrS4iEJIcqSIRcePCWCel2jdyGkDgcvv87WrbAM5I5 f4sqp/DKZ6zAK4qor7EC+BchswUG98eDjr02ZpLxECK87Mq2LtuOBLnhAe0KxMJo65mi1K0Dbnir JSxLDSWjTM85QWighKZkV99WhPJkAwp3BTw2hwSsXTChPP2B81ZwD7xkqsAnzxA+c8wJzPcwdq1s KHC72cVkMGhF03AYdk9AdLBTK1cXD0/1C9U0e5G2qVs66Q/S8xbr9uQimFv8VlFZJld/UWbUWaTx 5NoAf+7Ub86yblq7vemG29uph449JBAqQ/1sq+PdGU4cssMdXQpxfj3Isl4dC6a4C/OCZZhIZL00 zhro+/wtfcdiwhQfWeDjtaH9Xn3EiqIMQ4xmea+914vndTPiaKglMipSRkmf5hH00Fxrv7EsKh+X DTuuZZhVNP1+uBKlyDV/b0UcnwiFM+F5OUq6F5FKJqmtEecZ9zpfxQ+6Ui0oisa/AQAA//8DAFBL AwQUAAYACAAAACEAlrWt4pYGAABQGwAAFQAAAHdvcmQvdGhlbWUvdGhlbWUxLnhtbOxZT2/bNhS/ D9h3IHRvYyd2Ggd1itixmy1NG8Ruhx5piZbYUKJA0kl9G9rjgAHDumGHFdhth2FbgRbYpfs02Tps HdCvsEdSksVYXpI22IqtPiQS+eP7/x4fqavX7scMHRIhKU/aXv1yzUMk8XlAk7Dt3R72L615SCqc BJjxhLS9KZHetY3337uK11VEYoJgfSLXcduLlErXl5akD8NYXuYpSWBuzEWMFbyKcCkQ+Ajoxmxp uVZbXYoxTTyU4BjI3hqPqU/QUJP0NnLiPQaviZJ6wGdioEkTZ4XBBgd1jZBT2WUCHWLW9oBPwI+G 5L7yEMNSwUTbq5mft7RxdQmvZ4uYWrC2tK5vftm6bEFwsGx4inBUMK33G60rWwV9A2BqHtfr9bq9 ekHPALDvg6ZWljLNRn+t3slplkD2cZ52t9asNVx8if7KnMytTqfTbGWyWKIGZB8bc/i12mpjc9nB G5DFN+fwjc5mt7vq4A3I4lfn8P0rrdWGizegiNHkYA6tHdrvZ9QLyJiz7Ur4GsDXahl8hoJoKKJL sxjzRC2KtRjf46IPAA1kWNEEqWlKxtiHKO7ieCQo1gzwOsGlGTvky7khzQtJX9BUtb0PUwwZMaP3 6vn3r54/RccPnh0/+On44cPjBz9aQs6qbZyE5VUvv/3sz8cfoz+efvPy0RfVeFnG//rDJ7/8/Hk1 ENJnJs6LL5/89uzJi68+/f27RxXwTYFHZfiQxkSim+QI7fMYFDNWcSUnI3G+FcMI0/KKzSSUOMGa SwX9nooc9M0pZpl3HDk6xLXgHQHlowp4fXLPEXgQiYmiFZx3otgB7nLOOlxUWmFH8yqZeThJwmrm YlLG7WN8WMW7ixPHv71JCnUzD0tH8W5EHDH3GE4UDklCFNJz/ICQCu3uUurYdZf6gks+VuguRR1M K00ypCMnmmaLtmkMfplW6Qz+dmyzewd1OKvSeoscukjICswqhB8S5pjxOp4oHFeRHOKYlQ1+A6uo SsjBVPhlXE8q8HRIGEe9gEhZteaWAH1LTt/BULEq3b7LprGLFIoeVNG8gTkvI7f4QTfCcVqFHdAk KmM/kAcQohjtcVUF3+Vuhuh38ANOFrr7DiWOu0+vBrdp6Ig0CxA9MxHal1CqnQoc0+TvyjGjUI9t DFxcOYYC+OLrxxWR9bYW4k3Yk6oyYftE+V2EO1l0u1wE9O2vuVt4kuwRCPP5jeddyX1Xcr3/fMld lM9nLbSz2gplV/cNtik2LXK8sEMeU8YGasrIDWmaZAn7RNCHQb3OnA5JcWJKI3jM6rqDCwU2a5Dg 6iOqokGEU2iw654mEsqMdChRyiUc7MxwJW2NhyZd2WNhUx8YbD2QWO3ywA6v6OH8XFCQMbtNaA6f OaMVTeCszFauZERB7ddhVtdCnZlb3YhmSp3DrVAZfDivGgwW1oQGBEHbAlZehfO5Zg0HE8xIoO1u 997cLcYLF+kiGeGAZD7Ses/7qG6clMeKuQmA2KnwkT7knWK1EreWJvsG3M7ipDK7xgJ2uffexEt5 BM+8pPP2RDqypJycLEFHba/VXG56yMdp2xvDmRYe4xS8LnXPh1kIF0O+EjbsT01mk+Uzb7Zyxdwk qMM1hbX7nMJOHUiFVFtYRjY0zFQWAizRnKz8y00w60UpYCP9NaRYWYNg+NekADu6riXjMfFV2dml EW07+5qVUj5RRAyi4AiN2ETsY3C/DlXQJ6ASriZMRdAvcI+mrW2m3OKcJV359srg7DhmaYSzcqtT NM9kCzd5XMhg3krigW6Vshvlzq+KSfkLUqUcxv8zVfR+AjcFK4H2gA/XuAIjna9tjwsVcahCaUT9 voDGwdQOiBa4i4VpCCq4TDb/BTnU/23OWRomreHAp/ZpiASF/UhFgpA9KEsm+k4hVs/2LkuSZYRM RJXElakVe0QOCRvqGriq93YPRRDqpppkZcDgTsaf+55l0CjUTU4535waUuy9Ngf+6c7HJjMo5dZh 09Dk9i9ErNhV7XqzPN97y4roiVmb1cizApiVtoJWlvavKcI5t1pbseY0Xm7mwoEX5zWGwaIhSuG+ B+k/sP9R4TP7ZUJvqEO+D7UVwYcGTQzCBqL6km08kC6QdnAEjZMdtMGkSVnTZq2Ttlq+WV9wp1vw PWFsLdlZ/H1OYxfNmcvOycWLNHZmYcfWdmyhqcGzJ1MUhsb5QcY4xnzSKn914qN74OgtuN+fMCVN MME3JYGh9RyYPIDktxzN0o2/AAAA//8DAFBLAwQUAAYACAAAACEAsOTFycEEAAA0DgAAEQAAAHdv cmQvc2V0dGluZ3MueG1snFdbr5tGEH6v1P9g8Vwf7wVYQPGpYIFedJJGdfID1nhtowCLlvVxTn59 BzBx0k6iqE9e5pv7DOuPV79+bJvVs7ZDbbqtRx+It9JdZQ51d9p679+V68hbDU51B9WYTm+9Fz14 vz7+/NOrazJo50BtWIGLbkjM1rvYLhmqs27VsG7ryprBHN26Mm1ijse60rcf72Zht97ZuT7ZbG5G D6bXHXg7GtsqNzwYe9rMlrmpLq3u3IYREm6sbpSDhIdz3Q+Lt/b/eoNQ58XJ8/eKeG6bRe9Kyfc0 b+VejT18tviR9EaD3ppKDwN0tm3mcltVd4ubofkRP3M/n+q9VfblCyePMLZPxrSra9JrW0FDYeaU eJsROJg3xuX10Dfq5a066cxcYOy21sMEQ17muHPKabAeet00045UjVaQ3TU5WdW2CmY6S2aX+qgu jXun9jtnelB6VpC/YLeI1VlZVTltd72qwJs0nbOmWfSmhKRpewv9mHOEXeqVG7O9DLosntSLuTgI tbkmdwiW+TCMOuPhb2Pc4pAQzgThYvY1oneEEBLkFEXSMA8ZjoiYBCiSsSILcSRkKZ5BQUiGxykD GqeYNyp4JmIc8dPUR5E8+BZSBGmGemPMz2WOeWMipLREkZQWPloPKyljGWbDGS8jjiNhGqO5fXum XLCQoTPlqZAM7Q6XAWXofHjpS47O1JeiyCIsa78QASswJAjCWKDdCSLB8D0IYub7aNZBylOCx5E8 i9DJhRR6jXY0pCHDKw2FTwmadRj5Ib6jgpAIjwNIXqB7LYgPY8D6JjglAp2PKBgkh9lE1I9DdHIR JxlBOxoFXOL3QRRykqJbFUUi5hLLIGZEMnRD4pDHAn1/4pwEFM06heaEaNZpSIoA9ZYKVvhobims aIruTipZ4OMZSEFz3KYIaYraZIQWAu1BRkUh0ZlmPAjw+w2QwkcrzQLYA/R2yeB+K9ANkVwQPDcZ CBmjcWRImY9ur4zhvgywPZCS8xidnCzCOEffRlmINEK7I0smGPqWwOqUPlppThknaJy85EWMxslL EeG3f0GF9NFeF5zREq20gJkG6O4UksH6Yn0rCsY4WmkpRJSiW1WWJJRTHGAHN07QJiPbe2sfX82n EhjHqp1piVTt3tZq9Xrkg8Ap2mRvP2R1t+B7DbxUf4nsLvsFXK9nYGhV05TAahYAqOCMHIBZ5fo4 OW5eK3u6e54G1SYWlR708c/P3kbKpu1v1lz62evVqv6P7gDiJSD158G3Sd25p7pd5MNlv1usOqCF X0DA8/56tqPDzb1B18QBk9djh55Ud1qYku7W73cj39NqcOlQq6336byWb0ZrIGGN3Y0fAPq16ntg dKC3P9Gt19Sns6OjmYMnYJUfpof9id0wNmHwNGLTg6rGYkH7dhgV5iNo3Q53GV9k/C7zF5l/lwWL LLjLwkUWjrLzC1Bj4LYfgGgvx1F+NE1jrvrw+yLcev8RzU0YzqrXMOqR+gIPNckkgDlOgtVzoj8C 79aH2sG3VV8fWvVx63Eiprflpg0cHJjtV7qjp1G5/0q6OigHM5j+jzZfGU+s+F+5AMvXVQ07untp 93em/TAn3tSD2+keSLkzFkqe2Pov017cP/ce/wEAAP//AwBQSwMEFAAGAAgAAAAhAGQsEMo6AQAA pQIAABQAAAB3b3JkL3dlYlNldHRpbmdzLnhtbJRSy27CMBC8V+o/RL4Xh9JSFJEgIcSpp5Z+gLE3 xJLttWyTFL6+S9IHfRzKyeud2fXsjueLV2uyFkLU6Eo2HuUsAydRabcr2ctmfTNjWUzCKWHQQckO ENmiur6ad0UH22dIiZgxoy4uFqFkTUq+4DzKBqyII/TgCKsxWJHoGnYc61pLWKHcW3CJ3+b5lAcw IpGC2Ggf2Xu37j/dOgzKB5QQIwmxZuhnhXasIo1Kt/H9zLpCKxpx8jC9m87uJ+OesEV1WOmWwFYY Qhk/0a0Ij1Cnj2z+mX3Su+aP9Ab9b+4SU0L7I0+Cliqc3khfNY5Wy4gYjyUjAyjwQtKy+1iiQVqs 2CccZJgzZZdVbr8puqw2nE9+SSnvXeiHHsJqPpy9MeiTtvoIawzLgF2EQAYQfva5qjcAAAD//wMA UEsDBBQABgAIAAAAIQDX+shQbQcAAPA6AAAPAAAAd29yZC9zdHlsZXMueG1stJvfU9s4EMffb+b+ B4/fKSEpSWGadii0V2ZaShuYe1ZshWjqWDlbKdC//lZrWzg2tnex+9T6h/az0q6+a0D79v3DJvJ+ ySRVOp77R69GvifjQIcqvpv7tzefDt74XmpEHIpIx3LuP8rUf//u77/e3p+m5jGSqQcG4vQ0mftr Y7anh4dpsJYbkb7SWxnDs5VONsLAZXJ3qFcrFcgLHew2MjaH49FoepjISBiAp2u1Tf3c2j3F2r1O wm2iA5mm4O0myuxthIr9d+BeqIMLuRK7yKT2MrlO8sv8Cv/5pGOTevenIg2UugHHYYobFevk81mc Kh+eSJGas1SJ8sOP+T37fG1fLD90I4PUlAx+UKHyDy00/Q3Dfolo7o/HxZ1z68TevUjEd8U9GR/c LsrOzP3f64PzK3trCXbnvkgOFmfW2CHOtPi3NOPt3vzhCl3ZigDWDsyIlZEQQwiJNRopG+vxbFpc /NhFcEPsjM4haABgZbNwWVl0CC0EepElCjyVqy86+CnDhYEHcx9ZcPP28jpROlHmce6fnFgm3FzI jfqswlDavMzv3cZrFcp/1zK+TWX4dP/7J8yy3GKgd7EB96czTIQoDT8+BHJrswxMx8IG+coOiKzZ tMRBh3bqyZvsRoWKN/8rkEdZDJ+lrKWwO8lD/1tBOOtdb9DYzqg8AbTL8nXS38Tr/iaO+5vA5O23 FrP+XoB+9o1IlhulrKQH1eggS77yOkxOWlLWjqhlUeeIWtJ0jqjlSOeIWkp0jqhlQOeIWsA7R9Ti 2zmiFs7WEYFA4apm0QRXg7Sxb5SJpB3fKkBHPaUuLzXetUjEXSK2a8/W1qrbbWK52C0NzVWU05eL 5cIkOr7rXBGoznbrvliTP262a5Eq+KjpWPpxz6W/EctIev8kKuxEHWfJV5sTfpg8W8KuIxHItY5C mXg38iGLKGP8lfYW2VdGp3M9w/pF3a2Nt1hjye2ETRsWvXklMvtfVIpr0LqZpg1T6TJOiuG0IS+b jX+VodptiqUhfI1MMz1nhLmCQBfbl+i1DVF9d3XOwgaAMoWsXPCngPYJ/mfFhW/fxpjif1aKXmif 4H9WuF5oH/OjPb5spbkQyU+PtL1m7L17riOdrHZRsQc65WHG3sEOQZsCexM7+ySRmLF38J58emdB AD+5UfKUHYsnHWVQ2OHIKLjZ6HNhB6Uie0eMGbEDVGGNGax+WssAsUX3h/yl7O+euMUAVdp9a3Zu 50nDCkAJIn1Df99p0/0NPW7QPCrlMoZfl6TSo9EmDTuPSsvzKat3jBj3K3wMUL8KyAD1K4UMUEN+ NH/zuJpIh/QvjgwWW5ZdFcO0IyvzjK3MDsQrAQPVTcL3V8Pubc6Fet0kUNgBqtdNAoUdnUotc3WT wBqsbhJYDVWjOUZlTeVMil03yyD3JUCY0TDiTQANI94E0DDiTQD1F+9uyHDiTWCxtcFpalm8CSB8 hfOjvgOVxZsAYmtDpnb574yKuodW2n+4HUC8CRR2gOriTaCwo9Mk3gQWvsLJhArLSR2BNYx4E0DD iDcBNIx4E0DDiDcBNIx4E0D9xbsbMpx4E1hsbXCaWhZvAogtDw5UFm8CCF/haMOz4o27/o+LN4HC DlBdvAkUdnQqguo+UgksdoAqLCfeBBa+wkmGnIXJzZnUMOJNmNEw4k0ADSPeBNAw4k0A9Rfvbshw 4k1gsbXBaWpZvAkgtjw4UFm8CSC2Njwr3rgZ/7h4EyjsANXFm0BhR6ciqE7nCCx2gCosJ94EFuZL b/EmgPCVl4I4MxpGvAkzGka8CaBhxJsA6i/e3ZDhxJvAYmuD09SyeBNAbHlwoLJ4E0BsbXhWvHGP /HHxJlDYAaqLN4HCjk5FUJ14E1jsAFVYTuoIrGHEmwDCxOwt3gQQvvICEO4iTpiGEW/CjIYRbwKo v3h3Q4YTbwKLrQ1OU8viTQCx5cGByuJNALG1wZ6zhfOi5OOpRw1JQD1nUJxqIAPHDUGiAvMJ/pAr mUAzk+w+HdITWMyQQWxID+oUP2j906Md7J40JAgZpZaR0nik+xFP6ZQaESazlk6Cm2/n3uesAaY2 DlNq/+QNdA+V24WwPck2DoGf5nELLTvb4mS5tQYNQra1K28Bwla0S2gIytt67GDb5wMvYlNVfhv/ bptT8f/Q9hYW74xG5yfj8evjvMEJTdadCNbgRQC9Ui1O5Efh3ekkPAhfdanhvDy69dSsUTiXn5t/ +rrK3ts7vQm3YA0b/Db2jHiLz3iGvHX1PHwli3fdQWjbQpe6PHTnrfBts4yyRjT4z2VsQwGdf/i3 tSzk4YPIzMLzcxlFXwW2rRm9bX41kiuTPT0aYZ2smFpqY/SmeXyCx8jRk+cMwBKXncku7SSa1z7e bZYygT6wlvW/0ra+YL/afuJmJ2KzcLudB95jXlNXvdm3vU3ltpH1xaVvzSmshE+P0belgIa8b7a/ rrbh6skCp/FwUPNWHI1Gxxd50ue9igrzw0Z37s+gZQItBNBjAk0JOxHlTQZwFyZbdCfmm6GYfvru fwAAAP//AwBQSwMEFAAGAAgAAAAhAD5wnb/2AAAAbAEAABMACAFkb2NQcm9wcy9jdXN0b20ueG1s IKIEASigAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnJDLboMwEEX3lfoPlveODYU2IEPU QLLuIu3eMoYg4Yc8Di2q+u81Sh/7LGfu6MyZ4bsPPaFZeRitqXCyYRgpI203mqHCr6cj2WIEQZhO TNaoCi8K8K6+v+Mv3jrlw6gARYSBCp9DcCWlIM9KC9jE2MSkt16LEEs/UNv3o1StlRetTKApY49U XiBYTdwfDl955RxuRXZWrnbwdlpc1K35D3xBvQ5jV+HPNm/aNmc5SQ9FQxKW7EnxUDwRtmUs3afN sXg+fGHk1uEUIyN0PB36SQyRNodycu8QfJ1kGcvyjBUJp/9dTn/31ZyuItc31d8AAAD//wMAUEsD BBQABgAIAAAAIQDvsJHo/AEAAP4DAAAQAAgBZG9jUHJvcHMvYXBwLnhtbCCiBAEooAABAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAJxTy27bMBC8F+g/CDo3ouTYaWrQDAoHhQ9pY8BKcmaplUSU IgmSduN+fZdS7DBtT/VpH4PheHZEb54HlR3AeWn0Kq+KMs9AC9NI3a3yh/rLxXWe+cB1w5XRsMqP 4PMb9v4d3TpjwQUJPkMK7Vd5H4JdEuJFDwP3Ba41blrjBh6wdR0xbSsF3BqxH0AHMivLKwLPAXQD zYU9E+YT4/IQ/pe0MSLq84/10aJgRmsYrOIB2LcoRxWNCQMl5ymtTeCqlgOwav4JF+eWbnkHnl1S MhX0ybjGs4+LK0qmkq577rgI6CGbX1YzSpIB/WytkoIHtJd9lcIZb9qQ3Y9GZJGAkhRC0ZwdiL2T 4chKStKW3kkdpSwomSrU5njnuO09qxCctHQnuII1esBarjxQ8jqgG+DxvlsuUTI9hOUBRDAu8/IX XniWZ9+5h+jcKj9wJ7kO6GCETc1YK+uDY7UMCrlxN/VjmcLSWs5ZNQKweAuMBJMGXLxVN77g71v8 b+EfYqtU7KhhkprIScrzG3+wrs1guT6yzZ7/BJnVIHptlOliuNem+HAXmgLP+oKKd/jhH2xtbmOi Xvx9O0xC8SRDv7Nc4OkW5eI6jUeyojtMETR47xPh64Bu8BZOxVcxWrqD5oT5exED9zh9zqyaFSX+ xoSdZpiS83fGfgMAAP//AwBQSwMEFAAGAAgAAAAhAMqKKR9PAQAAegIAABEACAFkb2NQcm9wcy9j b3JlLnhtbCCiBAEooAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIySUU+DMBSF3038D6Tv 0MLGnA2wRM2etsTEGY1vTXu3NdJC2jq2f2+BDVn0wcfbc/rdc2+bLY6qDA5grKx0juKIoAA0r4TU uxy9bpbhHAXWMS1YWWnI0QksWhS3NxmvKa8MPJuqBuMk2MCTtKW8ztHeuZpibPkeFLORd2gvbiuj mPOl2eGa8U+2A5wQMsMKHBPMMdwCw3ogojNS8AFZf5myAwiOoQQF2lkcRzH+8Towyv55oVNGTiXd qfYzneOO2YL34uA+WjkYm6aJmkkXw+eP8ft69dKNGkrd7ooDKjLBKTfAXGWK1d0kJdMMj47a9ZXM urXf9FaCeDgNrt9KazZwkO0bFXGS4XHtG3Vz9d1ABD4p7ee6KG+Tx6fNEhUJidOQzMNkuonvaUoo IR9tqqv7bfL+QJ2z/Y+YJDSdXRMvgKJLfP1bim8AAAD//wMAUEsDBBQABgAIAAAAIQCBFtgQWgIA AEoIAAASAAAAd29yZC9mb250VGFibGUueG1svJVNjtowFMf3lXqHyPtOHBMgoAmjES3LWXSm6toE ByzFdmQHMpyhy96jN+ht2nv0xXYoH5mWqNUQ8fXy/PL8899/3949iyLYMW24kimKbjAKmMzUist1 ij49Ld4lKDAVlStaKMlStGcG3c3evrmtp7mSlQlgvDRTnaJNVZXTMDTZhglqblTJJNzLlRa0gr96 Hao85xl7r7KtYLIKCcajULOCVvBss+GlQb5afU21WulVqVXGjIFmReHqCcolmvnugnoqqYCun7hg JnhgdfBRCeoSSiqVYRHk7GiRIkzgGuEBHuIY3gR+xShsKmUbqg2rDonYhXMqeLFvo9rWtfklr7JN G99RzemyYG6M4Wu4sTVLnKIPGGNyv1ggF4lSNIfIOIkjHyHQlHtNfGRwiMAyQWO2jk2JXB2IQB0/ yvYZunW6IDJXW82ZbphYXJc0xkBgYqk0NOJeNIRaMS3dnE9w5PyZrXqwGLwGi0cuHrdOFLSoHkAx 7er9/Pblx/evfh4XeolALxgoRe3lEs/0koxc+FQvdFspX/c6ufhFbYHAMpMkWTTRc0TR6C9yiWGQ Fdn1cvkMW6zxBNMplqFv7uirEwUm/xNFO3FAEfknn6M4wOncOcnRqOtRPO7FUhUvcBiCFAi8xyAN AjYy7sGhv4W0vP20XxnEnBZ8qXknCYIX1kQbU41hi8BnN4lOMzU1N8bln7jHn80Uk2MzbUR+Pz9E fptpa6+dkrBEo4k15eslMacCQNAXSDTHiTtWmuOlH4n+mmiOlUsSOO4g0W6gfyHhzxcz+wUAAP// AwBQSwMEFAAGAAgAAAAhAFPqMPZZBQAACTYAABIAAAB3b3JkL251bWJlcmluZy54bWzsW81u2zgQ vi+w72AI8DGx/qUYdQpbtYAudosFmsWeZZmOidUfKNlurn2ZfYR9rL7CDknJlRTZsWQrZQNfYoTk DDkzHM7H4ejd+y9hMNgikuI4mkjKrSwNUOTHSxw9TqS/HtwbWxqkmRctvSCO0ER6Qqn0/v7XX97t xtEmXCACAwfAI0rHW+heZ1kyHo1Sf41CL72NExRB5yomoZfBv+RxFHrkn01y48dh4mV4gQOcPY1U WTalnE08kTYkGucsbkLskziNVxklGcerFfZR/lNQkFPm5ZQfYn8ToihjM44ICmANcZSucZIW3MKu 3EDEdcFke0yIbRgU43bJKbMtibcDPYcBX/YuJsuExD5KU2j9wDv3HBX52Ny5AimLPcUpS6jOWawk 9HC0Z0O3R83+e+PdgvFGfO4RZfVdENDFPWwmb5FmxPOzT5twUPnv43IiyWxIlOIl9G29AFqMqas7 piuNKHG4CTL8O9qi4OEpQcUY1hrQVj4qC5Og6NNmum1bc5n3BFvageGnmAu2PMmKwQofBfvdDfeN S+Tj0MtZA+UD+rLvGyq3e8a/+QWbAK0y3pz8SeiycUTloc0TyVLB83bjtRc9MtfTTLa20W6cDyac hrhxlKV0JI6AbIlWHghP2cJQNgZ+YTmUf1kshanwbLGGqnCSqReTbKi1Fk6R7ardqB25MS5jN+2S 0g118QTULyzg0Ggvo65XjcisekkrGpcXcmgKKKfZi5xDq72otlwzKbXxJU1q9SXq0BZQWrtHaYd3 rQVWFQiP5XCpUHufZ16ImyUQ8iIm4QG1jElU486xZnOTruMQJlk/LQhe/kHxygFk4liWOZ1rOZdy CGcSZ0ngTyRXm02d2YzjompQZ2pg4LwEVhabIEA5+KhhlRu+XGjtC6l4qY/xRHLiDcGIDD6hHTUd 8tJsmmLvAW4KABxDHMVknrcx005Bt8+o/PRZU2sgBJNzLcq6fCfLskany+BSAHcBeoc5FSodUWrc VqlKPQS9iP+atbruSWsq0xHbe7nWjMtr7dvXf9vq7dlBcKre/gaUTS+5cO0DLM21Vm1rh6/5Jior SOlDQf+1VpBdA6inKujzU7iI4Z66106poZ1qdKaIsmpE8DjQQzWEnKqY2jnWl8dx/yprTQyP07W2 N9X8pKp61/keBwmj2kEuhscZcEAytzn5Kp8rqORgXDulhnYeZz1TjQgeZ1g10CaYx0Gms7ahxPA4 U+94hJ/vcS0xMU/FlDGx5pqqqVpzHraa83QvY2LXndlzXbf3wQ8MVWTr9jabwnbSZaXpCto7Ju5q oVosuWLickpUgVeBTgdpTat9RWhRMbFyJ0iEFhYTmz88QguKiWlEhgP19FeI172FCouJ668ApyKb 8yN09ZVHVEwM8bHbxipB4LeJiY2OZ/UrxThhMbHa8Qg/3+NaYmL+gFfGxIZs6Kbm6udhYkuf6pA1 PJ4ntmxHdpyp05C97x0Tt37Rbo4lV0xcwcTXPPFEuuaJaQnMkeeHb1+veeIDz12tX2YAynWDLq8U oYXFxNc8sXS04uuaJ6bP5A2lcNc8MZzuHWLcz5Mn5jVfFUzsKJam6MYxTPxT1XO2zqS0LmOg3lMt /eDKa1Wm2qGes2/Jfmg9Z/3S8tbKOfuWT4Rqznoy7q1Wc/YuZ9NTWrczBiqrofYYSnOharVLNWf9 1svKpc4r96smToWq5uxdWsGqOVnxZvnZoZdqToiLMAf8pV+U8Bq/Ur3nR/opBvu0hOXlIMkHI2mI rZDx2NRIxj4SOUDGc4CNZEXVatNs/DBtJNOoHx6YjRebN5KpZTJOzj/huv8fAAD//wMAUEsBAi0A FAAGAAgAAAAhAMkxPFmAAQAAIgYAABMAAAAAAAAAAAAAAAAAAAAAAFtDb250ZW50X1R5cGVzXS54 bWxQSwECLQAUAAYACAAAACEAmVV+BQQBAADhAgAACwAAAAAAAAAAAAAAAAC5AwAAX3JlbHMvLnJl bHNQSwECLQAUAAYACAAAACEAs76LHQkBAAC2AwAAHAAAAAAAAAAAAAAAAADuBgAAd29yZC9fcmVs cy9kb2N1bWVudC54bWwucmVsc1BLAQItABQABgAIAAAAIQBJoYaLFxUAAAcBAQARAAAAAAAAAAAA AAAAADkJAAB3b3JkL2RvY3VtZW50LnhtbFBLAQItABQABgAIAAAAIQCWta3ilgYAAFAbAAAVAAAA AAAAAAAAAAAAAH8eAAB3b3JkL3RoZW1lL3RoZW1lMS54bWxQSwECLQAUAAYACAAAACEAsOTFycEE AAA0DgAAEQAAAAAAAAAAAAAAAABIJQAAd29yZC9zZXR0aW5ncy54bWxQSwECLQAUAAYACAAAACEA ZCwQyjoBAAClAgAAFAAAAAAAAAAAAAAAAAA4KgAAd29yZC93ZWJTZXR0aW5ncy54bWxQSwECLQAU AAYACAAAACEA1/rIUG0HAADwOgAADwAAAAAAAAAAAAAAAACkKwAAd29yZC9zdHlsZXMueG1sUEsB Ai0AFAAGAAgAAAAhAD5wnb/2AAAAbAEAABMAAAAAAAAAAAAAAAAAPjMAAGRvY1Byb3BzL2N1c3Rv bS54bWxQSwECLQAUAAYACAAAACEA77CR6PwBAAD+AwAAEAAAAAAAAAAAAAAAAABtNQAAZG9jUHJv cHMvYXBwLnhtbFBLAQItABQABgAIAAAAIQDKiikfTwEAAHoCAAARAAAAAAAAAAAAAAAAAJ84AABk b2NQcm9wcy9jb3JlLnhtbFBLAQItABQABgAIAAAAIQCBFtgQWgIAAEoIAAASAAAAAAAAAAAAAAAA ACU7AAB3b3JkL2ZvbnRUYWJsZS54bWxQSwECLQAUAAYACAAAACEAU+ow9lkFAAAJNgAAEgAAAAAA AAAAAAAAAACvPQAAd29yZC9udW1iZXJpbmcueG1sUEsFBgAAAAANAA0AQgMAADhDAAAAAA== --_004_4A95BA014132FF49AE685FAB4B9F17F657D17BA5dfweml701chm_-- From nobody Tue Aug 25 10:04:17 2015 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 707691A90F0 for ; Tue, 25 Aug 2015 10:04:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.277 X-Spam-Level: X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4Ae13fZB2yzK for ; Tue, 25 Aug 2015 10:04:11 -0700 (PDT) Received: from mail-io0-x22f.google.com (mail-io0-x22f.google.com [IPv6:2607:f8b0:4001:c06::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F65C1A8913 for ; Tue, 25 Aug 2015 10:04:11 -0700 (PDT) Received: by iods203 with SMTP id s203so194460208iod.0 for ; Tue, 25 Aug 2015 10:04:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=P6TK5j9K017aFgxdkcayB319n3k9sWT/1Mf4MiB2sIo=; b=GrrccDHilz0slLjo210RY/dQXAsZllXL/nvQnXlmaL+5Vah931s/TIb7DwksxNizMZ Wp/5cH7LQk08J85+qilcgYqKbBRwQUE/Gl+iZ546wFpd2fvRu7D/ldPvLyN/kuPlbyFt XsPHwh9yQWXnQCzPHNL8WtO0p3uXhRwnRNbs8RcZuuvHwBPCORRryaBY7N5PWSqLdbFv RbnDuU8p52Df+5fXrMiGyoB7gPHdZ8dbISPWKxvSfcqPvNzjZgk1TbVFPjWvvvyVMqYY wrkujGQBCcIMtKvT0qMWnLNv1Ubr3dTHbb3HXFPUnZPpR/xlbk5WhBfoIco+FlctutUq IWVQ== MIME-Version: 1.0 X-Received: by 10.107.37.12 with SMTP id l12mr22591672iol.92.1440522250573; Tue, 25 Aug 2015 10:04:10 -0700 (PDT) Sender: mglt.ietf@gmail.com Received: by 10.79.21.196 with HTTP; Tue, 25 Aug 2015 10:04:10 -0700 (PDT) In-Reply-To: <4A95BA014132FF49AE685FAB4B9F17F657D17BA5@dfweml701-chm> References: <4A95BA014132FF49AE685FAB4B9F17F657D1757E@dfweml701-chm> <4A95BA014132FF49AE685FAB4B9F17F657D17BA5@dfweml701-chm> Date: Tue, 25 Aug 2015 13:04:10 -0400 X-Google-Sender-Auth: ocXw-CTE5p2i933LsFBkIvymIRY Message-ID: From: Daniel Migault To: Linda Dunbar Content-Type: multipart/alternative; boundary=001a1141b24e095bc3051e25b9e8 Archived-At: Cc: Jeffrey Haas , "i2rs@ietf.org" , "Joel M. Halpern" , Susan Hares , Alia Atlas Subject: Re: [i2rs] Suggested section/text to be added to draft-mglt-i2rs-security-environment-reqs-00 to address security threats in Closed Envionment. X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Interface to The Internet Routing System $IRS$" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Aug 2015 17:04:16 -0000 --001a1141b24e095bc3051e25b9e8 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi Linda, Thank for the comments. I am currently addressing all comments I received.. I hope I can provide a updated version soon. I will keep you informed as soon as I have something more or less in shape. BR, Daniel On Tue, Aug 25, 2015 at 12:21 PM, Linda Dunbar wrote: > Daniel, > > > > I added 3 more I2RS security requirements for the =E2=80=9CClosed Environ= ment=E2=80=9D, > please use the revised section attached. > > > > Cheers, > > Linda > > > > *From:* i2rs [mailto:i2rs-bounces@ietf.org] *On Behalf Of *Linda Dunbar > *Sent:* Monday, August 24, 2015 5:09 PM > *To:* Daniel Migault > *Cc:* Jeffrey Haas; i2rs@ietf.org; Joel M. Halpern; Alia Atlas > *Subject:* [i2rs] Suggested section/text to be added to > draft-mglt-i2rs-security-environment-reqs-00 to address security threats = in > Closed Envionment. > > > > Daniel, > > > > Thank you for willing to address my comments. To make it easier for you, = I > put together a section to describe the security threats in Closed > Environment and necessary requirement for I2RS. See the attached. > > > > Closed environment deployment can easily give people a sense of secure > because the links between I2RS Client and I2RS Agent are guided by a > physical =E2=80=9CWall=E2=80=9D. The false sense of =E2=80=9CSecure=E2= =80=9D is actually more dangerous > because it can easily make the deployment miss the crucial security > procedure. > > > > Therefore, I think it is important to have a dedicated section on securit= y > threats and requirement for the Closed Environment. > > > > Linda > > > > *From:* mglt.ietf@gmail.com [mailto:mglt.ietf@gmail.com > ] *On Behalf Of *Daniel Migault > *Sent:* Monday, August 24, 2015 12:55 PM > *To:* Linda Dunbar > *Cc:* Joel M. Halpern; i2rs@ietf.org; Jeffrey Haas; Alia Atlas > *Subject:* Re: [i2rs] Review comments to > draft-mglt-i2rs-security-environment-reqs-00 (was RE: > draft-mglt-i2rs-security-requirements-00 2 Week WG adoption call (8/17 to > 8/31) > > > > Hi Linda, > > Thank you for your comments. I agree we need to address more specifically > or explicitly the "most common" use case. I agree with your comments and = we > will consider them to improve and clarify the text of the next version. > Thank you. To me the i2rs plane provides a limited number of > functionnalities that may be provided to different independant tenants. > > BR, > > Daniel > > > > > > On Mon, Aug 24, 2015 at 1:37 PM, Linda Dunbar > wrote: > > Joel, > > > > Agree with you that =E2=80=9Cwe don=E2=80=99t need to build different pro= tocol stacks for > the different deployments=E2=80=9D. > > But the =E2=80=9Cenvironment-req=E2=80=9D draft is not about =E2=80=9CPro= tocol=E2=80=9D, but about > security issues under different =E2=80=9Cenvironment=E2=80=9D. > > > > Among all our customers who are interested in I2RS, majority of them > (>90%) will deploy them in a closed environment, i.e. physically secured > connection between I2RS agent and I2RS client. Therefore, it is important > to =E2=80=9Cprovides an analysis of the security issues of=E2=80=9D of th= is commonly > deployed environment. > > > > I suggest adding this Figure to Section 1 of the document: > > > > Closed (over open Chnl ###>) Open (over secure Chnl --->) > > +---------------------------------+ > > | *********************** | *********************** | > > | * Application A * | * Application B * | > > | * * | * * | > > | * +----------------+ * | * +----------------+ * | > > | * | Client A | * | * | Client B | * | > > | * +----------------+ * | * +----------------+ * | > > | ******* ^ ************* | ***** ^ ****** ^ ****** | > > | # | | | | > > | # | | | |-----| > > | # | | | > > | ************ v * * * * ********| ***************** v * v ******** > > | * +---------------------+ | * +---------------------+ * > > | * | Agent 1 | | * | Agent 2 | * > > | * +---------------------+ | * +---------------------+ * > > | * ^ ^ ^ ^ | * ^ ^ ^ ^ * > > > > > > > > Just think about this fact: today=E2=80=99s router configuration in produ= ction > environment can only be performed by a few authorized people with EMS/NMS > physically and securely separated. If the majority of the I2RS environmen= t > requirement is about open connection, I2RS WG will spend a lot energy > developing the very sophisticated protocols which is expensive to develop > and harder to deploy. > > > > I am not against this development, but IMHO, to gain wider and quicker > I2RS deployment in production environment, it is necessary to have a very > *lean* I2RS solution first, and to have a well documented security > requirement for the common deployment environment. E.g. a single Controll= er > (or the I2RS client) directly connected to their devices via their intern= al > network, where the connection is physically isolated from other network a= nd > protected by separate mechanisms. Also remember, many operators will use > I2RS to control a small number of selective routers (mostly routers at > ingress/egress boundary) for value added services. > > > > > > > > Some of my detailed questions and comments to the =E2=80=9Csecurity-requi= rements=E2=80=9D > are still applicable to the =E2=80=9Cenvironment-req=E2=80=9D document be= cause they have > the same text. Plus a few more for the =E2=80=9Cenvironment-req=E2=80=9D = document. Hope the > authors can address them. > > > > > > Section 3: > > > > What are the key differences with regard to the security requirements for > I2RS plane and for management plane? Section 3.1 describes the > interaction between I2RS plane and management plane. But I see the securi= ty > requirement for the management plane are all applicable to the security > requirement to I2RS plane . If you think that they are very different, ca= n > you elaborate more? > > > > Section 3.4 has title =E2=80=9CRecommendations=E2=80=9D, but the content = are all > requirements. Why not name the section =E2=80=9CRequirement=E2=80=9D? > > > > REQ 2: Does it that a different IP address than the one used by the > management system? > > > > REQ 21: is more about I2RS requirement, less about =E2=80=9CSecurity=E2= =80=9D requirement. > > > > REQ 24: isn=E2=80=99t it the general goal of I2RS? Not really security pe= r se. > (should be included in the general I2RS requirement or architecture). > > > > > > REQ 26: simply controlling the resource can hardly prevent DoS. Malicious > client can occupy the resource while the valid one can't access. > > > > Thanks for your consideration, > > Linda > > > > > > -----Original Message----- > From: i2rs [mailto:i2rs-bounces@ietf.org ] On > Behalf Of Joel M. Halpern > Sent: Friday, August 21, 2015 12:20 PM > To: Linda Dunbar; i2rs@ietf.org > Cc: 'Jeffrey Haas'; daniel.migault@ericsson.com; 'Alia Atlas' > Subject: Re: [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG > adoption call (8/17 to 8/31) > > > > Yes, one of the two last calls is for the environment document. > > > > Having a dedicated physical channel is one of the ways identified in the > draft to provide the required isolation. > > > > While such an environment is clearly supportable, I do not think we shoul= d > reduce the internal protocol requirements (such as MTI security for the > control channel) just because there are circumstances where such it won't > be needed. I don't expect that we will build different protocol stacks f= or > the different deployments. > > > > The purpose of this draft is to describe the environmental assumptions, > which assumptions can be met in various ways. > > > > Yours, > > Joel > > > > On 8/21/15 12:56 PM, Linda Dunbar wrote: > > > Joel, > > > > > > If it is the "environmental one", it is more important to differentiate > the requirements for different environments on how the I2RS client & Agen= t > are connected. > > > > > > One of our customers stated that their environment has a single > Controller (or the I2RS client) directly connected to their devices via > their internal network, where the connection is physically isolated from > other network and protected by separate mechanisms, they don't need all > those sophisticated authentication procedure. > > > > > > We need to address this environment, i.e. having a simpler security > requirement for this environment than the environment where I2RS Client i= s > connected via public network. > > > > > > Linda > > > > > > > > > -----Original Message----- > > > From: Joel Halpern Direct [mailto:jmh.direct@joelhalpern.com > ] > > > Sent: Friday, August 21, 2015 10:53 AM > > > To: Linda Dunbar; i2rs@ietf.org > > > Cc: 'Jeffrey Haas'; daniel.migault@ericsson.com; 'Joel Halpern'; 'Alia > Atlas' > > > Subject: Re: [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG > > > adoption call (8/17 to 8/31) > > > > > > First, there may be some confusion because the announcement. I presume > that you are talking about the -environments documents. > > > > > > If the WG concludes that a different chapter structure is useful, we ca= n > of course change it. Given that the goal is environment description, I a= m > not sure your proposed structure is significantly better than the existin= g > one. > > > > > > I believe your comment about the text reading "where security function= s > may be hosted" is well taken, and we should remove that text when we next > revise the document. > > > > > > The isolation text is about the need to keep things separate, and the > various possible means are degrees / approaches to separation. > > > Isolation is not about treating things differently, nor is it explicitl= y > about using different protocols. So the point of isolation is not that > there are different security requirements, but that in order to avoid > corss-effects, things should be kept separate. > > > > > > Yours, > > > Joel > > > > > > On 8/20/15 6:42 PM, Linda Dunbar wrote: > > >> I support the WG adoption because I think the I2RS WG needs it. > > >> However, I hope the authors can consider/address the following > suggestions/comments: > > >> > > >> When you think about the I2RS security, there are following > > >> different > > >> aspects: > > >> > > >> -Communication channel between I2RS client and Agent (and the channel > > >> between I2RS client and applications): > > >> > > >> The channel can be > > >> > > >> oVia physical Private network (e.g. within a secured direct connect > > >> within one site), > > >> > > >> owithin one administrative domain, via virtual private network > > >> > > >> oSecured connection, such as TLS or IPSec > > >> > > >> oPublic internet > > >> > > >> o.. > > >> > > >> -Authentication & Authorization > > >> > > >> othe authentication & authorization requirement for different > > >> communication channels can be different. Therefore, should have > > >> separate sections to address specific requirement for each > > >> communication channels between I2RS agent <-> clients (and client <-> > > >> applications) > > >> > > >> The current Section 4 of the draft already has very good description > > >> on the subject. I think 4.4.1 and 4.42 can be separated out of the > section. > > >> > > >> -Encryption for the actual content between Client and Agent > > >> > > >> -DoS Design requirement (currently in Section 5.2.1) > > >> > > >> -Management of conflict with other plane (e.g. the management plane, > > >> multi-headed control, which has been discussed extensively in > > >> ephemeral > > >> draft) > > >> > > >> I think the draft should be organized from the aspects of the > > >> security to I2RS as suggested above. > > >> > > >> Here are some detailed questions and comments to the requirements > > >> listed in the document: > > >> > > >> Section 1: > > >> > > >> The second paragraph stated the security recommendations must > > >> "specifying where security functions may be hosted". First of all I > > >> don't see the draft address this aspect. Second, I think "where > > >> security functions are hosted" is orthogonal to "I2RS security" . > > >> > > >> Section 3: > > >> > > >> what does isolating two planes mean? does it mean they have different > > >> security requirement/issues? Or does it mean they need different > protocols? > > >> > > >> What are the key differences with regard to the security requirements > > >> for I2RS plane and for management plane? Section 3.1 describes the > > >> interaction between I2RS plane and management plane. But I see the > > >> security requirement for the management plane is similar to I2RS plane= . > > >> If you think that they are very different, can you elaborate more? > > >> > > >> Section 3.4 has title "Recommendations", but the content are all > > >> requirements. Why not name the section "Requirement"? > > >> > > >> REQ 2: Does it that a different IP address than the one used by the > > >> management system? > > >> > > >> How is REQ 22 different from REQ 21? > > >> > > >> REQ 27 is hard to enforce. How about say something like "shouldn't > > >> send any information beyond what have been defined by the I2RS data > model"? > > >> > > >> REQ 30: simply controlling the resource can hardly prevent DoS. > > >> Malicious client can occupy the resource while the valid one can't > access. > > >> > > >> Thanks for consideration, > > >> > > >> Linda > > >> > > >> *From:*i2rs [mailto:i2rs-bounces@ietf.org ] *On > Behalf Of *Susan Hares > > >> *Sent:* Monday, August 17, 2015 12:50 PM > > >> *To:* i2rs@ietf.org > > >> *Cc:* 'Jeffrey Haas'; daniel.migault@ericsson.com; 'Joel Halpern'; > > >> shares@ndzh.com; 'Alia Atlas' > > >> *Subject:* [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG > > >> adoption call (8/17 to 8/31) > > >> > > >> This begins a 2 week WG adoption call for > > >> draft-mglt-i2rs-security-requirements. This draft discusses the > > >> security requirements for the I2RS environment. You can find the draf= t > at: > > >> > > >> https://tools.ietf.org/html/draft-mglt-i2rs-security-environment-reqs > > >> - > > >> 00 > > >> > > >> A security reviewer will review this draft during the time 8/20 to > > >> 8/25. We will post the security directorate review to this discussio= n. > > >> > > >> Sue Hares > > >> > > > > > > > _______________________________________________ > > i2rs mailing list > > i2rs@ietf.org > > https://www.ietf.org/mailman/listinfo/i2rs > > > > > _______________________________________________ > i2rs mailing list > i2rs@ietf.org > https://www.ietf.org/mailman/listinfo/i2rs > > > > _______________________________________________ > i2rs mailing list > i2rs@ietf.org > https://www.ietf.org/mailman/listinfo/i2rs > > --001a1141b24e095bc3051e25b9e8 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Hi Linda,

Thank for the comments. I am c= urrently addressing all comments I received.. I hope I can provide a update= d version soon. I will keep you informed as soon as I have something more o= r less in shape.

BR,

Daniel

On Tue, Aug 25, 2015 at 12:21 PM= , Linda Dunbar <linda.dunbar@huawei.com> wrote:

Daniel,

=C2=A0

I added 3 more I2RS secur= ity requirements for the =E2=80=9CClosed Environment=E2=80=9D, please use t= he revised section attached.

=C2=A0

Cheers,

Linda

=C2=A0

From: i2rs [ma= ilto:i2rs-bounce= s@ietf.org] On Behalf Of Linda Dunbar
Sent: Monday, August 24, 2015 5:09 PM
To: Daniel Migault
Cc: Jeffrey Haas; i2rs@ietf.org; Joel M. Halpern; Alia Atlas
Subject: [i2rs] Suggested section/text to be added to draft-mglt-i2r= s-security-environment-reqs-00 to address security threats in Closed Envion= ment.

=C2=A0

Daniel,

=C2=A0

Thank you for willing to = address my comments. To make it easier for you, I put together a section to= describe the security threats in Closed Environment and necessary requirement for I2RS. See the attached.

=C2=A0

Closed environment deploy= ment can easily give people a sense of secure because the links between I2R= S Client and I2RS Agent are guided by a physical =E2=80=9CWall=E2=80=9D. =C2=A0The false sense of =E2=80=9CSecure=E2=80=9D is actually more dangero= us because it can easily make the deployment miss the crucial security proc= edure.

=C2=A0

Therefore, I think it is = important to have a dedicated section on security threats and requirement f= or the Closed Environment.

=C2=A0

Linda

=C2=A0

From: mglt.ietf@gmail.co= m [mailto:mglt= .ietf@gmail.com] On Behalf Of Daniel Migault
Sent: Monday, August 24, 2015 12:55 PM
To: Linda Dunbar
Cc: Joel M. Halpern; i2rs@ietf.org; Jeffrey Haas; Alia Atlas
Subject: Re: [i2rs] Review comments to draft-mglt-i2rs-security-envi= ronment-reqs-00 (was RE: draft-mglt-i2rs-security-requirements-00 2 Week WG= adoption call (8/17 to 8/31)

=C2=A0

Hi Linda, <= /u>

Thank you for your co= mments. I agree we need to address more specifically or explicitly the &quo= t;most common" use case. I agree with your comments and we will consid= er them to improve and clarify the text of the next version. Thank you. To me the i2rs plane provides a limited number of= functionnalities that may be provided to different independant tenants.=C2= =A0

BR,

Daniel

=C2=A0

On Mon, Aug 24, 2015 at 1:37 PM, Linda Dunbar <linda.dunbar@hua= wei.com> wrote:

Joel,

=C2=A0

Agree with you that =E2= =80=9Cwe don=E2=80=99t need to build differ= ent protocol stacks for the different deployments=E2=80=9D.

But the =E2=80=9Cenvironm= ent-req=E2=80=9D draft is not about =E2=80=9CProtocol=E2=80=9D, but about s= ecurity issues under different =E2=80=9Cenvironment=E2=80=9D.

=C2=A0

Among all our customers w= ho are interested in I2RS, majority of them (>90%) will deploy them in a= closed environment, i.e. physically secured=C2=A0 connection between I2RS agent and I2RS client. Therefore, it is important to =E2=80=9C= provides a= n analysis of the security issues of=E2=80=9D of this commonly deployed environment.

=C2= =A0

I suggest adding this Fig= ure to Section 1 of the document:<= /p>

=C2=A0

Closed=C2=A0 (over open Chnl ###>)=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Open (over secure Chnl ---= >)

+---------------------------------+

|=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ************= ***********=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 *******************= ****=C2=A0 |

|=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 *=C2= =A0=C2=A0=C2=A0 Application A=C2=A0=C2=A0=C2=A0 *=C2=A0=C2=A0 |=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0 *=C2=A0=C2=A0=C2=A0 Application B=C2=A0=C2=A0=C2=A0 *=C2= =A0 |

|=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 *=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 *=C2=A0=C2=A0 |=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0 *=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 *=C2=A0 |

|=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 *=C2= =A0 +----------------+ *=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 *=C2= =A0 +----------------+ *=C2=A0 |

|=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 *=C2= =A0 +----------------+ *=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 *=C2= =A0 +----------------+ *=C2=A0 |

|=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ******= * ^ *************=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ***** ^ *****= * ^ ******=C2=A0 |

|=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 #=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0 |

|=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 #=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0 |-----|

|=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 #=C2=A0=C2=A0 =C2=A0=C2=A0 =C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0 |=

|=C2=A0 ************ v * * * * ********|=C2= =A0=C2=A0 ***************** v * v ********

|=C2=A0 *=C2=A0 +---------------------+=C2= =A0=C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0 *=C2=A0 +---------------------+=C2=A0= =C2=A0=C2=A0=C2=A0 *

|=C2=A0 *=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0 Ag= ent 1=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0= =C2=A0 |=C2=A0=C2=A0 *=C2=A0 |=C2=A0=C2=A0=C2=A0 Agent 2=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0=C2=A0=C2=A0 *

|=C2=A0 *=C2=A0 +---------------------+=C2= =A0=C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0 *=C2=A0 +---------------------+=C2=A0= =C2=A0=C2=A0=C2=A0 *

|=C2=A0 *=C2=A0=C2=A0=C2=A0=C2=A0 ^=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ^=C2=A0 ^=C2=A0=C2=A0 ^=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0 *=C2=A0=C2=A0=C2=A0=C2=A0 ^=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ^=C2=A0 ^=C2=A0=C2=A0 ^=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0 *

=C2= =A0

Just think about this fac= t: today=E2=80=99s router configuration in production environment can only = be performed by a few authorized people with EMS/NMS physically and securely separated. If the majority of the I2RS environment requiremen= t is about open connection, I2RS WG will spend a lot energy developing the = very sophisticated protocols which is expensive to develop and harder to de= ploy.

=C2= =A0

I am not against this dev= elopment, but IMHO, to gain wider and quicker I2RS deployment in production= environment, it is necessary to have a very lean I2RS solution first, and to have a well documented security require= ment for the common deployment environment. E.g. a single Controller (or the I2= RS client) directly connected to their devices via their internal network, = where the connection is physically isolated from other network and protecte= d by separate mechanisms. Also remember, many operators will use I2RS to control a small number of selective router= s (mostly routers at ingress/egress boundary) for value added services.

=C2= =A0

Some of my detailed quest= ions and comments to the =E2=80=9Csecurity-requirements=E2=80=9D are still = applicable to the =E2=80=9Cenvironment-req=E2=80=9D document because they h= ave the same text. Plus a few more for the =E2=80=9Cenvironment-req=E2=80=9D document. = Hope the authors can address them.

=C2= =A0

Section 3:

=C2= =A0

What are the key differen= ces with regard to the security requirements for =C2=A0I2RS plane and for m= anagement plane?=C2=A0 Section 3.1 describes the interaction between I2RS plane and management plane. But I see the security requirement for th= e management plane are all applicable to the security requirement to I2RS p= lane . If you think that they are very different, can you elaborate more?

=C2= =A0

Section 3.4 has title =E2= =80=9CRecommendations=E2=80=9D, but the content are all requirements. Why n= ot name the section =E2=80=9CRequirement=E2=80=9D?

=C2=A0

REQ 2: Does it that a dif= ferent IP address than the one used by the management system?

=C2=A0

REQ 21: is more about I2R= S requirement, less about =E2=80=9CSecurity=E2=80=9D requirement.

=C2=A0

REQ 24: isn=E2=80=99t it = the general goal of I2RS? Not really security per se. (should be included i= n the general I2RS requirement or architecture).

=C2=A0

=C2= =A0

REQ 26: simply controllin= g the resource can hardly prevent DoS. Malicious client can occupy the reso= urce while the valid one can't access.

=C2=A0

Thanks for your considera= tion,

Linda

=C2=A0

-----Original Message-----
From: i2rs [mail= to:i2rs-bounces@ietf.org] On Behalf Of Joel M. Halpern
Sent: Friday, August 21, 2015 12:20 PM
To: Linda Dunbar; i2rs@i= etf.org
Cc: 'Jeffrey Haas'; daniel.migault@ericsson.com; 'Alia Atlas'
Subject: Re: [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG adop= tion call (8/17 to 8/31)

=C2=A0

Yes, one of the two last calls is for the environment document.

=C2=A0

Having a dedicated physical channel is one of the ways identified in the = draft to provide the required isolation.<= /span>

=C2=A0

While such an environment is clearly supportable, I do not think we shoul= d reduce the internal protocol requirements (such as MTI security for the c= ontrol channel) just because there are circumstances where such it won't be needed.=C2=A0 I don't expect = that we will build different protocol stacks for the different deployments.=

=C2=A0

The purpose of this draft is to describe the environmental assumptions, w= hich assumptions can be met in various ways.<= /u>

=C2=A0

Yours,

Joel

=C2=A0

On 8/21/15 12:56 PM, Linda Dunbar wrote:

> Joel,

>=C2=A0

> If it is the "environmental one", it is more important to = differentiate the requirements for different environments on how the I2RS c= lient & Agent are connected.

>=C2=A0

> One of our customers stated that their environment has a single Cont= roller (or the I2RS client) directly connected to their devices via their i= nternal network, where the connection is physically isolated from other network and protected by separate mechanism= s, they don't need all those sophisticated authentication procedure.

>=C2=A0

> We need to address this environment, i.e. having a simpler security = requirement for this environment than the environment where I2RS Client is = connected via public network.

>=C2=A0

> Linda

>=C2=A0

> -----Original Message-----<= /p>

> From: Joel Halpern Direct [mailto:jmh.direct@joelhalpern.com]

> Sent: Friday, August 21, 2015 10:53 AM=

> To: Linda Dunbar; i2rs@ietf.org=

> Cc: 'Jeffrey Haas'; daniel.mig= ault@ericsson.com; 'Joel Halpern'; 'Alia Atlas'<= span style=3D"font-size:11.0pt;font-family:"Calibri","sans-s= erif"">

> Subject: Re: [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week = WG

> adoption call (8/17 to 8/31)

>=C2=A0

> First, there may be some confusion because the announcement.=C2=A0 I= presume that you are talking about the -environments documents.

>=C2=A0

> If the WG concludes that a different chapter structure is useful, we= can of course change it.=C2=A0 Given that the goal is environment descript= ion, I am not sure your proposed structure is significantly better than the existing one.<= /u>

>=C2=A0

> I believe your comment about the text=C2=A0 reading "where secu= rity functions may be hosted" is well taken, and we should remove that= text when we next revise the document.

>=C2=A0

> The isolation text is about the need to keep things separate, and th= e various possible means are degrees / approaches to separation.

> Isolation is not about treating things differently, nor is it explic= itly about using different protocols.=C2=A0 So the point of isolation is no= t that there are different security requirements, but that in order to avoid corss-effects, things should be kept separate.<= /span>

>=C2=A0

> Yours,

> Joel

>=C2=A0

> On 8/20/15 6:42 PM, Linda Dunbar wrote:

>> I support the WG adoption because I think the I2RS WG needs it.<= /span>

>> However, I hope the authors can consider/address the following s= uggestions/comments:

>>=C2=A0

>> When you think about the I2RS security,=C2=A0 there are followin= g

>> different

>> aspects:

>>=C2=A0

>> -Communication channel between I2RS client and Agent (and the ch= annel

>> between I2RS client and applications):

>>=C2=A0

>> The channel can be

>>=C2=A0

>> oVia physical Private network (e.g. within a secured direct conn= ect

>> within one site),

>>=C2=A0

>> owithin one administrative domain,=C2=A0 via virtual private net= work

>>=C2=A0

>> oSecured connection, such as TLS or IPSec=

>>=C2=A0

>> oPublic internet

>>=C2=A0

>> o..

>>=C2=A0

>> -Authentication & Authorization

>>=C2=A0

>> othe authentication & authorization requirement for differen= t

>> communication channels can be different. Therefore, should have

>> separate sections to address specific requirement=C2=A0 for each

>> communication channels between I2RS agent <-> clients (and= client <->

>> applications)

>>=C2=A0

>> The current Section 4 of the draft already has very good descrip= tion

>> on the subject. I think 4.4.1 and 4.42 can be separated out of t= he section.

>>=C2=A0

>> -Encryption for the actual content between Client and Agent

>>=C2=A0

>> -DoS Design requirement (currently in Section 5.2.1)

>>=C2=A0

>> -Management of conflict with other plane (e.g. the management pl= ane,

>> multi-headed control, which has been discussed extensively in

>> ephemeral

>> draft)

>>=C2=A0

>> I think the draft should be organized from the aspects of the

>> security to I2RS as suggested above.<= u>

>>=C2=A0

>> Here are some detailed questions and comments to the requirement= s

>> listed in the document:=

>>=C2=A0

>> Section 1:

>>=C2=A0

>> The second paragraph stated the security recommendations must

>> "specifying where security functions may be hosted". F= irst of all I

>> don't see the draft address this aspect. Second, I think=C2= =A0=C2=A0 "where

>> security functions are hosted" is orthogonal to "I2RS = security" .

>>=C2=A0

>> Section 3:

>>=C2=A0

>> what does isolating two planes mean? does it mean they have diff= erent

>> security requirement/issues? Or does it mean they need different= protocols?

>>=C2=A0

>> What are the key differences with regard to the security require= ments

>> for=C2=A0 I2RS plane and for management plane?=C2=A0 Section 3.1= describes the

>> interaction between I2RS plane and management plane. But I see t= he

>> security requirement for the management plane is similar to I2RS= plane .

>> If you think that they are very different, can you elaborate mor= e?

>>=C2=A0

>> Section 3.4 has title "Recommendations", but the conte= nt are all

>> requirements. Why not name the section "Requirement"?<= /span>

>>=C2=A0

>> REQ 2: Does it that a different IP address than the one used by = the

>> management system?

>>=C2=A0

>> How is REQ 22 different from REQ 21?<= u>

>>=C2=A0

>> REQ 27 is hard to enforce. How about say something like "sh= ouldn't

>> send any information beyond what have been defined by the I2RS d= ata model"?

>>=C2=A0

>> REQ 30: simply controlling the resource can hardly prevent DoS.<= /span>

>> Malicious client can occupy the resource while the valid one can= 't access.

>>=C2=A0

>> Thanks for consideration,

>>=C2=A0

>> Linda

>>=C2=A0

>> *From:*i2rs [mailto:i2rs-bounces@ietf.org] *On Behalf Of *Susan Hares=

>> *Sent:* Monday, August 17, 2015 12:50 PM<= /u>

>> *To:* i2rs@ietf.org=

>> *Cc:* 'Jeffrey Haas'; daniel.mig= ault@ericsson.com; 'Joel Halpern';

>> shares@ndzh.com; 'Alia Atlas'=

>> *Subject:* [i2rs] draft-mglt-i2rs-security-requirements-00 2 Wee= k WG

>> adoption call (8/17 to 8/31)

>>=C2=A0

>> This begins a 2 week WG adoption call for

>> draft-mglt-i2rs-security-requirements.=C2=A0 This draft discusse= s the

>> security requirements for the I2RS environment.=C2=A0 You can fi= nd the draft at:

>>=C2=A0

>> https://tools.ietf.org/html/draft-mglt-i2rs-security-environment-reqs

>> -

>> 00

>>=C2=A0

>> A security reviewer will review this draft during the time 8/20 = to

>> 8/25.=C2=A0=C2=A0 We will post the security directorate review t= o this discussion.

>>=C2=A0

>> Sue Hares

>>=C2=A0

>=C2=A0

=C2=A0

_______________________________________________

i2rs mailing list

i2rs@i= etf.org

https://www.ietf.org/mailman/listinfo/i2rs

=C2=A0

_______________________________________________
i2rs mailing list
i2rs@ietf.org
ht= tps://www.ietf.org/mailman/listinfo/i2rs

=C2=A0

_______________________________________________
i2rs mailing list
i2rs@ietf.org
https://www.ietf.org/mailman/listinfo/i2rs

--001a1141b24e095bc3051e25b9e8-- From nobody Thu Aug 27 09:17:37 2015 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B59701AC3E2; Thu, 27 Aug 2015 09:17:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -96.555 X-Spam-Level: X-Spam-Status: No, score=-96.555 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DOS_OUTLOOK_TO_MX=2.845, HTML_MESSAGE=0.001, J_CHICKENPOX_111=0.6, USER_IN_WHITELIST=-100] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wjcNrZRwrLoQ; Thu, 27 Aug 2015 09:17:29 -0700 (PDT) Received: from hickoryhill-consulting.com (hhc-web3.hickoryhill-consulting.com [64.9.205.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EEB1B1B2B61; Thu, 27 Aug 2015 09:17:27 -0700 (PDT) X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=174.124.171.7; From: "Susan Hares" To: Date: Thu, 27 Aug 2015 12:17:23 -0400 Message-ID: <003001d0e0e3$db99eb80$92cdc280$@ndzh.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0031_01D0E0C2.548B58C0" X-Mailer: Microsoft Outlook 14.0 Thread-Index: AdDg42cE3NvT5OZVTXW/wutHXrRCrw== Content-Language: en-us X-Authenticated-User: skh@ndzh.com Archived-At: Cc: 'Netconf' Subject: Re: [i2rs] WG adoption - draft-hares-i2rs-auth-trans-04 (8/17 to 8/31) X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Interface to The Internet Routing System $IRS$" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Aug 2015 16:17:32 -0000 This is a multipart message in MIME format. ------=_NextPart_000_0031_01D0E0C2.548B58C0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit NETCONF and I2RS mail group: http://datatracker.ietf.org/doc/draft-hares-i2rs-auth-trans/ Russ Housley, a member of the security directorate, kindly provided reviews for this document, and the document has been changed in response to this review to a version -05. I believe these document addresses all of NETCONF WG questions from IETF 93. There are three sections below: 1) Specific response to NETCONF questions/concerns, 2) Why identity has been changed to Identifier in the draft, 3) New text for REQ-03, REQ-04, and REQ-10 which Juergen found was confusing. I want to thank Juergen and Russ for their excellent reviews. Sue Hares ============== NETCONF Concerns at IETF 93 1) Requirement 8 - is a security requirement. >> = Sue >> 1) Is REQ-8 a security requirement? >> >> o SEC-REQ-08: Each Identity is associated with one secondary >> identity during a particular read/write sequence, but the >> secondary identity may vary during the time a connection between >> the I2RS client and I2RS agent is active. The variance of the >> secondary identity allows the I2rs client to be associated with >> multiple applications and pass along an identifier for these >> applications in the secondary identifier. >[Russ] Yes, if that identity is going to be used to make the access control decision. 2) Requirement 12 is a security requirement for the protocol. >> 2) Is REQ-12 - a security requirement for a protocol? NETCONF asked >> this of I2RS. > > SEC-REQ-12: The I2RS Client and I2RS Agent protocol SHOULD implement > mechanisms that mitigate DoS attacks >Yes. For example, the IKE cookie mechanism is only there to make it much more > expensive the an attacker to implement DDoS. They can't fire and forget. They need to > keep state and hang around for at least 1.5 round trips. 3) Multiple message sequences do not belong in protocols [section 2.4.1] [Russ]: There might be some protocol issues to assist keep things atomic, but I agree it i not a security issue. 4) Why support an insecure protocol? >> [Sue] Are you Ok with REQ-09 specifying a non-secure transport as an option? [Russ]: The security considerations need to be clear what the consequences are if this option is selected. Editorial: 1) Russ agreed that Requirement 3 and 4 - were unclear, 2) Russ agreed that requirement 10 was ambiguous. These requirement have been rewritten. (see below). Other changes Joel suggested that "identity" is better stated as Identifier, and I agree. This change has been made through-out the document. Changes to requirements 3, 4, and 10 o SEC-REQ-03:An I2RS agent, upon receiving an I2RS message from a I2RS client, MUST confirm that the I2RS client has a valid identifier. o SEC-REQ-04: The I2RS client, upon receiving an I2RS message from an I2RS agent, MUST confirm the I2RS agent's identifier . SEC-REQ-10: A secure transport MUST be associated with a key management solution that can guarantee that only the entities having sufficient privileges can get the keys to encrypt/decrypt the sensitive data. Per BCP107 [RFC4107] this key management system SHOULD be automatic, but MAY BE manual if the following constraints from BCP107: a)environment has limited bandwidth or high round-trip times, b)the information being protected has a low value and c)the total volume over the entire lifetime of the long-term session key will be very low, d)the scale of the deployment is limited. Most I2RS environments (I2RS Client - I2S Agents) will not have this environment, but a few I2RS use case provide limited non-secure light-weight telemetry messages that have these requirements. An I2RS data model must indicate which portions can be served by manual key management. ------=_NextPart_000_0031_01D0E0C2.548B58C0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

NETCONF = and I2RS mail group:

htt= p://datatracker.ietf.org/doc/draft-hares-i2rs-auth-trans/<= /p>

Russ = Housley, a member of the security directorate, kindly provided reviews = for this document, and the document has been changed in response to this = review to a version -05. I believe these document addresses = all of NETCONF WG questions from IETF 93. There are three sections = below:

1) = Specific response to NETCONF questions/concerns, =

2) = Why identity has been changed to Identifier in = the draft,

3) = New text for REQ-03, REQ-04, and REQ-10 which = Juergen found was confusing.

I want to = thank Juergen and Russ for their excellent reviews.

Sue Hares =

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

NETCONF Concerns at IETF 93 =

1) = Requirement 8 – is a security requirement. =

>> =3D Sue

>> 1) Is REQ-8 a security requirement? =

>> o SEC-REQ-08: Each = Identity is associated with one secondary

>> identity during a = particular read/write sequence, but the

>> secondary = identity may vary during the time a connection between

>> the I2RS = client and I2RS agent is active. The variance of = the

>> secondary = identity allows the I2rs client to be associated with

>> multiple = applications and pass along an identifier for these

>> applications = in the secondary identifier.

>[Russ] Yes, if that identity is going to be = used to make the access control decision.

2) = Requirement 12 is a security requirement for the = protocol.

>> 2) Is REQ-12 - a security requirement for = a protocol? NETCONF asked

>> this of I2RS.

> SEC-REQ-12: The I2RS Client and = I2RS Agent protocol SHOULD implement

> mechanisms that mitigate DoS = attacks

>Yes. For = example, the IKE cookie mechanism is only there to make it much = more

> expensive the an = attacker to implement DDoS. They can't fire and forget. They = need to

> keep state and hang = around for at least 1.5 round trips.

3) = Multiple message sequences do not belong in = protocols [section 2.4.1]

[Russ]: There might be some protocol issues to = assist keep things atomic, but I agree it i not a security = issue.

4) = Why support an insecure protocol? =

>> [Sue] Are you Ok with = REQ-09 specifying a non-secure transport as an option?

[Russ]: The security considerations need to be = clear what the consequences are if this option is = selected.

Editorial:

1) = Russ agreed that Requirement 3 and 4 – = were unclear,

2) = Russ agreed that requirement 10 was ambiguous. =

These requirement have been rewritten. (see = below).

Other changes

Joel = suggested that “identity” is better stated as Identifier, = and I agree. This change has been made through-out the = document.

Changes to requirements 3, 4, and 10 =

o SEC-REQ-03:An I2RS agent, = upon receiving an I2RS message from a

I2RS client, MUST = confirm that the I2RS client has a valid

= identifier.

o SEC-REQ-04: The I2RS client, upon = receiving an I2RS message from

an I2RS agent, MUST = confirm the I2RS agent's identifier .

SEC-REQ-10: A = secure transport MUST be associated with a = key

   management solution =
that can guarantee that only the entities =
having

   sufficient privileges =
can get the keys to encrypt/decrypt =
the

   sensitive data.  =
Per BCP107 [RFC4107] this key management =
system

   SHOULD be automatic, =
but MAY BE manual if the following =
constraints

   from =
BCP107:

=
      =
a)environment has limited bandwidth or high round-trip =
times,

=
      =
b)the information being protected has a low value =
and

=
      =
c)the total volume over the entire lifetime of the =
long-term

      =
session key will be very low,

=
      =
d)the scale of the deployment is =
limited.

=
   Most I2RS =
environments (I2RS Client - I2S Agents) will not have =
this

   environment, but a =
few I2RS use case provide limited =
non-secure

   light-weight =
telemetry messages that have these requirements.  =
An

   I2RS data model must =
indicate which portions can be served by =
manual

   key =
management.

------=_NextPart_000_0031_01D0E0C2.548B58C0-- From nobody Thu Aug 27 13:16:50 2015 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46BCB1B29E9; Thu, 27 Aug 2015 10:13:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -79.055 X-Spam-Level: X-Spam-Status: No, score=-79.055 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845, URIBL_BLACK=20, USER_IN_WHITELIST=-100] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RrWAUxfH66Uu; Thu, 27 Aug 2015 10:13:20 -0700 (PDT) Received: from hickoryhill-consulting.com (hhc-web3.hickoryhill-consulting.com [64.9.205.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E66621B36F2; Thu, 27 Aug 2015 10:13:19 -0700 (PDT) X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=174.124.171.7; From: "Susan Hares" To: "'Linda Dunbar'" , "'Russ White'" , "'Andy Bierman'" , "'Jeffrey Haas'" References: <20150623165237.12779.22569.idtracker@ietfa.amsl.com> <20150713224652.GB5779@pfrc.org> <20150713230952.GI13783@pfrc.org> <55A44B12.10201@joelhalpern.com> <20150713234843.GK13783@pfrc.org> <03cc01d0c398$87f4ff50$97defdf0$@riw.us> <4A95BA014132FF49AE685FAB4B9F17F657D0D688@dfweml701-chm> In-Reply-To: <4A95BA014132FF49AE685FAB4B9F17F657D0D688@dfweml701-chm> Date: Thu, 27 Aug 2015 13:12:49 -0400 Message-ID: <00c101d0e0eb$9a503af0$cef0b0d0$@ndzh.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQCQIeJoLHKQ7oAYGCGjY2QIv20pQwNLDm62AgtPHvEBh1wz+wJSZctmAodrX98BVhkhJAEZ0mfaAkZ9v4kB9KaZ3aAOexsg Content-Language: en-us X-Authenticated-User: skh@ndzh.com Archived-At: X-Mailman-Approved-At: Thu, 27 Aug 2015 13:16:49 -0700 Cc: i2rs@ietf.org, dai.xianxian@zte.com.cn, 'Jeff Haas' , internet-drafts@ietf.org, 'Alia Atlas' , 'i2rs' , i-d-announce@ietf.org, "'Joel M. Halpern'" Subject: Re: [i2rs] some doubt about "draft-ietf-i2rs-ephemeral-state-00".// I-D Action: draft-ietf-i2rs-ephemeral-state-00.txt X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Interface to The Internet Routing System $IRS$" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Aug 2015 17:13:21 -0000 Linda and Russ: I agree that having the broker pretend to be different clients is a good idea even if it is not optimal. Sue -----Original Message----- From: i2rs [mailto:i2rs-bounces@ietf.org] On Behalf Of Linda Dunbar Sent: Friday, August 14, 2015 11:01 AM To: Russ White; 'Andy Bierman'; 'Jeffrey Haas' Cc: i2rs@ietf.org; dai.xianxian@zte.com.cn; 'Jeff Haas'; internet-drafts@ietf.org; 'Alia Atlas'; 'i2rs'; i-d-announce@ietf.org; 'Joel M. Halpern'; 'Susan Hares' Subject: Re: [i2rs] some doubt about "draft-ietf-i2rs-ephemeral-state-00".// I-D Action: draft-ietf-i2rs-ephemeral-state-00.txt +1. Linda -----Original Message----- From: i2rs [mailto:i2rs-bounces@ietf.org] On Behalf Of Russ White Sent: Tuesday, July 21, 2015 4:34 AM To: 'Andy Bierman'; 'Jeffrey Haas' Cc: i2rs@ietf.org; dai.xianxian@zte.com.cn; 'Jeff Haas'; internet-drafts@ietf.org; 'Alia Atlas'; 'i2rs'; i-d-announce@ietf.org; 'Joel M. Halpern'; 'Susan Hares' Subject: Re: [i2rs] some doubt about "draft-ietf-i2rs-ephemeral-state-00".// I-D Action: draft-ietf-i2rs-ephemeral-state-00.txt > The design does not directly support different priorities per broker. > The broker needs to pretend to be different clients, and each session > will have a different client-id and priority. This is non-optimal but not broken. And it's much simpler to implement. It would leave proxies out of scope while allowing those who want to implement proxies a way to do so. In short -- this seems like a good solution. Russ _______________________________________________ i2rs mailing list i2rs@ietf.org https://www.ietf.org/mailman/listinfo/i2rs _______________________________________________ i2rs mailing list i2rs@ietf.org https://www.ietf.org/mailman/listinfo/i2rs From nobody Thu Aug 27 13:29:15 2015 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3666B1B323D for ; Thu, 27 Aug 2015 13:29:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.178 X-Spam-Level: X-Spam-Status: No, score=-0.178 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, IP_NOT_FRIENDLY=0.334, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 42JyE6XJCx5S for ; Thu, 27 Aug 2015 13:29:13 -0700 (PDT) Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id 9A94F1B31EB for ; Thu, 27 Aug 2015 13:29:13 -0700 (PDT) Received: by slice.pfrc.org (Postfix, from userid 1001) id ACF611E48F; Thu, 27 Aug 2015 16:32:09 -0400 (EDT) Date: Thu, 27 Aug 2015 16:32:09 -0400 From: Jeffrey Haas To: i2rs@ietf.org Message-ID: <20150827203209.GB19039@pfrc.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) Archived-At: Subject: [i2rs] draft-mglt-i2rs-security-environment-reqs, REQ 3 X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Interface to The Internet Routing System $IRS$" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Aug 2015 20:29:14 -0000 I've been reviewing the environment requirements, thanks for picking up this work. Requirement 3 contains the following: REQ 3: The I2RS Agent validates data to ensure injecting the information will not create a deadlock with any other system, nor will it create a routing loop, nor will it cause the control plane to fail to converge. I2RS has already received feedback from our netconf experts expressing concern over how validation even at the schema levels may introduce excessive latency. This contradicts the I2RS "need for speed". I have a broader concern that the above requirement may simply be an intractable problem. It's a loft goal, but the overhead in validating all such things is likely not within the goal of speed. Thoughts? -- Jeff From nobody Thu Aug 27 13:32:46 2015 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2206D1A1B69 for ; Thu, 27 Aug 2015 13:32:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.999 X-Spam-Level: X-Spam-Status: No, score=-101.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bMITkgM3NQUR for ; Thu, 27 Aug 2015 13:32:39 -0700 (PDT) Received: from mail-ob0-x229.google.com (mail-ob0-x229.google.com [IPv6:2607:f8b0:4003:c01::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 888161A8F4D for ; Thu, 27 Aug 2015 13:32:38 -0700 (PDT) Received: by obbwr7 with SMTP id wr7so26409730obb.2 for ; Thu, 27 Aug 2015 13:32:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=+XWxWzsKTA18/WXSutXqSQktkKmxtQoDLU6n/caUuBg=; b=d623Sbic96dG7Oxz2URv9/UJlqKn/ZvepnMlDjxa8fvN2UAaxCdSd/8wyj/+2A1Gjt N1FO7XybXJIaLh66lL2xkubMCc4ZWUoJH9nmtD+z59sPgZ4StMaExV09GpGBOZlhCTdG t3ZBtqhWfhJ8CsbtJX7zIq++XnROej0g0khRUGu4yiJYxcCQaJKz50+aAFphVxtg46Ks hg05upEv6KDfnTNuuWFC378Sy+5IwEyxHYC8Fn06TNxSZbkeiBQlizHpKGV2S24ZRN0j AjoKgIozqjDHM+ecGft1k8Z0ertMVPY/qNOqu0I46kvk6MrMZtBSV1ejjDGM0IFRNEOe teNQ== MIME-Version: 1.0 X-Received: by 10.182.171.35 with SMTP id ar3mr3604772obc.57.1440707558017; Thu, 27 Aug 2015 13:32:38 -0700 (PDT) Received: by 10.60.176.138 with HTTP; Thu, 27 Aug 2015 13:32:37 -0700 (PDT) In-Reply-To: <20150827203209.GB19039@pfrc.org> References: <20150827203209.GB19039@pfrc.org> Date: Thu, 27 Aug 2015 16:32:37 -0400 Message-ID: From: Alia Atlas To: Jeffrey Haas Content-Type: multipart/alternative; boundary=e89a8ff1cde238a880051e50de93 Archived-At: Cc: "i2rs@ietf.org" Subject: Re: [i2rs] draft-mglt-i2rs-security-environment-reqs, REQ 3 X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Interface to The Internet Routing System $IRS$" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Aug 2015 20:32:44 -0000 --e89a8ff1cde238a880051e50de93 Content-Type: text/plain; charset=UTF-8 Good catch - this seems to be very aspirational and contradicts what the architecture says - which is basically that the user may cause issues. Regards, Alia On Thu, Aug 27, 2015 at 4:32 PM, Jeffrey Haas wrote: > I've been reviewing the environment requirements, thanks for picking up > this > work. Requirement 3 contains the following: > > REQ 3: The I2RS Agent validates data to ensure injecting the > information will not create a deadlock with any other system, > nor will it create a routing loop, nor will it cause the > control plane to fail to converge. > > I2RS has already received feedback from our netconf experts expressing > concern over how validation even at the schema levels may introduce > excessive latency. This contradicts the I2RS "need for speed". > > I have a broader concern that the above requirement may simply be an > intractable problem. It's a loft goal, but the overhead in validating all > such things is likely not within the goal of speed. > > Thoughts? > > -- Jeff > > _______________________________________________ > i2rs mailing list > i2rs@ietf.org > https://www.ietf.org/mailman/listinfo/i2rs > --e89a8ff1cde238a880051e50de93 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

<no-hats>

Good catch - this seems= to be very aspirational and contradicts

what the architecture sa= ys - which is basically that the user may

cause issues.

Regards,

Alia

</no-hats>

On Thu, Aug 27= , 2015 at 4:32 PM, Jeffrey Haas <jhaas@pfrc.org> wrote:
I've been reviewing the environment requirem= ents, thanks for picking up this
work.=C2=A0 Requirement 3 contains the following:

=C2=A0 =C2=A0REQ 3:=C2=A0 The I2RS Agent validates data to ensure injecting= the
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0information will not create a dead= lock with any other system,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0nor will it create a routing loop,= nor will it cause the
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0control plane to fail to converge.=

I2RS has already received feedback from our netconf experts expressing
concern over how validation even at the schema levels may introduce
excessive latency.=C2=A0 This contradicts the I2RS "need for speed&quo= t;.

I have a broader concern that the above requirement may simply be an
intractable problem.=C2=A0 It's a loft goal, but the overhead in valida= ting all
such things is likely not within the goal of speed.

Thoughts?

-- Jeff

_______________________________________________
i2rs mailing list
i2rs@ietf.org
https://www.ietf.org/mailman/listinfo/i2rs

--e89a8ff1cde238a880051e50de93-- From nobody Thu Aug 27 13:46:27 2015 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19A2F1A9234 for ; Thu, 27 Aug 2015 13:46:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -99.054 X-Spam-Level: X-Spam-Status: No, score=-99.054 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 18ApOMeF3Izu for ; Thu, 27 Aug 2015 13:46:20 -0700 (PDT) Received: from hickoryhill-consulting.com (hhc-web3.hickoryhill-consulting.com [64.9.205.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D61671A92E0 for ; Thu, 27 Aug 2015 13:46:18 -0700 (PDT) X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=174.124.171.7; From: "Susan Hares" To: "'Linda Dunbar'" , "'Daniel Migault'" References: <4A95BA014132FF49AE685FAB4B9F17F657D1757E@dfweml701-chm> In-Reply-To: <4A95BA014132FF49AE685FAB4B9F17F657D1757E@dfweml701-chm> Date: Thu, 27 Aug 2015 16:45:58 -0400 Message-ID: <019201d0e109$613e6a20$23bb3e60$@ndzh.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0193_01D0E0E7.DA377880" X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQG6Lp4YXtGNsC6f02fj2EU/5giwSAHiq012nj6fxZA= Content-Language: en-us X-Authenticated-User: skh@ndzh.com Archived-At: Cc: 'Jeffrey Haas' , i2rs@ietf.org, "'Joel M. Halpern'" , 'Alia Atlas' Subject: Re: [i2rs] Suggested section/text to be added to draft-mglt-i2rs-security-environment-reqs-00 to address security threats in Closed Envionment. X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Interface to The Internet Routing System $IRS$"