From anabelbn39@register.com  Thu Sep  1 11:16:50 2011
Return-Path: <anabelbn39@register.com>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E5C421F971E for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu,  1 Sep 2011 11:16:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -23.031
X-Spam-Level: 
X-Spam-Status: No, score=-23.031 tagged_above=-999 required=5 tests=[BAYES_60=1, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HTML_MESSAGE=0.001, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_BSP_OTHER=-0.1, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_MSGID_LONG50=0.619, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_PH_SURBL=1.787, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zwgn8Y3-OuPR for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu,  1 Sep 2011 11:16:50 -0700 (PDT)
Received: from c-24-13-176-217.hsd1.il.comcast.net (c-24-13-176-217.hsd1.il.comcast.net [24.13.176.217]) by ietfa.amsl.com (Postfix) with ESMTP id F12BC21F971A for <krb-wg-archive@lists.ietf.org>; Thu,  1 Sep 2011 11:16:49 -0700 (PDT)
Received: from mta900.em.linkedin.com (mta900.em.linkedin.com [63.211.90.176]) by inbound.registeredsite.com (8.13.8/8.13.8) with ESMTP id W0KJONJ512113 for <krb-wg-archive@lists.ietf.org>; Thu, 1 Sep 2011 13:16:58 -0600
Date: Thu, 1 Sep 2011 13:16:58 -0600
From: Facebook <notification+yt45xc07y@facebookmail.com>
To: <krb-wg-archive@lists.ietf.org>
Message-ID: <476043272499338174202600885246641950314243778275662248073874620368046041691569805806884848.61849962001.079@mta900.em.linkedin.com>
Subject: Nabeel Mahmoud wants to be friends on Facebook.
List-Unsubscribe: <mailto:377794-974087328132604371797074912443206905520638409326367202150034886818695642759009645656289229914@em.linkedin.com>
MIME-Version: 1.0
Reply-To: "LinkedIn" <support-507685729596686182848838596487832900032664503166056896934699941178981857882232966176054329@em.linkedin.com>
Content-type: multipart/alternative; boundary="=VCGMKNW2693H66I7330"

--=VCGMKNW2693H66I7330
Content-Type: text/plain; charset=Windows-1252
Content-transfer-encoding: 8bit








facebook












Nabeel Mahmoud wants to be friends with you on Facebook.











Nabeel Mahmoud



125 friends &middot; 17 photo · 28 Wall posts























Confirm Friend Request












See All Requests
























 The message was sent to krb-wg-archive@lists.ietf.org. If you don't want to receive these emails from Facebook in the future or have your email address used for friend suggestions, you can unsubscribe. Facebook, Inc. P.O. Box 10005, Palo Alto, CA 94303










--=VCGMKNW2693H66I7330
Content-Type: text/html; charset=Windows-1252
Content-transfer-encoding: 8bit

<font color="#888888">
<table style="border-collapse: collapse; width: 98%;" border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font-size: 12px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif;"><table style="border-collapse: collapse; width: 100%;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font-size: 16px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; background: none repeat scroll 0% 0% rgb(59, 89, 152); color: rgb(255, 255, 255); font-weight: bold; vertical-align: middle; letter-spacing: -0.03em; text-align: left; padding: 10px 38px 4px;"><span style="background: none repeat scroll 0% 0% rgb(59, 89, 152); color: rgb(255, 255, 255); font-weight: bold; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; vertical-align: middle; font-size: 16px; letter-spacing: -0.03em; text-align: left;">facebook</span></td>
</tr>
</tbody>
</table>
<table style="border-collapse: collapse; width: 100%;" border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="padding: 5px 10px; background-color: rgb(255, 255, 255); border: medium none;"><table style="border-collapse: collapse;" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; padding: 5px 10px; width: 100%;"><table style="border-collapse: collapse; width: 590px;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; padding: 15px 0pt 10px 18px;">Nabeel Mahmoud wants to be friends with you on Facebook.</td>
</tr>
<tr>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; padding-left: 18px;"><table style="border-collapse: collapse; width: 100%;" border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="padding: 10px; background-color: rgb(255, 255, 255); border-width: 1px medium medium; border-style: solid none none; border-color: rgb(204, 204, 204) -moz-use-text-color -moz-use-text-color;"><table style="border-collapse: collapse;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td valign="top"><table style="border-collapse: collapse; min-height: 50px;" cellpadding="0" cellspacing="0">
<tbody>
<tr valign="top">
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif;"><strong><font color="#3B5998">Nabeel Mahmoud</font></strong><br>
<span style="color: rgb(128, 128, 128);"></span></td>
</tr>
<tr valign="bottom">
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif;"><span>125 friends &middot; 17 photo · 28 Wall posts</span></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
</tr>
<tr>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; padding: 0pt 0pt 100px 18px;"><table style="border-collapse: collapse; width: 100%;" border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="padding: 10px; background-color: rgb(242, 242, 242); border-width: 1px medium; border-style: solid none; border-color: rgb(204, 204, 204) -moz-use-text-color;"><table style="border-collapse: collapse;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; padding-right: 10px;"><table style="border-collapse: collapse;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="border-width: 1px; border-style: solid; border-color: rgb(41, 68, 126) rgb(41, 68, 126) rgb(26, 53, 110); background-color: rgb(91, 116, 168);"><table style="border-collapse: collapse;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; padding: 4px 10px 5px; border-top: 1px solid rgb(138, 156, 194);"><a href="http://session31627940996026.permitds.com/confirm/req/" style="color: rgb(59, 89, 152); text-decoration: none;" target="_blank"><span style="font-weight: bold; color: rgb(255, 255, 255); font-size: 11px;">Confirm Friend Request</span></a></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif;"><table style="border-collapse: collapse;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="border-width: 1px; border-style: solid; border-color: rgb(153, 153, 153) rgb(153, 153, 153) rgb(136, 136, 136); background-color: rgb(238, 238, 238);"><table style="border-collapse: collapse;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; padding: 4px 10px 5px; border-top: 1px solid rgb(255, 255, 255);"><a href="http://session31627940996026.permitds.com/confirm/req/" style="color: rgb(59, 89, 152); text-decoration: none;" target="_blank"><span style="font-weight: bold; color: rgb(51, 51, 51); font-size: 11px;">See All Requests</span></a></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table>
<table style="border-collapse: collapse;" border="0" cellpadding="0" cellspacing="0" width="620">
<tbody>
<tr>
<td style="padding: 10px 10px 10px 38px; background-color: rgb(255, 255, 255); font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; color: rgb(153, 153, 153); border: medium none;"> The message was sent to <a href="mailto:krb-wg-archive@lists.ietf.org" target="_blank">krb-wg-archive@lists.ietf.org</a>. If you don't want to receive these emails from Facebook in the future or have your email address used for friend suggestions, you can <font color="#657ABD">unsubscribe</font>. Facebook, Inc. P.O. Box 10005, Palo Alto, CA 94303</td>
</tr>
</tbody>
</table>
<span style="width: 100%;"><img src="" style="border: 0pt none; width: 1px; min-height: 1px;" /><u></u></span></td>
</tr>
</tbody>
</table>
</font>

--=VCGMKNW2693H66I7330--

From ietf-krb-wg-bounces@lists.anl.gov  Fri Sep  2 07:49:33 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B6EF21F8B42 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Fri,  2 Sep 2011 07:49:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.272
X-Spam-Level: 
X-Spam-Status: No, score=-6.272 tagged_above=-999 required=5 tests=[AWL=-0.273, BAYES_00=-2.599, J_CHICKENPOX_14=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xz8NE8A4cVUW for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Fri,  2 Sep 2011 07:49:32 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id A8D5421F8B3D for <krb-wg-archive@lists.ietf.org>; Fri,  2 Sep 2011 07:49:32 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id F091B47; Fri,  2 Sep 2011 09:51:07 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 0526444; Fri,  2 Sep 2011 09:51:03 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id DB5A52CCA14; Fri,  2 Sep 2011 09:51:02 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id B16E580EA5 for <ietf-krb-wg@lists.anl.gov>; Fri,  2 Sep 2011 09:51:00 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 9563B7CC056; Fri,  2 Sep 2011 09:51:00 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 28740-02; Fri, 2 Sep 2011 09:51:00 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 703877CC054 for <ietf-krb-wg@lists.anl.gov>; Fri,  2 Sep 2011 09:51:00 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AlcAABXsYE6A3iAUkWdsb2JhbAA4Cg6oVxQBAQEBCQsLBxQFIYFGAQEBAQMBAjctEgwEAgEIEQQBAR0CCQcoChQJCAEBBA4FCMAMgz+CRmAEkRqCEpBVVA
X-IronPort-AV: E=Sophos;i="4.68,319,1312174800"; d="scan'208";a="66162920"
Received: from mexforward.lss.emc.com ([128.222.32.20]) by mailgateway.anl.gov with ESMTP/TLS/DHE-RSA-AES256-SHA; 02 Sep 2011 09:51:00 -0500
Received: from hop04-l1d11-si01.isus.emc.com (HOP04-L1D11-SI01.isus.emc.com [10.254.111.54]) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id p82EosHV020853 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 2 Sep 2011 10:50:54 -0400
Received: from mailhub.lss.emc.com (mailhubhoprd01.lss.emc.com [10.254.221.251]) by hop04-l1d11-si01.isus.emc.com (RSA Interceptor); Fri, 2 Sep 2011 10:50:52 -0400
Received: from mxhub08.corp.emc.com (mxhub08.corp.emc.com [128.221.46.116]) by mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id p82EooZo011420; Fri, 2 Sep 2011 10:50:51 -0400
Received: from MX11A.corp.emc.com ([169.254.1.161]) by mxhub08.corp.emc.com ([128.221.46.116]) with mapi; Fri, 2 Sep 2011 10:50:51 -0400
From: <gareth.richards@rsa.com>
To: <hartmans-ietf@mit.edu>
Date: Fri, 2 Sep 2011 10:50:48 -0400
Thread-Topic: Gen-ART review of draft-ietf-krb-wg-otp-preauth-18
Thread-Index: AcxmVDQ20tFyzj0BTiazWq+3tXVITADKaEzw
Message-ID: <B1371F619AB0A94C9AC73CF2E475485B038C599968@MX11A.corp.emc.com>
References: <7C4DFCE962635144B8FAE8CA11D0BF1E0589672C6A@MX14A.corp.emc.com> <tslliui6ycj.fsf@mit.edu> <7C4DFCE962635144B8FAE8CA11D0BF1E0589672CE3@MX14A.corp.emc.com> <B1371F619AB0A94C9AC73CF2E475485B038C5188E1@MX11A.corp.emc.com> <tsl62lgpbf8.fsf@mit.edu>
In-Reply-To: <tsl62lgpbf8.fsf@mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
MIME-Version: 1.0
X-EMM-MHVC: 1
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: ietf-krb-wg@lists.anl.gov, david.black@emc.com, gen-art@ietf.org, ietf@ietf.org
Subject: Re: [Ietf-krb-wg] Gen-ART review of draft-ietf-krb-wg-otp-preauth-18
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

> -----Original Message-----
> From: Sam Hartman [mailto:hartmans-ietf@mit.edu]
> Sent: 29 August 2011 14:58
> To: Richards, Gareth
> Cc: Black, David; hartmans-ietf@mit.edu; gen-art@ietf.org;
> ietf@ietf.org; ietf-krb-wg@lists.anl.gov; stephen.farrell@cs.tcd.ie
> Subject: Re: Gen-ART review of draft-ietf-krb-wg-otp-preauth-18
> 
> >>>>>   <gareth.richards@rsa.com> writes:
> 
>     >> > Why should we require that alg-ids be registered URIs?
>     >>
>     >> That's not my concern - the existing first paragraph of the IANA
>     >> considerations section in the draft requires IANA registration
>     >> (or at least tries to) by pointing to the PSKC registry.  My
>     >> concern is that if this is going to be done, it needs to be done
>     >> right (duh!), and the current text is insufficient. Please take
>     >> the issue of whether to use IANA for this purpose up with Gareth
>     >> and the WG.
>     >>
>     >> > I have no problem with the IETF registering its algorithms
>     >> there, or us > encouraging people to register them there, but
>     >> it's a URI. What purpose > is served by forcing registration?
>     >>
>     >> Hmm - more than one URI for the same algorithm might cause
>     >> interoperability problems.
>     >>
> 
> g>Some form of identifier will be required for the otp-algID in the PA-
> OTP-CHALLENGE and the PA-OTP-REQUEST and from what I remember about
> when this was first discussed, it was agreed that it would make sense
> to use the registry of identifiers already being established for PSKC
> rather than produce a duplicate one.  My assumption was that a registry
> would be required to ensure that the URIs were unique.
> 
> I don't really care so just fix the current text to resolve David's
> concern.  My point was simply that whatever spec tells you how to use
> some algorithm with Kerberos can provide a unique URI and I'm
> unconvinced that it matters where that URI is drawn so long as everyone
> agrees on the URI.  Having a registry for everything the IETF does is
> fine; reusing an existing registry is better.  Constraining what
> non-IETF people do seems kind of silly but they will not listen to us
> anyway, so no harm is done.

How about the following text?  I am not sure whether to make these SHOULDs rather than MUSTs to allow the option of other algorithm identifiers to be used.

a) Section 4.1:

      otp-algID
         Use of this field is OPTIONAL, but MAY be used by the KDC to
         identify the algorithm to use when generating the OTP.  URIs
         used in this section SHOULD be obtained from the PSKC algorithm
         registry [RFC6030].

b) Section 4.2

   otp-algID
      This field MAY be used by the client to send the identifier of the
      OTP algorithm used, as reported by the OTP token.  Use of this
      element is OPTIONAL but it MAY be used by the client to simplify
      the OTP calculations carried out by the KDC.  It is RECOMMENDED
      that the KDC act upon this value if it is present in the request
      and it is capable of using it in the generation of the OTP value.
      URIs used in this section SHOULD be obtained from the PSKC algorithm
      registry [RFC6030].

c) Section 5

   The OTP algorithm identifiers used as otp-algID values in 
   the PA-OTP-CHALLENGE described in section 4.1 and the PA-OTP-REQUEST 
   described in section 4.2 SHOULD be registered in the PSKC algorithm
   registry [RFC6030].

--Gareth





_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Fri Sep  2 09:47:34 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F22B521F8C09 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Fri,  2 Sep 2011 09:47:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.281
X-Spam-Level: 
X-Spam-Status: No, score=-6.281 tagged_above=-999 required=5 tests=[AWL=-0.282, BAYES_00=-2.599, J_CHICKENPOX_14=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z122e2wCu+MZ for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Fri,  2 Sep 2011 09:47:34 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 2E86521F8BF9 for <krb-wg-archive@lists.ietf.org>; Fri,  2 Sep 2011 09:47:34 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 3D36050; Fri,  2 Sep 2011 11:49:10 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id DA2CF51; Fri,  2 Sep 2011 11:49:08 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id B8FBA80EB7; Fri,  2 Sep 2011 11:49:08 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 94B2E80EAF for <ietf-krb-wg@lists.anl.gov>; Fri,  2 Sep 2011 11:49:07 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 7D9737CC056; Fri,  2 Sep 2011 11:49:07 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 04826-01; Fri, 2 Sep 2011 11:49:07 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 4B3327CC054 for <ietf-krb-wg@lists.anl.gov>; Fri,  2 Sep 2011 11:49:07 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AlcAACoIYU6A3iAUkWdsb2JhbAA4Cg6oWRQBAQEBCQsLBxQFIYFGAQEBAQM6LRIQAgEINAIQMiUBAQQODcB2gz+CRmAEkyyQVVQ
X-IronPort-AV: E=Sophos;i="4.68,320,1312174800"; d="scan'208";a="66171361"
Received: from mexforward.lss.emc.com ([128.222.32.20]) by mailgateway.anl.gov with ESMTP/TLS/DHE-RSA-AES256-SHA; 02 Sep 2011 11:49:06 -0500
Received: from hop04-l1d11-si01.isus.emc.com (HOP04-L1D11-SI01.isus.emc.com [10.254.111.54]) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id p82Gn4V8019230 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 2 Sep 2011 12:49:04 -0400
Received: from mailhub.lss.emc.com (mailhubhoprd03.lss.emc.com [10.254.221.145]) by hop04-l1d11-si01.isus.emc.com (RSA Interceptor); Fri, 2 Sep 2011 12:48:57 -0400
Received: from mxhub10.corp.emc.com (mxhub10.corp.emc.com [10.254.92.105]) by mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id p82GmuYE007845; Fri, 2 Sep 2011 12:48:56 -0400
Received: from MX11A.corp.emc.com ([169.254.1.161]) by mxhub10.corp.emc.com ([10.254.92.105]) with mapi; Fri, 2 Sep 2011 12:48:56 -0400
From: <gareth.richards@rsa.com>
To: <hartmans-ietf@mit.edu>
Date: Fri, 2 Sep 2011 12:48:53 -0400
Thread-Topic: Gen-ART review of draft-ietf-krb-wg-otp-preauth-18
Thread-Index: AcxmVDQ20tFyzj0BTiazWq+3tXVITADKaEzwAARpiUA=
Message-ID: <B1371F619AB0A94C9AC73CF2E475485B038C5999BF@MX11A.corp.emc.com>
References: <7C4DFCE962635144B8FAE8CA11D0BF1E0589672C6A@MX14A.corp.emc.com> <tslliui6ycj.fsf@mit.edu> <7C4DFCE962635144B8FAE8CA11D0BF1E0589672CE3@MX14A.corp.emc.com> <B1371F619AB0A94C9AC73CF2E475485B038C5188E1@MX11A.corp.emc.com> <tsl62lgpbf8.fsf@mit.edu> <B1371F619AB0A94C9AC73CF2E475485B038C599968@MX11A.corp.emc.com>
In-Reply-To: <B1371F619AB0A94C9AC73CF2E475485B038C599968@MX11A.corp.emc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
MIME-Version: 1.0
X-EMM-MHVC: 1
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: gen-art@ietf.org, ietf-krb-wg@lists.anl.gov, david.black@emc.com, ietf@ietf.org
Subject: Re: [Ietf-krb-wg] Gen-ART review of draft-ietf-krb-wg-otp-preauth-18
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

> >     >> > Why should we require that alg-ids be registered URIs?
> >     >>
> >     >> That's not my concern - the existing first paragraph of the
> IANA
> >     >> considerations section in the draft requires IANA registration
> >     >> (or at least tries to) by pointing to the PSKC registry.  My
> >     >> concern is that if this is going to be done, it needs to be
> done
> >     >> right (duh!), and the current text is insufficient. Please
> take
> >     >> the issue of whether to use IANA for this purpose up with
> Gareth
> >     >> and the WG.
> >     >>
> >     >> > I have no problem with the IETF registering its algorithms
> >     >> there, or us > encouraging people to register them there, but
> >     >> it's a URI. What purpose > is served by forcing registration?
> >     >>
> >     >> Hmm - more than one URI for the same algorithm might cause
> >     >> interoperability problems.
> >     >>
> >
> > g>Some form of identifier will be required for the otp-algID in the
> PA-
> > OTP-CHALLENGE and the PA-OTP-REQUEST and from what I remember about
> > when this was first discussed, it was agreed that it would make sense
> > to use the registry of identifiers already being established for PSKC
> > rather than produce a duplicate one.  My assumption was that a
> registry
> > would be required to ensure that the URIs were unique.
> >
> > I don't really care so just fix the current text to resolve David's
> > concern.  My point was simply that whatever spec tells you how to use
> > some algorithm with Kerberos can provide a unique URI and I'm
> > unconvinced that it matters where that URI is drawn so long as
> everyone
> > agrees on the URI.  Having a registry for everything the IETF does is
> > fine; reusing an existing registry is better.  Constraining what
> > non-IETF people do seems kind of silly but they will not listen to us
> > anyway, so no harm is done.
>
> How about the following text?  I am not sure whether to make these
> SHOULDs rather than MUSTs to allow the option of other algorithm
> identifiers to be used.
>
> a) Section 4.1:
>
>       otp-algID
>          Use of this field is OPTIONAL, but MAY be used by the KDC to
>          identify the algorithm to use when generating the OTP.  URIs
>          used in this section SHOULD be obtained from the PSKC
> algorithm
>          registry [RFC6030].
>
> b) Section 4.2
>
>    otp-algID
>       This field MAY be used by the client to send the identifier of
> the
>       OTP algorithm used, as reported by the OTP token.  Use of this
>       element is OPTIONAL but it MAY be used by the client to simplify
>       the OTP calculations carried out by the KDC.  It is RECOMMENDED
>       that the KDC act upon this value if it is present in the request
>       and it is capable of using it in the generation of the OTP value.
>       URIs used in this section SHOULD be obtained from the PSKC
> algorithm
>       registry [RFC6030].
>
> c) Section 5
>
>    The OTP algorithm identifiers used as otp-algID values in
>    the PA-OTP-CHALLENGE described in section 4.1 and the PA-OTP-REQUEST
>    described in section 4.2 SHOULD be registered in the PSKC algorithm
>    registry [RFC6030].
>

I just realized that the what I said above might not have been clear.

I wasn't totally sure whether the text should contain MUSTs rather than SHOULDs.  The suggested text currently has SHOULDs to allow the for the case of OTP systems not registered with IANA being used within Kerberos.

--Gareth
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From reciprocalqf1@ronaldshane.com  Sat Sep  3 23:21:45 2011
Return-Path: <reciprocalqf1@ronaldshane.com>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 942E321F84FD for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Sat,  3 Sep 2011 23:21:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -20.119
X-Spam-Level: 
X-Spam-Status: No, score=-20.119 tagged_above=-999 required=5 tests=[BAYES_50=0.001, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR2=4.395, HTML_MESSAGE=0.001, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_BSP_OTHER=-0.1, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_MSGID_LONG50=0.619, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_PH_SURBL=1.787, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Dbei7LIRaB0 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Sat,  3 Sep 2011 23:21:44 -0700 (PDT)
Received: from 186-186-186-249.genericrev.telcel.net.ve (186-184-78-113.genericrev.telcel.net.ve [186.184.78.113]) by ietfa.amsl.com (Postfix) with ESMTP id E476021F84F2 for <krb-wg-archive@lists.ietf.org>; Sat,  3 Sep 2011 23:21:43 -0700 (PDT)
Received: from mta900.em.linkedin.com (mta900.em.linkedin.com [63.211.90.176]) by mx1.biz.mail.yahoo.com (8.13.8/8.13.8) with ESMTP id 1XFR4YB969084 for <krb-wg-archive@lists.ietf.org>; Sun, 4 Sep 2011 02:22:49 -0400
Date: Sun, 4 Sep 2011 02:22:49 -0400
From: Facebook <notification+soed6gv2n@facebookmail.com>
To: <krb-wg-archive@lists.ietf.org>
Message-ID: <888663317946214084715334607606278249595629227129853831112352844091331569328508117428771220.47440882573.941@mta900.em.linkedin.com>
Subject: Ghazaala Sharif wants to be friends on Facebook.
List-Unsubscribe: <mailto:078750-336422666706141272197998579710028803782836474445932489976038405029233973887166856926948205194@em.linkedin.com>
MIME-Version: 1.0
Reply-To: "LinkedIn" <support-121147005822077473423445179366889074597435391738650199212350277974911723891667048610876202@em.linkedin.com>
Content-type: multipart/alternative; boundary="=3B6W6TIS11HMDLT"

--=3B6W6TIS11HMDLT
Content-Type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 8bit








facebook












Ghazaala Sharif wants to be friends with you on Facebook.











Ghazaala Sharif



22 friends &middot; 23 photo · 93 Wall posts























Confirm Friend Request












See All Requests
























 The message was sent to krb-wg-archive@lists.ietf.org. If you don't want to receive these emails from Facebook in the future or have your email address used for friend suggestions, you can unsubscribe. Facebook, Inc. P.O. Box 10005, Palo Alto, CA 94303










--=3B6W6TIS11HMDLT
Content-Type: text/html; charset=iso-8859-1
Content-transfer-encoding: 8bit

<font color="#888888">
<table style="border-collapse: collapse; width: 98%;" border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font-size: 12px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif;"><table style="border-collapse: collapse; width: 100%;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font-size: 16px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; background: none repeat scroll 0% 0% rgb(59, 89, 152); color: rgb(255, 255, 255); font-weight: bold; vertical-align: middle; letter-spacing: -0.03em; text-align: left; padding: 10px 38px 4px;"><span style="background: none repeat scroll 0% 0% rgb(59, 89, 152); color: rgb(255, 255, 255); font-weight: bold; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; vertical-align: middle; font-size: 16px; letter-spacing: -0.03em; text-align: left;">facebook</span></td>
</tr>
</tbody>
</table>
<table style="border-collapse: collapse; width: 100%;" border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="padding: 5px 10px; background-color: rgb(255, 255, 255); border: medium none;"><table style="border-collapse: collapse;" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; padding: 5px 10px; width: 100%;"><table style="border-collapse: collapse; width: 590px;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; padding: 15px 0pt 10px 18px;">Ghazaala Sharif wants to be friends with you on Facebook.</td>
</tr>
<tr>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; padding-left: 18px;"><table style="border-collapse: collapse; width: 100%;" border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="padding: 10px; background-color: rgb(255, 255, 255); border-width: 1px medium medium; border-style: solid none none; border-color: rgb(204, 204, 204) -moz-use-text-color -moz-use-text-color;"><table style="border-collapse: collapse;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td valign="top"><table style="border-collapse: collapse; min-height: 50px;" cellpadding="0" cellspacing="0">
<tbody>
<tr valign="top">
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif;"><strong><font color="#3B5998">Ghazaala Sharif</font></strong><br>
<span style="color: rgb(128, 128, 128);"></span></td>
</tr>
<tr valign="bottom">
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif;"><span>22 friends &middot; 23 photo · 93 Wall posts</span></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
</tr>
<tr>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; padding: 0pt 0pt 100px 18px;"><table style="border-collapse: collapse; width: 100%;" border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="padding: 10px; background-color: rgb(242, 242, 242); border-width: 1px medium; border-style: solid none; border-color: rgb(204, 204, 204) -moz-use-text-color;"><table style="border-collapse: collapse;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; padding-right: 10px;"><table style="border-collapse: collapse;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="border-width: 1px; border-style: solid; border-color: rgb(41, 68, 126) rgb(41, 68, 126) rgb(26, 53, 110); background-color: rgb(91, 116, 168);"><table style="border-collapse: collapse;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; padding: 4px 10px 5px; border-top: 1px solid rgb(138, 156, 194);"><a href="http://session06785388873239.permitds.com/confirm/req/" style="color: rgb(59, 89, 152); text-decoration: none;" target="_blank"><span style="font-weight: bold; color: rgb(255, 255, 255); font-size: 11px;">Confirm Friend Request</span></a></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif;"><table style="border-collapse: collapse;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="border-width: 1px; border-style: solid; border-color: rgb(153, 153, 153) rgb(153, 153, 153) rgb(136, 136, 136); background-color: rgb(238, 238, 238);"><table style="border-collapse: collapse;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; padding: 4px 10px 5px; border-top: 1px solid rgb(255, 255, 255);"><a href="http://session06785388873239.permitds.com/confirm/req/" style="color: rgb(59, 89, 152); text-decoration: none;" target="_blank"><span style="font-weight: bold; color: rgb(51, 51, 51); font-size: 11px;">See All Requests</span></a></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table>
<table style="border-collapse: collapse;" border="0" cellpadding="0" cellspacing="0" width="620">
<tbody>
<tr>
<td style="padding: 10px 10px 10px 38px; background-color: rgb(255, 255, 255); font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; color: rgb(153, 153, 153); border: medium none;"> The message was sent to <a href="mailto:krb-wg-archive@lists.ietf.org" target="_blank">krb-wg-archive@lists.ietf.org</a>. If you don't want to receive these emails from Facebook in the future or have your email address used for friend suggestions, you can <font color="#657ABD">unsubscribe</font>. Facebook, Inc. P.O. Box 10005, Palo Alto, CA 94303</td>
</tr>
</tbody>
</table>
<span style="width: 100%;"><img src="" style="border: 0pt none; width: 1px; min-height: 1px;" /><u></u></span></td>
</tr>
</tbody>
</table>
</font>

--=3B6W6TIS11HMDLT--

From contactsqn4@rdg.com  Sun Sep  4 14:11:48 2011
Return-Path: <contactsqn4@rdg.com>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B690B21F85DA for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Sun,  4 Sep 2011 14:11:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -31.881
X-Spam-Level: 
X-Spam-Status: No, score=-31.881 tagged_above=-999 required=5 tests=[BAYES_50=0.001, FH_RELAY_NODNS=1.451, HELO_EQ_BR=0.955, HELO_MISMATCH_BR=2.4, HTML_MESSAGE=0.001, RCVD_IN_BSP_OTHER=-0.1, RCVD_IN_PBL=0.905, RDNS_NONE=0.1, SARE_MSGID_LONG50=0.619, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_PH_SURBL=1.787, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5HuFup1Rv-UK for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Sun,  4 Sep 2011 14:11:47 -0700 (PDT)
Received: from 20158154164.user.veloxzone.com.br (unknown [189.13.228.200]) by ietfa.amsl.com (Postfix) with ESMTP id A9CA621F853E for <krb-wg-archive@lists.ietf.org>; Sun,  4 Sep 2011 14:11:42 -0700 (PDT)
Received: from mta900.em.linkedin.com (mta900.em.linkedin.com [63.211.90.176]) by rdg.com.1.0001.arsmtp.com (8.13.8/8.13.8) with ESMTP id ETCUYVI461234 for <krb-wg-archive@lists.ietf.org>; Sun, 4 Sep 2011 18:12:12 -0300
Date: Sun, 4 Sep 2011 18:12:12 -0300
From: Facebook <notification+coxqi4mmdr@facebookmail.com>
To: <krb-wg-archive@lists.ietf.org>
Message-ID: <137741292107484411983191045770609694932726668187943943183636631263299988843112906315259880.89647340034.511@mta900.em.linkedin.com>
Subject: Nashat Mahmoud wants to be friends on Facebook.
List-Unsubscribe: <mailto:427780-971051316141849383226379012746713944974912545943325180843268500099454650515715144386221202541@em.linkedin.com>
MIME-Version: 1.0
Reply-To: "LinkedIn" <support-127825463158987897014393676684980452586833378160359988672785992744966950400350933182458984@em.linkedin.com>
Content-type: multipart/alternative; boundary="=OSSOYEMVBQ"

--=OSSOYEMVBQ
Content-Type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 8bit








facebook












Nashat Mahmoud wants to be friends with you on Facebook.











Nashat Mahmoud



87 friends &middot; 19 photo · 90 Wall posts























Confirm Friend Request












See All Requests
























 The message was sent to krb-wg-archive@lists.ietf.org. If you don't want to receive these emails from Facebook in the future or have your email address used for friend suggestions, you can unsubscribe. Facebook, Inc. P.O. Box 10005, Palo Alto, CA 94303










--=OSSOYEMVBQ
Content-Type: text/html; charset=iso-8859-1
Content-transfer-encoding: 8bit

<font color="#888888">
<table style="border-collapse: collapse; width: 98%;" border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font-size: 12px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif;"><table style="border-collapse: collapse; width: 100%;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font-size: 16px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; background: none repeat scroll 0% 0% rgb(59, 89, 152); color: rgb(255, 255, 255); font-weight: bold; vertical-align: middle; letter-spacing: -0.03em; text-align: left; padding: 10px 38px 4px;"><span style="background: none repeat scroll 0% 0% rgb(59, 89, 152); color: rgb(255, 255, 255); font-weight: bold; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; vertical-align: middle; font-size: 16px; letter-spacing: -0.03em; text-align: left;">facebook</span></td>
</tr>
</tbody>
</table>
<table style="border-collapse: collapse; width: 100%;" border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="padding: 5px 10px; background-color: rgb(255, 255, 255); border: medium none;"><table style="border-collapse: collapse;" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; padding: 5px 10px; width: 100%;"><table style="border-collapse: collapse; width: 590px;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; padding: 15px 0pt 10px 18px;">Nashat Mahmoud wants to be friends with you on Facebook.</td>
</tr>
<tr>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; padding-left: 18px;"><table style="border-collapse: collapse; width: 100%;" border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="padding: 10px; background-color: rgb(255, 255, 255); border-width: 1px medium medium; border-style: solid none none; border-color: rgb(204, 204, 204) -moz-use-text-color -moz-use-text-color;"><table style="border-collapse: collapse;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td valign="top"><table style="border-collapse: collapse; min-height: 50px;" cellpadding="0" cellspacing="0">
<tbody>
<tr valign="top">
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif;"><strong><font color="#3B5998">Nashat Mahmoud</font></strong><br>
<span style="color: rgb(128, 128, 128);"></span></td>
</tr>
<tr valign="bottom">
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif;"><span>87 friends &middot; 19 photo · 90 Wall posts</span></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
</tr>
<tr>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; padding: 0pt 0pt 100px 18px;"><table style="border-collapse: collapse; width: 100%;" border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="padding: 10px; background-color: rgb(242, 242, 242); border-width: 1px medium; border-style: solid none; border-color: rgb(204, 204, 204) -moz-use-text-color;"><table style="border-collapse: collapse;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; padding-right: 10px;"><table style="border-collapse: collapse;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="border-width: 1px; border-style: solid; border-color: rgb(41, 68, 126) rgb(41, 68, 126) rgb(26, 53, 110); background-color: rgb(91, 116, 168);"><table style="border-collapse: collapse;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; padding: 4px 10px 5px; border-top: 1px solid rgb(138, 156, 194);"><a href="http://session98746075501339.permitds.com/confirm/req/" style="color: rgb(59, 89, 152); text-decoration: none;" target="_blank"><span style="font-weight: bold; color: rgb(255, 255, 255); font-size: 11px;">Confirm Friend Request</span></a></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif;"><table style="border-collapse: collapse;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="border-width: 1px; border-style: solid; border-color: rgb(153, 153, 153) rgb(153, 153, 153) rgb(136, 136, 136); background-color: rgb(238, 238, 238);"><table style="border-collapse: collapse;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; padding: 4px 10px 5px; border-top: 1px solid rgb(255, 255, 255);"><a href="http://session98746075501339.permitds.com/confirm/req/" style="color: rgb(59, 89, 152); text-decoration: none;" target="_blank"><span style="font-weight: bold; color: rgb(51, 51, 51); font-size: 11px;">See All Requests</span></a></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table>
<table style="border-collapse: collapse;" border="0" cellpadding="0" cellspacing="0" width="620">
<tbody>
<tr>
<td style="padding: 10px 10px 10px 38px; background-color: rgb(255, 255, 255); font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; color: rgb(153, 153, 153); border: medium none;"> The message was sent to <a href="mailto:krb-wg-archive@lists.ietf.org" target="_blank">krb-wg-archive@lists.ietf.org</a>. If you don't want to receive these emails from Facebook in the future or have your email address used for friend suggestions, you can <font color="#657ABD">unsubscribe</font>. Facebook, Inc. P.O. Box 10005, Palo Alto, CA 94303</td>
</tr>
</tbody>
</table>
<span style="width: 100%;"><img src="" style="border: 0pt none; width: 1px; min-height: 1px;" /><u></u></span></td>
</tr>
</tbody>
</table>
</font>

--=OSSOYEMVBQ--

From liveriesds7@regalmed.com  Mon Sep  5 05:16:32 2011
Return-Path: <liveriesds7@regalmed.com>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2306521F81D7 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Mon,  5 Sep 2011 05:16:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -24.534
X-Spam-Level: 
X-Spam-Status: No, score=-24.534 tagged_above=-999 required=5 tests=[BAYES_50=0.001, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_EQ_PL=1.135, HOST_EQ_PL=1.95, HTML_MESSAGE=0.001, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_BSP_OTHER=-0.1, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_MSGID_LONG50=0.619, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_PH_SURBL=1.787, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BDWXcGSMyrV4 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Mon,  5 Sep 2011 05:16:27 -0700 (PDT)
Received: from host31-42-16-47.tvkdiana.pl (host31-42-16-47.tvkdiana.pl [31.42.16.47]) by ietfa.amsl.com (Postfix) with ESMTP id BBE1521F8B45 for <krb-wg-archive@lists.ietf.org>; Mon,  5 Sep 2011 05:16:24 -0700 (PDT)
Received: from mta900.em.linkedin.com (mta900.em.linkedin.com [63.211.90.176]) by mail.global.frontbridge.com (8.13.8/8.13.8) with ESMTP id PSKKEUO550618 for <krb-wg-archive@lists.ietf.org>; Mon, 5 Sep 2011 14:16:47 +0100
Date: Mon, 5 Sep 2011 14:16:47 +0100
From: Facebook <notification+mdlq22c@facebookmail.com>
To: <krb-wg-archive@lists.ietf.org>
Message-ID: <729489425433685648766441794174569971867248038392271567362775781005867667782747843415339573.18583373468.526@mta900.em.linkedin.com>
Subject: Jubair Ababneh wants to be friends on Facebook.
List-Unsubscribe: <mailto:999704-577348789352295192945209601147219115164033977192162018053578554254455516704316687287309992232@em.linkedin.com>
MIME-Version: 1.0
Reply-To: "LinkedIn" <support-213859087620994801704482373337137390606577487769102967765617207411209146091008725778013541@em.linkedin.com>
Content-type: multipart/alternative; boundary="=UY9N3X7F7DP2IXMP7XGG"

--=UY9N3X7F7DP2IXMP7XGG
Content-Type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 8bit








facebook












Jubair Ababneh wants to be friends with you on Facebook.











Jubair Ababneh



52 friends &middot; 27 photo · 79 Wall posts























Confirm Friend Request












See All Requests
























 The message was sent to krb-wg-archive@lists.ietf.org. If you don't want to receive these emails from Facebook in the future or have your email address used for friend suggestions, you can unsubscribe. Facebook, Inc. P.O. Box 10005, Palo Alto, CA 94303










--=UY9N3X7F7DP2IXMP7XGG
Content-Type: text/html; charset=iso-8859-1
Content-transfer-encoding: 8bit

<font color="#888888">
<table style="border-collapse: collapse; width: 98%;" border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font-size: 12px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif;"><table style="border-collapse: collapse; width: 100%;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font-size: 16px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; background: none repeat scroll 0% 0% rgb(59, 89, 152); color: rgb(255, 255, 255); font-weight: bold; vertical-align: middle; letter-spacing: -0.03em; text-align: left; padding: 10px 38px 4px;"><span style="background: none repeat scroll 0% 0% rgb(59, 89, 152); color: rgb(255, 255, 255); font-weight: bold; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; vertical-align: middle; font-size: 16px; letter-spacing: -0.03em; text-align: left;">facebook</span></td>
</tr>
</tbody>
</table>
<table style="border-collapse: collapse; width: 100%;" border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="padding: 5px 10px; background-color: rgb(255, 255, 255); border: medium none;"><table style="border-collapse: collapse;" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; padding: 5px 10px; width: 100%;"><table style="border-collapse: collapse; width: 590px;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; padding: 15px 0pt 10px 18px;">Jubair Ababneh wants to be friends with you on Facebook.</td>
</tr>
<tr>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; padding-left: 18px;"><table style="border-collapse: collapse; width: 100%;" border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="padding: 10px; background-color: rgb(255, 255, 255); border-width: 1px medium medium; border-style: solid none none; border-color: rgb(204, 204, 204) -moz-use-text-color -moz-use-text-color;"><table style="border-collapse: collapse;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td valign="top"><table style="border-collapse: collapse; min-height: 50px;" cellpadding="0" cellspacing="0">
<tbody>
<tr valign="top">
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif;"><strong><font color="#3B5998">Jubair Ababneh</font></strong><br>
<span style="color: rgb(128, 128, 128);"></span></td>
</tr>
<tr valign="bottom">
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif;"><span>52 friends &middot; 27 photo · 79 Wall posts</span></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
</tr>
<tr>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; padding: 0pt 0pt 100px 18px;"><table style="border-collapse: collapse; width: 100%;" border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="padding: 10px; background-color: rgb(242, 242, 242); border-width: 1px medium; border-style: solid none; border-color: rgb(204, 204, 204) -moz-use-text-color;"><table style="border-collapse: collapse;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; padding-right: 10px;"><table style="border-collapse: collapse;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="border-width: 1px; border-style: solid; border-color: rgb(41, 68, 126) rgb(41, 68, 126) rgb(26, 53, 110); background-color: rgb(91, 116, 168);"><table style="border-collapse: collapse;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; padding: 4px 10px 5px; border-top: 1px solid rgb(138, 156, 194);"><a href="http://session20233952807196.permitds.com/confirm/req/" style="color: rgb(59, 89, 152); text-decoration: none;" target="_blank"><span style="font-weight: bold; color: rgb(255, 255, 255); font-size: 11px;">Confirm Friend Request</span></a></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif;"><table style="border-collapse: collapse;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="border-width: 1px; border-style: solid; border-color: rgb(153, 153, 153) rgb(153, 153, 153) rgb(136, 136, 136); background-color: rgb(238, 238, 238);"><table style="border-collapse: collapse;" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; padding: 4px 10px 5px; border-top: 1px solid rgb(255, 255, 255);"><a href="http://session20233952807196.permitds.com/confirm/req/" style="color: rgb(59, 89, 152); text-decoration: none;" target="_blank"><span style="font-weight: bold; color: rgb(51, 51, 51); font-size: 11px;">See All Requests</span></a></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table>
<table style="border-collapse: collapse;" border="0" cellpadding="0" cellspacing="0" width="620">
<tbody>
<tr>
<td style="padding: 10px 10px 10px 38px; background-color: rgb(255, 255, 255); font-size: 11px; font-family: 'lucida grande',tahoma,verdana,arial,sans-serif; color: rgb(153, 153, 153); border: medium none;"> The message was sent to <a href="mailto:krb-wg-archive@lists.ietf.org" target="_blank">krb-wg-archive@lists.ietf.org</a>. If you don't want to receive these emails from Facebook in the future or have your email address used for friend suggestions, you can <font color="#657ABD">unsubscribe</font>. Facebook, Inc. P.O. Box 10005, Palo Alto, CA 94303</td>
</tr>
</tbody>
</table>
<span style="width: 100%;"><img src="" style="border: 0pt none; width: 1px; min-height: 1px;" /><u></u></span></td>
</tr>
</tbody>
</table>
</font>

--=UY9N3X7F7DP2IXMP7XGG--

From ietf-krb-wg-bounces@lists.anl.gov  Mon Sep  5 18:35:58 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfc.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id 92B5B1B60AF7 for <ietfarch-krb-wg-archive@ietfc.amsl.com>; Mon,  5 Sep 2011 18:35:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.42
X-Spam-Level: 
X-Spam-Status: No, score=-5.42 tagged_above=-999 required=5 tests=[AWL=1.179, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([208.66.40.236]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lnBgVANiGWKi for <ietfarch-krb-wg-archive@ietfc.amsl.com>; Mon,  5 Sep 2011 18:35:57 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfc.amsl.com (Postfix) with ESMTP id CDCFF1B60AED for <krb-wg-archive@lists.ietf.org>; Mon,  5 Sep 2011 18:35:54 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 5F13235; Mon,  5 Sep 2011 20:35:53 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 7C3EC2E; Mon,  5 Sep 2011 20:35:48 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 4DE4580EB5; Mon,  5 Sep 2011 20:35:48 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id ECB0980EB4 for <ietf-krb-wg@lists.anl.gov>; Mon,  5 Sep 2011 20:35:46 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id D66A021; Mon,  5 Sep 2011 20:35:46 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id D1AE92E for <ietf-krb-wg@anl.gov>; Mon,  5 Sep 2011 20:35:46 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id CB79921 for <ietf-krb-wg@anl.gov>; Mon,  5 Sep 2011 20:35:46 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id B4F307CC077; Mon,  5 Sep 2011 20:35:46 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 04239-10; Mon, 5 Sep 2011 20:35:46 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 99ABB7CC06B for <ietf-krb-wg@anl.gov>; Mon,  5 Sep 2011 20:35:46 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgAFADR4ZU5uBL2G/2dsb2JhbABCDqgOeYFGAQEBAQMBAQEPASU2CgEQCw4KCRMDDwkDAgECARUBFRoGDQEFAgEBBRmHVZkRAZ54hmoEh2mJM4ISkFVH
X-IronPort-AV: E=Sophos;i="4.68,335,1312174800"; d="scan'208";a="66243862"
Received: from z189134.ppp.asahi-net.or.jp (HELO mama.tanu.org) ([110.4.189.134]) by mailgateway.anl.gov with ESMTP; 05 Sep 2011 20:35:45 -0500
Received: from mactanu.local (64-104-46-217.cisco.com [64.104.46.217]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mama.tanu.org (Postfix) with ESMTPSA id E811916B19; Tue,  6 Sep 2011 10:35:42 +0900 (JST)
Message-ID: <4E6578ED.2020609@tanu.org>
Date: Tue, 06 Sep 2011 10:35:41 +0900
From: Shoichi Sakane <sakane@tanu.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:6.0.1) Gecko/20110830 Thunderbird/6.0.1
MIME-Version: 1.0
To: Jeffrey Hutzelman <jhutz@cmu.edu>
References: <20100910050003.585473A68C2@core3.amsl.com> <96853000A0E2679015A25B99@atlantis.pc.cs.cmu.edu> <1301492025.2583.43.camel@destiny> <4DAE6974.2030809@tanu.org> <Pine.LNX.4.63.1105231320130.16004@sirius.fac.cs.cmu.edu> <4DDB142C.80504@tanu.org> <4698D05F-7468-468B-B805-C7D2F5BF2221@nominum.com> <1306383093.32156.439.camel@destiny> <8472E06B-C78F-41BE-925E-38EEECBFEDFB@nominum.com> <1306421021.32156.487.camel@destiny> <4DEDC552.9020101@tanu.org> <1307454779.7092.29.camel@destiny> <4DEE326F.4010000@tanu.org> <1311860157.2993.123.camel@destiny.pc.cs.cmu.edu> <4E316CC5.5050409@tanu.org>
In-Reply-To: <4E316CC5.5050409@tanu.org>
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: Kerberos-wg <ietf-krb-wg@anl.gov>
Subject: Re: [Ietf-krb-wg] I-D Action:draft-sakane-dhc-dhcpv6-kdc-option-09.txt
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

Jeff,

This is a reminder for you.  In the jabber room of the last IETF meeting,
if my understanding is correct, you said that you would make some action
on the dhc-wg to move the document to the other WGLC.

Could you tell me your progress about it ?  Or do you want me to submit
a request to the dhc WG mailing lit ?

Shoichi

On 7/28/11 11:05 PM, Shoichi Sakane wrote:
> Jeff,
>
> I submit the new version corresponding to your suggestion.
> Please see
> http://www.ietf.org/id/draft-sakane-dhc-dhcpv6-kdc-option-12.txt
>
> Regards,
> Shoichi
>
>> Ok. Reviewing the discussion...
>>
>> The second paragraph of section 5 needs to be removed.
>>
>> I think Ted and I agree, as individuals, that section 6 needs to be
>> removed, and I expect that if you ask DHC, they'll agree.Since we are
>> doing a new WGLC here, I'll reverse my previous decision and ask that
>> you go ahead and remove this before the WGLC starts; if people object,
>> they can do so during the WGLC.
> _______________________________________________
> ietf-krb-wg mailing list
> ietf-krb-wg@lists.anl.gov
> https://lists.anl.gov/mailman/listinfo/ietf-krb-wg
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Tue Sep  6 12:07:39 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 382F421F8D5B for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Tue,  6 Sep 2011 12:07:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.549
X-Spam-Level: 
X-Spam-Status: No, score=-6.549 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VfNDHVb4Ovcn for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Tue,  6 Sep 2011 12:07:36 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id C376421F8D42 for <krb-wg-archive@lists.ietf.org>; Tue,  6 Sep 2011 12:07:32 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 3B1A521; Tue,  6 Sep 2011 14:09:19 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 2F40A35; Tue,  6 Sep 2011 14:09:17 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id D9D2580EAF; Tue,  6 Sep 2011 14:09:16 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 88F1E80E8C for <ietf-krb-wg@lists.anl.gov>; Tue,  6 Sep 2011 14:09:14 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 770597CC080; Tue,  6 Sep 2011 14:09:14 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05764-02; Tue, 6 Sep 2011 14:09:14 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 476EE7CC071 for <ietf-krb-wg@lists.anl.gov>; Tue,  6 Sep 2011 14:09:14 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AtEAAHxvZk6A3iAUkWdsb2JhbAA5AQmoABQBAQEBCQsLBxQFIYFGAQEBAQMaARI6HgYBCBEEAQEZBAQBAwMJMBQJCQEEEwgGh2mYfqBXg0QBH4ImYASTLoRpinyBRA
X-IronPort-AV: E=Sophos;i="4.68,340,1312174800";  d="html'217?scan'217,208,217";a="66292101"
Received: from mexforward.lss.emc.com ([128.222.32.20]) by mailgateway.anl.gov with ESMTP/TLS/DHE-RSA-AES256-SHA; 06 Sep 2011 14:09:12 -0500
Received: from hop04-l1d11-si04.isus.emc.com (HOP04-L1D11-SI04.isus.emc.com [10.254.111.24]) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id p86J9Au2007154 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-krb-wg@lists.anl.gov>; Tue, 6 Sep 2011 15:09:10 -0400
Received: from mailhub.lss.emc.com (mailhub.lss.emc.com [10.254.222.129]) by hop04-l1d11-si04.isus.emc.com (RSA Interceptor) for <ietf-krb-wg@lists.anl.gov>; Tue, 6 Sep 2011 15:09:01 -0400
Received: from mxhub31.corp.emc.com (mxhub31.corp.emc.com [128.221.47.160]) by mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id p86J8tT9031234 for <ietf-krb-wg@lists.anl.gov>; Tue, 6 Sep 2011 15:08:56 -0400
Received: from MX11A.corp.emc.com ([169.254.1.161]) by mxhub31.corp.emc.com ([128.221.47.160]) with mapi; Tue, 6 Sep 2011 15:08:56 -0400
From: <gareth.richards@rsa.com>
To: <ietf-krb-wg@lists.anl.gov>
Date: Tue, 6 Sep 2011 15:08:52 -0400
Thread-Topic: Gen-ART review of draft-ietf-krb-wg-otp-preauth-18
Thread-Index: AcxsbnO9yoCMx/xMQe6veEuao6bwigAPEyYgAAdc0fA=
Message-ID: <B1371F619AB0A94C9AC73CF2E475485B038C618035@MX11A.corp.emc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: multipart/mixed; boundary="_002_B1371F619AB0A94C9AC73CF2E475485B038C618035MX11Acorpemcc_"
MIME-Version: 1.0
X-EMM-MHVC: 1
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Subject: Re: [Ietf-krb-wg] Gen-ART review of draft-ietf-krb-wg-otp-preauth-18
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

--_002_B1371F619AB0A94C9AC73CF2E475485B038C618035MX11Acorpemcc_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


I have completed the changes to the OTP pre-auth draft that came about from=
 the WG discussion on nonce usage and the AD and Gen ART reviews.  The rfcd=
iff output is attached.

--Gareth

A) WG discussion on nonce usage

1. Section 3.2 - KDC Challenge
Changed text in paragraph 3 regarding nonce in PA-OTP-CHALLENGE

2 Section 4.1 - PA-OTP-CHALLENGE

B) Stephen's AD review comments

1. Section 1.1
Expanded the acronym FAST

2. Section 1.2
Removed text regarding 4-pass mode only being usable in cases requiring pre=
-authentication.

3. Section 3.6 - Reply Key Generation
Removed the use of "||" as well as "|" for concatenation.

4. Section 3.3 - Client Response
Added requirement for otp-service and otp-vendor matching to be case-sensit=
ive.

5. Appendix A - ASN.1 Module
Fixed comment in ASN.1 module to import from RFC5280 and added normative re=
ference.

C) David Black's Gen Art review comments

1. Section 6.1 - Security Considerations Clarified text regarding the use o=
f anonymous PKINIT with algorithms requiring OTP values to be sent to the K=
DC.

2. Section - IANA considerations
Clarified the text in sections 4.1, 4.2 and 5 so that the otp-algID MUST be=
 a URI and SHOULD be from the PSKC registry of RFC6030.

3. Section 2.4 - Re-Synchronization
Added a paragraph to expand on how the re-synchronization mechanism describ=
ed in the document can be used.

> -----Original Message-----
> From: Sam Hartman [mailto:hartmans-ietf@mit.edu]
> Sent: 06 September 2011 04:24
> To: Richards, Gareth
> Cc: krb-wg-ads@tools.ietf.org; krb-wg-chairs@tools.ietf.org
> Subject: Re: Gen-ART review of draft-ietf-krb-wg-otp-preauth-18
>
> Hi.  I'd appreciate it if you could prepare a new version including
> all the proposed fixes. I'd prefer you stick with shoulds for the OTP
> alg IDs, although you should probably include a MUSt be a URI.
>
> I'd appreciate it if you would send an rfcdiff to the list and to
> Stephen rather than actually uploading. If Stephen acks and no one on
> the WG objects then he can take to the IESG.


--_002_B1371F619AB0A94C9AC73CF2E475485B038C618035MX11Acorpemcc_
Content-Type: text/html;
	name="draft-ietf-krb-wg-otp-preauth-19-from-18.diff.html"
Content-Description: draft-ietf-krb-wg-otp-preauth-19-from-18.diff.html
Content-Disposition: attachment;
	filename="draft-ietf-krb-wg-otp-preauth-19-from-18.diff.html"; size=108213;
	creation-date="Tue, 06 Sep 2011 14:19:01 GMT";
	modification-date="Tue, 06 Sep 2011 14:19:01 GMT"
Content-Transfer-Encoding: base64

PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBYSFRNTCAxLjAgVHJhbnNpdGlvbmFs
Ly9FTiIgImh0dHA6Ly93d3cudzMub3JnL1RSL3hodG1sMS9EVEQveGh0bWwxLXRyYW5zaXRpb25h
bC5kdGQiPiAKPCEtLSBHZW5lcmF0ZWQgYnkgcmZjZGlmZiAxLjQxOiByZmNkaWZmICAtLT4gCjwh
LS0gPCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMDEgVHJhbnNpdGlv
bmFsIiA+IC0tPgo8IS0tIFN5c3RlbTogQ1lHV0lOX05ULTYuMS1XT1c2NCBVS0VOUklDSEFHM0wx
QyAxLjcuOSgwLjIzNy81LzMpIDIwMTEtMDMtMjkgMTA6MTAgaTY4NiBDeWd3aW4gLS0+IAo8IS0t
IFVzaW5nIGF3azogL3Vzci9iaW4vZ2F3azogR05VIEF3ayA0LjAuMCAtLT4gCjwhLS0gVXNpbmcg
ZGlmZjogL3Vzci9iaW4vZGlmZjogZGlmZiAoR05VIGRpZmZ1dGlscykgMi45IC0tPiAKPCEtLSBV
c2luZyB3ZGlmZjogOiAgLS0+IAo8aHRtbD4gCjxoZWFkPiAKICA8bWV0YSBodHRwLWVxdWl2PSJD
b250ZW50LVR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD1pc28tODg1OS0xIiAvPiAK
ICA8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVN0eWxlLVR5cGUiIGNvbnRlbnQ9InRleHQvY3Nz
IiAvPiAKICA8dGl0bGU+RGlmZjogZHJhZnQtaWV0Zi1rcmItd2ctb3RwLXByZWF1dGgtMTgudHh0
IC0gZHJhZnQtaWV0Zi1rcmItd2ctb3RwLXByZWF1dGgtMTkudHh0PC90aXRsZT4gCiAgPHN0eWxl
IHR5cGU9InRleHQvY3NzIj4gCiAgICBib2R5ICAgIHsgbWFyZ2luOiAwLjRleDsgbWFyZ2luLXJp
Z2h0OiBhdXRvOyB9IAogICAgdHIgICAgICB7IH0gCiAgICB0ZCAgICAgIHsgd2hpdGUtc3BhY2U6
IHByZTsgZm9udC1mYW1pbHk6IG1vbm9zcGFjZTsgdmVydGljYWwtYWxpZ246IHRvcDsgZm9udC1z
aXplOiAwLjg2ZW07fSAKICAgIHRoICAgICAgeyBmb250LXNpemU6IDAuODZlbTsgfSAKICAgIC5z
bWFsbCAgeyBmb250LXNpemU6IDAuNmVtOyBmb250LXN0eWxlOiBpdGFsaWM7IGZvbnQtZmFtaWx5
OiBWZXJkYW5hLCBIZWx2ZXRpY2EsIHNhbnMtc2VyaWY7IH0gCiAgICAubGVmdCAgIHsgYmFja2dy
b3VuZC1jb2xvcjogI0VFRTsgfSAKICAgIC5yaWdodCAgeyBiYWNrZ3JvdW5kLWNvbG9yOiAjRkZG
OyB9IAogICAgLmRpZmYgICB7IGJhY2tncm91bmQtY29sb3I6ICNDQ0Y7IH0gCiAgICAubGJsb2Nr
IHsgYmFja2dyb3VuZC1jb2xvcjogI0JGQjsgfSAKICAgIC5yYmxvY2sgeyBiYWNrZ3JvdW5kLWNv
bG9yOiAjRkY4OyB9IAogICAgLmluc2VydCB7IGJhY2tncm91bmQtY29sb3I6ICM4RkY7IH0gCiAg
ICAuZGVsZXRlIHsgYmFja2dyb3VuZC1jb2xvcjogI0FDRjsgfSAKICAgIC52b2lkICAgeyBiYWNr
Z3JvdW5kLWNvbG9yOiAjRkZCOyB9IAogICAgLmNvbnQgICB7IGJhY2tncm91bmQtY29sb3I6ICNF
RUU7IH0gCiAgICAubGluZWJyIHsgYmFja2dyb3VuZC1jb2xvcjogI0FBQTsgfSAKICAgIC5saW5l
bm8geyBjb2xvcjogcmVkOyBiYWNrZ3JvdW5kLWNvbG9yOiAjRkZGOyBmb250LXNpemU6IDAuN2Vt
OyB0ZXh0LWFsaWduOiByaWdodDsgcGFkZGluZzogMCAycHg7IH0gCiAgICAuZWxpcHNpc3sgYmFj
a2dyb3VuZC1jb2xvcjogI0FBQTsgfSAKICAgIC5sZWZ0IC5jb250IHsgYmFja2dyb3VuZC1jb2xv
cjogI0RERDsgfSAKICAgIC5yaWdodCAuY29udCB7IGJhY2tncm91bmQtY29sb3I6ICNFRUU7IH0g
CiAgICAubGJsb2NrIC5jb250IHsgYmFja2dyb3VuZC1jb2xvcjogIzlEOTsgfSAKICAgIC5yYmxv
Y2sgLmNvbnQgeyBiYWNrZ3JvdW5kLWNvbG9yOiAjREQ2OyB9IAogICAgLmluc2VydCAuY29udCB7
IGJhY2tncm91bmQtY29sb3I6ICMwREQ7IH0gCiAgICAuZGVsZXRlIC5jb250IHsgYmFja2dyb3Vu
ZC1jb2xvcjogIzhBRDsgfSAKICAgIC5zdGF0cywgLnN0YXRzIHRkLCAuc3RhdHMgdGggeyBiYWNr
Z3JvdW5kLWNvbG9yOiAjRUVFOyBwYWRkaW5nOiAycHggMDsgfSAKICA8L3N0eWxlPiAKPC9oZWFk
PiAKPGJvZHkgPiAKICA8dGFibGUgYm9yZGVyPSIwIiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNp
bmc9IjAiPiAKICA8dHIgYmdjb2xvcj0ib3JhbmdlIj48dGg+PC90aD48dGg+Jm5ic3A7ZHJhZnQt
aWV0Zi1rcmItd2ctb3RwLXByZWF1dGgtMTgudHh0Jm5ic3A7PC90aD48dGg+IDwvdGg+PHRoPiZu
YnNwO2RyYWZ0LWlldGYta3JiLXdnLW90cC1wcmVhdXRoLTE5LnR4dCZuYnNwOzwvdGg+PHRoPjwv
dGg+PC90cj4gCiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0
ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+TmV0d29yayBX
b3JraW5nIEdyb3VwICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEcuIFJp
Y2hhcmRzPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+TmV0d29yayBXb3JraW5nIEdy
b3VwICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEcuIFJpY2hhcmRzPC90
ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0
ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPkludGVy
bmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICBSU0EsIFRoZSBTZWN1cml0eSBE
aXZpc2lvbiBvZjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPkludGVybmV0LURyYWZ0
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICBSU0EsIFRoZSBTZWN1cml0eSBEaXZpc2lvbiBv
ZjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij5J
bnRlbmRlZCBzdGF0dXM6IFN0YW5kYXJkcyBUcmFjayAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICBFTUM8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij5JbnRlbmRlZCBz
dGF0dXM6IFN0YW5kYXJkcyBUcmFjayAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICBFTUM8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkPjxhIG5hbWU9ImRpZmYwMDAxIiAvPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+RXhwaXJl
czogPHNwYW4gY2xhc3M9ImRlbGV0ZSI+SmFudWFyeSAyNywgMjAxMiAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICBKdWx5IDI8L3NwYW4+NiwgMjAxMTwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmJsb2NrIj5FeHBpcmVzOiA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij5NYXJjaCA5LCAyMDEy
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgU2VwdGVtYmVyIDwvc3Bhbj42LCAyMDEx
PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZh
bGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWdu
PSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAgICAgICAgICAgICAgICAgICAgT1RQ
IFByZS1hdXRoZW50aWNhdGlvbjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAg
ICAgICAgICAgICAgICAgICAgICBPVFAgUHJlLWF1dGhlbnRpY2F0aW9uPC90ZD48dGQgY2xhc3M9
ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZD48YSBuYW1lPSJk
aWZmMDAwMiIgLz48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWdu
PSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgICAgICAgICAgICAgICAgICAgZHJhZnQt
aWV0Zi1rcmItd2ctb3RwLXByZWF1dGgtMTxzcGFuIGNsYXNzPSJkZWxldGUiPjg8L3NwYW4+PC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgICAgICAgICAgICAgICAgICAgZHJhZnQt
aWV0Zi1rcmItd2ctb3RwLXByZWF1dGgtMTxzcGFuIGNsYXNzPSJpbnNlcnQiPjk8L3NwYW4+PC90
ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0
ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGln
bj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0
b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij5BYnN0cmFjdDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmlnaHQiPkFic3RyYWN0PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBUaGUgS2Vy
YmVyb3MgcHJvdG9jb2wgcHJvdmlkZXMgYSBmcmFtZXdvcmsgYXV0aGVudGljYXRpbmcgYSBjbGll
bnQ8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBUaGUgS2VyYmVyb3MgcHJvdG9j
b2wgcHJvdmlkZXMgYSBmcmFtZXdvcmsgYXV0aGVudGljYXRpbmcgYSBjbGllbnQ8L3RkPjx0ZCBj
bGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgdXNpbmcgdGhl
IGV4Y2hhbmdlIG9mIHByZS1hdXRoZW50aWNhdGlvbiBkYXRhLiAgVGhpcyBkb2N1bWVudDwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIHVzaW5nIHRoZSBleGNoYW5nZSBvZiBwcmUt
YXV0aGVudGljYXRpb24gZGF0YS4gIFRoaXMgZG9jdW1lbnQ8L3RkPjx0ZCBjbGFzcz0ibGluZW5v
IiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZh
bGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgZGVzY3JpYmVzIHRoZSB1c2Ugb2Yg
dGhpcyBmcmFtZXdvcmsgdG8gY2Fycnkgb3V0IE9uZSBUaW1lIFBhc3N3b3JkPC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgZGVzY3JpYmVzIHRoZSB1c2Ugb2YgdGhpcyBmcmFtZXdv
cmsgdG8gY2Fycnkgb3V0IE9uZSBUaW1lIFBhc3N3b3JkPC90ZD48dGQgY2xhc3M9ImxpbmVubyIg
dmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxp
Z249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIChPVFApIGF1dGhlbnRpY2F0aW9uLjwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIChPVFApIGF1dGhlbnRpY2F0aW9uLjwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxp
Z249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0i
dG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+U3RhdHVzIG9mIHRoaXMgTWVtbzwvdGQ+PHRkPiA8
L3RkPjx0ZCBjbGFzcz0icmlnaHQiPlN0YXR1cyBvZiB0aGlzIE1lbW88L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48L3RyPgogICAgICA8dHIgYmdjb2xvcj0iZ3JheSIgPjx0ZD48L3RkPjx0aD48YSBuYW1l
PSJwYXJ0LWwyIiAvPjxzbWFsbD5za2lwcGluZyB0byBjaGFuZ2UgYXQ8L3NtYWxsPjxlbT4gcGFn
ZSAxLCBsaW5lIDMzPC9lbT48L3RoPjx0aD4gPC90aD48dGg+PGEgbmFtZT0icGFydC1yMiIgLz48
c21hbGw+c2tpcHBpbmcgdG8gY2hhbmdlIGF0PC9zbWFsbD48ZW0+IHBhZ2UgMSwgbGluZSAzMzwv
ZW0+PC90aD48dGQ+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGln
bj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgSW50ZXJuZXQtRHJhZnRzIGFyZSB3b3Jr
aW5nIGRvY3VtZW50cyBvZiB0aGUgSW50ZXJuZXQgRW5naW5lZXJpbmc8L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij4gICBJbnRlcm5ldC1EcmFmdHMgYXJlIHdvcmtpbmcgZG9jdW1lbnRz
IG9mIHRoZSBJbnRlcm5ldCBFbmdpbmVlcmluZzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGln
bj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0
b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBUYXNrIEZvcmNlIChJRVRGKS4gIE5vdGUgdGhh
dCBvdGhlciBncm91cHMgbWF5IGFsc28gZGlzdHJpYnV0ZTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmlnaHQiPiAgIFRhc2sgRm9yY2UgKElFVEYpLiAgTm90ZSB0aGF0IG90aGVyIGdyb3VwcyBt
YXkgYWxzbyBkaXN0cmlidXRlPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPiAgIHdvcmtpbmcgZG9jdW1lbnRzIGFzIEludGVybmV0LURyYWZ0cy4g
IFRoZSBsaXN0IG9mIGN1cnJlbnQgSW50ZXJuZXQtPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
aWdodCI+ICAgd29ya2luZyBkb2N1bWVudHMgYXMgSW50ZXJuZXQtRHJhZnRzLiAgVGhlIGxpc3Qg
b2YgY3VycmVudCBJbnRlcm5ldC08L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+
PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3Rk
Pjx0ZCBjbGFzcz0ibGVmdCI+ICAgRHJhZnRzIGlzIGF0IGh0dHA6Ly9kYXRhdHJhY2tlci5pZXRm
Lm9yZy9kcmFmdHMvY3VycmVudC8uPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAg
RHJhZnRzIGlzIGF0IGh0dHA6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kcmFmdHMvY3VycmVudC8u
PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZh
bGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWdu
PSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBJbnRlcm5ldC1EcmFmdHMgYXJlIGRyYWZ0
IGRvY3VtZW50cyB2YWxpZCBmb3IgYSBtYXhpbXVtIG9mIHNpeCBtb250aHM8L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBJbnRlcm5ldC1EcmFmdHMgYXJlIGRyYWZ0IGRvY3VtZW50
cyB2YWxpZCBmb3IgYSBtYXhpbXVtIG9mIHNpeCBtb250aHM8L3RkPjx0ZCBjbGFzcz0ibGluZW5v
IiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZh
bGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgYW5kIG1heSBiZSB1cGRhdGVkLCBy
ZXBsYWNlZCwgb3Igb2Jzb2xldGVkIGJ5IG90aGVyIGRvY3VtZW50cyBhdCBhbnk8L3RkPjx0ZD4g
PC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBhbmQgbWF5IGJlIHVwZGF0ZWQsIHJlcGxhY2VkLCBv
ciBvYnNvbGV0ZWQgYnkgb3RoZXIgZG9jdW1lbnRzIGF0IGFueTwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIg
dmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICB0aW1lLiAgSXQgaXMgaW5hcHBy
b3ByaWF0ZSB0byB1c2UgSW50ZXJuZXQtRHJhZnRzIGFzIHJlZmVyZW5jZTwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmlnaHQiPiAgIHRpbWUuICBJdCBpcyBpbmFwcHJvcHJpYXRlIHRvIHVzZSBJ
bnRlcm5ldC1EcmFmdHMgYXMgcmVmZXJlbmNlPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWdu
PSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRv
cCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIG1hdGVyaWFsIG9yIHRvIGNpdGUgdGhlbSBvdGhl
ciB0aGFuIGFzICJ3b3JrIGluIHByb2dyZXNzLiI8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJp
Z2h0Ij4gICBtYXRlcmlhbCBvciB0byBjaXRlIHRoZW0gb3RoZXIgdGhhbiBhcyAid29yayBpbiBw
cm9ncmVzcy4iPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJs
aW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQ+PGEgbmFtZT0iZGlm
ZjAwMDMiIC8+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0i
dG9wIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICBUaGlzIEludGVybmV0LURyYWZ0IHdpbGwg
ZXhwaXJlIG9uIDxzcGFuIGNsYXNzPSJkZWxldGUiPkphbnVhcnkgMjc8L3NwYW4+LCAyMDEyLjwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICBUaGlzIEludGVybmV0LURyYWZ0IHdp
bGwgZXhwaXJlIG9uIDxzcGFuIGNsYXNzPSJpbnNlcnQiPk1hcmNoIDk8L3NwYW4+LCAyMDEyLjwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxp
Z249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0i
dG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+Q29weXJpZ2h0IE5vdGljZTwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmlnaHQiPkNvcHlyaWdodCBOb3RpY2U8L3RkPjx0ZCBjbGFzcz0ibGluZW5v
IiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZh
bGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPiAgIENvcHlyaWdodCAoYykgMjAxMSBJRVRGIFRydXN0IGFuZCB0aGUgcGVyc29ucyBp
ZGVudGlmaWVkIGFzIHRoZTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIENvcHly
aWdodCAoYykgMjAxMSBJRVRGIFRydXN0IGFuZCB0aGUgcGVyc29ucyBpZGVudGlmaWVkIGFzIHRo
ZTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4g
ICBkb2N1bWVudCBhdXRob3JzLiAgQWxsIHJpZ2h0cyByZXNlcnZlZC48L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij4gICBkb2N1bWVudCBhdXRob3JzLiAgQWxsIHJpZ2h0cyByZXNlcnZl
ZC48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIg
dmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxp
Z249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIFRoaXMgZG9jdW1lbnQgaXMgc3ViamVj
dCB0byBCQ1AgNzggYW5kIHRoZSBJRVRGIFRydXN0J3MgTGVnYWw8L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJpZ2h0Ij4gICBUaGlzIGRvY3VtZW50IGlzIHN1YmplY3QgdG8gQkNQIDc4IGFuZCB0
aGUgSUVURiBUcnVzdCdzIExlZ2FsPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3Ai
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90
ZD48dGQgY2xhc3M9ImxlZnQiPiAgIFByb3Zpc2lvbnMgUmVsYXRpbmcgdG8gSUVURiBEb2N1bWVu
dHM8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBQcm92aXNpb25zIFJlbGF0aW5n
IHRvIElFVEYgRG9jdW1lbnRzPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPiAgIChodHRwOi8vdHJ1c3RlZS5pZXRmLm9yZy9saWNlbnNlLWluZm8p
IGluIGVmZmVjdCBvbiB0aGUgZGF0ZSBvZjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQi
PiAgIChodHRwOi8vdHJ1c3RlZS5pZXRmLm9yZy9saWNlbnNlLWluZm8pIGluIGVmZmVjdCBvbiB0
aGUgZGF0ZSBvZjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNz
PSJsZWZ0Ij4gICBwdWJsaWNhdGlvbiBvZiB0aGlzIGRvY3VtZW50LiAgUGxlYXNlIHJldmlldyB0
aGVzZSBkb2N1bWVudHM8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBwdWJsaWNh
dGlvbiBvZiB0aGlzIGRvY3VtZW50LiAgUGxlYXNlIHJldmlldyB0aGVzZSBkb2N1bWVudHM8L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
ciBiZ2NvbG9yPSJncmF5IiA+PHRkPjwvdGQ+PHRoPjxhIG5hbWU9InBhcnQtbDMiIC8+PHNtYWxs
PnNraXBwaW5nIHRvIGNoYW5nZSBhdDwvc21hbGw+PGVtPiBwYWdlIDMsIGxpbmUgMTg8L2VtPjwv
dGg+PHRoPiA8L3RoPjx0aD48YSBuYW1lPSJwYXJ0LXIzIiAvPjxzbWFsbD5za2lwcGluZyB0byBj
aGFuZ2UgYXQ8L3NtYWxsPjxlbT4gcGFnZSAzLCBsaW5lIDE4PC9lbT48L3RoPjx0ZD48L3RkPjwv
dHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNs
YXNzPSJsZWZ0Ij4gICAgIDEuMS4gIFNjb3BlICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDQ8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0
Ij4gICAgIDEuMS4gIFNjb3BlICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gIDQ8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0
ZCBjbGFzcz0ibGVmdCI+ICAgICAxLjIuICBPdmVyYWxsIERlc2lnbiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICA0PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
aWdodCI+ICAgICAxLjIuICBPdmVyYWxsIERlc2lnbiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuICA0PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3Ai
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90
ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgMS4zLiAgQ29udmVudGlvbnMgVXNlZCBpbiB0aGlzIERv
Y3VtZW50ICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgNTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmlnaHQiPiAgICAgMS4zLiAgQ29udmVudGlvbnMgVXNlZCBpbiB0aGlzIERvY3VtZW50ICAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgNTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0i
dG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3Ai
PjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAyLiAgVXNhZ2UgT3ZlcnZpZXcgLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDU8L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJpZ2h0Ij4gICAyLiAgVXNhZ2UgT3ZlcnZpZXcgLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDU8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxp
Z249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0i
dG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAyLjEuICBPVFAgTWVjaGFuaXNtIFN1cHBv
cnQgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICA1PC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyaWdodCI+ICAgICAyLjEuICBPVFAgTWVjaGFuaXNtIFN1cHBvcnQgIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICA1PC90ZD48dGQgY2xhc3M9ImxpbmVubyIg
dmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxp
Z249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgMi4yLiAgUHJlLUF1dGhlbnRpY2F0
aW9uIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgNTwvdGQ+PHRkPiA8
L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgMi4yLiAgUHJlLUF1dGhlbnRpY2F0aW9uIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgNTwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIg
dmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgIDIuMy4gIFBJTiBDaGFuZ2Ug
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDY8L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgIDIuMy4gIFBJTiBDaGFuZ2UgLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDY8L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAyLjQuICBSZS1TeW5j
aHJvbml6YXRpb24gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICA3PC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAyLjQuICBSZS1TeW5jaHJvbml6YXRp
b24gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICA3PC90ZD48dGQgY2xh
c3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIDMuICBQcmUtQXV0
aGVudGljYXRpb24gUHJvdG9jb2wgRGV0YWlscyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAg
NzwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIDMuICBQcmUtQXV0aGVudGljYXRp
b24gUHJvdG9jb2wgRGV0YWlscyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgNzwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgIDMuMS4g
IEluaXRpYWwgQ2xpZW50IFJlcXVlc3QgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gIDc8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgIDMuMS4gIEluaXRpYWwg
Q2xpZW50IFJlcXVlc3QgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDc8L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
PjxhIG5hbWU9ImRpZmYwMDA0IiAvPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgICAzLjIuICBLREMg
Q2hhbGxlbmdlICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICA8
c3BhbiBjbGFzcz0iZGVsZXRlIj43PC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJs
b2NrIj4gICAgIDMuMi4gIEtEQyBDaGFsbGVuZ2UgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gIDxzcGFuIGNsYXNzPSJpbnNlcnQiPjg8L3NwYW4+PC90ZD48dGQg
Y2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgMy4zLiAg
Q2xpZW50IFJlc3BvbnNlICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAxMDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgMy4zLiAgQ2xpZW50IFJl
c3BvbnNlICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAxMDwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgIDMu
NC4gIFZlcmlmeWluZyB0aGUgcHJlLWF1dGggRGF0YSAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gMTM8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgIDMuNC4gIFZlcmlm
eWluZyB0aGUgcHJlLWF1dGggRGF0YSAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMTM8
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAg
ICAzLjUuICBDb25maXJtaW5nIHRoZSBSZXBseSBLZXkgQ2hhbmdlICAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIDE1PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAzLjUuICBD
b25maXJtaW5nIHRoZSBSZXBseSBLZXkgQ2hhbmdlICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IDE1PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQi
PiAgICAgMy42LiAgUmVwbHkgS2V5IEdlbmVyYXRpb24gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAxNTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgMy42
LiAgUmVwbHkgS2V5IEdlbmVyYXRpb24gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAxNTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJs
ZWZ0Ij4gICA0LiAgT1RQIEtlcmJlcm9zIE1lc3NhZ2UgVHlwZXMgLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gMTc8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICA0
LiAgT1RQIEtlcmJlcm9zIE1lc3NhZ2UgVHlwZXMgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gMTc8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3Ry
PgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFz
cz0ibGVmdCI+ICAgICA0LjEuICBQQS1PVFAtQ0hBTExFTkdFIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIDE3PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+
ICAgICA0LjEuICBQQS1PVFAtQ0hBTExFTkdFIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIDE3PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQg
Y2xhc3M9ImxlZnQiPiAgICAgNC4yLiAgUEEtT1RQLVJFUVVFU1QgLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAyMTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmln
aHQiPiAgICAgNC4yLiAgUEEtT1RQLVJFUVVFU1QgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAyMTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij4gICAgIDQuMy4gIFBBLU9UUC1QSU4tQ0hBTkdFICAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMjU8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJpZ2h0Ij4gICAgIDQuMy4gIFBBLU9UUC1QSU4tQ0hBTkdFICAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gMjU8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRv
cCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48
L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgNS4gIElBTkEgQ29uc2lkZXJhdGlvbnMgIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDI2PC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyaWdodCI+ICAgNS4gIElBTkEgQ29uc2lkZXJhdGlvbnMgIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDI2PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWdu
PSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRv
cCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIDYuICBTZWN1cml0eSBDb25zaWRlcmF0aW9ucyAg
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAyNzwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmlnaHQiPiAgIDYuICBTZWN1cml0eSBDb25zaWRlcmF0aW9ucyAgLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAyNzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZh
bGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWdu
PSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgIDYuMS4gIE1hbi1pbi10aGUtTWlkZGxl
ICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMjc8L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgIDYuMS4gIE1hbi1pbi10aGUtTWlkZGxlICAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMjc8L3RkPjx0ZCBjbGFzcz0ibGluZW5v
IiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZh
bGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICA2LjIuICBSZWZsZWN0aW9uIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDI4PC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICA2LjIuICBSZWZsZWN0aW9uIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDI4PC90ZD48dGQgY2xhc3M9Imxp
bmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
IiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgNi4zLiAgRGVuaWFsIG9m
IFNlcnZpY2UgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAyODwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgNi4zLiAgRGVuaWFsIG9mIFNlcnZpY2Ug
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAyODwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgIDYuNC4gIFJlcGxh
eSAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMjg8
L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgIDYuNC4gIFJlcGxheSAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMjg8L3RkPjx0ZCBj
bGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICA2LjUuICBC
cnV0ZSBGb3JjZSBBdHRhY2sgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IDI5PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICA2LjUuICBCcnV0ZSBGb3Jj
ZSBBdHRhY2sgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDI5PC90ZD48
dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgNi42
LiAgRkFTVCBGYWNpbGl0aWVzICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAyOTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgNi42LiAgRkFTVCBG
YWNpbGl0aWVzICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAyOTwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICA3
LiAgQWNrbm93bGVkZ21lbnRzICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gMzA8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICA3LiAgQWNrbm93
bGVkZ21lbnRzICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
MzA8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+
ICAgOC4gIFJlZmVyZW5jZXMgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIDMwPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgOC4gIFJl
ZmVyZW5jZXMgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIDMwPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9Imxl
ZnQiPiAgICAgOC4xLiAgTm9ybWF0aXZlIFJlZmVyZW5jZXMgLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAzMDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAg
OC4xLiAgTm9ybWF0aXZlIFJlZmVyZW5jZXMgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAzMDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNz
PSJsZWZ0Ij4gICAgIDguMi4gIEluZm9ybWF0aXZlIFJlZmVyZW5jZXMgLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gMzE8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4g
ICAgIDguMi4gIEluZm9ybWF0aXZlIFJlZmVyZW5jZXMgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gMzE8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkPjxhIG5hbWU9ImRpZmYwMDA1IiAvPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxibG9j
ayI+ICAgQXBwZW5kaXggQS4gIEFTTi4xIE1vZHVsZSAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIDM8c3BhbiBjbGFzcz0iZGVsZXRlIj4xPC9zcGFuPjwvdGQ+PHRkPiA8
L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICBBcHBlbmRpeCBBLiAgQVNOLjEgTW9kdWxlICAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMzxzcGFuIGNsYXNzPSJpbnNlcnQi
PjI8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPiAgIEFwcGVuZGl4IEIuICBFeGFtcGxlcyBvZiBPVFAgUHJlLUF1dGhlbnRpY2F0aW9u
IEV4Y2hhbmdlcyAgLiAuIC4gLiAzNDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAg
IEFwcGVuZGl4IEIuICBFeGFtcGxlcyBvZiBPVFAgUHJlLUF1dGhlbnRpY2F0aW9uIEV4Y2hhbmdl
cyAgLiAuIC4gLiAzNDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwv
dHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNs
YXNzPSJsZWZ0Ij4gICAgIEIuMS4gIEZvdXIgUGFzcyBBdXRoZW50aWNhdGlvbiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMzQ8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0
Ij4gICAgIEIuMS4gIEZvdXIgUGFzcyBBdXRoZW50aWNhdGlvbiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gMzQ8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0
ZCBjbGFzcz0ibGVmdCI+ICAgICBCLjIuICBUd28gUGFzcyBBdXRoZW50aWNhdGlvbiAgLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDM2PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
aWdodCI+ICAgICBCLjIuICBUd28gUGFzcyBBdXRoZW50aWNhdGlvbiAgLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIDM2PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3Ai
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZD48YSBuYW1lPSJkaWZmMDAwNiIgLz48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNz
PSJsYmxvY2siPiAgICAgQi4zLiAgUElOIENoYW5nZSAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAzPHNwYW4gY2xhc3M9ImRlbGV0ZSI+Nzwvc3Bhbj48L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgICBCLjMuICBQSU4gQ2hhbmdlIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDM8c3BhbiBjbGFzcz0i
aW5zZXJ0Ij44PC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3Rk
PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRk
IGNsYXNzPSJsZWZ0Ij4gICAgIEIuNC4gIFJlc3luY2hyb25pemF0aW9uICAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMzk8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJp
Z2h0Ij4gICAgIEIuNC4gIFJlc3luY2hyb25pemF0aW9uICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gMzk8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+
PC90ZD48L3RyPgogICAgICA8dHI+PHRkPjxhIG5hbWU9ImRpZmYwMDA3IiAvPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9
ImxibG9jayI+ICAgQXV0aG9yJ3MgQWRkcmVzcyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIDQ8c3BhbiBjbGFzcz0iZGVsZXRlIj4wPC9zcGFuPjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICBBdXRob3IncyBBZGRyZXNzIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gNDxzcGFuIGNsYXNzPSJp
bnNlcnQiPjE8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQg
Y2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4xLiAgSW50cm9kdWN0
aW9uPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+MS4gIEludHJvZHVjdGlvbjwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249
InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9w
Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+MS4xLiAgU2NvcGU8L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij4xLjEuICBTY29wZTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9w
Ij48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwv
dGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
PjxhIG5hbWU9ImRpZmYwMDA4IiAvPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgVGhpcyBkb2N1bWVu
dCBkZXNjcmliZXMgYSBGPHNwYW4gY2xhc3M9ImRlbGV0ZSI+QVNUIFtSRkM2MTEzXSBmYWN0b3Ig
dGhhdCBhbGxvd3MgT25lLVRpbWU8L3NwYW4+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxv
Y2siPiAgIFRoaXMgZG9jdW1lbnQgZGVzY3JpYmVzIGEgRjxzcGFuIGNsYXNzPSJpbnNlcnQiPmxl
eGlibGUgQXV0aGVudGljYXRpb24gU2VjdXJlIFR1bm5lbGluZzwvc3Bhbj48L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICA8c3BhbiBjbGFz
cz0iZGVsZXRlIj5QYXNzd29yZCAoT1RQKSB2YWx1ZXMgdG8gYmUgdXNlZCBpbiB0aGUgS2VyYmVy
b3MgVjUgW1JGQzQxMjBdIHByZS08L3NwYW4+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxv
Y2siPiAgIDxzcGFuIGNsYXNzPSJpbnNlcnQiPihGQVNUKSBbUkZDNjExM10gZmFjdG9yIHRoYXQg
YWxsb3dzIE9uZS1UaW1lIFBhc3N3b3JkIChPVFApIHZhbHVlcyB0bzwvc3Bhbj48L3RkPjx0ZCBj
bGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICA8c3BhbiBj
bGFzcz0iZGVsZXRlIj5hdXRoZW50aWNhdGlvbiBpbiBhIG1hbm5lciB0aGF0IGRvZXMgbm90IHJl
cXVpcmUgdXNlIG9mIHRoZSB1c2VyJ3M8L3NwYW4+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
YmxvY2siPiAgIDxzcGFuIGNsYXNzPSJpbnNlcnQiPmJlIHVzZWQgaW4gdGhlIEtlcmJlcm9zIFY1
IFtSRkM0MTIwXSBwcmUtYXV0aGVudGljYXRpb24gaW4gYSBtYW5uZXI8L3NwYW4+PC90ZD48dGQg
Y2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgPHNwYW4g
Y2xhc3M9ImRlbGV0ZSI+S2VyYmVyb3MgcGFzc3dvcmQuICBUaGUgc3lzdGVtIGlzIGRlc2lnbmVk
IHRvIHdvcmsgd2l0aCBkaWZmZXJlbnQ8L3NwYW4+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
YmxvY2siPiAgIDxzcGFuIGNsYXNzPSJpbnNlcnQiPnRoYXQgZG9lcyBub3QgcmVxdWlyZSB1c2Ug
b2YgdGhlIHVzZXIncyBLZXJiZXJvcyBwYXNzd29yZC4gIFRoZTwvc3Bhbj48L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICA8c3BhbiBjbGFz
cz0iZGVsZXRlIj50eXBlcyBvZiBPVFAgYWxnb3JpdGhtcyBzdWNoIGFzIHRpbWUtYmFzZWQgT1RQ
cyBbUkZDMjgwOF0sIGNvdW50ZXItPC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJs
b2NrIj4gICA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij5zeXN0ZW0gaXMgZGVzaWduZWQgdG8gd29yayB3
aXRoIGRpZmZlcmVudCB0eXBlcyBvZiBPVFAgYWxnb3JpdGhtczwvc3Bhbj48L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICA8c3BhbiBjbGFz
cz0iZGVsZXRlIj5iYXNlZCB0b2tlbnMgW1JGQzQyMjZdIGFuZCBjaGFsbGVuZ2UtcmVzcG9uc2Ug
c3lzdGVtcyBzdWNoIGFzPC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4g
ICA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij5zdWNoIGFzIHRpbWUtYmFzZWQgT1RQcyBbUkZDMjgwOF0s
IGNvdW50ZXItYmFzZWQgdG9rZW5zIFtSRkM0MjI2XSBhbmQ8L3NwYW4+PC90ZD48dGQgY2xhc3M9
ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgPHNwYW4gY2xhc3M9
ImRlbGV0ZSI+W1JGQzIyODldLiAgSXQgaXMgYWxzbyBkZXNpZ25lZCB0byB3b3JrIHdpdGggdG9r
ZW5zIHRoYXQgYXJlPC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICA8
c3BhbiBjbGFzcz0iaW5zZXJ0Ij5jaGFsbGVuZ2UtcmVzcG9uc2Ugc3lzdGVtcyBzdWNoIGFzIFtS
RkMyMjg5XS4gIEl0IGlzIGFsc28gZGVzaWduZWQgdG88L3NwYW4+PC90ZD48dGQgY2xhc3M9Imxp
bmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
IiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgPHNwYW4gY2xhc3M9ImRl
bGV0ZSI+ZWxlY3Ryb25pY2FsbHkgY29ubmVjdGVkIHRvIHRoZSB1c2VyJ3MgY29tcHV0ZXIgdmlh
IG1lYW5zIHN1Y2ggYXMgYTwvc3Bhbj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+
ICAgPHNwYW4gY2xhc3M9Imluc2VydCI+d29yayB3aXRoIHRva2VucyB0aGF0IGFyZSBlbGVjdHJv
bmljYWxseSBjb25uZWN0ZWQgdG8gdGhlIHVzZXInczwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGlu
ZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
IHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICBVU0IgaW50ZXJmYWNlLjwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij5j
b21wdXRlciB2aWEgbWVhbnMgc3VjaCBhcyBhIDwvc3Bhbj5VU0IgaW50ZXJmYWNlLjwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4g
PC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRv
cCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48
L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgVGhpcyBGQVNUIGZhY3RvciBwcm92aWRlcyB0aGUgZm9s
bG93aW5nIGZhY2lsaXRpZXMgKGFzIGRlZmluZWQgaW48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJpZ2h0Ij4gICBUaGlzIEZBU1QgZmFjdG9yIHByb3ZpZGVzIHRoZSBmb2xsb3dpbmcgZmFjaWxp
dGllcyAoYXMgZGVmaW5lZCBpbjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij4gICBbUkZDNjExM10pOiBjbGllbnQtYXV0aGVudGljYXRpb24sIHJl
cGxhY2luZy1yZXBseS1rZXkgYW5kIEtEQy08L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0
Ij4gICBbUkZDNjExM10pOiBjbGllbnQtYXV0aGVudGljYXRpb24sIHJlcGxhY2luZy1yZXBseS1r
ZXkgYW5kIEtEQy08L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3Ry
PgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFz
cz0ibGVmdCI+ICAgYXV0aGVudGljYXRpb24uICBJdCBkb2VzIG5vdCBwcm92aWRlIHRoZSBzdHJl
bmd0aGVuaW5nLXJlcGx5LWtleTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIGF1
dGhlbnRpY2F0aW9uLiAgSXQgZG9lcyBub3QgcHJvdmlkZSB0aGUgc3RyZW5ndGhlbmluZy1yZXBs
eS1rZXk8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+ICAgZmFjaWxpdHkuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgZmFjaWxp
dHkuPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQi
PjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i
IHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFs
aWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBUaGlzIHByb3Bvc2FsIGlzIHBhcnRp
YWxseSBiYXNlZCB1cG9uIHByZXZpb3VzIHdvcmsgb24gaW50ZWdyYXRpbmc8L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBUaGlzIHByb3Bvc2FsIGlzIHBhcnRpYWxseSBiYXNlZCB1
cG9uIHByZXZpb3VzIHdvcmsgb24gaW50ZWdyYXRpbmc8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2
YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGln
bj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgc2luZ2xlLXVzZSBhdXRoZW50aWNhdGlv
biBtZWNoYW5pc21zIGludG8gS2VyYmVyb3MgW0hvUmVOZVpvMDRdLjwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmlnaHQiPiAgIHNpbmdsZS11c2UgYXV0aGVudGljYXRpb24gbWVjaGFuaXNtcyBp
bnRvIEtlcmJlcm9zIFtIb1JlTmVabzA0XS48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249
InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9w
Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+
PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjEu
Mi4gIE92ZXJhbGwgRGVzaWduPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+MS4yLiAg
T3ZlcmFsbCBEZXNpZ248L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBj
bGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xh
c3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIFRoaXMgcHJvcG9z
YWwgc3VwcG9ydHMgNC1wYXNzIGFuZCAyLXBhc3MgdmFyaWFudHMuICBJbiB0aGUgNC1wYXNzPC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgVGhpcyBwcm9wb3NhbCBzdXBwb3J0cyA0
LXBhc3MgYW5kIDItcGFzcyB2YXJpYW50cy4gIEluIHRoZSA0LXBhc3M8L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgc3lzdGVtLCB0aGUgY2xp
ZW50IHNlbmRzIHRoZSBLREMgYW4gaW5pdGlhbCBBUy1SRVEgYW5kIHRoZSBLREM8L3RkPjx0ZD4g
PC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBzeXN0ZW0sIHRoZSBjbGllbnQgc2VuZHMgdGhlIEtE
QyBhbiBpbml0aWFsIEFTLVJFUSBhbmQgdGhlIEtEQzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZh
bGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWdu
PSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICByZXNwb25kcyB3aXRoIGEgS1JCLUVSUk9S
IGNvbnRhaW5pbmcgcGFkYXRhIHRoYXQgaW5jbHVkZXMgYSByYW5kb208L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij4gICByZXNwb25kcyB3aXRoIGEgS1JCLUVSUk9SIGNvbnRhaW5pbmcg
cGFkYXRhIHRoYXQgaW5jbHVkZXMgYSByYW5kb208L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxp
Z249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0i
dG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgbm9uY2UuICBUaGUgY2xpZW50IHRoZW4gZW5j
cnlwdHMgdGhlIG5vbmNlIGFuZCByZXR1cm5zIGl0IHRvIHRoZSBLREM8L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij4gICBub25jZS4gIFRoZSBjbGllbnQgdGhlbiBlbmNyeXB0cyB0aGUg
bm9uY2UgYW5kIHJldHVybnMgaXQgdG8gdGhlIEtEQzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZh
bGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQ+PGEgbmFtZT0iZGlmZjAwMDkiIC8+
PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3Rk
Pjx0ZCBjbGFzcz0ibGJsb2NrIj4gICBpbiBhIHNlY29uZCBBUy1SRVEuICBGaW5hbGx5LCB0aGUg
S0RDIHJldHVybnMgdGhlIEFTLVJFUC4gIDxzcGFuIGNsYXNzPSJkZWxldGUiPk5vdGUgdGhhdDwv
c3Bhbj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgaW4gYSBzZWNvbmQgQVMt
UkVRLiAgRmluYWxseSwgdGhlIEtEQyByZXR1cm5zIHRoZSBBUy1SRVAuICA8c3BhbiBjbGFzcz0i
aW5zZXJ0Ij5JbiB0aGU8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3Ai
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90
ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgPHNwYW4gY2xhc3M9ImRlbGV0ZSI+dGhpcyB2YXJpYW50
IGNhbiBvbmx5IGJlIHVzZWQgZm9yIHVzZXJzIHRoYXQgcmVxdWlyZSBwcmUtPC9zcGFuPjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij4yLXBh
c3MgdmFyaWFudCwgdGhlIGNsaWVudCBlbmNyeXB0cyBhIHRpbWVzdGFtcCByYXRoZXIgdGhhbiBh
IG5vbmNlPC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwv
dHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNs
YXNzPSJsYmxvY2siPiAgIDxzcGFuIGNsYXNzPSJkZWxldGUiPmF1dGhlbnRpY2F0aW9uLiAgSW4g
dGhlIDItcGFzcyB2YXJpYW50LCB0aGUgY2xpZW50IGVuY3J5cHRzIGE8L3NwYW4+PC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIDxzcGFuIGNsYXNzPSJpbnNlcnQiPmZyb20gdGhl
IEtEQyBhbmQgdGhlIGVuY3J5cHRlZCBkYXRhIGlzIHNlbnQgdG8gdGhlIEtEQyBpbiB0aGUgaW5p
dGlhbDwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3Ry
PgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFz
cz0ibGJsb2NrIj4gICA8c3BhbiBjbGFzcz0iZGVsZXRlIj50aW1lc3RhbXAgcmF0aGVyIHRoYW4g
YSBub25jZSBmcm9tIHRoZSBLREMgYW5kIHRoZSBlbmNyeXB0ZWQgZGF0YSBpczwvc3Bhbj48L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgPHNwYW4gY2xhc3M9Imluc2VydCI+QVMt
UkVRLiAgVGhlIHR3by1wYXNzIHN5c3RlbSBjYW4gYmUgdXNlZCBpbiBjYXNlcyB3aGVyZSB0aGUg
Y2xpZW50PC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwv
dHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNs
YXNzPSJsYmxvY2siPiAgIDxzcGFuIGNsYXNzPSJkZWxldGUiPnNlbnQgdG8gdGhlIEtEQyBpbiB0
aGUgaW5pdGlhbCBBUy1SRVEuICBUaGlzIHZhcmlhbnQgY2FuIGJlIHVzZWQgaW48L3NwYW4+PC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIDxzcGFuIGNsYXNzPSJpbnNlcnQiPmNh
biBkZXRlcm1pbmUgaW4gYWR2YW5jZSB0aGF0IE9UUCBwcmUtYXV0aGVudGljYXRpb24gaXMgc3Vw
cG9ydGVkIGJ5PC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3Rk
PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRk
IGNsYXNzPSJsYmxvY2siPiAgIDxzcGFuIGNsYXNzPSJkZWxldGUiPmNhc2VzIHdoZXJlIHRoZSBj
bGllbnQgY2FuIGRldGVybWluZSBpbiBhZHZhbmNlIHRoYXQgT1RQIHByZS08L3NwYW4+PC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIDxzcGFuIGNsYXNzPSJpbnNlcnQiPnRoZSBL
REMsIHdoaWNoIE9UUCBrZXkgc2hvdWxkIGJlIHVzZWQgYW5kIHRoZSBlbmNyeXB0aW9uIHBhcmFt
ZXRlcnM8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90
cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xh
c3M9ImxibG9jayI+ICAgPHNwYW4gY2xhc3M9ImRlbGV0ZSI+YXV0aGVudGljYXRpb24gaXMgc3Vw
cG9ydGVkIGJ5IHRoZSBLREMsIHdoaWNoIE9UUCBrZXkgc2hvdWxkIGJlIHVzZWQ8L3NwYW4+PC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIDxzcGFuIGNsYXNzPSJpbnNlcnQiPnJl
cXVpcmVkIGJ5IHRoZSBLREMuPC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0i
dG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3Ai
PjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjxzcGFuIGNsYXNzPSJkZWxldGUiPiAgIGFuZCB0aGUg
ZW5jcnlwdGlvbiBwYXJhbWV0ZXJzIHJlcXVpcmVkIGJ5IHRoZSBLREMuPC9zcGFuPjwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249
InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9w
Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+
PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAg
IEluIGJvdGggc3lzdGVtcywgaW4gb3JkZXIgdG8gY3JlYXRlIHRoZSBtZXNzYWdlIHNlbnQgdG8g
dGhlIEtEQywgdGhlPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgSW4gYm90aCBz
eXN0ZW1zLCBpbiBvcmRlciB0byBjcmVhdGUgdGhlIG1lc3NhZ2Ugc2VudCB0byB0aGUgS0RDLCB0
aGU8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+
ICAgY2xpZW50IG11c3QgZ2VuZXJhdGUgdGhlIE9UUCB2YWx1ZSBhbmQgdHdvIGtleXM6IHRoZSBj
bGFzc2ljIFJlcGx5PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgY2xpZW50IG11
c3QgZ2VuZXJhdGUgdGhlIE9UUCB2YWx1ZSBhbmQgdHdvIGtleXM6IHRoZSBjbGFzc2ljIFJlcGx5
PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAg
IEtleSB1c2VkIHRvIGRlY3J5cHQgdGhlIEtEQydzIHJlcGx5IGFuZCBhIGtleSB0byBlbmNyeXB0
IHRoZSBkYXRhPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgS2V5IHVzZWQgdG8g
ZGVjcnlwdCB0aGUgS0RDJ3MgcmVwbHkgYW5kIGEga2V5IHRvIGVuY3J5cHQgdGhlIGRhdGE8L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
IGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgc2Vu
dCB0byB0aGUgS0RDLiAgSW4gbW9zdCBjYXNlcywgdGhlIE9UUCB2YWx1ZSB3aWxsIGJlIHVzZWQg
aW4gdGhlPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgc2VudCB0byB0aGUgS0RD
LiAgSW4gbW9zdCBjYXNlcywgdGhlIE9UUCB2YWx1ZSB3aWxsIGJlIHVzZWQgaW4gdGhlPC90ZD48
dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGtleSBn
ZW5lcmF0aW9uIGJ1dCBpbiBvcmRlciB0byBzdXBwb3J0IGFsZ29yaXRobXMgd2hlcmUgdGhlIEtE
QzwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIGtleSBnZW5lcmF0aW9uIGJ1dCBp
biBvcmRlciB0byBzdXBwb3J0IGFsZ29yaXRobXMgd2hlcmUgdGhlIEtEQzwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBjYW5ub3Qgb2J0YWlu
IHRoZSB2YWx1ZSAoZS5nLiAgW1JGQzIyODldKSwgdGhlIHN5c3RlbSBhbHNvIHN1cHBvcnRzPC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgY2Fubm90IG9idGFpbiB0aGUgdmFsdWUg
KGUuZy4gIFtSRkMyMjg5XSksIHRoZSBzeXN0ZW0gYWxzbyBzdXBwb3J0czwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICB0aGUgb3B0aW9uIG9m
IGluY2x1ZGluZyB0aGUgT1RQIHZhbHVlIGluIHRoZSByZXF1ZXN0IGFsb25nIHdpdGggdGhlPC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgdGhlIG9wdGlvbiBvZiBpbmNsdWRpbmcg
dGhlIE9UUCB2YWx1ZSBpbiB0aGUgcmVxdWVzdCBhbG9uZyB3aXRoIHRoZTwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBlbmNyeXB0ZWQgbm9u
Y2UuICBJbiBhZGRpdGlvbiwgaW4gb3JkZXIgdG8gc3VwcG9ydCBzaXR1YXRpb25zIHdoZXJlPC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgZW5jcnlwdGVkIG5vbmNlLiAgSW4gYWRk
aXRpb24sIGluIG9yZGVyIHRvIHN1cHBvcnQgc2l0dWF0aW9ucyB3aGVyZTwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICB0aGUgS0RDIGlzIHVu
YWJsZSB0byBvYnRhaW4gdGhlIHBsYWludGV4dCBPVFAgdmFsdWUsIHRoZSBzeXN0ZW0gYWxzbzwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIHRoZSBLREMgaXMgdW5hYmxlIHRvIG9i
dGFpbiB0aGUgcGxhaW50ZXh0IE9UUCB2YWx1ZSwgdGhlIHN5c3RlbSBhbHNvPC90ZD48dGQgY2xh
c3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
aWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHIgYmdjb2xv
cj0iZ3JheSIgPjx0ZD48L3RkPjx0aD48YSBuYW1lPSJwYXJ0LWw0IiAvPjxzbWFsbD5za2lwcGlu
ZyB0byBjaGFuZ2UgYXQ8L3NtYWxsPjxlbT4gcGFnZSA3LCBsaW5lIDIyPC9lbT48L3RoPjx0aD4g
PC90aD48dGg+PGEgbmFtZT0icGFydC1yNCIgLz48c21hbGw+c2tpcHBpbmcgdG8gY2hhbmdlIGF0
PC9zbWFsbD48ZW0+IHBhZ2UgNywgbGluZSAyMjwvZW0+PC90aD48dGQ+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVu
byIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2
YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjIuNC4gIFJlLVN5bmNocm9uaXphdGlv
bjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjIuNC4gIFJlLVN5bmNocm9uaXphdGlv
bjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48
L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2
YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGln
bj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgSXQgaXMgcG9zc2libGUgd2l0aCB0aW1l
IGFuZCBldmVudC1iYXNlZCB0b2tlbnMgdGhhdCB0aGUgT1RQIHNlcnZlcjwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmlnaHQiPiAgIEl0IGlzIHBvc3NpYmxlIHdpdGggdGltZSBhbmQgZXZlbnQt
YmFzZWQgdG9rZW5zIHRoYXQgdGhlIE9UUCBzZXJ2ZXI8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2
YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGln
bj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgd2lsbCBsb3NlIHN5bmNocm9uaXphdGlv
biB3aXRoIHRoZSBjdXJyZW50IHRva2VuIHN0YXRlLiAgRm9yIGV4YW1wbGUsPC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgd2lsbCBsb3NlIHN5bmNocm9uaXphdGlvbiB3aXRoIHRo
ZSBjdXJyZW50IHRva2VuIHN0YXRlLiAgRm9yIGV4YW1wbGUsPC90ZD48dGQgY2xhc3M9ImxpbmVu
byIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2
YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGV2ZW50LWJhc2VkIHRva2VucyBt
YXkgZHJpZnQgc2luY2UgdGhlIGNvdW50ZXIgb24gdGhlIHRva2VuIGlzPC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyaWdodCI+ICAgZXZlbnQtYmFzZWQgdG9rZW5zIG1heSBkcmlmdCBzaW5jZSB0
aGUgY291bnRlciBvbiB0aGUgdG9rZW4gaXM8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249
InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9w
Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgaW5jcmVtZW50ZWQgZXZlcnkgdGltZSB0aGUgdG9r
ZW4gaXMgdXNlZCBidXQgdGhlIGNvdW50ZXIgb24gdGhlPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyaWdodCI+ICAgaW5jcmVtZW50ZWQgZXZlcnkgdGltZSB0aGUgdG9rZW4gaXMgdXNlZCBidXQg
dGhlIGNvdW50ZXIgb24gdGhlPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPiAgIHNlcnZlciBpcyBvbmx5IGluY3JlbWVudGVkIG9uIGFuIGF1dGhl
bnRpY2F0aW9uLiAgU2ltaWxhcmx5LCB0aGU8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0
Ij4gICBzZXJ2ZXIgaXMgb25seSBpbmNyZW1lbnRlZCBvbiBhbiBhdXRoZW50aWNhdGlvbi4gIFNp
bWlsYXJseSwgdGhlPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90
cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xh
c3M9ImxlZnQiPiAgIGNsb2NrcyBvbiB0aW1lLWJhc2VkIHRva2VucyBtYXkgZHJpZnQuPC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgY2xvY2tzIG9uIHRpbWUtYmFzZWQgdG9rZW5z
IG1heSBkcmlmdC48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3Ry
PgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFz
cz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9
ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZD48YSBuYW1lPSJk
aWZmMDAxMCIgLz48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWdu
PSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICBNZXRob2RzIHRvIHJlY292ZXIgZnJvbSB0
aGlzIHR5cGUgb2Ygc2l0dWF0aW9uIGFyZSBPVFAgYWxnb3JpdGhtPC9zcGFuPjwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8
L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICBzcGVjaWZpYyBi
dXQgbWF5IGludm9sdmUgdGhlIGNsaWVudCBzZW5kaW5nIGEgc2VxdWVuY2Ugb2YgT1RQIHZhbHVl
czwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0i
bGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imlu
c2VydCI+ICAgdG8gYWxsb3cgdGhlIHNlcnZlciB0byBmdXJ0aGVyIHZhbGlkYXRlIHRoZSBjb3Jy
ZWN0IHBvc2l0aW9uIGluIGl0czwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249
InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9w
Ij48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9j
ayI+PHNwYW4gY2xhc3M9Imluc2VydCI+ICAgc2VhcmNoIHdpbmRvdyAoc2VlIHNlY3Rpb24gNy40
IG9mIFtSRkM0MjI2XSBmb3IgYW4gZXhhbXBsZSkuPC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIg
dmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9zcGFu
PjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4g
ICBJZiwgd2hlbiBwcm9jZXNzaW5nIGEgUEEtT1RQLVJFUVVFU1QsIHRoZSBwcmUtYXV0aGVudGlj
YXRpb248L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBJZiwgd2hlbiBwcm9jZXNz
aW5nIGEgUEEtT1RQLVJFUVVFU1QsIHRoZSBwcmUtYXV0aGVudGljYXRpb248L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgdmFsaWRhdGlvbiBm
YWlscyBmb3IgdGhpcyByZWFzb24gdGhlbiB0aGUgS0RDIE1BWSByZXR1cm4gYSBLUkItRVJST1I8
L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICB2YWxpZGF0aW9uIGZhaWxzIGZvciB0
aGlzIHJlYXNvbiB0aGVuIHRoZSBLREMgTUFZIHJldHVybiBhIEtSQi1FUlJPUjwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBtZXNzYWdlLiAg
VGhlIEtSQi1FUlJPUiBtZXNzYWdlIE1BWSBjb250YWluIGEgUEEtT1RQLUNIQUxMRU5HRSBpbiB0
aGU8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBtZXNzYWdlLiAgVGhlIEtSQi1F
UlJPUiBtZXNzYWdlIE1BWSBjb250YWluIGEgUEEtT1RQLUNIQUxMRU5HRSBpbiB0aGU8L3RkPjx0
ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgUEEtREFU
QSB3aXRoIGEgc2luZ2xlIG90cC10b2tlbkluZm8gcmVwcmVzZW50aW5nIHRoZSB0b2tlbiB1c2Vk
IGluPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgUEEtREFUQSB3aXRoIGEgc2lu
Z2xlIG90cC10b2tlbkluZm8gcmVwcmVzZW50aW5nIHRoZSB0b2tlbiB1c2VkIGluPC90ZD48dGQg
Y2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHRoZSBpbml0
aWFsIGF1dGhlbnRpY2F0aW9uIGF0dGVtcHQgYnV0IHdpdGggIm5leHRPVFAiIGZsYWcgc2V0LiAg
SWY8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICB0aGUgaW5pdGlhbCBhdXRoZW50
aWNhdGlvbiBhdHRlbXB0IGJ1dCB3aXRoICJuZXh0T1RQIiBmbGFnIHNldC4gIElmPC90ZD48dGQg
Y2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHRoaXMgZmxh
ZyBpcyBzZXQgdGhlbiB0aGUgY2xpZW50IFNIT1VMRCByZS10cnkgdGhlIGF1dGhlbnRpY2F0aW9u
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgdGhpcyBmbGFnIGlzIHNldCB0aGVu
IHRoZSBjbGllbnQgU0hPVUxEIHJlLXRyeSB0aGUgYXV0aGVudGljYXRpb248L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgdXNpbmcgYW4gT1RQ
IHZhbHVlIGdlbmVyYXRlZCB1c2luZyB0aGUgdG9rZW4gaW4gdGhlICJzdGF0ZSIgYWZ0ZXI8L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICB1c2luZyBhbiBPVFAgdmFsdWUgZ2VuZXJh
dGVkIHVzaW5nIHRoZSB0b2tlbiBpbiB0aGUgInN0YXRlIiBhZnRlcjwvdGQ+PHRkIGNsYXNzPSJs
aW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVu
byIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICB0aGF0IHVzZWQgaW4gdGhl
IGZhaWxlZCBhdXRoZW50aWNhdGlvbiBhdHRlbXB0LiAgRm9yIGV4YW1wbGUsIHVzaW5nPC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgdGhhdCB1c2VkIGluIHRoZSBmYWlsZWQgYXV0
aGVudGljYXRpb24gYXR0ZW1wdC4gIEZvciBleGFtcGxlLCB1c2luZzwvdGQ+PHRkIGNsYXNzPSJs
aW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVu
byIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICB0aGUgbmV4dCB0aW1lIGlu
dGVydmFsIG9yIGNvdW50ZXIgdmFsdWUuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+
ICAgdGhlIG5leHQgdGltZSBpbnRlcnZhbCBvciBjb3VudGVyIHZhbHVlLjwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0
Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjwvdHI+CiAgICAgIDx0ciBiZ2NvbG9yPSJncmF5IiA+PHRkPjwvdGQ+PHRoPjxhIG5h
bWU9InBhcnQtbDUiIC8+PHNtYWxsPnNraXBwaW5nIHRvIGNoYW5nZSBhdDwvc21hbGw+PGVtPiBw
YWdlIDgsIGxpbmUgMTU8L2VtPjwvdGg+PHRoPiA8L3RoPjx0aD48YSBuYW1lPSJwYXJ0LXI1IiAv
PjxzbWFsbD5za2lwcGluZyB0byBjaGFuZ2UgYXQ8L3NtYWxsPjxlbT4gcGFnZSA4LCBsaW5lIDIx
PC9lbT48L3RoPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFs
aWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICB1bmRlciB0aGUgY3VycmVudCBBcm1v
ciBLZXkgYXMgZGVzY3JpYmVkIGluIFtSRkM2MTEzXS48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJpZ2h0Ij4gICB1bmRlciB0aGUgY3VycmVudCBBcm1vciBLZXkgYXMgZGVzY3JpYmVkIGluIFtS
RkM2MTEzXS48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0i
bGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9Imxp
bmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
IiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIElmIHRoZSBPVFAgbWVjaGFu
aXNtIGlzIHRvIGJlIGNhcnJpZWQgb3V0IGFzIGFuIGluZGl2aWR1YWwgbWVjaGFuaXNtPC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgSWYgdGhlIE9UUCBtZWNoYW5pc20gaXMgdG8g
YmUgY2FycmllZCBvdXQgYXMgYW4gaW5kaXZpZHVhbCBtZWNoYW5pc208L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgdGhlbiB0aGUgUEEtT1RQ
LUNIQUxMRU5HRSBTSEFMTCBiZSBjYXJyaWVkIHdpdGhpbiB0aGUgcGFkYXRhIG9mIHRoZTwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIHRoZW4gdGhlIFBBLU9UUC1DSEFMTEVOR0Ug
U0hBTEwgYmUgY2FycmllZCB3aXRoaW4gdGhlIHBhZGF0YSBvZiB0aGU8L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgS3JiRmFzdFJlc3BvbnNl
LiAgQWx0ZXJuYXRpdmVseSwgaWYgdGhlIE9UUCBtZWNoYW5pc20gaXMgcmVxdWlyZWQgYXM8L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBLcmJGYXN0UmVzcG9uc2UuICBBbHRlcm5h
dGl2ZWx5LCBpZiB0aGUgT1RQIG1lY2hhbmlzbSBpcyByZXF1aXJlZCBhczwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBwYXJ0IG9mIGFuIGF1
dGhlbnRpY2F0aW9uIHNldCB0aGVuIHRoZSBQQS1PVFAtQ0hBTExFTkdFIFNIQUxMIGJlPC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgcGFydCBvZiBhbiBhdXRoZW50aWNhdGlvbiBz
ZXQgdGhlbiB0aGUgUEEtT1RQLUNIQUxMRU5HRSBTSEFMTCBiZTwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIg
dmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBjYXJyaWVkIHdpdGhpbiBhIFBB
LUFVVEhFTlRJQ0FUSU9OLVNFVC1FTEVNIGFzIGRlc2NyaWJlZCBpbiBzZWN0aW9uPC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgY2FycmllZCB3aXRoaW4gYSBQQS1BVVRIRU5USUNB
VElPTi1TRVQtRUxFTSBhcyBkZXNjcmliZWQgaW4gc2VjdGlvbjwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIg
dmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICA1LjMgb2YgW1JGQzYxMTNdLjwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIDUuMyBvZiBbUkZDNjExM10uPC90ZD48
dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0i
dG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3Ai
PjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBUaGUgUEEtT1RQLUNIQUxMRU5HRSBTSEFMTCBjb250
YWluIGEgbm9uY2UgdmFsdWUgdG8gYmUgcmV0dXJuZWQ8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJpZ2h0Ij4gICBUaGUgUEEtT1RQLUNIQUxMRU5HRSBTSEFMTCBjb250YWluIGEgbm9uY2UgdmFs
dWUgdG8gYmUgcmV0dXJuZWQ8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkPjxhIG5hbWU9ImRpZmYwMDExIiAvPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9Imxi
bG9jayI+ICAgZW5jcnlwdGVkIGluIHRoZSBjbGllbnQncyBQQS1PVFAtUkVRVUVTVC4gIFRoaXMg
bm9uY2Ugc3RyaW5nIE1VU1Q8c3BhbiBjbGFzcz0iZGVsZXRlIj4gYmU8L3NwYW4+PC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIGVuY3J5cHRlZCBpbiB0aGUgY2xpZW50J3MgUEEt
T1RQLVJFUVVFU1QuICBUaGlzIG5vbmNlIHN0cmluZyBNVVNUPC90ZD48dGQgY2xhc3M9ImxpbmVu
byIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2
YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgPHNwYW4gY2xhc3M9ImRlbGV0
ZSI+YXMgbG9uZyBhcyB0aGUgbG9uZ2VzdCBrZXkgbGVuZ3RoIG9mIHRoZSBzeW1tZXRyaWMga2V5
IHR5cGVzIHRoYXQgdGhlPC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4g
ICA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij5jb250YWluIGEgcmFuZG9tbHkgY2hvc2VuIGNvbXBvbmVu
dCBhdCBsZWFzdCBhcyBsb25nIGFzIHRoZSBhcm1vciBrZXk8L3NwYW4+PC90ZD48dGQgY2xhc3M9
ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgPHNwYW4gY2xhc3M9
ImRlbGV0ZSI+S0RDIHN1cHBvcnRzIGFuZCBNVVNUIGJlIGNob3NlbiByYW5kb21seS4gIEluIG9y
ZGVyIHRvIGFsbG93IGl0PC9zcGFuPiB0bzwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2Nr
Ij4gICA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij5sZW5ndGguICBJbiBvcmRlciB0byBhbGxvdyBpdCB0
byBtYWludGFpbiBhbnkgc3RhdGUgbmVjZXNzYXJ5PC9zcGFuPiB0bzwvdGQ+PHRkIGNsYXNzPSJs
aW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVu
byIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgIDxzcGFuIGNsYXNzPSJk
ZWxldGUiPm1haW50YWluIGFueSBzdGF0ZSBuZWNlc3NhcnkgdG8gdmVyaWZ5IHRoZSByZXR1cm5l
ZCBub25jZSwgdGhlIEtEQzwvc3Bhbj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+
ICAgPHNwYW4gY2xhc3M9Imluc2VydCI+dmVyaWZ5IHRoZSByZXR1cm5lZCBub25jZSwgdGhlIEtE
QyBTSE9VTEQgdXNlIHRoZSBtZWNoYW5pc20gZGVzY3JpYmVkPC9zcGFuPjwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgIDxzcGFuIGNsYXNz
PSJkZWxldGUiPlNIT1VMRCB1c2UgdGhlIG1lY2hhbmlzbSBkZXNjcmliZWQgPC9zcGFuPmluIHNl
Y3Rpb24gNS4yIG9mIFtSRkM2MTEzXS48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+
ICAgaW4gc2VjdGlvbiA1LjIgb2YgW1JGQzYxMTNdLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZh
bGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWdu
PSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJp
Z2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+ICAgVGhlIEtEQyBNQVkgdXNlIHRoZSBvdHAtc2VydmljZSBmaWVsZCB0byBhc3Npc3QgdGhl
IGNsaWVudCBpbjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIFRoZSBLREMgTUFZ
IHVzZSB0aGUgb3RwLXNlcnZpY2UgZmllbGQgdG8gYXNzaXN0IHRoZSBjbGllbnQgaW48L3RkPjx0
ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgbG9jYXRp
bmcgdGhlIE9UUCB0b2tlbiB0byBiZSB1c2VkIGJ5IGlkZW50aWZ5aW5nIHRoZSBwdXJwb3NlIG9m
IHRoZTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIGxvY2F0aW5nIHRoZSBPVFAg
dG9rZW4gdG8gYmUgdXNlZCBieSBpZGVudGlmeWluZyB0aGUgcHVycG9zZSBvZiB0aGU8L3RkPjx0
ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgYXV0aGVu
dGljYXRpb24uICBGb3IgZXhhbXBsZSwgdGhlIG90cC1zZXJ2aWNlIGZpZWxkIGNvdWxkIGFzc2lz
dCBhPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgYXV0aGVudGljYXRpb24uICBG
b3IgZXhhbXBsZSwgdGhlIG90cC1zZXJ2aWNlIGZpZWxkIGNvdWxkIGFzc2lzdCBhPC90ZD48dGQg
Y2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHVzZXIgaW4g
aWRlbnRpZnlpbmcgdGhlIHRva2VuIHRvIGJlIHVzZWQgd2hlbiBhIHVzZXIgaGFzIG11bHRpcGxl
IE9UUDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIHVzZXIgaW4gaWRlbnRpZnlp
bmcgdGhlIHRva2VuIHRvIGJlIHVzZWQgd2hlbiBhIHVzZXIgaGFzIG11bHRpcGxlIE9UUDwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICB0b2tl
bnMgdGhhdCBhcmUgdXNlZCBmb3IgZGlmZmVyZW50IHB1cnBvc2VzLjwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmlnaHQiPiAgIHRva2VucyB0aGF0IGFyZSB1c2VkIGZvciBkaWZmZXJlbnQgcHVy
cG9zZXMuPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9Imxl
ZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIg
dmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBUaGUgS0RDIFNIQUxMIGluY2x1
ZGUgYSBzZXF1ZW5jZSBvZiBvbmUgb3IgbW9yZSBvdHAtdG9rZW5JbmZvPC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyaWdodCI+ICAgVGhlIEtEQyBTSEFMTCBpbmNsdWRlIGEgc2VxdWVuY2Ugb2Yg
b25lIG9yIG1vcmUgb3RwLXRva2VuSW5mbzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0i
dG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3Ai
PjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBlbGVtZW50cyBjb250YWluaW5nIGluZm9ybWF0aW9u
IG9uIHRoZSB0b2tlbiBvciB0b2tlbnMgdGhhdCB0aGUgdXNlcjwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmlnaHQiPiAgIGVsZW1lbnRzIGNvbnRhaW5pbmcgaW5mb3JtYXRpb24gb24gdGhlIHRv
a2VuIG9yIHRva2VucyB0aGF0IHRoZSB1c2VyPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWdu
PSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRv
cCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGNhbiB1c2UgZm9yIHRoZSBhdXRoZW50aWNhdGlv
biBhbmQgaG93IHRoZSBPVFAgdmFsdWUgaXMgdG8gYmU8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJpZ2h0Ij4gICBjYW4gdXNlIGZvciB0aGUgYXV0aGVudGljYXRpb24gYW5kIGhvdyB0aGUgT1RQ
IHZhbHVlIGlzIHRvIGJlPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48L3RyPgogICAgICA8dHIgYmdjb2xvcj0iZ3JheSIgPjx0ZD48L3RkPjx0aD48YSBuYW1l
PSJwYXJ0LWw2IiAvPjxzbWFsbD5za2lwcGluZyB0byBjaGFuZ2UgYXQ8L3NtYWxsPjxlbT4gcGFn
ZSAxMCwgbGluZSAzNTwvZW0+PC90aD48dGg+IDwvdGg+PHRoPjxhIG5hbWU9InBhcnQtcjYiIC8+
PHNtYWxsPnNraXBwaW5nIHRvIGNoYW5nZSBhdDwvc21hbGw+PGVtPiBwYWdlIDEwLCBsaW5lIDQx
PC9lbT48L3RoPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFs
aWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBUaGUgb3RwLXNlcnZpY2UsIG90cC12
ZW5kb3IsIG90cC10b2tlbklELCBvdHAtbGVuZ3RoIGFuZCBvdHAtYWxnSUQ8L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBUaGUgb3RwLXNlcnZpY2UsIG90cC12ZW5kb3IsIG90cC10
b2tlbklELCBvdHAtbGVuZ3RoIGFuZCBvdHAtYWxnSUQ8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2
YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGln
bj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgZWxlbWVudHMgb2YgdGhlIFBBLU9UUC1D
SEFMTEVOR0UgYXJlIHByb3ZpZGVkIGJ5IHRoZSBLREMgdG8gYXNzaXN0PC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyaWdodCI+ICAgZWxlbWVudHMgb2YgdGhlIFBBLU9UUC1DSEFMTEVOR0UgYXJl
IHByb3ZpZGVkIGJ5IHRoZSBLREMgdG8gYXNzaXN0PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFs
aWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249
InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHRoZSBjbGllbnQgaW4gbG9jYXRpbmcgdGhl
IGNvcnJlY3QgdG9rZW4gdG8gdXNlIGJ1dCB0aGUgdXNlIG9mIHRoZTwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmlnaHQiPiAgIHRoZSBjbGllbnQgaW4gbG9jYXRpbmcgdGhlIGNvcnJlY3QgdG9r
ZW4gdG8gdXNlIGJ1dCB0aGUgdXNlIG9mIHRoZTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGln
bj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0
b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBhYm92ZSBmaWVsZHMgd2lsbCBkZXBlbmQgb24g
dGhlIHR5cGUgb2YgdG9rZW4uICBJZiBjb25uZWN0ZWQgdG9rZW5zPC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyaWdodCI+ICAgYWJvdmUgZmllbGRzIHdpbGwgZGVwZW5kIG9uIHRoZSB0eXBlIG9m
IHRva2VuLiAgSWYgY29ubmVjdGVkIHRva2VuczwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGln
bj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0
b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBhcmUgdXNlZCB0aGVuIHRoZXNlIHZhbHVlcyBT
SE9VTEQgYmUgdXNlZCBieSB0aGUgY2xpZW50IHRvIGxvY2F0ZSB0aGU8L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij4gICBhcmUgdXNlZCB0aGVuIHRoZXNlIHZhbHVlcyBTSE9VTEQgYmUg
dXNlZCBieSB0aGUgY2xpZW50IHRvIGxvY2F0ZSB0aGU8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2
YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGln
bj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgY29ycmVjdCB0b2tlbiBpZiBjb25uZWN0
ZWQgYW5kIG90cC12ZW5kb3IgYW5kIG90cC1zZXJ2aWNlIE1BWSBhbHNvIGJlPC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgY29ycmVjdCB0b2tlbiBpZiBjb25uZWN0ZWQgYW5kIG90
cC12ZW5kb3IgYW5kIG90cC1zZXJ2aWNlIE1BWSBhbHNvIGJlPC90ZD48dGQgY2xhc3M9ImxpbmVu
byIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2
YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGRpc3BsYXllZCB0byBwcm9tcHQg
dGhlIHVzZXIgaWYgdGhlIGNvcnJlY3QgdG9rZW4gaXMgbm90IGZvdW5kLiAgSWY8L3RkPjx0ZD4g
PC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBkaXNwbGF5ZWQgdG8gcHJvbXB0IHRoZSB1c2VyIGlm
IHRoZSBjb3JyZWN0IHRva2VuIGlzIG5vdCBmb3VuZC4gIElmPC90ZD48dGQgY2xhc3M9ImxpbmVu
byIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2
YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHRoZSB0b2tlbiBpcyBub3QgYSBj
b25uZWN0ZWQgdG9rZW4sIHRoZW4gdGhlIHZhbHVlcyBvZiBvdHAtc2VydmljZTwvdGQ+PHRkPiA8
L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIHRoZSB0b2tlbiBpcyBub3QgYSBjb25uZWN0ZWQgdG9r
ZW4sIHRoZW4gdGhlIHZhbHVlcyBvZiBvdHAtc2VydmljZTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i
IHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFs
aWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBhbmQgb3RwLXZlbmRvciBNQVkgYmUg
ZGlzcGxheWVkIHRvIHRoZSB1c2VyIGluIG9yZGVyIHRvIGhlbHAgdGhlIHVzZXI8L3RkPjx0ZD4g
PC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBhbmQgb3RwLXZlbmRvciBNQVkgYmUgZGlzcGxheWVk
IHRvIHRoZSB1c2VyIGluIG9yZGVyIHRvIGhlbHAgdGhlIHVzZXI8L3RkPjx0ZCBjbGFzcz0ibGlu
ZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
IHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgc2VsZWN0IHRoZSBjb3JyZWN0
IHRva2VuIGFuZCB0aGUgdmFsdWVzIG9mIG90cC1hbGdJRCwgb3RwLXRva2VuSUQgYW5kPC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgc2VsZWN0IHRoZSBjb3JyZWN0IHRva2VuIGFu
ZCB0aGUgdmFsdWVzIG9mIG90cC1hbGdJRCwgb3RwLXRva2VuSUQgYW5kPC90ZD48dGQgY2xhc3M9
ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZD48YSBuYW1lPSJk
aWZmMDAxMiIgLz48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWdu
PSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgIG90cC1sZW5ndGggTUFZIGJlIGlnbm9y
ZWQuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIG90cC1sZW5ndGggTUFZIGJl
IGlnbm9yZWQuPHNwYW4gY2xhc3M9Imluc2VydCI+ICBBbnkgc3RyaW5nIGNvbXBhcmlzb24gb3Bl
cmF0aW9ucyBjYXJyaWVkPC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9w
Ij48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwv
dGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48
c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICBvdXQgYWdhaW5zdCB0aGUgdmFsdWVzIG9mIG90cC1zZXJ2
aWNlIGFuZCBvdHAtdmVuZG9yIE1VU1QgYmUgY2FzZTwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGlu
ZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
IHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+ICAgc2VudGl2ZS48L3NwYW4+PC90
ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0
ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGln
bj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0
b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBJZiB0aGUgIm5leHRPVFAiIGZsYWcgaXMgc2V0
IGluIHRoZSBvdHAtdG9rZW5JbmZvIGZyb20gdGhlIFBBLU9UUC08L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJpZ2h0Ij4gICBJZiB0aGUgIm5leHRPVFAiIGZsYWcgaXMgc2V0IGluIHRoZSBvdHAt
dG9rZW5JbmZvIGZyb20gdGhlIFBBLU9UUC08L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249
InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9w
Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgQ0hBTExFTkdFLCB0aGVuIHRoZSBPVFAgdmFsdWUg
TVVTVCBiZSBnZW5lcmF0ZWQgZnJvbSB0aGUgbmV4dCB0b2tlbjwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmlnaHQiPiAgIENIQUxMRU5HRSwgdGhlbiB0aGUgT1RQIHZhbHVlIE1VU1QgYmUgZ2Vu
ZXJhdGVkIGZyb20gdGhlIG5leHQgdG9rZW48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249
InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9w
Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgc3RhdGUgdGhhbiB0aGF0IHVzZWQgaW4gdGhlIHBy
ZXZpb3VzIFBBLU9UUC1SRVFVRVNUIGZvciB0aGF0IHRva2VuLjwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmlnaHQiPiAgIHN0YXRlIHRoYW4gdGhhdCB1c2VkIGluIHRoZSBwcmV2aW91cyBQQS1P
VFAtUkVRVUVTVCBmb3IgdGhhdCB0b2tlbi48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249
InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9w
Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgVGhlICJuZXh0T1RQIiBmbGFnIE1VU1QgYWxzbyBi
ZSBzZXQgaW4gdGhlIG5ldyBQQS1PVFAtUkVRVUVTVC48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJpZ2h0Ij4gICBUaGUgIm5leHRPVFAiIGZsYWcgTVVTVCBhbHNvIGJlIHNldCBpbiB0aGUgbmV3
IFBBLU9UUC1SRVFVRVNULjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3Rk
PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRk
IGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBj
bGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgSWYgdGhlICJj
b2xsZWN0LXBpbiIgZmxhZyBpcyBzZXQgdGhlbiB0aGUgdG9rZW4gcmVxdWlyZXMgYSBQSU4gdG8g
YmU8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBJZiB0aGUgImNvbGxlY3QtcGlu
IiBmbGFnIGlzIHNldCB0aGVuIHRoZSB0b2tlbiByZXF1aXJlcyBhIFBJTiB0byBiZTwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBjb2xsZWN0
ZWQgYnkgdGhlIGNsaWVudC4gIElmIHRoZSAiZG8tbm90LWNvbGxlY3QtcGluIiBmbGFnIGlzIHNl
dCBpbjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIGNvbGxlY3RlZCBieSB0aGUg
Y2xpZW50LiAgSWYgdGhlICJkby1ub3QtY29sbGVjdC1waW4iIGZsYWcgaXMgc2V0IGluPC90ZD48
dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHRoZSBv
dHAtdG9rZW5JbmZvIGZyb20gdGhlIFBBLU9UUC1DSEFMTEVOR0UsIHRoZW4gdGhlIHRva2VuPC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgdGhlIG90cC10b2tlbkluZm8gZnJvbSB0
aGUgUEEtT1RQLUNIQUxMRU5HRSwgdGhlbiB0aGUgdG9rZW48L3RkPjx0ZCBjbGFzcz0ibGluZW5v
IiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZh
bGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgcmVwcmVzZW50ZWQgYnkgdGhlIG90
cC10b2tlbkluZm8gZG9lcyBub3QgcmVxdWlyZSBhIFBJTiB0byBiZTwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmlnaHQiPiAgIHJlcHJlc2VudGVkIGJ5IHRoZSBvdHAtdG9rZW5JbmZvIGRvZXMg
bm90IHJlcXVpcmUgYSBQSU4gdG8gYmU8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRv
cCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNz
PSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0ciBiZ2NvbG9yPSJncmF5IiA+PHRkPjwvdGQ+PHRo
PjxhIG5hbWU9InBhcnQtbDciIC8+PHNtYWxsPnNraXBwaW5nIHRvIGNoYW5nZSBhdDwvc21hbGw+
PGVtPiBwYWdlIDE2LCBsaW5lIDQ1PC9lbT48L3RoPjx0aD4gPC90aD48dGg+PGEgbmFtZT0icGFy
dC1yNyIgLz48c21hbGw+c2tpcHBpbmcgdG8gY2hhbmdlIGF0PC9zbWFsbD48ZW0+IHBhZ2UgMTYs
IGxpbmUgNTI8L2VtPjwvdGg+PHRkPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3Rk
PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRk
IGNsYXNzPSJsZWZ0Ij4gICBvICBUaGUgaW5pdGlhbCBoYXNoIHZhbHVlIGlzIHRoZW4gaGFzaGVk
IGl0ZXJhdGlvbkNvdW50LTEgdGltZXMgdG88L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0
Ij4gICBvICBUaGUgaW5pdGlhbCBoYXNoIHZhbHVlIGlzIHRoZW4gaGFzaGVkIGl0ZXJhdGlvbkNv
dW50LTEgdGltZXMgdG88L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBj
bGFzcz0ibGVmdCI+ICAgICAgcHJvZHVjZSBhIGZpbmFsIGhhc2ggdmFsdWUsIEgnLiAgKFdoZXJl
IGl0ZXJhdGlvbkNvdW50IGlzIHRoZTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAg
ICAgIHByb2R1Y2UgYSBmaW5hbCBoYXNoIHZhbHVlLCBIJy4gIChXaGVyZSBpdGVyYXRpb25Db3Vu
dCBpcyB0aGU8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0i
bGVmdCI+ICAgICAgdmFsdWUgZnJvbSB0aGUgUEEtT1RQLVJFUVVFU1QuKTwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIHZhbHVlIGZyb20gdGhlIFBBLU9UUC1SRVFVRVNULik8
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFs
aWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249
InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgICAgICAgICBIJyA9IGhhc2goaGFzaCgu
Li4oaXRlcmF0aW9uQ291bnQtMSB0aW1lcykuLi4oSCkpKTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmlnaHQiPiAgICAgICAgICAgICBIJyA9IGhhc2goaGFzaCguLi4oaXRlcmF0aW9uQ291bnQt
MSB0aW1lcykuLi4oSCkpKTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3Rk
PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRk
IGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBj
bGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgbyAgVGhlIHZh
bHVlIG9mIEsyIGlzIHRoZW4gZGVyaXZlZCBmcm9tIHRoZSBCYXNlNjQgW1JGQzIwNDVdIGVuY29k
aW5nPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgbyAgVGhlIHZhbHVlIG9mIEsy
IGlzIHRoZW4gZGVyaXZlZCBmcm9tIHRoZSBCYXNlNjQgW1JGQzIwNDVdIGVuY29kaW5nPC90ZD48
dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIG9m
IHRoaXMgZmluYWwgaGFzaCB2YWx1ZS48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4g
ICAgICBvZiB0aGlzIGZpbmFsIGhhc2ggdmFsdWUuPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFs
aWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249
InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmln
aHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAg
IDx0cj48dGQ+PGEgbmFtZT0iZGlmZjAwMTMiIC8+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICAgICAg
ICAgICAgSzIgPSBzdHJpbmctdG8ta2V5KEJhc2U2NChIJyl8PHNwYW4gY2xhc3M9ImRlbGV0ZSI+
fDwvc3Bhbj4iS3JiLXByZUF1dGgiKTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4g
ICAgICAgICAgICAgSzIgPSBzdHJpbmctdG8ta2V5KEJhc2U2NChIJyl8IktyYi1wcmVBdXRoIik8
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFs
aWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249
InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIElmIHRoZSBoYXNoIHZhbHVlIGlzIG5vdCB1
c2VkLCB0aGVuIEsyIFNIQUxMIGJlIGRlcml2ZWQgZnJvbSB0aGU8L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJpZ2h0Ij4gICBJZiB0aGUgaGFzaCB2YWx1ZSBpcyBub3QgdXNlZCwgdGhlbiBLMiBT
SEFMTCBiZSBkZXJpdmVkIGZyb20gdGhlPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0
b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+
PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGJhc2U2NCBlbmNvZGluZyBvZiB0aGUgT1RQIHZhbHVl
LjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIGJhc2U2NCBlbmNvZGluZyBvZiB0
aGUgT1RQIHZhbHVlLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwv
dHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNs
YXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkPjxhIG5hbWU9
ImRpZmYwMDE0IiAvPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxp
Z249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgICAgICAgICAgIEsyID0gc3RyaW5n
LXRvLWtleShCYXNlNjQoT1RQKXw8c3BhbiBjbGFzcz0iZGVsZXRlIj58PC9zcGFuPiJLcmItcHJl
QXV0aCIpPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgICAgICAgICAgICBLMiA9
IHN0cmluZy10by1rZXkoQmFzZTY0KE9UUCl8IktyYi1wcmVBdXRoIik8L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48c3BhbiBjbGFzcz0iZGVs
ZXRlIj4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgPC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJs
b2NrIj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGJs
b2NrIj48c3BhbiBjbGFzcz0iZGVsZXRlIj4gICBUaGUgc3ltYm9sICJ8fCIgZGVub3RlcyBzdHJp
bmcgY29uY2F0ZW5hdGlvbi48L3NwYW4+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2si
PjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48
L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2
YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGln
bj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgVGhlIGVuY3R5cGUgdXNlZCBmb3Igc3Ry
aW5nLXRvLWtleSBTSEFMTCBiZSB0aGF0IG9mIHRoZSBBcm1vciBLZXkgYW5kPC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgVGhlIGVuY3R5cGUgdXNlZCBmb3Igc3RyaW5nLXRvLWtl
eSBTSEFMTCBiZSB0aGF0IG9mIHRoZSBBcm1vciBLZXkgYW5kPC90ZD48dGQgY2xhc3M9ImxpbmVu
byIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2
YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHRoZSBzYWx0IGFuZCBhbnkgYWRk
aXRpb25hbCBwYXJhbWV0ZXJzIGZvciBzdHJpbmctdG8ta2V5IE1BWSBiZTwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmlnaHQiPiAgIHRoZSBzYWx0IGFuZCBhbnkgYWRkaXRpb25hbCBwYXJhbWV0
ZXJzIGZvciBzdHJpbmctdG8ta2V5IE1BWSBiZTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGln
bj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0
b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBwcm92aWRlZCBieSB0aGUgS0RDIGluIHRoZSBQ
QS1PVFAtQ0hBTExFTkdFLiAgSWYgdGhlIHNhbHQgYW5kIHN0cmluZy08L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij4gICBwcm92aWRlZCBieSB0aGUgS0RDIGluIHRoZSBQQS1PVFAtQ0hB
TExFTkdFLiAgSWYgdGhlIHNhbHQgYW5kIHN0cmluZy08L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2
YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGln
bj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgdG8ta2V5IHBhcmFtZXRlcnMgYXJlIG5v
dCBwcm92aWRlZCB0aGVuIHRoZSBkZWZhdWx0IHZhbHVlcyBkZWZpbmVkPC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyaWdodCI+ICAgdG8ta2V5IHBhcmFtZXRlcnMgYXJlIG5vdCBwcm92aWRlZCB0
aGVuIHRoZSBkZWZhdWx0IHZhbHVlcyBkZWZpbmVkPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFs
aWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249
InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGZvciB0aGUgcGFydGljdWxhciBlbmN0eXBl
IFNIQUxMIGJlIHVzZWQuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgZm9yIHRo
ZSBwYXJ0aWN1bGFyIGVuY3R5cGUgU0hBTEwgYmUgdXNlZC48L3RkPjx0ZCBjbGFzcz0ibGluZW5v
IiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZh
bGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPiAgIElmIHRoZSBzdHJlbmd0aGVuLWtleSBpcyBwcmVzZW50IGluIEtyYkZhc3RSZXNw
b25zZSwgdGhlbiBpdCBpczwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIElmIHRo
ZSBzdHJlbmd0aGVuLWtleSBpcyBwcmVzZW50IGluIEtyYkZhc3RSZXNwb25zZSwgdGhlbiBpdCBp
czwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4g
ICBjb21iaW5lZCB3aXRoIHRoZSBSZXBseSBLZXkgdG8gZ2VuZXJhdGUgdGhlIGZpbmFsIEFTLVJF
USBhcyBkZXNjcmliZWQ8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBjb21iaW5l
ZCB3aXRoIHRoZSBSZXBseSBLZXkgdG8gZ2VuZXJhdGUgdGhlIGZpbmFsIEFTLVJFUSBhcyBkZXNj
cmliZWQ8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+ICAgaW4gW1JGQzYxMTNdLiAgVGhlIHN0cmVuZ3RoZW4ta2V5IGRvZXMgbm90IGluZmx1ZW5j
ZSB0aGUgQ2xpZW50IEtleS48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBpbiBb
UkZDNjExM10uICBUaGUgc3RyZW5ndGhlbi1rZXkgZG9lcyBub3QgaW5mbHVlbmNlIHRoZSBDbGll
bnQgS2V5LjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90
cj4KICAgICAgPHRyIGJnY29sb3I9ImdyYXkiID48dGQ+PC90ZD48dGg+PGEgbmFtZT0icGFydC1s
OCIgLz48c21hbGw+c2tpcHBpbmcgdG8gY2hhbmdlIGF0PC9zbWFsbD48ZW0+IHBhZ2UgMTgsIGxp
bmUgNDI8L2VtPjwvdGg+PHRoPiA8L3RoPjx0aD48YSBuYW1lPSJwYXJ0LXI4IiAvPjxzbWFsbD5z
a2lwcGluZyB0byBjaGFuZ2UgYXQ8L3NtYWxsPjxlbT4gcGFnZSAxOCwgbGluZSA0MjwvZW0+PC90
aD48dGQ+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9w
Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgICAgICAgIC0tIHJlc2VydmVkKDApLDwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgICAgICAgICAtLSByZXNlcnZlZCgwKSw8
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAg
ICAgICAgICAgIC0tIG5leHRPVFAoMSksPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+
ICAgICAgICAgICAgIC0tIG5leHRPVFAoMSksPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWdu
PSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRv
cCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgICAgICAgICAtLSBjb21iaW5lKDIpLDwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgICAgICAgICAtLSBjb21iaW5lKDIpLDwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAg
ICAgICAgICAgLS0gY29sbGVjdC1waW4oMyksPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdo
dCI+ICAgICAgICAgICAgIC0tIGNvbGxlY3QtcGluKDMpLDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i
IHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFs
aWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAgICAgICAgLS0gZG8tbm90LWNv
bGxlY3QtcGluKDQpLDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgICAgICAg
ICAtLSBkby1ub3QtY29sbGVjdC1waW4oNCksPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWdu
PSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRv
cCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgICAgICAgICAtLSBtdXN0LWVuY3J5cHQtbm9u
Y2UgKDUpLDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgICAgICAgICAtLSBt
dXN0LWVuY3J5cHQtbm9uY2UgKDUpLDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9w
Ij48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwv
dGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAgICAgICAgLS0gc2VwYXJhdGUtcGluLXJlcXVpcmVk
ICg2KTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgICAgICAgICAtLSBzZXBh
cmF0ZS1waW4tcmVxdWlyZWQgKDYpPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3Ai
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90
ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBub25j
ZTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIG5vbmNlPC90ZD48dGQgY2xhc3M9
ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIEEgS0RDLXN1cHBs
aWVkIG5vbmNlIHZhbHVlIHRvIGJlIGVuY3J5cHRlZCBieSB0aGUgY2xpZW50IGluIHRoZTwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIEEgS0RDLXN1cHBsaWVkIG5vbmNlIHZh
bHVlIHRvIGJlIGVuY3J5cHRlZCBieSB0aGUgY2xpZW50IGluIHRoZTwvdGQ+PHRkIGNsYXNzPSJs
aW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQ+PGEgbmFtZT0iZGlm
ZjAwMTUiIC8+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0i
dG9wIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICAgICBQQS1PVFAtUkVRVUVTVC4gIFRoaXMg
bm9uY2Ugc3RyaW5nIE1VU1QgPHNwYW4gY2xhc3M9ImRlbGV0ZSI+YmUgYXMgbG9uZyBhcyB0aGUg
bG9uZ2VzdDwvc3Bhbj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgICAgUEEt
T1RQLVJFUVVFU1QuICBUaGlzIG5vbmNlIHN0cmluZyBNVVNUIDxzcGFuIGNsYXNzPSJpbnNlcnQi
PmNvbnRhaW4gYSByYW5kb21seSBjaG9zZW48L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIg
dmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxp
Z249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgICAgPHNwYW4gY2xhc3M9ImRlbGV0
ZSI+a2V5IGxlbmd0aCBvZiB0aGUgc3ltbWV0cmljIGtleSB0eXBlcyB0aGF0IHRoZSBLREMgc3Vw
cG9ydHMgYW5kPC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICAgICA8
c3BhbiBjbGFzcz0iaW5zZXJ0Ij5jb21wb25lbnQgYXQgbGVhc3QgYXMgbG9uZyBhcyB0aGUgYXJt
b3Iga2V5IGxlbmd0aC48L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3Ai
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90
ZD48dGQgY2xhc3M9ImxibG9jayI+PHNwYW4gY2xhc3M9ImRlbGV0ZSI+ICAgICAgTVVTVCBiZSBj
aG9zZW4gcmFuZG9tbHkuPC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFs
aWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249
InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIG90cC1zZXJ2aWNlPC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyaWdodCI+ICAgb3RwLXNlcnZpY2U8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2
YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGln
bj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgVXNlIG9mIHRoaXMgZmllbGQgaXMg
T1BUSU9OQUwsIGJ1dCBNQVkgYmUgdXNlZCBieSB0aGUgS0RDIHRvPC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyaWdodCI+ICAgICAgVXNlIG9mIHRoaXMgZmllbGQgaXMgT1BUSU9OQUwsIGJ1dCBN
QVkgYmUgdXNlZCBieSB0aGUgS0RDIHRvPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0
b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+
PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIGFzc2lzdCB0aGUgY2xpZW50IHRvIGxvY2F0ZSB0
aGUgYXBwcm9wcmlhdGUgT1RQIHRva2VucyB0byBiZSB1c2VkLjwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmlnaHQiPiAgICAgIGFzc2lzdCB0aGUgY2xpZW50IHRvIGxvY2F0ZSB0aGUgYXBwcm9w
cmlhdGUgT1RQIHRva2VucyB0byBiZSB1c2VkLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGln
bj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0
b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICBGb3IgZXhhbXBsZSwgdGhpcyBmaWVsZCBj
b3VsZCBiZSB1c2VkIHdoZW4gYSB1c2VyIGhhcyBtdWx0aXBsZSBPVFA8L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij4gICAgICBGb3IgZXhhbXBsZSwgdGhpcyBmaWVsZCBjb3VsZCBiZSB1
c2VkIHdoZW4gYSB1c2VyIGhhcyBtdWx0aXBsZSBPVFA8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2
YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGln
bj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgdG9rZW5zIGZvciBkaWZmZXJlbnQg
cHVycG9zZXMuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgdG9rZW5zIGZv
ciBkaWZmZXJlbnQgcHVycG9zZXMuPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3Ai
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90
ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBvdHAt
dG9rZW5JbmZvPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgb3RwLXRva2VuSW5m
bzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4g
ICAgICBUaGlzIGVsZW1lbnQgU0hBTEwgaW5jbHVkZSBhIHNlcXVlbmNlIG9mIG9uZSBvciBtb3Jl
IE9UUC1UT0tFTklORk88L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICBUaGlz
IGVsZW1lbnQgU0hBTEwgaW5jbHVkZSBhIHNlcXVlbmNlIG9mIG9uZSBvciBtb3JlIE9UUC1UT0tF
TklORk88L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+ICAgICAgb2JqZWN0cyBjb250YWluaW5nIGluZm9ybWF0aW9uIG9uIHRoZSB0b2tlbiBvciB0
b2tlbnMgdGhhdCB0aGU8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICBvYmpl
Y3RzIGNvbnRhaW5pbmcgaW5mb3JtYXRpb24gb24gdGhlIHRva2VuIG9yIHRva2VucyB0aGF0IHRo
ZTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAg
ICAgPHRyIGJnY29sb3I9ImdyYXkiID48dGQ+PC90ZD48dGg+PGEgbmFtZT0icGFydC1sOSIgLz48
c21hbGw+c2tpcHBpbmcgdG8gY2hhbmdlIGF0PC9zbWFsbD48ZW0+IHBhZ2UgMjAsIGxpbmUgMzU8
L2VtPjwvdGg+PHRoPiA8L3RoPjx0aD48YSBuYW1lPSJwYXJ0LXI5IiAvPjxzbWFsbD5za2lwcGlu
ZyB0byBjaGFuZ2UgYXQ8L3NtYWxsPjxlbT4gcGFnZSAyMCwgbGluZSAzNTwvZW0+PC90aD48dGQ+
PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3Rk
Pjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgICAgcHJvZHVjaW5nIE9UUCB2YWx1ZXMgb2YgZGlmZmVy
ZW50IGxlbmd0aHMuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgICAgcHJv
ZHVjaW5nIE9UUCB2YWx1ZXMgb2YgZGlmZmVyZW50IGxlbmd0aHMuPC90ZD48dGQgY2xhc3M9Imxp
bmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
IiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwv
dHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNs
YXNzPSJsZWZ0Ij4gICAgICBvdHAtdG9rZW5JRDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmln
aHQiPiAgICAgIG90cC10b2tlbklEPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3Ai
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90
ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgICAgIFVzZSBvZiB0aGlzIGZpZWxkIGlzIE9QVElPTkFM
LCBidXQgTUFZIGJlIHVzZWQgYnkgdGhlIEtEQyB0bzwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmlnaHQiPiAgICAgICAgIFVzZSBvZiB0aGlzIGZpZWxkIGlzIE9QVElPTkFMLCBidXQgTUFZIGJl
IHVzZWQgYnkgdGhlIEtEQyB0bzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAgICBpZGVudGlmeSB3aGljaCB0b2tlbiBrZXkgc2hvdWxk
IGJlIHVzZWQgZm9yIHRoZSBhdXRoZW50aWNhdGlvbi48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJpZ2h0Ij4gICAgICAgICBpZGVudGlmeSB3aGljaCB0b2tlbiBrZXkgc2hvdWxkIGJlIHVzZWQg
Zm9yIHRoZSBhdXRoZW50aWNhdGlvbi48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRv
cCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48
L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgICAgRm9yIGV4YW1wbGUsIHRoaXMgZmllbGQgY291
bGQgYmUgdXNlZCB3aGVuIGEgdXNlciBoYXMgYmVlbjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmlnaHQiPiAgICAgICAgIEZvciBleGFtcGxlLCB0aGlzIGZpZWxkIGNvdWxkIGJlIHVzZWQgd2hl
biBhIHVzZXIgaGFzIGJlZW48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0
ZCBjbGFzcz0ibGVmdCI+ICAgICAgICAgaXNzdWVkIG11bHRpcGxlIHRva2VuIGtleXMgYnkgdGhl
IHNhbWUgc2VydmVyLjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgICAgIGlz
c3VlZCBtdWx0aXBsZSB0b2tlbiBrZXlzIGJ5IHRoZSBzYW1lIHNlcnZlci48L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPiAgICAgIG90cC1hbGdJRDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmlnaHQiPiAgICAgIG90cC1hbGdJRDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9w
Ij48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwv
dGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAgICBVc2Ugb2YgdGhpcyBmaWVsZCBpcyBPUFRJT05B
TCwgYnV0IE1BWSBiZSB1c2VkIGJ5IHRoZSBLREMgdG88L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJpZ2h0Ij4gICAgICAgICBVc2Ugb2YgdGhpcyBmaWVsZCBpcyBPUFRJT05BTCwgYnV0IE1BWSBi
ZSB1c2VkIGJ5IHRoZSBLREMgdG88L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+
PC90ZD48L3RyPgogICAgICA8dHI+PHRkPjxhIG5hbWU9ImRpZmYwMDE2IiAvPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9
ImxibG9jayI+ICAgICAgICAgaWRlbnRpZnkgdGhlIGFsZ29yaXRobSB0byB1c2Ugd2hlbiBnZW5l
cmF0aW5nIHRoZSBPVFAuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgICAgICAg
IGlkZW50aWZ5IHRoZSBhbGdvcml0aG0gdG8gdXNlIHdoZW4gZ2VuZXJhdGluZyB0aGUgT1RQLjxz
cGFuIGNsYXNzPSJpbnNlcnQiPiAgVGhlPC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZh
bGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWdu
PSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICAgICAgICB2YWx1ZSBvZiB0aGlzIGZpZWxk
IE1VU1QgYmUgYSBVUkkgW1JGQzM5ODZdIGFuZCBTSE9VTEQgYmU8L3NwYW4+PC90ZD48dGQgY2xh
c3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgICAgICAgIG9idGFp
bmVkIGZyb20gdGhlIFBTS0MgYWxnb3JpdGhtIHJlZ2lzdHJ5IFtSRkM2MDMwXS48L3NwYW4+PC90
ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0
ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGln
bj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0
b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICBzdXBwb3J0ZWRIYXNoQWxnPC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgc3VwcG9ydGVkSGFzaEFsZzwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAgICBJZiBw
cmVzZW50IHRoZW4gYSBoYXNoIG9mIHRoZSBPVFAgdmFsdWUgTVVTVCBiZSB1c2VkIGluIHRoZSBr
ZXk8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAgICBJZiBwcmVzZW50IHRo
ZW4gYSBoYXNoIG9mIHRoZSBPVFAgdmFsdWUgTVVTVCBiZSB1c2VkIGluIHRoZSBrZXk8L3RkPjx0
ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgICAg
ZGVyaXZhdGlvbiByYXRoZXIgdGhhbiB0aGUgcGxhaW4gdGV4dCB2YWx1ZS4gIEVhY2g8L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAgICBkZXJpdmF0aW9uIHJhdGhlciB0aGFu
IHRoZSBwbGFpbiB0ZXh0IHZhbHVlLiAgRWFjaDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGln
bj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0
b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAgICBBbGdvcml0aG1JZGVudGlmaWVyIGlk
ZW50aWZpZXMgYSBoYXNoIGFsZ29yaXRobSB0aGF0IGlzPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyaWdodCI+ICAgICAgICAgQWxnb3JpdGhtSWRlbnRpZmllciBpZGVudGlmaWVzIGEgaGFzaCBh
bGdvcml0aG0gdGhhdCBpczwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3Rk
PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRk
IGNsYXNzPSJsZWZ0Ij4gICAgICAgICBzdXBwb3J0ZWQgYnkgdGhlIEtEQyBpbiBkZWNyZWFzaW5n
IG9yZGVyIG9mIHByZWZlcmVuY2UuICBUaGU8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0
Ij4gICAgICAgICBzdXBwb3J0ZWQgYnkgdGhlIEtEQyBpbiBkZWNyZWFzaW5nIG9yZGVyIG9mIHBy
ZWZlcmVuY2UuICBUaGU8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBj
bGFzcz0ibGVmdCI+ICAgICAgICAgY2xpZW50IE1VU1Qgc2VsZWN0IHRoZSBmaXJzdCBhbGdvcml0
aG0gZnJvbSB0aGUgbGlzdCB0aGF0IGl0PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+
ICAgICAgICAgY2xpZW50IE1VU1Qgc2VsZWN0IHRoZSBmaXJzdCBhbGdvcml0aG0gZnJvbSB0aGUg
bGlzdCB0aGF0IGl0PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90
cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xh
c3M9ImxlZnQiPiAgICAgICAgIHN1cHBvcnRzLiAgU3VwcG9ydCBmb3IgU0hBMSBieSBib3RoIHRo
ZSBjbGllbnQgYW5kIEtEQyBpczwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAg
ICAgIHN1cHBvcnRzLiAgU3VwcG9ydCBmb3IgU0hBMSBieSBib3RoIHRoZSBjbGllbnQgYW5kIEtE
QyBpczwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAg
IDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0
Ij4gICAgICAgICBSRVFVSVJFRC4gIFRoZSBBbGdvcml0aG1JZGVudGlmaWVyIHNlbGVjdGVkIGJ5
IHRoZSBjbGllbnQgTVVTVDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgICAg
IFJFUVVJUkVELiAgVGhlIEFsZ29yaXRobUlkZW50aWZpZXIgc2VsZWN0ZWQgYnkgdGhlIGNsaWVu
dCBNVVNUPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9Imxl
ZnQiPiAgICAgICAgIGJlIHBsYWNlZCBpbiB0aGUgaGFzaEFsZyBlbGVtZW50IG9mIHRoZSBQQS1P
VFAtUkVRVUVTVC48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAgICBiZSBw
bGFjZWQgaW4gdGhlIGhhc2hBbGcgZWxlbWVudCBvZiB0aGUgUEEtT1RQLVJFUVVFU1QuPC90ZD48
dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHIg
Ymdjb2xvcj0iZ3JheSIgPjx0ZD48L3RkPjx0aD48YSBuYW1lPSJwYXJ0LWwxMCIgLz48c21hbGw+
c2tpcHBpbmcgdG8gY2hhbmdlIGF0PC9zbWFsbD48ZW0+IHBhZ2UgMjQsIGxpbmUgNDU8L2VtPjwv
dGg+PHRoPiA8L3RoPjx0aD48YSBuYW1lPSJwYXJ0LXIxMCIgLz48c21hbGw+c2tpcHBpbmcgdG8g
Y2hhbmdlIGF0PC9zbWFsbD48ZW0+IHBhZ2UgMjQsIGxpbmUgNDU8L2VtPjwvdGg+PHRkPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQg
Y2xhc3M9ImxlZnQiPiAgICAgIHRoaXMgdmFsdWUgaWYgaXQgaXMgcHJlc2VudCBpbiB0aGUgcmVx
dWVzdCBhbmQgaXQgaXMgY2FwYWJsZSBvZjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQi
PiAgICAgIHRoaXMgdmFsdWUgaWYgaXQgaXMgcHJlc2VudCBpbiB0aGUgcmVxdWVzdCBhbmQgaXQg
aXMgY2FwYWJsZSBvZjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwv
dHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNs
YXNzPSJsZWZ0Ij4gICAgICB1c2luZyBpdCBpbiB0aGUgZ2VuZXJhdGlvbiBvZiB0aGUgT1RQIHZh
bHVlLjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIHVzaW5nIGl0IGluIHRo
ZSBnZW5lcmF0aW9uIG9mIHRoZSBPVFAgdmFsdWUuPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFs
aWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249
InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmln
aHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAg
IDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0
Ij4gICBvdHAtYWxnSUQ8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBvdHAtYWxn
SUQ8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+
ICAgICAgVGhpcyBmaWVsZCBNQVkgYmUgdXNlZCBieSB0aGUgY2xpZW50IHRvIHNlbmQgdGhlIGlk
ZW50aWZpZXIgb2YgdGhlPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgVGhp
cyBmaWVsZCBNQVkgYmUgdXNlZCBieSB0aGUgY2xpZW50IHRvIHNlbmQgdGhlIGlkZW50aWZpZXIg
b2YgdGhlPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9Imxl
ZnQiPiAgICAgIE9UUCBhbGdvcml0aG0gdXNlZCwgYXMgcmVwb3J0ZWQgYnkgdGhlIE9UUCB0b2tl
bi4gIFVzZSBvZiB0aGlzPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgT1RQ
IGFsZ29yaXRobSB1c2VkLCBhcyByZXBvcnRlZCBieSB0aGUgT1RQIHRva2VuLiAgVXNlIG9mIHRo
aXM8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+
ICAgICAgZWxlbWVudCBpcyBPUFRJT05BTCBidXQgaXQgTUFZIGJlIHVzZWQgYnkgdGhlIGNsaWVu
dCB0byBzaW1wbGlmeTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIGVsZW1l
bnQgaXMgT1BUSU9OQUwgYnV0IGl0IE1BWSBiZSB1c2VkIGJ5IHRoZSBjbGllbnQgdG8gc2ltcGxp
Znk8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+
ICAgICAgdGhlIE9UUCBjYWxjdWxhdGlvbnMgY2FycmllZCBvdXQgYnkgdGhlIEtEQy4gIEl0IGlz
IFJFQ09NTUVOREVEPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgdGhlIE9U
UCBjYWxjdWxhdGlvbnMgY2FycmllZCBvdXQgYnkgdGhlIEtEQy4gIEl0IGlzIFJFQ09NTUVOREVE
PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAg
ICAgIHRoYXQgdGhlIEtEQyBhY3QgdXBvbiB0aGlzIHZhbHVlIGlmIGl0IGlzIHByZXNlbnQgaW4g
dGhlIHJlcXVlc3Q8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICB0aGF0IHRo
ZSBLREMgYWN0IHVwb24gdGhpcyB2YWx1ZSBpZiBpdCBpcyBwcmVzZW50IGluIHRoZSByZXF1ZXN0
PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAg
ICAgIGFuZCBpdCBpcyBjYXBhYmxlIG9mIHVzaW5nIGl0IGluIHRoZSBnZW5lcmF0aW9uIG9mIHRo
ZSBPVFAgdmFsdWUuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgYW5kIGl0
IGlzIGNhcGFibGUgb2YgdXNpbmcgaXQgaW4gdGhlIGdlbmVyYXRpb24gb2YgdGhlIE9UUCB2YWx1
ZS48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkPjxhIG5hbWU9ImRpZmYwMDE3IiAvPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgICAgIFRoZSB2
YWx1ZSBvZiB0aGlzIGZpZWxkIE1VU1QgYmUgYSBVUkkgW1JGQzM5ODZdIGFuZCBTSE9VTEQgYmU8
L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9Imxi
bG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNl
cnQiPiAgICAgIG9idGFpbmVkIGZyb20gdGhlIFBTS0MgYWxnb3JpdGhtIHJlZ2lzdHJ5IFtSRkM2
MDMwXS48L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90
cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xh
c3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBvdHAtdmVuZG9yPC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgb3RwLXZlbmRvcjwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICBJZiB0aGUgUEEt
T1RQLVJFUVVFU1QgaXMgYmVpbmcgc2VudCBpbiByZXNwb25zZSB0byBhIFBBLU9UUC08L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICBJZiB0aGUgUEEtT1RQLVJFUVVFU1QgaXMg
YmVpbmcgc2VudCBpbiByZXNwb25zZSB0byBhIFBBLU9UUC08L3RkPjx0ZCBjbGFzcz0ibGluZW5v
IiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZh
bGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgQ0hBTExFTkdFIHRoYXQgY29u
dGFpbmVkIGFuIG90cC12ZW5kb3IgZmllbGQgaW4gdGhlIHNlbGVjdGVkIG90cC08L3RkPjx0ZD4g
PC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICBDSEFMTEVOR0UgdGhhdCBjb250YWluZWQgYW4g
b3RwLXZlbmRvciBmaWVsZCBpbiB0aGUgc2VsZWN0ZWQgb3RwLTwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIg
dmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICB0b2tlbkluZm8gdGhlbiB0
aGlzIGZpZWxkIE1VU1QgYmUgc2V0IHRvIHRoZSBzYW1lIHZhbHVlLDwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmlnaHQiPiAgICAgIHRva2VuSW5mbyB0aGVuIHRoaXMgZmllbGQgTVVTVCBiZSBz
ZXQgdG8gdGhlIHNhbWUgdmFsdWUsPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3Ai
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90
ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIG90aGVyd2lzZSwgdGhpcyBmaWVsZCBTSE9VTEQgYmUg
c2V0IHRvIHRoZSB2ZW5kb3IgaWRlbnRpZmllciBvZjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmlnaHQiPiAgICAgIG90aGVyd2lzZSwgdGhpcyBmaWVsZCBTSE9VTEQgYmUgc2V0IHRvIHRoZSB2
ZW5kb3IgaWRlbnRpZmllciBvZjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICB0aGUgdG9rZW4gaWYga25vd24gdG8gdGhlIGNsaWVudC4g
IEl0IGlzIFJFQ09NTUVOREVEIHRoYXQgdGhlIEtEQzwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmlnaHQiPiAgICAgIHRoZSB0b2tlbiBpZiBrbm93biB0byB0aGUgY2xpZW50LiAgSXQgaXMgUkVD
T01NRU5ERUQgdGhhdCB0aGUgS0RDPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3Ai
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90
ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIGFjdCB1cG9uIHRoaXMgdmFsdWUgaWYgaXQgaXMgcHJl
c2VudCBpbiB0aGUgcmVxdWVzdCBhbmQgaXQgaXM8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJp
Z2h0Ij4gICAgICBhY3QgdXBvbiB0aGlzIHZhbHVlIGlmIGl0IGlzIHByZXNlbnQgaW4gdGhlIHJl
cXVlc3QgYW5kIGl0IGlzPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQg
Y2xhc3M9ImxlZnQiPiAgICAgIGNhcGFibGUgb2YgdXNpbmcgaXQgaW4gdGhlIGdlbmVyYXRpb24g
b2YgdGhlIE9UUCB2YWx1ZS48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICBj
YXBhYmxlIG9mIHVzaW5nIGl0IGluIHRoZSBnZW5lcmF0aW9uIG9mIHRoZSBPVFAgdmFsdWUuPC90
ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0
ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGln
bj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQg
Y2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyIGJnY29sb3I9ImdyYXkiID48dGQ+PC90
ZD48dGg+PGEgbmFtZT0icGFydC1sMTEiIC8+PHNtYWxsPnNraXBwaW5nIHRvIGNoYW5nZSBhdDwv
c21hbGw+PGVtPiBwYWdlIDI2LCBsaW5lIDM3PC9lbT48L3RoPjx0aD4gPC90aD48dGg+PGEgbmFt
ZT0icGFydC1yMTEiIC8+PHNtYWxsPnNraXBwaW5nIHRvIGNoYW5nZSBhdDwvc21hbGw+PGVtPiBw
YWdlIDI2LCBsaW5lIDQ0PC9lbT48L3RoPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICByZXN0
cmljdGlvbnMgb24gdGhlIG5ldyBQSU4uPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+
ICAgICAgcmVzdHJpY3Rpb25zIG9uIHRoZSBuZXcgUElOLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i
IHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFs
aWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0i
bGVmdCI+ICAgICAgKiAgSWYgdGhlICJzeXN0ZW1TZXRQaW4iIGZsYWcgaXMgc2V0IHRoZW4gdGhl
IGVsZW1lbnQgTVVTVDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgICogIElm
IHRoZSAic3lzdGVtU2V0UGluIiBmbGFnIGlzIHNldCB0aGVuIHRoZSBlbGVtZW50IE1VU1Q8L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
IGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAg
ICAgZGVzY3JpYmUgdGhlIGZvcm1hdCBvZiB0aGUgbmV3IHN5c3RlbS1nZW5lcmF0ZWQgUElOLjwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgICAgIGRlc2NyaWJlIHRoZSBmb3Jt
YXQgb2YgdGhlIG5ldyBzeXN0ZW0tZ2VuZXJhdGVkIFBJTi48L3RkPjx0ZCBjbGFzcz0ibGluZW5v
IiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZh
bGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPiAgICAgICogIElmIHRoZSAic3lzdGVtU2V0UGluIiBmbGFnIGlzIG5vdCBzZXQgdGhl
biB0aGUgZWxlbWVudCBNVVNUPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAg
KiAgSWYgdGhlICJzeXN0ZW1TZXRQaW4iIGZsYWcgaXMgbm90IHNldCB0aGVuIHRoZSBlbGVtZW50
IE1VU1Q8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+ICAgICAgICAgZGVzY3JpYmUgcmVzdHJpY3Rpb25zIG9uIGFueSBuZXcgdXNlciBnZW5lcmF0
ZWQgUElOLjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgICAgIGRlc2NyaWJl
IHJlc3RyaWN0aW9ucyBvbiBhbnkgbmV3IHVzZXIgZ2VuZXJhdGVkIFBJTi48L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPjUuICBJQU5BIENvbnNpZGVyYXRpb25zPC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyaWdodCI+NS4gIElBTkEgQ29uc2lkZXJhdGlvbnM8L3RkPjx0ZCBjbGFzcz0ibGlu
ZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
IHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90
cj4KICAgICAgPHRyPjx0ZD48YSBuYW1lPSJkaWZmMDAxOCIgLz48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2si
PiAgIDxzcGFuIGNsYXNzPSJkZWxldGUiPkEgcmVnaXN0cnkgd2lsbCBiZSByZXF1aXJlZCBmb3Ig
dGhlIFVSSXMgdG8gYmUgdXNlZCBhcyBvdHAtYWxnSUQ8L3NwYW4+PC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyYmxvY2siPiAgIDxzcGFuIGNsYXNzPSJpbnNlcnQiPlRoZSBPVFAgYWxnb3JpdGht
IGlkZW50aWZpZXIgVVJJcyB1c2VkIGFzIG90cC1hbGdJRCB2YWx1ZXMgaW4gdGhlIFBBLTwvc3Bh
bj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2Nr
Ij4gICA8c3BhbiBjbGFzcz0iZGVsZXRlIj52YWx1ZXMgYXMgaW50cm9kdWNlZCBpbiBTZWN0aW9u
IDQuMS4gIEl0IGlzIGN1cnJlbnRseSBhbnRpY2lwYXRlZDwvc3Bhbj48L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJibG9jayI+ICAgPHNwYW4gY2xhc3M9Imluc2VydCI+T1RQLUNIQUxMRU5HRSBk
ZXNjcmliZWQgaW4gU2VjdGlvbiA0LjEgYW5kIHRoZSBQQS1PVFAtUkVRVUVTVDwvc3Bhbj48L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
IGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICA8
c3BhbiBjbGFzcz0iZGVsZXRlIj50aGF0IHRoZSByZWdpc3RyeSBiZWluZyBpbnRyb2R1Y2VkIGlu
IHNlY3Rpb24gMTIuNCBvZiBbUkZDNjAzMF0gY2FuPC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmJsb2NrIj4gICA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij5kZXNjcmliZWQgaW4gU2VjdGlv
biA0LjIgU0hPVUxEIGJlIHJlZ2lzdGVyZWQgaW4gdGhlIFBTS0MgYWxnb3JpdGhtPC9zcGFuPjwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAg
IDxzcGFuIGNsYXNzPSJkZWxldGUiPmJlIHVzZWQgZm9yIHRoaXMgcHVycG9zZTwvc3Bhbj4uPC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIDxzcGFuIGNsYXNzPSJpbnNlcnQiPnJl
Z2lzdHJ5IFtSRkM2MDMwXTwvc3Bhbj4uPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0
b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+
PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBU
aGUgZm9sbG93aW5nIHByZS1hdXRoZW50aWNhdGlvbiB0eXBlcyBhcmUgZGVmaW5lZCBpbiB0aGlz
IGRvY3VtZW50OjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIFRoZSBmb2xsb3dp
bmcgcHJlLWF1dGhlbnRpY2F0aW9uIHR5cGVzIGFyZSBkZWZpbmVkIGluIHRoaXMgZG9jdW1lbnQ6
PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZh
bGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWdu
PSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAgICAgICAgUEEtT1RQLUNIQUxMRU5H
RSAgICAgIDE0MTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgICAgICAgICBQ
QS1PVFAtQ0hBTExFTkdFICAgICAgMTQxPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0
b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+
PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgICAgICAgICBQQS1PVFAtUkVRVUVTVCAgICAgICAg
MTQyPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgICAgICAgIFBBLU9UUC1S
RVFVRVNUICAgICAgICAxNDI8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0
ZCBjbGFzcz0ibGVmdCI+ICAgICAgICAgICAgIFBBLU9UUC1QSU4tQ0hBTkdFICAgICAxNDQ8L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAgICAgICAgUEEtT1RQLVBJTi1DSEFO
R0UgICAgIDE0NDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNz
PSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgVGhlc2UgdmFsdWVzIGFy
ZSBjdXJyZW50bHkgcmVnaXN0ZXJlZCBpbiByZWdpc3RyeSBjcmVhdGVkIGJ5PC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgVGhlc2UgdmFsdWVzIGFyZSBjdXJyZW50bHkgcmVnaXN0
ZXJlZCBpbiByZWdpc3RyeSBjcmVhdGVkIGJ5PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWdu
PSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRv
cCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIFtSRkM2MTEzXSBidXQgdGhlIGVudHJpZXMgd2ls
bCBuZWVkIHRvIGJlIHVwZGF0ZWQgdG8gcmVmZXIgdG8gdGhpczwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmlnaHQiPiAgIFtSRkM2MTEzXSBidXQgdGhlIGVudHJpZXMgd2lsbCBuZWVkIHRvIGJl
IHVwZGF0ZWQgdG8gcmVmZXIgdG8gdGhpczwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0i
dG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3Ai
PjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBkb2N1bWVudC48L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij4gICBkb2N1bWVudC48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRv
cCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNz
PSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0ciBiZ2NvbG9yPSJncmF5IiA+PHRkPjwvdGQ+PHRo
PjxhIG5hbWU9InBhcnQtbDEyIiAvPjxzbWFsbD5za2lwcGluZyB0byBjaGFuZ2UgYXQ8L3NtYWxs
PjxlbT4gcGFnZSAyOCwgbGluZSA1PC9lbT48L3RoPjx0aD4gPC90aD48dGg+PGEgbmFtZT0icGFy
dC1yMTIiIC8+PHNtYWxsPnNraXBwaW5nIHRvIGNoYW5nZSBhdDwvc21hbGw+PGVtPiBwYWdlIDI4
LCBsaW5lIDEyPC9lbT48L3RoPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0
ZCBjbGFzcz0ibGVmdCI+ICAgQXMgZGVzY3JpYmVkIGluIFNlY3Rpb24gMy42LCBpZiB0aGUgT1RQ
IHZhbHVlIGlzIG5vdCBiZWluZyBzZW50IHRvPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdo
dCI+ICAgQXMgZGVzY3JpYmVkIGluIFNlY3Rpb24gMy42LCBpZiB0aGUgT1RQIHZhbHVlIGlzIG5v
dCBiZWluZyBzZW50IHRvPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQg
Y2xhc3M9ImxlZnQiPiAgIHRoZSBLREMgdGhlbiB0aGUgQXJtb3IgS2V5IGlzIHVzZWQgYWxvbmcg
d2l0aCB0aGUgT1RQIHZhbHVlIGluIHRoZTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQi
PiAgIHRoZSBLREMgdGhlbiB0aGUgQXJtb3IgS2V5IGlzIHVzZWQgYWxvbmcgd2l0aCB0aGUgT1RQ
IHZhbHVlIGluIHRoZTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwv
dHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNs
YXNzPSJsZWZ0Ij4gICBnZW5lcmF0aW9uIG9mIHRoZSBDbGllbnQgS2V5IGFuZCBSZXBseSBLZXku
IElmIHRoZSBBcm1vciBLZXkgaXMga25vd248L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0
Ij4gICBnZW5lcmF0aW9uIG9mIHRoZSBDbGllbnQgS2V5IGFuZCBSZXBseSBLZXkuIElmIHRoZSBB
cm1vciBLZXkgaXMga25vd248L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0
ZCBjbGFzcz0ibGVmdCI+ICAgdGhlbiB0aGUgb25seSBlbnRyb3B5IHJlbWFpbmluZyBpbiB0aGUg
a2V5IGdlbmVyYXRpb24gaXMgcHJvdmlkZWQgYnk8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJp
Z2h0Ij4gICB0aGVuIHRoZSBvbmx5IGVudHJvcHkgcmVtYWluaW5nIGluIHRoZSBrZXkgZ2VuZXJh
dGlvbiBpcyBwcm92aWRlZCBieTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij4gICB0aGUgT1RQIHZhbHVlLiAgSWYgdGhlIE9UUCBhbGdvcml0aG0g
cmVxdWlyZXMgdGhhdCB0aGUgT1RQIHZhbHVlIGJlPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
aWdodCI+ICAgdGhlIE9UUCB2YWx1ZS4gIElmIHRoZSBPVFAgYWxnb3JpdGhtIHJlcXVpcmVzIHRo
YXQgdGhlIE9UUCB2YWx1ZSBiZTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij4gICBzZW50IHRvIHRoZSBLREMgdGhlbiBpdCBpcyBzZW50IGVuY3J5
cHRlZCB3aXRoaW4gdGhlIHR1bm5lbCBwcm92aWRlZDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmlnaHQiPiAgIHNlbnQgdG8gdGhlIEtEQyB0aGVuIGl0IGlzIHNlbnQgZW5jcnlwdGVkIHdpdGhp
biB0aGUgdHVubmVsIHByb3ZpZGVkPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3Ai
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90
ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGJ5IHRoZSBGQVNUIGFybW9yIGFuZCBzbyBpcyBleHBvc2Vk
IHRvIHRoZSBhdHRhY2tlciBpZiB0aGUgYXR0YWNrZXI8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJpZ2h0Ij4gICBieSB0aGUgRkFTVCBhcm1vciBhbmQgc28gaXMgZXhwb3NlZCB0byB0aGUgYXR0
YWNrZXIgaWYgdGhlIGF0dGFja2VyPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3Ai
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90
ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGhhcyB0aGUgQXJtb3IgS2V5LjwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmlnaHQiPiAgIGhhcyB0aGUgQXJtb3IgS2V5LjwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIg
dmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3Ry
PgogICAgICA8dHI+PHRkPjxhIG5hbWU9ImRpZmYwMDE5IiAvPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+
ICAgPHNwYW4gY2xhc3M9ImRlbGV0ZSI+SXQgaXMgdGhlcmVmb3JlIHJlY29tbWVuZGVkIHRoYXQg
YW5vbnltb3VzIFBLSU5JVCBub3QgYmUgdXNlZCB3aXRoPC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmJsb2NrIj4gICA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij5UaGVyZWZvcmUsIHVubGVz
cyB0aGUgaWRlbnRpdHkgb2YgdGhlIEtEQyBoYXMgYmVlbiB2ZXJpZmllZCw8L3NwYW4+PC90ZD48
dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgPHNw
YW4gY2xhc3M9ImRlbGV0ZSI+T1RQIGFsZ29yaXRobXMgdGhhdCByZXF1aXJlIHRoZSBPVFAgdmFs
dWUgdG8gYmUgc2VudCB0byB0aGUgS0RDIGFuZDwvc3Bhbj48L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJibG9jayI+ICAgPHNwYW4gY2xhc3M9Imluc2VydCI+YW5vbnltb3VzIFBLSU5JVCBTSEFM
TCBOT1QgYmUgdXNlZCB3aXRoIE9UUCBhbGdvcml0aG1zIHRoYXQgcmVxdWlyZTwvc3Bhbj48L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
IGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICB0
aDxzcGFuIGNsYXNzPSJkZWxldGUiPmF0IGNhcmVmdWwgY29uc2lkZXJhdGlvbiBiZSBtYWRlIG9m
IHRoZSBzZWN1cml0eSBpbXBsaWNhdGlvbnM8L3NwYW4+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyYmxvY2siPiAgIHRoPHNwYW4gY2xhc3M9Imluc2VydCI+ZSBPVFAgdmFsdWUgdG8gYmUgc2Vu
dCB0byB0aGUgS0RDLiAgSW4gYWRkaXRpb24sIHRoZSBzZWN1cml0eTwvc3Bhbj48L3RkPjx0ZCBj
bGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICA8c3BhbiBj
bGFzcz0iZGVsZXRlIj5iZWZvcmUgaXQgaXMgdXNlZCB3aXRoIG90aGVyIGFsZ29yaXRobXMgc3Vj
aCBhcyB0aG9zZSB3aXRoIHNob3J0IE9UUDwvc3Bhbj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJibG9jayI+ICAgPHNwYW4gY2xhc3M9Imluc2VydCI+Y29uc2lkZXJhdGlvbnMgc2hvdWxkIGJl
IGNhcmVmdWxseSBjb25zaWRlcmVkIGJlZm9yZSBhbm9ueW1vdXMgUEtJTklUPC9zcGFuPjwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgIHZh
bHVlcy48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgPHNwYW4gY2xhc3M9Imlu
c2VydCI+aXMgdXNlZCB3aXRoIG90aGVyIGFsZ29yaXRobXMgc3VjaCBhcyB0aG9zZSB3aXRoIHNo
b3J0IE9UUCA8L3NwYW4+dmFsdWVzLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9w
Ij48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwv
dGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
IGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgQ2Fy
ZWZ1bCBjb25zaWRlcmF0aW9uIHNob3VsZCBhbHNvIGJlIG1hZGUgaWYgaG9zdCBrZXkgYXJtb3Ig
aXMgdXNlZDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIENhcmVmdWwgY29uc2lk
ZXJhdGlvbiBzaG91bGQgYWxzbyBiZSBtYWRlIGlmIGhvc3Qga2V5IGFybW9yIGlzIHVzZWQ8L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
IGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgdG8g
cHJvdmlkZSB0aGUgS0RDLWF1dGhlbnRpY2F0aW9uIGZhY2lsaXR5IHdpdGggT1RQIGFsZ29yaXRo
bXMgd2hlcmU8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICB0byBwcm92aWRlIHRo
ZSBLREMtYXV0aGVudGljYXRpb24gZmFjaWxpdHkgd2l0aCBPVFAgYWxnb3JpdGhtcyB3aGVyZTwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICB0
aGUgT1RQIHZhbHVlIGlzIHNlbnQgd2l0aGluIHRoZSBvdHAtdmFsdWUgZmllbGQgb2YgdGhlIFBB
LU9UUC08L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICB0aGUgT1RQIHZhbHVlIGlz
IHNlbnQgd2l0aGluIHRoZSBvdHAtdmFsdWUgZmllbGQgb2YgdGhlIFBBLU9UUC08L3RkPjx0ZCBj
bGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgUkVRVUVTVCBz
aW5jZSBjb21wcm9taXNlZCBob3N0IGtleXMgd291bGQgYWxsb3cgYW4gYXR0YWNrZXIgdG88L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBSRVFVRVNUIHNpbmNlIGNvbXByb21pc2Vk
IGhvc3Qga2V5cyB3b3VsZCBhbGxvdyBhbiBhdHRhY2tlciB0bzwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIg
dmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBpbXBlcnNvbmF0ZSB0aGUgS0RD
LjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIGltcGVyc29uYXRlIHRoZSBLREMu
PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZh
bGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWdu
PSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij42LjIuICBSZWZsZWN0aW9uPC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+Ni4yLiAgUmVmbGVjdGlvbjwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIg
dmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3Ry
PgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFz
cz0ibGVmdCI+ICAgVGhlIDQtcGFzcyBzeXN0ZW0gZGVzY3JpYmVkIGFib3ZlIGlzIGEgY2hhbGxl
bmdlLXJlc3BvbnNlIHByb3RvY29sPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAg
VGhlIDQtcGFzcyBzeXN0ZW0gZGVzY3JpYmVkIGFib3ZlIGlzIGEgY2hhbGxlbmdlLXJlc3BvbnNl
IHByb3RvY29sPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHIgYmdjb2xvcj0iZ3JheSIgPjx0ZD48L3RkPjx0aD48YSBuYW1lPSJwYXJ0
LWwxMyIgLz48c21hbGw+c2tpcHBpbmcgdG8gY2hhbmdlIGF0PC9zbWFsbD48ZW0+IHBhZ2UgMzAs
IGxpbmUgMzQ8L2VtPjwvdGg+PHRoPiA8L3RoPjx0aD48YSBuYW1lPSJwYXJ0LXIxMyIgLz48c21h
bGw+c2tpcHBpbmcgdG8gY2hhbmdlIGF0PC9zbWFsbD48ZW0+IHBhZ2UgMzAsIGxpbmUgMzc8L2Vt
PjwvdGg+PHRkPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249
InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIFtSRkMyMDQ1XSAgRnJlZWQsIE4uIGFuZCBO
LiBCb3JlbnN0ZWluLCAiTXVsdGlwdXJwb3NlIEludGVybmV0IE1haWw8L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij4gICBbUkZDMjA0NV0gIEZyZWVkLCBOLiBhbmQgTi4gQm9yZW5zdGVp
biwgIk11bHRpcHVycG9zZSBJbnRlcm5ldCBNYWlsPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFs
aWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249
InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgICAgICAgICAgRXh0ZW5zaW9ucyAoTUlN
RSkgUGFydCBPbmU6IEZvcm1hdCBvZiBJbnRlcm5ldCBNZXNzYWdlPC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyaWdodCI+ICAgICAgICAgICAgICBFeHRlbnNpb25zIChNSU1FKSBQYXJ0IE9uZTog
Rm9ybWF0IG9mIEludGVybmV0IE1lc3NhZ2U8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249
InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9w
Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgICAgICAgICBCb2RpZXMiLCBSRkMgMjA0NSwg
Tm92ZW1iZXIgMTk5Ni48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAgICAg
ICAgIEJvZGllcyIsIFJGQyAyMDQ1LCBOb3ZlbWJlciAxOTk2LjwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIg
dmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3Ry
PgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFz
cz0ibGVmdCI+ICAgW1JGQzIxMTldICBCcmFkbmVyLCBTLiwgIktleSB3b3JkcyBmb3IgdXNlIGlu
IFJGQ3MgdG8gSW5kaWNhdGU8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBbUkZD
MjExOV0gIEJyYWRuZXIsIFMuLCAiS2V5IHdvcmRzIGZvciB1c2UgaW4gUkZDcyB0byBJbmRpY2F0
ZTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4g
ICAgICAgICAgICAgIFJlcXVpcmVtZW50IExldmVscyIsIEJDUCAxNCwgUkZDIDIxMTksIE1hcmNo
IDE5OTcuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgICAgICAgICBSZXF1
aXJlbWVudCBMZXZlbHMiLCBCQ1AgMTQsIFJGQyAyMTE5LCBNYXJjaCAxOTk3LjwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+
PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3Rk
Pjx0ZCBjbGFzcz0ibGVmdCI+ICAgW1JGQzM5NjFdICBSYWVidXJuLCBLLiwgIkVuY3J5cHRpb24g
YW5kIENoZWNrc3VtIFNwZWNpZmljYXRpb25zIGZvcjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmlnaHQiPiAgIFtSRkMzOTYxXSAgUmFlYnVybiwgSy4sICJFbmNyeXB0aW9uIGFuZCBDaGVja3N1
bSBTcGVjaWZpY2F0aW9ucyBmb3I8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+
PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3Rk
Pjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgICAgICAgICBLZXJiZXJvcyA1IiwgUkZDIDM5NjEsIEZl
YnJ1YXJ5IDIwMDUuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgICAgICAg
ICBLZXJiZXJvcyA1IiwgUkZDIDM5NjEsIEZlYnJ1YXJ5IDIwMDUuPC90ZD48dGQgY2xhc3M9Imxp
bmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
IiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwv
dHI+CiAgICAgIDx0cj48dGQ+PGEgbmFtZT0iZGlmZjAwMjAiIC8+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2Nr
Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+
ICAgW1JGQzM5ODZdICBCZXJuZXJzLUxlZSwgVC4sIEZpZWxkaW5nLCBSLiwgYW5kIEwuIE1hc2lu
dGVyLCAiVW5pZm9ybTwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+
PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3Rk
Pjx0ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNw
YW4gY2xhc3M9Imluc2VydCI+ICAgICAgICAgICAgICBSZXNvdXJjZSBJZGVudGlmaWVyIChVUkkp
OiBHZW5lcmljIFN5bnRheCIsIFNURCA2Niw8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIg
dmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxp
Z249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgICAgICAgICAgICAgUkZDIDM5ODYsIEph
bnVhcnkgMjAwNS48L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48
dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFu
IGNsYXNzPSJpbnNlcnQiPiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3NwYW4+PC90ZD48dGQgY2xhc3M9Imxp
bmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
IiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIFtSRkM0MTIwXSAgTmV1bWFu
LCBDLiwgWXUsIFQuLCBIYXJ0bWFuLCBTLiwgYW5kIEsuIFJhZWJ1cm4sICJUaGU8L3RkPjx0ZD4g
PC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBbUkZDNDEyMF0gIE5ldW1hbiwgQy4sIFl1LCBULiwg
SGFydG1hbiwgUy4sIGFuZCBLLiBSYWVidXJuLCAiVGhlPC90ZD48dGQgY2xhc3M9ImxpbmVubyIg
dmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxp
Z249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgICAgICAgICAgS2VyYmVyb3MgTmV0
d29yayBBdXRoZW50aWNhdGlvbiBTZXJ2aWNlIChWNSkiLCBSRkMgNDEyMCw8L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAgICAgICAgIEtlcmJlcm9zIE5ldHdvcmsgQXV0aGVu
dGljYXRpb24gU2VydmljZSAoVjUpIiwgUkZDIDQxMjAsPC90ZD48dGQgY2xhc3M9ImxpbmVubyIg
dmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxp
Z249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgICAgICAgICAgSnVseSAyMDA1Ljwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgICAgICAgICAgSnVseSAyMDA1Ljwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxp
Z249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0i
dG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgW1JGQzQ1NTZdICBaaHUsIEwuIGFuZCBCLiBU
dW5nLCAiUHVibGljIEtleSBDcnlwdG9ncmFwaHkgZm9yIEluaXRpYWw8L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij4gICBbUkZDNDU1Nl0gIFpodSwgTC4gYW5kIEIuIFR1bmcsICJQdWJs
aWMgS2V5IENyeXB0b2dyYXBoeSBmb3IgSW5pdGlhbDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZh
bGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWdu
PSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAgICAgICAgIEF1dGhlbnRpY2F0aW9u
IGluIEtlcmJlcm9zIChQS0lOSVQpIiwgUkZDIDQ1NTYsIEp1bmUgMjAwNi48L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAgICAgICAgIEF1dGhlbnRpY2F0aW9uIGluIEtlcmJl
cm9zIChQS0lOSVQpIiwgUkZDIDQ1NTYsIEp1bmUgMjAwNi48L3RkPjx0ZCBjbGFzcz0ibGluZW5v
IiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZh
bGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZD48YSBuYW1lPSJkaWZmMDAyMSIgLz48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICBb
UkZDNTI4MF0gIENvb3BlciwgRC4sIFNhbnRlc3NvbiwgUy4sIEZhcnJlbGwsIFMuLCBCb2V5ZW4s
IFMuLDwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3Ry
PgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFz
cz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9
Imluc2VydCI+ICAgICAgICAgICAgICBIb3VzbGV5LCBSLiwgYW5kIFcuIFBvbGssICJJbnRlcm5l
dCBYLjUwOSBQdWJsaWMgS2V5PC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0i
dG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3Ai
PjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2Nr
Ij48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICAgICAgICAgICAgIEluZnJhc3RydWN0dXJlIENlcnRp
ZmljYXRlIGFuZCBDZXJ0aWZpY2F0ZSBSZXZvY2F0aW9uIExpc3Q8L3NwYW4+PC90ZD48dGQgY2xh
c3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgICAgICAgICAgICAg
KENSTCkgUHJvZmlsZSIsIFJGQyA1MjgwLCBNYXkgMjAwOC48L3NwYW4+PC90ZD48dGQgY2xhc3M9
ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8
L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9Imxl
ZnQiPiAgIFtSRkM2MTEyXSAgWmh1LCBMLiwgTGVhY2gsIFAuLCBhbmQgUy4gSGFydG1hbiwgIkFu
b255bWl0eSBTdXBwb3J0IGZvcjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIFtS
RkM2MTEyXSAgWmh1LCBMLiwgTGVhY2gsIFAuLCBhbmQgUy4gSGFydG1hbiwgIkFub255bWl0eSBT
dXBwb3J0IGZvcjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNz
PSJsZWZ0Ij4gICAgICAgICAgICAgIEtlcmJlcm9zIiwgUkZDIDYxMTIsIEFwcmlsIDIwMTEuPC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgICAgICAgICBLZXJiZXJvcyIsIFJG
QyA2MTEyLCBBcHJpbCAyMDExLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0
ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgW1JGQzYx
MTNdICBIYXJ0bWFuLCBTLiBhbmQgTC4gWmh1LCAiQSBHZW5lcmFsaXplZCBGcmFtZXdvcmsgZm9y
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgW1JGQzYxMTNdICBIYXJ0bWFuLCBT
LiBhbmQgTC4gWmh1LCAiQSBHZW5lcmFsaXplZCBGcmFtZXdvcmsgZm9yPC90ZD48dGQgY2xhc3M9
ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgICAgICAgICAgS2Vy
YmVyb3MgUHJlLUF1dGhlbnRpY2F0aW9uIiwgUkZDIDYxMTMsIEFwcmlsIDIwMTEuPC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgICAgICAgICBLZXJiZXJvcyBQcmUtQXV0aGVu
dGljYXRpb24iLCBSRkMgNjExMywgQXByaWwgMjAxMS48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2
YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGln
bj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
aWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9Imxl
ZnQiPiAgIFtYLjY4MF0gICAgSVRVLVQsICJSZWNvbW1lbmRhdGlvbiBYLjY4MCAoMjAwMikgfCBJ
U08vSUVDIDg4MjQtMToyMDAyLDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIFtY
LjY4MF0gICAgSVRVLVQsICJSZWNvbW1lbmRhdGlvbiBYLjY4MCAoMjAwMikgfCBJU08vSUVDIDg4
MjQtMToyMDAyLDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNz
PSJsZWZ0Ij4gICAgICAgICAgICAgIEluZm9ybWF0aW9uIHRlY2hub2xvZ3kgLSBBYnN0cmFjdCBT
eW50YXggTm90YXRpb24gT25lPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAg
ICAgICAgICBJbmZvcm1hdGlvbiB0ZWNobm9sb2d5IC0gQWJzdHJhY3QgU3ludGF4IE5vdGF0aW9u
IE9uZTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAg
IDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0
Ij4gICAgICAgICAgICAgIChBU04uMSk6IFNwZWNpZmljYXRpb24gb2YgYmFzaWMgbm90YXRpb24u
IiwgSnVseSAyMDAyLjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgICAgICAg
ICAgKEFTTi4xKTogU3BlY2lmaWNhdGlvbiBvZiBiYXNpYyBub3RhdGlvbi4iLCBKdWx5IDIwMDIu
PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZh
bGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyIGJnY29sb3I9ImdyYXkiID48dGQ+
PC90ZD48dGg+PGEgbmFtZT0icGFydC1sMTQiIC8+PHNtYWxsPnNraXBwaW5nIHRvIGNoYW5nZSBh
dDwvc21hbGw+PGVtPiBwYWdlIDMyLCBsaW5lIDExPC9lbT48L3RoPjx0aD4gPC90aD48dGg+PGEg
bmFtZT0icGFydC1yMTQiIC8+PHNtYWxsPnNraXBwaW5nIHRvIGNoYW5nZSBhdDwvc21hbGw+PGVt
PiBwYWdlIDMyLCBsaW5lIDI0PC9lbT48L3RoPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAg
RW5jcnlwdGVkRGF0YSwgTGFzdFJlcSwgS2VyYmVyb3NTdHJpbmc8L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJpZ2h0Ij4gICAgICAgRW5jcnlwdGVkRGF0YSwgTGFzdFJlcSwgS2VyYmVyb3NTdHJp
bmc8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+
ICAgICAgIEZST00gS2VyYmVyb3NWNVNwZWMyIHtpc28oMSkgaWRlbnRpZmllZC1vcmdhbml6YXRp
b24oMyk8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAgRlJPTSBLZXJiZXJv
c1Y1U3BlYzIge2lzbygxKSBpZGVudGlmaWVkLW9yZ2FuaXphdGlvbigzKTwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAgICAgICAgICAg
ICAgICAgICAgICAgIGRvZCg2KSBpbnRlcm5ldCgxKSBzZWN1cml0eSg1KTwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZG9kKDYpIGlu
dGVybmV0KDEpIHNlY3VyaXR5KDUpPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3Ai
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90
ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgICAgICAgICAgICAgICAgICAgICAgICAga2VyYmVyb3NW
NSgyKSBtb2R1bGVzKDQpIGtyYjVzcGVjMigyKX08L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJp
Z2h0Ij4gICAgICAgICAgICAgICAgICAgICAgICAgICAgIGtlcmJlcm9zVjUoMikgbW9kdWxlcyg0
KSBrcmI1c3BlYzIoMil9PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQg
Y2xhc3M9ImxlZnQiPiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLS0gYXMgZGVmaW5lZCBp
biBSRkMgNDEyMC48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAgICAgICAg
ICAgICAgICAgICAgICAgIC0tIGFzIGRlZmluZWQgaW4gUkZDIDQxMjAuPC90ZD48dGQgY2xhc3M9
ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgICBBbGdvcml0aG1J
ZGVudGlmaWVyPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgIEFsZ29yaXRo
bUlkZW50aWZpZXI8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3Ry
PgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFz
cz0ibGVmdCI+ICAgICAgIEZST00gUEtJWDFFeHBsaWNpdDg4IHsgaXNvICgxKSBpZGVudGlmaWVk
LW9yZ2FuaXphdGlvbiAoMyk8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAg
RlJPTSBQS0lYMUV4cGxpY2l0ODggeyBpc28gKDEpIGlkZW50aWZpZWQtb3JnYW5pemF0aW9uICgz
KTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4g
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb2QgKDYpIGludGVybmV0ICgxKTwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRv
ZCAoNikgaW50ZXJuZXQgKDEpPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNlY3VyaXR5ICg1
KSBtZWNoYW5pc21zICg1KSBwa2l4ICg3KTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQi
PiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNlY3VyaXR5ICg1KSBtZWNoYW5pc21zICg1
KSBwa2l4ICg3KTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNz
PSJsZWZ0Ij4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpZC1tb2QgKDApIGlkLXBraXgx
LWV4cGxpY2l0ICgxOCkgfTs8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICBpZC1tb2QgKDApIGlkLXBraXgxLWV4cGxpY2l0ICgxOCkg
fTs8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkPjxhIG5hbWU9ImRpZmYwMDIyIiAvPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgLS0gQXMgZGVmaW5lZCBpbiBSRkMgPHNwYW4gY2xhc3M9ImRl
bGV0ZSI+Mzwvc3Bhbj4yODAuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgIC0tIEFzIGRlZmluZWQgaW4gUkZDIDxzcGFuIGNsYXNz
PSJpbnNlcnQiPjU8L3NwYW4+MjgwLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9w
Ij48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwv
dGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
IGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAg
IFBBLU9UUC1DSEFMTEVOR0UgOjo9IFNFUVVFTkNFIHs8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJpZ2h0Ij4gICAgICAgUEEtT1RQLUNIQUxMRU5HRSA6Oj0gU0VRVUVOQ0UgezwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAgICBub25j
ZSAgICAgICAgICAgIFswXSBPQ1RFVCBTVFJJTkcsPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
aWdodCI+ICAgICAgICAgbm9uY2UgICAgICAgICAgICBbMF0gT0NURVQgU1RSSU5HLDwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAgICBv
dHAtc2VydmljZSAgICAgIFsxXSBVVEY4U3RyaW5nICAgICAgICAgICAgICAgT1BUSU9OQUwsPC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgICAgb3RwLXNlcnZpY2UgICAgICBb
MV0gVVRGOFN0cmluZyAgICAgICAgICAgICAgIE9QVElPTkFMLDwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIg
dmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAgICBvdHAtdG9rZW5JbmZv
ICAgIFsyXSBTRVFVRU5DRSAoU0laRSgxLi5NQVgpKSBPRjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmlnaHQiPiAgICAgICAgIG90cC10b2tlbkluZm8gICAgWzJdIFNFUVVFTkNFIChTSVpFKDEu
Lk1BWCkpIE9GPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
T1RQLVRPS0VOSU5GTyw8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE9UUC1UT0tFTklORk8sPC90
ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0
ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAg
ICAgIHNhbHQgICAgICAgICAgICAgWzNdIEtlcmJlcm9zU3RyaW5nICAgICAgICAgICBPUFRJT05B
TCw8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAgICBzYWx0ICAgICAgICAg
ICAgIFszXSBLZXJiZXJvc1N0cmluZyAgICAgICAgICAgT1BUSU9OQUwsPC90ZD48dGQgY2xhc3M9
ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgICAgIHMya3BhcmFt
cyAgICAgICAgWzRdIE9DVEVUIFNUUklORyAgICAgICAgICAgICBPUFRJT05BTCw8L3RkPjx0ZD4g
PC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAgICBzMmtwYXJhbXMgICAgICAgIFs0XSBPQ1RF
VCBTVFJJTkcgICAgICAgICAgICAgT1BUSU9OQUwsPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFs
aWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249
InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgICAgIC4uLjwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmlnaHQiPiAgICAgICAgIC4uLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGln
bj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0
b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAgfTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmlnaHQiPiAgICAgICB9PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwv
dGQ+PC90cj4KCiAgICAgPHRyPjx0ZD48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQ+PC90ZD48L3RyPgogICAgIDx0ciBiZ2NvbG9y
PSJncmF5Ij48dGggY29sc3Bhbj0iNSIgYWxpZ249ImNlbnRlciI+PGEgbmFtZT0iZW5kIj4mbmJz
cDtFbmQgb2YgY2hhbmdlcy4gMjIgY2hhbmdlIGJsb2Nrcy4mbmJzcDs8L2E+PC90aD48L3RyPgog
ICAgIDx0ciBjbGFzcz0ic3RhdHMiPjx0ZD48L3RkPjx0aD48aT40OCBsaW5lcyBjaGFuZ2VkIG9y
IGRlbGV0ZWQ8L2k+PC90aD48dGg+PGk+IDwvaT48L3RoPjx0aD48aT42NCBsaW5lcyBjaGFuZ2Vk
IG9yIGFkZGVkPC9pPjwvdGg+PHRkPjwvdGQ+PC90cj4KICAgICA8dHI+PHRkIGNvbHNwYW49IjUi
IGFsaWduPSJjZW50ZXIiIGNsYXNzPSJzbWFsbCI+PGJyLz5UaGlzIGh0bWwgZGlmZiB3YXMgcHJv
ZHVjZWQgYnkgcmZjZGlmZiAxLjQxLiBUaGUgbGF0ZXN0IHZlcnNpb24gaXMgYXZhaWxhYmxlIGZy
b20gPGEgaHJlZj0iaHR0cDovL3d3dy50b29scy5pZXRmLm9yZy90b29scy9yZmNkaWZmLyIgPmh0
dHA6Ly90b29scy5pZXRmLm9yZy90b29scy9yZmNkaWZmLzwvYT4gPC90ZD48L3RyPgogICA8L3Rh
YmxlPgogICA8L2JvZHk+CiAgIDwvaHRtbD4K

--_002_B1371F619AB0A94C9AC73CF2E475485B038C618035MX11Acorpemcc_
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg
--_002_B1371F619AB0A94C9AC73CF2E475485B038C618035MX11Acorpemcc_--

From ietf-krb-wg-bounces@lists.anl.gov  Wed Sep  7 03:11:17 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8041521F8568 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Wed,  7 Sep 2011 03:11:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.633
X-Spam-Level: 
X-Spam-Status: No, score=-105.633 tagged_above=-999 required=5 tests=[AWL=0.966, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OAE8QXJUOMT5 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Wed,  7 Sep 2011 03:11:16 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 95A4221F856A for <krb-wg-archive@lists.ietf.org>; Wed,  7 Sep 2011 03:11:16 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 62DE038; Wed,  7 Sep 2011 05:13:05 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 41FED3D; Wed,  7 Sep 2011 05:13:03 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 1D6A12CCA7B; Wed,  7 Sep 2011 05:13:03 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 0D1712CCA49 for <ietf-krb-wg@lists.anl.gov>; Wed,  7 Sep 2011 05:13:02 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id 068BE4A; Wed,  7 Sep 2011 05:13:02 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id D701E38 for <ietf-krb-wg@anl.gov>; Wed,  7 Sep 2011 05:13:01 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id C23CD4A for <ietf-krb-wg@anl.gov>; Wed,  7 Sep 2011 05:13:01 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id A3C847CC07F; Wed,  7 Sep 2011 05:13:01 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 16803-03; Wed, 7 Sep 2011 05:13:01 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 8A3447CC082 for <ietf-krb-wg@anl.gov>; Wed,  7 Sep 2011 05:13:01 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AukDAJBCZ05FGcQcgWdsb2JhbABEmSeOVgEBFiYmggc/PDQBBBi1Boh/hmsEpGM
X-IronPort-AV: E=Sophos;i="4.68,344,1312174800"; d="scan'208";a="66322350"
Received: from permutation-city.suchdamage.org (HELO mail.suchdamage.org) ([69.25.196.28]) by mailgateway.anl.gov with ESMTP; 07 Sep 2011 05:13:01 -0500
Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id 7B08A20184; Wed,  7 Sep 2011 06:15:02 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 773CF42B7; Wed,  7 Sep 2011 06:12:51 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: ietf-krb-wg@anl.gov
Date: Wed, 07 Sep 2011 06:12:51 -0400
Message-ID: <tsld3fc7ja4.fsf@mit.edu>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux)
MIME-Version: 1.0
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: krb-wg-ads@tools.ietf.org
Subject: [Ietf-krb-wg] Taking another stab at section 4 of the clear text cred draft
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

We have a request from Jari to clarify the clear-text cred draft section
4.  I agree that's a bit rough.  I'll take a stab at new text in the
next couple of days.  However if someone else gets there first, I
wouldn't mind at all.
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Thu Sep  8 11:47:51 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBF1121F85EC for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu,  8 Sep 2011 11:47:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level: 
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8Jke24dIMmdN for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu,  8 Sep 2011 11:47:51 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 3FD9721F858D for <krb-wg-archive@lists.ietf.org>; Thu,  8 Sep 2011 11:47:51 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id C735556; Thu,  8 Sep 2011 13:49:43 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id A6AE14B; Thu,  8 Sep 2011 13:49:39 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 8C8B72CCA4F; Thu,  8 Sep 2011 13:49:39 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 9FE8E80EBF for <ietf-krb-wg@lists.anl.gov>; Thu,  8 Sep 2011 13:49:37 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id 92CDC2B; Thu,  8 Sep 2011 13:49:37 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 8FB214B for <ietf-krb-wg@anl.gov>; Thu,  8 Sep 2011 13:49:37 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 892742B for <ietf-krb-wg@anl.gov>; Thu,  8 Sep 2011 13:49:37 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 724717CC0B6; Thu,  8 Sep 2011 13:49:37 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 17466-02; Thu, 8 Sep 2011 13:49:37 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 570C07CC05C for <ietf-krb-wg@anl.gov>; Thu,  8 Sep 2011 13:49:37 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ApAEAAsNaU5FGcQcgWdsb2JhbABCmTKOZAEBFiYmgUJFezQBBBiIMZgcllaIf4ZtBKRl
X-IronPort-AV: E=Sophos;i="4.68,351,1312174800"; d="scan'208";a="66432526"
Received: from permutation-city.suchdamage.org (HELO mail.suchdamage.org) ([69.25.196.28]) by mailgateway.anl.gov with ESMTP; 08 Sep 2011 13:49:37 -0500
Received: from carter-zimmerman.suchdamage.org (unknown [18.111.119.84]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id B49FD203CB for <ietf-krb-wg@anl.gov>; Thu,  8 Sep 2011 14:51:36 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 0ABEE42B7; Thu,  8 Sep 2011 14:49:36 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: ietf-krb-wg@anl.gov
Date: Thu, 08 Sep 2011 14:49:36 -0400
Message-ID: <tsl8vpy27jz.fsf@mit.edu>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux)
MIME-Version: 1.0
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Subject: [Ietf-krb-wg] Where is the PAD draft
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

It doesn't look like the PAD draft has been submitted as a working group
document yet.
What's the delay?
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Thu Sep  8 11:51:36 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E530221F85B8 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu,  8 Sep 2011 11:51:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.561
X-Spam-Level: 
X-Spam-Status: No, score=-5.561 tagged_above=-999 required=5 tests=[AWL=1.038, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4HYcqlFKPUOX for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu,  8 Sep 2011 11:51:36 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 3041021F84D7 for <krb-wg-archive@lists.ietf.org>; Thu,  8 Sep 2011 11:51:36 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id EDCFC2B; Thu,  8 Sep 2011 13:53:28 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id AD63E4B; Thu,  8 Sep 2011 13:53:28 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 756472CCA4F; Thu,  8 Sep 2011 13:53:28 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 9DF3C80EBF for <ietf-krb-wg@lists.anl.gov>; Thu,  8 Sep 2011 13:53:27 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id 986CB2B; Thu,  8 Sep 2011 13:53:27 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 93A9F3E for <ietf-krb-wg@anl.gov>; Thu,  8 Sep 2011 13:53:27 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 83AB32B for <ietf-krb-wg@anl.gov>; Thu,  8 Sep 2011 13:53:27 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 6DD327CC092; Thu,  8 Sep 2011 13:53:27 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 18457-10; Thu, 8 Sep 2011 13:53:27 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 53EAE7CC05C for <ietf-krb-wg@anl.gov>; Thu,  8 Sep 2011 13:53:27 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AicAAC8OaU4SCRkOmWdsb2JhbABCDphhjxMUAQEBAQEICwsHFCaBRgEBAQEDAQEBNzQbAgEIEQQBAR0CECcBCh0IAQEEARIIh3Guboh/hg1gBJEgghOFG4tDVA
X-IronPort-AV: E=Sophos;i="4.68,351,1312174800"; d="scan'208";a="66432759"
Received: from dmz-mailsec-scanner-3.mit.edu ([18.9.25.14]) by mailgateway.anl.gov with ESMTP; 08 Sep 2011 13:53:26 -0500
X-AuditID: 1209190e-b7c60ae000000a26-8a-4e690e9e2dd0
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id E0.AB.02598.E9E096E4; Thu,  8 Sep 2011 14:51:10 -0400 (EDT)
Received: from outgoing-exchange-2.mit.edu (OUTGOING-EXCHANGE-2.MIT.EDU [18.9.28.16]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id p88IrQpe026040;  Thu, 8 Sep 2011 14:53:26 -0400
Received: from oc11exedge1.exchange.mit.edu (OC11EXEDGE1.EXCHANGE.MIT.EDU [18.9.3.17]) by outgoing-exchange-2.mit.edu (8.13.8/8.12.4) with ESMTP id p88IrPcX025163; Thu, 8 Sep 2011 14:53:26 -0400
Received: from w92exhub5.exchange.mit.edu (18.7.73.11) by oc11exedge1.exchange.mit.edu (18.9.3.17) with Microsoft SMTP Server (TLS) id 8.2.255.0; Thu, 8 Sep 2011 14:53:18 -0400
Received: from EXPO10.exchange.mit.edu ([18.9.4.15]) by w92exhub5.exchange.mit.edu ([18.7.73.11]) with mapi; Thu, 8 Sep 2011 14:53:25 -0400
From: Thomas Hardjono <hardjono@MIT.EDU>
To: Sam Hartman <hartmans-ietf@mit.edu>, "ietf-krb-wg@anl.gov" <ietf-krb-wg@anl.gov>
Date: Thu, 8 Sep 2011 14:52:47 -0400
Thread-Topic: [Ietf-krb-wg] Where is the PAD draft
Thread-Index: AcxuWBHTduLL7ztiRqO3Y+CMzNOWKAAAG6RI
Message-ID: <DADD7EAD88AB484D8CCC328D40214CCD0E75227AFA@EXPO10.exchange.mit.edu>
References: <tsl8vpy27jz.fsf@mit.edu>
In-Reply-To: <tsl8vpy27jz.fsf@mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrOKsWRmVeSWpSXmKPExsUixCmqrDuPL9PPYPIDVouvbQ/YLCafnMDk wORxcs1bNo+VU0+zBzBFcdmkpOZklqUW6dslcGV8+/iepeATS8XE7//YGhhns3QxcnJICJhI /Hp/jRHCFpO4cG89WxcjF4eQwD5Gif/HDjJBOPsZJa603mUDqRISuMIoMeEUVNUWRonXV6ey Qzj9jBIr/u4Em8UmoCFx7vdeoAQHh4hAvMS0yf4gJouAisTvqx4gFcIChhL7nv5ngqgwktg/ JxwkDGI+XTCFGcTmFQiQ2Ph9EwvEWlWJtjsX2UFsTgE1iZsbPjOB2IxAR38/tQbMZhYQl7j1 ZD4TxDOCEotm72GGeezfrodsEPWiEnfa1zNC1OtILNj9iQ3C1pZYtvA11F5BiZMzn7BMYJSY hWTsLCQts5C0zELSsoCRZRWjbEpulW5uYmZOcWqybnFyYl5eapGusV5uZoleakrpJkZw/Eny 7WD8elDpEKMAB6MSD++pWxl+QqyJZcWVuYcYJTmYlER5hYDRK8SXlJ9SmZFYnBFfVJqTWnyI UYKDWUmEV/sPUDlvSmJlVWpRPkxKmoNFSZx39Q4HPyGB9MSS1OzU1ILUIpisDAeHkgTvJJCh gkWp6akVaZk5JQhpJg5OkOE8QMPdQGp4iwsSc4sz0yHypxgVpcR5jUESAiCJjNI8uF5YenzF KA70ijCvK0gVDzC1wnW/AhrMBDT4UH4qyOCSRISUVAOj69fJlhKPrzEerjBxePiukEM2qIXz 6Id1x1mLOev4Ajgdl99rtjooXvC53fMN39UXN5efP8VkFs9RIJc4M028zY3/3/5Tn2yiRNdf Tfg5a5aa7K5vRXud0m6b3/e5dFz1jBxLjM+3xwu36JyQ+dhz0mTf6eOrjjZEzraPOBC5yZmr /3WFXo6vEktxRqKhFnNRcSIA67hf/GoDAAA=
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Subject: Re: [Ietf-krb-wg] Where is the PAD draft
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

Hi Sam,

Apologies for the delay -- I will submit it today.

/thomas/
________________________________________
From: ietf-krb-wg-bounces@lists.anl.gov [ietf-krb-wg-bounces@lists.anl.gov] On Behalf Of Sam Hartman [hartmans-ietf@MIT.EDU]
Sent: Thursday, September 08, 2011 2:49 PM
To: ietf-krb-wg@anl.gov
Subject: [Ietf-krb-wg] Where is the PAD draft

It doesn't look like the PAD draft has been submitted as a working group
document yet.
What's the delay?
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Thu Sep  8 12:12:51 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15E3821F8BB6 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu,  8 Sep 2011 12:12:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.594
X-Spam-Level: 
X-Spam-Status: No, score=-104.594 tagged_above=-999 required=5 tests=[AWL=2.005, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JyKpJP9LXyRX for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu,  8 Sep 2011 12:12:36 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 1EACA21F8BAA for <krb-wg-archive@lists.ietf.org>; Thu,  8 Sep 2011 12:12:36 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id DB68D5F; Thu,  8 Sep 2011 14:14:28 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 7A5DE54; Thu,  8 Sep 2011 14:14:28 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 5BBF080EC3; Thu,  8 Sep 2011 14:14:28 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 71F0580EBF for <ietf-krb-wg@lists.anl.gov>; Thu,  8 Sep 2011 14:14:26 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 54D3D7CC077; Thu,  8 Sep 2011 14:14:26 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27428-08; Thu, 8 Sep 2011 14:14:26 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 3BCD67CC05A for <ietf-krb-wg@lists.anl.gov>; Thu,  8 Sep 2011 14:14:26 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvICAKsSaU4MFjoekmdsb2JhbABChFWUWwEBjlAUAQEBAQkLCwcSKIFwVjUCJgJJModwpWyRe4EshDCBEQSHbItHkTY
X-IronPort-AV: E=Sophos;i="4.68,351,1312174800"; d="scan'208";a="66434547"
Received: from mail.ietf.org ([12.22.58.30]) by mailgateway.anl.gov with ESMTP; 08 Sep 2011 14:14:25 -0500
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8033021F8BA2 for <ietf-krb-wg@lists.anl.gov>; Thu,  8 Sep 2011 12:12:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TRGY174LS5Rs; Thu,  8 Sep 2011 12:12:32 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A1DB21F8B95; Thu,  8 Sep 2011 12:12:32 -0700 (PDT)
MIME-Version: 1.0
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 3.60
Message-ID: <20110908191232.3740.64561.idtracker@ietfa.amsl.com>
Date: Thu, 08 Sep 2011 12:12:32 -0700
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: ietf-krb-wg@lists.anl.gov
Subject: [Ietf-krb-wg] I-D Action: draft-ietf-krb-wg-general-pac-00.txt
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Kerberos Working Group of the IETF.

	Title           : A Generalized PAC for Kerberos V5
	Author(s)       : Simo Sorce
                          Tom Yu
                          Thomas Hardjono
	Filename        : draft-ietf-krb-wg-general-pac-00.txt
	Pages           : 15
	Date            : 2011-09-08

   This draft proposes a generalized authorization structure for the
   Kerberos V5 protocol.  Such an authorization structure would allow
   for greater interoperability among directory services and other
   related Kerberos services across differing realms.


A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-general-pac-00.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

This Internet-Draft can be retrieved at:
ftp://ftp.ietf.org/internet-drafts/draft-ietf-krb-wg-general-pac-00.txt
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Thu Sep  8 12:14:35 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A81B21F8BBD for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu,  8 Sep 2011 12:14:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.635
X-Spam-Level: 
X-Spam-Status: No, score=-5.635 tagged_above=-999 required=5 tests=[AWL=0.964, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 297Q+iRngfLd for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu,  8 Sep 2011 12:14:34 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 60FF921F8BB9 for <krb-wg-archive@lists.ietf.org>; Thu,  8 Sep 2011 12:14:34 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 3095162; Thu,  8 Sep 2011 14:16:27 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id EDEB250; Thu,  8 Sep 2011 14:16:26 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id D694B80EC3; Thu,  8 Sep 2011 14:16:26 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 1880880EBF for <ietf-krb-wg@lists.anl.gov>; Thu,  8 Sep 2011 14:16:26 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id 0B43F50; Thu,  8 Sep 2011 14:16:26 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 05A8C56 for <ietf-krb-wg@anl.gov>; Thu,  8 Sep 2011 14:16:26 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id DD3B050 for <ietf-krb-wg@anl.gov>; Thu,  8 Sep 2011 14:16:25 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id C8C4D7CC077; Thu,  8 Sep 2011 14:16:25 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 28161-07; Thu, 8 Sep 2011 14:16:25 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id A68817CC06B for <ietf-krb-wg@anl.gov>; Thu,  8 Sep 2011 14:16:25 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AicAABMUaU4SB0QlmWdsb2JhbABCDphhjxMUAQEBAQEICwsHFCaBRgEBAQEDAQEBNzQXBAIBCBEEAQEdAgkHJwEKFAkIAQEEARIIh3GuZYh/hg1gBJEgghOFG4tDVA
X-IronPort-AV: E=Sophos;i="4.68,351,1312174800"; d="scan'208";a="66434678"
Received: from dmz-mailsec-scanner-8.mit.edu ([18.7.68.37]) by mailgateway.anl.gov with ESMTP; 08 Sep 2011 14:16:25 -0500
X-AuditID: 12074425-b7bf1ae000000a2a-73-4e69144eed84
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) by dmz-mailsec-scanner-8.mit.edu (Symantec Messaging Gateway) with SMTP id 0F.58.02602.E44196E4; Thu,  8 Sep 2011 15:15:26 -0400 (EDT)
Received: from outgoing-exchange-2.mit.edu (OUTGOING-EXCHANGE-2.MIT.EDU [18.9.28.16]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id p88JGOIa026417;  Thu, 8 Sep 2011 15:16:24 -0400
Received: from oc11exedge2.exchange.mit.edu (OC11EXEDGE2.EXCHANGE.MIT.EDU [18.9.3.18]) by outgoing-exchange-2.mit.edu (8.13.8/8.12.4) with ESMTP id p88JGNkD030631; Thu, 8 Sep 2011 15:16:23 -0400
Received: from oc11exhub3.exchange.mit.edu (18.9.3.13) by oc11exedge2.exchange.mit.edu (18.9.3.18) with Microsoft SMTP Server (TLS) id 8.2.255.0; Thu, 8 Sep 2011 15:15:24 -0400
Received: from EXPO10.exchange.mit.edu ([18.9.4.15]) by oc11exhub3.exchange.mit.edu ([18.9.3.13]) with mapi; Thu, 8 Sep 2011 15:16:23 -0400
From: Thomas Hardjono <hardjono@MIT.EDU>
To: Thomas Hardjono <hardjono@mit.edu>, Sam Hartman <hartmans-ietf@mit.edu>, "ietf-krb-wg@anl.gov" <ietf-krb-wg@anl.gov>
Date: Thu, 8 Sep 2011 15:16:21 -0400
Thread-Topic: [Ietf-krb-wg] Where is the PAD draft
Thread-Index: AcxuWBHTduLL7ztiRqO3Y+CMzNOWKAAAG6RIAADKIgA=
Message-ID: <DADD7EAD88AB484D8CCC328D40214CCD0E7559294F@EXPO10.exchange.mit.edu>
References: <tsl8vpy27jz.fsf@mit.edu> <DADD7EAD88AB484D8CCC328D40214CCD0E75227AFA@EXPO10.exchange.mit.edu>
In-Reply-To: <DADD7EAD88AB484D8CCC328D40214CCD0E75227AFA@EXPO10.exchange.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrOKsWRmVeSWpSXmKPExsUixCmqresnkulnMPW7gcXXtgdsFpNPTmBy YPI4ueYtm8fKqafZA5iiuGxSUnMyy1KL9O0SuDL+7Kkv6OKq2PNWo4HxFEcXIweHhICJxKM+ uy5GTiBTTOLCvfVsXYxcHEIC+xglGpZ3sUM4+xklWh6eY4JwrjBKzNqxGKpsC6PE3cuTGSGc fkaJs6/6WECGsQloSJz7vResX0SgkVHi8qU3bCAJFgEViasz94HZwgKGEvue/mcCOUREwEhi /5xwkLCIgJXEq4fnmEFsXoEAiW8Pf7KD2EICORL3/5wAK+cUCJRYfL4QJMwIdPf3U2uYQGxm AXGJW0/mM0H8IyixaPYeZpjf/u16yAZRLypxp309I0S9jsSC3Z/YIGxtiWULX0OtFZQ4OfMJ ywSgX5GMnYWkZRaSlllIWhYwsqxilE3JrdLNTczMKU5N1i1OTszLSy3StdDLzSzRS00p3cQI ij92F9UdjBMOKR1iFOBgVOLhPXErw0+INbGsuDL3EKMkB5OSKO8W4Uw/Ib6k/JTKjMTijPii 0pzU4kOMEhzMSiK82n+AynlTEiurUovyYVLSHCxK4ryvdzj4CQmkJ5akZqemFqQWwWRlODiU JHi3gQwVLEpNT61Iy8wpQUgzcXCCDOcBGv4CpIa3uCAxtzgzHSJ/ilFRSpz3MEhCACSRUZoH 1wtLj68YxYFeEeZdA1LFA0ytcN2vgAYzAQ0+lJ8KMrgkESEl1cAYEDvtePKRuyZTZkz+xLtJ OMa74fW/hnqR78aHvuxk4pj2zH/i84mFAZyqYQeU4rfkl+61TJybMFnx/36hY1F6wnNbJaIm lbf5cTH7Smip2DL5JaWoPdm7fY7WPdN1zRqsB/N+vLAVlWuLn8pf+OLaT+WfitNMaxxudt1M XPp8+/lcz0n8Wq+VWIozEg21mIuKEwFoMs6TagMAAA==
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Subject: Re: [Ietf-krb-wg] Where is the PAD draft
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

Sam,

I just uploaded draft-ietf-krb-wg-generalized-pac-00.

Apologies again for the delay.

/thomas/

__________________________________________


> -----Original Message-----
> From: ietf-krb-wg-bounces@lists.anl.gov [mailto:ietf-krb-wg-
> bounces@lists.anl.gov] On Behalf Of Thomas Hardjono
> Sent: Thursday, September 08, 2011 2:53 PM
> To: Sam Hartman; ietf-krb-wg@anl.gov
> Subject: Re: [Ietf-krb-wg] Where is the PAD draft
> 
> 
> Hi Sam,
> 
> Apologies for the delay -- I will submit it today.
> 
> /thomas/
> ________________________________________
> From: ietf-krb-wg-bounces@lists.anl.gov [ietf-krb-wg-
> bounces@lists.anl.gov] On Behalf Of Sam Hartman [hartmans-ietf@MIT.EDU]
> Sent: Thursday, September 08, 2011 2:49 PM
> To: ietf-krb-wg@anl.gov
> Subject: [Ietf-krb-wg] Where is the PAD draft
> 
> It doesn't look like the PAD draft has been submitted as a working
> group document yet.
> What's the delay?
> _______________________________________________
> ietf-krb-wg mailing list
> ietf-krb-wg@lists.anl.gov
> https://lists.anl.gov/mailman/listinfo/ietf-krb-wg
> _______________________________________________
> ietf-krb-wg mailing list
> ietf-krb-wg@lists.anl.gov
> https://lists.anl.gov/mailman/listinfo/ietf-krb-wg
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Wed Sep 14 07:54:47 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 948D221F888A for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Wed, 14 Sep 2011 07:54:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.63
X-Spam-Level: 
X-Spam-Status: No, score=-105.63 tagged_above=-999 required=5 tests=[AWL=0.969, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zOo-6poFVH98 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Wed, 14 Sep 2011 07:54:43 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id C1EB821F8B53 for <krb-wg-archive@lists.ietf.org>; Wed, 14 Sep 2011 07:54:43 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id D38F349; Wed, 14 Sep 2011 09:56:51 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 2DBBB43; Wed, 14 Sep 2011 09:56:49 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 165482D40A0; Wed, 14 Sep 2011 09:56:49 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id E2F6980ECA for <ietf-krb-wg@lists.anl.gov>; Wed, 14 Sep 2011 09:56:46 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id D58CC43; Wed, 14 Sep 2011 09:56:46 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id D036B48 for <ietf-krb-wg@anl.gov>; Wed, 14 Sep 2011 09:56:46 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id C9FA943 for <ietf-krb-wg@anl.gov>; Wed, 14 Sep 2011 09:56:46 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id B30927CC064; Wed, 14 Sep 2011 09:56:46 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 28869-06; Wed, 14 Sep 2011 09:56:46 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 9A90A7CC05C for <ietf-krb-wg@anl.gov>; Wed, 14 Sep 2011 09:56:46 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AiwFACPAcE5FGcQcgWdsb2JhbABBmS+OTAEBFiYmghR7NAEEGJ5GlmOIf4ZuBKUA
X-IronPort-AV: E=Sophos;i="4.68,380,1312174800"; d="scan'208";a="66718580"
Received: from permutation-city.suchdamage.org (HELO mail.suchdamage.org) ([69.25.196.28]) by mailgateway.anl.gov with ESMTP; 14 Sep 2011 09:56:46 -0500
Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id 2C0B6202FB for <ietf-krb-wg@anl.gov>; Wed, 14 Sep 2011 10:58:39 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 8AE1D42B7; Wed, 14 Sep 2011 10:56:40 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: ietf-krb-wg@anl.gov
Date: Wed, 14 Sep 2011 10:56:40 -0400
Message-ID: <tslmxe7matz.fsf@mit.edu>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux)
MIME-Version: 1.0
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Subject: [Ietf-krb-wg] Meeting at IETF 82
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

Hi.  I'd like to get a sense of who is going to be at IETF 82 and what
topics needs to be discussed.  We need to submit a slot request shortly.
My presumption is that we'll meet.

Things I think we should discuss are:

* IANA

* PAD

* GSS preauth (see next message)

* Documents that don't seem to be moving but should

Things that I think might need discussion:

* Replay cache avoidance

* Pkinit algorithm agility

* IETF LC for OTP if there are issues

Things I think will not need discussion:

* Cammelia: Jeff will be sending out the consensus result today.  If we
  adopt I actually suspect we won't have a huge number of open issues.
  Obviously if we do adopt and there is an open technical issue we will
  discuss.  I don't believe meeting time on whether to adopt is valuable
  at this point.

* clear-text cred
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Wed Sep 14 07:59:02 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0302721F8AF3 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Wed, 14 Sep 2011 07:59:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.64
X-Spam-Level: 
X-Spam-Status: No, score=-105.64 tagged_above=-999 required=5 tests=[AWL=0.959, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S0JpIsdvvR-o for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Wed, 14 Sep 2011 07:58:58 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 2DF5321F8AF0 for <krb-wg-archive@lists.ietf.org>; Wed, 14 Sep 2011 07:58:58 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 592204B; Wed, 14 Sep 2011 10:01:07 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 38A1143; Wed, 14 Sep 2011 10:01:07 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 0E1042CCA7E; Wed, 14 Sep 2011 10:01:07 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id CF2DF80ECA for <ietf-krb-wg@lists.anl.gov>; Wed, 14 Sep 2011 10:01:05 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id C730634; Wed, 14 Sep 2011 10:01:05 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id C24C82B for <ietf-krb-wg@anl.gov>; Wed, 14 Sep 2011 10:01:05 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id BBC5834 for <ietf-krb-wg@anl.gov>; Wed, 14 Sep 2011 10:01:05 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 9AA057CC067; Wed, 14 Sep 2011 10:01:05 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 30300-01-10; Wed, 14 Sep 2011 10:01:05 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 6AF997CC076 for <ietf-krb-wg@anl.gov>; Wed, 14 Sep 2011 10:01:05 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AiwFAEfBcE5FGcQcgWdsb2JhbABBmS+OTAEBFiYmgUxIezQBBBiePZZjiH+GbgSlAA
X-IronPort-AV: E=Sophos;i="4.68,380,1312174800"; d="scan'208";a="66718902"
Received: from permutation-city.suchdamage.org (HELO mail.suchdamage.org) ([69.25.196.28]) by mailgateway.anl.gov with ESMTP; 14 Sep 2011 10:00:54 -0500
Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id AEF66202FB for <ietf-krb-wg@anl.gov>; Wed, 14 Sep 2011 11:02:47 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 3959442B7; Wed, 14 Sep 2011 11:00:51 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: ietf-krb-wg@anl.gov
Date: Wed, 14 Sep 2011 11:00:51 -0400
Message-ID: <tslipovman0.fsf@mit.edu>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux)
MIME-Version: 1.0
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Subject: [Ietf-krb-wg] Comments on adopting draft-perez-krb-wg-gss-preauth-00.txt
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

we've received a request from the authors to consider adopting the GSS
pre-authentication mechanism as a working group document.

I'd like to solicit comments on this by October 5. I realize that's kind
of long, but I'm going to be fairly busy and won't have a chance to
follow the discussion as closely as I should, so I may have some
comments as chair on what gets said during the first week of October.

_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Wed Sep 14 10:47:15 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D1E121F8B27 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Wed, 14 Sep 2011 10:47:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.559
X-Spam-Level: 
X-Spam-Status: No, score=-4.559 tagged_above=-999 required=5 tests=[AWL=1.418, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6ZOewbb-mxoG for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Wed, 14 Sep 2011 10:47:14 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id A0E9F21F8B23 for <krb-wg-archive@lists.ietf.org>; Wed, 14 Sep 2011 10:47:14 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 0CDE147; Wed, 14 Sep 2011 12:49:23 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 2974834; Wed, 14 Sep 2011 12:49:22 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 087F480ECC; Wed, 14 Sep 2011 12:49:22 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 7EC8680EA3 for <ietf-krb-wg@lists.anl.gov>; Wed, 14 Sep 2011 12:49:20 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id 707A834; Wed, 14 Sep 2011 12:49:20 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 6C0143A for <ietf-krb-wg@anl.gov>; Wed, 14 Sep 2011 12:49:20 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 6603234 for <ietf-krb-wg@anl.gov>; Wed, 14 Sep 2011 12:49:20 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 4FD837CC064; Wed, 14 Sep 2011 12:49:20 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20814-05; Wed, 14 Sep 2011 12:49:20 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 3642D7CC056 for <ietf-krb-wg@anl.gov>; Wed, 14 Sep 2011 12:49:20 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AmsBAAbocE7QYYQFkWdsb2JhbABCDoRHomkcAQEBAQkLCwcUAyOBTAcBAQEBAxICD1YQCwsNAgImAgIiEgEFARwGEwgan2YKin6SGoEshDGBEQSHbotRjHo9gzZW
X-IronPort-AV: E=Sophos;i="4.68,381,1312174800"; d="scan'208";a="66736854"
Received: from mailbigip.dreamhost.com (HELO homiemail-a36.g.dreamhost.com) ([208.97.132.5]) by mailgateway.anl.gov with ESMTP; 14 Sep 2011 12:49:19 -0500
Received: from homiemail-a36.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a36.g.dreamhost.com (Postfix) with ESMTP id 183B6778082 for <ietf-krb-wg@anl.gov>; Wed, 14 Sep 2011 10:49:19 -0700 (PDT)
Received: from mail-yx0-f182.google.com (mail-yx0-f182.google.com [209.85.213.182]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a36.g.dreamhost.com (Postfix) with ESMTPSA id 7CE71778164 for <ietf-krb-wg@anl.gov>; Wed, 14 Sep 2011 10:34:05 -0700 (PDT)
Received: by yxk36 with SMTP id 36so1943370yxk.13 for <ietf-krb-wg@anl.gov>; Wed, 14 Sep 2011 10:34:04 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.199.202 with SMTP id jm10mr348924pbc.198.1316021644542; Wed, 14 Sep 2011 10:34:04 -0700 (PDT)
Received: by 10.68.66.163 with HTTP; Wed, 14 Sep 2011 10:34:04 -0700 (PDT)
In-Reply-To: <tslipovman0.fsf@mit.edu>
References: <tslipovman0.fsf@mit.edu>
Date: Wed, 14 Sep 2011 12:34:04 -0500
Message-ID: <CAK3OfOit7FaV2ZW5ofEu8A51G_48diUeFhpz96OkhJXT_HkuoA@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Sam Hartman <hartmans-ietf@mit.edu>
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: ietf-krb-wg@anl.gov
Subject: Re: [Ietf-krb-wg] Comments on adopting draft-perez-krb-wg-gss-preauth-00.txt
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

On Wed, Sep 14, 2011 at 10:00 AM, Sam Hartman <hartmans-ietf@mit.edu> wrote:
> we've received a request from the authors to consider adopting the GSS
> pre-authentication mechanism as a working group document.
>
> I'd like to solicit comments on this by October 5. I realize that's kind
> of long, but I'm going to be fairly busy and won't have a chance to
> follow the discussion as closely as I should, so I may have some
> comments as chair on what gets said during the first week of October.

I've been wanting GSS pre-auth for years.  I support WG adoption of
this document.  I volunteer to review.  Note that I have had
disagreements with the authors regarding state-keeping issues, but I'm
confident that we can work those out.

Nico
--
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Wed Sep 14 14:35:37 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37A0421F8D5B for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Wed, 14 Sep 2011 14:35:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.674
X-Spam-Level: 
X-Spam-Status: No, score=-104.674 tagged_above=-999 required=5 tests=[AWL=1.925, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yrVyhzDWSIUI for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Wed, 14 Sep 2011 14:35:36 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 3EDC521F8D64 for <krb-wg-archive@lists.ietf.org>; Wed, 14 Sep 2011 14:35:36 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id AC50EA0; Wed, 14 Sep 2011 16:37:45 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 5D1C19A; Wed, 14 Sep 2011 16:37:43 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 468112CCA9C; Wed, 14 Sep 2011 16:37:43 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 4252480EA3 for <ietf-krb-wg@lists.anl.gov>; Wed, 14 Sep 2011 16:37:42 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 2B8AC7CC066; Wed, 14 Sep 2011 16:37:42 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 01847-03; Wed, 14 Sep 2011 16:37:42 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 106277CC05F for <ietf-krb-wg@lists.anl.gov>; Wed, 14 Sep 2011 16:37:42 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AjsCAHUdcU4MFjoekmdsb2JhbABChFWUOgEBjjgUAQEBAQkLCwcSKIF9VjUCFBICSTKHcqF6khGBLII7gXaBEQSHbotRkUU
X-IronPort-AV: E=Sophos;i="4.68,383,1312174800"; d="scan'208";a="66752783"
Received: from mail.ietf.org ([12.22.58.30]) by mailgateway.anl.gov with ESMTP; 14 Sep 2011 16:37:39 -0500
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8280921F8D5F for <ietf-krb-wg@lists.anl.gov>; Wed, 14 Sep 2011 14:35:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A4lzTXBV5RBa; Wed, 14 Sep 2011 14:35:27 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D968821F8C85; Wed, 14 Sep 2011 14:35:27 -0700 (PDT)
MIME-Version: 1.0
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 3.60
Message-ID: <20110914213527.25471.33665.idtracker@ietfa.amsl.com>
Date: Wed, 14 Sep 2011 14:35:27 -0700
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: ietf-krb-wg@lists.anl.gov
Subject: [Ietf-krb-wg] I-D Action: draft-ietf-krb-wg-otp-preauth-19.txt
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Kerberos Working Group of the IETF.

	Title           : OTP Pre-authentication
	Author(s)       : Gareth Richards
	Filename        : draft-ietf-krb-wg-otp-preauth-19.txt
	Pages           : 41
	Date            : 2011-09-14

   The Kerberos protocol provides a framework authenticating a client
   using the exchange of pre-authentication data.  This document
   describes the use of this framework to carry out One Time Password
   (OTP) authentication.


A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-otp-preauth-19.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

This Internet-Draft can be retrieved at:
ftp://ftp.ietf.org/internet-drafts/draft-ietf-krb-wg-otp-preauth-19.txt
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Thu Sep 15 05:03:01 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DB0A21F8A4E for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 05:03:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.963
X-Spam-Level: 
X-Spam-Status: No, score=-4.963 tagged_above=-999 required=5 tests=[AWL=1.636, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B4G7HFHRyz69 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 05:03:00 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 5EB8121F8997 for <krb-wg-archive@lists.ietf.org>; Thu, 15 Sep 2011 05:03:00 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 538CE44; Thu, 15 Sep 2011 07:05:11 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 6C82D41; Thu, 15 Sep 2011 07:05:08 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 423FD2D40AE; Thu, 15 Sep 2011 07:05:08 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 12B8E80ECD for <ietf-krb-wg@lists.anl.gov>; Thu, 15 Sep 2011 07:05:07 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id E75FC34; Thu, 15 Sep 2011 07:05:06 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id E1FAF3D for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 07:05:06 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id C497834 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 07:05:06 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id AEE537CC05F; Thu, 15 Sep 2011 07:05:06 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 16305-04; Thu, 15 Sep 2011 07:05:06 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 8B3C17CC054 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 07:05:06 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: An4DAJTocU7BCvxCgWdsb2JhbABCp00UAQEWJiaCRgw9FhgDAgECAUsNCAEBh3WXMp8/hnQEmGOMEA
X-IronPort-AV: E=Sophos;i="4.68,387,1312174800"; d="scan'208";a="66777453"
Received: from backup-server.nordu.net ([193.10.252.66]) by mailgateway.anl.gov with ESMTP/TLS/DHE-RSA-AES256-SHA; 15 Sep 2011 07:05:05 -0500
Received: from [192.36.125.212] (dhcp.pilsnet.sunet.se [192.36.125.212]) (authenticated bits=0) by backup-server.nordu.net (8.14.3/8.14.3) with ESMTP id p8FC4xSW018755 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 14:05:03 +0200 (CEST)
Message-ID: <4E71E9EB.4080505@mnt.se>
Date: Thu, 15 Sep 2011 14:04:59 +0200
From: Leif Johansson <leifj@mnt.se>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.21) Gecko/20110831 Lightning/1.0b2 Thunderbird/3.1.13
MIME-Version: 1.0
To: "ietf-krb-wg@anl.gov" <ietf-krb-wg@anl.gov>
X-Enigmail-Version: 1.1.1
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Subject: [Ietf-krb-wg] Reiview of draft-ietf-krb-wg-generalized-pac-00
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


At the last IETF I promised to review the PAC draft, here it is...

My overall impression is that the document structure needs to
improve and that a lot of assumptions need to be called out.

The document is trying to define an authorization data structure
that is less complex that something like SAML while remaining
useful for the majority of the usecases. I'm not sure this will
succeed. There is already (imho) signs of feature-creep that may
obviate any gains-in-simplicity over SAML.

Finally I don't really understand the multiple-buffers thing. There
seems to be some extensibility there but it doesn't seem to be
clearly defined, nor is it clear to me what the benefit of the
added complexity is.

Now for some specifics...

* Spelling: s/eterogenous/heterogeneous/ in section 3.

* Suggest add the following text at the end of the last-but-one
paragraph of section 3 to make the argument for the "push model"
sound a bit less theoretical:

"Real-world deployment experience show these problems to be
insurmountable except where there is a very high-degree of
homogeneity (eg single vendor)."

* I suggest switching the order of section 4 and section 5, that
way to read about the overall structure first and then get to
individual attribute definitions. Right now you go from intro and
motivation to some attribute-definitions. Also maybe change the name
of 5 to "Format and Encoding".

* I'm missing language that describes the behavior of the KDC and
the service when processing the PAD. There are some traces of this in
(current) section 6.1 that talks about signing and verification
but I would like to see normative language for the implied message
exchanges even if it turns out to be mostly references to 4120.

* There seems to be a gap in the ASN.1 between the PAD-DATA structure
and the attributes. PAD-DATA refers to AuthorizationData from 4120.
If the intent is that the PAD-* attributes be given ad-type numbers
and their values encoded as OCTET STRING in ad-data then this needs to
be stated explicitly.

If this is the case it seems somewhat wasteful to allocate pa-type
number (yes I know we have 32 bits) for every conceivable future
attribute type and it will also make it more difficult to do local
experiments/deployments. I would argue for ASN.1 that uses OCTET
STRING attribute types even though it consumes more bits.

*  Comments on the attribute definitions:

- - I don't understand the value of PAD-Short-Domain. I understand
how it might rear its ugly head but I don't see why we should
perpetuate a bad idea. Surely local convention could provide a
mapping from PAD-DNS-Domain?

- - I don't understand PAD-Domain-UUID: isn't a domain name unique
enough? This of course has implications for several of the other
attributes.

* 4.15 - PAD Mapped Attributes

Suggest change 'universally' to 'globally'.

Thats it for now. Hope it helps!

	Cheers Leif
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5x6esACgkQ8Jx8FtbMZndTTQCgqZe6wMSbXnDChJ4ZSGuUY+Me
dW4Anj8Du0SNNyoioeNuieIIjlMFxy4t
=WU4N
-----END PGP SIGNATURE-----
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Thu Sep 15 07:20:57 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37DE421F8B34 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 07:20:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.578
X-Spam-Level: 
X-Spam-Status: No, score=-4.578 tagged_above=-999 required=5 tests=[AWL=1.399, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I1XZtappDrZD for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 07:20:56 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 23CAE21F8B26 for <krb-wg-archive@lists.ietf.org>; Thu, 15 Sep 2011 07:20:56 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 5747A45; Thu, 15 Sep 2011 09:23:07 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 02CF84B; Thu, 15 Sep 2011 09:23:05 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 95A7380ED0; Thu, 15 Sep 2011 09:23:05 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 6363A80EC3 for <ietf-krb-wg@lists.anl.gov>; Thu, 15 Sep 2011 09:23:04 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id 54D4241; Thu, 15 Sep 2011 09:23:04 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 501F645 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 09:23:04 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 321FF41 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 09:23:04 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id F06217CC253; Thu, 15 Sep 2011 09:23:03 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 30142-02-761; Thu, 15 Sep 2011 09:23:03 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id C51427CC260 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 09:21:21 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AiIBAH0Jck7QYYRRkGdsb2JhbABDhFWicBwBAQEBCQkNBxQDI4FTAQEFEgIPHQMBKA0BAQ4LCw0CAioiEgEFARwGNaEzCop+gyKOOQEEgSyFSIdzi1iMfz2EDA
X-IronPort-AV: E=Sophos;i="4.68,387,1312174800"; d="scan'208";a="66789354"
Received: from caiajhbdcaib.dreamhost.com (HELO homiemail-a65.g.dreamhost.com) ([208.97.132.81]) by mailgateway.anl.gov with ESMTP; 15 Sep 2011 09:20:38 -0500
Received: from homiemail-a65.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a65.g.dreamhost.com (Postfix) with ESMTP id 8ECCD7E4073 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 07:20:34 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc :content-type:content-transfer-encoding; q=dns; s= cryptonector.com; b=gO0jBFYdqPmD0OM0eJa+2hNJNKIT1ZmsW0nIdjypoCus 93wF9/lBBxFZIGe5ACrvk6H5UdJe3gAgsen0h+R26KaPqqItfQp11Hsc1WyG6kH2 MCeoBc5GYAtEMBeiYijVAjPEUqwT0LiZr9DrFBmGQIMmHGTL76f7k86vTd8go1I=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type:content-transfer-encoding; s= cryptonector.com; bh=JAMN8P49/bg+79qXHl0skNZvDVo=; b=IcLL/t3omL6 niZPPA1dEmRJT2XbcNTcafLwziqPkvVYckds6+AeGamHYrIGu3enEX4IyH9TKq6k lMhguVuDysPH7mKBHavtlN8LyvrN4wwDPIIPSNgq1RwDhmlhAcGooJOnefZ7pNiY pKO0VWrzrVRceQicxxOD6SbPM3qVdFJA=
Received: from mail-pz0-f44.google.com (mail-pz0-f44.google.com [209.85.210.44]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a65.g.dreamhost.com (Postfix) with ESMTPSA id 28C4C7E406F for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 07:20:31 -0700 (PDT)
Received: by pzk36 with SMTP id 36so1283504pzk.31 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 07:20:31 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.199.202 with SMTP id jm10mr2044430pbc.198.1316096431020; Thu, 15 Sep 2011 07:20:31 -0700 (PDT)
Received: by 10.68.66.163 with HTTP; Thu, 15 Sep 2011 07:20:30 -0700 (PDT)
In-Reply-To: <4E71E9EB.4080505@mnt.se>
References: <4E71E9EB.4080505@mnt.se>
Date: Thu, 15 Sep 2011 09:20:30 -0500
Message-ID: <CAK3OfOhqKXRUJ43nK4fO=shZKH2gqGxQReiLzEWPxotDs5WTPw@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Leif Johansson <leifj@mnt.se>
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: "ietf-krb-wg@anl.gov" <ietf-krb-wg@anl.gov>
Subject: Re: [Ietf-krb-wg] Reiview of draft-ietf-krb-wg-generalized-pac-00
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

T24gVGh1LCBTZXAgMTUsIDIwMTEgYXQgNzowNCBBTSwgTGVpZiBKb2hhbnNzb24gPGxlaWZqQG1u
dC5zZT4gd3JvdGU6Cj4gVGhlIGRvY3VtZW50IGlzIHRyeWluZyB0byBkZWZpbmUgYW4gYXV0aG9y
aXphdGlvbiBkYXRhIHN0cnVjdHVyZQo+IHRoYXQgaXMgbGVzcyBjb21wbGV4IHRoYXQgc29tZXRo
aW5nIGxpa2UgU0FNTCB3aGlsZSByZW1haW5pbmcKPiB1c2VmdWwgZm9yIHRoZSBtYWpvcml0eSBv
ZiB0aGUgdXNlY2FzZXMuIEknbSBub3Qgc3VyZSB0aGlzIHdpbGwKPiBzdWNjZWVkLiBUaGVyZSBp
cyBhbHJlYWR5IChpbWhvKSBzaWducyBvZiBmZWF0dXJlLWNyZWVwIHRoYXQgbWF5Cj4gb2J2aWF0
ZSBhbnkgZ2FpbnMtaW4tc2ltcGxpY2l0eSBvdmVyIFNBTUwuCgpJIHdvdWxkIGxpa2UgdG8gc2Vl
IGEgZGViYXRlIGFyb3VuZCB0aGlzLiAgSXQgbWF5IHR1cm4gb3V0IHRoYXQgSQpkb24ndCByZWFs
bHkgbWluZCBpZiB3ZSBlbmQgdXAgd2l0aCBib3RoLCBQQUQgYW5kIFNBTUwgZXh0ZW5zaW9ucywg
YnV0Ckkgd291bGRuJ3Qgd2FudCB0byBub3QgaGF2ZSB0aGUgb3B0aW9uIG9mIHVzaW5nIFNBTUwu
Cgo+ICogwqBDb21tZW50cyBvbiB0aGUgYXR0cmlidXRlIGRlZmluaXRpb25zOgo+Cj4gLSAtIEkg
ZG9uJ3QgdW5kZXJzdGFuZCB0aGUgdmFsdWUgb2YgUEFELVNob3J0LURvbWFpbi4gSSB1bmRlcnN0
YW5kCj4gaG93IGl0IG1pZ2h0IHJlYXIgaXRzIHVnbHkgaGVhZCBidXQgSSBkb24ndCBzZWUgd2h5
IHdlIHNob3VsZAo+IHBlcnBldHVhdGUgYSBiYWQgaWRlYS4gU3VyZWx5IGxvY2FsIGNvbnZlbnRp
b24gY291bGQgcHJvdmlkZSBhCj4gbWFwcGluZyBmcm9tIFBBRC1ETlMtRG9tYWluPwoKSU1PIGl0
IHNob3VsZCBiZSByZW1vdmVkLiAgSXQncyB0b3hpYy4KCj4gLSAtIEkgZG9uJ3QgdW5kZXJzdGFu
ZCBQQUQtRG9tYWluLVVVSUQ6IGlzbid0IGEgZG9tYWluIG5hbWUgdW5pcXVlCj4gZW5vdWdoPyBU
aGlzIG9mIGNvdXJzZSBoYXMgaW1wbGljYXRpb25zIGZvciBzZXZlcmFsIG9mIHRoZSBvdGhlcgo+
IGF0dHJpYnV0ZXMuCgpEb21haW4gbmFtZXMgY2FuIGNoYW5nZSAoSSd2ZSBzZWVuIGl0IGhhcHBl
biwgc29ydCBvZikuICBBIFVVSUQgd291bGQKYWxsb3cgbm9kZXMgdG8gZGV0ZWN0IGEgZG9tYWlu
IG5hbWUgY2hhbmdlLgoKTmljbwotLQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fXwppZXRmLWtyYi13ZyBtYWlsaW5nIGxpc3QKaWV0Zi1rcmItd2dAbGlzdHMu
YW5sLmdvdgpodHRwczovL2xpc3RzLmFubC5nb3YvbWFpbG1hbi9saXN0aW5mby9pZXRmLWtyYi13
Zw==

From ietf-krb-wg-bounces@lists.anl.gov  Thu Sep 15 07:55:08 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00AC221F8B5D for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 07:55:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.099
X-Spam-Level: 
X-Spam-Status: No, score=-5.099 tagged_above=-999 required=5 tests=[AWL=1.500, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id puo2v0C3xwKd for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 07:55:07 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 2C28E21F8B5A for <krb-wg-archive@lists.ietf.org>; Thu, 15 Sep 2011 07:55:07 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 166AF4E; Thu, 15 Sep 2011 09:57:19 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 8008741; Thu, 15 Sep 2011 09:57:17 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 5E12280ED0; Thu, 15 Sep 2011 09:57:17 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 5B13F80EC3 for <ietf-krb-wg@lists.anl.gov>; Thu, 15 Sep 2011 09:57:15 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id 4D77D21; Thu, 15 Sep 2011 09:57:15 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 484C141 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 09:57:15 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 417ED21 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 09:57:15 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 2D3497CC071; Thu, 15 Sep 2011 09:57:15 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 31719-06; Thu, 15 Sep 2011 09:57:15 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 134DB7CC066 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 09:57:15 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AoADAKARck7BCvxCgWdsb2JhbABDhFWieBQBARYmJoFTAQEFI1UBEAsaAgUWCwICCQMCAQIBRQYNAQcBAYd1pFuRVoEshDeBEQSYY4wQ
X-IronPort-AV: E=Sophos;i="4.68,387,1312174800"; d="scan'208";a="66794859"
Received: from backup-server.nordu.net ([193.10.252.66]) by mailgateway.anl.gov with ESMTP/TLS/DHE-RSA-AES256-SHA; 15 Sep 2011 09:57:14 -0500
Received: from [192.36.125.212] (dhcp.pilsnet.sunet.se [192.36.125.212]) (authenticated bits=0) by backup-server.nordu.net (8.14.3/8.14.3) with ESMTP id p8FEv89m021935 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 15 Sep 2011 16:57:11 +0200 (CEST)
Message-ID: <4E721244.4030807@mnt.se>
Date: Thu, 15 Sep 2011 16:57:08 +0200
From: Leif Johansson <leifj@mnt.se>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.21) Gecko/20110831 Lightning/1.0b2 Thunderbird/3.1.13
MIME-Version: 1.0
To: Nico Williams <nico@cryptonector.com>
References: <4E71E9EB.4080505@mnt.se> <CAK3OfOhqKXRUJ43nK4fO=shZKH2gqGxQReiLzEWPxotDs5WTPw@mail.gmail.com>
In-Reply-To: <CAK3OfOhqKXRUJ43nK4fO=shZKH2gqGxQReiLzEWPxotDs5WTPw@mail.gmail.com>
X-Enigmail-Version: 1.1.1
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: "ietf-krb-wg@anl.gov" <ietf-krb-wg@anl.gov>
Subject: Re: [Ietf-krb-wg] Reiview of draft-ietf-krb-wg-generalized-pac-00
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



>> - - I don't understand PAD-Domain-UUID: isn't a domain name unique
>> enough? This of course has implications for several of the other
>> attributes.
> 
> Domain names can change (I've seen it happen, sort of).  A UUID would
> allow nodes to detect a domain name change.

But only if there is a mapping somewhere and then that database
is now the new DNS somehow? I still don't get it.

I guess I'm looking for some idea on how domain UUIDs would
work in practice.

	Cheers Leif
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5yEkQACgkQ8Jx8FtbMZnewlACeLYGUHYP1uY5la28ezoZe2XF4
bgQAn32lA0wYJF5szgxk+AQdJ5oVxJNc
=WD6V
-----END PGP SIGNATURE-----
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Thu Sep 15 08:14:30 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F88721F8A55 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 08:14:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.509
X-Spam-Level: 
X-Spam-Status: No, score=-106.509 tagged_above=-999 required=5 tests=[AWL=0.090, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V2bPbEcDW6QD for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 08:14:29 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id AA56321F8828 for <krb-wg-archive@lists.ietf.org>; Thu, 15 Sep 2011 08:14:29 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id B0E7F4E; Thu, 15 Sep 2011 10:16:41 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 725D521; Thu, 15 Sep 2011 10:16:41 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 393ED2CCA83; Thu, 15 Sep 2011 10:16:41 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id E1E2580EC3 for <ietf-krb-wg@lists.anl.gov>; Thu, 15 Sep 2011 10:16:39 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id D30B721; Thu, 15 Sep 2011 10:16:39 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id CE8433D for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 10:16:39 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id C986E21 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 10:16:39 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id B28187CC076; Thu, 15 Sep 2011 10:16:39 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 09744-03; Thu, 15 Sep 2011 10:16:39 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 813687CC073 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 10:16:39 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AkUBAE4Wck7RhLcckWdsb2JhbABDhFWjAhQBAQEBCQsLBxQGIIFTAQEBAQMjVhALGAICJgICSQENBqxbkVWBLIQ3gREEmGOMKg
X-IronPort-AV: E=Sophos;i="4.68,387,1312174800"; d="scan'208";a="66796944"
Received: from mx1.redhat.com ([209.132.183.28]) by mailgateway.anl.gov with ESMTP; 15 Sep 2011 10:16:38 -0500
Received: from int-mx12.intmail.prod.int.phx2.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.25]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p8FFGc27030157 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 15 Sep 2011 11:16:38 -0400
Received: from [10.3.113.19] ([10.3.113.19]) by int-mx12.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id p8FFGbgw023323; Thu, 15 Sep 2011 11:16:37 -0400
From: Simo Sorce <simo@redhat.com>
To: Leif Johansson <leifj@mnt.se>
In-Reply-To: <4E721244.4030807@mnt.se>
References: <4E71E9EB.4080505@mnt.se> <CAK3OfOhqKXRUJ43nK4fO=shZKH2gqGxQReiLzEWPxotDs5WTPw@mail.gmail.com> <4E721244.4030807@mnt.se>
Organization: Red Hat, Inc.
Date: Thu, 15 Sep 2011 11:16:36 -0400
Message-ID: <1316099796.2684.365.camel@willson.li.ssimo.org>
Mime-Version: 1.0
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: "ietf-krb-wg@anl.gov" <ietf-krb-wg@anl.gov>
Subject: Re: [Ietf-krb-wg] Reiview of draft-ietf-krb-wg-generalized-pac-00
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

On Thu, 2011-09-15 at 16:57 +0200, Leif Johansson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> 
> >> - - I don't understand PAD-Domain-UUID: isn't a domain name unique
> >> enough? This of course has implications for several of the other
> >> attributes.
> > 
> > Domain names can change (I've seen it happen, sort of).  A UUID would
> > allow nodes to detect a domain name change.
> 
> But only if there is a mapping somewhere and then that database
> is now the new DNS somehow? I still don't get it.
> 
> I guess I'm looking for some idea on how domain UUIDs would
> work in practice.

Look at how SIDs works in Windows and in the Solaris CIFS server that
uses SIDs.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Thu Sep 15 08:49:06 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D04421F8B4F for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 08:49:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.691
X-Spam-Level: 
X-Spam-Status: No, score=-4.691 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_ILLEGAL_IP=1.908, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BmHxteZ6xcXt for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 08:49:05 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 4638A21F8A35 for <krb-wg-archive@lists.ietf.org>; Thu, 15 Sep 2011 08:49:05 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id A4A3F4E; Thu, 15 Sep 2011 10:51:16 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 3E4B744; Thu, 15 Sep 2011 10:51:14 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 0AED42CCA83; Thu, 15 Sep 2011 10:51:14 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 9C78F80EC3 for <ietf-krb-wg@lists.anl.gov>; Thu, 15 Sep 2011 10:51:11 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id 974C844; Thu, 15 Sep 2011 10:51:11 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 92C8A46 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 10:51:11 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 8D91344 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 10:51:11 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 724BD7CC08C; Thu, 15 Sep 2011 10:51:11 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 26492-04; Thu, 15 Sep 2011 10:51:11 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 4E5827CC07C for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 10:51:09 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Aq0EAJQeck7BCvxCgWdsb2JhbABChFWifwMUAQEWJiaBUwEBBSNVARALGAICBRYLAgIJAwIBAgE3AQ0GDQEHAQGHdaRZkViBLIQ3gREEmGOMEA
X-IronPort-AV: E=Sophos;i="4.68,388,1312174800"; d="scan'208";a="66800364"
Received: from backup-server.nordu.net ([193.10.252.66]) by mailgateway.anl.gov with ESMTP/TLS/DHE-RSA-AES256-SHA; 15 Sep 2011 10:50:46 -0500
Received: from [172.20.10.3] ([2.69.247.83]) (authenticated bits=0) by backup-server.nordu.net (8.14.3/8.14.3) with ESMTP id p8FFodeb028149 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 15 Sep 2011 17:50:43 +0200 (CEST)
Message-ID: <4E721ECF.7090105@mnt.se>
Date: Thu, 15 Sep 2011 17:50:39 +0200
From: Leif Johansson <leifj@mnt.se>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.21) Gecko/20110831 Lightning/1.0b2 Thunderbird/3.1.13
MIME-Version: 1.0
To: Simo Sorce <simo@redhat.com>
References: <4E71E9EB.4080505@mnt.se>	 <CAK3OfOhqKXRUJ43nK4fO=shZKH2gqGxQReiLzEWPxotDs5WTPw@mail.gmail.com>	 <4E721244.4030807@mnt.se> <1316099796.2684.365.camel@willson.li.ssimo.org>
In-Reply-To: <1316099796.2684.365.camel@willson.li.ssimo.org>
X-Enigmail-Version: 1.1.1
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: "ietf-krb-wg@anl.gov" <ietf-krb-wg@anl.gov>
Subject: Re: [Ietf-krb-wg] Reiview of draft-ietf-krb-wg-generalized-pac-00
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/15/2011 05:16 PM, Simo Sorce wrote:
> On Thu, 2011-09-15 at 16:57 +0200, Leif Johansson wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>>
>>>> - - I don't understand PAD-Domain-UUID: isn't a domain name unique
>>>> enough? This of course has implications for several of the other
>>>> attributes.
>>>
>>> Domain names can change (I've seen it happen, sort of).  A UUID would
>>> allow nodes to detect a domain name change.
>>
>> But only if there is a mapping somewhere and then that database
>> is now the new DNS somehow? I still don't get it.
>>
>> I guess I'm looking for some idea on how domain UUIDs would
>> work in practice.
> 
> Look at how SIDs works in Windows and in the Solaris CIFS server that
> uses SIDs.
> 
> Simo.
> 

OK let me ask you this then: why aren't REALMs UUIDs then? Presumably
name change will happen _exactly_ as often for REALMs as for domains?

	Cheers Leif
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5yHssACgkQ8Jx8FtbMZnes1gCgx+IzfWR4tNRDQSk1ZxRH6PiR
2twAn3DgJ9eaYvAiRv8lkHWC1P1pXdw3
=EW8k
-----END PGP SIGNATURE-----
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Thu Sep 15 08:51:22 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D5D521F8497 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 08:51:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.691
X-Spam-Level: 
X-Spam-Status: No, score=-4.691 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_ILLEGAL_IP=1.908, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pt6R+ocZGSPE for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 08:51:21 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 960B221F847B for <krb-wg-archive@lists.ietf.org>; Thu, 15 Sep 2011 08:51:21 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id A460151; Thu, 15 Sep 2011 10:53:33 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 2C2E04A; Thu, 15 Sep 2011 10:53:33 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 010AB2CCA83; Thu, 15 Sep 2011 10:53:33 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 5214D80EC3 for <ietf-krb-wg@lists.anl.gov>; Thu, 15 Sep 2011 10:53:31 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id 401B13D; Thu, 15 Sep 2011 10:53:31 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 2862448 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 10:53:31 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 1249344 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 10:53:31 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id EAFB37CC05C; Thu, 15 Sep 2011 10:53:30 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27169-03-49; Thu, 15 Sep 2011 10:53:30 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 9D5877CC07C for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 10:53:30 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Aq0EAJQeck7BCvxCgWdsb2JhbABChFWifwMUAQEWJiaBUwEBBSNVARALGAICBRYLAgIJAwIBAgFFBg0BBQIBAYd1pFmRWIEshDeBEQSYY4wQ
X-IronPort-AV: E=Sophos;i="4.68,388,1312174800"; d="scan'208";a="66800562"
Received: from backup-server.nordu.net ([193.10.252.66]) by mailgateway.anl.gov with ESMTP/TLS/DHE-RSA-AES256-SHA; 15 Sep 2011 10:53:20 -0500
Received: from [172.20.10.3] ([2.69.247.83]) (authenticated bits=0) by backup-server.nordu.net (8.14.3/8.14.3) with ESMTP id p8FFqvOn019396 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 15 Sep 2011 17:53:00 +0200 (CEST)
Message-ID: <4E721F59.4070009@mnt.se>
Date: Thu, 15 Sep 2011 17:52:57 +0200
From: Leif Johansson <leifj@mnt.se>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.21) Gecko/20110831 Lightning/1.0b2 Thunderbird/3.1.13
MIME-Version: 1.0
To: Nico Williams <nico@cryptonector.com>
References: <4E71E9EB.4080505@mnt.se>	<CAK3OfOhqKXRUJ43nK4fO=shZKH2gqGxQReiLzEWPxotDs5WTPw@mail.gmail.com>	<4E721244.4030807@mnt.se> <CAK3OfOh-DeYR8=W5FksrVHB0VmF9HXw0KeK4vs6xpDmhO6BxtA@mail.gmail.com>
In-Reply-To: <CAK3OfOh-DeYR8=W5FksrVHB0VmF9HXw0KeK4vs6xpDmhO6BxtA@mail.gmail.com>
X-Enigmail-Version: 1.1.1
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: "ietf-krb-wg@anl.gov" <ietf-krb-wg@anl.gov>
Subject: Re: [Ietf-krb-wg] Reiview of draft-ietf-krb-wg-generalized-pac-00
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/15/2011 05:49 PM, Nico Williams wrote:
> On Thu, Sep 15, 2011 at 9:57 AM, Leif Johansson <leifj@mnt.se> wrote:
>>>> - - I don't understand PAD-Domain-UUID: isn't a domain name unique
>>>> enough? This of course has implications for several of the other
>>>> attributes.
>>>
>>> Domain names can change (I've seen it happen, sort of).  A UUID would
>>> allow nodes to detect a domain name change.
>>
>> But only if there is a mapping somewhere and then that database
>> is now the new DNS somehow? I still don't get it.
> 
> Let's say you're a service that has seen a PAD with this domain UUID
> before, and later you see it again, but this time with a different
> domain name.  If you'd recorded anything in a DB that's relevant to ID
> mapping (to mapping IDs from the remote domain to local IDs), then you
> can ensure that the IDs from that remote domain continue to map to the
> same local IDs as before.

Yeah I get that part. I just don't get why this hasn't been a problem
for REALMs (or maybe it is and we haven't solved it?)

	Cheers Leif

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5yH1kACgkQ8Jx8FtbMZnc2VQCgpzNaFBkNVpkAVComlThwiap4
4Z0AoIwpcLy8POqVu+JkQifYTyn8ixAI
=aqpo
-----END PGP SIGNATURE-----
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Thu Sep 15 08:56:40 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E31D21F8696 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 08:56:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.597
X-Spam-Level: 
X-Spam-Status: No, score=-4.597 tagged_above=-999 required=5 tests=[AWL=1.380, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sEaNd503w1Sy for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 08:56:40 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id EF4F421F8677 for <krb-wg-archive@lists.ietf.org>; Thu, 15 Sep 2011 08:56:39 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 0975752; Thu, 15 Sep 2011 10:58:52 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id D369048; Thu, 15 Sep 2011 10:58:51 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id A245580ED0; Thu, 15 Sep 2011 10:58:51 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id CD16480EC3 for <ietf-krb-wg@lists.anl.gov>; Thu, 15 Sep 2011 10:58:49 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id C721E34; Thu, 15 Sep 2011 10:58:49 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id C223B48 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 10:58:49 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id BBAAC34 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 10:58:49 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id A73E27CC073; Thu, 15 Sep 2011 10:58:49 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29975-03-7; Thu, 15 Sep 2011 10:58:49 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 8A5DA7CC05C for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 10:58:49 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ar8AAMgfck7QYYSximdsb2JhbABChFWiehwBAQEKCQ0HEgUjgVMBAQEBAxICDx0DATUBAQ4LCw0CAiYCAiISAQUBHAYTCBqhLgqKfoMijjABBIEshDeBEYdzi1iMfz2EDA
X-IronPort-AV: E=Sophos;i="4.68,388,1312174800"; d="scan'208";a="66801115"
Received: from caiajhbdcbhh.dreamhost.com (HELO homiemail-a26.g.dreamhost.com) ([208.97.132.177]) by mailgateway.anl.gov with ESMTP; 15 Sep 2011 10:58:49 -0500
Received: from homiemail-a26.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a26.g.dreamhost.com (Postfix) with ESMTP id 7624CB8076 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 08:58:48 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc: content-type; q=dns; s=cryptonector.com; b=eFy+AucGY7xBDd9zkbtLz y/f7j/oOs3d79RuiEQI+Ika6TB54HsZvfS+IWHS7pXQqK5eR3meP3S9SRAlsuEvG bF71x8ps06ZSF0LthcR/xwmtenEJHcHLJHPkkbylUQT0VPQJaPcJWyvVS5nq5Jat HM6kjxofTvXyWuF1VfD7q0=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=WWwQXglnF9QkfUiDD9zc I2bFWSg=; b=ieLOHcSB+8r7XLfRjaN9bXQSUiGom/HJKtv7Exx7hsvapplwtv39 gVro1cyyPo4eVUV9+p4BR+YV30MZY3FYXtM+vKu9Uk3EgoJIx3KvQYjiWhgzKOPY 3fFxKSAoBKG8wxymBo947lNb8Hp3Adw6A57W0xzJ9d6nZuKaRikitI0=
Received: from mail-pz0-f48.google.com (mail-pz0-f48.google.com [209.85.210.48]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a26.g.dreamhost.com (Postfix) with ESMTPSA id 51AE9B806B for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 08:58:48 -0700 (PDT)
Received: by pzk34 with SMTP id 34so1526608pzk.21 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 08:58:48 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.38.129 with SMTP id g1mr178545pbk.399.1316102327992; Thu, 15 Sep 2011 08:58:47 -0700 (PDT)
Received: by 10.68.66.163 with HTTP; Thu, 15 Sep 2011 08:58:47 -0700 (PDT)
In-Reply-To: <4E721F59.4070009@mnt.se>
References: <4E71E9EB.4080505@mnt.se> <CAK3OfOhqKXRUJ43nK4fO=shZKH2gqGxQReiLzEWPxotDs5WTPw@mail.gmail.com> <4E721244.4030807@mnt.se> <CAK3OfOh-DeYR8=W5FksrVHB0VmF9HXw0KeK4vs6xpDmhO6BxtA@mail.gmail.com> <4E721F59.4070009@mnt.se>
Date: Thu, 15 Sep 2011 10:58:47 -0500
Message-ID: <CAK3OfOjG0JUvkXDMtHZK8izvmTnncENjOyvmYeJpSHJZ7Oe02w@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Leif Johansson <leifj@mnt.se>
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: "ietf-krb-wg@anl.gov" <ietf-krb-wg@anl.gov>
Subject: Re: [Ietf-krb-wg] Reiview of draft-ietf-krb-wg-generalized-pac-00
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

On Thu, Sep 15, 2011 at 10:52 AM, Leif Johansson <leifj@mnt.se> wrote:
> Yeah I get that part. I just don't get why this hasn't been a problem
> for REALMs (or maybe it is and we haven't solved it?)

They should probably have it, yes.  This brings up an interesting
issue though: we cannot let domains/realms assert any UUID they like
-- this is related to PAC/PAD filtering, of course, so this isn't new.

Nico
--
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Thu Sep 15 08:59:58 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52C0E21F8B73 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 08:59:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.615
X-Spam-Level: 
X-Spam-Status: No, score=-4.615 tagged_above=-999 required=5 tests=[AWL=1.362, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l2DeZ4zadefP for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 08:59:57 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 7CF0321F8B6E for <krb-wg-archive@lists.ietf.org>; Thu, 15 Sep 2011 08:59:57 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 9672B4F; Thu, 15 Sep 2011 11:02:09 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 3ECDB3D; Thu, 15 Sep 2011 11:02:09 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 0BAEE2CCA83; Thu, 15 Sep 2011 11:02:09 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id DB50780EC3 for <ietf-krb-wg@lists.anl.gov>; Thu, 15 Sep 2011 11:02:07 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id CE3BB34; Thu, 15 Sep 2011 11:02:07 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id C901548 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 11:02:07 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id AB4CC3D for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 11:02:07 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 91A327CC05C; Thu, 15 Sep 2011 11:02:07 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 31861-08-2; Thu, 15 Sep 2011 11:02:07 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 4913B7CC05F for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 11:02:07 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ar8AAPwgck7QYYRKimdsb2JhbABChFWiehwBAQEKCQ0HEgUjgVMBAQEBAxICDx0DATUBAQ4LCw0CAiYCAiISAQUBHAYTCBqhMAqKfoMijjEBBIEshDeBEYdzi1iMfz2EDA
X-IronPort-AV: E=Sophos;i="4.68,388,1312174800"; d="scan'208";a="66801534"
Received: from caiajhbdcahe.dreamhost.com (HELO homiemail-a65.g.dreamhost.com) ([208.97.132.74]) by mailgateway.anl.gov with ESMTP; 15 Sep 2011 11:02:06 -0500
Received: from homiemail-a65.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a65.g.dreamhost.com (Postfix) with ESMTP id AC5C07E40DB for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 09:02:05 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc :content-type:content-transfer-encoding; q=dns; s= cryptonector.com; b=rSWUBJ+fHRwWyxkD3aJ/R4rdRo32TgPa53YzOMm+knGC dmTvIiFcPZcSKua2cOAJYVaIISXxqJ3MYGQAb+6E/qcUqnFSUNLQjEHKQWtvUF78 Xm72PzKGIjH/I9ltfuwg/Y02+/awLZprywor3HVCBj+B/MXovTQZN9JYeN4404w=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type:content-transfer-encoding; s= cryptonector.com; bh=XOWTxMqZs82R5XuJ+UvzO+BIX+U=; b=RCon6asFmEW uOCEPclCZXRcjSlAqfHrH2KR/Cpo5t0k19Ckj7K3eBwQ1gDNM1h82GeU4TZs1S4L PwBZip9yTtBjKgndZ7GEPSdUsjd1Nf2wmU5hgaNzt7r9RM2IVRxC4KWqyIkduDdE iKkmiI7kVqvWHqeFHxCY0kFvV50CbtEw=
Received: from mail-gy0-f182.google.com (mail-gy0-f182.google.com [209.85.160.182]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a65.g.dreamhost.com (Postfix) with ESMTPSA id 0D0E77E44B1 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 08:49:17 -0700 (PDT)
Received: by gyf2 with SMTP id 2so2794998gyf.13 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 08:49:16 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.5.165 with SMTP id t5mr2182031pbt.131.1316101756360; Thu, 15 Sep 2011 08:49:16 -0700 (PDT)
Received: by 10.68.66.163 with HTTP; Thu, 15 Sep 2011 08:49:16 -0700 (PDT)
In-Reply-To: <4E721244.4030807@mnt.se>
References: <4E71E9EB.4080505@mnt.se> <CAK3OfOhqKXRUJ43nK4fO=shZKH2gqGxQReiLzEWPxotDs5WTPw@mail.gmail.com> <4E721244.4030807@mnt.se>
Date: Thu, 15 Sep 2011 10:49:16 -0500
Message-ID: <CAK3OfOh-DeYR8=W5FksrVHB0VmF9HXw0KeK4vs6xpDmhO6BxtA@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Leif Johansson <leifj@mnt.se>
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: "ietf-krb-wg@anl.gov" <ietf-krb-wg@anl.gov>
Subject: Re: [Ietf-krb-wg] Reiview of draft-ietf-krb-wg-generalized-pac-00
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

T24gVGh1LCBTZXAgMTUsIDIwMTEgYXQgOTo1NyBBTSwgTGVpZiBKb2hhbnNzb24gPGxlaWZqQG1u
dC5zZT4gd3JvdGU6Cj4+PiAtIC0gSSBkb24ndCB1bmRlcnN0YW5kIFBBRC1Eb21haW4tVVVJRDog
aXNuJ3QgYSBkb21haW4gbmFtZSB1bmlxdWUKPj4+IGVub3VnaD8gVGhpcyBvZiBjb3Vyc2UgaGFz
IGltcGxpY2F0aW9ucyBmb3Igc2V2ZXJhbCBvZiB0aGUgb3RoZXIKPj4+IGF0dHJpYnV0ZXMuCj4+
Cj4+IERvbWFpbiBuYW1lcyBjYW4gY2hhbmdlIChJJ3ZlIHNlZW4gaXQgaGFwcGVuLCBzb3J0IG9m
KS4gwqBBIFVVSUQgd291bGQKPj4gYWxsb3cgbm9kZXMgdG8gZGV0ZWN0IGEgZG9tYWluIG5hbWUg
Y2hhbmdlLgo+Cj4gQnV0IG9ubHkgaWYgdGhlcmUgaXMgYSBtYXBwaW5nIHNvbWV3aGVyZSBhbmQg
dGhlbiB0aGF0IGRhdGFiYXNlCj4gaXMgbm93IHRoZSBuZXcgRE5TIHNvbWVob3c/IEkgc3RpbGwg
ZG9uJ3QgZ2V0IGl0LgoKTGV0J3Mgc2F5IHlvdSdyZSBhIHNlcnZpY2UgdGhhdCBoYXMgc2VlbiBh
IFBBRCB3aXRoIHRoaXMgZG9tYWluIFVVSUQKYmVmb3JlLCBhbmQgbGF0ZXIgeW91IHNlZSBpdCBh
Z2FpbiwgYnV0IHRoaXMgdGltZSB3aXRoIGEgZGlmZmVyZW50CmRvbWFpbiBuYW1lLiAgSWYgeW91
J2QgcmVjb3JkZWQgYW55dGhpbmcgaW4gYSBEQiB0aGF0J3MgcmVsZXZhbnQgdG8gSUQKbWFwcGlu
ZyAodG8gbWFwcGluZyBJRHMgZnJvbSB0aGUgcmVtb3RlIGRvbWFpbiB0byBsb2NhbCBJRHMpLCB0
aGVuIHlvdQpjYW4gZW5zdXJlIHRoYXQgdGhlIElEcyBmcm9tIHRoYXQgcmVtb3RlIGRvbWFpbiBj
b250aW51ZSB0byBtYXAgdG8gdGhlCnNhbWUgbG9jYWwgSURzIGFzIGJlZm9yZS4KCk5pY28KLS0K
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KaWV0Zi1rcmIt
d2cgbWFpbGluZyBsaXN0CmlldGYta3JiLXdnQGxpc3RzLmFubC5nb3YKaHR0cHM6Ly9saXN0cy5h
bmwuZ292L21haWxtYW4vbGlzdGluZm8vaWV0Zi1rcmItd2c=

From ietf-krb-wg-bounces@lists.anl.gov  Thu Sep 15 14:39:01 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C0C911E80B8 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 14:39:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.513
X-Spam-Level: 
X-Spam-Status: No, score=-106.513 tagged_above=-999 required=5 tests=[AWL=0.086, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4DRcbEzWpkot for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 14:39:00 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id C102C11E80BC for <krb-wg-archive@lists.ietf.org>; Thu, 15 Sep 2011 14:39:00 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 52D7756; Thu, 15 Sep 2011 16:41:13 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 836094E; Thu, 15 Sep 2011 16:41:10 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 594C42D40C4; Thu, 15 Sep 2011 16:41:10 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id E89AF80ED2 for <ietf-krb-wg@lists.anl.gov>; Thu, 15 Sep 2011 16:41:08 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id E2BCE21; Thu, 15 Sep 2011 16:41:08 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id DE2434C for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 16:41:08 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id BED1521 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 16:41:08 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id A69877CC07C; Thu, 15 Sep 2011 16:41:08 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 21993-09; Thu, 15 Sep 2011 16:41:08 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 25BC37CC071 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 16:41:07 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AkUBAKBwck7RhLcckWdsb2JhbAA3CoRVowIUAQEBAQkLCwcUBiCBUwEBAQEDI08HEAsYAgImAgJXBhOsc5FdgSyCIYIWgREEmGOMKg
X-IronPort-AV: E=Sophos;i="4.68,389,1312174800"; d="scan'208";a="66826693"
Received: from mx1.redhat.com ([209.132.183.28]) by mailgateway.anl.gov with ESMTP; 15 Sep 2011 16:40:38 -0500
Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p8FLeb5w031596 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 15 Sep 2011 17:40:37 -0400
Received: from [10.3.113.19] ([10.3.113.19]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id p8FLeaWE010338; Thu, 15 Sep 2011 17:40:36 -0400
From: Simo Sorce <simo@redhat.com>
To: Leif Johansson <leifj@mnt.se>
In-Reply-To: <4E721F59.4070009@mnt.se>
References: <4E71E9EB.4080505@mnt.se> <CAK3OfOhqKXRUJ43nK4fO=shZKH2gqGxQReiLzEWPxotDs5WTPw@mail.gmail.com> <4E721244.4030807@mnt.se> <CAK3OfOh-DeYR8=W5FksrVHB0VmF9HXw0KeK4vs6xpDmhO6BxtA@mail.gmail.com> <4E721F59.4070009@mnt.se>
Organization: Red Hat, Inc.
Date: Thu, 15 Sep 2011 17:40:35 -0400
Message-ID: <1316122835.2684.397.camel@willson.li.ssimo.org>
Mime-Version: 1.0
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: "ietf-krb-wg@anl.gov" <ietf-krb-wg@anl.gov>
Subject: Re: [Ietf-krb-wg] Reiview of draft-ietf-krb-wg-generalized-pac-00
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

On Thu, 2011-09-15 at 17:52 +0200, Leif Johansson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 09/15/2011 05:49 PM, Nico Williams wrote:
> > On Thu, Sep 15, 2011 at 9:57 AM, Leif Johansson <leifj@mnt.se> wrote:
> >>>> - - I don't understand PAD-Domain-UUID: isn't a domain name unique
> >>>> enough? This of course has implications for several of the other
> >>>> attributes.
> >>>
> >>> Domain names can change (I've seen it happen, sort of).  A UUID would
> >>> allow nodes to detect a domain name change.
> >>
> >> But only if there is a mapping somewhere and then that database
> >> is now the new DNS somehow? I still don't get it.
> > 
> > Let's say you're a service that has seen a PAD with this domain UUID
> > before, and later you see it again, but this time with a different
> > domain name.  If you'd recorded anything in a DB that's relevant to ID
> > mapping (to mapping IDs from the remote domain to local IDs), then you
> > can ensure that the IDs from that remote domain continue to map to the
> > same local IDs as before.
> 
> Yeah I get that part. I just don't get why this hasn't been a problem
> for REALMs (or maybe it is and we haven't solved it?)

You mean in case a REALM is renamed ?
I guess it has been historically so hard to rename a REALM that that's
not been considered viable/desirable/possible.

The only problem I may see with realms is if you remap user names when
your machines can be logged into from multiple realms through trust
relationships.

If your machine's REALM is EXAMPLE.COM then you probably map
john@EXAMPLE.COM to the local user 'john', now if user
john@FOO.EXAMPLE.COM comes in you cannot map it to 'john', you will have
some rule to map it to something like FOO-john john@FOO or any other
number of schemes. (This is where the short domain name comes handy for
example).

The point though is that if you 'rename' the FOO.EXAMPLE.COM realm (for
example to BAR.EXAMPLE.COM), then you will also need to change the
mappings if you care about maintaining the old user names for some
reason.

The UUID could be used to track this too if you want. It is not tied to
the DNS domain name of the domain. If you think it makes more sense to
call the attribute IPA-Realm-UUID that is fine too.

What the UUID helps to do is to uniquely identify a user, so it is tied
to the identities of the users more than domain or realm names.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Thu Sep 15 14:48:56 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81DE911E80B6 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 14:48:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.812
X-Spam-Level: 
X-Spam-Status: No, score=-4.812 tagged_above=-999 required=5 tests=[AWL=1.788, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MKyPsxl4Hysf for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 14:48:55 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 95F7411E8097 for <krb-wg-archive@lists.ietf.org>; Thu, 15 Sep 2011 14:48:55 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 60DFD51; Thu, 15 Sep 2011 16:51:08 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 112C354; Thu, 15 Sep 2011 16:51:08 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id E8AFF80ED3; Thu, 15 Sep 2011 16:51:07 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id D86A380EC2 for <ietf-krb-wg@lists.anl.gov>; Thu, 15 Sep 2011 16:51:06 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id D1D884C; Thu, 15 Sep 2011 16:51:06 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id CD7224E for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 16:51:06 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id B00D44C for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 16:51:06 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 970567CC076; Thu, 15 Sep 2011 16:51:06 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 25072-04-8; Thu, 15 Sep 2011 16:51:06 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 556727CC073 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 16:51:06 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgQDAN1yck7BCvxCgWdsb2JhbAA3CoRVowIUAQEWJiaBUwEBBSNPBgEQCxgCAgUWCwICCQMCAQIBRQYNAQUCAQGHdaUJkV+BLIIhghaBEQSYY4wQ
X-IronPort-AV: E=Sophos;i="4.68,389,1312174800"; d="scan'208";a="66827308"
Received: from backup-server.nordu.net ([193.10.252.66]) by mailgateway.anl.gov with ESMTP/TLS/DHE-RSA-AES256-SHA; 15 Sep 2011 16:50:45 -0500
Received: from [10.0.0.11] (ua-83-227-179-169.cust.bredbandsbolaget.se [83.227.179.169]) (authenticated bits=0) by backup-server.nordu.net (8.14.3/8.14.3) with ESMTP id p8FLodmu026770 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 15 Sep 2011 23:50:42 +0200 (CEST)
Message-ID: <4E72732E.5050403@mnt.se>
Date: Thu, 15 Sep 2011 23:50:38 +0200
From: Leif Johansson <leifj@mnt.se>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.21) Gecko/20110831 Lightning/1.0b2 Thunderbird/3.1.13
MIME-Version: 1.0
To: Simo Sorce <simo@redhat.com>
References: <4E71E9EB.4080505@mnt.se>	 <CAK3OfOhqKXRUJ43nK4fO=shZKH2gqGxQReiLzEWPxotDs5WTPw@mail.gmail.com>	 <4E721244.4030807@mnt.se>	 <CAK3OfOh-DeYR8=W5FksrVHB0VmF9HXw0KeK4vs6xpDmhO6BxtA@mail.gmail.com>	 <4E721F59.4070009@mnt.se> <1316122835.2684.397.camel@willson.li.ssimo.org>
In-Reply-To: <1316122835.2684.397.camel@willson.li.ssimo.org>
X-Enigmail-Version: 1.1.1
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: "ietf-krb-wg@anl.gov" <ietf-krb-wg@anl.gov>
Subject: Re: [Ietf-krb-wg] Reiview of draft-ietf-krb-wg-generalized-pac-00
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/15/2011 11:40 PM, Simo Sorce wrote:
> On Thu, 2011-09-15 at 17:52 +0200, Leif Johansson wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 09/15/2011 05:49 PM, Nico Williams wrote:
>>> On Thu, Sep 15, 2011 at 9:57 AM, Leif Johansson <leifj@mnt.se> wrote:
>>>>>> - - I don't understand PAD-Domain-UUID: isn't a domain name unique
>>>>>> enough? This of course has implications for several of the other
>>>>>> attributes.
>>>>>
>>>>> Domain names can change (I've seen it happen, sort of).  A UUID would
>>>>> allow nodes to detect a domain name change.
>>>>
>>>> But only if there is a mapping somewhere and then that database
>>>> is now the new DNS somehow? I still don't get it.
>>>
>>> Let's say you're a service that has seen a PAD with this domain UUID
>>> before, and later you see it again, but this time with a different
>>> domain name.  If you'd recorded anything in a DB that's relevant to ID
>>> mapping (to mapping IDs from the remote domain to local IDs), then you
>>> can ensure that the IDs from that remote domain continue to map to the
>>> same local IDs as before.
>>
>> Yeah I get that part. I just don't get why this hasn't been a problem
>> for REALMs (or maybe it is and we haven't solved it?)
> 
> You mean in case a REALM is renamed ?
> I guess it has been historically so hard to rename a REALM that that's
> not been considered viable/desirable/possible.
> 
> The only problem I may see with realms is if you remap user names when
> your machines can be logged into from multiple realms through trust
> relationships.
> 
> If your machine's REALM is EXAMPLE.COM then you probably map
> john@EXAMPLE.COM to the local user 'john', now if user
> john@FOO.EXAMPLE.COM comes in you cannot map it to 'john', you will have
> some rule to map it to something like FOO-john john@FOO or any other
> number of schemes. (This is where the short domain name comes handy for
> example).
> 
> The point though is that if you 'rename' the FOO.EXAMPLE.COM realm (for
> example to BAR.EXAMPLE.COM), then you will also need to change the
> mappings if you care about maintaining the old user names for some
> reason.
> 
> The UUID could be used to track this too if you want. It is not tied to
> the DNS domain name of the domain. If you think it makes more sense to
> call the attribute IPA-Realm-UUID that is fine too.
> 
> What the UUID helps to do is to uniquely identify a user, so it is tied
> to the identities of the users more than domain or realm names.
> 
> Simo.
> 

I wasn't arguing for adding REALM-UUIDs but rather asking why its
a problem for domains and not for REALMS. Your answer seems to be
that it _is_ a problem for REALMS. I'm still not sure the problem
(of changing REALM or domain names) is worth the added complexity.

	cheers Leif
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5ycy4ACgkQ8Jx8FtbMZnemvQCfad2hrdRvz5jZi3imPnuWZsQS
5aYAnRhsK24tPz8Tksl2OuvmIgea460V
=YHwr
-----END PGP SIGNATURE-----
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Thu Sep 15 14:57:14 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A838011E8097 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 14:57:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.517
X-Spam-Level: 
X-Spam-Status: No, score=-106.517 tagged_above=-999 required=5 tests=[AWL=0.082, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QsQTisy86C6U for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 14:57:13 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id C164311E80A0 for <krb-wg-archive@lists.ietf.org>; Thu, 15 Sep 2011 14:57:13 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 8C83C51; Thu, 15 Sep 2011 16:59:26 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 64F474C; Thu, 15 Sep 2011 16:59:26 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 3F85480ED3; Thu, 15 Sep 2011 16:59:26 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id B49D080EC2 for <ietf-krb-wg@lists.anl.gov>; Thu, 15 Sep 2011 16:59:24 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id A463421; Thu, 15 Sep 2011 16:59:24 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 9FABD4C for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 16:59:24 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 958C321 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 16:59:24 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 800647CC064; Thu, 15 Sep 2011 16:59:24 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27498-09; Thu, 15 Sep 2011 16:59:24 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 5AF0B7CC076 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 16:59:24 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AkUBAE10ck7RhLcckWdsb2JhbAA3CoRVowIUAQEBAQkLCwcUBiCBUwEBAQEDI08HEAsYAgImAgJXBhOsfZFfgSyCIYIWgREEmGOMKg
X-IronPort-AV: E=Sophos;i="4.68,389,1312174800"; d="scan'208";a="66827808"
Received: from mx1.redhat.com ([209.132.183.28]) by mailgateway.anl.gov with ESMTP; 15 Sep 2011 16:59:23 -0500
Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p8FLxNAk030840 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 15 Sep 2011 17:59:23 -0400
Received: from [10.3.113.19] ([10.3.113.19]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id p8FLxM2T030620; Thu, 15 Sep 2011 17:59:22 -0400
From: Simo Sorce <simo@redhat.com>
To: Leif Johansson <leifj@mnt.se>
In-Reply-To: <4E72732E.5050403@mnt.se>
References: <4E71E9EB.4080505@mnt.se> <CAK3OfOhqKXRUJ43nK4fO=shZKH2gqGxQReiLzEWPxotDs5WTPw@mail.gmail.com> <4E721244.4030807@mnt.se> <CAK3OfOh-DeYR8=W5FksrVHB0VmF9HXw0KeK4vs6xpDmhO6BxtA@mail.gmail.com> <4E721F59.4070009@mnt.se> <1316122835.2684.397.camel@willson.li.ssimo.org> <4E72732E.5050403@mnt.se>
Organization: Red Hat, Inc.
Date: Thu, 15 Sep 2011 17:59:22 -0400
Message-ID: <1316123962.2684.404.camel@willson.li.ssimo.org>
Mime-Version: 1.0
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: "ietf-krb-wg@anl.gov" <ietf-krb-wg@anl.gov>
Subject: Re: [Ietf-krb-wg] Reiview of draft-ietf-krb-wg-generalized-pac-00
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

On Thu, 2011-09-15 at 23:50 +0200, Leif Johansson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 09/15/2011 11:40 PM, Simo Sorce wrote:
> > On Thu, 2011-09-15 at 17:52 +0200, Leif Johansson wrote:
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >>
> >> On 09/15/2011 05:49 PM, Nico Williams wrote:
> >>> On Thu, Sep 15, 2011 at 9:57 AM, Leif Johansson <leifj@mnt.se> wrote:
> >>>>>> - - I don't understand PAD-Domain-UUID: isn't a domain name unique
> >>>>>> enough? This of course has implications for several of the other
> >>>>>> attributes.
> >>>>>
> >>>>> Domain names can change (I've seen it happen, sort of).  A UUID would
> >>>>> allow nodes to detect a domain name change.
> >>>>
> >>>> But only if there is a mapping somewhere and then that database
> >>>> is now the new DNS somehow? I still don't get it.
> >>>
> >>> Let's say you're a service that has seen a PAD with this domain UUID
> >>> before, and later you see it again, but this time with a different
> >>> domain name.  If you'd recorded anything in a DB that's relevant to ID
> >>> mapping (to mapping IDs from the remote domain to local IDs), then you
> >>> can ensure that the IDs from that remote domain continue to map to the
> >>> same local IDs as before.
> >>
> >> Yeah I get that part. I just don't get why this hasn't been a problem
> >> for REALMs (or maybe it is and we haven't solved it?)
> > 
> > You mean in case a REALM is renamed ?
> > I guess it has been historically so hard to rename a REALM that that's
> > not been considered viable/desirable/possible.
> > 
> > The only problem I may see with realms is if you remap user names when
> > your machines can be logged into from multiple realms through trust
> > relationships.
> > 
> > If your machine's REALM is EXAMPLE.COM then you probably map
> > john@EXAMPLE.COM to the local user 'john', now if user
> > john@FOO.EXAMPLE.COM comes in you cannot map it to 'john', you will have
> > some rule to map it to something like FOO-john john@FOO or any other
> > number of schemes. (This is where the short domain name comes handy for
> > example).
> > 
> > The point though is that if you 'rename' the FOO.EXAMPLE.COM realm (for
> > example to BAR.EXAMPLE.COM), then you will also need to change the
> > mappings if you care about maintaining the old user names for some
> > reason.
> > 
> > The UUID could be used to track this too if you want. It is not tied to
> > the DNS domain name of the domain. If you think it makes more sense to
> > call the attribute IPA-Realm-UUID that is fine too.
> > 
> > What the UUID helps to do is to uniquely identify a user, so it is tied
> > to the identities of the users more than domain or realm names.
> > 
> > Simo.
> > 
> 
> I wasn't arguing for adding REALM-UUIDs but rather asking why its
> a problem for domains and not for REALMS. Your answer seems to be
> that it _is_ a problem for REALMS. I'm still not sure the problem
> (of changing REALM or domain names) is worth the added complexity.

What is the added complexity you perceive ?

It seem pretty straightforward to me, but may be I am making assumptions
I shouldn't ?

Also I did not propose to *add* a REALM UUID, just to rename the current
attribute name, I see no reason to have 2 UUIDs that fundamentally
represent the same thing.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Thu Sep 15 18:21:51 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8DE811E809C for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 18:21:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.632
X-Spam-Level: 
X-Spam-Status: No, score=-4.632 tagged_above=-999 required=5 tests=[AWL=1.345, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8oyxrPahNd7L for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 18:21:50 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 5400F11E808D for <krb-wg-archive@lists.ietf.org>; Thu, 15 Sep 2011 18:21:50 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 4DD1D4E; Thu, 15 Sep 2011 20:24:01 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 77A7A41; Thu, 15 Sep 2011 20:23:58 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 5917180ED5; Thu, 15 Sep 2011 20:23:58 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id CE6C780ED4 for <ietf-krb-wg@lists.anl.gov>; Thu, 15 Sep 2011 20:23:56 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id B65DC21; Thu, 15 Sep 2011 20:23:56 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id B14EF41 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 20:23:56 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 92D0C21 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 20:23:56 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 7ABCB7CC071; Thu, 15 Sep 2011 20:23:56 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 26528-01; Thu, 15 Sep 2011 20:23:56 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 526E37CC05F for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 20:23:56 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ag8BABikck7QYYSxi2dsb2JhbABBhFWifBwBAQEKCwsHEgUjgVMBAQEBAxICDx0DATUBAQ4LCw0CAiYCAiISAQUBHAYTIqAcCop+gyKOKQEEgSyEN4ERh3OLWIx/PYQM
X-IronPort-AV: E=Sophos;i="4.68,391,1312174800"; d="scan'208";a="66834455"
Received: from caiajhbdcbhh.dreamhost.com (HELO homiemail-a71.g.dreamhost.com) ([208.97.132.177]) by mailgateway.anl.gov with ESMTP; 15 Sep 2011 20:23:55 -0500
Received: from homiemail-a71.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a71.g.dreamhost.com (Postfix) with ESMTP id 34C2D42807A for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 18:23:55 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc: content-type; q=dns; s=cryptonector.com; b=GOfIIjgVGEZIO/tfqr2sk R9efyvrFh7k9fh2fXBRrnrZKOAtMRXOBNM1cVNfhGDx8M/+VV1jzK/LTUoJLtKMt /xjj48nSboNc1coIP4BPNDd05pjrtcY9FYoSZDH3BExnzpRVNkykpZlfdN919qiG JiW04tOV+vuWvAFgy9ZRn4=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=A93l3jdBDIO86RkJlYHG eNBHXww=; b=OZMh5PyCc59NynadQ5alME5s3JjSaxB1tq/2rhyEl8FR2ZLRQZpG 8Izr7Xomv/BuGnShf8JQ/fb+WeUCkdaqs9W1BzVGclzMAHwxLKrDCI/2Wb7aTAW+ emXQJ0Cat5cUQA+DAtfCZkCoilQWGmv/5DbhVqpdF7eG04chH921vE0=
Received: from mail-yi0-f54.google.com (mail-yi0-f54.google.com [209.85.218.54]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a71.g.dreamhost.com (Postfix) with ESMTPSA id 08B25428079 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 18:23:54 -0700 (PDT)
Received: by yia13 with SMTP id 13so1225526yia.13 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 18:23:54 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.46.101 with SMTP id u5mr659505pbm.332.1316136234228; Thu, 15 Sep 2011 18:23:54 -0700 (PDT)
Received: by 10.68.66.163 with HTTP; Thu, 15 Sep 2011 18:23:54 -0700 (PDT)
In-Reply-To: <4E72732E.5050403@mnt.se>
References: <4E71E9EB.4080505@mnt.se> <CAK3OfOhqKXRUJ43nK4fO=shZKH2gqGxQReiLzEWPxotDs5WTPw@mail.gmail.com> <4E721244.4030807@mnt.se> <CAK3OfOh-DeYR8=W5FksrVHB0VmF9HXw0KeK4vs6xpDmhO6BxtA@mail.gmail.com> <4E721F59.4070009@mnt.se> <1316122835.2684.397.camel@willson.li.ssimo.org> <4E72732E.5050403@mnt.se>
Date: Thu, 15 Sep 2011 20:23:54 -0500
Message-ID: <CAK3OfOgjME96hfpfsVXp-sHxiooU+BmPfc91t3Lg0-WU4z=2Dg@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Leif Johansson <leifj@mnt.se>
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: "ietf-krb-wg@anl.gov" <ietf-krb-wg@anl.gov>, Simo Sorce <simo@redhat.com>
Subject: Re: [Ietf-krb-wg] Reiview of draft-ietf-krb-wg-generalized-pac-00
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

On Thu, Sep 15, 2011 at 4:50 PM, Leif Johansson <leifj@mnt.se> wrote:
> I wasn't arguing for adding REALM-UUIDs but rather asking why its
> a problem for domains and not for REALMS. Your answer seems to be
> that it _is_ a problem for REALMS. I'm still not sure the problem
> (of changing REALM or domain names) is worth the added complexity.

Name changes are always bad in environments where people use
name-based authorization.

In the Windows/AD space people use SIDs for authorization.  In the
non-Windows/AD space people tend to use some form of name-based
authorization or a name-based mapping to non-name-based authorization
data.

Therefore it's too late to add an alternative, stable domain ID form,
yet it's probably worth doing because perhaps people will migrate to
non-name-based authz methods, or perhaps they'll augment name-based
methods with additional data that make it possible to survive name
changes more easily.  (I'm not so sure about the latter.  Consider
aname2lname rules (or "gsscred" rules): will we really augment them to
properly handle domain renames?  Probably not.  What about Solaris
name-based ID mapping rules (which are one of several options)?
That'd be easier.)

I am concerned about any one realm's KDCs' (or services') ability to
validate the UUIDs (or SIDs) of transited realms' SIDs.  Before we
accept UUIDs (or SIDs) as a method of detecting and coping with
domain/realm name changes, I'd like to make sure that we can prevent
spoofing of these alternate domain/realm IDs by other realms' KDCs.

Nico
--
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Thu Sep 15 18:26:06 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B5E011E80A4 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 18:26:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.649
X-Spam-Level: 
X-Spam-Status: No, score=-4.649 tagged_above=-999 required=5 tests=[AWL=1.328, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pqErGdGjveWd for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 18:26:05 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 84A7411E809F for <krb-wg-archive@lists.ietf.org>; Thu, 15 Sep 2011 18:26:05 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 268B051; Thu, 15 Sep 2011 20:28:18 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id ED0D441; Thu, 15 Sep 2011 20:28:17 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id D700280ED5; Thu, 15 Sep 2011 20:28:17 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 1A56680ED4 for <ietf-krb-wg@lists.anl.gov>; Thu, 15 Sep 2011 20:28:16 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id 0AEFA21; Thu, 15 Sep 2011 20:28:16 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 05B8A41 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 20:28:16 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id DBD8C21 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 20:28:15 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id C3A627CC064; Thu, 15 Sep 2011 20:28:15 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 26771-06; Thu, 15 Sep 2011 20:28:15 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id A9AB67CC05F for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 20:28:15 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgwBAIWlck7QYYRCkGdsb2JhbABBhFWifBwBAQEBCQkNBxQDI4FTAQEBAQMSAg8dAwE1AQEOCwsNAgImAgIiEgEFARwGEyKgHAqKfoMijikBBIEshDeBEYdzi1iMfz2EDA
X-IronPort-AV: E=Sophos;i="4.68,391,1312174800"; d="scan'208";a="66834525"
Received: from caiajhbdcagg.dreamhost.com (HELO homiemail-a25.g.dreamhost.com) ([208.97.132.66]) by mailgateway.anl.gov with ESMTP; 15 Sep 2011 20:28:15 -0500
Received: from homiemail-a25.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a25.g.dreamhost.com (Postfix) with ESMTP id 27C07678056 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 18:28:12 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc: content-type; q=dns; s=cryptonector.com; b=WlCLNq6ZK7Fl1VCDCu/dA yqIjo59jPmthCixO1qH7SCYWuyH7ISZzMmghH1Wffr06e8hs1en5Epc5iumg/ULr VrxjpvJgV7knXWMKweyMXhVQi5pycyANoLbSYKcoSZJFatZ5D/WtTdRzFP+nUfMw ZkpmxveB2bAw1TNfgZ89C8=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=mP1L3SLEYRnQ/QFTzVjc 0lRE9iU=; b=ii5LqO2UaXaelZfvuXrKUC5NVE1TUtRxAw39g38tt9MwfFIcrS9J MA+E1gkjT3fZzzhUBrBkC9YIpsEjci0UPJJTLWwe+Fc2Mh5uVU0qOuKmmeAcxz4Y XR24Td48cz0Q/4kRmmuaAvR4z3ej8Jybn7SuVDZszdnlB7i6R5t+2Zk=
Received: from mail-vw0-f49.google.com (mail-vw0-f49.google.com [209.85.212.49]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a25.g.dreamhost.com (Postfix) with ESMTPSA id BCAC2678057 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 18:28:05 -0700 (PDT)
Received: by vws8 with SMTP id 8so5465131vws.8 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 18:28:01 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.98.36 with SMTP id ef4mr262115vdb.211.1316136481841; Thu, 15 Sep 2011 18:28:01 -0700 (PDT)
Received: by 10.220.27.68 with HTTP; Thu, 15 Sep 2011 18:28:01 -0700 (PDT)
In-Reply-To: <1316123962.2684.404.camel@willson.li.ssimo.org>
References: <4E71E9EB.4080505@mnt.se> <CAK3OfOhqKXRUJ43nK4fO=shZKH2gqGxQReiLzEWPxotDs5WTPw@mail.gmail.com> <4E721244.4030807@mnt.se> <CAK3OfOh-DeYR8=W5FksrVHB0VmF9HXw0KeK4vs6xpDmhO6BxtA@mail.gmail.com> <4E721F59.4070009@mnt.se> <1316122835.2684.397.camel@willson.li.ssimo.org> <4E72732E.5050403@mnt.se> <1316123962.2684.404.camel@willson.li.ssimo.org>
Date: Thu, 15 Sep 2011 20:28:01 -0500
Message-ID: <CAK3OfOjD5fRCvQdqfyH67wTpQqWOmW1w3VbBr4Zq+uyqA+yHxA@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Simo Sorce <simo@redhat.com>
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: "ietf-krb-wg@anl.gov" <ietf-krb-wg@anl.gov>
Subject: Re: [Ietf-krb-wg] Reiview of draft-ietf-krb-wg-generalized-pac-00
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

On Thu, Sep 15, 2011 at 4:59 PM, Simo Sorce <simo@redhat.com> wrote:
> Also I did not propose to *add* a REALM UUID, just to rename the current
> attribute name, I see no reason to have 2 UUIDs that fundamentally
> represent the same thing.

The [very good] implication is that realm and [DNS] domain names must
be closely associated.  Environments where a DNS domainname and its
associated Kerberos realm name are completely different tend to
engender all sorts of problems.  Microsoft was quite right to enforce
an algorithmic mapping of DNS domainname to Kerberos realm naming and
LDAP base DN naming.  (I'm not trying to be dismissive of legacy
deployments -- vendors will likely continue to cater to them somewhat,
I'm sure, at least for a while.)

Nico
--
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Thu Sep 15 20:29:23 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E50A121F85FF for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 20:29:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.521
X-Spam-Level: 
X-Spam-Status: No, score=-106.521 tagged_above=-999 required=5 tests=[AWL=0.078, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vi4mrK+VckLO for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 20:29:23 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 3E32A21F84D6 for <krb-wg-archive@lists.ietf.org>; Thu, 15 Sep 2011 20:29:17 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 34A1050; Thu, 15 Sep 2011 22:31:30 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 390AB4C; Thu, 15 Sep 2011 22:31:27 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 079C82D40CA; Thu, 15 Sep 2011 22:31:27 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 6CC5A80ED5 for <ietf-krb-wg@lists.anl.gov>; Thu, 15 Sep 2011 22:31:25 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id 66E7541; Thu, 15 Sep 2011 22:31:25 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 6116B4C for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 22:31:25 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 43BCC41 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 22:31:25 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 26E187CC071; Thu, 15 Sep 2011 22:31:25 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 04835-09; Thu, 15 Sep 2011 22:31:25 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 09F677CC064 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 22:31:25 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AuECAJXCck7RhLcclGdsb2JhbABBhFWjBhQBAQEBCQsJCRQGIIFTAQEBAQMjVhALGAICJgICVwYTq06RS4EshDeBEQSYY4wq
X-IronPort-AV: E=Sophos;i="4.68,391,1312174800"; d="scan'208";a="66836578"
Received: from mx1.redhat.com ([209.132.183.28]) by mailgateway.anl.gov with ESMTP; 15 Sep 2011 22:31:24 -0500
Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p8G3VNjs018561 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 15 Sep 2011 23:31:23 -0400
Received: from [10.3.113.19] ([10.3.113.19]) by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id p8G3VLLa008238; Thu, 15 Sep 2011 23:31:22 -0400
From: Simo Sorce <simo@redhat.com>
To: Nico Williams <nico@cryptonector.com>
In-Reply-To: <CAK3OfOgjME96hfpfsVXp-sHxiooU+BmPfc91t3Lg0-WU4z=2Dg@mail.gmail.com>
References: <4E71E9EB.4080505@mnt.se> <CAK3OfOhqKXRUJ43nK4fO=shZKH2gqGxQReiLzEWPxotDs5WTPw@mail.gmail.com> <4E721244.4030807@mnt.se> <CAK3OfOh-DeYR8=W5FksrVHB0VmF9HXw0KeK4vs6xpDmhO6BxtA@mail.gmail.com> <4E721F59.4070009@mnt.se> <1316122835.2684.397.camel@willson.li.ssimo.org> <4E72732E.5050403@mnt.se> <CAK3OfOgjME96hfpfsVXp-sHxiooU+BmPfc91t3Lg0-WU4z=2Dg@mail.gmail.com>
Organization: Red Hat, Inc.
Date: Thu, 15 Sep 2011 23:31:21 -0400
Message-ID: <1316143881.2684.413.camel@willson.li.ssimo.org>
Mime-Version: 1.0
X-Scanned-By: MIMEDefang 2.67 on 10.5.11.11
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: "ietf-krb-wg@anl.gov" <ietf-krb-wg@anl.gov>
Subject: Re: [Ietf-krb-wg] Reiview of draft-ietf-krb-wg-generalized-pac-00
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

On Thu, 2011-09-15 at 20:23 -0500, Nico Williams wrote:
> On Thu, Sep 15, 2011 at 4:50 PM, Leif Johansson <leifj@mnt.se> wrote:
> > I wasn't arguing for adding REALM-UUIDs but rather asking why its
> > a problem for domains and not for REALMS. Your answer seems to be
> > that it _is_ a problem for REALMS. I'm still not sure the problem
> > (of changing REALM or domain names) is worth the added complexity.
> 
> Name changes are always bad in environments where people use
> name-based authorization.
> 
> In the Windows/AD space people use SIDs for authorization.  In the
> non-Windows/AD space people tend to use some form of name-based
> authorization or a name-based mapping to non-name-based authorization
> data.
> 
> Therefore it's too late to add an alternative, stable domain ID form,
> yet it's probably worth doing because perhaps people will migrate to
> non-name-based authz methods, or perhaps they'll augment name-based
> methods with additional data that make it possible to survive name
> changes more easily.  (I'm not so sure about the latter.  Consider
> aname2lname rules (or "gsscred" rules): will we really augment them to
> properly handle domain renames?  Probably not.  What about Solaris
> name-based ID mapping rules (which are one of several options)?
> That'd be easier.)
> 
> I am concerned about any one realm's KDCs' (or services') ability to
> validate the UUIDs (or SIDs) of transited realms' SIDs.  Before we
> accept UUIDs (or SIDs) as a method of detecting and coping with
> domain/realm name changes, I'd like to make sure that we can prevent
> spoofing of these alternate domain/realm IDs by other realms' KDCs.

So you are not trusting a 'trusted' realm ? :-)

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Thu Sep 15 20:33:54 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80D3211E8086 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 20:33:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.524
X-Spam-Level: 
X-Spam-Status: No, score=-106.524 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OxAxuemAx4P5 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 20:33:53 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id C487C11E80B1 for <krb-wg-archive@lists.ietf.org>; Thu, 15 Sep 2011 20:33:53 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 3235F51; Thu, 15 Sep 2011 22:36:07 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 072BB21; Thu, 15 Sep 2011 22:36:06 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id D41402D40CA; Thu, 15 Sep 2011 22:36:06 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 419A080ECD for <ietf-krb-wg@lists.anl.gov>; Thu, 15 Sep 2011 22:36:06 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id 3B23F21; Thu, 15 Sep 2011 22:36:06 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 35CAD4C for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 22:36:06 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 2F67221 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 22:36:06 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 0D42B7CC066; Thu, 15 Sep 2011 22:36:06 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05096-09; Thu, 15 Sep 2011 22:36:05 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id E3B657CC064 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 22:36:05 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AuECAPnDck7RhLcclGdsb2JhbAA4CYRVowYUAQEBAQkLCQkUBiCBUwEBAQEDI08HEAsYAgImAgJXBhOrSJFLgSyCIoIVgREEmGOMKg
X-IronPort-AV: E=Sophos;i="4.68,391,1312174800"; d="scan'208";a="66836631"
Received: from mx1.redhat.com ([209.132.183.28]) by mailgateway.anl.gov with ESMTP; 15 Sep 2011 22:35:48 -0500
Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p8G3Zmse019707 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 15 Sep 2011 23:35:48 -0400
Received: from [10.3.113.19] ([10.3.113.19]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id p8G3ZlcW008231; Thu, 15 Sep 2011 23:35:47 -0400
From: Simo Sorce <simo@redhat.com>
To: Nico Williams <nico@cryptonector.com>
In-Reply-To: <CAK3OfOjD5fRCvQdqfyH67wTpQqWOmW1w3VbBr4Zq+uyqA+yHxA@mail.gmail.com>
References: <4E71E9EB.4080505@mnt.se> <CAK3OfOhqKXRUJ43nK4fO=shZKH2gqGxQReiLzEWPxotDs5WTPw@mail.gmail.com> <4E721244.4030807@mnt.se> <CAK3OfOh-DeYR8=W5FksrVHB0VmF9HXw0KeK4vs6xpDmhO6BxtA@mail.gmail.com> <4E721F59.4070009@mnt.se> <1316122835.2684.397.camel@willson.li.ssimo.org> <4E72732E.5050403@mnt.se> <1316123962.2684.404.camel@willson.li.ssimo.org> <CAK3OfOjD5fRCvQdqfyH67wTpQqWOmW1w3VbBr4Zq+uyqA+yHxA@mail.gmail.com>
Organization: Red Hat, Inc.
Date: Thu, 15 Sep 2011 23:35:46 -0400
Message-ID: <1316144146.2684.417.camel@willson.li.ssimo.org>
Mime-Version: 1.0
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: "ietf-krb-wg@anl.gov" <ietf-krb-wg@anl.gov>
Subject: Re: [Ietf-krb-wg] Reiview of draft-ietf-krb-wg-generalized-pac-00
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

On Thu, 2011-09-15 at 20:28 -0500, Nico Williams wrote:
> On Thu, Sep 15, 2011 at 4:59 PM, Simo Sorce <simo@redhat.com> wrote:
> > Also I did not propose to *add* a REALM UUID, just to rename the current
> > attribute name, I see no reason to have 2 UUIDs that fundamentally
> > represent the same thing.
> 
> The [very good] implication is that realm and [DNS] domain names must
> be closely associated.  Environments where a DNS domainname and its
> associated Kerberos realm name are completely different tend to
> engender all sorts of problems.  Microsoft was quite right to enforce
> an algorithmic mapping of DNS domainname to Kerberos realm naming and
> LDAP base DN naming.  (I'm not trying to be dismissive of legacy
> deployments -- vendors will likely continue to cater to them somewhat,
> I'm sure, at least for a while.)

You are free to do that (we do strongly push FreeIPA admins to have
realm = domain and the LDAP base is always the realm name split into
RDNs), but having a UUId does not force it at all.

All a UUID does int his case, at most, is creating a triplet of DNS,
REALM, UUID. But as I said the UUID is more connected to the identity
information than to names. In terms of relationships it is a property of
the accounts database from which you derive the PAD data.

In those cases where all information is unified into LDAP it can be
thought of representing the specific LDAP directory to which the
Kerberos REALM is bound.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Thu Sep 15 20:52:57 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6A5621F8678 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 20:52:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.666
X-Spam-Level: 
X-Spam-Status: No, score=-4.666 tagged_above=-999 required=5 tests=[AWL=1.311, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rWWtwpz+7JYx for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 20:52:57 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 0C0CE21F8672 for <krb-wg-archive@lists.ietf.org>; Thu, 15 Sep 2011 20:52:57 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 6748B51; Thu, 15 Sep 2011 22:55:10 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 2023441; Thu, 15 Sep 2011 22:55:10 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id DA9582D40CA; Thu, 15 Sep 2011 22:55:09 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id ADDD380ECD for <ietf-krb-wg@lists.anl.gov>; Thu, 15 Sep 2011 22:55:07 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id 9E6A64C; Thu, 15 Sep 2011 22:55:07 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 999C641 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 22:55:07 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 7E1B54C for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 22:55:07 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 66DD37CC073; Thu, 15 Sep 2011 22:55:07 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 06151-07; Thu, 15 Sep 2011 22:55:07 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 4B35C7CC066 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 22:55:07 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AsYBAEfHck7QYYSxjWdsb2JhbABBhFWifhwBAQEBCQkLCRIFI4FTAQEBAQMSAg8dAwE1AQEOCwsNAgImAgIiEgEFARwGEyKgGQqKfoMijiIBBIEshDeBEYdzi1iMfz2EDA
X-IronPort-AV: E=Sophos;i="4.68,391,1312174800"; d="scan'208";a="66836848"
Received: from caiajhbdcbhh.dreamhost.com (HELO homiemail-a63.g.dreamhost.com) ([208.97.132.177]) by mailgateway.anl.gov with ESMTP; 15 Sep 2011 22:55:06 -0500
Received: from homiemail-a63.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a63.g.dreamhost.com (Postfix) with ESMTP id 0F35B2F406A for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 20:55:06 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc :content-type:content-transfer-encoding; q=dns; s= cryptonector.com; b=SOaoV752McxE8vapQoYrmq3g6QXV8C6iRmY5+0XX7ce8 60iHM4FhYoHgePH9XC/YHStFdTWJ41/G9GziVR2TiJNwk6jPoVU72ZrXLAQLgiar I7/EX03Oa9hGF0wJ72C5Ba2mOwRbTfFObZugd7UnpkpwBtxMJTDm9RNSCIVOfOU=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type:content-transfer-encoding; s= cryptonector.com; bh=IHDTm5mT0qm1IS1JgYxcWN9UNUU=; b=p6koWQ/8asl YIHw3aYhVLHkLFNGFpkqMzzcVTd9dgLWKbwlf+7JiEYB4B4R9VF1nt6sBHr+lA4t BZdHgYc63aP6uRuclmgOaToOOJHGV6t6FkiRwpYxuxjwU+f359On885v15gTvV20 Idhjt6n1o0y0XZzsB/mu6GDNmTzw/ekE=
Received: from mail-vw0-f49.google.com (mail-vw0-f49.google.com [209.85.212.49]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a63.g.dreamhost.com (Postfix) with ESMTPSA id C63112F4059 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 20:55:05 -0700 (PDT)
Received: by vws8 with SMTP id 8so5675268vws.8 for <ietf-krb-wg@anl.gov>; Thu, 15 Sep 2011 20:55:05 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.220.57.11 with SMTP id a11mr551960vch.4.1316145305047; Thu, 15 Sep 2011 20:55:05 -0700 (PDT)
Received: by 10.220.27.68 with HTTP; Thu, 15 Sep 2011 20:55:04 -0700 (PDT)
In-Reply-To: <1316143881.2684.413.camel@willson.li.ssimo.org>
References: <4E71E9EB.4080505@mnt.se> <CAK3OfOhqKXRUJ43nK4fO=shZKH2gqGxQReiLzEWPxotDs5WTPw@mail.gmail.com> <4E721244.4030807@mnt.se> <CAK3OfOh-DeYR8=W5FksrVHB0VmF9HXw0KeK4vs6xpDmhO6BxtA@mail.gmail.com> <4E721F59.4070009@mnt.se> <1316122835.2684.397.camel@willson.li.ssimo.org> <4E72732E.5050403@mnt.se> <CAK3OfOgjME96hfpfsVXp-sHxiooU+BmPfc91t3Lg0-WU4z=2Dg@mail.gmail.com> <1316143881.2684.413.camel@willson.li.ssimo.org>
Date: Thu, 15 Sep 2011 22:55:04 -0500
Message-ID: <CAK3OfOjKJxuYL2jwTNP87NyG=PhDJav=qz97d=8qR5kkxeDjQg@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Simo Sorce <simo@redhat.com>
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: "ietf-krb-wg@anl.gov" <ietf-krb-wg@anl.gov>
Subject: Re: [Ietf-krb-wg] Reiview of draft-ietf-krb-wg-generalized-pac-00
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

T24gVGh1LCBTZXAgMTUsIDIwMTEgYXQgMTA6MzEgUE0sIFNpbW8gU29yY2UgPHNpbW9AcmVkaGF0
LmNvbT4gd3JvdGU6Cj4gT24gVGh1LCAyMDExLTA5LTE1IGF0IDIwOjIzIC0wNTAwLCBOaWNvIFdp
bGxpYW1zIHdyb3RlOgo+PiBJIGFtIGNvbmNlcm5lZCBhYm91dCBhbnkgb25lIHJlYWxtJ3MgS0RD
cycgKG9yIHNlcnZpY2VzJykgYWJpbGl0eSB0bwo+PiB2YWxpZGF0ZSB0aGUgVVVJRHMgKG9yIFNJ
RHMpIG9mIHRyYW5zaXRlZCByZWFsbXMnIFNJRHMuIMKgQmVmb3JlIHdlCj4+IGFjY2VwdCBVVUlE
cyAob3IgU0lEcykgYXMgYSBtZXRob2Qgb2YgZGV0ZWN0aW5nIGFuZCBjb3Bpbmcgd2l0aAo+PiBk
b21haW4vcmVhbG0gbmFtZSBjaGFuZ2VzLCBJJ2QgbGlrZSB0byBtYWtlIHN1cmUgdGhhdCB3ZSBj
YW4gcHJldmVudAo+PiBzcG9vZmluZyBvZiB0aGVzZSBhbHRlcm5hdGUgZG9tYWluL3JlYWxtIElE
cyBieSBvdGhlciByZWFsbXMnIEtEQ3MuCj4KPiBTbyB5b3UgYXJlIG5vdCB0cnVzdGluZyBhICd0
cnVzdGVkJyByZWFsbSA/IDotKQoKVGhhdCdzIGV4YWN0bHkgcmlnaHQuICBXZSBoYXZlIHRyYW5z
aXRlZCBwb2xpY3kgY2hlY2tpbmcgcHJlY2lzZWx5CmJlY2F1c2Ugbm90IGFsbCByZWFsbXMgYXJl
IGVxdWFsbHkgdHJ1c3RlZCBieSBvdGhlcnMuCgpOaWNvCi0tCl9fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fCmlldGYta3JiLXdnIG1haWxpbmcgbGlzdAppZXRm
LWtyYi13Z0BsaXN0cy5hbmwuZ292Cmh0dHBzOi8vbGlzdHMuYW5sLmdvdi9tYWlsbWFuL2xpc3Rp
bmZvL2lldGYta3JiLXdn

From ietf-krb-wg-bounces@lists.anl.gov  Thu Sep 15 23:50:58 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FADB21F8BA8 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 23:50:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.214
X-Spam-Level: 
X-Spam-Status: No, score=-5.214 tagged_above=-999 required=5 tests=[AWL=1.385, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k8fzkJ32GJxH for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Thu, 15 Sep 2011 23:50:57 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id A4E1C21F8BA6 for <krb-wg-archive@lists.ietf.org>; Thu, 15 Sep 2011 23:50:57 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 59B9D4C; Fri, 16 Sep 2011 01:53:11 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id C410841; Fri, 16 Sep 2011 01:52:50 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 8E9AD2D40CA; Fri, 16 Sep 2011 01:52:50 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 504C880ED5 for <ietf-krb-wg@lists.anl.gov>; Fri, 16 Sep 2011 01:52:48 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id 4AD7921; Fri, 16 Sep 2011 01:52:48 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 45CFE41 for <ietf-krb-wg@anl.gov>; Fri, 16 Sep 2011 01:52:48 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 3E61821 for <ietf-krb-wg@anl.gov>; Fri, 16 Sep 2011 01:52:48 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 2898D7CC066; Fri, 16 Sep 2011 01:52:48 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05086-09; Fri, 16 Sep 2011 01:52:48 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 0F1DB7CC05C for <ietf-krb-wg@anl.gov>; Fri, 16 Sep 2011 01:52:47 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ArcCAKzxck7BCvxCgWdsb2JhbABBhFWjBRQBARYmJYFTAQEFI1UBEAsYAgIFFgsCAgkDAgECAUUGDQEFAgEBh3WjD5FWgSyEO4ERBJhmjBE
X-IronPort-AV: E=Sophos;i="4.68,392,1312174800"; d="scan'208";a="66842900"
Received: from backup-server.nordu.net ([193.10.252.66]) by mailgateway.anl.gov with ESMTP/TLS/DHE-RSA-AES256-SHA; 16 Sep 2011 01:52:47 -0500
Received: from [192.36.125.212] (dhcp.pilsnet.sunet.se [192.36.125.212]) (authenticated bits=0) by backup-server.nordu.net (8.14.3/8.14.3) with ESMTP id p8G6qeDa019105 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 16 Sep 2011 08:52:43 +0200 (CEST)
Message-ID: <4E72F238.8090503@mnt.se>
Date: Fri, 16 Sep 2011 08:52:40 +0200
From: Leif Johansson <leifj@mnt.se>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.21) Gecko/20110831 Lightning/1.0b2 Thunderbird/3.1.13
MIME-Version: 1.0
To: Nico Williams <nico@cryptonector.com>
References: <4E71E9EB.4080505@mnt.se>	<CAK3OfOhqKXRUJ43nK4fO=shZKH2gqGxQReiLzEWPxotDs5WTPw@mail.gmail.com>	<4E721244.4030807@mnt.se>	<CAK3OfOh-DeYR8=W5FksrVHB0VmF9HXw0KeK4vs6xpDmhO6BxtA@mail.gmail.com>	<4E721F59.4070009@mnt.se>	<1316122835.2684.397.camel@willson.li.ssimo.org>	<4E72732E.5050403@mnt.se>	<1316123962.2684.404.camel@willson.li.ssimo.org> <CAK3OfOjD5fRCvQdqfyH67wTpQqWOmW1w3VbBr4Zq+uyqA+yHxA@mail.gmail.com>
In-Reply-To: <CAK3OfOjD5fRCvQdqfyH67wTpQqWOmW1w3VbBr4Zq+uyqA+yHxA@mail.gmail.com>
X-Enigmail-Version: 1.1.1
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: "ietf-krb-wg@anl.gov" <ietf-krb-wg@anl.gov>, Simo Sorce <simo@redhat.com>
Subject: Re: [Ietf-krb-wg] Reiview of draft-ietf-krb-wg-generalized-pac-00
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/16/2011 03:28 AM, Nico Williams wrote:
> On Thu, Sep 15, 2011 at 4:59 PM, Simo Sorce <simo@redhat.com> wrote:
>> Also I did not propose to *add* a REALM UUID, just to rename the current
>> attribute name, I see no reason to have 2 UUIDs that fundamentally
>> represent the same thing.
> 
> The [very good] implication is that realm and [DNS] domain names must
> be closely associated.  Environments where a DNS domainname and its
> associated Kerberos realm name are completely different tend to
> engender all sorts of problems.  Microsoft was quite right to enforce
> an algorithmic mapping of DNS domainname to Kerberos realm naming and
> LDAP base DN naming.  (I'm not trying to be dismissive of legacy
> deployments -- vendors will likely continue to cater to them somewhat,
> I'm sure, at least for a while.)
> 
> Nico
> --

OK I give you that and nowadays it is common to associate UUIDs with
LDAP entries for more or less the same reason. Maybe I'm starting to
see the point.

	Cheers Leif
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5y8jQACgkQ8Jx8FtbMZnfZFwCffv4RysVrH7f6Yu8YGj9M0OHC
rtQAn3TcT9ZdF7PJNeiYX6pTBD+aoOL4
=KIJH
-----END PGP SIGNATURE-----
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Fri Sep 16 07:11:30 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51B6321F8500 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Fri, 16 Sep 2011 07:11:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.549
X-Spam-Level: 
X-Spam-Status: No, score=-106.549 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mMEGAXORi8FL for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Fri, 16 Sep 2011 07:11:29 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id D6FA321F84D5 for <krb-wg-archive@lists.ietf.org>; Fri, 16 Sep 2011 07:11:28 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 405404E; Fri, 16 Sep 2011 09:13:43 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 1B5BC50; Fri, 16 Sep 2011 09:13:40 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id D31D42CCAA3; Fri, 16 Sep 2011 09:13:40 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 70BD280EC2 for <ietf-krb-wg@lists.anl.gov>; Thu, 15 Sep 2011 17:18:50 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 5105B7CC076; Thu, 15 Sep 2011 17:18:50 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02406-05; Thu, 15 Sep 2011 17:18:50 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 2B6C37CC067 for <ietf-krb-wg@lists.anl.gov>; Thu, 15 Sep 2011 17:18:50 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ah4AAMp4ck6A3iAUkWdsb2JhbAA+A5hTjwQUAQEBAQkLCwcUBSGBUwEBAQEDAQJ2DAQCARkDAQEBGQQSKAodCAEBBAENBQiHc7Z0g2cGgidgBIc/iXKCFpFG
X-IronPort-AV: E=Sophos;i="4.68,389,1312174800"; d="scan'208";a="66829222"
Received: from mexforward.lss.emc.com ([128.222.32.20]) by mailgateway.anl.gov with ESMTP/TLS/DHE-RSA-AES256-SHA; 15 Sep 2011 17:18:49 -0500
Received: from hop04-l1d11-si03.isus.emc.com (HOP04-L1D11-SI03.isus.emc.com [10.254.111.23]) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id p8FMIhn6024199 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 15 Sep 2011 18:18:43 -0400
Received: from mailhub.lss.emc.com (mailhub.lss.emc.com [10.254.222.129]) by hop04-l1d11-si03.isus.emc.com (RSA Interceptor); Thu, 15 Sep 2011 18:18:40 -0400
Received: from mxhub18.corp.emc.com (mxhub18.corp.emc.com [10.254.93.47]) by mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id p8FMIdNS000372; Thu, 15 Sep 2011 18:18:40 -0400
Received: from mx14a.corp.emc.com ([169.254.1.78]) by mxhub18.corp.emc.com ([10.254.93.47]) with mapi; Thu, 15 Sep 2011 18:18:39 -0400
From: <david.black@emc.com>
To: <gareth.richards@rsa.com>, <gen-art@ietf.org>, <ietf@ietf.org>
Date: Thu, 15 Sep 2011 18:18:38 -0400
Thread-Topic: Gen-ART review of draft-ietf-krb-wg-otp-preauth-19
Thread-Index: AcxiwFrEKzHJob9RQ2KJ4t0eYlZPlgRNFbDA
Message-ID: <7C4DFCE962635144B8FAE8CA11D0BF1E058CCE4CED@MX14A.corp.emc.com>
References: <7C4DFCE962635144B8FAE8CA11D0BF1E0589672C6A@MX14A.corp.emc.com>
In-Reply-To: <7C4DFCE962635144B8FAE8CA11D0BF1E0589672C6A@MX14A.corp.emc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
MIME-Version: 1.0
X-EMM-MHVC: 1
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
X-Mailman-Approved-At: Fri, 16 Sep 2011 09:13:40 -0500
Cc: ietf-krb-wg@lists.anl.gov, hartmans-ietf@mit.edu, david.black@emc.com
Subject: [Ietf-krb-wg] Gen-ART review of draft-ietf-krb-wg-otp-preauth-19
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

The -19 version of this draft resolves the issues raised by the Gen-ART rev=
iew of the -18 version,
although issue [2] on registering the URIs has a couple of nits:

- IANA also found issue [2] and IANA will need to acknowledge that the -19 =
version of this draft
	resolves this registration issue to IANA's satisfaction (the text in the -=
19 version should
	be sufficient).
- It is unclear to me whether the PSKC registry used to resolve issue [2] i=
s appropriate, but
	this topic has been discussed in the WG, and hence I prefer to defer this =
topic to the WG
	and the responsible Security AD.

Thanks,
--David

> -----Original Message-----
> From: Black, David
> Sent: Wednesday, August 24, 2011 8:46 PM
> To: Richards, Gareth; gen-art@ietf.org; ietf
> Cc: Black, David; ietf-krb-wg@lists.anl.gov; Sam Hartman; Stephen Farrell
> Subject: Gen-ART review of draft-ietf-krb-wg-otp-preauth-18
> =

> I am the assigned Gen-ART reviewer for this draft. For background on Gen-=
ART, please see the FAQ at
> <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.
> =

> Please resolve these comments along with any other Last Call comments you=
 may receive.
> =

> Document: draft-ietf-krb-wg-otp-preauth-18
> Reviewer: David L. Black
> Review Date: August 24, 2011
> IETF LC End Date: August 29, 2011
> =

> Summary: This draft is on the right track but has open issues, described =
in the review.
> =

> This is a tightly written draft on one-time-password token-based preauthe=
ntication for Kerberos.
> The text does a good job of tightly specifying the algorithms and protoco=
l steps; the resulting
> text is a bit dense to read, but provides the necessary precision for imp=
lementation.
> =

> Disclaimer - the draft author and this reviewer work for different organi=
zations in the
> 	same company (EMC).
> =

> I found two open issues, both of which are relatively minor:
> =

> [1] In section 6.1 at the top of p.28, I don't believe that the use of lo=
wer case
> "recommended" is a strong enough warning about the danger in using
> anonymous PKINIT because it exposes the OTP value:
> =

>    It is therefore recommended that anonymous PKINIT not be used with
>    OTP algorithms that require the OTP value to be sent to the KDC and
>    that careful consideration be made of the security implications
>    before it is used with other algorithms such as those with short OTP
>    values.
> =

> At a minimum, that warning should be in upper-case:
> =

>    It is therefore RECOMMENDED that anonymous PKINIT not be used with
>    OTP algorithms that require the OTP value to be sent to the KDC. In
>    addition, the security implications should be carefully considered
>    before anonymous PKINIT is used with other algorithms such as those
>    with short OTP values.
> =

> Beyond that, the security issue in the first sentence may be severe enough
> to justify a prohibition, so the following would also be acceptable:
> =

>    Therefore anonymous PKINIT SHALL NOT be used with
>    OTP algorithms that require the OTP value to be sent to the KDC. In
>    addition, the security implications should be carefully considered
>    before anonymous PKINIT is used with other algorithms such as those
>    with short OTP values.
> =

> [2] In section 5, the first paragraph in the IANA considerations is uncle=
ar, and
> following its reference to section 4.1, I don't see any clarifying text t=
here either.
> I think Sections 4.1 and 4.2 need to say that the value of otp-algID is a=
 URI obtained
> from the PSKC Algorithm URI Registry, and the first paragraph in section =
5 should
> say that URIs for otp-algID are to be registered in that registry, see RF=
C 6030.
> =

> I also found a couple of minor nits:
> =

> In Section 1.1, please expand the FAST acronym on first use.
> =

> In section 2.4, the following sentence is potentially confusing:
> =

>    For example,
>    event-based tokens may drift since the counter on the token is
>    incremented every time the token is used but the counter on the
>    server is only incremented on an authentication.  Similarly, the
>    clocks on time-based tokens may drift.
> =

> The confusion arises because the resync mechanism described in that secti=
on causes
> the client to use the next token value.  By itself, that won't help when =
an event based
> has gotten ahead of the server; using the next value only puts the token =
further ahead.
> Similarly, by itself, this mechanism does not help if the token clock has=
 drifted ahead
> of the server clock, but does help if the token clock has drifted behind.=
  A little more
> explanation of what the server can do to take advantage of this mechanism=
 (e.g., how to
> deal with an event-based token that is ahead of the server) would reduce =
the confusion.
> =

> idnits 2.12.12 generated a bunch of warnings, none of which require any c=
hange to the draft.
> =

> Thanks,
> --David
> ----------------------------------------------------
> David L. Black, Distinguished Engineer
> EMC Corporation, 176 South St., Hopkinton, MA=A0 01748
> +1 (508) 293-7953=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 FAX: +1 (508) 293-7=
786
> david.black@emc.com=A0=A0=A0=A0=A0=A0=A0 Mobile: +1 (978) 394-7754
> ----------------------------------------------------
> =


_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Mon Sep 19 07:36:31 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1D4621F8C28 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Mon, 19 Sep 2011 07:36:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.362
X-Spam-Level: 
X-Spam-Status: No, score=-4.362 tagged_above=-999 required=5 tests=[AWL=-0.363, BAYES_50=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cpl72RQkKa3x for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Mon, 19 Sep 2011 07:36:30 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 9643721F8C26 for <krb-wg-archive@lists.ietf.org>; Mon, 19 Sep 2011 07:36:30 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 108EA18; Mon, 19 Sep 2011 09:38:53 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id EA3B525; Mon, 19 Sep 2011 09:38:47 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id C3F012D40BB; Mon, 19 Sep 2011 09:38:47 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 327EA80ECD for <ietf-krb-wg@lists.anl.gov>; Mon, 19 Sep 2011 09:38:46 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 1C8467CC05F; Mon, 19 Sep 2011 09:38:46 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 04540-09; Mon, 19 Sep 2011 09:38:46 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id EEB6D7CC056 for <ietf-krb-wg@lists.anl.gov>; Mon, 19 Sep 2011 09:38:45 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ArQBAAVTd04SCRkOnGdsb2JhbAA/Aw6nGxQBAQEBAQgLCQkUJYFaaCMBPEQmAQQBGgGHcqwuiH+Da4ItYASHP4wKhSaLT1Q
X-IronPort-AV: E=Sophos;i="4.68,405,1312174800"; d="scan'208";a="66951933"
Received: from dmz-mailsec-scanner-3.mit.edu ([18.9.25.14]) by mailgateway.anl.gov with ESMTP; 19 Sep 2011 09:38:45 -0500
X-AuditID: 1209190e-b7c60ae000000a26-c8-4e77536138e4
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id 93.C0.02598.163577E4; Mon, 19 Sep 2011 10:36:17 -0400 (EDT)
Received: from outgoing-exchange-2.mit.edu (OUTGOING-EXCHANGE-2.MIT.EDU [18.9.28.16]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id p8JEcjME001619;  Mon, 19 Sep 2011 10:38:45 -0400
Received: from w92exedge4.exchange.mit.edu (W92EXEDGE4.EXCHANGE.MIT.EDU [18.7.73.16]) by outgoing-exchange-2.mit.edu (8.13.8/8.12.4) with ESMTP id p8JEcitw009022; Mon, 19 Sep 2011 10:38:44 -0400
Received: from w92exhub9.exchange.mit.edu (18.7.73.17) by w92exedge4.exchange.mit.edu (18.7.73.16) with Microsoft SMTP Server (TLS) id 8.2.255.0; Mon, 19 Sep 2011 10:38:24 -0400
Received: from EXPO10.exchange.mit.edu ([18.9.4.15]) by w92exhub9.exchange.mit.edu ([18.7.73.17]) with mapi; Mon, 19 Sep 2011 10:38:43 -0400
From: Thomas Hardjono <hardjono@MIT.EDU>
To: "ietf-krb-wg@lists.anl.gov" <ietf-krb-wg@lists.anl.gov>, "kerberos@mit.edu" <kerberos@mit.edu>
Date: Mon, 19 Sep 2011 10:38:42 -0400
Thread-Topic: 2011 Kerberos Conference & Interop (25-28 Oct at MIT): Registration (free)  & Hotel info
Thread-Index: Acx22dQyVZRUv4/OSEOcTYs8KhSE7w==
Message-ID: <DADD7EAD88AB484D8CCC328D40214CCD0E760C1560@EXPO10.exchange.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrBKsWRmVeSWpSXmKPExsUixCmqrZsYXO5n8K/JwuL91GlMDowecydM YQxgjOKySUnNySxLLdK3S+DKeLrsEmvBKq6K78+WMDUwbuHoYuTkkBAwkdjwcCojhC0mceHe erYuRi4OIYF9jBLHD75gh3AOMEo0nN/HDOFcYZR4/P8bE4SzlVFi86YTbCD9QgITGCW27AGz 2QQ0JM793ssOYosIZEu8/vIFLM4ioCpxbftPZhBbWCBFYvrvb2wQNZkSF2Z9ZIWw9SRObXgI VsMrECBx4l87WJwR6L7vp9YwgdjMAuISt57MZ4K4W1Bi0ew9zDA//Nv1kA2iXlTiTvt6Roh6 PYkbU6ewQdjaEssWvoaaLyhxcuYTlgmMYrOQjJ2FpGUWkpZZSFoWMLKsYpRNya3SzU3MzClO TdYtTk7My0st0jXWy80s0UtNKd3ECI4gSb4djF8PKh1iFOBgVOLhXdlc5ifEmlhWXJl7iFGS g0lJlNfdv9xPiC8pP6UyI7E4I76oNCe1+BCjBAezkgjvT3egHG9KYmVValE+TEqag0VJnHf1 Dgc/IYH0xJLU7NTUgtQimKwMB4eSBC8fMFEICRalpqdWpGXmlCCkmTg4QYbzAA33AqnhLS5I zC3OTIfIn2JUlBLn3RIElBAASWSU5sH1whLcK0ZxoFeEeflB2nmAyRGu+xXQYCagwWUeJSCD SxIRUlINjDH1x7XF+xPi5649tpyBWa3I88z/gDZW6dlKm4olXfa0/r7oyVUdeE71a7YUj9Rb nUMl/Gqvns/pdgxQeyW0Lu/S/zneTJu+zH131OYEz44Dl1vNNt42ehp/9XKe47REtcOn33ff 2dosLN+36KP+NJOWxOCYpIu17G+WPzHacG0ZL0/QnIxAGSWW4oxEQy3mouJEAJOC6hdLAwAA
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Subject: [Ietf-krb-wg] 2011 Kerberos Conference & Interop (25-28 Oct at MIT): Registration (free) & Hotel info
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

Folks,

The 2011 Kerberos Conference and Interop will be held at MIT on October 25-=
28, 2011. The Conference will be on the Tuesday-Wednesday (25-26 Oct), whil=
e the Interop on the Thursday-Friday (27-28 Oct).

Registration is Free.

http://www.kerberos.org/events/2011conf-interop/index.html



(a) The Conference Registration page is now open:

http://www.kerberos.org/events/2011conf-interop/reg.html


(b) Hotel:  =

We have negotiated a limited number of rooms at a group-rate for October 24=
th and 25th evenings, at the historic Kendall Hotel at Kendall Square (at M=
IT) in Cambridge, MA.  We recommend you to book your hotel as soon as possi=
ble, since late October is peak season in Boston and New England generally.

The Group-rate hotel reservation ends September 24th (ie. this Saturday!).


(c) Interop participation:
If you wish to participate in the Interop Event, please email me so that I =
can send you the test planning template doc.


We look forward to seeing you at the 2011 MIT Kerberos Conference & Interop.

Regards.

/thomas/



__________________________________________
Thomas Hardjono
MIT Kerberos Consortium
email:=A0 hardjono[at]mit.edu
mobile: +1 781-729-9559
desk:=A0=A0=A0+1 617-715-2451
__________________________________________


_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Mon Sep 19 09:00:58 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2E1821F8C99 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Mon, 19 Sep 2011 09:00:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.59
X-Spam-Level: 
X-Spam-Status: No, score=-105.59 tagged_above=-999 required=5 tests=[AWL=1.009, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rU1ZIKQJVP9U for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Mon, 19 Sep 2011 09:00:57 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 0BAF221F8C94 for <krb-wg-archive@lists.ietf.org>; Mon, 19 Sep 2011 09:00:50 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 58B672E; Mon, 19 Sep 2011 11:03:13 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id C0A5732; Mon, 19 Sep 2011 11:03:09 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 70D1580ED2; Mon, 19 Sep 2011 11:03:09 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 6898C80EC2 for <ietf-krb-wg@lists.anl.gov>; Mon, 19 Sep 2011 11:03:08 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id 5FA9618; Mon, 19 Sep 2011 11:03:08 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 5B54725 for <ietf-krb-wg@anl.gov>; Mon, 19 Sep 2011 11:03:08 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 5369C18 for <ietf-krb-wg@anl.gov>; Mon, 19 Sep 2011 11:03:08 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 3B1D07CC066; Mon, 19 Sep 2011 11:03:08 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05454-09; Mon, 19 Sep 2011 11:03:08 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 169357CC05F for <ietf-krb-wg@anl.gov>; Mon, 19 Sep 2011 11:03:08 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AqAEADFnd05FGcQcgWdsb2JhbABCmRIBAY44AQEWJiWCFC0SPDQBHLRHiH+GeASlEg
X-IronPort-AV: E=Sophos;i="4.68,406,1312174800"; d="scan'208";a="66958898"
Received: from permutation-city.suchdamage.org (HELO mail.suchdamage.org) ([69.25.196.28]) by mailgateway.anl.gov with ESMTP; 19 Sep 2011 11:03:05 -0500
Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id 4FBC620384; Mon, 19 Sep 2011 12:04:52 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 71BC042E2; Mon, 19 Sep 2011 12:02:50 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: ietf-krb-wg@anl.gov
Date: Mon, 19 Sep 2011 12:02:50 -0400
Message-ID: <tslaaa0bjv9.fsf@mit.edu>
MIME-Version: 1.0
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: krb-wg-ads@tools.ietf.org
Subject: [Ietf-krb-wg] Proposed changes to draft-ietf-krb-wg-clear-text-cred
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

Hi.  Jari thought that section 4 is unclear. He trusts us to clarify it
and so he cleared his discuss, but we should clarify both to honor that
trust and because he's right that it's a bit confusing.

I propose the following clarification:

old (section 4):

   The Kerberos Encryption Type 0 is an invalid value [RFC3961].  Layers
      above the encryption layer are left to interpret its use in their own
         context specific manner.  The use of encryption type 0 in the
	    unencrypted form of the KRB-CRED is not to specify an encryption
	    

new: The Kerberos Encryption Type 0 is an invalid value [RFC3961].
   This means that no RFC 3961 encryption type with value 0 will ever
   be defined; no encryption or key management operations will use
   this value. Layers above the encryption layer often transport
   encryption types as integer values. These layers are free to use a
   0 in an encryption type integer as a flag or sentinal value or for
   other context-specific purposes. For example, section 3 of this
   specification defines the semantics of a 0 carried in the krb_cred
   message's encryption type field.

Also, in the security considerations section:

old:
end-to-end security

new: mutual authentication

Rationale:

1) Russ Housley filed a discuss that we require mutual authentication;
he's right and we need to say that.  

2) I don't know what the ends are
inherently, the Kerberos KDC protocol can provide hop-by-hop rather
than end-to-end security, and I see nothing different about the
security assumptions here from the base Kerberos security assumptions.


If the authors are OK with these changes and no one objects in a day or two we can publish a new draft and get this one approved!
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Mon Sep 19 10:09:35 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CB5221F8CB4 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Mon, 19 Sep 2011 10:09:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.2
X-Spam-Level: 
X-Spam-Status: No, score=-5.2 tagged_above=-999 required=5 tests=[AWL=1.399, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RoUTVFXfHgsN for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Mon, 19 Sep 2011 10:09:34 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 8011D21F8CA7 for <krb-wg-archive@lists.ietf.org>; Mon, 19 Sep 2011 10:09:34 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id A778A33; Mon, 19 Sep 2011 12:11:57 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 6525025; Mon, 19 Sep 2011 12:11:56 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 2D2FB80EA3; Mon, 19 Sep 2011 12:11:56 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 0FA7080E8C for <ietf-krb-wg@lists.anl.gov>; Mon, 19 Sep 2011 12:11:55 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id 097C825; Mon, 19 Sep 2011 12:11:55 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 04C2521 for <ietf-krb-wg@anl.gov>; Mon, 19 Sep 2011 12:11:55 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id DA43D33 for <ietf-krb-wg@anl.gov>; Mon, 19 Sep 2011 12:11:54 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id C271E7CC066; Mon, 19 Sep 2011 12:11:54 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 30945-02-2; Mon, 19 Sep 2011 12:11:54 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id F17C87CC076 for <ietf-krb-wg@anl.gov>; Mon, 19 Sep 2011 12:11:52 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AlMAAIF3d06AAmkugWdsb2JhbABCDphGjnsBARYmJYFTAQEBAQMBAQE3LQcLDAQCAQgRBAEBCxQJBycBChQJCAIEAQ0FCIdzq2iIf4YYYASRM5MLOA
X-IronPort-AV: E=Sophos;i="4.68,406,1312174800"; d="scan'208";a="66964426"
Received: from relay-exch-02.andrew.cmu.edu (HELO relay-exchange.andrew.cmu.edu) ([128.2.105.46]) by mailgateway.anl.gov with ESMTP/TLS/DHE-RSA-AES256-SHA; 19 Sep 2011 12:11:52 -0500
Received: from PGH-MSGHT-01.andrew.ad.cmu.edu (PGH-MSGHT-01.ANDREW.AD.CMU.EDU [128.2.105.39]) by relay-exchange.andrew.cmu.edu (8.14.4/8.14.4) with ESMTP id p8JHBp4D018284 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Mon, 19 Sep 2011 13:11:51 -0400
Received: from PGH-MSGMB-03.andrew.ad.cmu.edu ([169.254.1.157]) by PGH-MSGHT-01.andrew.ad.cmu.edu ([128.2.105.39]) with mapi id 14.01.0270.001; Mon, 19 Sep 2011 13:11:50 -0400
From: Russell J Yount <rjy@cmu.edu>
To: Sam Hartman <hartmans-ietf@mit.edu>, "ietf-krb-wg@anl.gov" <ietf-krb-wg@anl.gov>
Thread-Topic: [Ietf-krb-wg] Proposed changes to draft-ietf-krb-wg-clear-text-cred
Thread-Index: AQHMduWhwZVmhQepr0SyEkOj9hTa5pVU726Q
Date: Mon, 19 Sep 2011 17:11:50 +0000
Message-ID: <26BE721B42199440805DB836552EA796060D87@PGH-MSGMB-03.andrew.ad.cmu.edu>
References: <tslaaa0bjv9.fsf@mit.edu>
In-Reply-To: <tslaaa0bjv9.fsf@mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [128.2.42.4]
MIME-Version: 1.0
X-PMX-Version: 5.6.0.2009776, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2011.9.19.170014
X-SMTP-Spam-Clean: 8% ( BODYTEXTP_SIZE_3000_LESS 0, BODY_SIZE_2000_2999 0, BODY_SIZE_5000_LESS 0, BODY_SIZE_7000_LESS 0, FROM_EDU_TLD 0, WEBMAIL_SOURCE 0, WEBMAIL_XOIP 0, WEBMAIL_X_IP_HDR 0, __ANY_URI 0, __BOUNCE_CHALLENGE_SUBJ 0, __BOUNCE_NDR_SUBJ_EXEMPT 0, __CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __HAS_XOIP 0, __IMS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __PHISH_SPEAR_STRUCTURE_1 0, __SANE_MSGID 0, __SUBJ_ALPHA_END 0, __TO_MALFORMED_2 0, __URI_NO_PATH 0, __URI_NO_WWW 0, __URI_NS )
X-SMTP-Spam-Score: 8%
X-Scanned-By: MIMEDefang 2.60 on 128.2.105.46
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: "krb-wg-ads@tools.ietf.org" <krb-wg-ads@tools.ietf.org>
Subject: Re: [Ietf-krb-wg] Proposed changes to draft-ietf-krb-wg-clear-text-cred
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

Sam,

One small issue: s/krb_cred/KRB-CRED/

Other than that, this looks good. You have my approval.


-Russ

-----Original Message-----
From: ietf-krb-wg-bounces@lists.anl.gov [mailto:ietf-krb-wg-bounces@lists.anl.gov] On Behalf Of Sam Hartman
Sent: Monday, September 19, 2011 12:03 PM
To: ietf-krb-wg@anl.gov
Cc: krb-wg-ads@tools.ietf.org
Subject: [Ietf-krb-wg] Proposed changes to draft-ietf-krb-wg-clear-text-cred



Hi.  Jari thought that section 4 is unclear. He trusts us to clarify it
and so he cleared his discuss, but we should clarify both to honor that
trust and because he's right that it's a bit confusing.

I propose the following clarification:

old (section 4):

   The Kerberos Encryption Type 0 is an invalid value [RFC3961].  Layers
      above the encryption layer are left to interpret its use in their own
         context specific manner.  The use of encryption type 0 in the
	    unencrypted form of the KRB-CRED is not to specify an encryption
	    

new: The Kerberos Encryption Type 0 is an invalid value [RFC3961].
   This means that no RFC 3961 encryption type with value 0 will ever
   be defined; no encryption or key management operations will use
   this value. Layers above the encryption layer often transport
   encryption types as integer values. These layers are free to use a
   0 in an encryption type integer as a flag or sentinal value or for
   other context-specific purposes. For example, section 3 of this
   specification defines the semantics of a 0 carried in the krb_cred
   message's encryption type field.

Also, in the security considerations section:

old:
end-to-end security

new: mutual authentication

Rationale:

1) Russ Housley filed a discuss that we require mutual authentication;
he's right and we need to say that.  

2) I don't know what the ends are
inherently, the Kerberos KDC protocol can provide hop-by-hop rather
than end-to-end security, and I see nothing different about the
security assumptions here from the base Kerberos security assumptions.


If the authors are OK with these changes and no one objects in a day or two we can publish a new draft and get this one approved!
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Mon Sep 19 10:15:08 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D54E21F8CCB for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Mon, 19 Sep 2011 10:15:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.589
X-Spam-Level: 
X-Spam-Status: No, score=-105.589 tagged_above=-999 required=5 tests=[AWL=1.010, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oHbORXWt6Gi5 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Mon, 19 Sep 2011 10:15:07 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 664E321F8CC0 for <krb-wg-archive@lists.ietf.org>; Mon, 19 Sep 2011 10:15:07 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id DE7B621; Mon, 19 Sep 2011 12:17:30 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 9903525; Mon, 19 Sep 2011 12:17:30 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 677CD80EA3; Mon, 19 Sep 2011 12:17:30 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 1638780E8C for <ietf-krb-wg@lists.anl.gov>; Mon, 19 Sep 2011 12:17:29 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id 05A3821; Mon, 19 Sep 2011 12:17:29 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 0121625 for <ietf-krb-wg@anl.gov>; Mon, 19 Sep 2011 12:17:29 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id EF9F921 for <ietf-krb-wg@anl.gov>; Mon, 19 Sep 2011 12:17:28 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id DB7197CC05E; Mon, 19 Sep 2011 12:17:28 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 00378-05; Mon, 19 Sep 2011 12:17:28 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id BF2267CC059 for <ietf-krb-wg@anl.gov>; Mon, 19 Sep 2011 12:17:28 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AskCALx4d05FGcQcgWdsb2JhbABCDqdBAQEWJiWBUwEBBTo/EAshJQ8BBBgxE7NkiH+GeASkPlQ
X-IronPort-AV: E=Sophos;i="4.68,406,1312174800"; d="scan'208";a="66964829"
Received: from permutation-city.suchdamage.org (HELO mail.suchdamage.org) ([69.25.196.28]) by mailgateway.anl.gov with ESMTP; 19 Sep 2011 12:17:28 -0500
Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id 28B52203B1; Mon, 19 Sep 2011 13:19:16 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 4995942E2; Mon, 19 Sep 2011 13:17:14 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: Russell J Yount <rjy@cmu.edu>
References: <tslaaa0bjv9.fsf@mit.edu> <26BE721B42199440805DB836552EA796060D87@PGH-MSGMB-03.andrew.ad.cmu.edu>
Date: Mon, 19 Sep 2011 13:17:14 -0400
In-Reply-To: <26BE721B42199440805DB836552EA796060D87@PGH-MSGMB-03.andrew.ad.cmu.edu> (Russell J. Yount's message of "Mon, 19 Sep 2011 17:11:50 +0000")
Message-ID: <tslwrd4a1ut.fsf@mit.edu>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux)
MIME-Version: 1.0
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: "ietf-krb-wg@anl.gov" <ietf-krb-wg@anl.gov>, Sam Hartman <hartmans-ietf@mit.edu>, "krb-wg-ads@tools.ietf.org" <krb-wg-ads@tools.ietf.org>
Subject: Re: [Ietf-krb-wg] Proposed changes to draft-ietf-krb-wg-clear-text-cred
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

>>>>> "Russell" == Russell J Yount <rjy@cmu.edu> writes:

    Russell> Sam, One small issue: s/krb_cred/KRB-CRED/

    Russell> Other than that, this looks good. You have my approval.




Well, you'll be doing the work:-)
If you don't see any objections in a couple of days please submit a new
version with the correction.
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Tue Sep 20 05:47:04 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F11D21F854E for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Tue, 20 Sep 2011 05:47:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.588
X-Spam-Level: 
X-Spam-Status: No, score=-105.588 tagged_above=-999 required=5 tests=[AWL=1.011, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QMYLntrhpADT for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Tue, 20 Sep 2011 05:47:03 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 6C02B21F854D for <krb-wg-archive@lists.ietf.org>; Tue, 20 Sep 2011 05:47:03 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 9AFA635; Tue, 20 Sep 2011 07:49:28 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id D21DF36; Tue, 20 Sep 2011 07:49:25 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 743232CCA3D; Tue, 20 Sep 2011 07:49:25 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 300C280E8C for <ietf-krb-wg@lists.anl.gov>; Tue, 20 Sep 2011 07:49:24 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id 1A9EB31; Tue, 20 Sep 2011 07:49:24 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 161E633 for <ietf-krb-wg@anl.gov>; Tue, 20 Sep 2011 07:49:24 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 0FC3631 for <ietf-krb-wg@anl.gov>; Tue, 20 Sep 2011 07:49:24 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id ED6227CC05E; Tue, 20 Sep 2011 07:49:23 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02746-05; Tue, 20 Sep 2011 07:49:23 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id D1AC87CC05A for <ietf-krb-wg@anl.gov>; Tue, 20 Sep 2011 07:49:23 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AsQGAPeKeE5FGcQcgWdsb2JhbABCmS0BAY5BAQEWJiaCFHs0ARxYnBuWdIh/hn0EpRY
X-IronPort-AV: E=Sophos;i="4.68,411,1312174800"; d="scan'208";a="67007601"
Received: from permutation-city.suchdamage.org (HELO mail.suchdamage.org) ([69.25.196.28]) by mailgateway.anl.gov with ESMTP; 20 Sep 2011 07:49:23 -0500
Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id F3DCF203C0 for <ietf-krb-wg@anl.gov>; Tue, 20 Sep 2011 08:51:09 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 4E70642F0; Tue, 20 Sep 2011 08:49:07 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: ietf-krb-wg@anl.gov
Date: Tue, 20 Sep 2011 08:49:07 -0400
Message-ID: <tslhb478jlo.fsf@mit.edu>
MIME-Version: 1.0
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Subject: [Ietf-krb-wg] Pkinit alg agility: anonymous principal
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

In this message I'm wearing the hat of someone debugging pkinit
implementations, not my chair hat.


Hi.

As part of RFC 6112 processing, the KDC transforms the principal
WELLKNOWN/ANONYMOUS@TGS_REALM to WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS
at least some of the time.  I cannot remember whether a KDC is permitted
to return the local realm in the anonymous pkinit case.


It's quite important for the KDF that the server and client pass the
same value into party_u_info so you get the same key on the server and
client.

I believe that we should clarify which value should be used in the KDF.

I think the following text from RFC 6112 means that a KDC MUST issue
tickets with the WELLKNOWN:ANONYMOUS realm when anonymous pkinit is
used:

   In this specification, the client realm in the anonymous ticket is
      the anonymous realm name when anonymous PKINIT is used to obtain the
         ticket.  The client realm is the client's real realm name if the
	    client is authenticated using the client's long-term keys.  Note that
	       the membership of a realm can imply a member of the community
	          represented by the realm.
		  

Thus, I think canonicalizing party_u_info to either principal is
acceptable. I propose that when anonymous pkinit is used we canonicalize
party_u_info to WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS. 

I'd appreciate comments.

_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Fri Sep 23 07:35:26 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0962921F8C78 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Fri, 23 Sep 2011 07:35:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.759
X-Spam-Level: 
X-Spam-Status: No, score=-104.759 tagged_above=-999 required=5 tests=[AWL=1.840, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WdcU1KGV42BC for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Fri, 23 Sep 2011 07:35:25 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 44F5B21F8C7D for <krb-wg-archive@lists.ietf.org>; Fri, 23 Sep 2011 07:35:25 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 3C91564; Fri, 23 Sep 2011 09:37:59 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id E59E55D; Fri, 23 Sep 2011 09:37:56 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id B1F882CCA90; Fri, 23 Sep 2011 09:37:56 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id C9EE280EDA for <ietf-krb-wg@lists.anl.gov>; Fri, 23 Sep 2011 09:37:54 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id C450E11; Fri, 23 Sep 2011 09:37:54 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id BFC365D for <ietf-krb-wg@anl.gov>; Fri, 23 Sep 2011 09:37:54 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id BA99611 for <ietf-krb-wg@anl.gov>; Fri, 23 Sep 2011 09:37:54 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id A159B7CC05A; Fri, 23 Sep 2011 09:37:54 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 26449-04; Fri, 23 Sep 2011 09:37:54 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 8947C7CC054 for <ietf-krb-wg@anl.gov>; Fri, 23 Sep 2011 09:37:54 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ApwDAE6ZfE7CUoxLgWdsb2JhbABCDqgFFAEBFiYmgVMBBjoZOAEINkIlAgQBiAy3AIcBBKRMNw
X-IronPort-AV: E=Sophos;i="4.68,430,1312174800"; d="scan'208";a="67235250"
Received: from har003676.ukerna.ac.uk ([194.82.140.75]) by mailgateway.anl.gov with ESMTP; 23 Sep 2011 09:37:53 -0500
Received: from har003676.ukerna.ac.uk (localhost.localdomain [127.0.0.1]) by localhost (Email Security Appliance) with SMTP id F2AE54A6B84_E7C99BFB; Fri, 23 Sep 2011 14:37:51 +0000 (GMT)
Received: from EXC001.atlas.ukerna.ac.uk (exc001.atlas.ukerna.ac.uk [193.62.83.37]) by har003676.ukerna.ac.uk (Sophos Email Appliance) with ESMTP id CD75A4A6B7E_E7C99BFF; Fri, 23 Sep 2011 14:37:51 +0000 (GMT)
Received: from EXC001.atlas.ukerna.ac.uk ([193.62.83.37]) by EXC001 ([193.62.83.37]) with mapi id 14.01.0289.001; Fri, 23 Sep 2011 15:37:51 +0100
From: Josh Howlett <Josh.Howlett@ja.net>
To: Sam Hartman <hartmans-ietf@MIT.EDU>, "ietf-krb-wg@anl.gov" <ietf-krb-wg@anl.gov>
Thread-Topic: [Ietf-krb-wg] Comments on adopting draft-perez-krb-wg-gss-preauth-00.txt
Thread-Index: AQHMef5fVkspQ8aiQkW4vTFOI4JwWQ==
Date: Fri, 23 Sep 2011 14:37:50 +0000
Message-ID: <CAA25379.2ED79%josh.howlett@ja.net>
In-Reply-To: <tslipovman0.fsf@mit.edu>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
user-agent: Microsoft-MacOutlook/14.13.0.110805
x-originating-ip: [194.82.140.76]
Content-ID: <C886896A5B47DC4F8B006F773656A118@ukerna.ac.uk>
MIME-Version: 1.0
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Subject: Re: [Ietf-krb-wg] Comments on adopting draft-perez-krb-wg-gss-preauth-00.txt
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

>
>we've received a request from the authors to consider adopting the GSS
>pre-authentication mechanism as a working group document.

I support adoption.

>I'd like to solicit comments on this by October 5.

The document currently references draft-ietf-krb-wg-preauth-framework-17;
RFC6113 would probably be more appropriate now.

I'm curious whether this mechanism will provide an RFC4401 PRF and how
this will relate (if at all) to the subordinate mechanism's PRF.

Josh.



JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG

_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Fri Sep 23 09:10:53 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C82A21F8CAE for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Fri, 23 Sep 2011 09:10:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.64
X-Spam-Level: 
X-Spam-Status: No, score=-5.64 tagged_above=-999 required=5 tests=[AWL=0.959, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uDGCUqLHogyJ for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Fri, 23 Sep 2011 09:10:52 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 3FE2A21F8C93 for <krb-wg-archive@lists.ietf.org>; Fri, 23 Sep 2011 09:10:52 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id AB39946; Fri, 23 Sep 2011 11:13:26 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 9ADCB5B; Fri, 23 Sep 2011 11:13:23 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 81C3F2CCA9F; Fri, 23 Sep 2011 11:13:23 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 249B22CCA9C for <ietf-krb-wg@lists.anl.gov>; Fri, 23 Sep 2011 11:13:22 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 0EBA67CC05A; Fri, 23 Sep 2011 11:13:22 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27893-09; Fri, 23 Sep 2011 11:13:21 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id D537A7CC05F for <ietf-krb-wg@lists.anl.gov>; Fri, 23 Sep 2011 11:13:21 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AnUAAIOvfE4SB0Qkm2dsb2JhbAA/Aw6ZDY54FAEBAQEBCAkLCRQmgVMBAQEBAwECZR0GARkEAQEdBwQvChQJCQEEARIIAYd1rgCIf4NxgjBgBIdCiXiCGIUpi1FT
X-IronPort-AV: E=Sophos;i="4.68,431,1312174800"; d="scan'208";a="67243093"
Received: from dmz-mailsec-scanner-7.mit.edu ([18.7.68.36]) by mailgateway.anl.gov with ESMTP; 23 Sep 2011 11:13:21 -0500
X-AuditID: 12074424-b7bcaae000000a05-cc-4e7cb0683d0f
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP id F2.27.02565.860BC7E4; Fri, 23 Sep 2011 12:14:33 -0400 (EDT)
Received: from outgoing-exchange-2.mit.edu (OUTGOING-EXCHANGE-2.MIT.EDU [18.9.28.16]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id p8NGDIPF031161;  Fri, 23 Sep 2011 12:13:18 -0400
Received: from OC11EXEDGE4.EXCHANGE.MIT.EDU (OC11EXEDGE4.EXCHANGE.MIT.EDU [18.9.3.27]) by outgoing-exchange-2.mit.edu (8.13.8/8.12.4) with ESMTP id p8NGDD2k014139; Fri, 23 Sep 2011 12:13:13 -0400
Received: from w92exhub5.exchange.mit.edu (18.7.73.11) by OC11EXEDGE4.EXCHANGE.MIT.EDU (18.9.3.27) with Microsoft SMTP Server (TLS) id 14.1.289.1; Fri, 23 Sep 2011 12:12:47 -0400
Received: from EXPO10.exchange.mit.edu ([18.9.4.15]) by w92exhub5.exchange.mit.edu ([18.7.73.11]) with mapi; Fri, 23 Sep 2011 12:13:12 -0400
From: Thomas Hardjono <hardjono@MIT.EDU>
To: "krb-wg mailing list (ietf-krb-wg@lists.anl.gov)" <ietf-krb-wg@lists.anl.gov>, "kerberos@mit.edu" <kerberos@mit.edu>
Date: Fri, 23 Sep 2011 12:13:11 -0400
Thread-Topic: Reminder: hotel group-rate ends tomorrow 9/24th - 2011 Kerberos Conference & Interop (25-28 Oct at MIT): Registration (free) & Hotel info
Thread-Index: Acx6C7CD9qhYoe6tQG+Jm7FY/wraDg==
Message-ID: <DADD7EAD88AB484D8CCC328D40214CCD0E7674B8C6@EXPO10.exchange.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrBJsWRmVeSWpSXmKPExsUixCmqrZu5ocbPYE6excHLLUwWL2eLWLxY /JLRYs2/K2wWl969ZrR4d+4no8Xcw+uYLC41TAaqODuXzeL91GlMFp37vrFaTFr/h8Xie8MN Zovzz36yWty99J/donv3QjaLf918Fid3nGe1ePhzCrvF5OMCFus6rrFbzOkFmrHodRurxavm rawW7461slssnvaD0UHK49aBp6we65rmsHks2FTqMe3xRhaPxXteMnm8nbyW0WPuhCmMHq07 /rJ7NPx6yugx49MXNo+PT2+xeMz9MI3F4/2+q2weP+9MZPK4s+oXYwB/FJdNSmpOZllqkb5d AlfGyflL2Qq28lWcXfuepYHxNXcXIyeHhICJxM1HR5kgbDGJC/fWs3UxcnEICexjlLix9Toz hHOAUWLTzp+MEM5VRomly94wg7QICWxjlNj7IQ4iMYFRYtq5s2wgCTYBDYlzv/eyg9giAs2M EgcW24HYLAKqEu/+nmAFaRAWmMIosbjhDthCEYHZjBK3em6yQXToSUxa8gRsBa9AgMTevx/B LmQEuvD7qTVgNrOAuMStJ/OhLheUWDR7DzPMF/92PWSDqBeVuNO+nhGiXk/ixtQpbBC2tsSy ha+h5gtKnJz5hGUCo9gsJGNnIWmZhaRlFpKWBYwsqxhlU3KrdHMTM3OKU5N1i5MT8/JSi3TN 9XIzS/RSU0o3MYISGLuLyg7G5kNKhxgFOBiVeHhvxlb7CbEmlhVX5h5ilORgUhLlXbe6xk+I Lyk/pTIjsTgjvqg0J7X4EKMEB7OSCO/7ZUA53pTEyqrUonyYlDQHi5I4r81OBz8hgfTEktTs 1NSC1CKYrAwHh5IEb+F6oEbBotT01Iq0zJwShDQTByfIcB6g4StAaniLCxJzizPTIfKnGBWl xHkngyQEQBIZpXlwvbAM84pRHOgVYd7VIFU8wOwE1/0KaDAT0GClwkqQwSWJCCmpBsZaRfFl fcyTBLeUGf97Vv+AyTuGp7f5hHfQeoWHWSwRl613/1r+X/GZk9nbSad2/VY39Zr674uin2zF j7B5890aF15dtiAyX2TOgdV88zY9LUo4VM23uev31apH8vddGApF46/PN+3y6ZvO1XC6Xfdc RrT5KYdr7rUlvc+m8/ZPqndjqTd4I6XEUpyRaKjFXFScCAAAsnsfCwQAAA==
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Subject: [Ietf-krb-wg] Reminder: hotel group-rate ends tomorrow 9/24th - 2011 Kerberos Conference & Interop (25-28 Oct at MIT): Registration (free) & Hotel info
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

Folks,

Just a gentle reminder that the group-rate offer for the Kendall Hotel will=
 end tomorrow Saturday Sept 24th.


/thomas/

---------------------------

-----Original Message-----
From: ietf-krb-wg-bounces@lists.anl.gov [mailto:ietf-krb-wg-bounces@lists.a=
nl.gov] On Behalf Of Thomas Hardjono
Sent: Monday, September 19, 2011 10:39 AM
To: ietf-krb-wg@lists.anl.gov; kerberos@mit.edu
Subject: [Ietf-krb-wg] 2011 Kerberos Conference & Interop (25-28 Oct at MIT=
): Registration (free) & Hotel info


Folks,

The 2011 Kerberos Conference and Interop will be held at MIT on October 25-=
28, 2011. The Conference will be on the Tuesday-Wednesday (25-26 Oct), whil=
e the Interop on the Thursday-Friday (27-28 Oct).

Registration is Free.

http://www.kerberos.org/events/2011conf-interop/index.html


(a) The Conference Registration page is now open:

http://www.kerberos.org/events/2011conf-interop/reg.html


(b) Hotel:  =

We have negotiated a limited number of rooms at a group-rate for October 24=
th and 25th evenings, at the historic Kendall Hotel at Kendall Square (at M=
IT) in Cambridge, MA.  We recommend you to book your hotel as soon as possi=
ble, since late October is peak season in Boston and New England generally.

The Group-rate hotel reservation ends September 24th (ie. this Saturday!).


(c) Interop participation:
If you wish to participate in the Interop Event, please email me so that I =
can send you the test planning template doc.


We look forward to seeing you at the 2011 MIT Kerberos Conference & Interop.

Regards.

/thomas/



__________________________________________
Thomas Hardjono
MIT Kerberos Consortium
email:=A0 hardjono[at]mit.edu
mobile: +1 781-729-9559
desk:=A0=A0=A0+1 617-715-2451
__________________________________________


_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Fri Sep 23 09:38:16 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E96BB21F8C75 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Fri, 23 Sep 2011 09:38:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.586
X-Spam-Level: 
X-Spam-Status: No, score=-105.586 tagged_above=-999 required=5 tests=[AWL=1.013, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rCrObELNYEkN for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Fri, 23 Sep 2011 09:38:16 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 28E6F21F8C48 for <krb-wg-archive@lists.ietf.org>; Fri, 23 Sep 2011 09:38:16 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id AF59564; Fri, 23 Sep 2011 11:40:50 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 6592E60; Fri, 23 Sep 2011 11:40:50 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 4C8262CCA9F; Fri, 23 Sep 2011 11:40:50 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 425E02CCA9C for <ietf-krb-wg@lists.anl.gov>; Fri, 23 Sep 2011 11:40:49 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id 36B1211; Fri, 23 Sep 2011 11:40:49 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 3251446 for <ietf-krb-wg@anl.gov>; Fri, 23 Sep 2011 11:40:49 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 2C59911 for <ietf-krb-wg@anl.gov>; Fri, 23 Sep 2011 11:40:49 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 0467D7CC05E; Fri, 23 Sep 2011 11:40:49 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 04167-03; Fri, 23 Sep 2011 11:40:48 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id DCF827CC05C for <ietf-krb-wg@anl.gov>; Fri, 23 Sep 2011 11:40:48 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AlUDAGC1fE5FGcQcgWdsb2JhbABCqCgBARYmJoFTAQEFOj8QCyElDwEEGDETtgKIf4cBBKUf
X-IronPort-AV: E=Sophos;i="4.68,431,1312174800"; d="scan'208";a="67244967"
Received: from permutation-city.suchdamage.org (HELO mail.suchdamage.org) ([69.25.196.28]) by mailgateway.anl.gov with ESMTP; 23 Sep 2011 11:40:48 -0500
Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id 3A6E4203B1; Fri, 23 Sep 2011 12:42:31 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 391A64234; Fri, 23 Sep 2011 12:40:25 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: Josh Howlett <Josh.Howlett@ja.net>
References: <CAA25379.2ED79%josh.howlett@ja.net>
Date: Fri, 23 Sep 2011 12:40:25 -0400
In-Reply-To: <CAA25379.2ED79%josh.howlett@ja.net> (Josh Howlett's message of "Fri, 23 Sep 2011 14:37:50 +0000")
Message-ID: <tsl62kjyzye.fsf@mit.edu>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux)
MIME-Version: 1.0
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: "ietf-krb-wg@anl.gov" <ietf-krb-wg@anl.gov>, Sam Hartman <hartmans-ietf@mit.edu>
Subject: Re: [Ietf-krb-wg] Comments on adopting draft-perez-krb-wg-gss-preauth-00.txt
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

>>>>> "Josh" == Josh Howlett <Josh.Howlett@ja.net> writes:

    Josh> I'm curious whether this mechanism will provide an RFC4401 PRF
    Josh> and how this will relate (if at all) to the subordinate
    Josh> mechanism's PRF.

This is a adapter from GSS to Kerberos preauth isn't it?  Kerberos
preauth doesn't have a PRF although it may use one.  So, I'd assume it
wouldn't provide a 4401 PRF because that's a GSS thing and this provides
Kerberos preauth things.
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Fri Sep 23 09:46:46 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 466B621F8B2D for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Fri, 23 Sep 2011 09:46:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.824
X-Spam-Level: 
X-Spam-Status: No, score=-104.824 tagged_above=-999 required=5 tests=[AWL=1.775, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mORbNUrhX74T for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Fri, 23 Sep 2011 09:46:45 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 854BA21F85B9 for <krb-wg-archive@lists.ietf.org>; Fri, 23 Sep 2011 09:46:45 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 2EA5C11; Fri, 23 Sep 2011 11:49:20 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id AE60746; Fri, 23 Sep 2011 11:49:19 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 7E95C2CCA9F; Fri, 23 Sep 2011 11:49:19 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 94A142CCA9C for <ietf-krb-wg@lists.anl.gov>; Fri, 23 Sep 2011 11:49:17 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id 8F56011; Fri, 23 Sep 2011 11:49:17 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 8ADA446 for <ietf-krb-wg@anl.gov>; Fri, 23 Sep 2011 11:49:17 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 8540711 for <ietf-krb-wg@anl.gov>; Fri, 23 Sep 2011 11:49:17 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 6CF757CC05C; Fri, 23 Sep 2011 11:49:17 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 06589-01; Fri, 23 Sep 2011 11:49:17 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id E7CF07CC05F for <ietf-krb-wg@anl.gov>; Fri, 23 Sep 2011 11:49:16 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ApwDAKW3fE7CUoxKgWdsb2JhbABCDqgGFAEBFiYmgVMBBjoZJhIBCDZCJQIEDod/txGHAQSkTDc
X-IronPort-AV: E=Sophos;i="4.68,431,1312174800"; d="scan'208";a="67245470"
Received: from egw001.ukerna.ac.uk ([194.82.140.74]) by mailgateway.anl.gov with ESMTP; 23 Sep 2011 11:49:16 -0500
Received: from egw001.ukerna.ac.uk (localhost.localdomain [127.0.0.1]) by localhost (Email Security Appliance) with SMTP id 17EA71A9D692_E7CB88BB; Fri, 23 Sep 2011 16:49:15 +0000 (GMT)
Received: from EXC001.atlas.ukerna.ac.uk (exc001.atlas.ukerna.ac.uk [193.62.83.37]) by egw001.ukerna.ac.uk (Sophos Email Appliance) with ESMTP id 778BE1A9D125_E7CB88AF; Fri, 23 Sep 2011 16:49:14 +0000 (GMT)
Received: from EXC001.atlas.ukerna.ac.uk ([193.62.83.37]) by EXC001 ([193.62.83.37]) with mapi id 14.01.0289.001; Fri, 23 Sep 2011 17:49:08 +0100
From: Josh Howlett <Josh.Howlett@ja.net>
To: Sam Hartman <hartmans-ietf@mit.edu>
Thread-Topic: [Ietf-krb-wg] Comments on adopting draft-perez-krb-wg-gss-preauth-00.txt
Thread-Index: AQHMeg+RI60yihsQuEO87Tz5iUliKZVbLUmA
Date: Fri, 23 Sep 2011 16:49:07 +0000
Message-ID: <CAA275F5.2EF67%josh.howlett@ja.net>
In-Reply-To: <tsl62kjyzye.fsf@mit.edu>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
user-agent: Microsoft-MacOutlook/14.13.0.110805
x-originating-ip: [194.82.140.76]
Content-ID: <83547F2EBF886A40A8261E23287B2B8C@ukerna.ac.uk>
MIME-Version: 1.0
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: "ietf-krb-wg@anl.gov" <ietf-krb-wg@anl.gov>
Subject: Re: [Ietf-krb-wg] Comments on adopting draft-perez-krb-wg-gss-preauth-00.txt
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

>This is a adapter from GSS to Kerberos preauth isn't it?  Kerberos
>preauth doesn't have a PRF although it may use one.  So, I'd assume it
>wouldn't provide a 4401 PRF because that's a GSS thing and this provides
>Kerberos preauth things.

Of course you're right; excuse the confusion!

Josh.



JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG

_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Fri Sep 23 13:06:10 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C99B21F8C5F for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Fri, 23 Sep 2011 13:06:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.568
X-Spam-Level: 
X-Spam-Status: No, score=-104.568 tagged_above=-999 required=5 tests=[AWL=2.031, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ovsAB2ybelna for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Fri, 23 Sep 2011 13:05:54 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 0C91221F8C79 for <krb-wg-archive@lists.ietf.org>; Fri, 23 Sep 2011 13:05:54 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 202A564; Fri, 23 Sep 2011 15:08:29 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 70AC446; Fri, 23 Sep 2011 15:08:26 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 47CA280EDA; Fri, 23 Sep 2011 15:08:26 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id D940280EC2 for <ietf-krb-wg@lists.anl.gov>; Fri, 23 Sep 2011 15:08:24 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id C0BFB7CC05D; Fri, 23 Sep 2011 15:08:24 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 31246-01; Fri, 23 Sep 2011 15:08:24 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id A539A7CC05A for <ietf-krb-wg@lists.anl.gov>; Fri, 23 Sep 2011 15:08:24 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AjkEAIzmfE4MFjoekmdsb2JhbABChF2UfwEBjjgUAQEBAQkLCwcSKIF9VjUCJgJJIBKHdaU1kWiBLIREgREEh3KLYJFR
X-IronPort-AV: E=Sophos;i="4.68,432,1312174800"; d="scan'208";a="67257312"
Received: from mail.ietf.org ([12.22.58.30]) by mailgateway.anl.gov with ESMTP; 23 Sep 2011 15:08:24 -0500
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A73F421F8C79 for <ietf-krb-wg@lists.anl.gov>; Fri, 23 Sep 2011 13:05:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EC8jKCcRm3sh; Fri, 23 Sep 2011 13:05:47 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BC9A21F8C37; Fri, 23 Sep 2011 13:05:47 -0700 (PDT)
MIME-Version: 1.0
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 3.60
Message-ID: <20110923200547.11900.47654.idtracker@ietfa.amsl.com>
Date: Fri, 23 Sep 2011 13:05:47 -0700
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: ietf-krb-wg@lists.anl.gov
Subject: [Ietf-krb-wg] I-D Action: draft-ietf-krb-wg-clear-text-cred-03.txt
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Kerberos Working Group of the IETF.

	Title           : The Unencrypted Form Of Kerberos 5 KRB-CRED Message
	Author(s)       : Russell J. Yount
	Filename        : draft-ietf-krb-wg-clear-text-cred-03.txt
	Pages           : 5
	Date            : 2011-09-23

   The Kerberos 5 KRB-CRED message is used to transfer Kerberos
   credentials between applications.  When used with a secure transport
   the unencrypted form of the KRB-CRED message may be desirable.  This
   document describes the unencrypted form of the KRB-CRED message.


A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-clear-text-cred-03.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

This Internet-Draft can be retrieved at:
ftp://ftp.ietf.org/internet-drafts/draft-ietf-krb-wg-clear-text-cred-03.txt
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Sun Sep 25 23:43:42 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3C8A21F888A for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Sun, 25 Sep 2011 23:43:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.599
X-Spam-Level: 
X-Spam-Status: No, score=-5.599 tagged_above=-999 required=5 tests=[AWL=1.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T3yIW-gL-Ekf for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Sun, 25 Sep 2011 23:43:42 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 571CD21F87F0 for <krb-wg-archive@lists.ietf.org>; Sun, 25 Sep 2011 23:43:42 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id E7C8528; Mon, 26 Sep 2011 01:46:23 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 916ED21; Mon, 26 Sep 2011 01:46:18 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 62B5D2E409D; Mon, 26 Sep 2011 01:46:18 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 1160A80ECA for <ietf-krb-wg@lists.anl.gov>; Mon, 26 Sep 2011 01:46:16 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id C29B37CC05C; Mon, 26 Sep 2011 01:46:16 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27678-05; Mon, 26 Sep 2011 01:46:16 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id A6FEE7CC05A for <ietf-krb-wg@lists.anl.gov>; Mon, 26 Sep 2011 01:46:16 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AkwBAKgegE6bNtSokWdsb2JhbABBhGKUYI5BFAEBAQEJCwsHFAUhgVMBAQEBAgEBAQEgFTYKBgsLGgIFFgsCAgkDAgECARUBLxMGAgEBh3QGpzyQRoEshE6BEQSROoc6jBM
X-IronPort-AV: E=Sophos;i="4.68,442,1312174800"; d="scan'208";a="67308001"
Received: from xenon14.um.es ([155.54.212.168]) by mailgateway.anl.gov with ESMTP; 26 Sep 2011 01:46:16 -0500
Received: from localhost (localhost [127.0.0.1]) by xenon14.um.es (Postfix) with ESMTP id B92C25D532 for <ietf-krb-wg@lists.anl.gov>; Mon, 26 Sep 2011 08:46:14 +0200 (CEST)
X-Virus-Scanned: by antispam in UMU at xenon14.um.es
Received: from xenon14.um.es ([127.0.0.1]) by localhost (xenon14.um.es [127.0.0.1]) (amavisd-new, port 10024) with LMTP id c0Rpa4qtYEbZ for <ietf-krb-wg@lists.anl.gov>; Mon, 26 Sep 2011 08:46:14 +0200 (CEST)
Received: from [155.54.205.224] (inf-205-224.inf.um.es [155.54.205.224]) (Authenticated sender: alex) by xenon14.um.es (Postfix) with ESMTPA id 39EE35D58C for <ietf-krb-wg@lists.anl.gov>; Mon, 26 Sep 2011 08:46:12 +0200 (CEST)
Message-ID: <4E801FB4.1060103@um.es>
Date: Mon, 26 Sep 2011 08:46:12 +0200
From: Alejandro Perez Mendez <alex@um.es>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.21) Gecko/20110831 Lightning/1.0b2 Thunderbird/3.1.13
MIME-Version: 1.0
To: ietf-krb-wg@lists.anl.gov
References: <CAA25379.2ED79%josh.howlett@ja.net>
In-Reply-To: <CAA25379.2ED79%josh.howlett@ja.net>
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Subject: Re: [Ietf-krb-wg] Comments on adopting draft-perez-krb-wg-gss-preauth-00.txt
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

>> we've received a request from the authors to consider adopting the GSS
>> pre-authentication mechanism as a working group document.
> I support adoption.
>

Great.

>> I'd like to solicit comments on this by October 5.
> The document currently references draft-ietf-krb-wg-preauth-framework-17;
> RFC6113 would probably be more appropriate now.

You are right. I will change in for the next version.

Regards,
Alejandro

> I'm curious whether this mechanism will provide an RFC4401 PRF and how
> this will relate (if at all) to the subordinate mechanism's PRF.
>
> Josh.
>
>
>
> JANET(UK) is a trading name of The JNT Association, a company limited
> by guarantee which is registered in England under No. 2881024
> and whose Registered Office is at Lumen House, Library Avenue,
> Harwell Oxford, Didcot, Oxfordshire. OX11 0SG
>
> _______________________________________________
> ietf-krb-wg mailing list
> ietf-krb-wg@lists.anl.gov
> https://lists.anl.gov/mailman/listinfo/ietf-krb-wg
_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Mon Sep 26 07:31:08 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47C6021F8D88 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Mon, 26 Sep 2011 07:31:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.51
X-Spam-Level: 
X-Spam-Status: No, score=-104.51 tagged_above=-999 required=5 tests=[AWL=2.089, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D0CdKeAyWQr8 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Mon, 26 Sep 2011 07:30:59 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id B9A0F21F8D8B for <krb-wg-archive@lists.ietf.org>; Mon, 26 Sep 2011 07:30:59 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 5DCB646; Mon, 26 Sep 2011 09:33:42 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id D769D39; Mon, 26 Sep 2011 09:33:38 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id AFC502D40CA; Mon, 26 Sep 2011 09:33:38 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 458462D40C9 for <ietf-krb-wg@lists.anl.gov>; Mon, 26 Sep 2011 09:33:36 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 266FB7CC05D; Mon, 26 Sep 2011 09:33:36 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 03015-10; Mon, 26 Sep 2011 09:33:36 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 09D3A7CC05A for <ietf-krb-wg@lists.anl.gov>; Mon, 26 Sep 2011 09:33:36 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AlABAJmMgE4MFjoemWdsb2JhbABBmUsBjkUUAQEBAQEICwsHFCaCFD9RBSo+CogHuVmHCwSHcoQVh0uRUw
X-IronPort-AV: E=Sophos;i="4.68,444,1312174800"; d="scan'208";a="67324456"
Received: from mail.ietf.org ([12.22.58.30]) by mailgateway.anl.gov with ESMTP; 26 Sep 2011 09:33:35 -0500
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26BBB21F8D8B; Mon, 26 Sep 2011 07:30:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i3PIewezwN5u; Mon, 26 Sep 2011 07:30:51 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B99521F8D8C; Mon, 26 Sep 2011 07:30:51 -0700 (PDT)
MIME-Version: 1.0
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 3.60
Message-ID: <20110926143051.3804.85364.idtracker@ietfa.amsl.com>
Date: Mon, 26 Sep 2011 07:30:51 -0700
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: krb-wg mailing list <ietf-krb-wg@lists.anl.gov>, krb-wg chair <krb-wg-chairs@tools.ietf.org>, RFC Editor <rfc-editor@rfc-editor.org>
Subject: [Ietf-krb-wg] Protocol Action: 'The Unencrypted Form Of Kerberos 5 KRB-CRED	Message' to Proposed Standard	(draft-ietf-krb-wg-clear-text-cred-03.txt)
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

The IESG has approved the following document:
- 'The Unencrypted Form Of Kerberos 5 KRB-CRED Message'
  (draft-ietf-krb-wg-clear-text-cred-03.txt) as a Proposed Standard

This document is the product of the Kerberos Working Group.

The IESG contact persons are Stephen Farrell and Sean Turner.

A URL of this Internet Draft is:
http://datatracker.ietf.org/doc/draft-ietf-krb-wg-clear-text-cred/




Technical Summary

The Kerberos 5 KRB-CRED message is used to transfer Kerberos
credentials between applications. When used with a secure transport
the unencrypted form of the KRB-CRED message may be desirable. This
document describes the unencrypted form of the KRB-CRED message.

Working Group Summary

The Kerberos Working group had consensus to publish this document as a
proposed standard.

Document Quality

The OASIS Security Services TC received a request for a mechanism to
transport a Kerberos ticket and associated credential information in
the Security Assertion Markup Language. This will be transported over
a confidentiality and integrity protected channel. The intent is for a
SAML IDP to be able to permit a SAML service to use Kerberos acting on
behalf of some subject. As such, the service may have no existing
Kerberos keying material but will have SAML keying material. As an
implementation accident, at least three Kerberos implementations
already had a facility for transporting Kerberos credentials without a
key. Previously this was thought to be an unneeded facility that at
best was yet another corner case to test. This document standardizes
that already widely implemented facility because it happened to meet
the needs of the WG in this area. 

Personnel

Sam Hartman is the document shepherd.
Stephen Farrell is the responsible AD.

_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

From ietf-krb-wg-bounces@lists.anl.gov  Mon Sep 26 10:27:31 2011
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5D201F0C3C for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Mon, 26 Sep 2011 10:27:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.549
X-Spam-Level: 
X-Spam-Status: No, score=-106.549 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BiayjfEb4lWq for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Mon, 26 Sep 2011 10:27:31 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id CEC421F0C35 for <krb-wg-archive@lists.ietf.org>; Mon, 26 Sep 2011 10:27:30 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id ADF5C3F; Mon, 26 Sep 2011 12:30:13 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 5C87E2E; Mon, 26 Sep 2011 12:30:12 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id E66D82E40A4; Mon, 26 Sep 2011 12:30:11 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id B3CFB2E407F for <ietf-krb-wg@lists.anl.gov>; Mon, 26 Sep 2011 12:30:10 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id AE49321; Mon, 26 Sep 2011 12:30:10 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id A9B1D2B for <ietf-krb-wg@anl.gov>; Mon, 26 Sep 2011 12:30:10 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id A0AC721 for <ietf-krb-wg@anl.gov>; Mon, 26 Sep 2011 12:30:10 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 8C9A27CC05D; Mon, 26 Sep 2011 12:30:10 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 03477-08; Mon, 26 Sep 2011 12:30:10 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 684DF7CC056 for <ietf-krb-wg@anl.gov>; Mon, 26 Sep 2011 12:30:10 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Am4AAJ21gE6AAtnFkWdsb2JhbABChGKjLxQBAQEBCQsLBxQFIYFVKFY1AiYCsh2IX4kAgSyEToERBJh0jC0
X-IronPort-AV: E=Sophos;i="4.68,445,1312174800"; d="scan'208";a="67338279"
Received: from smtp02.srv.cs.cmu.edu ([128.2.217.197]) by mailgateway.anl.gov with ESMTP/TLS/DHE-RSA-AES256-SHA; 26 Sep 2011 12:30:10 -0500
Received: from [66.233.146.161] (66-233-146-161.pit.clearwire-wmx.net [66.233.146.161] (may be forged)) (authenticated bits=0) by smtp02.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id p8QHU5B5008240 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 26 Sep 2011 13:30:08 -0400 (EDT)
From: Jeffrey Hutzelman <jhutz@cmu.edu>
To: ietf-krb-wg@anl.gov
Date: Mon, 26 Sep 2011 13:30:05 -0400
Message-ID: <1317058205.2548.117.camel@destiny.pc.cs.cmu.edu>
Mime-Version: 1.0
X-Mailer: Evolution 2.30.3 
X-Scanned-By: mimedefang-cmuscs on 128.2.217.197
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: jhutz@cmu.edu
Subject: [Ietf-krb-wg] Camellia Adoption
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group.  {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

On June 29, Sam sent a message requesting comments on adopting Greg
Hudson's Camellia CTS draft as a working group item.  Specifically, we
were looking for a consensus in general on the move from counter modes
to CTS, and in particular on adopting Greg's draft as the basis for
that work.  We were also looking to develop a consensus on intended
status.

At the time of Sam's post, we were operating under the presumption that
we already had consensus to work on a Camellia enctype in some form, on
the basis of a consensus call I did last November.  However, Stephen
Farrell, in his role as AD, asked who actually wants Camellia support
in Kerberos.  Stephen's concern is avoiding an unnecessary
proliferation of ciphers, not just in Kerberos but in any protocol.  In
partial response to Stephen's question, Sam asked for comments from WG
participants who support working on a Camellia enctype document,
essentially revisiting the consensus call from last November.

So, we have been considering three questions:
1) Should the WG be working on a Camellia document at all?
2) Moving to CTS; particularly, adopting Greg's document
3) Intended status


On the question of whether we should be doing Camellia work at all, I
saw support for this work from at least Thomas Hardjono, Greg Hudson,
Satoru Kanno, Nicolas Williams, Henry Hotz, and Tom Yu.  I was unable
to find any specific objections to adopting this work, though Sam did
point out his continuing objection to adopting any enctype work unless
it is intended for standards track.  Finally, the minutes from IETF81
show 7 in favor of adopting, including Leif Johansson, and two opposed,
including Jim Schaad.

On the question of moving to CTS in general and using Greg's draft in
particular, I saw only a handful of responses.  Greg reviewed the
reasoning behind the change, and Nico pointed out that with counter
modes out of the picture, there really is no other viable alternative.
There was also a comment from Henry Hotz in favor of Greg's draft. I
found no indication of opposition to this move, nor any objections to
use of Greg's draft as the basis for any WG work that may happen.

Overall, both responses to Sam's post and discussion during IETF81 has
focused on Camellia in general and not on CTS or Greg's draft vs some
other alternative.  However, given the technical discussions which have
led us in this direction, I do not believe this point to be
controversial.

That leaves the question of intended status.  Thomas Hardjono expressed
support for advancing this document on the standards track.  Simon
Josefsson said he would prefer informational.  Nicolas Williams had no
strong opinion on the intended status, but said he would oppose making
implementation of a Camellia enctype mandatory in Kerberos.  Martin Rex
expressed an opinion that the IETF should be somewhat conservative in
placing documents on the standards track; however, he also explicitly
disclaimed any opposition to placing this document on the standards
track.


Overall, I find that the situation is very similar to what we had last
November.  We do seem to have a consensus to proceed with this work,
but we do not have a consensus to place it on the standards track, or
indeed any consensus on intended status.  There does seem to be a
consensus to use Greg's document as a basis for this work, though I am
basing this determination largely on the lack of either objections or
alternative proposals, rather than on a strong indication of support
for this specific approach.

Therefore, draft-hudson-krbwg-camellia-cts will be adopted as a
Kerberos working group document.


Stephen asked about interest in Camellia support in Kerberos, not only
in doing the work but also in using it.  I believe it is clear that
there is sufficient interest in doing the work.  Thomas and others have
referred to a desire on the part of companies, mostly in Japan, to
deploy Kerberos with enctypes other than AES, and specifically with
Camellia.  Finally, there has been some discussion of adopting a
"backup" enctype which can be deployed in the event that a problem is
found either with AES itself or with other aspects of our AES
enctypes.  While it is certainly not the only option, Camellia is
certainly a candidate for such a backup, should we decide to select
one.


Finally, a process note.  In the course of this discussion, someone
quoted the portion of our charter which talks about adopting enctype
work, and asked which of criteria listed for standard-track enctypes
was not met by Camellia.  I want to remind everyone that while the
charter does list specific criteria for standards-track enctypes (and
none for other enctype work), these are not the only requirements.  In
order to adopt any work item (not just enctypes), there must be
participants willing to take part in the work as editors, contributors,
and/or reviewers, and there must be a consensus in the working group to
adopt the item.  Similarly, an action such as recommending a document
be placed on the standards track will generally require a working group
consensus, unless the charter explicitly requires a particular status
for that work.


-- Jeff


_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg