From nobody Sun Mar 2 23:26:47 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45DFA1A0BF1 for ; Sun, 2 Mar 2014 23:26:45 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.146 X-Spam-Level: X-Spam-Status: No, score=-3.146 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.547] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jWwWIRWoFCbV for ; Sun, 2 Mar 2014 23:26:42 -0800 (PST) Received: from de307622-de-outbound.net.avaya.com (de307622-de-outbound.net.avaya.com [198.152.71.100]) by ietfa.amsl.com (Postfix) with ESMTP id E1F621A0D4E for ; Sun, 2 Mar 2014 23:26:36 -0800 (PST) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AjgFAGotFFPGmAcV/2dsb2JhbABagkIjITtXwE+BGxZ0gicBAQMSG14BFRVWJgEEGxqHVwGcRYRUqyyOKINcgRQEny6DcYdIgy2CKg X-IronPort-AV: E=Sophos; i="4.97,576,1389762000"; d="scan'208,217"; a="44896318" Received: from unknown (HELO co300216-co-erhwest-exch.avaya.com) ([198.152.7.21]) by de307622-de-outbound.net.avaya.com with ESMTP; 03 Mar 2014 02:26:32 -0500 Received: from unknown (HELO AZ-FFEXHC01.global.avaya.com) ([135.64.58.11]) by co300216-co-erhwest-out.avaya.com with ESMTP/TLS/AES128-SHA; 03 Mar 2014 02:14:04 -0500 Received: from AZ-FFEXMB04.global.avaya.com ([fe80::6db7:b0af:8480:c126]) by AZ-FFEXHC01.global.avaya.com ([135.64.58.11]) with mapi id 14.03.0174.001; Mon, 3 Mar 2014 08:26:31 +0100 From: "Romascanu, Dan (Dan)" To: "sacm@ietf.org" Thread-Topic: more important information for the WG meeting this week Thread-Index: Ac82seWAbS5gpyx7T0Wi/VtlfcKZgA== Date: Mon, 3 Mar 2014 07:26:30 +0000 Message-ID: <9904FB1B0159DA42B0B887B7FA8119CA2E43F3A1@AZ-FFEXMB04.global.avaya.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [135.64.58.45] Content-Type: multipart/alternative; boundary="_000_9904FB1B0159DA42B0B887B7FA8119CA2E43F3A1AZFFEXMB04globa_" MIME-Version: 1.0 Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/TU8PPVPzQFDUJPGmS7-acxFD6nc Subject: [sacm] more important information for the WG meeting this week X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Mar 2014 07:26:45 -0000 --_000_9904FB1B0159DA42B0B887B7FA8119CA2E43F3A1AZFFEXMB04globa_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, To make the best of the meeting time this week please: - Read the agenda and the documents in the reading list and come p= repared for constructive comments and discussions about the documents on th= e agenda - If you own an item on the agenda please send us your presentatio= n until the evening before the meeting - Volunteer to be a scribe for the minutes and jabber - from our e= xperience short notes from several people are better - If the time will allow we will discuss new items and ideas at th= e end of the meeting but only if all WG items on the agenda were discussed Thanks and Regards, Adam and Dan --_000_9904FB1B0159DA42B0B887B7FA8119CA2E43F3A1AZFFEXMB04globa_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi,

 

To make the best of the meeting time this week pleas= e:

-     &= nbsp;    Read the agenda and the do= cuments in the reading list and come prepared for constructive comments and= discussions about the documents on the agenda

-     &= nbsp;    If you own an item on the = agenda please send us your presentation until the evening before the meetin= g

-     &= nbsp;    Volunteer to be a scribe f= or the minutes and jabber – from our experience short notes from seve= ral  people are better

-     &= nbsp;    If the time will allow we = will discuss new items and ideas at the end of the meeting but only if all = WG items on the agenda were discussed

 

Thanks and Regards,

 

Adam and Dan

 

--_000_9904FB1B0159DA42B0B887B7FA8119CA2E43F3A1AZFFEXMB04globa_-- From nobody Mon Mar 3 01:57:15 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6924A1A0DAF; Mon, 3 Mar 2014 01:56:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1nz8WcwqvCsk; Mon, 3 Mar 2014 01:56:17 -0800 (PST) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F6C21A0DB7; Mon, 3 Mar 2014 01:56:17 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 5.0.2 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20140303095617.15853.15575.idtracker@ietfa.amsl.com> Date: Mon, 03 Mar 2014 01:56:17 -0800 Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/RhGhtml_e2KkMcCCkoviKPttRSI X-Mailman-Approved-At: Mon, 03 Mar 2014 01:57:14 -0800 Cc: sacm@ietf.org Subject: [sacm] I-D Action: draft-ietf-sacm-use-cases-06.txt X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Mar 2014 09:56:21 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Security Automation and Continuous Monitoring Working Group of the IETF. Title : Endpoint Security Posture Assessment - Enterprise Use Cases Authors : David Waltermire David Harrington Filename : draft-ietf-sacm-use-cases-06.txt Pages : 28 Date : 2014-03-03 Abstract: This memo documents a sampling of use cases for securely aggregating configuration and operational data and evaluating that data to determine an organization's security posture. From these operational use cases, we can derive common functional capabilities and requirements to guide development of vendor-neutral, interoperable standards for aggregating and evaluating data relevant to security posture. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sacm-use-cases/ There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-sacm-use-cases-06 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=draft-ietf-sacm-use-cases-06 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Mon Mar 3 01:58:58 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DE871A0DB7; Mon, 3 Mar 2014 01:58:57 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I9-q1Ley6Xse; Mon, 3 Mar 2014 01:58:55 -0800 (PST) Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1lp0145.outbound.protection.outlook.com [207.46.163.145]) by ietfa.amsl.com (Postfix) with ESMTP id B43D71A0D6D; Mon, 3 Mar 2014 01:58:54 -0800 (PST) Received: from BLUPR09MB038.namprd09.prod.outlook.com (10.255.211.144) by BLUPR09MB021.namprd09.prod.outlook.com (10.255.211.141) with Microsoft SMTP Server (TLS) id 15.0.888.9; Mon, 3 Mar 2014 09:58:51 +0000 Received: from BLUPR09MB038.namprd09.prod.outlook.com ([169.254.11.145]) by BLUPR09MB038.namprd09.prod.outlook.com ([169.254.11.145]) with mapi id 15.00.0888.003; Mon, 3 Mar 2014 09:58:50 +0000 From: "Waltermire, David A." To: "internet-drafts@ietf.org" , "i-d-announce@ietf.org" Thread-Topic: [sacm] I-D Action: draft-ietf-sacm-use-cases-06.txt Thread-Index: AQHPNsb1mYVg0PX8rU2Ktk7gMdsoYZrPIKD2 Date: Mon, 3 Mar 2014 09:58:50 +0000 Message-ID: References: <20140303095617.15853.15575.idtracker@ietfa.amsl.com> In-Reply-To: <20140303095617.15853.15575.idtracker@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [129.6.220.143] x-forefront-prvs: 0139052FDB x-forefront-antispam-report: SFV:NSPM; SFS:(10009001)(6009001)(428001)(189002)(377454003)(377424004)(199002)(164054003)(49866001)(47736001)(47976001)(15202345003)(74502001)(31966008)(4396001)(50986001)(74316001)(69226001)(76482001)(53806001)(19580405001)(19580395003)(83322001)(85306002)(74366001)(74662001)(81542001)(47446002)(74876001)(74706001)(95666003)(92566001)(76796001)(76786001)(33646001)(94316002)(86362001)(76576001)(94946001)(93516002)(80976001)(81686001)(81816001)(95416001)(80022001)(15975445006)(87936001)(87266001)(83072002)(66066001)(56816005)(85852003)(63696002)(56776001)(54356001)(77982001)(81342001)(2656002)(77096001)(54316002)(65816001)(59766001)(93136001)(79102001)(90146001)(51856001)(46102001)(24736002); DIR:OUT; SFP:1101; SCL:1; SRVR:BLUPR09MB021; H:BLUPR09MB038.namprd09.prod.outlook.com; CLIP:129.6.220.143; FPR:34CFFD7D.9FF09709.95D9BFBB.40E15151.202A8; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (: nist.gov does not designate permitted sender hosts) Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nist.gov Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/-zhNXOvQo-UuwnEo6xnLZD5PoCA Cc: "sacm@ietf.org" Subject: Re: [sacm] I-D Action: draft-ietf-sacm-use-cases-06.txt X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Mar 2014 09:58:57 -0000 We will be discussing this version during the WG meeting on Thursday. My ap= pologies for the delay in posting.=0A= =0A= Thanks,=0A= Dave=0A= =0A= ________________________________________=0A= From: sacm on behalf of internet-drafts@ietf.org =0A= Sent: Monday, March 03, 2014 10:56 AM=0A= To: i-d-announce@ietf.org=0A= Cc: sacm@ietf.org=0A= Subject: [sacm] I-D Action: draft-ietf-sacm-use-cases-06.txt=0A= =0A= A New Internet-Draft is available from the on-line Internet-Drafts director= ies.=0A= This draft is a work item of the Security Automation and Continuous Monito= ring Working Group of the IETF.=0A= =0A= Title : Endpoint Security Posture Assessment - Enterprise= Use Cases=0A= Authors : David Waltermire=0A= David Harrington=0A= Filename : draft-ietf-sacm-use-cases-06.txt=0A= Pages : 28=0A= Date : 2014-03-03=0A= =0A= Abstract:=0A= This memo documents a sampling of use cases for securely aggregating=0A= configuration and operational data and evaluating that data to=0A= determine an organization's security posture. From these operational=0A= use cases, we can derive common functional capabilities and=0A= requirements to guide development of vendor-neutral, interoperable=0A= standards for aggregating and evaluating data relevant to security=0A= posture.=0A= =0A= =0A= The IETF datatracker status page for this draft is:=0A= https://datatracker.ietf.org/doc/draft-ietf-sacm-use-cases/=0A= =0A= There's also a htmlized version available at:=0A= http://tools.ietf.org/html/draft-ietf-sacm-use-cases-06=0A= =0A= A diff from the previous version is available at:=0A= http://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-sacm-use-cases-06=0A= =0A= =0A= Please note that it may take a couple of minutes from the time of submissio= n=0A= until the htmlized version and diff are available at tools.ietf.org.=0A= =0A= Internet-Drafts are also available by anonymous FTP at:=0A= ftp://ftp.ietf.org/internet-drafts/=0A= =0A= _______________________________________________=0A= sacm mailing list=0A= sacm@ietf.org=0A= https://www.ietf.org/mailman/listinfo/sacm=0A= From nobody Mon Mar 3 08:30:56 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D4A41A0278 for ; Mon, 3 Mar 2014 08:30:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7xIL5KXBB2J3 for ; Mon, 3 Mar 2014 08:30:42 -0800 (PST) Received: from mail-ie0-f174.google.com (mail-ie0-f174.google.com [209.85.223.174]) by ietfa.amsl.com (Postfix) with ESMTP id DB3ED1A026F for ; Mon, 3 Mar 2014 08:30:41 -0800 (PST) Received: by mail-ie0-f174.google.com with SMTP id rp18so6330920iec.33 for ; Mon, 03 Mar 2014 08:30:38 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:content-type:content-transfer-encoding :subject:message-id:date:to:mime-version; bh=nB7kRL12LygH9B/x92RH/VkdzSRwbEwojJQkWG3cH1Y=; b=hM2EPYF8hSA2erj5iCxuAinWvC5SQ+FbzfEZRjdoDMcCMVxlt8MAd3KE4nADY6NtVo Gs+xBrelO6+qn7yT/0LkHbmlzXLFo9k/CQ9318XvxlS547jh/FRormT31+wrmCHw4EYu EJ+GgEnSjpozOP1SGX+nkTm1jyz9bDrw8L8GEu7mEAb7akiEYx7Dkg4IT/xE9f++m6ZL pIMmPG8LyYB0M0/xzoss9iM562pyK8AZuA4EUyLKPdMq1GdbPkFYJlh3qJwJxwZFU7BW U3mJvXR4wgXQtNtg0azMB0Jl6f6oWjB5Jx55cEg95jR6LykJ/R8tJAT2G5coGTVHqW1y SfRg== X-Gm-Message-State: ALoCoQlzzbRuFWRSlhbhBX7/fr4la0/MH6rG8mugxAAJ7UZcF5Vc6UhAXX5dw7nt11iLzCy0fKBk X-Received: by 10.50.138.72 with SMTP id qo8mr22738740igb.11.1393864238741; Mon, 03 Mar 2014 08:30:38 -0800 (PST) Received: from [192.168.1.55] (99-64-100-240.lightspeed.austtx.sbcglobal.net. [99.64.100.240]) by mx.google.com with ESMTPSA id r6sm40623346igg.10.2014.03.03.08.30.37 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 03 Mar 2014 08:30:38 -0800 (PST) From: Adam Montville Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-Id: Date: Mon, 3 Mar 2014 10:30:36 -0600 To: sacm@ietf.org Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\)) X-Mailer: Apple Mail (2.1874) Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/WnzcfBpestI8wfbG2bAD3j4QVWc Subject: [sacm] NETMOD draft-ietf-netmod-system-management review X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Mar 2014 16:30:44 -0000 All: It may be beneficial to review this system management doc if you find = the time: http://datatracker.ietf.org/doc/draft-ietf-netmod-system-mgmt/ Sorry to miss those of you who are in London. Adam= From nobody Mon Mar 3 08:39:11 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53B0E1A01F8 for ; Mon, 3 Mar 2014 08:39:10 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g_x440NHO90q for ; Mon, 3 Mar 2014 08:39:08 -0800 (PST) Received: from mail-lb0-x22d.google.com (mail-lb0-x22d.google.com [IPv6:2a00:1450:4010:c04::22d]) by ietfa.amsl.com (Postfix) with ESMTP id 58A8A1A0227 for ; Mon, 3 Mar 2014 08:39:08 -0800 (PST) Received: by mail-lb0-f173.google.com with SMTP id p9so4836246lbv.32 for ; Mon, 03 Mar 2014 08:39:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=wC3gb0z20TGWxeqLHzWILwHsR7pvXleSirgHHkrWyzQ=; b=eM1Q0Z+r8dDRKYNDU3lNPld9biqb5HWqg4FOltsw6E4A1JhccFkzjfoNtmXv21e23k LGVLKZ38FZus1SMHso/ZcXlVcM5Q1rQyRJpfcHoxYe5zZrHdVdde/aJV2Tw8cX7lUL64 0ZTzQUR1Khyx/WSjmvl2N2GDydqPF1pVSwI1q6K0lNH5qNaoFTTfBh6RIO2sffm6gI2l JWCw3g66Rh+Ve5hSKCZW2gGHrRRT5APEAK+zZd/77fBn7sb1MCKHKLu4n5kbbbvrtwU4 51NefPGEOxsVK1A/1Og715rS/PKD2oAUsiX3IAfHccZtCM6WiUapMM8HmxqIRIbW73ys +IAA== MIME-Version: 1.0 X-Received: by 10.112.164.5 with SMTP id ym5mr2754585lbb.48.1393864744795; Mon, 03 Mar 2014 08:39:04 -0800 (PST) Received: by 10.112.149.105 with HTTP; Mon, 3 Mar 2014 08:39:04 -0800 (PST) In-Reply-To: References: Date: Mon, 3 Mar 2014 11:39:04 -0500 Message-ID: From: Kathleen Moriarty To: Adam Montville Content-Type: text/plain; charset=ISO-8859-1 Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/WQ-3sa1PnodWc-qjtYyyN7Q6MWw Cc: sacm@ietf.org Subject: Re: [sacm] NETMOD draft-ietf-netmod-system-management review X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Mar 2014 16:39:10 -0000 Thanks for sending this out. Please note this draft is in IESG last call. If you have comments or stuff is missing that SACM may need, comments have to be in within 10 days. Thanks, Kathleen On Mon, Mar 3, 2014 at 11:30 AM, Adam Montville wrote: > All: > > It may be beneficial to review this system management doc if you find the time: http://datatracker.ietf.org/doc/draft-ietf-netmod-system-mgmt/ > > Sorry to miss those of you who are in London. > > Adam > _______________________________________________ > sacm mailing list > sacm@ietf.org > https://www.ietf.org/mailman/listinfo/sacm -- Best regards, Kathleen From nobody Mon Mar 3 10:13:31 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13C3B1A0246 for ; Mon, 3 Mar 2014 10:13:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.147 X-Spam-Level: X-Spam-Status: No, score=-3.147 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.547] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2u1BhIs1ZpHN for ; Mon, 3 Mar 2014 10:13:20 -0800 (PST) Received: from co300216-co-outbound.net.avaya.com (co300216-co-outbound.net.avaya.com [198.152.13.100]) by ietfa.amsl.com (Postfix) with ESMTP id 189611A029B for ; Mon, 3 Mar 2014 10:12:14 -0800 (PST) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvkOADDFFFOHCzIm/2dsb2JhbABagmUhO1EGp00hAphjgSQWdIIlAQEBAQMBAQEPKDQXBgEVBAEDAQELFAkuCxQDBQEJAQQTCAEZh1cBBwWdAoRUqmYXjigzC4IoD2eBFASZboVAhXSFRYFvgT6CKg X-IronPort-AV: E=Sophos;i="4.97,579,1389762000"; d="scan'208";a="51735309" Received: from unknown (HELO p-us1-erheast-smtpauth.us1.avaya.com) ([135.11.50.38]) by co300216-co-outbound.net.avaya.com with ESMTP; 03 Mar 2014 13:12:04 -0500 Received: from unknown (HELO AZ-FFEXHC01.global.avaya.com) ([135.64.58.11]) by p-us1-erheast-out.us1.avaya.com with ESMTP/TLS/AES128-SHA; 03 Mar 2014 12:58:44 -0500 Received: from AZ-FFEXMB04.global.avaya.com ([fe80::6db7:b0af:8480:c126]) by AZ-FFEXHC01.global.avaya.com ([135.64.58.11]) with mapi id 14.03.0174.001; Mon, 3 Mar 2014 19:12:02 +0100 From: "Romascanu, Dan (Dan)" To: "sacm@ietf.org" Thread-Topic: Please read and comment! (FW: I-D Action: draft-camwinget-sacm-requirements-03.txt) Thread-Index: Ac83C++N0xOjDuooSBa+dO5rKHPAag== Date: Mon, 3 Mar 2014 18:12:01 +0000 Message-ID: <9904FB1B0159DA42B0B887B7FA8119CA2E441013@AZ-FFEXMB04.global.avaya.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [135.64.58.45] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/Shzwp1NvuK-9UejhnVa0KuHW660 Subject: [sacm] Please read and comment! (FW: I-D Action: draft-camwinget-sacm-requirements-03.txt) X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Mar 2014 18:13:25 -0000 The update of the SACM Requirements I-D has been submitted.=20 Please read and comment - if possible before the Thursday SACM WG meeting! Questions to be answered - is this the right architectural approach? Is the= set of requirements appropriate? What is missing? What is wrong? Can we ma= ke the next version of this I-D a WG item?=20 ... and other ... Thanks and Regards, Adam and Dan > -----Original Message----- > From: I-D-Announce [mailto:i-d-announce-bounces@ietf.org] On Behalf Of > internet-drafts@ietf.org > Sent: Monday, March 03, 2014 6:59 PM > To: i-d-announce@ietf.org > Subject: I-D Action: draft-camwinget-sacm-requirements-03.txt >=20 >=20 > A New Internet-Draft is available from the on-line Internet-Drafts direct= ories. >=20 >=20 > Title : Secure Automation and Continuous Monitoring (SA= CM) > Requirements > Author : Nancy Cam-Winget > Filename : draft-camwinget-sacm-requirements-03.txt > Pages : 7 > Date : 2014-03-03 >=20 > Abstract: > This document defines the scope and set of requirements for the > Secure Automation and Continuous Monitoring working group. The > requirements and scope are based on the agreed upon use cases and > architecture defined. >=20 >=20 > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-camwinget-sacm-requirements/ >=20 > There's also a htmlized version available at: > http://tools.ietf.org/html/draft-camwinget-sacm-requirements-03 >=20 > A diff from the previous version is available at: > http://www.ietf.org/rfcdiff?url2=3Ddraft-camwinget-sacm-requirements-03 >=20 >=20 > Please note that it may take a couple of minutes from the time of submiss= ion > until the htmlized version and diff are available at tools.ietf.org. >=20 > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ >=20 > _______________________________________________ > I-D-Announce mailing list > I-D-Announce@ietf.org > https://www.ietf.org/mailman/listinfo/i-d-announce > Internet-Draft directories: http://www.ietf.org/shadow.html or > ftp://ftp.ietf.org/ietf/1shadow-sites.txt From nobody Mon Mar 3 13:58:28 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D1721A01EB for ; Mon, 3 Mar 2014 13:58:20 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Aqo8MCsFB1bd for ; Mon, 3 Mar 2014 13:58:15 -0800 (PST) Received: from mail-ig0-f171.google.com (mail-ig0-f171.google.com [209.85.213.171]) by ietfa.amsl.com (Postfix) with ESMTP id E02CD1A00C9 for ; Mon, 3 Mar 2014 13:58:02 -0800 (PST) Received: by mail-ig0-f171.google.com with SMTP id hl1so6315326igb.4 for ; Mon, 03 Mar 2014 13:57:59 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:content-type:content-transfer-encoding :subject:date:message-id:cc:to:mime-version; bh=3HnvDKhHDWXo0s5k3CKoVBcZ9qv1lP2sRqdacM3Zi4w=; b=igeuPAfIN2ShU0hqJEAkJ0LrCS78MCQPzo2k/yGjRGDnQjcHcSCC2eGjMi/3xzMXQN 8VIyNaVXr15Evk40Dnvr3iv/QoVjv9elsIoRVTfFQjbqo7Opf8toJWxeze/wUd7sHDOa k2aCQwuCxsG5m2FJjGzyEVypwutm2/T3tuELdesL04CROaOp+FozVfWgamq4KUVQs0Dw pkfrF7FlDLDr1nHS2HvGi7n2ngQIawrqAb/NhmkoxtGpEeYuERVISEw51/O/WhQdFaVo 4q36MsIbmeFguM6bGO12RpeadXlReTvOqohWq4o1v+l+RDQxnQEXBum/YlhuiRc+Wi/n cjIw== X-Gm-Message-State: ALoCoQlfWp+c/VLVxbYShzCaNBAvVzn5qrQKMw0Re16hgNSQ6MB5Rn5mCvf6s/36nBhVKckx2lcA X-Received: by 10.50.79.194 with SMTP id l2mr24800554igx.8.1393883879599; Mon, 03 Mar 2014 13:57:59 -0800 (PST) Received: from ?IPv6:2602:306:3406:4f00:9c52:b63a:87d8:2b7? ([2602:306:3406:4f00:9c52:b63a:87d8:2b7]) by mx.google.com with ESMTPSA id r4sm43190665igh.1.2014.03.03.13.57.58 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 03 Mar 2014 13:57:58 -0800 (PST) From: Adam Montville Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Date: Mon, 3 Mar 2014 15:57:56 -0600 Message-Id: To: zhuangxiaojun@chinamobile.com, qiminpeng@chinamobile.com, Zhuhongru@chinamobile.com Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\)) X-Mailer: Apple Mail (2.1874) Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/q89eosTHuX1I9-92-_DGF-c6sNw Cc: sacm@ietf.org Subject: [sacm] Telecommunication Requirement X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Mar 2014 21:58:20 -0000 Xiaojun Zhuang, Minipeng Qi, Judy Zhu: Thank you for your submission of draft-zhuang-sacm-telereq-00! =20 In reviewing your submission it seems as though your several use cases = would be accommodated by the existing use case document (see = http://datatracker.ietf.org/doc/draft-ietf-sacm-use-cases/), but that = there may be additional scenarios not yet considered by the working = group. For example, the vendor providing specific baseline guidance to = a specific customer is a scenario that may be abstractly covered by = existing use cases, but not specifically covered.=20 Can you provide additional information as to why the telecommunications = use case for =93security policy baseline setting=94 (4.1 in your = submission) would not be satisfied by the use cases already covered in = our working group document? Are there considerations omitted by our use = cases? =20 If any of you happen to be in London for the IETF meeting, I=92m sure = one or more of the working group participants would be happy to meet = with you for a discussion (preferably in advance of the scheduled SACM = session). We welcome your participation and hope you are able to = continue your contributions to the work. Kind Regards, Dan and Adam= From nobody Tue Mar 4 05:22:01 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15F181A0170 for ; Tue, 4 Mar 2014 05:21:58 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oaJFjUjDlVps for ; Tue, 4 Mar 2014 05:21:51 -0800 (PST) Received: from mail-ie0-f176.google.com (mail-ie0-f176.google.com [209.85.223.176]) by ietfa.amsl.com (Postfix) with ESMTP id 32FF91A0154 for ; Tue, 4 Mar 2014 05:21:51 -0800 (PST) Received: by mail-ie0-f176.google.com with SMTP id rd18so5465741iec.7 for ; Tue, 04 Mar 2014 05:21:47 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:content-type:content-transfer-encoding :subject:date:message-id:cc:to:mime-version; bh=W7o/I0S6mp8T0+WaTZdCgbtl5Hk9wgwZQZId5X9lWrE=; b=bAW7kb5i1s2D+Zn9Ivt2MGlV92Phe9RLFwFlIhbEewbktYGXuF6GjZkWTLKqdupooN NGJZh4cy0+PXtgp9cZQqtErirp1Ftu9QTPC+ftHSiehieg17nowadIv/pOqVB3YZQeQQ TxrJ1k91S/pqeqaz7o8U8d8OUz/VX+akR21UOccZATm683GEe9HucUkykE/7uvhCrvX5 bmNX56ZvhF0erF7yZ72541hAlKSQMylf2jndDKZImZSOF8lxw4ZN0QgCSWQqlQE6mXVG /F4JYt9uNGTA1cOgVXckUSh0MLgn4vjxRa0LahYDrKnzPwra831wylCAUsKUL5Vh3F98 F62w== X-Gm-Message-State: ALoCoQmhxCAOdtBqm+ZMEkFYiMpY9P76xxwQJmnyG5DfvfNnbBBWnHJaR8NfiC2mO7wWh1GdqC+L X-Received: by 10.43.127.200 with SMTP id hb8mr491398icc.80.1393939307868; Tue, 04 Mar 2014 05:21:47 -0800 (PST) Received: from [192.168.1.55] (99-64-100-240.lightspeed.austtx.sbcglobal.net. [99.64.100.240]) by mx.google.com with ESMTPSA id pn6sm2586320igb.4.2014.03.04.05.21.46 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 04 Mar 2014 05:21:47 -0800 (PST) From: Adam Montville Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Date: Tue, 4 Mar 2014 07:21:44 -0600 Message-Id: To: Nancy Cam-Winget Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\)) X-Mailer: Apple Mail (2.1874) Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/1cw126t7-Kzq8Tnh3_BytfHRhEk Cc: sacm@ietf.org Subject: [sacm] On the -03 version of requirements X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Mar 2014 13:21:58 -0000 Nancy, Thank you for getting -03 uploaded! It=92s been a really good read so = far, too=85 =20 If I had a single comment to improve the readability and bring = additional clarity to the document it would be to =93flip=94 the labeled = descriptions where appropriate, which will naturally lead to a = requirement-like statement followed by more descriptive language. =20 For example, G-003 is presently written as: =93SACM must support a broad = set of deployment scenarios. As such, it is possible that the size or = posture assessment information can vary from a single assessment that is = small in (record or datagram) size to a very large datagram or a very = large set of assessments and must be addressed by the SACM = specifications defined. Thus, the data models, protocols and transports = must be scalable.=94 I would take that last sentence, which seems to be = the actual requirement that is G-003 and make it first: =93SACM data = models, protocols and transports must be scalable.=94 Then I=92d follow = with the rest of the information. Organizing the requirements like this should make it easier to track = them along the way. =20 Then, are the following label-to-requirment matches about right? They = all appear to be concerned with =93data models, protocols and transport=94= and G-002 appears to be the special case of a requirement for the = complete description of a data model, protocol or transport rather than = to the data model, protocol or transport itself... G-001 Extensibility G-002 State machine and detail requirement for specification G-003 Scalability G-004 Agility G-005 Transport variability G-006 MTI data attributes (posture assessment) G-007 Access control REQ-001 Attribute dictionary REQ-002 Information Model REQ-003 Data model to protocol mapping REQ-004 Endpoint discovery REQ-005 Attribute-based data model querying REQ-006 Query-based information collection with filtering REQ-007 Asynchronous publication, updates, and/or change modifications = with filtering REQ-008 Data model scalability What makes REQ-008 distinct from G-003? Should REQ-006 and REQ-007 be split to cover query operations and then = cover filtering separately? Are the requirements in a state that allows for testability? For = example, upon describing a given data model, could we test that draft=92s = compliance to G-004 (Agility)? Does this set of requirements imply an increase to the number of drafts = this working group needs to create? =85 That=92s probably a lot for now and almost certainly enough (too much?) = to attempt to discuss before the SACM session on Thursday. Regards, Adam From nobody Tue Mar 4 07:44:50 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D34FD1A021A for ; Tue, 4 Mar 2014 07:44:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hTOfG-5ZsdOK for ; Tue, 4 Mar 2014 07:44:37 -0800 (PST) Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2lp0242.outbound.protection.outlook.com [207.46.163.242]) by ietfa.amsl.com (Postfix) with ESMTP id 582351A01C5 for ; Tue, 4 Mar 2014 07:44:34 -0800 (PST) Received: from BLUPR09MB038.namprd09.prod.outlook.com (10.255.211.144) by BLUPR09MB022.namprd09.prod.outlook.com (10.255.211.142) with Microsoft SMTP Server (TLS) id 15.0.888.9; Tue, 4 Mar 2014 15:44:30 +0000 Received: from BLUPR09MB038.namprd09.prod.outlook.com ([169.254.11.145]) by BLUPR09MB038.namprd09.prod.outlook.com ([169.254.11.35]) with mapi id 15.00.0888.003; Tue, 4 Mar 2014 15:44:29 +0000 From: "Waltermire, David A." To: "'sacm@ietf.org'" Thread-Topic: Remaining Use Cases Open Questions for F2F Discussion Thread-Index: AQHPN8CgIaivUylspkaYlkM/jEYijg== Date: Tue, 4 Mar 2014 15:44:28 +0000 Message-ID: <752ebef2a5b64ed9b88953269144beb6@BLUPR09MB038.namprd09.prod.outlook.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [2001:67c:1232:152:781e:59c6:f42e:9013] x-forefront-prvs: 01401330D1 x-forefront-antispam-report: SFV:NSPM; SFS:(10009001)(6009001)(428001)(189002)(199002)(164054003)(87266001)(77982001)(74876001)(53806001)(63696002)(81342001)(47976001)(92566001)(4396001)(47736001)(49866001)(81686001)(76786001)(81816001)(54356001)(77096001)(83322001)(81542001)(19580395003)(85306002)(2656002)(59766001)(33646001)(76796001)(76482001)(76576001)(51856001)(50986001)(79102001)(87936001)(54316002)(46102001)(56776001)(76176001)(47446002)(74316001)(80022001)(94316002)(65816001)(74366001)(80976001)(93136001)(16236675002)(94946001)(74706001)(86362001)(74502001)(95666003)(74662001)(93516002)(31966008)(15975445006)(90146001)(95416001)(85852003)(56816005)(69226001)(83072002)(24736002)(3826001)(491001); DIR:OUT; SFP:1101; SCL:1; SRVR:BLUPR09MB022; H:BLUPR09MB038.namprd09.prod.outlook.com; CLIP:2001:67c:1232:152:781e:59c6:f42e:9013; FPR:ECD0F2D8.A60A5351.72F35DB3.4AF9B951.2055F; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (: nist.gov does not designate permitted sender hosts) Content-Type: multipart/alternative; boundary="_000_752ebef2a5b64ed9b88953269144beb6BLUPR09MB038namprd09pro_" MIME-Version: 1.0 X-OriginatorOrg: nist.gov Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/3F8FDN989D6wO6sCjXFdZxuxKKs Subject: [sacm] Remaining Use Cases Open Questions for F2F Discussion X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Mar 2014 15:44:43 -0000 --_000_752ebef2a5b64ed9b88953269144beb6BLUPR09MB038namprd09pro_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Please find the remaining 6 open questions from the use case -06 draft belo= w. We need to get an editorial decision on changes related to these questio= ns to wrap up the use case draft. In the following I have documented each question (extracting it from the dr= aft) and have proposed changes to address the questions/comments. If possib= le, please comment on these prior to the SACM WG meeting on Thursday. We wi= ll be discussing any contentious points. As always, we will confirm any con= sensus from the F2F meeting on the list afterward. Thanks, Dave #1) Should section 2.1.2: Identify Endpoint Targets include authentication = of the target? Based on the current text, this appears to be using information that was pr= eviously defined/collected. Perhaps it makes sense to add authentication to the prev= ious building block "Endpoint Discovery" for endpoints as they are discovered? Add text to "Endpoint Discovery" to address authentication. Old text: To determine the current or historic presence of endpoints in the environme= nt that are available for posture assessment. New text: To determine the current or historic presence of endpoints in the environme= nt that are available for posture assessment. Endpoints are authenticated using appropriate mecha= nisms as they become part of the environment. #2) In section 2.1.2: Posture Attribute Identification: Are we missing a bu= ilding block that determines what previously collected data, if any, is suitable for evaluati= on and what data needs to be actually collected? Should a building block be identified that evalu= ates existing data to determine if it is current enough for use in the evaluation or if current d= ata should be collected anyway according to a policy? Suggest adding text to "Posture Attribute Identification" to address analys= is of previously collected data to determine what additional data, if any, to collect. Old text: Posture Attribute Identification: Once the endpoint targets and component = inventory is known, it is then necessary to calculate what posture attributes are required to be c= ollected to perform the evaluation. If this is driven by guidance, then the Data Query and/or Data= Retrieval building blocks (see section 2.1.1) may be used to acquire this data. New text: Posture Attribute Identification: Once the endpoint targets and component = inventory is known, it is then necessary to calculate what posture attributes are required to be c= ollected to perform the evaluation. If existing stores of posture data are available, they are quer= ied using the Data Query building block (see section 2.1.1) to determine what previously colle= cted posture data, if any, is suitable for evaluation. Retrieved data is analyzed to determine if= it is complete and current enough for use in the evaluation. Any unsuitable or missing posture= data is identified for collection. Guidance may be used to describe what sources of data should be queried, th= e conditions under which data can be re-used, and what data must always be collected. The Data= Query and/or Data Retrieval building blocks (see section 2.1.1) may be used to acquire this g= uidance. #3) In section 2.1.4: Posture Attribute Evaluation, what if data is unavail= able or is not current enough to support the evaluation? This could be caused if collection did no= t occur (for some reason) and previous collection was too old. Suggest adding a statement about error handling in the "Posture Attribute E= valuation" building block. See below for edits. #4) The end of section 2.1.4 states "Completion of this process represents = a complete assessment cycle as defined in Section 2." Since this indicates completion of the sect= ion 2 process, it would be resonable for section 2.2 to follow. However, an additional use case sec= tion 2.1.5 follows. Suggest integrating the 2.1.5 wording into section 2.1.4. See below for edi= ts. #5) Section 2.1.5 has been commented on as being duplicative of the previou= s use case in section 2.1.4 with the exception of the "Change Detection" building block. Suggest integrating the 2.1.5 wording into section 2.1.4. The following is updated text for 2.1.4 that addresses questions 3, 4, and = 5 with the new text marked in brackets: 2.1.4. Posture Evaluation This use case describes the process of evaluating collected posture attribute values representing actual endpoint state against the expected state selected for the assessment. This use case can be initiated by a variety of triggers including: 1. A posture change or significant event on the endpoint. 2. A network event (e.g., endpoint connects to a network/VPN, specific netflow is detected). 3. Due to a scheduled or ad hoc evaluation task. The building blocks of this use case are: [new-#5: Collected Posture Change Detection: An operator or application should have a mechanism to detect the availability of new or changes to existing posture attribute values. The timeliness of detection may vary from immediate to on-demand. Having the ability to filter what changes are detected will allow the operator to focus on the changes that are relevant to their use and will enable evaluation to occur dynamically based on detected changes. ] Posture Attribute Value Query: If previously collected posture attribute values are needed, the appropriate data stores are queried to retrieve them. If all posture attribute values are provided directly for evaluation, then this capability may not be needed. Evaluation Guidance Acquisition: If guidance is required to drive the evaluation of posture attributes values, this capability is used to acquire this data from one or more security automation data stores. Depending on the trigger, the specific guidance to acquire might be known. If not, it may be necessary to determine the guidance to use based on the component inventory or other assessment criteria. The Data Query and/or Data Retrieval building blocks (see section 2.1.1) may be used to acquire this guidance. Posture Attribute Evaluation: The comparison of posture attribute values against their expected values as expressed in the specified guidance. The result of this comparison is output as a set of posture evaluation results. [new-#3: If collected posture attribute values are unavailable or are out-of-date, error conditions will need to be expressed in place of specific posture evaluation results.] Completion of this process represents a complete assessment cycle as defined in Section 2. [new-#5: While the focus of this use cases is around enabling the comparison of expected vs. actual state, the same building blocks can support other analysis techniques that apply to collected posture attribute data. ] Section 2.1.5 will be deleted. #6) In section 2.2.4, should we include other building block references? Suggest making no changes as it looks like the current referenced building = block adequately covers the usage scenerio. --_000_752ebef2a5b64ed9b88953269144beb6BLUPR09MB038namprd09pro_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Please find the remaining 6 open questions from the use case -06 draft b= elow. We need to get an editorial decision on changes related to these ques= tions to wrap up the use case draft.

 

In the following I have documented each question (extracting it from the= draft) and have proposed changes to address the questions/comments. If pos= sible, please comment on these prior to the SACM WG meeting on Thursday. We= will be discussing any contentious points. As always, we will confirm any consensus from the F2F meeting on t= he list afterward.

 

Thanks,

Dave

 

#1) Should section 2.1.2: Identify Endpoint Targets include authenticati= on of the target?

Based on the current text, this appears to be using information that was= previously

defined/collected. Perhaps it makes sense to add authentication to the p= revious building block

"Endpoint Discovery" for endpoints as they are discovered?

 

Add text to "Endpoint Discovery" to address authentication.

 

Old text:

 

To determine the current or historic presence of endpoints in the enviro= nment that are available

for posture assessment.

 

New text:

 

To determine the current or historic presence of endpoints in the enviro= nment that are available

for posture assessment. Endpoints are authenticated using appropriate me= chanisms as they become

part of the environment.


#2) In section 2.1.2: Posture Attribute Identification: Are we missing a bu= ilding block that

determines what previously collected data, if any, is suitable for evalu= ation and what data needs

to be actually collected?  Should a building block be identified th= at evaluates existing data to

determine if it is current enough for use in the evaluation or if curren= t data should be collected

anyway according to a policy?

 

Suggest adding text to "Posture Attribute Identification" to a= ddress analysis of previously

collected data to determine what additional data, if any, to collect.

 

Old text:

 

Posture Attribute Identification:  Once the endpoint targets and co= mponent inventory is known, it

is then necessary to calculate what posture attributes are required to b= e collected to perform the

evaluation.  If this is driven by guidance, then the Data Query and= /or Data Retrieval building

blocks (see section 2.1.1) may be used to acquire this data.

 

New text:

 

Posture Attribute Identification:  Once the endpoint targets and co= mponent inventory is known, it

is then necessary to calculate what posture attributes are required to b= e collected to perform the

evaluation. If existing stores of posture data are available, they are q= ueried using the Data

Query building block (see section 2.1.1) to determine what previously co= llected posture data, if

any, is suitable for evaluation. Retrieved data is analyzed to determine= if it is complete and

current enough for use in the evaluation. Any unsuitable or missing post= ure data is identified for

collection.

 

Guidance may be used to describe what sources of data should be queried,= the conditions under

which data can be re-used, and what data must always be collected. The D= ata Query and/or Data

Retrieval building blocks (see section 2.1.1) may be used to acquire thi= s guidance.


#3) In section 2.1.4: Posture Attribute Evaluation, what if data is unavail= able or is not current

enough to support the evaluation? This could be caused if collection did= not occur (for some

reason) and previous collection was too old.

 

Suggest adding a statement about error handling in the "Posture Att= ribute Evaluation" building

block. See below for edits.

 

#4) The end of section 2.1.4 states "Completion of this process rep= resents a complete assessment

cycle as defined in Section 2." Since this indicates completion of = the section 2 process, it would

be resonable for section 2.2 to follow. However, an additional use case = section 2.1.5 follows.

 

Suggest integrating the 2.1.5 wording into section 2.1.4. See below= for edits.

 

#5) Section 2.1.5 has been commented on as being duplicative of the prev= ious use case in section

2.1.4 with the exception of the "Change Detection" building bl= ock.

 

Suggest integrating the 2.1.5 wording into section 2.1.4.


The following is updated text for 2.1.4 that addresses questions 3, 4, and = 5 with the new text

marked in brackets:


2.1.4.  Posture Evaluation

   This use case describes the process of evaluating collected= posture
   attribute values representing actual endpoint state against th= e
   expected state selected for the assessment.  This use cas= e can be
   initiated by a variety of triggers including:

   1.  A posture change or significant event on the endpo= int.

   2.  A network event (e.g., endpoint connects to a netw= ork/VPN,
       specific netflow is detected).

   3.  Due to a scheduled or ad hoc evaluation task.

   The building blocks of this use case are:

[new-#5:
   Collected Posture Change Detection:  An operator or appli= cation
         should have a mechanism to= detect the availability of new or
         changes to existing postur= e attribute values.  The timeliness
         of detection may vary from= immediate to on-demand.  Having the
         ability to filter what cha= nges are detected will allow the
         operator to focus on the c= hanges that are relevant to their use
         and will enable evaluation= to occur dynamically based on
         detected changes.
]
   Posture Attribute Value Query:  If previously collected p= osture
         attribute values are neede= d, the appropriate data stores are
         queried to retrieve them.&= nbsp; If all posture attribute values are
         provided directly for eval= uation, then this capability may not
         be needed.

   Evaluation Guidance Acquisition:  If guidance is requi= red to drive
         the evaluation of posture = attributes values, this capability is
         used to acquire this data = from one or more security automation
         data stores.  Dependi= ng on the trigger, the specific guidance
         to acquire might be known.=   If not, it may be necessary to
         determine the guidance to = use based on the component inventory
         or other assessment criter= ia.  The Data Query and/or Data
         Retrieval building blocks = (see section 2.1.1) may be used to
         acquire this guidance.

   Posture Attribute Evaluation:  The comparison of postu= re attribute
         values against their expec= ted values as expressed in the
         specified guidance.  = The result of this comparison is output as
         a set of posture evaluatio= n results. [new-#3: If collected
         posture attribute values a= re unavailable or are out-of-date,
         error conditions will need= to be expressed in place of specific
         posture evaluation results= .]

   Completion of this process represents a complete assessment= cycle as
   defined in Section 2.

[new-#5:
   While the focus of this use cases is around enabling the compa= rison
   of expected vs. actual state, the same building blocks can sup= port
   other analysis techniques that apply to collected posture attr= ibute
   data.
]

 

Section 2.1.5 will be deleted.


#6) In section 2.2.4, should we include other building block references?

 

Suggest making no changes as it looks like the current referenced buildi= ng block adequately

covers the usage scenerio.

 

 

--_000_752ebef2a5b64ed9b88953269144beb6BLUPR09MB038namprd09pro_-- From nobody Wed Mar 5 05:55:06 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DFB41A0450 for ; Wed, 5 Mar 2014 05:54:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 2.564 X-Spam-Level: ** X-Spam-Status: No, score=2.564 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, CN_BODY_35=0.339, MIME_CHARSET_FARAWAY=2.45, RELAY_IS_221=2.222, RP_MATCHES_RCVD=-0.547] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f4RRf2cU5COs for ; Wed, 5 Mar 2014 05:54:56 -0800 (PST) Received: from cmccmta.chinamobile.com (cmccmta.chinamobile.com [221.176.64.232]) by ietfa.amsl.com (Postfix) with SMTP id D6C6F1A0165 for ; Wed, 5 Mar 2014 05:54:50 -0800 (PST) Received: from spf.mail.chinamobile.com (unknown[172.16.20.21]) by rmmx-oa_allagent01-12001 (RichMail) with SMTP id 2ee153172c222bd-582bd; Wed, 05 Mar 2014 21:52:34 +0800 (CST) X-RM-TRANSID: 2ee153172c222bd-582bd Received: from RonpuzzlePC (unknown[31.133.167.63]) by rmsmtp-oa_rmapp03-12003 (RichMail) with SMTP id 2ee353172c2097f-634aa; Wed, 05 Mar 2014 21:52:34 +0800 (CST) X-RM-TRANSID: 2ee353172c2097f-634aa From: "Minpeng Qi" To: References: <013901cf36fd$1f54ca30$5dfe5e90$@com> <70E23739-9C0E-4980-8B38-55F26C9DA296@stoicsecurity.com> In-Reply-To: Date: Wed, 5 Mar 2014 21:54:42 +0800 Message-ID: <014701cf387a$776f9280$664eb780$@com> MIME-Version: 1.0 Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: Ac83qAvbb1/X6YpiSDCWY4eqcYAZqAAGsH+QAC3d3gA= Content-Language: zh-cn Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/6plKeamrwzwik1mk6x53fHm0WYw Subject: Re: [sacm] Telecommunication Requirement X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Mar 2014 13:54:59 -0000 Dear Adam, Pls see comment inline.(starts with "//Minpeng") BRs, Minpeng -----=D3=CA=BC=FE=D4=AD=BC=FE----- =B7=A2=BC=FE=C8=CB: Adam Montville [mailto:adam@stoicsecurity.com]=20 =B7=A2=CB=CD=CA=B1=BC=E4: 2014=C4=EA3=D4=C24=C8=D5 20:43 =CA=D5=BC=FE=C8=CB: =1B$)A Fk=1B$*H=1BN'*Et=0F =B3=AD=CB=CD: zhuangxiaojun@chinamobile.com; Zhuhongru@chinamobile.com; sacm@ietf.org =D6=F7=CC=E2: Re: Telecommunication Requirement On Mar 3, 2014, at 10:24 AM, =1B$)A Fk=1B$*H=1BN'*Et=0F wrote: > Dear Adam, >=20 > Thanks for your reviewing and comments. >=20 > For "security policy baseline setting", a part of our concerns are = coming > from the following fact:=20 > For the telecommunication, most features are standard but the implementation > are free designed by vendors. As a result, for a specific operator, it would > own different kinds of equipments/devices from different vendors to achieve > one feature. It implies that there are different implementations = related to > same security requirement. We can't set a fixed detail baseline for = all > vendors. So, for a given security policy baseline, it should contain = two > parts: one is fit for all vendors devices, and the other should = flexible > alternatives to cover all detail implementations from different = vendors. > For this issue, I fail to find any related information from existing = use > case document. Do I miss anything related this issue? The way I=1B$)A !/=0Fm reading what you !/=0Fve written is that there are many ways to satisfy a given business function using equipment from a variety of vendors in a variety of configurations. The implication appears to be that the ability to = specify baseline configurations should be flexible enough to handle the scenario where a single business function might be satisfied by a variety of = vendors !/=0F equipment. =20 //Minpeng: There has slight different. Vendors have free to design their implementation. However, the flexible should be limited into some = extent. For example, for a feature, it contains two parts: one for common and = the other for flexible. However, for the flexible part, there are some pre-defined alternatives, like alternative A, alternative B, alternative = C. Vendors can choose to implement A or B or C freely, but they should = choose one of them to implement. If that is about right, then I believe the requirements document does = cover such flexibility by way of GEN-001 in section 2.2. which states, =1B$)A !0=0Fthe data models, protocols and transports defined by SACM must be extensible to allow support for non-standard and future extensions. !1=0F The vendor-specific details might be considered=20 !0=0Fnon-standard !1=0F in this sense. //Minpeng: Based on the clarification, it may not be suitable to say it = is =A1=B0non-standard=A1=B1. So whether it has been covered or not should = be reconsidered. >=20 > BTW, I'm in London now. I'm also happy to talk with you or anyone = else.=20 Unfortunately, I was unable to make the trip to London. Dan Romascanu, = Dave Waltermire, Nancy Cam-Winget, and other primary working group = contributors are present, however, and may be able to meet with you to further = discuss any special needs the telecommunications industry might have. >=20 > BRs, > Minpeng >=20 > -----=1B$)A SJ<~T-<~=0F----- > =1B$)A 7"<~HK=0F: Adam Montville [mailto:adam@stoicsecurity.com]=20 > =1B$)A 7"KMJ1 =1B$)A JU<~HK=0F: zhuangxiaojun@chinamobile.com; qiminpeng@chinamobile.com; > Zhuhongru@chinamobile.com > =1B$)A 3-KM=0F: sacm@ietf.org > =1B$)A VwLb=0F: Telecommunication Requirement >=20 > Xiaojun Zhuang, Minipeng Qi, Judy Zhu: >=20 > Thank you for your submission of draft-zhuang-sacm-telereq-00! =20 >=20 > In reviewing your submission it seems as though your several use cases would > be accommodated by the existing use case document (see > http://datatracker.ietf.org/doc/draft-ietf-sacm-use-cases/), but that there > may be additional scenarios not yet considered by the working group. = For > example, the vendor providing specific baseline guidance to a specific > customer is a scenario that may be abstractly covered by existing use cases, > but not specifically covered.=20 >=20 > Can you provide additional information as to why the = telecommunications use > case for =1B$)A !0=0Fsecurity policy baseline setting !1=0F (4.1 in your submission) would > not be satisfied by the use cases already covered in our working group > document? Are there considerations omitted by our use cases? =20 >=20 > If any of you happen to be in London for the IETF meeting, I=1B$)A !/=0Fm sure one or > more of the working group participants would be happy to meet with you = for a > discussion (preferably in advance of the scheduled SACM session). We > welcome your participation and hope you are able to continue your > contributions to the work. >=20 > Kind Regards, >=20 > Dan and Adam >=20 >=20 >=20 From nobody Wed Mar 5 06:01:28 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EEFA1A00DC for ; Wed, 5 Mar 2014 06:01:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q-j9Ea84awTj for ; Wed, 5 Mar 2014 06:01:24 -0800 (PST) Received: from mail-ig0-f169.google.com (mail-ig0-f169.google.com [209.85.213.169]) by ietfa.amsl.com (Postfix) with ESMTP id 68FD71A0080 for ; Wed, 5 Mar 2014 06:01:24 -0800 (PST) Received: by mail-ig0-f169.google.com with SMTP id h18so8421007igc.0 for ; Wed, 05 Mar 2014 06:01:20 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=VQjmJC8aBnxhut1qyECaZKAv1ZrlEY7AAbempWjOzKE=; b=U6rAybYuNQyZ49iQUuuGGdcc1tpF1u5wB2WV7FtzBnFp4Ws0Q6kKLZlvk9ZTVQQ++x Pw/UU420+YvVyVajAXFN3x1F4ywKiCEVmY0M1NYd0qZa9Ot0XU4s5Y86RjDr9qsVhlln ZJcSkyjkJ+XH06iPyspcP6BjQocW9CLq1CG+rU/C6Xonj+Xv17POZSmVXnJMx8OAmf97 1da3fb5/aHlBG+/Ey1JTvb0YLk3d3dJcbHkIihRdX4XwDHaOetL3tiypd6096N+Y6ezn bUMWa/FSrXSht3SeqVgAQ2+xc2Laue9jVyR6xMw+MQBbs5gUDPe/BLD/Zs97vo+6bEyP LNZg== X-Gm-Message-State: ALoCoQm8taqEdPLvFFi+pbtWB5sk55n8PzapQL4ZxKZ/AKzQo7jjXGIhGX+UB1O0KxPV0cRvi5AI X-Received: by 10.50.3.98 with SMTP id b2mr9192501igb.23.1394028080768; Wed, 05 Mar 2014 06:01:20 -0800 (PST) Received: from [192.168.1.55] (99-64-100-240.lightspeed.austtx.sbcglobal.net. [99.64.100.240]) by mx.google.com with ESMTPSA id y9sm60997080igl.7.2014.03.05.06.01.19 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 05 Mar 2014 06:01:19 -0800 (PST) Content-Type: multipart/signed; boundary="Apple-Mail=_F8534652-1880-49E3-A7EB-E7A6E5CE9068"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\)) From: Adam Montville In-Reply-To: <014701cf387a$776f9280$664eb780$@com> Date: Wed, 5 Mar 2014 08:01:15 -0600 Message-Id: <30B47CFD-2EF8-4CF6-8DBA-FBFAEF661453@stoicsecurity.com> References: <013901cf36fd$1f54ca30$5dfe5e90$@com> <70E23739-9C0E-4980-8B38-55F26C9DA296@stoicsecurity.com> <014701cf387a$776f9280$664eb780$@com> To: Minpeng Qi X-Mailer: Apple Mail (2.1827) Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/tHqL7vI43DwvGKqcbYOv8K9c0No Cc: sacm@ietf.org Subject: Re: [sacm] Telecommunication Requirement X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Mar 2014 14:01:26 -0000 --Apple-Mail=_F8534652-1880-49E3-A7EB-E7A6E5CE9068 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=GB2312 On Mar 5, 2014, at 7:54 AM, Minpeng Qi = wrote: > //Minpeng: There has slight different. Vendors have free to design = their > implementation. However, the flexible should be limited into some = extent. > For example, for a feature, it contains two parts: one for common and = the > other for flexible. However, for the flexible part, there are some > pre-defined alternatives, like alternative A, alternative B, = alternative C. > Vendors can choose to implement A or B or C freely, but they should = choose > one of them to implement. If the data/information models this working group leverages are = flexible, extensible, and scalable, then we should accommodate the = systems you reference. If the system has some set of "configuration = items" or "configurable knobs" then we should be able to cover it with = our data/information models. =20 Presuming our models suitably represent the telecommunications = equipment, then what it seems you're asking for will also be covered by = the capabilities already described in the use cases and/or requirements = for this working group. It seems that, for each predefined alternative = (A, B, or C above), there could be a policy created. Adam --Apple-Mail=_F8534652-1880-49E3-A7EB-E7A6E5CE9068 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJTFy4rAAoJELhc5c4zaVWHEfYIAKJfbhfY5HPqEg4fL4CbH3Lb j8ojp4bbUySeB1JV7W5H9oVv4Tb0fNhGpr3U7r6ujLg31lMa9TKURvvY/Yv0s9u9 WFTk87/pE53W3t8O6cBryazQLsnp6GkVW5HvsiGFhrobubCYeWKZFROJzR1DiyCs oJD/2VR7UmeIvYgsXQ68LvbzdoWNm6JMye/OsdtiILKzHfKbga+8bG2NFbXBMNe0 W2lOUHSWeerpcQCQPLPARtXMh6aSaeGxunMqsWz0HQfok1rAymmfzG2vksO2bGG5 L0OuvP19wUzatC0HnDEZoiEuBLQ6sNZMx5IZBDYS4Tz6B4R31T+vDlOu1zqILmw= =WHIa -----END PGP SIGNATURE----- --Apple-Mail=_F8534652-1880-49E3-A7EB-E7A6E5CE9068-- From nobody Wed Mar 5 17:47:35 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29A081A0055 for ; Wed, 5 Mar 2014 17:47:34 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.034 X-Spam-Level: X-Spam-Status: No, score=-2.034 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FF_IHOPE_YOU_SINK=2.166, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v-Q3JstHdkV4 for ; Wed, 5 Mar 2014 17:47:28 -0800 (PST) Received: from co9outboundpool.messaging.microsoft.com (co9ehsobe005.messaging.microsoft.com [207.46.163.28]) by ietfa.amsl.com (Postfix) with ESMTP id B4DFC1A0031 for ; Wed, 5 Mar 2014 17:47:28 -0800 (PST) Received: from mail108-co9-R.bigfish.com (10.236.132.247) by CO9EHSOBE009.bigfish.com (10.236.130.72) with Microsoft SMTP Server id 14.1.225.22; Thu, 6 Mar 2014 01:47:25 +0000 Received: from mail108-co9 (localhost [127.0.0.1]) by mail108-co9-R.bigfish.com (Postfix) with ESMTP id D678B40020A; Thu, 6 Mar 2014 01:47:24 +0000 (UTC) X-Forefront-Antispam-Report: CIP:157.56.240.101; KIP:(null); UIP:(null); IPV:NLI; H:BL2PRD0510HT005.namprd05.prod.outlook.com; RD:none; EFVD:NLI X-SpamScore: -20 X-BigFish: VPS-20(zz9371Ic85fh4015Izz1f42h2148h208ch1ee6h1de0h1fdah2073h2146h1202h1e76h2189h1d1ah1d2ah21bch1fc6hzz1d7338h1de098h1033IL17326ah8275bh8275dh18c673h1c8fb4h1de097h186068hz2fh109h2a8h839hd24hf0ah1288h12a5h12bdh137ah1441h1504h1537h153bh162dh1631h1758h18e1h1946h19b5h19ceh1ad9h1b0ah1bceh224fh1d07h1d0ch1d2eh1d3fh1de9h1dfeh1dffh1fe8h1ff5h20f0h2216h22d0h2336h2461h2487h24d7h2516h2545h255eh25cch25f6h2605h9a9j1155h) Received-SPF: pass (mail108-co9: domain of juniper.net designates 157.56.240.101 as permitted sender) client-ip=157.56.240.101; envelope-from=shanna@juniper.net; helo=BL2PRD0510HT005.namprd05.prod.outlook.com ; .outlook.com ; X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009001)(6009001)(428001)(189002)(199002)(377454003)(164054003)(50986001)(16236675002)(47976001)(47736001)(49866001)(74662001)(19609705001)(15202345003)(31966008)(74502001)(18717965001)(19580395003)(19300405004)(85306002)(4396001)(80022001)(19580405001)(76482001)(74316001)(47446002)(74366001)(74706001)(74876001)(81542001)(95666003)(54356001)(87266001)(92566001)(77982001)(94316002)(76786001)(76576001)(76796001)(86362001)(94946001)(83072002)(81686001)(80976001)(33646001)(81816001)(95416001)(65816001)(15975445006)(93136001)(66066001)(87936001)(63696002)(81342001)(53806001)(69226001)(93516002)(54316002)(2656002)(83322001)(59766001)(97186001)(51856001)(85852003)(56776001)(56816005)(90146001)(79102001)(46102001)(97336001)(24736002)(491001); DIR:OUT; SFP:1101; SCL:1; SRVR:BLUPR05MB708; H:BLUPR05MB737.namprd05.prod.outlook.com; CLIP:66.129.239.12; FPR:ECDCF2EF.A6CA5351.72F371B3.AF9B951.2060C; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received: from mail108-co9 (localhost.localdomain [127.0.0.1]) by mail108-co9 (MessageSwitch) id 1394070442419726_32600; Thu, 6 Mar 2014 01:47:22 +0000 (UTC) Received: from CO9EHSMHS010.bigfish.com (unknown [10.236.132.238]) by mail108-co9.bigfish.com (Postfix) with ESMTP id 6052160053; Thu, 6 Mar 2014 01:47:22 +0000 (UTC) Received: from BL2PRD0510HT005.namprd05.prod.outlook.com (157.56.240.101) by CO9EHSMHS010.bigfish.com (10.236.130.20) with Microsoft SMTP Server (TLS) id 14.16.227.3; Thu, 6 Mar 2014 01:47:22 +0000 Received: from BLUPR05MB708.namprd05.prod.outlook.com (10.141.207.24) by BL2PRD0510HT005.namprd05.prod.outlook.com (10.255.100.40) with Microsoft SMTP Server (TLS) id 14.16.423.0; Thu, 6 Mar 2014 01:47:21 +0000 Received: from BLUPR05MB737.namprd05.prod.outlook.com (10.141.208.17) by BLUPR05MB708.namprd05.prod.outlook.com (10.141.207.24) with Microsoft SMTP Server (TLS) id 15.0.888.9; Thu, 6 Mar 2014 01:47:20 +0000 Received: from BLUPR05MB737.namprd05.prod.outlook.com ([10.141.208.17]) by BLUPR05MB737.namprd05.prod.outlook.com ([10.141.208.17]) with mapi id 15.00.0893.001; Thu, 6 Mar 2014 01:47:19 +0000 From: Stephen Hanna To: "Waltermire, David A." , "'sacm@ietf.org'" Thread-Topic: Remaining Use Cases Open Questions for F2F Discussion Thread-Index: AQHPN8CgIaivUylspkaYlkM/jEYijprTM1Ww Date: Thu, 6 Mar 2014 01:47:18 +0000 Message-ID: <92bcfc7537a049e4a8aa9e8a3b3d3002@BLUPR05MB737.namprd05.prod.outlook.com> References: <752ebef2a5b64ed9b88953269144beb6@BLUPR09MB038.namprd09.prod.outlook.com> In-Reply-To: <752ebef2a5b64ed9b88953269144beb6@BLUPR09MB038.namprd09.prod.outlook.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [66.129.239.12] x-forefront-prvs: 0142F22657 Content-Type: multipart/alternative; boundary="_000_92bcfc7537a049e4a8aa9e8a3b3d3002BLUPR05MB737namprd05pro_" MIME-Version: 1.0 X-OriginatorOrg: juniper.net X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn% Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/2jyMuXmPBc_Bef-NNXOzlKz-bpE Subject: Re: [sacm] Remaining Use Cases Open Questions for F2F Discussion X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Mar 2014 01:47:34 -0000 --_000_92bcfc7537a049e4a8aa9e8a3b3d3002BLUPR05MB737namprd05pro_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Dave, Here are my comments on these open questions: #1) Should section 2.1.2: Identify Endpoint Targets include authentication = of the target? Usually this is not possible. Either endpoints don't have credentials or th= ere's no infrastructure for authenticating them (e.g. 802.1X). In your new = text, I suggest changing "Endpoints are authenticated" to "Endpoints may be= authenticated". #2) 2.1.2 Posture Attribute Identification I'm happy with your proposed new text. #3-#5) 2.1.4 Posture Attribute Evaluation I'm happy with these changes but suggest you change "new or changes to exis= ting posture attribute values" to "new or changed posture attribute values"= . #6) 2.2.4 Endpoint Information Analysis and Reporting Agreed. I'm sorry that I won't be able to join you in London. I'll read the minutes= and participate by email. That's the IETF way! Thanks, Steve From: sacm [mailto:sacm-bounces@ietf.org] On Behalf Of Waltermire, David A. Sent: Tuesday, March 04, 2014 10:44 AM To: 'sacm@ietf.org' Subject: [sacm] Remaining Use Cases Open Questions for F2F Discussion Please find the remaining 6 open questions from the use case -06 draft belo= w. We need to get an editorial decision on changes related to these questio= ns to wrap up the use case draft. In the following I have documented each question (extracting it from the dr= aft) and have proposed changes to address the questions/comments. If possib= le, please comment on these prior to the SACM WG meeting on Thursday. We wi= ll be discussing any contentious points. As always, we will confirm any con= sensus from the F2F meeting on the list afterward. Thanks, Dave #1) Should section 2.1.2: Identify Endpoint Targets include authentication = of the target? Based on the current text, this appears to be using information that was pr= eviously defined/collected. Perhaps it makes sense to add authentication to the prev= ious building block "Endpoint Discovery" for endpoints as they are discovered? Add text to "Endpoint Discovery" to address authentication. Old text: To determine the current or historic presence of endpoints in the environme= nt that are available for posture assessment. New text: To determine the current or historic presence of endpoints in the environme= nt that are available for posture assessment. Endpoints are authenticated using appropriate mecha= nisms as they become part of the environment. #2) In section 2.1.2: Posture Attribute Identification: Are we missing a bu= ilding block that determines what previously collected data, if any, is suitable for evaluati= on and what data needs to be actually collected? Should a building block be identified that evalu= ates existing data to determine if it is current enough for use in the evaluation or if current d= ata should be collected anyway according to a policy? Suggest adding text to "Posture Attribute Identification" to address analys= is of previously collected data to determine what additional data, if any, to collect. Old text: Posture Attribute Identification: Once the endpoint targets and component = inventory is known, it is then necessary to calculate what posture attributes are required to be c= ollected to perform the evaluation. If this is driven by guidance, then the Data Query and/or Data= Retrieval building blocks (see section 2.1.1) may be used to acquire this data. New text: Posture Attribute Identification: Once the endpoint targets and component = inventory is known, it is then necessary to calculate what posture attributes are required to be c= ollected to perform the evaluation. If existing stores of posture data are available, they are quer= ied using the Data Query building block (see section 2.1.1) to determine what previously colle= cted posture data, if any, is suitable for evaluation. Retrieved data is analyzed to determine if= it is complete and current enough for use in the evaluation. Any unsuitable or missing posture= data is identified for collection. Guidance may be used to describe what sources of data should be queried, th= e conditions under which data can be re-used, and what data must always be collected. The Data= Query and/or Data Retrieval building blocks (see section 2.1.1) may be used to acquire this g= uidance. #3) In section 2.1.4: Posture Attribute Evaluation, what if data is unavail= able or is not current enough to support the evaluation? This could be caused if collection did no= t occur (for some reason) and previous collection was too old. Suggest adding a statement about error handling in the "Posture Attribute E= valuation" building block. See below for edits. #4) The end of section 2.1.4 states "Completion of this process represents = a complete assessment cycle as defined in Section 2." Since this indicates completion of the sect= ion 2 process, it would be resonable for section 2.2 to follow. However, an additional use case sec= tion 2.1.5 follows. Suggest integrating the 2.1.5 wording into section 2.1.4. See below for edi= ts. #5) Section 2.1.5 has been commented on as being duplicative of the previou= s use case in section 2.1.4 with the exception of the "Change Detection" building block. Suggest integrating the 2.1.5 wording into section 2.1.4. The following is updated text for 2.1.4 that addresses questions 3, 4, and = 5 with the new text marked in brackets: 2.1.4. Posture Evaluation This use case describes the process of evaluating collected posture attribute values representing actual endpoint state against the expected state selected for the assessment. This use case can be initiated by a variety of triggers including: 1. A posture change or significant event on the endpoint. 2. A network event (e.g., endpoint connects to a network/VPN, specific netflow is detected). 3. Due to a scheduled or ad hoc evaluation task. The building blocks of this use case are: [new-#5: Collected Posture Change Detection: An operator or application should have a mechanism to detect the availability of new or changes to existing posture attribute values. The timeliness of detection may vary from immediate to on-demand. Having the ability to filter what changes are detected will allow the operator to focus on the changes that are relevant to their use and will enable evaluation to occur dynamically based on detected changes. ] Posture Attribute Value Query: If previously collected posture attribute values are needed, the appropriate data stores are queried to retrieve them. If all posture attribute values are provided directly for evaluation, then this capability may not be needed. Evaluation Guidance Acquisition: If guidance is required to drive the evaluation of posture attributes values, this capability is used to acquire this data from one or more security automation data stores. Depending on the trigger, the specific guidance to acquire might be known. If not, it may be necessary to determine the guidance to use based on the component inventory or other assessment criteria. The Data Query and/or Data Retrieval building blocks (see section 2.1.1) may be used to acquire this guidance. Posture Attribute Evaluation: The comparison of posture attribute values against their expected values as expressed in the specified guidance. The result of this comparison is output as a set of posture evaluation results. [new-#3: If collected posture attribute values are unavailable or are out-of-date, error conditions will need to be expressed in place of specific posture evaluation results.] Completion of this process represents a complete assessment cycle as defined in Section 2. [new-#5: While the focus of this use cases is around enabling the comparison of expected vs. actual state, the same building blocks can support other analysis techniques that apply to collected posture attribute data. ] Section 2.1.5 will be deleted. #6) In section 2.2.4, should we include other building block references? Suggest making no changes as it looks like the current referenced building = block adequately covers the usage scenerio. --_000_92bcfc7537a049e4a8aa9e8a3b3d3002BLUPR05MB737namprd05pro_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Dave,

 <= /p>

Here are my comments on t= hese open questions:

 <= /p>

#1) Should section 2.1.2:= Identify Endpoint Targets include authentication of the target?=

 <= /p>

Usually this is not possi= ble. Either endpoints don’t have credentials or there’s no infr= astructure for authenticating them (e.g. 802.1X). In your new text, I suggest changing “Endpoints are authenticated” to “End= points may be authenticated”.

 <= /p>

#2) 2.1.2 Posture Attribu= te Identification

 <= /p>

I’m happy with your= proposed new text.

 <= /p>

#3-#5) 2.1.4 Posture Attr= ibute Evaluation

 <= /p>

I’m happy with thes= e changes but suggest you change “new or changes to existing posture = attribute values” to “new or changed posture attribute values&#= 8221;.

 <= /p>

#6) 2.2.4 Endpoint Inform= ation Analysis and Reporting

 <= /p>

Agreed.=

 <= /p>

I’m sorry that I wo= n’t be able to join you in London. I’ll read the minutes and pa= rticipate by email. That’s the IETF way!

 <= /p>

Thanks,=

 <= /p>

Steve

 <= /p>

From: sacm [ma= ilto:sacm-bounces@ietf.org] On Behalf Of Waltermire, David A.
Sent: Tuesday, March 04, 2014 10:44 AM
To: 'sacm@ietf.org'
Subject: [sacm] Remaining Use Cases Open Questions for F2F Discussio= n

 

Please find the remaining 6 open ques= tions from the use case -06 draft below. We need to get an editorial decisi= on on changes related to these questions to wrap up the use case draft.

 

In the following I have documented ea= ch question (extracting it from the draft) and have proposed changes to add= ress the questions/comments. If possible, please comment on these prior to the SACM WG meeting on Thursday. We will be discussing a= ny contentious points. As always, we will confirm any consensus from the F2= F meeting on the list afterward.

 

Thanks,

Dave

 

#1) Should section 2.1.2: Identify En= dpoint Targets include authentication of the target?

Based on the current text, this appea= rs to be using information that was previously

defined/collected. Perhaps it makes s= ense to add authentication to the previous building block

"Endpoint Discovery" for en= dpoints as they are discovered?

 

Add text to "Endpoint Discovery&= quot; to address authentication.

 

Old text:

 

To determine the current or historic = presence of endpoints in the environment that are available

for posture assessment.

 

New text:

 

To determine the current or historic = presence of endpoints in the environment that are available

for posture assessment. Endpoints are= authenticated using appropriate mechanisms as they become

part of the environment.


#2) In section 2.1.2: Posture Attribute Identification: Are we missing a bu= ilding block that

determines what previously collected = data, if any, is suitable for evaluation and what data needs

to be actually collected?  Shoul= d a building block be identified that evaluates existing data to

determine if it is current enough for= use in the evaluation or if current data should be collected

anyway according to a policy?

 

Suggest adding text to "Posture = Attribute Identification" to address analysis of previously

collected data to determine what addi= tional data, if any, to collect.

 

Old text:

 

Posture Attribute Identification:&nbs= p; Once the endpoint targets and component inventory is known, it

is then necessary to calculate what p= osture attributes are required to be collected to perform the

evaluation.  If this is driven b= y guidance, then the Data Query and/or Data Retrieval building

blocks (see section 2.1.1) may be use= d to acquire this data.

 

New text:

 

Posture Attribute Identification:&nbs= p; Once the endpoint targets and component inventory is known, it

is then necessary to calculate what p= osture attributes are required to be collected to perform the

evaluation. If existing stores of pos= ture data are available, they are queried using the Data

Query building block (see section 2.1= .1) to determine what previously collected posture data, if

any, is suitable for evaluation. Retr= ieved data is analyzed to determine if it is complete and

current enough for use in the evaluat= ion. Any unsuitable or missing posture data is identified for

collection.

 

Guidance may be used to describe what= sources of data should be queried, the conditions under

which data can be re-used, and what d= ata must always be collected. The Data Query and/or Data

Retrieval building blocks (see sectio= n 2.1.1) may be used to acquire this guidance.


#3) In section 2.1.4: Posture Attribute Evaluation, what if data is unavail= able or is not current

enough to support the evaluation? Thi= s could be caused if collection did not occur (for some

reason) and previous collection was t= oo old.

 

Suggest adding a statement about erro= r handling in the "Posture Attribute Evaluation" building

block. See below for edits.

 

#4) The end of section 2.1.4 states &= quot;Completion of this process represents a complete assessment

cycle as defined in Section 2." = Since this indicates completion of the section 2 process, it would

be resonable for section 2.2 to follo= w. However, an additional use case section 2.1.5 follows.=

 

Suggest integrating the 2.1.5 wo= rding into section 2.1.4. See below for edits.

 

#5) Section 2.1.5 has been commented = on as being duplicative of the previous use case in section

2.1.4 with the exception of the "= ;Change Detection" building block.

 

Suggest integrating the 2.1.5 wording= into section 2.1.4.


The following is updated text for 2.1.4 that addresses questions 3, 4, and = 5 with the new text

marked in brackets:=


2.1.4.  Posture Evaluation

   This use case describes = the process of evaluating collected posture
   attribute values representing actual endpoint state against th= e
   expected state selected for the assessment.  This use cas= e can be
   initiated by a variety of triggers including:

   1.  A posture chang= e or significant event on the endpoint.

   2.  A network event= (e.g., endpoint connects to a network/VPN,
       specific netflow is detected).

   3.  Due to a schedu= led or ad hoc evaluation task.

   The building blocks of t= his use case are:

[new-#5:
   Collected Posture Change Detection:  An operator or appli= cation
         should have a mechanism to= detect the availability of new or
         changes to existing postur= e attribute values.  The timeliness
         of detection may vary from= immediate to on-demand.  Having the
         ability to filter what cha= nges are detected will allow the
         operator to focus on the c= hanges that are relevant to their use
         and will enable evaluation= to occur dynamically based on
         detected changes.
]
   Posture Attribute Value Query:  If previously collected p= osture
         attribute values are neede= d, the appropriate data stores are
         queried to retrieve them.&= nbsp; If all posture attribute values are
         provided directly for eval= uation, then this capability may not
         be needed.

   Evaluation Guidance Acqu= isition:  If guidance is required to drive
         the evaluation of posture = attributes values, this capability is
         used to acquire this data = from one or more security automation
         data stores.  Dependi= ng on the trigger, the specific guidance
         to acquire might be known.=   If not, it may be necessary to
         determine the guidance to = use based on the component inventory
         or other assessment criter= ia.  The Data Query and/or Data
         Retrieval building blocks = (see section 2.1.1) may be used to
         acquire this guidance.

   Posture Attribute Evalua= tion:  The comparison of posture attribute
         values against their expec= ted values as expressed in the
         specified guidance.  = The result of this comparison is output as
         a set of posture evaluatio= n results. [new-#3: If collected
         posture attribute values a= re unavailable or are out-of-date,
         error conditions will need= to be expressed in place of specific
         posture evaluation results= .]

   Completion of this proce= ss represents a complete assessment cycle as
   defined in Section 2.

[new-#5:
   While the focus of this use cases is around enabling the compa= rison
   of expected vs. actual state, the same building blocks can sup= port
   other analysis techniques that apply to collected posture attr= ibute
   data.
]

 

Section 2.1.5 will be deleted.


#6) In section 2.2.4, should we include other building block references?

 

Suggest making no changes as it looks= like the current referenced building block adequately

covers the usage scenerio.=

 

 

--_000_92bcfc7537a049e4a8aa9e8a3b3d3002BLUPR05MB737namprd05pro_-- From nobody Fri Mar 7 07:10:16 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED4BC1A027F for ; Fri, 7 Mar 2014 07:10:10 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZUrDeJtNptjU for ; Fri, 7 Mar 2014 07:10:08 -0800 (PST) Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe005.messaging.microsoft.com [216.32.180.31]) by ietfa.amsl.com (Postfix) with ESMTP id 1B66E1A01FC for ; Fri, 7 Mar 2014 07:10:07 -0800 (PST) Received: from mail232-va3-R.bigfish.com (10.7.14.235) by VA3EHSOBE007.bigfish.com (10.7.40.11) with Microsoft SMTP Server id 14.1.225.22; Fri, 7 Mar 2014 15:10:03 +0000 Received: from mail232-va3 (localhost [127.0.0.1]) by mail232-va3-R.bigfish.com (Postfix) with ESMTP id 37F4C5C02DB for ; Fri, 7 Mar 2014 15:10:03 +0000 (UTC) X-Forefront-Antispam-Report: CIP:157.56.240.101; KIP:(null); UIP:(null); IPV:NLI; H:BL2PRD0510HT005.namprd05.prod.outlook.com; RD:none; EFVD:NLI X-SpamScore: 2 X-BigFish: VPS2(zz4015Izz1f42h2148h208ch1ee6h1de0h1fdah2073h2146h1202h1e76h2189h1d1ah1d2ah21bch1fc6hz31izz2fh109h2a8h839h944hd24hf0ah1220h1288h12a5h12a9h12bdh137ah13b6h1441h1504h1537h153bh162dh1631h1758h18e1h1946h19b5h19ceh1ad9h1b0ah224fh1d07h1d0ch1d2eh1d3fh1dc1h1de9h1dfeh1dffh1fe8h1ff5h2216h22d0h2336h2461h2487h24d7h2516h2545h255eh25cch25f6h2605h9a9j1155h) Received-SPF: pass (mail232-va3: domain of juniper.net designates 157.56.240.101 as permitted sender) client-ip=157.56.240.101; envelope-from=shanna@juniper.net; helo=BL2PRD0510HT005.namprd05.prod.outlook.com ; .outlook.com ; X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009001)(6009001)(428001)(164054003)(189002)(199002)(2656002)(79102001)(54356001)(69226001)(74366001)(87936001)(53806001)(90146001)(76482001)(33646001)(95666003)(83072002)(56816005)(74876001)(85852003)(59766001)(77982001)(81542001)(81342001)(81816001)(63696002)(74502001)(51856001)(94946001)(80022001)(76576001)(31966008)(74662001)(80976001)(86362001)(83322001)(76796001)(54316002)(49866001)(76786001)(87266001)(81686001)(4396001)(93516002)(50986001)(47446002)(92566001)(74706001)(95416001)(46102001)(85306002)(97186001)(47976001)(76176001)(47736001)(93136001)(66066001)(56776001)(94316002)(74316001)(65816001)(97336001)(24736002)(491001); DIR:OUT; SFP:1101; SCL:1; SRVR:BLUPR05MB771; H:BLUPR05MB737.namprd05.prod.outlook.com; CLIP:66.129.239.12; FPR:B8B8C52F.10124F91.83F3A1F4.E4A171F1.200D0; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received: from mail232-va3 (localhost.localdomain [127.0.0.1]) by mail232-va3 (MessageSwitch) id 1394205001170881_19559; Fri, 7 Mar 2014 15:10:01 +0000 (UTC) Received: from VA3EHSMHS019.bigfish.com (unknown [10.7.14.245]) by mail232-va3.bigfish.com (Postfix) with ESMTP id 2628DB0006B for ; Fri, 7 Mar 2014 15:10:01 +0000 (UTC) Received: from BL2PRD0510HT005.namprd05.prod.outlook.com (157.56.240.101) by VA3EHSMHS019.bigfish.com (10.7.99.29) with Microsoft SMTP Server (TLS) id 14.16.227.3; Fri, 7 Mar 2014 15:09:59 +0000 Received: from BLUPR05MB771.namprd05.prod.outlook.com (10.141.209.26) by BL2PRD0510HT005.namprd05.prod.outlook.com (10.255.100.40) with Microsoft SMTP Server (TLS) id 14.16.423.0; Fri, 7 Mar 2014 15:09:56 +0000 Received: from BLUPR05MB737.namprd05.prod.outlook.com (10.141.208.17) by BLUPR05MB771.namprd05.prod.outlook.com (10.141.209.26) with Microsoft SMTP Server (TLS) id 15.0.893.10; Fri, 7 Mar 2014 15:09:56 +0000 Received: from BLUPR05MB737.namprd05.prod.outlook.com ([10.141.208.17]) by BLUPR05MB737.namprd05.prod.outlook.com ([10.141.208.17]) with mapi id 15.00.0893.001; Fri, 7 Mar 2014 15:09:55 +0000 From: Stephen Hanna To: "'sacm@ietf.org'" Thread-Topic: Feedback on Requirements Discussion Thread-Index: Ac86F0uPyjlsEHgOSeqMKSoH9NG4ZQ== Date: Fri, 7 Mar 2014 15:09:55 +0000 Message-ID: <1a12a6cff02440058f226eaa1148ee4e@BLUPR05MB737.namprd05.prod.outlook.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [66.129.239.12] x-forefront-prvs: 014304E855 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: juniper.net X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn% Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/kLZXA_Fzp5YgPxlQIQZiyhDgnNw Subject: [sacm] Feedback on Requirements Discussion X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Mar 2014 15:10:11 -0000 Thanks to Nancy for providing a succinct and productive discussion on requirements at today's SACM F2F meeting. I'd like to agree with Trevor's comment that it's odd to consider a NEA Client as a Posture Assessment Information Provider. A NEA Client can't function without a NEA Server. That NEA Server should be considered to be the Posture Assessment Information Provider. Thanks, Steve From nobody Sat Mar 8 04:00:22 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B63E71A02D9 for ; Fri, 7 Mar 2014 09:04:41 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7WURtSRvf01c for ; Fri, 7 Mar 2014 09:04:37 -0800 (PST) Received: from na01-by1-obe.outbound.o365filtering.com (na01-by1-obe.ptr.o365filtering.com [64.4.22.92]) by ietfa.amsl.com (Postfix) with ESMTP id 725C11A02DD for ; Fri, 7 Mar 2014 09:04:34 -0800 (PST) Received: from BY2SR01CA103.namsdf01.sdf.exchangelabs.com (10.255.93.148) by BY2SR01MB597.namsdf01.sdf.exchangelabs.com (10.255.93.165) with Microsoft SMTP Server (TLS) id 15.0.898.11; Fri, 7 Mar 2014 16:48:49 +0000 Received: from SN2FFOFD003.ffo.gbl (2a01:111:f400:7c04::24) by BY2SR01CA103.outlook.office365.com (2a01:111:e400:2c01::20) with Microsoft SMTP Server (TLS) id 15.0.898.11 via Frontend Transport; Fri, 7 Mar 2014 16:48:49 +0000 Received: from hybrid.exchange.microsoft.com (131.107.159.99) by SN2FFOFD003.mail.o365filtering.com (10.111.201.40) with Microsoft SMTP Server (TLS) id 15.0.898.4 via Frontend Transport; Fri, 7 Mar 2014 16:48:49 +0000 Received: from DFM-TK5MBX15-08.exchange.corp.microsoft.com (157.54.109.47) by DFM-TK5EDG15-01.exchange.corp.microsoft.com (157.54.27.96) with Microsoft SMTP Server (TLS) id 15.0.847.32; Fri, 7 Mar 2014 08:48:44 -0800 Received: from DFM-TK5MBX15-05.exchange.corp.microsoft.com (157.54.109.44) by DFM-TK5MBX15-08.exchange.corp.microsoft.com (157.54.109.47) with Microsoft SMTP Server (TLS) id 15.0.847.32; Fri, 7 Mar 2014 08:48:43 -0800 Received: from DFM-TK5MBX15-05.exchange.corp.microsoft.com ([169.254.5.188]) by DFM-TK5MBX15-05.exchange.corp.microsoft.com ([169.254.5.188]) with mapi id 15.00.0847.030; Fri, 7 Mar 2014 08:48:43 -0800 From: Trevor Freeman To: "Waltermire, David A." Thread-Topic: Comments on SACM Terminology draft Thread-Index: Ac858fgfwV0if1qpT5G6/+SJ+dpqYw== Date: Fri, 7 Mar 2014 16:48:43 +0000 Message-ID: Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.54.51.13] Content-Type: multipart/alternative; boundary="_000_dee62df0f4584e3998c49c52a78d935bDFMTK5MBX1505exchangeco_" MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:131.107.159.99; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10009001)(189002)(199002)(76482001)(90146001)(15202345003)(49866001)(94316002)(76786001)(84676001)(85852003)(83072002)(87936001)(76796001)(51856001)(16236675003)(95416001)(94946001)(56816005)(84326002)(87266001)(85306002)(93136001)(77096001)(93516002)(76176001)(81542001)(74706001)(512954002)(71186001)(77982001)(63696002)(59766001)(47976001)(81342001)(20776003)(74876001)(79102001)(74662001)(33646001)(31966008)(97186001)(47446002)(46102001)(74502001)(44976005)(66066001)(54316002)(19580395003)(56776001)(95666003)(74366001)(83322001)(6806004)(4396001)(80022001)(65816001)(19300405004)(92566001)(15975445006)(80976001)(81816001)(54356001)(81686001)(2656002)(69226001)(47736001)(50986001)(53806001)(97336001)(24736002); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2SR01MB597; H:hybrid.exchange.microsoft.com; FPR:FC3CFAE5.2D129CAA.46C39EB4.C4E1E951.201C7; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en; X-Forefront-PRVS: 014304E855 X-OriginatorOrg: exchange.microsoft.com Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/qon2Wt24ogKiriL8wgCQ1WP6noM X-Mailman-Approved-At: Sat, 08 Mar 2014 04:00:21 -0800 Cc: "sacm@ietf.org" Subject: [sacm] Comments on SACM Terminology draft X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Mar 2014 17:04:41 -0000 --_000_dee62df0f4584e3998c49c52a78d935bDFMTK5MBX1505exchangeco_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Dave, Here are some suggestions for simplifying or clarify the SACM terminology d= raft. I think these definitions are a more consistent with the other defin= itions. Endpoint This definition needs to be expanded to include virtual devices as well as = physical devices. I would also replace "IP Address" with the more general = "network address". Exposure "An endpoint misconfiguration or software flaw that allows an attacker a me= ans to compromise an endpoint or network" Posture I think overloading Posture to be both the state of the endpoint as well as= the data representing the state of the endpoint will lead to misunderstand= ings. You have Posture Attributes so why the need to overload Posture ? Remediation "A set of actions that results in a change to an endpoint's Posture to addr= ess an exposure" Software Flaw "A feature in software that results in an exposure" Vulnerability "A state of configuration or software flaw which results in an exposure" Vulnerability Management "The process of remediating vulnerabilities on endpoints" Trevor --_000_dee62df0f4584e3998c49c52a78d935bDFMTK5MBX1505exchangeco_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi Dave,

 

Here are some suggestions for simplifying or clarify= the SACM terminology draft. I think these definitions are a more  con= sistent with the other definitions.

 

Endpoint

This definition needs to = be expanded to include virtual devices as well as physical devices.  I= would also replace “IP Address” with the more general “n= etwork address”.

Exposure

“An endpoint miscon= figuration or software flaw that allows an attacker a means to compromise a= n endpoint or network”

Posture

I think overloading Postu= re to be both the state of the endpoint as well as the data representing th= e state of the endpoint will lead to misunderstandings. You have Posture At= tributes so why the need to overload Posture ?

Remediation

̶= 0;A set of actions that results in a change to an endpoint’s Posture = to address an exposure”

Software Flaw

̶= 0;A   feature in software that results in an exposure”=

Vulnerability

̶= 0;A state of configuration or software flaw which results in an exposure= 221;

Vulnerability Manageme= nt

̶= 0;The process of remediating vulnerabilities on endpoints”=

=  

Trevor

=  

--_000_dee62df0f4584e3998c49c52a78d935bDFMTK5MBX1505exchangeco_-- From nobody Sat Mar 8 17:03:55 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2419B1A02FF for ; Sat, 8 Mar 2014 17:03:53 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id onLziSgWBPRm for ; Sat, 8 Mar 2014 17:03:50 -0800 (PST) Received: from mail-oa0-f45.google.com (mail-oa0-f45.google.com [209.85.219.45]) by ietfa.amsl.com (Postfix) with ESMTP id 5178E1A02FC for ; Sat, 8 Mar 2014 17:03:50 -0800 (PST) Received: by mail-oa0-f45.google.com with SMTP id o6so5665688oag.4 for ; Sat, 08 Mar 2014 17:03:45 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=aAbrDW4zUkuzLIGZa2nhv+yu/MJHja0xeXWWLEKjJg8=; b=fixnDkNOchNTD+01wSO4OKc+z+eVD9QLnsctcuFNs2BcxPSC06HOvZOBNGs2exirf0 7IQHMGj9eVyo6arKwWEd9Y2QF5IWQx4StgPdOUvbt/r/DLBW2ux3LQFHZQI24Uguv0qS Pv4VY52e3xzgcrBZqwwajcqyWzzBzomftFEYPbVIHkDX0Jb8F4Uh7YJg36NB1MZ4MyxV B9qpRpzx3vbRshyAXEdkRzW2cOgCyR/Wp1FVG6gMXZqdxiPGy5/pDMsyKZlS6yeo08rB 7HQLFsNOcJktbc2go+5Zk8VNAPcUQpn3eNJyc0E2YS8vS3BcWs+PDSz8hj8vRs3zjPEk 55cw== X-Gm-Message-State: ALoCoQk/hC+7RbCU5aaGBfyR5eGQxnxfaUf8WsRlw0G3pgvjuZy64MZWehjatBDPC5zQAuFNTqzf X-Received: by 10.182.47.100 with SMTP id c4mr22355812obn.38.1394327025397; Sat, 08 Mar 2014 17:03:45 -0800 (PST) Received: from ?IPv6:2602:306:3406:4f00:bdc2:ed1c:3bb3:262d? ([2602:306:3406:4f00:bdc2:ed1c:3bb3:262d]) by mx.google.com with ESMTPSA id d3sm75050023oeu.8.2014.03.08.17.03.43 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 08 Mar 2014 17:03:44 -0800 (PST) Content-Type: multipart/signed; boundary="Apple-Mail=_13E7D272-E4EB-4D65-9873-F221EA2EA2DF"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\)) From: Adam Montville In-Reply-To: Date: Sat, 8 Mar 2014 19:03:42 -0600 Message-Id: <48054024-DD23-4C37-9234-E136C62AF9C8@stoicsecurity.com> References: To: Trevor Freeman X-Mailer: Apple Mail (2.1874) Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/F4eYBl28ZS-UUyVASxOiPosIlZA Cc: Dave Waltermier , "sacm@ietf.org" Subject: Re: [sacm] Comments on SACM Terminology draft X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Mar 2014 01:03:54 -0000 --Apple-Mail=_13E7D272-E4EB-4D65-9873-F221EA2EA2DF Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 Trevor, many good suggestions here, thank you. I have a couple of = comments inline (as contributor). On Mar 7, 2014, at 10:48 AM, Trevor Freeman = wrote: > Hi Dave, > =20 > Here are some suggestions for simplifying or clarify the SACM = terminology draft. I think these definitions are a more consistent with = the other definitions. > =20 > Endpoint > This definition needs to be expanded to include virtual devices as = well as physical devices. I would also replace =93IP Address=94 with = the more general =93network address=94. I like the suggestion of replacing "IP Address" with "network address." = To me, explicitly mentioning physical or virtual would be a mistake - if = it's network addressable, then it can be classified as an endpoint. > Exposure > =93An endpoint misconfiguration or software flaw that allows an = attacker a means to compromise an endpoint or network=94 This definition seems good. How would "exposure" differ from = "vulnerability"? More specifically, because we're dealing with = configuration assessment we're talking about configuration = vulnerabilities or misconfigurations. It seems that the presence of a = misconfiguration or software vulnerability alone is not sufficient to = state that the asset or software is "exposed".=20 > Posture > I think overloading Posture to be both the state of the endpoint as = well as the data representing the state of the endpoint will lead to = misunderstandings. You have Posture Attributes so why the need to = overload Posture ? To me, this is more nuanced than it might seem. Posture has a "security = feel" to it. The overall state of an endpoint (a composite of states) = may be a superset of what we consider to be "posture". It has been my = experience that security-relevant configurations and attributes are = considered posture. > Remediation > =93A set of actions that results in a change to an endpoint=92s = Posture to address an exposure=94 This is generally correct. Would it be beneficial to include some = language about correcting the misconfiguration in compliance with an = expected value? Of course, we're talking about "exposure" here, which = may be mitigated without actual remediation, which is not remediation at = all. > Software Flaw > =93A feature in software that results in an exposure=94 s/exposure/vulnerability ? This may be more nuanced as well, because a = flaw in software may not be a vulnerability. > Vulnerability > =93A state of configuration or software flaw which results in an = exposure=94 Hmm... The more I'm looking at these terms the more I'm wondering how = an exposure is distinguished from a vulnerability. A software flaw may = result in vulnerable software - software that, so long as the flaw = exists, may be vulnerable to some threat. Similarly, a misconfiguration = may result in a vulnerable asset - an asset that, so long as the = misconfiguration exists, may be vulnerable to some threat. The = software/asset is only vulnerable if it is exposed to the threat, and = there may be mitigating circumstances that preclude such an exposure. > Vulnerability Management > =93The process of remediating vulnerabilities on endpoints=94 s/remediating/mitigating I definitely like inclusion of "process" in this definition. > =20 > Trevor > =20 > _______________________________________________ > sacm mailing list > sacm@ietf.org > https://www.ietf.org/mailman/listinfo/sacm --Apple-Mail=_13E7D272-E4EB-4D65-9873-F221EA2EA2DF Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJTG73uAAoJELhc5c4zaVWHU2QH/RwdjsU9GQyMewtgu7F4B1Cl dBdfRPdWqbFdKfsPxc27D8rEXYRDYiIYNTHxdjmZcJ9BfjDCwscImUHcdjDGvYpS 7XaenzdWzLyw1kj+GmwJwvoPiKX6UeZPWORxUAaEUZNOfx0ZQFAe+LUNLcA3PANR WkjwuyjwA0vo8fD8H/KqV+v0evJIDX8AK2gxA+FFe6PTkBNkkzRZhdW9MM0kMp4k 9VqjWPNw5laLrYYtvOyOvl211dUYOTH9wZ8wOnUlXEjfSMPzLV2xu6sjXdd/QA5q Ms68DbIpvb6NtHg7d+2doH11j2o4ZEJGFenNoRYeRX/lc2BP16fjMUy1sAf7Mg8= =GTCO -----END PGP SIGNATURE----- --Apple-Mail=_13E7D272-E4EB-4D65-9873-F221EA2EA2DF-- From nobody Sat Mar 8 23:34:49 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1620A1A0322 for ; Sat, 8 Mar 2014 23:34:47 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FjDk_peVKRvm for ; Sat, 8 Mar 2014 23:34:44 -0800 (PST) Received: from mail-pb0-x236.google.com (mail-pb0-x236.google.com [IPv6:2607:f8b0:400e:c01::236]) by ietfa.amsl.com (Postfix) with ESMTP id 7D2BE1A031E for ; Sat, 8 Mar 2014 23:34:44 -0800 (PST) Received: by mail-pb0-f54.google.com with SMTP id ma3so5927404pbc.41 for ; Sat, 08 Mar 2014 23:34:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=ntPo+dheGG6efW9B+LefP6mhEQuZ3nEL5qsywJBfhZU=; b=O3oNDikqV1jsV0VCDZyLkaxQfrH3ovOWG3Yq8vy5yO8XgJOM26dVVw5H4T03714LMj BF3dv5wi9tZO6lNTTJqiR1Wyh0lnrJBqJM3en0m+jfAc/fm7cqChpu0m9EN8oofxp4K1 EThgr51O1TwvPkyDSy17ynF06HA6f7MwQTWXvRcIc5SGVq8lX2FRNspzjjE114d8UfaF G1H6LmOMHUHGPJFhytzpReZa7yit2rFOxMTcfxNjbhyDejRVZQmMwBzbI9sylcNKALzB uXGnDaQpp/+wzV6plJuv4peGOhGygaJ33QV+SniuL7lFWQnh5XvFm1MJ3hZN29bmH3Oa axGw== MIME-Version: 1.0 X-Received: by 10.68.250.3 with SMTP id yy3mr32885104pbc.56.1394350479728; Sat, 08 Mar 2014 23:34:39 -0800 (PST) Received: by 10.68.195.104 with HTTP; Sat, 8 Mar 2014 23:34:39 -0800 (PST) In-Reply-To: <48054024-DD23-4C37-9234-E136C62AF9C8@stoicsecurity.com> References: <48054024-DD23-4C37-9234-E136C62AF9C8@stoicsecurity.com> Date: Sun, 9 Mar 2014 10:34:39 +0300 Message-ID: From: Jerome Athias To: Adam Montville Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/-FzQGYJzBYhHVs4puyzYfp1_Rjc Cc: Trevor Freeman , Dave Waltermier , "sacm@ietf.org" Subject: Re: [sacm] Comments on SACM Terminology draft X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Mar 2014 07:34:47 -0000 Hi, definitely something to address. Very simple definitions (from TARA) fyi: Vulnerability: Part of the information security infrastructure that could represent a weakness to attack in the absence of a control. Control: Tools, processes, and measures put in place to reduce the risk of loss due to a vulnerability. Exposure: Vulnerability without a control. NB: For me, Weakness needs to be introduced (I prefer Weakness to Flaw, especially for CM) as different from Vulnerability (Weakness + Exposure =3D> Vulnerability) i.e. I see password brute force susceptibility as a weak configuration, not a vulnerability For me, there is also a difference between mitigation (i.e. risk acceptance) and remediation. i.e. You could have a waiver for a weakness, or compensative controls as part of the vulnerability management (so this is not just "remediating vulnerabilities") The primary methods of remediation are development/installation of a software patch, adjustment of a configuration setting and removal of affected software. Regards 2014-03-09 4:03 GMT+03:00 Adam Montville : > Trevor, many good suggestions here, thank you. I have a couple of commen= ts inline (as contributor). > > On Mar 7, 2014, at 10:48 AM, Trevor Freeman wrote: > >> Hi Dave, >> >> Here are some suggestions for simplifying or clarify the SACM terminolog= y draft. I think these definitions are a more consistent with the other de= finitions. >> >> Endpoint >> This definition needs to be expanded to include virtual devices as well = as physical devices. I would also replace "IP Address" with the more gener= al "network address". > > I like the suggestion of replacing "IP Address" with "network address." = To me, explicitly mentioning physical or virtual would be a mistake - if it= 's network addressable, then it can be classified as an endpoint. > >> Exposure >> "An endpoint misconfiguration or software flaw that allows an attacker a= means to compromise an endpoint or network" > > This definition seems good. How would "exposure" differ from "vulnerabil= ity"? More specifically, because we're dealing with configuration assessme= nt we're talking about configuration vulnerabilities or misconfigurations. = It seems that the presence of a misconfiguration or software vulnerability= alone is not sufficient to state that the asset or software is "exposed". > >> Posture >> I think overloading Posture to be both the state of the endpoint as well= as the data representing the state of the endpoint will lead to misunderst= andings. You have Posture Attributes so why the need to overload Posture ? > > To me, this is more nuanced than it might seem. Posture has a "security = feel" to it. The overall state of an endpoint (a composite of states) may = be a superset of what we consider to be "posture". It has been my experien= ce that security-relevant configurations and attributes are considered post= ure. > >> Remediation >> "A set of actions that results in a change to an endpoint's Posture to a= ddress an exposure" > > This is generally correct. Would it be beneficial to include some langua= ge about correcting the misconfiguration in compliance with an expected val= ue? Of course, we're talking about "exposure" here, which may be mitigated= without actual remediation, which is not remediation at all. > >> Software Flaw >> "A feature in software that results in an exposure" > > s/exposure/vulnerability ? This may be more nuanced as well, because a f= law in software may not be a vulnerability. > > >> Vulnerability >> "A state of configuration or software flaw which results in an exposure" > > Hmm... The more I'm looking at these terms the more I'm wondering how an= exposure is distinguished from a vulnerability. A software flaw may resul= t in vulnerable software - software that, so long as the flaw exists, may b= e vulnerable to some threat. Similarly, a misconfiguration may result in a= vulnerable asset - an asset that, so long as the misconfiguration exists, = may be vulnerable to some threat. The software/asset is only vulnerable if= it is exposed to the threat, and there may be mitigating circumstances tha= t preclude such an exposure. > >> Vulnerability Management >> "The process of remediating vulnerabilities on endpoints" > > s/remediating/mitigating > > I definitely like inclusion of "process" in this definition. > >> >> Trevor >> >> _______________________________________________ >> sacm mailing list >> sacm@ietf.org >> https://www.ietf.org/mailman/listinfo/sacm > > > _______________________________________________ > sacm mailing list > sacm@ietf.org > https://www.ietf.org/mailman/listinfo/sacm > From nobody Sun Mar 9 16:30:25 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 944181A029A for ; Sun, 9 Mar 2014 16:30:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.902 X-Spam-Level: X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RvT-4s9AE6Yh for ; Sun, 9 Mar 2014 16:30:19 -0700 (PDT) Received: from na01-by1-obe.outbound.o365filtering.com (mail-by1on0160.outbound.o365filtering.com [207.46.101.160]) by ietfa.amsl.com (Postfix) with ESMTP id 0B3331A0257 for ; Sun, 9 Mar 2014 16:30:18 -0700 (PDT) Received: from BLUSR01CA101.namsdf01.sdf.exchangelabs.com (10.255.124.146) by BLUSR01MB591.namsdf01.sdf.exchangelabs.com (10.255.124.165) with Microsoft SMTP Server (TLS) id 15.0.908.2; Sun, 9 Mar 2014 23:30:12 +0000 Received: from SN2FFOFD002.ffo.gbl (10.255.124.132) by BLUSR01CA101.outlook.office365.com (10.255.124.146) with Microsoft SMTP Server (TLS) id 15.0.908.2 via Frontend Transport; Sun, 9 Mar 2014 23:30:12 +0000 Received: from hybrid.exchange.microsoft.com (131.107.159.99) by SN2FFOFD002.mail.o365filtering.com (10.111.201.21) with Microsoft SMTP Server (TLS) id 15.0.898.4 via Frontend Transport; Sun, 9 Mar 2014 23:30:12 +0000 Received: from DFM-TK5MBX15-07.exchange.corp.microsoft.com (157.54.109.46) by DFM-TK5EDG15-01.exchange.corp.microsoft.com (157.54.27.96) with Microsoft SMTP Server (TLS) id 15.0.847.32; Sun, 9 Mar 2014 16:30:00 -0700 Received: from DFM-TK5MBX15-05.exchange.corp.microsoft.com (157.54.109.44) by DFM-TK5MBX15-07.exchange.corp.microsoft.com (157.54.109.46) with Microsoft SMTP Server (TLS) id 15.0.847.32; Sun, 9 Mar 2014 16:29:59 -0700 Received: from DFM-TK5MBX15-05.exchange.corp.microsoft.com ([169.254.5.188]) by DFM-TK5MBX15-05.exchange.corp.microsoft.com ([169.254.5.188]) with mapi id 15.00.0847.030; Sun, 9 Mar 2014 16:29:46 -0700 From: Trevor Freeman To: Adam Montville Thread-Topic: [sacm] Comments on SACM Terminology draft Thread-Index: Ac858fgfwV0if1qpT5G6/+SJ+dpqYwBhH+4AABW7wGA= Date: Sun, 9 Mar 2014 23:29:46 +0000 Message-ID: <06fd2c5f163b431fb60313cd5934e8c1@DFM-TK5MBX15-05.exchange.corp.microsoft.com> References: <48054024-DD23-4C37-9234-E136C62AF9C8@stoicsecurity.com> In-Reply-To: <48054024-DD23-4C37-9234-E136C62AF9C8@stoicsecurity.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.54.51.13] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:131.107.159.99; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10009001)(189002)(24454002)(13464003)(377454003)(199002)(51704005)(93136001)(79102001)(85306002)(81542001)(47446002)(93516002)(74502001)(74662001)(31966008)(97336001)(63696002)(20776003)(97186001)(49866001)(92566001)(81686001)(47776003)(95416001)(47976001)(74366001)(47736001)(15975445006)(76482001)(53806001)(54356001)(51856001)(84676001)(77096001)(50986001)(94316002)(2656002)(46102001)(76796001)(76786001)(83072002)(56776001)(6806004)(81816001)(54316002)(59766001)(81342001)(69226001)(77982001)(4396001)(80976001)(94946001)(50466002)(44976005)(19580395003)(19580405001)(83322001)(74706001)(74876001)(23726002)(87266001)(95666003)(90146001)(56816005)(85852003)(33646001)(66066001)(80022001)(65816001)(46406003)(87936001)(24736002); DIR:OUT; SFP:1101; SCL:1; SRVR:BLUSR01MB591; H:hybrid.exchange.microsoft.com; FPR:ECBCF5D9.9FF2936D.F8C31EBB.CCE0D171.20507; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en; X-Forefront-PRVS: 0145758B1D X-OriginatorOrg: exchange.microsoft.com Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/ibCCj0VALlBH8UPErOWNyi-epss Cc: Dave Waltermier , "sacm@ietf.org" Subject: Re: [sacm] Comments on SACM Terminology draft X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Mar 2014 23:30:22 -0000 Hi Adam, Another term I am having trouble with is the use of assessment to mean simp= le collection of posture attributes. The normal use of assessment involves = making a value judgment not simple collection i.e. a tax assessor is a dif= ferent function to tax collector. When reading Nancy's requirements draft = I often had to re-read sentences remembering the sacm definition because I = kept defaulting to the normal use meaning.=20 See inline below Trevor -----Original Message----- From: Adam Montville [mailto:adam@stoicsecurity.com]=20 Sent: Saturday, March 08, 2014 5:04 PM To: Trevor Freeman Cc: Dave Waltermier; sacm@ietf.org Subject: Re: [sacm] Comments on SACM Terminology draft Trevor, many good suggestions here, thank you. I have a couple of comments= inline (as contributor). On Mar 7, 2014, at 10:48 AM, Trevor Freeman wrote: > Hi Dave, > =20 > Here are some suggestions for simplifying or clarify the SACM terminology= draft. I think these definitions are a more consistent with the other def= initions. > =20 > Endpoint > This definition needs to be expanded to include virtual devices as well a= s physical devices. I would also replace "IP Address" with the more genera= l "network address". I like the suggestion of replacing "IP Address" with "network address." To= me, explicitly mentioning physical or virtual would be a mistake - if it's= network addressable, then it can be classified as an endpoint. [TF] The examples all cited in the definition are all physical devices whic= h is not what we are meaning so we do need to make it clear somehow that vi= rtual devise are included. > Exposure > "An endpoint misconfiguration or software flaw that allows an attacker a = means to compromise an endpoint or network" This definition seems good. How would "exposure" differ from "vulnerabilit= y"? More specifically, because we're dealing with configuration assessment= we're talking about configuration vulnerabilities or misconfigurations. I= t seems that the presence of a misconfiguration or software vulnerability a= lone is not sufficient to state that the asset or software is "exposed".=20 [TF] I agree there seems to be a lot of overlap between exposure and vulner= ability. Unless there is some compelling difference we should eliminate one= of the terms.=20 > Posture > I think overloading Posture to be both the state of the endpoint as well = as the data representing the state of the endpoint will lead to misundersta= ndings. You have Posture Attributes so why the need to overload Posture ? To me, this is more nuanced than it might seem. Posture has a "security fe= el" to it. The overall state of an endpoint (a composite of states) may be= a superset of what we consider to be "posture". It has been my experience= that security-relevant configurations and attributes are considered postur= e. [TF] I agree with your interpretation of posture. It does have a security f= eel to it as you say. I am fine with its use where we mean the posture of t= he endpoint itself. Where I see the confusion is when we try and make it al= so mean the set of attributes that describe the posture of the device.=20 > Remediation > "A set of actions that results in a change to an endpoint's Posture to ad= dress an exposure" This is generally correct. Would it be beneficial to include some language= about correcting the misconfiguration in compliance with an expected value= ? Of course, we're talking about "exposure" here, which may be mitigated w= ithout actual remediation, which is not remediation at all. [TF] I don't think the addition helps as any change has to be to an specifi= c value. If not you consider the changes process was unsuccessful. > Software Flaw > "A feature in software that results in an exposure" s/exposure/vulnerability ? This may be more nuanced as well, because a fla= w in software may not be a vulnerability. [TF] I agree with the nuance. Whatever adjective we pick here is trying to = mean a subclass of software bugs that results in an exposure. Maybe we shou= ld stick to the term software vulnerability rather than software flaw.=20 > Vulnerability > "A state of configuration or software flaw which results in an exposure" Hmm... The more I'm looking at these terms the more I'm wondering how an e= xposure is distinguished from a vulnerability. A software flaw may result = in vulnerable software - software that, so long as the flaw exists, may be = vulnerable to some threat. Similarly, a misconfiguration may result in a v= ulnerable asset - an asset that, so long as the misconfiguration exists, ma= y be vulnerable to some threat. The software/asset is only vulnerable if i= t is exposed to the threat, and there may be mitigating circumstances that = preclude such an exposure. > Vulnerability Management > "The process of remediating vulnerabilities on endpoints" s/remediating/mitigating I definitely like inclusion of "process" in this definition. > =20 > Trevor > =20 > _______________________________________________ > sacm mailing list > sacm@ietf.org > https://www.ietf.org/mailman/listinfo/sacm From nobody Mon Mar 10 04:58:24 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 658D61A0423 for ; Mon, 10 Mar 2014 04:58:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.397 X-Spam-Level: X-Spam-Status: No, score=-4.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.547] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rwdLEoWPTquP for ; Mon, 10 Mar 2014 04:58:19 -0700 (PDT) Received: from mailext.sit.fraunhofer.de (mailext.sit.fraunhofer.de [141.12.72.89]) by ietfa.amsl.com (Postfix) with ESMTP id 150361A041F for ; Mon, 10 Mar 2014 04:58:17 -0700 (PDT) Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171] (may be forged)) by mailext.sit.fraunhofer.de (8.14.2/8.13.6/9.9.9) with ESMTP id s2ABwLav011481 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=OK) for ; Mon, 10 Mar 2014 12:58:21 +0100 Received: from [134.102.227.51] (134.102.227.51) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.169.1; Mon, 10 Mar 2014 12:58:04 +0100 Message-ID: <531DA8C9.4070000@sit.fraunhofer.de> Date: Mon, 10 Mar 2014 12:58:01 +0100 From: Henk Birkholz User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: References: <48054024-DD23-4C37-9234-E136C62AF9C8@stoicsecurity.com> <06fd2c5f163b431fb60313cd5934e8c1@DFM-TK5MBX15-05.exchange.corp.microsoft.com> In-Reply-To: <06fd2c5f163b431fb60313cd5934e8c1@DFM-TK5MBX15-05.exchange.corp.microsoft.com> Content-Type: text/plain; charset="ISO-8859-1"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [134.102.227.51] Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/xha52aYH7pstoDjo0Uf6M1X-R58 Subject: Re: [sacm] Comments on SACM Terminology draft X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Mar 2014 11:58:23 -0000 I'd second this. Maybe it would help to just differentiate between the terms "attribute assessment" and "attribute acquisition"? Best, Henk On 03/10/2014 12:29 AM, Trevor Freeman wrote: > Hi Adam, > > Another term I am having trouble with is the use of assessment to mean simple collection of posture attributes. The normal use of assessment involves making a value judgment not simple collection i.e. a tax assessor is a different function to tax collector. When reading Nancy's requirements draft I often had to re-read sentences remembering the sacm definition because I kept defaulting to the normal use meaning. > > See inline below > > Trevor > > -----Original Message----- > From: Adam Montville [mailto:adam@stoicsecurity.com] > Sent: Saturday, March 08, 2014 5:04 PM > To: Trevor Freeman > Cc: Dave Waltermier; sacm@ietf.org > Subject: Re: [sacm] Comments on SACM Terminology draft > > Trevor, many good suggestions here, thank you. I have a couple of comments inline (as contributor). > > On Mar 7, 2014, at 10:48 AM, Trevor Freeman wrote: > >> Hi Dave, >> >> Here are some suggestions for simplifying or clarify the SACM terminology draft. I think these definitions are a more consistent with the other definitions. >> >> Endpoint >> This definition needs to be expanded to include virtual devices as well as physical devices. I would also replace "IP Address" with the more general "network address". > > I like the suggestion of replacing "IP Address" with "network address." To me, explicitly mentioning physical or virtual would be a mistake - if it's network addressable, then it can be classified as an endpoint. > [TF] The examples all cited in the definition are all physical devices which is not what we are meaning so we do need to make it clear somehow that virtual devise are included. > >> Exposure >> "An endpoint misconfiguration or software flaw that allows an attacker a means to compromise an endpoint or network" > > This definition seems good. How would "exposure" differ from "vulnerability"? More specifically, because we're dealing with configuration assessment we're talking about configuration vulnerabilities or misconfigurations. It seems that the presence of a misconfiguration or software vulnerability alone is not sufficient to state that the asset or software is "exposed". > [TF] I agree there seems to be a lot of overlap between exposure and vulnerability. Unless there is some compelling difference we should eliminate one of the terms. > >> Posture >> I think overloading Posture to be both the state of the endpoint as well as the data representing the state of the endpoint will lead to misunderstandings. You have Posture Attributes so why the need to overload Posture ? > > To me, this is more nuanced than it might seem. Posture has a "security feel" to it. The overall state of an endpoint (a composite of states) may be a superset of what we consider to be "posture". It has been my experience that security-relevant configurations and attributes are considered posture. > > [TF] I agree with your interpretation of posture. It does have a security feel to it as you say. I am fine with its use where we mean the posture of the endpoint itself. Where I see the confusion is when we try and make it also mean the set of attributes that describe the posture of the device. > >> Remediation >> "A set of actions that results in a change to an endpoint's Posture to address an exposure" > > This is generally correct. Would it be beneficial to include some language about correcting the misconfiguration in compliance with an expected value? Of course, we're talking about "exposure" here, which may be mitigated without actual remediation, which is not remediation at all. > [TF] I don't think the addition helps as any change has to be to an specific value. If not you consider the changes process was unsuccessful. > > >> Software Flaw >> "A feature in software that results in an exposure" > > s/exposure/vulnerability ? This may be more nuanced as well, because a flaw in software may not be a vulnerability. > [TF] I agree with the nuance. Whatever adjective we pick here is trying to mean a subclass of software bugs that results in an exposure. Maybe we should stick to the term software vulnerability rather than software flaw. > > >> Vulnerability >> "A state of configuration or software flaw which results in an exposure" > > Hmm... The more I'm looking at these terms the more I'm wondering how an exposure is distinguished from a vulnerability. A software flaw may result in vulnerable software - software that, so long as the flaw exists, may be vulnerable to some threat. Similarly, a misconfiguration may result in a vulnerable asset - an asset that, so long as the misconfiguration exists, may be vulnerable to some threat. The software/asset is only vulnerable if it is exposed to the threat, and there may be mitigating circumstances that preclude such an exposure. > >> Vulnerability Management >> "The process of remediating vulnerabilities on endpoints" > > s/remediating/mitigating > > I definitely like inclusion of "process" in this definition. > >> >> Trevor >> >> _______________________________________________ >> sacm mailing list >> sacm@ietf.org >> https://www.ietf.org/mailman/listinfo/sacm > > _______________________________________________ > sacm mailing list > sacm@ietf.org > https://www.ietf.org/mailman/listinfo/sacm > From nobody Mon Mar 10 06:25:26 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07F861A0439 for ; Mon, 10 Mar 2014 06:25:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.547 X-Spam-Level: X-Spam-Status: No, score=-2.547 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id URais9EpiiaO for ; Mon, 10 Mar 2014 06:25:21 -0700 (PDT) Received: from qmta04.westchester.pa.mail.comcast.net (qmta04.westchester.pa.mail.comcast.net [IPv6:2001:558:fe14:43:76:96:62:40]) by ietfa.amsl.com (Postfix) with ESMTP id DBBB21A0435 for ; Mon, 10 Mar 2014 06:25:20 -0700 (PDT) Received: from omta03.westchester.pa.mail.comcast.net ([76.96.62.27]) by qmta04.westchester.pa.mail.comcast.net with comcast id bnuR1n0020bG4ec54pRF8Q; Mon, 10 Mar 2014 13:25:15 +0000 Received: from JV6RVH1 ([67.189.237.137]) by omta03.westchester.pa.mail.comcast.net with comcast id bpRE1n00h2yZEBF3PpREk6; Mon, 10 Mar 2014 13:25:15 +0000 From: "ietfdbh" To: "'Trevor Freeman'" , "'Adam Montville'" References: <48054024-DD23-4C37-9234-E136C62AF9C8@stoicsecurity.com> <06fd2c5f163b431fb60313cd5934e8c1@DFM-TK5MBX15-05.exchange.corp.microsoft.com> In-Reply-To: <06fd2c5f163b431fb60313cd5934e8c1@DFM-TK5MBX15-05.exchange.corp.microsoft.com> Date: Mon, 10 Mar 2014 09:25:11 -0400 Message-ID: <000c01cf3c64$2a19e510$7e4daf30$@comcast.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQHS8AVkrHrs0zdUlfgTVaxiKozQLQIEo3nnAUaFZCyauI6WcA== Content-Language: en-us DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20121106; t=1394457915; bh=D5SoW/4MMFfXS0jFew0W6cGPoxo7V9az9ooo0qRQZH4=; h=Received:Received:From:To:Subject:Date:Message-ID:MIME-Version: Content-Type; b=Nt6sT5LADowLc2u+9s6O87j0sP7J5rXQ3LYy/G4TL+AHMZATI2b3f82IZEWvj5dqs xeaPIjCBFbEEKtcrS34PJAXIdOs/Xaq09FkA6Ouw9HDDPAY0cTzDNngEMlWTdNotTR 4ejIqoC8H4ee2u6BsA02dp+FMbV7/DO3Aa6XWUwMwnEaixLuDv3hahI+e6KN2m2PdN SwqWKW6wJtlYe7QetMgGG61iVHMFZT+OguzccdIjj8zN4DfpUlLNnj+3+gMatcTEGD iHY74w1nYkrO1CWZ/POc6KfdCzmsEeHCojULwQJuR+GZpH9kGbxFuLShYbHJueqWwg UU3Y0BHOE8i0w== Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/Ggk7zIYyRomFsl_3QJrR1dqbUKs Cc: 'Dave Waltermier' , sacm@ietf.org Subject: Re: [sacm] Comments on SACM Terminology draft X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Mar 2014 13:25:24 -0000 Hi, I don't have time to check this right now. Didn't we make a distinction between these in the use-cases draft? We should make sure the three drafts are in sync on that. David Harrington ietfdbh@comcast.net +1-603-828-1401 > -----Original Message----- > From: sacm [mailto:sacm-bounces@ietf.org] On Behalf Of Trevor Freeman > Sent: Sunday, March 09, 2014 7:30 PM > To: Adam Montville > Cc: Dave Waltermier; sacm@ietf.org > Subject: Re: [sacm] Comments on SACM Terminology draft > > Hi Adam, > > Another term I am having trouble with is the use of assessment to mean > simple collection of posture attributes. The normal use of assessment > involves making a value judgment not simple collection i.e. a tax assessor is a > different function to tax collector. When reading Nancy's requirements draft > I often had to re-read sentences remembering the sacm definition because I > kept defaulting to the normal use meaning. > > See inline below > > Trevor > > -----Original Message----- > From: Adam Montville [mailto:adam@stoicsecurity.com] > Sent: Saturday, March 08, 2014 5:04 PM > To: Trevor Freeman > Cc: Dave Waltermier; sacm@ietf.org > Subject: Re: [sacm] Comments on SACM Terminology draft > > Trevor, many good suggestions here, thank you. I have a couple of > comments inline (as contributor). > > On Mar 7, 2014, at 10:48 AM, Trevor Freeman > wrote: > > > Hi Dave, > > > > Here are some suggestions for simplifying or clarify the SACM terminology > draft. I think these definitions are a more consistent with the other > definitions. > > > > Endpoint > > This definition needs to be expanded to include virtual devices as well as > physical devices. I would also replace "IP Address" with the more general > "network address". > > I like the suggestion of replacing "IP Address" with "network address." To > me, explicitly mentioning physical or virtual would be a mistake - if it's > network addressable, then it can be classified as an endpoint. > [TF] The examples all cited in the definition are all physical devices which is > not what we are meaning so we do need to make it clear somehow that > virtual devise are included. > > > Exposure > > "An endpoint misconfiguration or software flaw that allows an attacker a > means to compromise an endpoint or network" > > This definition seems good. How would "exposure" differ from > "vulnerability"? More specifically, because we're dealing with configuration > assessment we're talking about configuration vulnerabilities or > misconfigurations. It seems that the presence of a misconfiguration or > software vulnerability alone is not sufficient to state that the asset or > software is "exposed". > [TF] I agree there seems to be a lot of overlap between exposure and > vulnerability. Unless there is some compelling difference we should > eliminate one of the terms. > > > Posture > > I think overloading Posture to be both the state of the endpoint as well as > the data representing the state of the endpoint will lead to > misunderstandings. You have Posture Attributes so why the need to > overload Posture ? > > To me, this is more nuanced than it might seem. Posture has a "security feel" > to it. The overall state of an endpoint (a composite of states) may be a > superset of what we consider to be "posture". It has been my experience > that security-relevant configurations and attributes are considered posture. > > [TF] I agree with your interpretation of posture. It does have a security feel > to it as you say. I am fine with its use where we mean the posture of the > endpoint itself. Where I see the confusion is when we try and make it also > mean the set of attributes that describe the posture of the device. > > > Remediation > > "A set of actions that results in a change to an endpoint's Posture to > address an exposure" > > This is generally correct. Would it be beneficial to include some language > about correcting the misconfiguration in compliance with an expected value? > Of course, we're talking about "exposure" here, which may be mitigated > without actual remediation, which is not remediation at all. > [TF] I don't think the addition helps as any change has to be to an specific > value. If not you consider the changes process was unsuccessful. > > > > Software Flaw > > "A feature in software that results in an exposure" > > s/exposure/vulnerability ? This may be more nuanced as well, because a > flaw in software may not be a vulnerability. > [TF] I agree with the nuance. Whatever adjective we pick here is trying to > mean a subclass of software bugs that results in an exposure. Maybe we > should stick to the term software vulnerability rather than software flaw. > > > > Vulnerability > > "A state of configuration or software flaw which results in an exposure" > > Hmm... The more I'm looking at these terms the more I'm wondering how an > exposure is distinguished from a vulnerability. A software flaw may result in > vulnerable software - software that, so long as the flaw exists, may be > vulnerable to some threat. Similarly, a misconfiguration may result in a > vulnerable asset - an asset that, so long as the misconfiguration exists, may > be vulnerable to some threat. The software/asset is only vulnerable if it is > exposed to the threat, and there may be mitigating circumstances that > preclude such an exposure. > > > Vulnerability Management > > "The process of remediating vulnerabilities on endpoints" > > s/remediating/mitigating > > I definitely like inclusion of "process" in this definition. > > > > > Trevor > > > > _______________________________________________ > > sacm mailing list > > sacm@ietf.org > > https://www.ietf.org/mailman/listinfo/sacm > > _______________________________________________ > sacm mailing list > sacm@ietf.org > https://www.ietf.org/mailman/listinfo/sacm From nobody Mon Mar 10 07:08:48 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6FDE1A043B for ; Mon, 10 Mar 2014 07:08:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oEzk1W36q_21 for ; Mon, 10 Mar 2014 07:07:49 -0700 (PDT) Received: from mail-ie0-f175.google.com (mail-ie0-f175.google.com [209.85.223.175]) by ietfa.amsl.com (Postfix) with ESMTP id E917B1A0437 for ; Mon, 10 Mar 2014 07:07:46 -0700 (PDT) Received: by mail-ie0-f175.google.com with SMTP id to1so7210195ieb.34 for ; Mon, 10 Mar 2014 07:07:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=k3BocbdjfmjeZuDtm8vftkd6farAuy3NYTsVlnp6ZOM=; b=FyccJaMciCTOPgl4zi0J2rHGznZRafpIllnHd5IDWgsaCBcDV8Oe7iwC9932IYrvYi Q1sKoxEL6Yswpe14lFRtF2vp0IQaMWKQPQuvmX5vcOHfleL/Q8b6sRtiR6ZtBngTyW6t +mU4SAr6a88PD2TJGgqJ0/TO0dhBf9MGpfhJ/HljAD9oA94kMRj6mIxfMl42wQwjL69S 7eFN4LiUMA24sRZyTHfR20/fLdBnWi/QX6m13Z4L0SjHH2y+EZjLHCBzP+FigmKSAc+K dp4K1kvI4fNaBMr5GTyXkS8480DOwkP23ahwyDpWT9MBeDr0SziS6w7zqVTa0Ehjuhq0 NT9Q== X-Gm-Message-State: ALoCoQk9qtmJislnXfmXZ4FnnZQfUOlPQShlx+g/zMX7LLJNtjqHTC8HhHTfqSPOxctLyWHCb9xd X-Received: by 10.42.228.131 with SMTP id je3mr1773459icb.59.1394460461476; Mon, 10 Mar 2014 07:07:41 -0700 (PDT) Received: from ?IPv6:2602:306:3406:4f00:9c9e:bd46:fe14:cab5? ([2602:306:3406:4f00:9c9e:bd46:fe14:cab5]) by mx.google.com with ESMTPSA id y9sm36471788igl.7.2014.03.10.07.07.39 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 10 Mar 2014 07:07:40 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\)) From: Adam Montville In-Reply-To: <000c01cf3c64$2a19e510$7e4daf30$@comcast.net> Date: Mon, 10 Mar 2014 09:07:38 -0500 Content-Transfer-Encoding: 7bit Message-Id: <37A873E4-64E1-4252-82EE-6E6A173AA66B@stoicsecurity.com> References: <48054024-DD23-4C37-9234-E136C62AF9C8@stoicsecurity.com> <06fd2c5f163b431fb60313cd5934e8c1@DFM-TK5MBX15-05.exchange.corp.microsoft.com> <000c01cf3c64$2a19e510$7e4daf30$@comcast.net> To: David Harrington X-Mailer: Apple Mail (2.1874) Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/D70ll4IukZ71dddOLpslWafwXg8 Cc: Trevor Freeman , Dave Waltermier , sacm@ietf.org Subject: Re: [sacm] Comments on SACM Terminology draft X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Mar 2014 14:08:04 -0000 X-List-Received-Date: Mon, 10 Mar 2014 14:08:04 -0000 On Mar 10, 2014, at 8:25 AM, ietfdbh wrote: > I don't have time to check this right now. > Didn't we make a distinction between these in the use-cases draft? > We should make sure the three drafts are in sync on that. +1 - term definitions and use must be synchronized across our documents. From nobody Wed Mar 12 06:30:00 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B4561A098F for ; Wed, 12 Mar 2014 06:29:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.048 X-Spam-Level: X-Spam-Status: No, score=-10.048 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BzxRDKLM_asA for ; Wed, 12 Mar 2014 06:29:57 -0700 (PDT) Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) by ietfa.amsl.com (Postfix) with ESMTP id 141E71A099A for ; Wed, 12 Mar 2014 06:29:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1568; q=dns/txt; s=iport; t=1394630991; x=1395840591; h=from:to:subject:date:message-id:in-reply-to:content-id: content-transfer-encoding:mime-version; bh=sGMkyEZnRRUaf87yBRvXo/H5EdPrF0GXEErX2sXwVU0=; b=FT8XyxxzEpchO2T7vQ956OABrRm1/y8bHc1O6jWfgFZYIIhRrYuSAdN/ M8k4/KnPga9TQJLMThA/oZF08iyg+rD9d3KiXKbwcm/PDJMwck0ztiUuc Hmipj0aBTpZsLxRBfx6eyoKT9sgCsJRHzfp+XC3mPF1z9BafA+b9C6Cfe s=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ag0FAO5gIFOtJXG//2dsb2JhbABagwY7V7okhy6BGxZ0gicBBAEBAWsdAQgOXwslAgQBEod5DdF0EwSOY4Q4AQOYRZItgy2CKw X-IronPort-AV: E=Sophos;i="4.97,638,1389744000"; d="scan'208";a="26867956" Received: from rcdn-core2-4.cisco.com ([173.37.113.191]) by alln-iport-7.cisco.com with ESMTP; 12 Mar 2014 13:29:50 +0000 Received: from xhc-rcd-x15.cisco.com (xhc-rcd-x15.cisco.com [173.37.183.89]) by rcdn-core2-4.cisco.com (8.14.5/8.14.5) with ESMTP id s2CDTokk016577 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 12 Mar 2014 13:29:50 GMT Received: from xmb-aln-x02.cisco.com ([169.254.5.113]) by xhc-rcd-x15.cisco.com ([173.37.183.89]) with mapi id 14.03.0123.003; Wed, 12 Mar 2014 08:29:50 -0500 From: "Nancy Cam-Winget (ncamwing)" To: Stephen Hanna , "'sacm@ietf.org'" Thread-Topic: [sacm] Feedback on Requirements Discussion Thread-Index: AQHPPfckI1gF9yj+oECI4540kw4VtA== Date: Wed, 12 Mar 2014 13:29:49 +0000 Message-ID: In-Reply-To: <1a12a6cff02440058f226eaa1148ee4e@BLUPR05MB737.namprd05.prod.outlook.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.3.2.130206 x-originating-ip: [10.21.75.100] Content-Type: text/plain; charset="Windows-1252" Content-ID: <5CDCAA3B0F618045B830CCBEDE9875C2@emea.cisco.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/9XZPwHCeA2WucroQ0bZFv7vh-cY Subject: Re: [sacm] Feedback on Requirements Discussion X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Mar 2014 13:29:59 -0000 Hi Steve, Thanks for raising this. I think it is in how one can construe what information can be provided by a "Posture Assessment Information Provider". RFC Section 5.1.1.1 states "The Posture Collector is responsible for responding to requests for posture information in Request Attributes from the NEA Server." So while you are right, the NEA client expects to respond to requests from the NEA server, the abstract is that the Posture Collector is still providing posture information. I should have clarified that the requestor must act as a NEA server. I am not suggesting that only NEA clients are providers, as the slides show the NEA server being a provider as well (and pragmatically, would expect applications to mainly get posture assessments from a NEA server)=8A..but when discussed in earlier sessions, someone had raised the comment that Posture Collectors could also be providers=8A.. Nancy. On 3/7/14 7:09 AM, "Stephen Hanna" wrote: >Thanks to Nancy for providing a succinct and >productive discussion on requirements at >today's SACM F2F meeting. > >I'd like to agree with Trevor's comment >that it's odd to consider a NEA Client as a >Posture Assessment Information Provider. >A NEA Client can't function without a NEA >Server. That NEA Server should be considered >to be the Posture Assessment Information >Provider. > >Thanks, > >Steve > > >_______________________________________________ >sacm mailing list >sacm@ietf.org >https://www.ietf.org/mailman/listinfo/sacm From nobody Wed Mar 12 06:30:07 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D3201A099A for ; Wed, 12 Mar 2014 06:30:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -15.048 X-Spam-Level: X-Spam-Status: No, score=-15.048 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wuxUFsxe34Ik for ; Wed, 12 Mar 2014 06:30:01 -0700 (PDT) Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) by ietfa.amsl.com (Postfix) with ESMTP id 43DC01A099E for ; Wed, 12 Mar 2014 06:30:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4619; q=dns/txt; s=iport; t=1394630995; x=1395840595; h=from:to:cc:subject:date:message-id:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=OqLY0eijSwS52zEl8wmFX9GJI9MASQVLa9bZpCLq4Js=; b=YlRpkakRs7d7DhKJDZUxdmHyyUYFrcnV9CEA0hglPSZBKBgh9qYZ8GY4 ZwTBEcpEAG377TcBzfuh813+Lyls9KAolViYQ42C8wV1K2hehYNgIRliB 7LOG9DndtcOVR4sVnk5mnC0v4mqrk3Zec5ON0UJFYeZ/kMdwj2amCfnIK Q=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ak0FAAFgIFOtJV2Y/2dsb2JhbABagwY7V7okgzuDc4EbFnSCJQEBAQMBAQEBawsSAQgYVQslAgQBDQWHcQgN0W4TBI4pMweEOASYRZItgy2CKw X-IronPort-AV: E=Sophos;i="4.97,638,1389744000"; d="scan'208";a="309808549" Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by rcdn-iport-3.cisco.com with ESMTP; 12 Mar 2014 13:29:55 +0000 Received: from xhc-rcd-x10.cisco.com (xhc-rcd-x10.cisco.com [173.37.183.84]) by rcdn-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id s2CDTsqj007315 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 12 Mar 2014 13:29:54 GMT Received: from xmb-aln-x02.cisco.com ([169.254.5.113]) by xhc-rcd-x10.cisco.com ([173.37.183.84]) with mapi id 14.03.0123.003; Wed, 12 Mar 2014 08:29:54 -0500 From: "Nancy Cam-Winget (ncamwing)" To: Adam Montville , Trevor Freeman Thread-Topic: [sacm] Comments on SACM Terminology draft Thread-Index: AQHPPfcnMoSP5rOPaUqBatFP/YVPtQ== Date: Wed, 12 Mar 2014 13:29:54 +0000 Message-ID: In-Reply-To: <48054024-DD23-4C37-9234-E136C62AF9C8@stoicsecurity.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.3.2.130206 x-originating-ip: [10.21.75.100] Content-Type: text/plain; charset="Windows-1252" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/3Xd4cfczkrAtB3fpgnFOuLIXp2s Cc: Dave Waltermier , "sacm@ietf.org" Subject: Re: [sacm] Comments on SACM Terminology draft X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Mar 2014 13:30:04 -0000 Hi, Please see my comments below: On 3/8/14 5:03 PM, "Adam Montville" wrote: >Trevor, many good suggestions here, thank you. I have a couple of >comments inline (as contributor). > >On Mar 7, 2014, at 10:48 AM, Trevor Freeman > wrote: > >> Hi Dave, >> =20 >> Here are some suggestions for simplifying or clarify the SACM >>terminology draft. I think these definitions are a more consistent with >>the other definitions. >> =20 >> Endpoint >> This definition needs to be expanded to include virtual devices as well >>as physical devices. I would also replace =B3IP Address=B2 with the more >>general =B3network address=B2. > >I like the suggestion of replacing "IP Address" with "network address." >To me, explicitly mentioning physical or virtual would be a mistake - if >it's network addressable, then it can be classified as an endpoint. [NCW] I'm OK with making these adjustments as extensions. I'll add a new sentence to also include "To further clarify the [RFC5209] definition, it is any physical or virtual device that may have a network address." > >> Exposure >> =B3An endpoint misconfiguration or software flaw that allows an attacker >>a means to compromise an endpoint or network=B2 > >This definition seems good. How would "exposure" differ from >"vulnerability"? More specifically, because we're dealing with >configuration assessment we're talking about configuration >vulnerabilities or misconfigurations. It seems that the presence of a >misconfiguration or software vulnerability alone is not sufficient to >state that the asset or software is "exposed". [NCW] Both Exposure and Vulnerability are defined in RFC 4949. Exposure is defined as "A type of threat action whereby sensitive data is directly released to an unauthorized entity." and some examples are enumerated. Vulnerability is more a design, implementation or operation flaw that can be exploited=8A I think referencing these definitions help make that distinction. >=20 > >> Posture >> I think overloading Posture to be both the state of the endpoint as >>well as the data representing the state of the endpoint will lead to >>misunderstandings. You have Posture Attributes so why the need to >>overload Posture ? > >To me, this is more nuanced than it might seem. Posture has a "security >feel" to it. The overall state of an endpoint (a composite of states) >may be a superset of what we consider to be "posture". It has been my >experience that security-relevant configurations and attributes are >considered posture. [NCW] I tend to agree with Adam's view of this=8A.. > >> Remediation >> =B3A set of actions that results in a change to an endpoint=B9s Posture = to >>address an exposure=B2 > >This is generally correct. Would it be beneficial to include some >language about correcting the misconfiguration in compliance with an >expected value? Of course, we're talking about "exposure" here, which >may be mitigated without actual remediation, which is not remediation at >all. [NCW] I would prefer that we continue to reference accepted definitions. I think the definition provided was taken from a NIST document=8A.but I wil= l leave it to group consensus as I like simple definitions as well (as suggested by Trevor). > >> Software Flaw >> =B3A feature in software that results in an exposure=B2 > >s/exposure/vulnerability ? This may be more nuanced as well, because a >flaw in software may not be a vulnerability. > > >> Vulnerability >> =B3A state of configuration or software flaw which results in an exposur= e=B2 > >Hmm... The more I'm looking at these terms the more I'm wondering how an >exposure is distinguished from a vulnerability. A software flaw may >result in vulnerable software - software that, so long as the flaw >exists, may be vulnerable to some threat. Similarly, a misconfiguration >may result in a vulnerable asset - an asset that, so long as the >misconfiguration exists, may be vulnerable to some threat. The >software/asset is only vulnerable if it is exposed to the threat, and >there may be mitigating circumstances that preclude such an exposure. > >> Vulnerability Management >> =B3The process of remediating vulnerabilities on endpoints=B2 > >s/remediating/mitigating > >I definitely like inclusion of "process" in this definition. > >> =20 >> Trevor >> =20 >> _______________________________________________ >> sacm mailing list >> sacm@ietf.org >> https://www.ietf.org/mailman/listinfo/sacm > From nobody Wed Mar 12 06:30:14 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 787A31A099E for ; Wed, 12 Mar 2014 06:30:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.048 X-Spam-Level: X-Spam-Status: No, score=-10.048 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cpmC7rId-7CC for ; Wed, 12 Mar 2014 06:30:06 -0700 (PDT) Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) by ietfa.amsl.com (Postfix) with ESMTP id 163B51A099A for ; Wed, 12 Mar 2014 06:30:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=932; q=dns/txt; s=iport; t=1394631000; x=1395840600; h=from:to:cc:subject:date:message-id:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=LTT380cR6tmRisLgEhec8QN23KdKAyJCAn9tdlhCO18=; b=IVsnl49PSwJpGjvANOA1THmeqpfVZD3nL9J6FZw/Ixd/sbexqopBR14J wVs9I03zB2vR+E/jjIITOobmkOLDQLD5Je6MBHoOUjsZQqd8GBw3w2onr dyeyohOfH9qf85kD/kn9qmfJT/iZjETgW7xHbBJFseyHY6xYgJ0RrjD/x w=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ag0FAHZgIFOtJXG9/2dsb2JhbABagwY7V7okhy6BGxZ0giUBAQEEAQEBNzQLEgEIGB43CyUCBAENBYdlAxENyzQIhjUTBI5cB4Q4AQOYRZItgy2CKw X-IronPort-AV: E=Sophos;i="4.97,638,1389744000"; d="scan'208";a="26860992" Received: from rcdn-core2-2.cisco.com ([173.37.113.189]) by alln-iport-6.cisco.com with ESMTP; 12 Mar 2014 13:29:59 +0000 Received: from xhc-rcd-x12.cisco.com (xhc-rcd-x12.cisco.com [173.37.183.86]) by rcdn-core2-2.cisco.com (8.14.5/8.14.5) with ESMTP id s2CDTx2c016117 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 12 Mar 2014 13:29:59 GMT Received: from xmb-aln-x02.cisco.com ([169.254.5.113]) by xhc-rcd-x12.cisco.com ([173.37.183.86]) with mapi id 14.03.0123.003; Wed, 12 Mar 2014 08:29:59 -0500 From: "Nancy Cam-Winget (ncamwing)" To: Adam Montville , David Harrington Thread-Topic: [sacm] Comments on SACM Terminology draft Thread-Index: AQHPPfcqMoSP5rOPaUqBatFP/YVPtQ== Date: Wed, 12 Mar 2014 13:29:59 +0000 Message-ID: In-Reply-To: <37A873E4-64E1-4252-82EE-6E6A173AA66B@stoicsecurity.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.3.2.130206 x-originating-ip: [10.21.75.100] Content-Type: text/plain; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/PxJlU6csRskxq96QKLycRg-kTq0 Cc: Trevor Freeman , Dave Waltermier , "sacm@ietf.org" Subject: Re: [sacm] Comments on SACM Terminology draft X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Mar 2014 13:30:09 -0000 We are trying to synchronize them :-) Section 2 of the Use Cases (v6) describes the intent behind Posture Assessment which admitted includes the collection of posture attributes. Perhaps the fuzziness comes from the RFC 5209 definition of a posture attribute being both the "raw data" as well as the "evaluated data" (e.g. The configuration or status of an endpoint feature)? Nancy. On 3/10/14 7:07 AM, "Adam Montville" wrote: > >On Mar 10, 2014, at 8:25 AM, ietfdbh wrote: >> I don't have time to check this right now. >> Didn't we make a distinction between these in the use-cases draft? >> We should make sure the three drafts are in sync on that. > >+1 - term definitions and use must be synchronized across our documents. > >_______________________________________________ >sacm mailing list >sacm@ietf.org >https://www.ietf.org/mailman/listinfo/sacm From nobody Thu Mar 13 22:30:04 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79DED1A0026 for ; Thu, 13 Mar 2014 22:29:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DAkKgVNK5qnm for ; Thu, 13 Mar 2014 22:29:54 -0700 (PDT) Received: from na01-sn2-obe.outbound.o365filtering.com (mail-sn2on0602.outbound.o365filtering.com [IPv6:2a01:111:f400:fc04::602]) by ietfa.amsl.com (Postfix) with ESMTP id DAF281A0041 for ; Thu, 13 Mar 2014 22:29:53 -0700 (PDT) Received: from BLUSR01CA103.namsdf01.sdf.exchangelabs.com (10.255.124.148) by BLUSR01MB591.namsdf01.sdf.exchangelabs.com (10.255.124.165) with Microsoft SMTP Server (TLS) id 15.0.908.2; Fri, 14 Mar 2014 05:29:24 +0000 Received: from BY1FFOFD003.ffo.gbl (10.255.124.132) by BLUSR01CA103.outlook.office365.com (10.255.124.148) with Microsoft SMTP Server (TLS) id 15.0.908.4 via Frontend Transport; Fri, 14 Mar 2014 05:29:24 +0000 Received: from hybrid.exchange.microsoft.com (131.107.147.100) by BY1FFOFD003.mail.o365filtering.com (10.1.16.90) with Microsoft SMTP Server (TLS) id 15.0.898.4 via Frontend Transport; Fri, 14 Mar 2014 05:29:24 +0000 Received: from DFM-TK5MBX15-05.exchange.corp.microsoft.com (157.54.109.44) by DFM-TK5EDG15-02.exchange.corp.microsoft.com (157.54.27.97) with Microsoft SMTP Server (TLS) id 15.0.847.32; Thu, 13 Mar 2014 22:29:19 -0700 Received: from DFM-TK5MBX15-05.exchange.corp.microsoft.com (157.54.109.44) by DFM-TK5MBX15-05.exchange.corp.microsoft.com (157.54.109.44) with Microsoft SMTP Server (TLS) id 15.0.847.32; Thu, 13 Mar 2014 22:29:18 -0700 Received: from DFM-TK5MBX15-05.exchange.corp.microsoft.com ([157.54.109.44]) by DFM-TK5MBX15-05.exchange.corp.microsoft.com ([169.254.5.115]) with mapi id 15.00.0847.030; Thu, 13 Mar 2014 22:29:18 -0700 From: Trevor Freeman To: "Nancy Cam-Winget (ncamwing)" Thread-Topic: SACM Requirement Simple Architecture Thread-Index: Ac8/P4N6GIiG0PR2StmAAEIIQPSM+A== Date: Fri, 14 Mar 2014 05:29:17 +0000 Message-ID: <8405f4a73b8d45fcbc8c970341f32773@DFM-TK5MBX15-05.exchange.corp.microsoft.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [157.54.51.13] Content-Type: multipart/mixed; boundary="_004_8405f4a73b8d45fcbc8c970341f32773DFMTK5MBX1505exchangeco_" MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:131.107.147.100; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10009001)(189002)(199002)(63696002)(79102001)(92566001)(20776003)(97336001)(85306002)(568964001)(15975445006)(94316002)(54356001)(31966008)(77096001)(93136001)(81542001)(84676001)(97186001)(47976001)(97736001)(49866001)(81686001)(74366001)(47736001)(16236675003)(95416001)(51856001)(76786001)(76176001)(53806001)(76796001)(567704001)(46102001)(76482001)(74502001)(56776001)(19300405004)(59766001)(81342001)(6806004)(94946001)(69226001)(15202345003)(84326002)(4396001)(74876001)(80976001)(44976005)(87266001)(19580395003)(74706001)(65816001)(512954002)(77982001)(66066001)(85852003)(80022001)(83322001)(93516002)(54316002)(56816005)(81816001)(71186001)(74662001)(90146001)(50986001)(47446002)(95666003)(2009001)(87936001)(33646001)(2656002)(83072002)(24736002); DIR:OUT; SFP:1101; SCL:1; SRVR:BLUSR01MB591; H:hybrid.exchange.microsoft.com; FPR:FCD7F215.AC1297D9.DD31CAB.4E7E871.2031C; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en; X-Exchange-Antispam-Report-Test: BULK:None; ACTION:Default; RISK:Low; SCL:0; SPMLVL:NotSpam; PCL:0; RULEID:(2001) X-Forefront-PRVS: 0150F3F97D X-OriginatorOrg: exchange.microsoft.com Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/Qyeyqv6MGOPe-aNWBAz4OkciReA Cc: "sacm@ietf.org" Subject: [sacm] SACM Requirement Simple Architecture X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Mar 2014 05:29:58 -0000 --_004_8405f4a73b8d45fcbc8c970341f32773DFMTK5MBX1505exchangeco_ Content-Type: multipart/alternative; boundary="_000_8405f4a73b8d45fcbc8c970341f32773DFMTK5MBX1505exchangeco_" --_000_8405f4a73b8d45fcbc8c970341f32773DFMTK5MBX1505exchangeco_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Nancy, We need an endpoint posture attribute collection service whose job is to co= llect the posture data from end points for SACM. That is a separate functio= n from the evaluation of the posture data to interpret the state of the end= point. There would most defiantly be a repository associated with the colle= ction service where that captured data is stored. The interpretation of the= data to deduce the endpoint state could be done real time as the data is a= cquired, or post acquisition as far as the architecture is concerned. You w= ill need policy to determine what data to collect, and how often to collect= it. If you were collecting event logs for example, you would likely be col= lecting them on a regular basis. How to interpret the posture attributes wi= ll also need policy from multiple sources. For example, the endpoint will l= ikely have an update service so its software can be patched, there may also= be an AV service which will be publishing regular updates. To evaluate the= refore if a device is both patched and its av is current would need to know= the current policy from the update and AV services. There may well be othe= r services to collect policy data. A posture attribute consumer can query the evaluation serve to find out its= view of the endpoint state, or it may prefer to query the repository direc= tly because it wants to make its own evaluation. The posture consumer may a= lso query the repository for historical data about the endpoint. There is n= o reason to think the posture repository would only have the latest collect= ion data. The collection process would be additive i.e. the new data would = be appended to the existing data. Conceivably a posture consumer may also= set policy on what data to collect, e.g. if the collector was investigatio= n a new incident indicator. There is definite value in standardizing how the collection process is perf= ormed on the endpoint, and how the repository is queried by the consumer. I= don't see much up side to trying to standardize how the collector stores t= he data in the repository, nor how the evaluator interacts with the collect= or or repository. We can, for the purpose of the architecture, consider the= m a box. Implementations are free to build them however they want. Given the above I would draft the SACM simple architecture diagram slightly= differently. Trevor . --_000_8405f4a73b8d45fcbc8c970341f32773DFMTK5MBX1505exchangeco_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi Nancy,

 

We need an endpoint posture attribute collection ser= vice whose job is to collect the posture data from end points for SACM. Tha= t is a separate function from the evaluation of the posture data to interpr= et the state of the endpoint. There would most defiantly be a repository associated with the collection servic= e where that captured data is stored. The interpretation of the data to ded= uce the endpoint state could be done real time as the data is acquired, or = post acquisition as far as the architecture is concerned. You will need policy to determine what data to collect, and = how often to collect it. If you were collecting event logs for example, you= would likely be collecting them on a regular basis. How to interpret the p= osture attributes will also need policy from multiple sources. For example, the endpoint will likely have a= n update service so its software can be patched, there may also be an AV se= rvice which will be publishing regular updates. To evaluate therefore if a = device is both patched and its av is current would need to know the current policy from the update and AV se= rvices. There may well be other services to collect policy data.

 

A posture attribute consumer can query the evaluatio= n serve to find out its view of the endpoint state, or it may prefer to que= ry the repository directly because it wants to make its own evaluation. The= posture consumer may also query the repository for historical data about the endpoint. There is no reason to t= hink the posture repository would only have the latest collection data. The= collection process would be additive i.e. the new data would be appended t= o the existing data.   Conceivably a posture consumer may also set policy on what data to collect, e.g. if th= e collector was investigation a new incident indicator.

 

There is definite value in standardizing how the col= lection process is performed on the endpoint, and how the repository is que= ried by the consumer. I don’t see much up side to trying to standardi= ze how the collector stores the data in the repository, nor how the evaluator interacts with the collector or repo= sitory. We can, for the purpose of the architecture, consider them a box. I= mplementations are free to build them however they want.

 

Given the above I would draft the SACM simple archit= ecture diagram slightly differently.

 

Trevor

 

 

.

 

 

--_000_8405f4a73b8d45fcbc8c970341f32773DFMTK5MBX1505exchangeco_-- --_004_8405f4a73b8d45fcbc8c970341f32773DFMTK5MBX1505exchangeco_ Content-Type: application/pdf; name="SACM Simple Architecture.pdf" Content-Description: SACM Simple Architecture.pdf Content-Disposition: attachment; filename="SACM Simple Architecture.pdf"; size=199671; creation-date="Fri, 14 Mar 2014 04:51:36 GMT"; modification-date="Thu, 13 Mar 2014 16:52:50 GMT" Content-Transfer-Encoding: base64 JVBERi0xLjUNCiW1tbW1DQoxIDAgb2JqDQo8PC9UeXBlL0NhdGFsb2cvUGFnZXMgMiAwIFIvTGFu Zyhlbi1VUykgL1N0cnVjdFRyZWVSb290IDM2IDAgUi9NYXJrSW5mbzw8L01hcmtlZCB0cnVlPj4+ Pg0KZW5kb2JqDQoyIDAgb2JqDQo8PC9UeXBlL1BhZ2VzL0NvdW50IDEvS2lkc1sgMyAwIFJdID4+ DQplbmRvYmoNCjMgMCBvYmoNCjw8L1R5cGUvUGFnZS9QYXJlbnQgMiAwIFIvUmVzb3VyY2VzPDwv UGF0dGVybjw8L1AxMCAxMCAwIFIvUDI0IDI0IDAgUi9QMzQgMzQgMCBSPj4vRm9udDw8L0YxIDEx IDAgUi9GMiAxMyAwIFI+Pi9YT2JqZWN0PDwvSW1hZ2UxNSAxNSAwIFIvSW1hZ2UxNyAxNyAwIFIv SW1hZ2UyNSAyNSAwIFIvSW1hZ2UyNyAyNyAwIFI+Pi9Qcm9jU2V0Wy9QREYvVGV4dC9JbWFnZUIv SW1hZ2VDL0ltYWdlSV0gPj4vTWVkaWFCb3hbIDAgMCA5NjAgNTQwXSAvQ29udGVudHMgNCAwIFIv R3JvdXA8PC9UeXBlL0dyb3VwL1MvVHJhbnNwYXJlbmN5L0NTL0RldmljZVJHQj4+L1RhYnMvUy9T dHJ1Y3RQYXJlbnRzIDA+Pg0KZW5kb2JqDQo0IDAgb2JqDQo8PC9GaWx0ZXIvRmxhdGVEZWNvZGUv TGVuZ3RoIDM0NjI+Pg0Kc3RyZWFtDQp4nOVa224bRxJ9F6B/mEcygMd9vwBBAEfxLrJAFt7Y2X3Y 7IMiM7YASvLqksB/v+dUdw+HmhEpUXrbIKY4ze7qmupTpy4z3et33bffvv7p5McfOvXdd933P5x0 /z0+Up3qlVLaGBW7HFTnnequV8dH//qmuzw+0t2nYY4KWlm/Nen3b46P/nF8BDmv353e3q6uL7uz m+71O626mzMsj71znUuud6m7aJc59NF0OvY2mM6r0AfXmdwHpdvV2fGRT6mPoQ2sj49GP0OPPpsm qF2VXbC0Dtjs+1SW1oFk+9BRjo34lrq6R73CyqpFHcDKqmQdEPWLlPK17ICFnwdTKCrxJ/9mk2E3 xw+N3X/+6/HR/5M93h8fdW9/Oum6Ee70CHeCKO2s8p2aAd73H4Cpv+hOp+7D78QhQNjpDjDtQ+hc zH3ELxcEpyAU1v334t3SuMXVeukW50u7OMO/r93ylbb4wS3uflu+Mos1BsuPWi1Ol2Fxe770i6tL znNVwDlmX2L09mb5n+7D346P3n6Qs53cj6n3Mzns60+0cm86ozQs1mkcFAwUVe/D4DhYFQiV3TPn 7GifakfAy/cZZzO2JQDiFaBmda+j2FK8XRdbvr2EFT7i35elmOSVhU20XtzusYkbbGJ9xGdQCZ8J xEGj2GB5lyAbwbwLvQfmIy2xMYvxnsZ0lst1dZ09K+fM5A8zU9iykgXUcK7GqT7miZXeLYGuKwLr ZpkWt3ew1fUyL1bdm6WJsJUGwK7PfyP8ADq5XnXbFnzeITrgJUf4he79VL0TbAp/wNmtV2f8cwvl rq73HGEYjtBZQXTiEQYT5Qi9yj0GRgdh0uQIo7iCD7wfOb49q+aOL77E8XnjoHkB+ezxGR6fq8d3 zetV93ap8+IPHu2p2O7udFlNx6n7zJfumS9Ems/gc+QBGgrBAiZrsqf4/OMc4IGFcwbMBxgw3UOX 6R1ImFtPKaJY74ZM2kxHc3U03JulFbw7wf8d7SZXmxk/izPw8gv9B3LweU5GXkYY2sPOWPR1j7G1 2lg72MFq/KS1YwKrMrhqRiZtyLTe9nqE1U4C8855s7HsycFsYt2kLSACn8BG7vHWPZg97u2uXI+c T+PO/XT3k6vLG253x1O5WO3DvDY7ab+6vbG+h5LYyiBrAJ/UgfVoALyeyoDuY50hA9YjuzBzA6kO mKSKjMkAhPotoalt2xRrA585lnuDMaebskrJwEZMnWHNZpX1jgiSMUnuxF/N6I7aDMpNddXvc7a0 gy3HNEo7Oh/IATYnQlMrzxQPmFVj9nCZprfI5Cr37lk1i273IikG8zSDPy5yy0enGM+LkNsBwKXc e9s5k3oTdsTvtex/xq97OedFEguHJNpCMWBJTRX7Wcjyy9XN+S0oUTQEH3omtHuUa9HbI8uPppy6 JiBlICNhDxxYM5LHNqDyMFCWlIHPZVXySIPiSAyrh+BHYurARkxdsiUGeYr1YRAj7mWdG8SkNrAR U5eMxCCOd9b6kRQkr9bYkZQ60KSkumJLiLGd1W4kBdcIdhsh5Xojoy4YCYE3oyDJGagXIcxwwC1Z 8npZ5YcZdpe/x53cqUOUirDUB6AX5L33C4nZhGH3wlmvTwcUaEZQ/arMx39ISHT3Cv9vjYCJwQ0G RgtTsJc0db1iwD+TVMszS31GtHu0XihZDfQyyHPm9Vqfry5FpT1ulx8kbQYCB96HfzATzaZH+uYZ CtoBah7Kn7PcvXvx3CEadQA7OQaDbXbChshNQFJ+ytzvmCBfVcr8uuQ54eje3yKJxrkxy9tTOOud WVsgSwyprs0MHtq63k1q55K97Z4/ayRzANIHI+0BVYimNxnzPXlxajujmddZlovMcqUmZL51d4HM d3X9DMw/WkMERTAZc78ZDU/Kwa5mg/HUlC1dicBKpktlCmV7C4mtadfrzXVo121BG/jMMdOLX9om BDrKQKIfrIcZBuy8WYVcNrYhLApw6zheI79XoQ8zsWlZj5HC1CFmsb2WiCpAqoHv6OGfZ7F2SLow dUjFlptDomqnRPUL0PTl4+nSCXU+p8Mw3ddKk9IIR93f9z0Kg1coUP4gUvYWCaalJposiaRM1QAH 7YyY00iEYvOS0eIR9Lhz7exhPLmrMOlB6uRZrznyzLRwQuGbF/98hg/f2wx5OgjY6ci7mrV/gPn9 I6w/De7e+CxqQGzTaF2+ygzjnJaOcZkP1XWqzwuSLalSfUwAF/ahHcPFMCC5myRDmlXP9oApMyL/ jAa06a0kWRoGnh3wucmAm6vtAXtPaBmoihXPJy+LXNunLMpW3UASqW4URjMGvpi16rjJssuW5QnL +v7TlMGED0RCyeGpvpcks1xLFi2KJcACHDQaYKnnxAJha0BLTOJAfmAAViwygqGxRte2bNpEluuq VLFOslWoZUVxsVGMxCuLkLmMZuy0qW0ZDM8XCHVIz4MplXjoE7kwsh8llTiI3mPA9T6WA3dS7iFj T+3ADYovY2WSFisaE3qHUmPIzA1TKlRCGUVOGWBtELEEuXO7R4OMAgm+5WOW0hdwUplY3FppCwBY CmUCDFoMZaylujZLnKtSPBTUMslK8cHULnKVryA2AUky9kk4hiLX2/KkJfRDjyJCP9wBgiNUkoaK p0lYcwVTWh1Sn1hMLIZgKofCgv3sAkSKgWYxySQAjk0L2FOe+LDrK00LJbpb1BLFEExBiQbwUmhV DQ/VsQIUVSxbrtANMIqiL4sxIIWAKmYQl4Z/4UZ1w4KFraovw/UoBoUgszkvVRRXIRQJLqu5rS2e EDctGOwov2vTOjAsTF2kkbgCKiXs4ZqprdcM4dblugelIL+wTurQUBo5qZCKY0NXViVqYG2sFqAt qCloJDWw2KxZF3IS6gtIcZL8QOc+yy2ztQpytVZVG9hc6mrmrQ0sFfnWZOKIUlCoIA5Y4yvBMTDz BE0ztrgltDPtjB2z4iAzrJyPA9EiXbE60U5cAsUdDl03S7uilNW57kIxXpEMWQNngYoLYmerVX04 6EKp6FUzt4NZkxWm0Q0qjhWolUlOiMKxJcdVlobiKpSKcB+rVLWDCwi0UagkNLQ4GItlPiaVHp2n p2bQse9TKb4Vuyum+DebQJqleKwuxQKe2WLAmCSJtYCPpbOuyirwQ5SKfkfOaDeljPESmwky3ArP LotucLwEniBrFTsAYYFZC+6oOBUsF1DAsBdkGg4BMuW4CuiToAL/sF6aM8Xe0DOZKE9dy11KjU2x io9xa7CDXeqkYihN3mczUJETyZi1EZOkR8cBGjUKrQ1OoY0i5MFAQXDIUosYSoI+CZlKfIDsUsVm xhc6TxqUQQAX7pBGJMUAVLE8YLZlFSDjhX58FZvYtrCoRt2gi080rAUsYlEm5MJRrvqfRk5OSg0N eBqxK3JGqL0ZiomlUxTEPSiGICkpSvFzDZNwI795/B1KRyqRwqsYYMoJ6RQPNewdZSGdXAiTx56E dKrBswRri3tXTRmjA8mEpGNDCVGRprZWupfrGrNwHarBGdTIuY7QGSKUl8Yb/mTdIhTpwraWM0MU 9zGpGpxBjQxo5WFHC1HSYgeFsCkiIUqyNlJIYTyGKG6EMy4JEkMUYyOoPw7aIKpYmaN0C1GmMIhO LURxH62rp0uI4ozAI9mEKBKGVi0uqBJAlYTNGqJKt64wKyMUQwN5aCB1bQrLmNryY0yKrjBCCXS4 OU/CcHwcIkFKHoywfWcbl9KQmRRh2caSIFVIJCUynQQpoTMz9FRJ8LG2BVtCwrBjOrFHUQbwRCww cPkalsSlDZyp+A4DFG6OE9ygiy9PfiGl0Iy0irAoVQ4hbkEYJkpTdweDTXsh+wqDIf3fWxhsV3o4 ejazSoSFemQM6Utuv0z04lrUAnKPAu8fSEef/LrF0H0cqjjEWh4fsPVAwcgGf7cMT2k52skzGhWD eYrFioXnLPZANSKwjQxM9ekojJfS7Om9pC5bvb4dOjx0gE9uwEwOMDClD5Ib+OkR/vKF7c+P/Dhd 5uf1YCZbl3et6MV6uvNT4BLGlepDb/QVVfjQEq5BBcA84OjSFwIv4/sZdHj948XppxUU+uGqq3e3 R2QQJxSJsTyGBOtTLpxvJDFuJG6/UoiMSl4phCeBzUCQrsRsuWL9DypEKARtBsEGK7pQv/NVNsTk ciFR0LDCqhMZEt0go15R/lmNl2Tm+upcu/ZIHUDQRQ4iB5/z5vKFq2RvuZJILWrJZdG3Lq8XafIS 4fTsXqBrhcNj7YMjNNNG0t/f8nnjm30QSo+HENtjiMIbCDFXB7TvY8g8AUMsU0cQckmo+z6GzIMY shVD0ukZMFSvyvkza4gNGjUzGUAUjZRMA44i0oHYcBWRSfENzSKnXVUc1csBR+26AKHKEYTUPRqU qgoNS1U9uSx6VxH14jFYevJrQRMsuVwe1c5j6T3C2BuGsp/2vSp4wJMq1CH3G9Q8/9ShztC1Qzr7 OubsC7l81nF19/HgdvmMNkGeJB6oza+/vqQqkc/KD9Tk7SXfjLiV146uv1yf36xeUDPPduXBR/ai RvJB+mMHqvLj+2UC1mGkk31YP+B1sam2qFCN3da2k24J9EN9fP3p3kDR8g3OMi6+Mj358/PquryG N1X3fx/yRdUNCmVuZHN0cmVhbQ0KZW5kb2JqDQo1IDAgb2JqDQo8PC9GdW5jdGlvblR5cGUgMy9E b21haW5bIDAgMV0gL0VuY29kZVsgMSAwIDEgMCAxIDAgMSAwXSAvQm91bmRzWyAwLjI1IDAuNSAw Ljc1XSAvRnVuY3Rpb25zWyA2IDAgUiA3IDAgUiA4IDAgUiA5IDAgUl0gPj4NCmVuZG9iag0KNiAw IG9iag0KPDwvRnVuY3Rpb25UeXBlIDIvRG9tYWluWyAwIDFdIC9DMVsgMC45NzI1NSAwLjY0NzA2 IDAuNTA1ODhdIC9DMFsgMC45NjA3OCAwLjY5NDEyIDAuNTg0MzFdIC9OIDE+Pg0KZW5kb2JqDQo3 IDAgb2JqDQo8PC9GdW5jdGlvblR5cGUgMi9Eb21haW5bIDAgMV0gL0MxWyAwLjk2MDc4IDAuNjk0 MTIgMC41ODQzMV0gL0MwWyAwLjk2ODYzIDAuNzQxMTggMC42NDMxNF0gL04gMT4+DQplbmRvYmoN CjggMCBvYmoNCjw8L0Z1bmN0aW9uVHlwZSAyL0RvbWFpblsgMCAxXSAvQzFbIDAuOTY4NjMgMC43 NDExOCAwLjY0MzE0XSAvQzBbIDAuOTYwNzggMC42OTQxMiAwLjU4NDMxXSAvTiAxPj4NCmVuZG9i ag0KOSAwIG9iag0KPDwvRnVuY3Rpb25UeXBlIDIvRG9tYWluWyAwIDFdIC9DMVsgMC45NjA3OCAw LjY5NDEyIDAuNTg0MzFdIC9DMFsgMC45NzI1NSAwLjY0NzA2IDAuNTA1ODhdIC9OIDE+Pg0KZW5k b2JqDQoxMCAwIG9iag0KPDwvUGF0dGVyblR5cGUgMi9TaGFkaW5nPDwvQ29sb3JTcGFjZS9EZXZp Y2VSR0IvU2hhZGluZ1R5cGUgMi9Db29yZHNbIDMwOS4xOCA2MzkuNiAzMDkuMTggMzczLjY4XSAv RXh0ZW5kWyB0cnVlIHRydWVdIC9GdW5jdGlvbiA1IDAgUj4+Pj4NCmVuZG9iag0KMTEgMCBvYmoN Cjw8L1R5cGUvRm9udC9TdWJ0eXBlL1RydWVUeXBlL05hbWUvRjEvQmFzZUZvbnQvQUJDREVFK0Nh bGlicmkvRW5jb2RpbmcvV2luQW5zaUVuY29kaW5nL0ZvbnREZXNjcmlwdG9yIDEyIDAgUi9GaXJz dENoYXIgMzIvTGFzdENoYXIgMTIxL1dpZHRocyAxMDIgMCBSPj4NCmVuZG9iag0KMTIgMCBvYmoN Cjw8L1R5cGUvRm9udERlc2NyaXB0b3IvRm9udE5hbWUvQUJDREVFK0NhbGlicmkvRmxhZ3MgMzIv SXRhbGljQW5nbGUgMC9Bc2NlbnQgNzUwL0Rlc2NlbnQgLTI1MC9DYXBIZWlnaHQgNzUwL0F2Z1dp ZHRoIDUyMS9NYXhXaWR0aCAxNzQzL0ZvbnRXZWlnaHQgNDAwL1hIZWlnaHQgMjUwL1N0ZW1WIDUy L0ZvbnRCQm94WyAtNTAzIC0yNTAgMTI0MCA3NTBdIC9Gb250RmlsZTIgMTAzIDAgUj4+DQplbmRv YmoNCjEzIDAgb2JqDQo8PC9UeXBlL0ZvbnQvU3VidHlwZS9UcnVlVHlwZS9OYW1lL0YyL0Jhc2VG b250L0FCQ0RFRStDYWxpYnJpLEJvbGQvRW5jb2RpbmcvV2luQW5zaUVuY29kaW5nL0ZvbnREZXNj cmlwdG9yIDE0IDAgUi9GaXJzdENoYXIgMzIvTGFzdENoYXIgMTIxL1dpZHRocyAxMDQgMCBSPj4N CmVuZG9iag0KMTQgMCBvYmoNCjw8L1R5cGUvRm9udERlc2NyaXB0b3IvRm9udE5hbWUvQUJDREVF K0NhbGlicmksQm9sZC9GbGFncyAzMi9JdGFsaWNBbmdsZSAwL0FzY2VudCA3NTAvRGVzY2VudCAt MjUwL0NhcEhlaWdodCA3NTAvQXZnV2lkdGggNTM2L01heFdpZHRoIDE3NTkvRm9udFdlaWdodCA3 MDAvWEhlaWdodCAyNTAvU3RlbVYgNTMvRm9udEJCb3hbIC01MTkgLTI1MCAxMjQwIDc1MF0gL0Zv bnRGaWxlMiAxMDUgMCBSPj4NCmVuZG9iag0KMTUgMCBvYmoNCjw8L1R5cGUvWE9iamVjdC9TdWJ0 eXBlL0ltYWdlL1dpZHRoIDMyOC9IZWlnaHQgNjgvQ29sb3JTcGFjZS9EZXZpY2VSR0IvQml0c1Bl ckNvbXBvbmVudCA4L0ludGVycG9sYXRlIGZhbHNlL1NNYXNrIDE2IDAgUi9GaWx0ZXIvRmxhdGVE ZWNvZGUvTGVuZ3RoIDg4Pj4NCnN0cmVhbQ0KeJztwTEBAAAAwqD1T20KP6AAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJcBBW8A AQ0KZW5kc3RyZWFtDQplbmRvYmoNCjE2IDAgb2JqDQo8PC9UeXBlL1hPYmplY3QvU3VidHlwZS9J bWFnZS9XaWR0aCAzMjgvSGVpZ2h0IDY4L0NvbG9yU3BhY2UvRGV2aWNlR3JheS9NYXR0ZVsgMCAw IDBdIC9CaXRzUGVyQ29tcG9uZW50IDgvSW50ZXJwb2xhdGUgZmFsc2UvRmlsdGVyL0ZsYXRlRGVj b2RlL0xlbmd0aCAxMDI5Pj4NCnN0cmVhbQ0KeJzt3P9T2mYcwHEhARNCQKSML0HA9VDnF6ximXpj rjdtvcNSlMrWdt0Xa1s7GnUt9OyGuzIUqfOqBaRLIZD9pwuhrtbZJnHP3W53n9eP/MS973ny0+f5 tLUB1DRAlfdF1GIYDhTCMO0pKcWfMFxPkBRlpIEsI0WRhB5vpjyREcMJytxpc7gYxg3kMC7nR1Yz ReDYOyHFjHqqw+7x9wdGRoNA3khgwO91WKj24yHFjO20zdd/cWomEo3FYvPgg8RE0cjlqdBgt91M 4FrNsYxmZ8/Yl7FbSytJll0FMlg2uXLnm4WZUB8jhjw6keKlpp19k3O3k+lMNrcNFMhlN5+w30XD /YxZvNpvjiNO2XomY8vp7PP9YqkMFCgV93d/e3IvHu5zGHWtm63BCIvv4tXljfxBhavWajyQVatV ucrLws/3Y+PnrYR0IJvH0T4wfTudL3J8vSEARRp1nisVNn6YHWZo6UBqtHqzNzSfzB5wvFjxT6CI mLLOFbfWFic/tkhfSPFad/qnbqV3K2LG//rf/Z8IAv/H3tPvpz+xka2OpK1/Zimzz9UhoypC/fXL ZyuRgJPCmx1xyhGIrGSLVTiOKjVqpa2H14KM8U1H10g0mSvVIKNKAn+YX10Y66J1UkcjMxpjt8o8 dFRJ7LizHg95TK2ONBOMsdvQUTWBrxR+uv62ozs4vwod1ZM6Ln4KHf8l6IgGdEQDOqIBHdGAjmhA RzSgIxrQEQ3oiAZ0RAM6ogEd0YCOaEBHNKAjGtARDeiIBnREAzqiAR3RgI5oQEc0oCMa0BEN6IgG dEQDOqIBHdH4Z0eY2zuLEx2NMP94NmLHnfW3849GBuaaz6Q517wWDx3NNVPO4bkHMGevnlArb7Pz Y25amrPHDPbBK3d/PXgN7z7UERrVYvbB3AVX690HRpzrvfTtxt4r+ECqI9S5F5k7lwfspNRR297R PbG4tl0UDySUVEwQ6tXyzuMbYX+n9FBTo9EZXcOzS093y1V4pqlco16t7GXuzQW7THrp4bAGI63n JxZ+3Py9xFV5nq8DWWKmKlfee8Ymwr026VpLD15p58AXieQv+RfFw8oroEDlsLRf2GRvTg8xJv3R QgCM6HAPXbp+91Emly/sAgWe7+Q2U/cT0xe8FhI72k+hwUlL1+BnkRvLyfVHqVQayEilHq8/XL55 9fOA12o4tjBFi5Mdrp7R8JVoPPHV10BeIn5tdirY6+406P7OKIUkaJvbPzgaGp+YBLImxkPBoR6P zUzixzI2Q2J60mS1Mx6vz+frBh8mNvIwjnNmg/7djG3iN1KL6wmDkTYDRUw01VwUd9rGPS2G4zo9 UESH46cuLmztLhRjAkXev0jzWEwg62S3vwCwxJfgDQplbmRzdHJlYW0NCmVuZG9iag0KMTcgMCBv YmoNCjw8L1R5cGUvWE9iamVjdC9TdWJ0eXBlL0ltYWdlL1dpZHRoIDg2L0hlaWdodCA2Ni9Db2xv clNwYWNlL0RldmljZVJHQi9CaXRzUGVyQ29tcG9uZW50IDgvSW50ZXJwb2xhdGUgZmFsc2UvU01h c2sgMTggMCBSL0ZpbHRlci9GbGF0ZURlY29kZS9MZW5ndGggMzg+Pg0Kc3RyZWFtDQp4nO3BAQEA AACCIP+vbkhAAQAAAAAAAAAAAAAAAAAAAPBuQoQAAQ0KZW5kc3RyZWFtDQplbmRvYmoNCjE4IDAg b2JqDQo8PC9UeXBlL1hPYmplY3QvU3VidHlwZS9JbWFnZS9XaWR0aCA4Ni9IZWlnaHQgNjYvQ29s b3JTcGFjZS9EZXZpY2VHcmF5L01hdHRlWyAwIDAgMF0gL0JpdHNQZXJDb21wb25lbnQgOC9JbnRl cnBvbGF0ZSBmYWxzZS9GaWx0ZXIvRmxhdGVEZWNvZGUvTGVuZ3RoIDk5Mj4+DQpzdHJlYW0NCnic 7ZZbd6JIFIUjN0HkEoUgjUENErxQEoQgtBINgniLMZ1Jplem5///jSk1Pd2PZLrXmhf2UwGur2pt T519zs5y5cqVK9f/qsJJvwFR+HdRKCBHncCF/7IFRKAYhqEHBoJCIfAZJw7CUPS4Bfx+WH0IimJF qkSROARiRJEgcLxYKrMcxzI0fAn3IEiKIgkM+QC2gGAUVxUFni7iBFVmWbpEc4Ks1OtKTeBKBIYV aV4QKgyJZT9toYCRvNzStbrAUDQvypJQqcqtjmn2O21V4iiCZMRLrd2Q2CKanYoQTO166HugKfLn taauqZ/qbWs0DryhqdcrNEULTfPWszSRxjN7UECLfMO+Xy9D0JRqza4FjJYGgmg+DRwAqWWaV3qf 4yQcqDyZ+bAFlKy2/c3ryzroNRuGPboFRteZpcmdC4yGxNOMcOXEu33qX4s0lpmKUYIxefzr25e5 09FNbxLYPdObL+NgoKtShaE5uRMsn563d6bCElktgFQRUt++vazGNrA/T8eOCfx4FQempggcTZ+r IFw97rfRsFXJbMGROt6+/vm8jXx3FN6HjjkI0m0a2oYq8QwrasPpYrVZxSNDorMW14GqB8v9026T TCdhFN+5pjVe7R9if6ArAl9RuqNZHCdpMgF1jsh42IOv+ijZrNJ0kcRxms5cYI3XT/s0HHbUi+pF 6yaM42i+WEauJlAZ/68j1YuS+WwWp+vtwya6BYez7pLAur68EJUONDmN49V2NenJTMaSPVDbt7Mo 9INpunv+Yx97wPqcbpfQ14YsXjQH0/Vuky63T7u53eAz3q8j1Z1OfdsOkv3Xt5fUB1YQLyOv26gJ gtx244fHI/Vp6etiRgsOVM0NQ7fftae7t7+/rgIw8OeLmWNcSuLFZS9INut4dp9sdx+wAFKrV8Nx cKO3OqPlK6T6AHjR4t7ra5dKXbPG0fxu5Dj+LEnCzFUAb2ylOfBu+02lCaa71y+J2+u5s0UM67aj 6z07mPiWcXVl3ARhALL2AthdOKVjAf2TILXs2TIdg7Z+6i6uZfbMG2fYb8nQ4JbpDLv1rFSEKIuN tlavcpykWZ4HtHpdP3ZCx+p3Ot3etSrCi8uJqm60JDajA7Brc6JcqzIUxYqqpqlSVTh17a6hNRvq pSwwJI6TTFVWpPNS1oJFMLLMsTBf8Pcoob8njCyJQuWco4sYgmAEzXJsicgYioc0JIpFmIUIih9j DyfI9zQs0zAl4adD0KLw9XGZBXpKbvSY2+8R/SO5cez4fBoK3n+VDXr2fYw4+2nIeJ8ykJ/mi98w zfzY4JcouXLlypUrV65f0j+7tph9DQplbmRzdHJlYW0NCmVuZG9iag0KMTkgMCBvYmoNCjw8L0Z1 bmN0aW9uVHlwZSAzL0RvbWFpblsgMCAxXSAvRW5jb2RlWyAxIDAgMSAwIDEgMCAxIDBdIC9Cb3Vu ZHNbIDAuMjUgMC41IDAuNzVdIC9GdW5jdGlvbnNbIDIwIDAgUiAyMSAwIFIgMjIgMCBSIDIzIDAg Ul0gPj4NCmVuZG9iag0KMjAgMCBvYmoNCjw8L0Z1bmN0aW9uVHlwZSAyL0RvbWFpblsgMCAxXSAv QzFbIDAuMjYyNzUgMC41NDExOCAwLjc4ODI0XSAvQzBbIDAuMzMzMzMgMC42MDc4NCAwLjg1ODgy XSAvTiAxPj4NCmVuZG9iag0KMjEgMCBvYmoNCjw8L0Z1bmN0aW9uVHlwZSAyL0RvbWFpblsgMCAx XSAvQzFbIDAuMzMzMzMgMC42MDc4NCAwLjg1ODgyXSAvQzBbIDAuNDQzMTQgMC42NTA5OCAwLjg1 ODgyXSAvTiAxPj4NCmVuZG9iag0KMjIgMCBvYmoNCjw8L0Z1bmN0aW9uVHlwZSAyL0RvbWFpblsg MCAxXSAvQzFbIDAuNDQzMTQgMC42NTA5OCAwLjg1ODgyXSAvQzBbIDAuMzMzMzMgMC42MDc4NCAw Ljg1ODgyXSAvTiAxPj4NCmVuZG9iag0KMjMgMCBvYmoNCjw8L0Z1bmN0aW9uVHlwZSAyL0RvbWFp blsgMCAxXSAvQzFbIDAuMzMzMzMgMC42MDc4NCAwLjg1ODgyXSAvQzBbIDAuMjYyNzUgMC41NDEx OCAwLjc4ODI0XSAvTiAxPj4NCmVuZG9iag0KMjQgMCBvYmoNCjw8L1BhdHRlcm5UeXBlIDIvU2hh ZGluZzw8L0NvbG9yU3BhY2UvRGV2aWNlUkdCL1NoYWRpbmdUeXBlIDIvQ29vcmRzWyAxMzIuMTgg MTAxLjg4IDEzMi4xOCAyMi4yXSAvRXh0ZW5kWyB0cnVlIHRydWVdIC9GdW5jdGlvbiAxOSAwIFI+ Pj4+DQplbmRvYmoNCjI1IDAgb2JqDQo8PC9UeXBlL1hPYmplY3QvU3VidHlwZS9JbWFnZS9XaWR0 aCA2MTAvSGVpZ2h0IDY4L0NvbG9yU3BhY2UvRGV2aWNlUkdCL0JpdHNQZXJDb21wb25lbnQgOC9J bnRlcnBvbGF0ZSBmYWxzZS9TTWFzayAyNiAwIFIvRmlsdGVyL0ZsYXRlRGVjb2RlL0xlbmd0aCAx NDM+Pg0Kc3RyZWFtDQp4nO3BMQEAAADCoPVPbQlPoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBv5icAAQ0KZW5kc3RyZWFtDQpl bmRvYmoNCjI2IDAgb2JqDQo8PC9UeXBlL1hPYmplY3QvU3VidHlwZS9JbWFnZS9XaWR0aCA2MTAv SGVpZ2h0IDY4L0NvbG9yU3BhY2UvRGV2aWNlR3JheS9NYXR0ZVsgMCAwIDBdIC9CaXRzUGVyQ29t cG9uZW50IDgvSW50ZXJwb2xhdGUgZmFsc2UvRmlsdGVyL0ZsYXRlRGVjb2RlL0xlbmd0aCAxMDY1 Pj4NCnN0cmVhbQ0KeJzt3d1TGmcUx3Fhl3VhQfCF8rIUMRkxVTQRGkatqU2j1QxKMCamaZp0YjXa kLUZq6l1NK0hEsPYqkCwZHnrf9qFpVZNerO7TzvT+X0uueLiO2efq3MaGgD+LToATfxTXnqKogFU oij9eyKTfqJohjVynNkCoJiZ44wsQ1cjOxMYRbOctcXudPO8B0Ap3u36oNXKsTR1KjEpMIazObyd 3X39wRCAcv19PZ3tzmau8WRiUmCNFruv+/LIWCQai8WmARSR4olGvhgJBzocVpY+TqwamNXl//ha 7N7cUlwQlgEUEoT40rdf3xwLd7lPJCZ9Ii2uC0OT9+Nrm9uJHQAVEttbz4RvosPdvFX6UNZHGM3Z /UOx+bXt1/vpTBZAhUx6P/Xi2aOZKxccZoNeJ48wttl3eWp+PXmQy4uFQhFAsUJBzOcOdzcWYwPn WtjaEKuOMEfP6P21ZDpfLJUrAKqUS8V8ZvfHh+N9brOh+hLT6Rlre3g6vn2QL0p9/QGgihRZKX+Y WL412GGrvcSkj2RL58i9tVROCuy//nfwf1CpFI/21h983tVmlAsz2rvH5jb38yUEBpqolN4ePH80 EXCY6GphNOfsiyxtp0WMMNBIWUy/eDx5ycXVC3P3R+OJTAGBgUYqhezLJzeCvFkuzMwHY8LLbBGF gUYqxeyOEAvxFrkwCx+KCTsoDDRTLWx5OuT5qzBPaHoZhYF2UBiQhcKALBQGZKEwIAuFAVkoDMhC YUAWCgOyUBiQhcKALBQGZKEwIAuFAVkoDMhCYUAWCgOyUBiQhcKALBQGZKEwIAuFAVkoDMhCYUAW CgOyUBiQhcKALBQGZKEwIAuFAVnvFobtTqClM4WZsT8MtFXfUPd3YdiyCZqqbtkUYsdbNjnXxcnv sCkYtFMWM4n4VL9b3hRMmRyB8YXnB2+x7Ry0USmLh78sXu911gtj27quPljfO8JDDLRRKf3+68bD 0Y/s8sUGfaOtY/D29ztpaYihMVCtUimJmeTKnU/ON9dOZ+l0BrP74sTcT6msiMNZoF65JOb2Nhci /R6LfP5PRxlbzw/efLyVyuTFYrFYAlBMCkjMZ/d+Fm4P+9uMtHxfUs9YXD2fzcY3kr+l3+SOAFTI vcns724Kd6/18k2Mvn4kl2Jtnt6rtxZWNhPJ3RSACq9fJbZWF2dHL3nlV1j9DLOx+cPAcOTufPzp yurqGoBCq6s/PH0y/9XUp33tLUa6PsKq30naaHP7g1fGozOzd74EUG525sbESKjL02IyHAdWS4y1 2D2dgWB4YHAIQLHBgXCo1++1W09MMDkxijE2tTp4b7vP5+sAUEaqx8s726wm5nRgDdJbTE8zrMls sQKo0mThWIamdKcDkxujaNrAAKhioGlKr3s3sFpjEj2AKrWM3pPXqcwAFDtb1J8DPt9vDQplbmRz dHJlYW0NCmVuZG9iag0KMjcgMCBvYmoNCjw8L1R5cGUvWE9iamVjdC9TdWJ0eXBlL0ltYWdlL1dp ZHRoIDEwMy9IZWlnaHQgNjYvQ29sb3JTcGFjZS9EZXZpY2VSR0IvQml0c1BlckNvbXBvbmVudCA4 L0ludGVycG9sYXRlIGZhbHNlL1NNYXNrIDI4IDAgUi9GaWx0ZXIvRmxhdGVEZWNvZGUvTGVuZ3Ro IDQyPj4NCnN0cmVhbQ0KeJztwTEBAAAAwqD1T+1pCaAAAAAAAAAAAAAAAAAAAAAAAAAAgBtPqgAB DQplbmRzdHJlYW0NCmVuZG9iag0KMjggMCBvYmoNCjw8L1R5cGUvWE9iamVjdC9TdWJ0eXBlL0lt YWdlL1dpZHRoIDEwMy9IZWlnaHQgNjYvQ29sb3JTcGFjZS9EZXZpY2VHcmF5L01hdHRlWyAwIDAg MF0gL0JpdHNQZXJDb21wb25lbnQgOC9JbnRlcnBvbGF0ZSBmYWxzZS9GaWx0ZXIvRmxhdGVEZWNv ZGUvTGVuZ3RoIDEzMDk+Pg0Kc3RyZWFtDQp4nO1Wa3OiSBQdUV4iYhBExAeEEBDBF4g8RBBBYzTv zdTM/v8fsq1JdiZftkjVVm3VlucLdN3ue2533773fPt2xhlnnHHGGf8hCkf8g+3f4oAA3twV3vHJ VviF3+L6En+hUCyVEASBS8XTSggMi9A7JRjAR1OpCFD6MLxN+piVjwUqIThBVkkCQ8A6qIhgOH76 BSjCWLlCkiSBowiKlQkcg0+xQCUUJ8pgVl4esAIj6Qbf4tkagYCI0coFw1xU0BJ0dEbUGO5oo6tk lWYbTK18dA3BOMU02AuwIB9NoVDCKK6naNq1xF+UkRJKsl1Z7rLkkRKrsu1LVdNUudNs8F1FvWrX CbgIlfCLlqwqHYaAoVw8hSJCcrJhzeyxLjZIDCUY0ZzNTIkhEMDCSfrYsu2JqUrilen4jtGl8RKI TNBszxl0ali+7RRKeF0cuuHCtYxLjsJxShj4abYw2zUcIxuSOfM817HHA1U1vWy/9fs8iSJEQ3HS 22yusHgpDw045UpTm8erxcy87rJVnGAu7fT+fuNcsSRZ7xnzwHemI0NXFW0aP3x/yWyJJvBaZ5Q8 vj5EgyaRkwapCkaQJv5Y7XE1Aq82Ne/m8WkfDgSabqn2IpgZitTrdsXr6fr5zx93C42nquyVs3v9 8yUxWxU4P02Ypf7oSmCqZeKiYy629w/7eCI1OXHoLV1TajI0zTSl0erp54/HZNxjmfZgcfj+8zkZ CmROGpjk+16aLu1+r1GrkKw8XWY3u13iaN2uaoehpXBUGccrdNuM7l6/P2aO2hbkSXz44/VxZeak ASlQZi6ny3WysPo9jq63+/N4vU436WKkyIYbLUYijYMigFVberB7fLrfBkNF1p1k//h0iIxWXpoi SoErCFer0DEkAcQZrterZLNNHEMfB/HC7FCgIoC05zWQafvbbewMTStItreHXZifBjw1uq1O/Xgd u8NrxfTSm8063R12kT2ywyQcftA0NXe9ybIsjTzXj1ZJts2CAZ+XBrxPot5WRl6SJd5kBE7j7na7 PTw9bHzbWa6Xk49D4zU3TuIYUKVJsorCaL0O9K/QlCkW7Ge52a58L7oBaba9uXt+2seuG6Xx7Lr5 ngL6PIoCP9oc7g43SeD6ceLlp3mrnG15GGS7LI7S28NtGq82h4d94rthsg6GbwnNiYYbBo7tZ/cv z/vYsZwwzk0DNoORDN+91CaL7CZbxSDHlnPLcuPtNvEcLwI3Zp6eZw+UtMCdDO347vXldjExJl7o aM28zxNkQOtSMyfzKE3jMIyW7ki9lLVJEIfOxHKjeOlap2KjGvbcGqiGu3m4X8/6ysB2LaWRt9jA BNNVR/Y8CJeBO5s51kDiGaYlm7Y90vtgB2Hoz0H5vlY0czSQe7LpJ4mri13ZGA/Eet7SCXYjKOZ0 5jjWSNf6fQUU0DJBcaKqKWJX0kAEc8cCjaAryookcLw0mE7AS24IkiLxVL5GAO4G9LGOrOk68NoW BIGvkxgMHy9M4Nk625Ku9YGugbbGNpp8g6ZqbFsUBYaq0hzPXZTztrVTpnEt4L9B16harQq6MHTs zlSNqhAEVeda7aONIskqRZYxnKBomiIwrExSJJ6/SR8VR6VKUUBWYCiGISd9AxVhFEMRGAbKgjzZ UARB0aPEAQYMPX4R9DQ3F83fGglB3kTSL4V0/IfetNWH7WiEfvt+QUB9exeD0CfB95v+gz7Lwc/I zfLL6ddtZ5xxxhlnnHHGGf97/AXvFMu8DQplbmRzdHJlYW0NCmVuZG9iag0KMjkgMCBvYmoNCjw8 L0Z1bmN0aW9uVHlwZSAzL0RvbWFpblsgMCAxXSAvRW5jb2RlWyAxIDAgMSAwIDEgMCAxIDBdIC9C b3VuZHNbIDAuMjUgMC41IDAuNzVdIC9GdW5jdGlvbnNbIDMwIDAgUiAzMSAwIFIgMzIgMCBSIDMz IDAgUl0gPj4NCmVuZG9iag0KMzAgMCBvYmoNCjw8L0Z1bmN0aW9uVHlwZSAyL0RvbWFpblsgMCAx XSAvQzFbIDAuODk4MDQgMC40MTk2MSAwLjA5MDE5Nl0gL0MwWyAwLjk2NDcxIDAuNDgyMzUgMC4x NTY4Nl0gL04gMT4+DQplbmRvYmoNCjMxIDAgb2JqDQo8PC9GdW5jdGlvblR5cGUgMi9Eb21haW5b IDAgMV0gL0MxWyAwLjk2NDcxIDAuNDgyMzUgMC4xNTY4Nl0gL0MwWyAwLjk0NTEgMC41NDkwMiAw LjMzMzMzXSAvTiAxPj4NCmVuZG9iag0KMzIgMCBvYmoNCjw8L0Z1bmN0aW9uVHlwZSAyL0RvbWFp blsgMCAxXSAvQzFbIDAuOTQ1MSAwLjU0OTAyIDAuMzMzMzNdIC9DMFsgMC45NjQ3MSAwLjQ4MjM1 IDAuMTU2ODZdIC9OIDE+Pg0KZW5kb2JqDQozMyAwIG9iag0KPDwvRnVuY3Rpb25UeXBlIDIvRG9t YWluWyAwIDFdIC9DMVsgMC45NjQ3MSAwLjQ4MjM1IDAuMTU2ODZdIC9DMFsgMC44OTgwNCAwLjQx OTYxIDAuMDkwMTk2XSAvTiAxPj4NCmVuZG9iag0KMzQgMCBvYmoNCjw8L1BhdHRlcm5UeXBlIDIv U2hhZGluZzw8L0NvbG9yU3BhY2UvRGV2aWNlUkdCL1NoYWRpbmdUeXBlIDIvQ29vcmRzWyA1MTku NzggMTAxLjg4IDUxOS43OCAyMi4yXSAvRXh0ZW5kWyB0cnVlIHRydWVdIC9GdW5jdGlvbiAyOSAw IFI+Pj4+DQplbmRvYmoNCjM1IDAgb2JqDQo8PC9UaXRsZShQb3dlclBvaW50IFByZXNlbnRhdGlv bikgL0F1dGhvcihUcmV2b3IgRnJlZW1hbikgL0NyZWF0aW9uRGF0ZShEOjIwMTQwMzEzMDk1MjUw LTA3JzAwJykgL01vZERhdGUoRDoyMDE0MDMxMzA5NTI1MC0wNycwMCcpIC9Qcm9kdWNlcij+/wBN AGkAYwByAG8AcwBvAGYAdACuACAAUABvAHcAZQByAFAAbwBpAG4AdACuACAAMgAwADEAMykgL0Ny ZWF0b3Io/v8ATQBpAGMAcgBvAHMAbwBmAHQArgAgAFAAbwB3AGUAcgBQAG8AaQBuAHQArgAgADIA MAAxADMpID4+DQplbmRvYmoNCjQyIDAgb2JqDQo8PC9UeXBlL09ialN0bS9OIDY1L0ZpcnN0IDUw MC9GaWx0ZXIvRmxhdGVEZWNvZGUvTGVuZ3RoIDEwMTA+Pg0Kc3RyZWFtDQp4nKVX22rcSBB9D+Qf 6g/U966CEFg2CQkmxngM+2D2QbG19pDxyCgyJH+/p9Uzo9Fm3LNIMEzpUqf6dPVpdZVTpMg58pqc Ja0MOU86OHKRjPbkApkQyDFZw+QV2Sjk8LNqwIghb8kD63ElCOQo+ED4RRXJe4oeuEhsABDiCDcm MXBTJBwoaAwLfEjDiyeMrTVGDwZWBNFIm8AEFtoavGfYiPeRtDN4L7CiKSJO4hEVLOJgIB0wcES8 qIQi4kcMFhGPDfwQj1lRRDyxhhBSCzvC/IzCtFnDChNckAiFCZAx2hBbWAwKV2MN/DwsHmIqxjn4 MSzSwkigR2YZ8YIKBIompKkjXtSYO+JFkETODCMdgrgMUqBuxMIPeIGzBLLKwU/IIlHIGSzSq5XG mmiwV1gVhCQLD2sdWSACpmkjfkgbgjmVVhbrpZDBd++qq+Ss6LpaVavnelvd/HpuqlXfvdz1HzfN U3X1QHZ4f0Hq/fu3bwaIszvI1W/+F7ek/6YD7AA5jHLT/Oy/tT9PAZEj+BTR5ziakWMocbSzOcbF HN3IUUoc/VyOXi3mGA4Q7OYCxzibo13MkUeOvsRRZnMMiznqcdNgx5c2zexd4+Usy0/rh5euOTms WTY9e8CEok60OzXOGczsDRAGSDpAFmQmLMtMHGcZi7Pk2bPk5fKUAyaqEkuj5rLEcbT4o65HlsWT x5TVXGK5RCqmfJqcnd54IMSiVMzsDRGXS8WMRwKXpTL7TODzUiksQnkfFYDl8+F1oC3viQKw/K0/ txJ2LHK4qBc7u8rh5Xqxo6qlqBc7W9Wy/NNiR1VL8dNiZ6talle1dix1pFzWzq515NW6Vop1i5t9 MMirdUvqY0pDzi6VUqf02lrs87rarO9P7lo3kNr1Pqk5HkzIhrMZOKR2eDAmG5dNBviYTQaEHDNk QC6HUp87mBw6Vw+puU0mn9KppR1M5hIzIGZAPkNS95pM/lannnUwGcCZEmccZ1z+lqQuNZm8Z1Nv OpiMkwzIGtwJY79avyf1KIc3XdNct21fXbeb5mv9nDrSlO6rumu2w9vUmw5iv92tZIp3eHuJNb1o ftG+EPiEWNu2b6rL9Pdxez/e7Jd/1dz11eemvm+6fJ0w++sv281626we68QwPfhjiwh1v263u/uu X/9T42K4+6vtvn9r2+/Vh/bu5Qmchic/HpumTyT76mt917VH938+4v/o/sO63rQPRw+yykbfPA7c Hrr6aXd07OZ6+fL04xYZcTvtpsejGt1EjfFYjbkNPKjRTtQYJmqUU2o8LqL/K0qeiFJPROlOiZIn otT/W5Q8EaWeiNJNRJmnkr8q405/++ZfKA3YAw0KZW5kc3RyZWFtDQplbmRvYmoNCjEwMiAwIG9i ag0KWyAyMjYgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAg MCAwIDAgMCAwIDAgMCAwIDU3OSAwIDUzMyAwIDQ4OCAwIDAgMCAwIDAgMCAwIDg1NSA2NDYgMCA1 MTcgMCAwIDQ1OSAwIDY0MiA1NjcgMCAwIDAgMCAwIDAgMCAwIDAgMCA0NzkgNTI1IDQyMyA1MjUg NDk4IDAgMCAwIDIzMCAwIDAgMjMwIDc5OSA1MjUgNTI3IDUyNSAwIDM0OSAzOTEgMzM1IDUyNSA0 NTIgMCAwIDQ1M10gDQplbmRvYmoNCjEwMyAwIG9iag0KPDwvRmlsdGVyL0ZsYXRlRGVjb2RlL0xl bmd0aCA5MDQ0MS9MZW5ndGgxIDE5MjgwOD4+DQpzdHJlYW0NCnic7HsHQFRX2vY5905jCswAAwPD MAMDAwqIggUrI82CDWEUVBQEFY1dscVC4sYkJKas6d1NjyYZxphgquk9Jtlskk3VTTZlExJTN9EI /3PvO0fR1Wzy7bdfvv1+Djz3ec57yj31nRcFxhljdjw0bFJJ5ZhR11x4fhmTXh/HWOI7pUUlVTdn rstm7IN7GIs4WFo0rtj73jeHGHt/BhpUjyopLfv48W8Zk15FXv5i1KSJleW9h0iMddzE+DWtoyoD RRcMGfsYk1r7MjY6e2Jlbt6P77w5lTH+Jt5a17CofqlnmNfOWJ4D/UkNq1Z6glc/8SpjDaMZ0ybN XTpv0fffjzczNjAJ70+cV79iKUtiXrwf42PWeQvXzr188dvPMtbUiP6vaZpT3/ilTdqO/jEeNrAJ BsudZhPylyCf1rRo5ZqiCC/eJRUwlrv/tDnLF6+qWpXJ2L5JsF21cElD/d6ku+MYa0P15AmL6tcs TRmYPh7t22HwLK5fNMe1c9kZjL3yOWOWEUuXrFjZ5WRbMJ5spXzp8jlLT7tb6mSsEP2nWZmyttp3 eu3+8KlbZ0UN+44lGJiSHvhs/QsKv2SZ2XH40JHzIj43DEQ2gkmMEtrpWCfjTxhvOHzo0A0Rn6s9 dUuG5xRLlI9tY1q2hsloaWW5bA5jtovwXgmlsiaLX4RSg/ZKbT66TCaWX2ZbJGZgUpRWkiSNLGn2 M6nLz3Z20XsZG1/p8TA/prOJxqC/TvJ5GL9eKZPv00YqM0XvkcdGw/dh97Yr+/Lrk6aE1f+SevIn bOd/pf//qaR7g+3U9v7vGaMm9dT9yHeyUb+kD20qu+MXv6+Vpf7SuidL8rc4fb8yaTRsu/w8W3TS sjls+3H9txyf/1cS//zn+0K57VRl0v6Tt9Xp2HbNxScv09zB5v6a8clPHutH7jhhHSayMSdtUwOv 2P2dW9n1v/h9R1jKKcs2//N9lf/EZvzSd4mk6c+ulGezaT9XR8epHHXrjnvfYVb7a9/3fyXx19lZ v6DOlf/VOrpGdqWyN6dqpyn4+T37h/rd+pKeO75fOYVVnKyN9q7j7dJd/3g+Nc2nPrPd62hjqJ7u z/+8vlIH473kn9UTSb721D5Tvv7X+VNpJyuR/soWShNUHi21H+/jecOxz0g+ky3UTEHdj1SUKu1U +/fI92VF/APmlT6FPou5j/a/5Zj+v5xwrhl/6bceRU/qST2pJ1GSrubGU5bVsY7/ybH8pyR5ADvv tx5DT+pJPakn9aTfNknf0b9tyDr62VO6jV3wc/U1i9gFcjPbqtZ981hdqYWVqf3EsqnSByzx3zfi ntSTelJP6kk9qSf1pJ7Uk3pST+pJ/1uT+BnzONuv+DnzaJtuP28qP2f+942wJ/WkntSTelJP6kk9 qSf1pJ7Uk/6tSQ4jif4ugMciByUbmYb9AENf5oGyQllYKhvJilkpm8AmsUo2hc1h89lStoqtZTfw fq5sVz/XENcI10jPpq4utW8L2lKL8WqLAKtHi4VsebcWg4+24F3fMdb1eNe+rje6/s70zKT28a06 qgldDWzAZ2eLrwP14b+VyD5uLmnMp9r6n3ym8lj5ctbEVnCJR3ErT+TJfAlv5qv4Bn4uP59fxK/i u/lepuPfq/W/P/HvMZCXwn+9IbGfT7zbG/+VpAGiGfuHn1xLsKYs/LPnTACzOukwjs40nFd/q/rY rKGPzVspefpfGu3/RJL/HZ3yuf/fnnbmH9U4a2btjOnTaqoDVZWTKyZNnDB+XPnYMaNHlZWWFBeN 9BeOGD5s6JDBBYMGDsjtk5Od6UtP86a6HbE2a5TFZIww6HVajSxxll3qLavzBH11QY3PO3p0jpL3 1sNQ381QF/TAVHZ8naCnTq3mOb6mHzXnnlDTTzX9R2tyq2cYG5aT7Sn1eoIvlng97XxaRTX01hJv jSfYoerxqtb41IwFmZQUtPCUOppKPEFe5ykNlq1qai2tK0F/bSZjsbd4jjEnm7UZTZAmqGCmd2kb zxzBVSFllg5pk5jBorw2KKeX1jcGJ1VUl5Y4U1JqVBsrVvsK6oqDerUvz3xlzOw8T1v23tbz261s dl2WudHbWD+jOijXo1GrXNraenbQlhXs5S0J9lr3oQNTnhPM9paUBrO86Kx88tEX8KA23er1tH7H MHhvx+fHW+rDFl269TumSGWKR5cJ5UIzjA0jxPxSUpSxnNfuZ7ORCbZUVFPew2Y7Q8yfm1UTlOqU kr2ixB5QSlpEydHmdd4UZatK68Lfq5ocwZbZnpxsrL76nY5vlHuCsq9udkOTwvVzWr0lJbRuVdVB fwmEvz4819K2vrmoX1+HScxXlqGiOpjrXRqM9RZRBRg8yh7Mr6xWm4SbBWOLg6yuIdwqmFtaoozL U9paV0IDVPryVlTvYfld+9v6e5y78nGTapRxBOOKsSm+0tbqxrlBd52zEedzrqfamRL012D5arzV c2qUXfJag73243Up6hvVVpjbCbVFZWXm+nSDp1pyyjXKbsHgKcPDWzQMBVZsl5pVdrRomKeaO5mo hreEayjquH6QkdOLRytFstK0eLQzpSaF0s8MyRkekzY9aOjWlxWGo2Oi95xyaFRbGVAvT+mckm4D PK5TbXiA4d5OPk5JWYvwi9HCoGznaFEkp+PmwiahG9Wk7KLDE2STPNXeOd4aL86Qf1K1MjdlrdX9 La/0lldMq1Z3O3xKqo7LUXkB5YIsBcUiIxXjDJZlOcW2qvlRav5odvQJxWNEsafV4C2vbFU694Y7 ZB7cIExa5xtTf15BdH9czTJ4N29Zvddj9ZS11rd3tcxubfP7W5eW1jUNUfrwjmls9VZWD3OqY51c vcG5TnlVNCvn5VVFOdnwPUVtXn5ORZufn1M5rXoPPrA851RVhyQuFdcV1bSloax6jwfOXbVKilUx KhmPklF6moyMQa3v3ONnrEUt1agGNd/QzplqMwgbZw3tEtmswibBpiGbX7UpCZvkaMISw92WehqV 7Vlf09RaV6NcLhaHrcQ3D3LvCBaUvCPauKQzB43eOUVBk7dIsRcq9kKy6xS7HgeDx3EsjuKTWuu8 8FM4UNXMyekoykqXnvaurqrqlBedHTUpOGozgGnVwYgs+H5t+ljUG6WgDuZRwZaGemUcLFCttNWn j2mowbEVHaLKmGAEeogI94AaZWob5TiiUQP2Bhuotm9BJthSE6zJUl5aPb9GPc7WIBvtHYJtpz61 PuVFuTWt0d489W7iKhjTz1YoAmNjldVkcSKLl9XQIunNGHmDF0UNdR6stoY1VOKoky81OskyBy5R 45ujwugMFzJlWnK6yWIMRvRBh/hWtKmPciW16fqaGhq8mjs7XAHvtgZNGJGv21KGG2B1UDRGGQu+ z8ZQlaqPKt1UtLPJ3jXwLMqg1Z70KA5a0sfUw/lTexMs3gLR2KD4CFO4jyfIqldmbsa6y+lV7V23 etemdEs52V7lw0E5mMy5Bweb1bSeaAhOz8rJNpxotajm1laD5eQNaL0MlqOsGD2l+NRgLBQhe9ql 390T4eBjITYLcaYQZwjRIsQmITYKsUGI9UKcLsQ6IdYKsUaI1UKsEqJZiJVCrBBimRBLhVgixGIh FgmxUIjThFggxHwhmoSYJ8RcIeYI0ShEgxCzhagXok6IWULMFKJWiBlCTBdimhA1QlQLMVWIKUIE hKgSolKIyUJUCDFJiIlCTBBivBDjhCgXYqwQY4QYLcQoIcqEKBWiRIhiIYqEGCmEX4hCIUYIMVyI YUIMFWKIEIOFKBBikBADhRggRH8h8oXIE6KfEH2FyBWijxA5QmQLkSVEbyF6CZEpRIYQPiHShUgT witEqhApQniEcAuRLIRLiCQhnEIkCpEghEOIeCHihLALEStEjBDRQtiEsAoRJUSkEBYhzEKYhDAK ESGEQQi9EDohtEJohJCFkITgQrCw4F1CdApxRIifhDgsxCEhfhTiByH+LsT3QnwnxLdCfCPE10J8 JcRBIb4U4gshOoT4XIjPhPibEJ8K8YkQHwvxkRB/FeJDIT4Q4i9CHBBivxDvC/GeEO8K8Y4Qbwvx lhB/FuJNId4Q4nUh/iTEa0L8UYhXhXhFiJeF2CfES0K8KMQLQjwvxHNCPCvEM0I8LcRTQjwpxBNC PC7EY0I8KsReIR4R4mEhHhLiQSEeEOJ+IfYI0S7EfULcK8RuIe4RYpcQISHahAgKcbcQdwlxpxA7 hdghxB1C3C7EbULcKsQtQtwsxE1C3CjEH4TYLsQNQlwvxHVCXCvENUJcLcRVQlwpxBVCXC7EZUJc KsQlQmwT4vdCXCzERUJcKMQFQmwV4nwhzhOiVYhzhThHiLOF2CLEWUKIsIeLsIeLsIeLsIeLsIeL sIeLsIeLsIeLsIeLsIeLsIeLsIeLsIeLsIeLsIeLsIeLsIeLsIcvF0LEP1zEP1zEP1zEP1zEP1zE P1zEP1zEP1zEP1zEP1zEP1zEP1zEP1zEP1zEP1zEP1zEP1zEP1zEP1zEP1zEP1zEP1zEP1zEP1zE P1zEP1zEP1zEP1zEP1zEP1zEP1zEP1yEPVyEPVyEPVxEO1xEO1xEO1xEO1xEO1xEO1xEO1xEO1xE O7x4lyIQNYeSR7gRM4eS7aAzKXdGKHkIqIVym4g2hpLNoA2UW090OtE6orUh10jQmpCrGLSaaBVR M5WtpNwKouVkXBZyFYGWEi0hWkxVFhEtJDotlFQKWkA0n6iJaB7R3FBSCWgO5RqJGohmE9UT1RHN IppJ7WopN4NoOtE0ohqiaqKpRFOIAkRVRJVEk4kqiCYRTSSaQDSeaBxROdHYkHMMaAzR6JBzLGgU UVnIWQ4qDTnHgUqIiomKqGwktfMTFVK7EUTDiYZRzaFEQ6j5YKICokFEA4kGUGf9ifKplzyifkR9 qbNcoj7ULocomyiLqDdRL6JMogzq2keUTn2mEXmJUqnrFCIPtXMTJRO5iJKInESJocQJoAQiRyhx IiieKI6MdqJYMsYQRRPZqMxKFEXGSCILkZnKTERGoggqMxDpiXShhEkgbSihAqQhkskoUY4TMZV4 F1GnWoUfodxPRIeJDlHZj5T7gejvRN8TfRdyVIG+DTkqQd9Q7muir4gOUtmXlPuCqIPocyr7jOhv ZPyU6BOij4k+oip/pdyHlPuAcn8hOkC0n8reJ3qPjO8SvUP0NtFbVOXPlHuT6I1Q/FTQ66H4KaA/ Eb1Gxj8SvUr0CtHLVGUf0UtkfJHoBaLniZ6jKs8SPUPGp4meInqS6Amix6nmY5R7lGgv0SNU9jDR Q2R8kOgBovuJ9hC1U837KHcv0W6ie4h2heIKQaFQ3HRQG1GQ6G6iu4juJNpJtIPojlAc/DW/nXq5 jehWKruF6Gaim4huJPoD0XaiG4iup86uo16uJbqGyq4muoroSqIrqMHllLuM6FKiS6hsG/Xye6KL qewioguJLiDaSnQ+1TyPcq1E5xKdQ3Q20ZaQvR50Vsg+G/Q7os0h+1zQmURnhOwBUEvIDmfMN4Xs A0EbiTZQ8/XU7nSidSF7I2gtNV9DtJpoFVEz0UqiFdT1cmq+jGhpyN4AWkKdLaaai4gWEp1GtIBo PrVrIppHI5tLzecQNVLNBqLZRPVEdUSziGbSpGtpZDOIptOkp1HXNfSiaqKpNNwp9KIA9VJFVEk0 magiFOsHTQrFKm+YGIpVjveEUOxm0PhQbA5oHFUpJxobikVcwMdQbjTRKDKWhWI3gkpDsWeDSkKx m0DFodgWUFEougw0kshPVEg0IhSNz3c+nHLDQrYa0FCiISGbcjQGExWEbKNAg0K2atDAkG0aaACV 9SfKD9myQXlUs1/Ipkysb8im3M1coj7UPIfekE2URZ31JupFnWUSZRD5iNJDNmWV0oi81Gcq9ZlC nXmoFzdRMrVzESUROYkSiRJC1lqQI2SdCYoPWWeB4ojsRLFEMUTR1MBGDaxkjCKKJLIQmammiWoa yRhBZCDSE+moppZqasgoE0lEnIj5u6JmuxV0RjW4j0Q1un+CPgwcAn6E7QfY/g58D3wHfAv7N8DX KPsK+YPAl8AXQAfsnwOfoexvyH8KfAJ8DHwUOc/918gm94fAB8BfgAOw7Qe/D7wHvIv8O+C3gbeA PwNvWk5zv2Hp534d/CfLQvdrFp/7j8Cr0K9YstwvA/uAl1D+ImwvWBa5n4d+DvpZ6GcsC9xPW+a7 n7I0uZ+0zHM/gbaPo7/HgEcBf9dePB8BHgYeMi9zP2he7n7AvMJ9v3mlew/QDtwH+73AbpTdg7Jd sIWANiAI3G1a677LtM59p2m9e6dpg3uHaaP7DuB24DbgVuAW4GZTjvsm8I3AH9BmO/gG02nu66Gv g74WuAb6avR1Ffq6En1dAdvlwGXApcAlwDbg92h3Mfq7yDjBfaFxovsC4zz3VuPN7vONt7rPktPd v5ML3Jt5gfvMQEvgjB0tgU2BDYGNOzYETBu4aYNzQ/mG0zfs2PD2Bn+0zrg+sC5w+o51gbWB1YE1 O1YH7pe2sLnSWf5hgVU7mgOa5tjmlc3yt818RzMvaeZ9m7nEmq3NnmbZvDKwPLBix/IAWz5pecvy 4HLN0ODy/csltpwb27v27lruTC4D+9cvt1jLlgWWBJbuWBJYPHdRYAEGOL9gXqBpx7zA3ILGwJwd jYGGgtmB+oK6wKyC2sDMHbWBGQXTAtN3TAvUFFQHpqL+lIKqQGBHVaCyoCIweUdFYGLBhMAE2McX lAfG7SgPjC0YHRizY3RgVEFZoBSTZ0nWJE+SbFUGMCEJI2FOXtTX6Xfudx50apgz6NzrlKOjEt2J Uq+oBF48MYEvSdiUcGGCHOXY55D8jl7ZZVHx++Lfj/8yXhPjj+/Vp4zFWeM8cbJdmVvc+KoylQtL iPsNUOc6Ps7rK4uy8yi72y6Vuu2c2fbbDtpk+yPWfVYpKopHRXVFSf4oVI+KdEdKyqMrUvZH9htU FmVxWyTl0WWR4/wWWJQeM8yTqsqiTG6TFCg0TTRJflNhcZnflNO3jMncwznjVpBsUEbB7e4y3Otd cVzL8XneVlWZlVXebmCTy4OGSdOD/JxgeqXy9FdMC+rOCbLAtOnVbZxfUNPGpeKqYKzyP7Zq/qyt W1mRqzzoqqwO3uCqKQ+2QPgV0QXBXG1xrKgma+aK5hVZWStn4jFzxcos9Rs53qzkshSj8r1iJfLK V7OaZ1k/m6gaaNYKpJXCuPLnW/1vT/y3HsB/fmpjyi8ZjOySfscapc3AmcAZQAuwCdgIbADWA6cD 64C1wBpgNbAKaAZWAiuAZcBSYAmwGFgELAROAxYA84EmYB4wF5gDNAINwGygHqgDZgEzgVpgBjAd mAbUANXAVGAKEACqgEpgMlABTAImAhOA8cA4oBwYC4wBRgOjgDKgFCgBioEiYCTgBwqBEcBwYBgw FBgCDAYKgEHAQGAA0B/IB/KAfkBfIBfoA+QA2UAW0BvoBWQCGYAPSAfSAC+QCqQAHsANJAMuIAlw AolAAuAA4oE4wA7EAjFANGADrEAUEAlYADNgAoxABGAA9IAO0AKakV14yoAEcICxRg4b7wSOAD8B h4FDwI/AD8Dfge+B74BvgW+Ar4GvgIPAl8AXQAfwOfAZ8DfgU+AT4GPgI+CvwIfAB8BfgAPAfuB9 4D3gXeAd4G3gLeDPwJvAG8DrwJ+A14A/Aq8CrwAvA/uAl4AXgReA54HngGeBZ4CngaeAJ4EngMeB x4BHgb3AI8DDwEPAg8ADwP3AHqAduA+4F9gN3APsAkJAGxAE7gbuAu4EdgI7gDuA24HbgFuBW4Cb gZuAG4E/ANuBG4DrgeuAa4FrgKuBq4ArgSuAy4HLgEuBS4BtwO+Bi4GLgAuBC4CtwPnAeUArcC5w DnA2sAU4izWObOG4/xz3n+P+c9x/jvvPcf857j/H/ee4/xz3n+P+c9x/jvvPcf857j/H/ee4/xz3 ny8H4AM4fACHD+DwARw+gMMHcPgADh/A4QM4fACHD+DwARw+gMMHcPgADh/A4QM4fACHD+DwARw+ gMMHcPgADh/A4QM4fACHD+DwARw+gMMHcPgADh/Acf857j/H/ee4+xx3n+Puc9x9jrvPcfc57j7H 3ee4+xx3/7f2w//hqea3HsB/eHLMmsmY/jrGOrcd95vWk9gCtoK14GsL28q2sUfY22w22wx1JbuB 3cJuZ0H2KHuWvfHrfy/91KlzrXYRM8v3MR2LYazrUFdH5y1Auzaym2UbcjEazzFLl7XrixNsX3Ru 67J2tuuimVFta5FehfUbfqTrED5fke8aqOSls6Gj1BZf6a/rvLvz1hPWoIJNY9PZDFbL6lg95t/I mth8rMxpbCFbxBarucUom4fnXORmoRZ8iaqP1VrClgLL2UrWzFbhayn0inBOKVum5pvZanytYWvZ OnY6W882hJ+rVct6lKxT82uAjWwTduYMdqaqBJNlM/sdOwu7djY7h537s7lzj6pWdh47H/t8Abvw lHrrcbmL8HUx+z3OwyXsUnYZuwLn4mp2zQnWy1X7Vew6dj3OjFJ2KSzXq0opfZA9xXazu9jd7F51 LRuwarQiYl3mqmu4FGuwHjPc3G3EtH6rj67WRsxdmVtreKZrYD+zW4tV4XVUam5GTeqF9kHpZcMJ K3ER5kD62Iwod6k6/2PW7qvyc1axHtd0W5mr1ZyiTrSeSl/GrsUN3I6nsqqK+gM0qetV3d1+3dG6 N6j5G9lN7Gbsxa2qEkyWW6BvZbfhbt/BdrCd+Dqmuyviu9id6s4FWRsLsV3sHuzkvew+1q7af67s ZPZdYXvoqGUPu589gBPyMNsLT/MYvoTlIdgeCVufUG2Uf4w9jrxSi3JPsafhoZ5jz7MX2D72JHIv qc9nkHuZvcr+yN7gFqhX2Kd4HmEvaz9kkWwkY9r7sc7XsJn40sIrrZBfhReRmZ4NZuPZBDb9QWbB x30cG8J377aXlBhy9A/jo1xiHgQDBsZ5sT9KI1nuS0ws9N43QLdVto1p5zn3FOq3IswtPPLekZdy j7zXET04t4PnvnvgvQPWr16yDc7NP/DagX59uS3FpiI2UtLrY3Xe1D7SgAzfwPz8vBHSgP4+b2qk pNr6Dxw0Qs7PS5bkWGEZISl5Lr/60zR54hGdtNFbOCVfm5wYFWvRaaUkR3TOsHRr5fT0YX1celmv k7UGfeagotTyhaWpb+ltLnucK9pgiHbF2V02/ZG3tZGHvtZGHi7WLDx8iawbOqMwTb7CaJA0Ol17 siOh99CUMVOiYqwaU4zVFmfQR9vMmSUzjmyxJyl9JNnt1NeR8VgWb9chzUZtLEtlPnbtHpbW9ck9 Zisf520PC19718F7TBAmIYwQ/kRFpVuVp0V9mtWnP5OnK8XZJj4+zetL/9ZsMjtSXV6jhcdpzMxs NUt3ex/x7vPKXrPXHO2aHB3QBlhhYWH04MG5ubW1tvjBNkhbvrUjz5aPFc+qpY9ClpWVHhenU5c8 Q06RI2Vvqs83cBCndY7Xe+UUTbOBW9Pd7vSYCM2SIx8tkI0x3iRXehQ38JDGkpCR7OmdGKk5nb/P Hxse54zUyHpzBB/a+WyEJUKjjXTGaUKmSIMsG6JMW4+crvxFXX3XQY1Zm4yTNXtXEhuahTXZZeXj wQd3Ran8+S6Lyl/sMqv8yS5MPOth/NwXyRw8l6UwH88OxVRqHuC92QDWl/dpi5iCY/ZahwKee0Cd nPX1J/r1TY+N1HU7Kjp7+Ogoh8oemywpZ0yZqsYsaQ2x/lmnj9n4/IXjKy97ZVPBgmllToNW1hhM hsi8icsmTtnaOGhAw0XTx6+o6B+lN+rk+6yO6MjYXhnOqpu+unb7T3fPsHt6OyNjEqNjk2IiMnIz Src8uv70hzaN9OX6dLZkzHwnY/J63KtstqotMSM874zwvFW2qPy9Mu+M8Lwz2iWbPyIixhPjYREs sZ0b/JYWH9/r4y/7uM+nS1D+ad1SkQFq01Wxwo5C5Z7VLluOhchVD4CV1iNPXQ3Jm5LqG2DrPzA/ BdNWlyPFdoKU12uMFsORbfG9esVLcw0Wg1aLR6eOhwzYVE0E9ASJGyxGzahoZ7TBnaE5M8NtiHbG Rjtths4FEdakmOhEq76zn8HmVHZ8Z9chXRbmPYzt9FvrRiwdIVn69o3PzTX2cTgSw8uQGF6GxPAy JIaXITG8DInKMiSn9TObjQ5UN1qjlAcqGo2oZXSgivF+/ETOuvb6E5BhaQMrTI54S66jXx+dO7PC HRCXojAa1yG/kOe+lhVeGFyMo8o2eHhufr5yS2rThZuxeblyM3BHuNd21Nhf8VC4JDxfuS6KtOuy DLHuhPiUGIPUmS+b7K5Ye3KsSeocxQ2xngSHJ0af7Wzy9E1zRPDVWr7FlOj2JSyKcsaYEw1mvVar Nxs08w5fojfqZQ0OGNzQlUftt/ROMydmOn+aKt+S3DvBFBHjstPKws/Y2HB21q6MqKjY8GKqHBVm i8oHlcWMDS9mrLqYycY+ffKUxcxzRCkPVMyzmhWFKnlKFStLLphs7BOVoUlIrUgIKMdLXT5l8f5h 7XLzwweMVsrny/DGxdlPsl7Jcny+TzmDdPXsmo0We6JlUGKG12vvbPKMTJIkyRDjdjjc0YbsxMmu DLfLxoe4Bub1c3Acuxh3Qpwn2jAqFn7X5MrLkPYP3jB09GVjf/pGb1EWy6LX3JGZaozv5T7yTP+G utrciTsmSg/DK+HkmvXK3/xi1eSncR6TWC+2pi1NF141XfgI6sJHUBc+grrwqumUJYm3uZQlcynn z2U1W/g4lwdlLuVXXZgtvZ0bd+l0Zm87N+2yV5iVAxf+2KMFO3YXubpUxy0P7p5G37+PYlb8kvy0 f/Wda7ZFxKQkJKTEGnoncnvv8fMXjeu1e+jU2uzrr54wryxN3lZ/zeJhnX2OnhNMXR9fOGPt1IkL +kce+TFzVINyA0d1dcgN2hQ2hn28h43Eh1AUPlZGhuepsjXMZpXV+Y5sl7L9WXn+mFg+Ls9vw2dP Xlqe2elQ2jqVq+e0WpUHmjiVI+O8X+qn3L9dTlw/5R/zE8IcS3xvlI2PY+Y+D/AMNogZuc9vsnkG 8UF+k5mPsyn/U2BU1CDbIFvcMLiz3SOd2l6Vce28V5t2iuLY4M06bIpHy8qqtXZYlUVVFpOWNJoK KBNe3tQ+GhEjUDDRR3eKDwKd3FC8envtyCVTh8abNAazITJ/0rKxBbXFaXmT5y9umpw/dP7FVVlT xw+L0WkkWWfSm3JLaocMnNQ/Ma9yweIFlfn8tOkXNOTFeVId6W5EFfrUTG/yoEn5gyYM7Zc/omrZ xIpNU3KiEtwxJpsjJhqfD0lel6tvUfrACcPy8odXLsMe3dHVoVmLmCGLXel31eVwj3LOPMo58yiL 7VH8nEdZZ+X31/025rdjWf0xygN7w+LCpzgufIrjwrsbFz7FceFdjbtfsjIjdgXNlf/k8kegC6Nv snWy89hK44KLpXwt69ii1vJjxzV8eW3hD9Fu13ltaUt782nBjSVweomO1BhDdmXzmPLmCjjHlARH SkwEf2/VnpaiEWvvXS17xcH96etpW2pysqvPnCrHC5tyclPh4ZqwKmlssd+VZsAEMtN4osK+RJ4Z z30Wnp3Asx08oT18rFWhXEyHsCjCH62YEhwJDl+6e7JDGz1Z/TSIHlxoi+Z0dJQZstpaXltbiwAp XXX5GsWRDRzYzdHnIWDSS/dpIhMyXHEpDptZL3fWGHh0ZmpSSnSEhq/gfL5siE1LdqdZZEOyEvxw jRZBhCakhkf42Dz8iKZQsSvhkeKPrPBHH2p8mGMmK9/tiM8w+yztEvdHxPs8sJl8xnZpKJyxL93V O+MHMyK8OdFN2iaK8HI7ENvxhFzHawdwN6IHJ1rfJQFvfDS2y0jRHx/badTYTn5LL1t9KSnpsQZ5 aqd/ssYYk5bk8kZKBj5fY3ZkJCd4HdEmg7xBupvPGxaHOE/WmSM6PoswK4NPsstPmiL1MkdYbTa0 dBqVv+rfjseNGg9LxjkuYMPbfPkPSDIzMbcUt8tuN2W3S8MxE1Nixl/69dOnf2RtzP9OP09ELR2D FT8JccB6gFyk5h/CFX2yLB/zkTHd3OWNSfmlgYaRnY/HpqXF8sxZG6dkx6QN9GaNH5z6pT2ndNjt uwePzLQPdQ6qLHn4vQEl+S6e339KaV6q1ZUi35TiSi1pGJlRMiQn0tC7uJpf5R2SGdf5iDNnWGd5 VlEfR+dNcVkjcB4XdR2UN2v6IuwcGnIwBGcj/EZz3OFcV6FLcqW282g4tbnSD55+fftJ/bLb+YA2 /XwlNK3tUB8ITl+jsFTTLSzVnCoslTcbEvuPqR20MLSpbFTLroW5U8cOTYxAcKA3+Qpr/WUrKrJz p6weM3zq8EyLDsHqFa6UxJSkmFHnPnvmGS9cMNaalJLoTYlOtBncacmD5l1WO/uyxvxkb7LOlqSc O2WvfsJeRTM3S32QxUiDGWOJUuz/Y+9LoOOorrRr6arq6q2qunrf90Wt7pa6W0trbcmy9sUWNt5X JAMOxhKy4ww2hBjsBAgECIYxIZkwJ5MwczKAvGARk5/MiQhhiAnMBLIREv4kbBmRkIUlsVv/fVXV UkuyHebMf87MOeO+8Lq7ZFW999393lclCDdtHxpGnB9SMmfQpF8reawydpT7qrM9t333jr9IyAu3 /cvNHY/FVn/6mrvv2nF4XSXh/ez3DrfJIC+/5akbhz97ZcPZd6pH70f6jeZggDlUYtUoJoaLm1gI dUWMdbyPotsP9CPRD+h5CcHTZ+SY9j8RzhpUjJY+9waaHGFktIwKvjPFrfiVjBZlJvD5KP41sOmq DoCKkSfK8E6j0c6pi99jeIco2CGc/QeGt6MZz/4Z7wNtNWPiE4Ci6YSGH5WUEWBS5rTAQuJ9UvAH Hpw1+Wx2n0ltLc2B/AMtf6JnZzEBzruROkREsEeADTQRERR8iB/D1WzoZkcRroYx+lHTFG6YVEmg AB7SVWkFiJJZRgsnfsxzRa8pBHZXui6+G0UIy0N+WOL3Slc++ylGjtJhXdQocKIe6zpRaU5GbVP4 bIEN6NOaZDKQ06BvAhaoGUlatKQ7MuK+ilds0FxEmDFC8Ax+GJgDFqgciyCuGKKLBdAWMzXKiD6r 3WdkiOLtqmAMUmuWLB4lGKPPbvcamYjtGm+lH6LnuArP6Oz+uGuHPTSP5r6zt+h0JM3S5IGzt84d fSbgQ5HzuRzxXU+FQ+sLyGslfweoNmKpSb8Rbe50qaqm8OcKesxVO6qtsPpGrFeRVyo5tLw4ReRo pAJyeGuS/N/i5YgWizWbIud5Qf4u4JjwRvjim7GhKA4hLCO4LDY3Ws4BwWmClCmxOk7g8KKNLqvN LdDtAZ/XT2j7HugP9Pb1Bs79n/LFqDkbXwytfGg4tnr15TH8T2B7VShiQRq9Y/YdVYcqg4lYFIs+ hZmIRhAlD4wazI5zx7gdEJhyk9TVS9S6rJoiaXWZHVJ1tH3yyeuvP7W/qf2mJ6/fe/JA4Zi/9xNr 1/5NX9DXB+/X9/sJz8Hv3z3Y8el/PXzjmbsGOw5/53NrP39NU2H351duuG9XY/vYEcnaAOY7Qb7c 4BkqJyP0acKECTC5JgBdiP6JonTh98wjuqvKQ+aSG1gaKVusHpLJRaKRSMkC7cxd8bnRe0u6FrHh +mCHr2FDIXC8vcWcttzzpcaeajvx68sObkgX7y4HlGZ02cHR3u7tAkUVd3nr+kqzfRBmm8UKWPMT mIYwn6jmE0IObYyPNArIUHGuhPB6Y6M1/x6SFlkXSl7stQzyY/mXyyxCNJoilwb8JZ9mtVosZX6N fFBtDrucfrOGvJwLVbXlriwtDAysY+uhDVXumv5qZzLs59dpmP8wV/UVjtzZMpixiwyIP8katL+v 6Eg7ikNzC33O7450XtmGPB6v9VcVYm857MSrwaaEvfiIPV1AFqBn9h3iLEhPH9b3BNZOGE9GcpGc wY12+GMGUA99gc23fOheRiV2gDkQHveJVSIhgp3QSyIlOTlYtFSDkZafTs/LF/1RI3HibOOOOy/L bumv4RmKIMBGa5Od25qS/XXeROf6Teu7KnIbD3RXDC+rNkg/Zxk23jycjRYqbZVd6zev76rEo717 hiqNThev5c28yW1i3UG3Jd4YiTenwxXZ5dvaClf3xnmLnYNonBfBPTrcDnM46060pKKxTMdmwMIF /G8B/vsw7ySmAnYft3AqHuzuceeIRpLRDJ6efvdptD6wvfNs9ZdUSXI9LZyh+Bpr9NsdXpO6+FrJ 4RBvIr6QPw37zx6c49CNagF8jlNgkEHGsb+bfYd8B2xUAgs9ifkIETTZQphOaiKj/KhzXo1bF6vx RUJz8p3ma7+0fcuDuxtAmmwOv6gOLt+Sz2/u8KtFn83tFRn8gT33X12fHT3ySWKs5CHOPbhttCMA 4dFaYnfpGMzPDwi9AvMLYNljmBWk4LcnA1afxmqeIkTI5KzuUQuleEaIsuUIVQ5Ppdi0VFE5b3h9 rUpjjXgDFTadqvgFWsWFfN6gCSLNDAGmnzUF3G6/XsV45MqiQUc+bXHqpcrj2YfIjRq9ElrjUmQ9 IUXW6ScwKyEe0+sc6O6JkA1DGszqvKM22jhKlyaZfjf/0mswQ1SVnsNzfopiVpybop0VA1Y7QFg8 oWO4SMATNrOqs8QfYXpBVyBsoLT4keIcc/EbiSE5ftayxSr8BbWWVqk4uwUszUbIzVvJf5UszWMF H9fubU+3k1rWmtNB2pZDuV8OpX05HuUyuSn8/YIBi0Y5DNdhKDvEGpS8vUGp9jQomV5DKf9pmCLU BZNgfRrL8Tmi8Vs5HMvhuVyqrWIKdxa4FwJ4IKByv53qbX5FN6DC0qUaIsos0pvGN28q1VSnE5s3 5ZV6YgaYuHkT+EMa5RU1NfR8nTVbo7gQ5YhKEj5GVnBLNlNbR7byLqfDa2i8e2XXxMpky56Hrz5g qR7MN2/rqdapdRDhOtsv35Hb9plVka/c0THS7l23om13s02no2mdbn1rZ7hzR1v/WG+4M7eixgnK rebtnN3tCLrFytU3rpq2JlvjnZe1dwC6RwHdl6hxrALVyE6Ctmj8tUpGXKtkyLUKXui7hFftFP5B wWlOGFH52Ydq0Qj/BMrHE7xUoiY0BRYza2pr/CoKDCP1eKTX2cn35+HjJDUgqSVAaM3P1cnmMZvL oaPmpRor191LHpgRLBbJGbyUveKuTYmezs6o2ug0m1xGGuIkCOmM6lhfd3ds++1rYo+Yc5cXfC2F 5dGOA8ta1tbZ8Tf2nr6lU4g0xK+FfBqEUKem6kuxwrlfx+uD/ODNj+1dfnCk2VjRnikevWxN0xX7 QWfWA2I+8lnIcG6ddEn1G16q3/wCYYUhmULl1fOUr99ZWLaefVsuZxPagj5twA32N7wFjb7bG5rC iRNiL/mbajj3CVbfjdIkepIdQB4kMSMNeHqTjNv0XOF6URmfll0GvSBb8hEUY2/qW5vedt9oTdv4 0XWJlR01NpYmjHou2rS6Yd8n/YVNTfnLWxM6VGT9e8Eu6O1ht7Gw//jeQ09d38g7AjaDaDNGvf6Y /9Qja25emwglgmrRjcm4UE9Ru7EbsZtOYPuuHiLRzfXddUMGMH0fFrTZ5uwQ0D5TZD1asmVf6/DQ MFE1UhghhkeGR7aseaP3QPcWWGmBvW4ga5sxNHe7pnDVyeTAshl1pxSQtWZnMtIoyH0bKVmU3Ciq smb470BANC2ADIFFKnlTs1kaUVgqmCwlJMyl/FJA+doCnQTAVOeHz7wAZAtRZzGlNhy87LIbhhOv I50U+NfrOq0hl1lNqWmSMbiiGWfXFQXPPs6oYvXMPnuyPR5rT9k9VSxFGHX6cP3K/CLEy/lTuObO IXOCPOHsSLTvHk6lLv/U6s2M4BBDvqJnfAurYSmDzegJ6PVaJtw3sR3/sy8ErprpbVpT53RlOivq V2YMRrsQ9XpC3nJemcq5ess3P1FPo3huK0j1g9QuLILlsdsL3tZGXOvMI9uaR3W1PKpk5pFu55Gq 50/jH4K7Tcsyn1ZEPa2Ielqxt2lF1NPIHGhEf6c2H3WqDBXo1gVbLxhq1XHDANWPYgXJGLSWOlOl 2nm+vMlQbkAhup332ZFIeTReRz4I6YMJNR27jm644rNrYpntd28ZurnAmLzIIrBfXXZDRyvoP9iD Nn9zoTNqL6n/voHLB26e3L7n9C1dy5cR2lK1/Nxy0PztBwodB0fBEiyrRmhtArSOgk9KYDnskUJF ura1dnctKSJbKPoAAlH0V6K6byVCqxLBWCl5J9DkD092JL6SIFA77ySylTmVYjpUioWQvmuld9k9 qRB+fn/lMzep7lIR31LhL6hwlcqVfiXSa3t7q2HMQBjYt10DSoA5392STerPErKpgMNKiRLCsQtK NXyP1kqAMuTRqP3cMU/n2MrCSE9aB0ENSZCMtvby8cLur13X0DT+5St2Htma/Cr5N/uaN7YECIKI +vs+cXnK7DAzBrtRL3I6rd0mtlw/df2eJz61vGPiC2vFg/em+kfrEIKHIJtfSaUxM+bHPnuqNTgU 3B0kLYqHXlCTFaX3Xyyq3cq12tPEOObCzLKfMiu/ZVZ+ai75KzP4q8c13gL8JrqN6YSd75HE7uWZ hIKSInGJBV2tEiAisgZgJSDGseAtaqPcqSp5GLGysSGB/rejGibqhpK3MLIbYfCqhop4Hv5H9vEo rLiFfFKpi+AfnNAo07hQXWTJpcquoNaykMVo1aXzggc3Y4VTrdYh624riSmeG1MQwRREsBIi2JR0 /c7S9S+49otMYt5bKqujXgCNWIG9XXAaebiYiGQ/wqOWRdSGxrFhvFNUZiQqMxKV3oqocFZU3KKI QgyPxwIfPZ6M3MOUuplSI1PSJUixPjy1AtX2V7QsbQrLp13SPD6Nf4BlMB6nj/X1hpCz0bf1tnQm 63uS/fZ+CQ25oiGn/5JM5JU+qAAKpBwBqKSbHMrwkrwFI1zkQMkfKbGyHMqYqRcAYABWVJsqO1L5 ieUo07D6RcZSuSyV39NRgh+VPixunun/XE/9uo4qPrmyryu05uM93jl+EEFIVEJrV5+7/cJH5gVn 3+ohR7otVt1RITbvuLVf5iD5ZeBgBru3wMkcRENrDq84D5d+J3NpMTdRYOjRIm+hRezSIpehRdzT IsZp4eensAKSSA+P0NckeyvsoZ4S9JBioK58ojwmLKF9MawXQmsmvyxjalTbUj1VLQeWgnj/wPr9 /f556LiBiwEFAG1FNgtFfq8CQqh69HDB1RrHY0Y8LqAeS0SHR9R4hMErSDxO4B7FJXoUwDyKjfco Nt6jAOZBpt2T1uAaE4qeTQguE/IiJhRbmxBmpm8QGtQ1PMVhA2PAJju6u4/rDUKUqITSKBpUICuF hQBZ6fXXylfkqw0T/3zd7n+4tjY/8fUJeK97xNmyc6jn6g6/s3XnUPfODh/+62ufONzXfuOJ6+C9 F94P9Bzcns9tOTjQe3BbPrf5IMojiveSLwE2KI+4CeUR/lqNIiUaRUo0JeujUVavQeJiNcsphJRM SL1TOZs4bw7Rww9dMIc4XwpxHhm5cApxz+ZYR1shVCYsJrPTyMT7B1Ymt9+GUoislEJ0RjuuX9ay rs6Bv/XxJ2/u4gO5YLGlZAtVb7FyDYP9m4qWuLn/lkf3Lv/USJMYX1ZdfOCytU0jBxRrSXxNymmv ODFWg0c4BSJOQYYrQcUpGHIIKmNZOxNhhjkAwXCBTfRGOLOvx9yPKcYLT0+XupLlcMgLvgAkNPE1 gmbVaqs7ZLZX1TQEFytNuK0h79b7Q26disTJ7RaPwLKs2pTqrzv32FK1ubm2I8qRao2GNUjV85Wz M8TzsOIe7PmCLt3X2jfU98m+R/uosib7e0pzXdKYNpRYiYua71LTHX+l4JU77VKPHRkXpdGOeuxI g5zfQI82R/1ylP7rCnBchzq5EThfq+5RHaFL/axO8xthhbBVGBNIuaH+U9RN77W8KYvWXCtdaaRv Qo3eskb6fLzwn22kE89nNx8crFqzvMqiUaFGeaL18vqKjowzWlixemUhGh/ePxzqboibGZIkGQ3N Bmp70hWFuDlWGF59WSGKG5ZfA/y22k0hr+jgGafPaQzWhiO5mDeQaLm8qWZbT6XOaOZ1nIVHbRmL 3SIGq1zRmpgvUNG0SuEFtQsytXuwe57C6vFXsFFsIyDWho3hvzgRiov7D6GMrYGzc7vaRttEjhPb RlUDn8IG9nd7Z/Z21m/c2dn3m+EVw1uHx4bJ1HBqeE322cjO3jVvdg4c4mbs3bdCaC/lq2CbyhM2 HhVM8lJTBvI2KxxCO7Dk3O1VVMzmXytLZc+bmhGL4TRfFH6L9a9lgtQuAmJ/byxt6RopePZzRrSV 63p7ClK1ZVWOoFtNogJqoKa3nAcX52Byxcda7AmjxVq18eZVwwdWVbyOtoUZuTdquy1hl4mh1bRq g2ARtFqOpSF1GyQM5albdWe80Ovyec7DvIaLs75h2/IITdu6I+27Vy7IFzWblHwRk+qSvyV2qf4Z a8A2nohjQjCpaFxS0cSkoolJxYclFZuURCZIZ9UnZ4Ldbv2MtbsasZmR2XwGGZ2skredmc6UtXDL +XgxThC71LwvnrJ2jhTcN8p8uKEUdL6B8mtAsK4L8muTmmIp1QZ3gDcsxO/l0iaml5ese3YWrZv8 LZUmIvjDkLsyRJj4EqbgQb4CeLRhzcfSbTyKjBMeT4JDOqAjaxJt3XxiprGm24QS1vAAKyesZ0Cy 8XQGFWtRszVdXYVnyndz+f9ataEEBfmwx6KWunqiupguW+CF0SBPOR1n75+zueb5dRrdfuGCoMhr Vb2o+hEo/FZYqwE96SYxuBat1Ktv17uAsJrEKmywu627sdHXXdVNdK81JGZquo3oQQPhgY1lLAfd zkxvyqdRAjGdzpbVYSQ45vm/CIql2l2Cwj9f6DufgKheVAueOFLUVk+xrQwpSEs5T+z8WOFPoYAa /JhaqtEYDW/UdoEWmkELkQz5eYNGgasMRcEk6PX6C+GI46UNOMXZxYImyxl9mSRnJ2Q5o4iSnNFt gP1ObOcxb8uQJF47MzsNOzdt2mkgnYPo6UPt1SgzOxZ2XgZAF6wjA939Ld3V3YmEr76qnqgfwpwz 4W4VYoJZMa8KC1pl/UPyKNlViRFpqUz/0cTQX94a/+uCjI+WS6rgvYCkzqNPLHNb4bPd6jMxxXQZ D+Z5SqbKBfki2l3OgAtrQtkJAP17UX0Lsu8Mdk/BCzmNNoqihyiKHqJot1RUyimjvJQ84h8+LkdZ XsUmehWbCO8fSHEZ+oCMorcUqHmV+MSL+MqKyZ6olrL3QIpJzRe55Fa5Ejr8oCyZXFLkWtSjqq2b L3c9yBjdZqtboAfuk5IYxiQDbE13V7XsX86YvBC1Gdm53Gbf6sGmK2/dTgRKkdm5Pw5tWRZeu5rY O1dEkPeRkfsBn0rsl09gwVmIy1HK7lWjMezFPfIHD25R1mlW3k3zibz0blTeBbQhvw4+1EF+JOBR Ho9ReCAGB5oDeCiA+9HHVj8e8uM+6agPD/nwKId/3I/7p2ZfKLCCudvvg4jNj3anseCI/Kiyhr4h TvjR+XXwi/5Yj1/r6NH2l1pUys79TVIOlJD/Q3vWlD39aO9aQrqXYm7T8nxyZBWtdaJyE8V+nCCJ 4hmV3hHzeGJ2g6r4vIpC22ut7qDIqooq8i+ERvQ7rR6BIf9OxWp0zNl/RB03ldqgIdfojCwJYkrA wJ5z6HTE62hXGKHWSmhDtnQA0A5hw09gTlhJDULKiceduE0qm9jwiKHWQERZ3IHC1wYHbq+H90Y7 7u2xa8QeTZ9qCOtTyhWtsNSEvEi0WD8pS1GdGEEbMXJz/UNRCoksJobIfoKuzjh8AkEfYHmy+JSa D3k8ARNL4Tj5AS0EfK6QQBdP8gKlMxnwvMqoITeabQaKVHP6cyniZVFLIR2DvK+DeJooUE4sCfFE 3zHG3IAe2YgFg1huCl9XcHPhIz6f03y3L4VXpQopIpXSOI/Exus+r9lDTiiVX1SvhAgR7Wh4bVry pnm5axy4YNtsPqgr75oRBafH7whvaqjsq/XG+q5ZtkrvzUbCTUmPWm80NI40d2zKOw4Pxxojxkxl ZWuI+KVOp9VXheOWytaK1PKkJeiscOmNZiHoEk0em7t2IH2TzuKzRKOhKMr/r4G1fpEWsQhWh+WO abxVp/E1qBiA31YQMNGrMVQ+Fhi37zJMZCepPaUENZ9XNmrk53vQUaXBUKbnMpMYpbZhlrNS4ouo O+DKpJI2Z4C3GCiad5hMDp7KrMsW1tc77tR7M6FwZzrWFQ9mvDz5fuf4ioTGErQ16fQqtM/HRaEt ADAUn02G0yt2doQ7anzx2m+mkt7cMpBDxD0bZceqsNgxGxaegpVwGvP97sDfcuPk0crYg8ye8vtG 0NY8adPhHAPK0hta5oK0DsIGUXVgfePh2xJ9V7WYErGIVUuTJK1hGE2s1d/V39ebaItoGQZ8d05v 1Gts/vvuGJroC9FaQdAYjAatyahR+a1bt23d4A6ygg3Q74a5Xk8LoDM1WOYYa685ja8Fx5rEby3w gneXnSVjj1nGM1/QlUlWXu7+zwnUR+0jgCxdb/cLFo5Ob2tq35B3+Nq2tFYPxxhOwp/+TKwrFsp5 OZ0nEwn1pIhfyXi3pavTQ1c3dU4MJSIRPEWpVSRYA6p4WSrlyy0Lhjpr/IkaJEldsJZrQWvCWApr n0yp0ANqnYLgjEzhawpWzCneazCwqbt9qNBvi9/jG2eP2PaU9viNz90oJseeyhaLuZq+xbyARfMV feJah1i82xhvr460ZvwajdoQSFTX+Y4cifZ+rKMTPPCnVcs7grmQSKgwhz3aXGHRcjrR4bIbdCx1 z5HO8cGKWOfmWqGzzxrLedA6thHP4QT1F6mKH3wKs+A/QX/CC7RCg3lxxwk7P0YhXrxa2kslLik+ 1JUV1/9EcQ4zgheJudnBUfpAVcofSFX5iV8BuioEMWGD9IkgYDhV4fHEK7weZE+vIZ7D/gCaqdTW 15zQ8LukK0u19aVX/QMlKxJdUqj5C8zrjHxe8m3gUydWmKwNoie2pZoEJHcurBM4ZdIYJtvGfZP5 8abaeGYsPmGdkK5aXkNOv5aH/xbsP4ksKl8u/o6wkIuZllKZmHwbZiqiGedqfMtiNOcQzU6OydQE 2uOltdiDQWtmc3XPapszm07bGgarTfPLwuu7u9LJ4pELfSdsOni1Z1N1aVfErg01D9fL6yf2w/or seRkSEDmzoVp8bUFA+YyPBYdD1l9Y6Uly7VbZOkuvtj5xcGyiP2IASKspLY+2BUrrdEe9NszW7ON w9WW8hX0oBnfu2TG0lwJbDno1EMwVxG0KvAkZkJ/9g3zgHVgNfb7uPHg38o2+aNt66slHooPXdc9 NNYTiPbvHey9tid8BxduTlU0x0zofXA1+f6yseFktH9X17LdKyvjfbt6Yl01Hleuq7KiM+feLPkL /APiizAj5C/qjnmrNAhAs+QvTJgZOQtNVdqropxj/N45l4EaoTPncRmL6nZzGC51Ga2bmx2VFTFr SS4og4UPOLLbmuZdRncy1hkLZZHL6BofSrCi21Q8R6GdcTRLETNIDQDa6qr00Mckl5HIfTOZQi5D lgn8RcnjR44HHBiHTJbOoZmOjgc4s2fMPDFfhXx32li2hMXlR1kS5O32+IvgMCi1ljMLnMsXtJTL tK0iEhQNfgsD1vDfBJuBoWhKa4u5iw8vFIUub8yqVqlpgxVm2U48jc/ALFux7iewPL7qpK/SV6mz T+GrC25MV3H3L6p/V01U195jz1Phcc3d3xJeEAjBcg+1p3yf3qbzbdQrKzXVQkRS+qpa4AlhRTOh 1nU1vsaUV0eTFKPSuGO14WRLRUtPa9yXX5nxZKMOLQU/oWhLKO3NJBKtva0V5L5Ee9Km5Tid1awX dRRv5AJRl99qjRVqok0JC6vTa+Ango7S8/q4wxO0WcItiCtBWO+j1EOQ31Qex4LeKOIKL3Ja7+7o /Xbt/eLuxFFGlv8z0qbo6XeffqnMmwuKEV5Qo7HMZ+CSqOGP0hqLx89tXTWo1Wp1A7TiDW+Hb9rb fRWOCK2iKYLkLTatmlZt3IxHbG6X7QYK0jwVDDfYXG5b8Z3qDKfSGiVJeppAdwGnwLqwQdmdu5F1 EYIsGR+zjvkem3PmrVIgBZp7Hldeli1ZFiRLxI32oNGqp6pGs40rqy007zSZ7Dxdl/d3x0uGZ853 ZyRDgvfTshrQxe929aST+DWl7whlL/E9YhRmHMWyx4x+L3rAvOhX+8EzrC9oGZ/fr3eM6SewMdkg 4va0w4a8tLKnD4c5mWiGVPIOiDgWph2E1+TkIH/4BqkxBVyuoFlDnqYolneZLC4jTd5DkJ8h1LyT MoH703H6ogHyC9RqUOO/1wk6NSCPpr1FFPGHGDWN/r6pF3+f2AHz9WMtyC8+flyt1lin8FtP+i0+ 1mKawm8v6DQW15iZ5cbY68iPK4Z84WZESfaVlKKOnN/sVze32Q8fJBMVVjeHqwZegbTK47C5BFZ1 L3GYoAW3zebhcIrg9FqVWq+ZJCycSaciGJ22uJfA72A0sGCtyEt/a5Q8Je0J0GI6zITuHRg/QbOk rhtrffUMLmtgWSceX1nqvBcfVZ1RGu3FSXQelQ/vow7Nn2efdJ6RC5ynrzJfX5HI1yeKJ6lwXSJe Vw/nmcYIXDP7Hv4KtRlMdhwzwM+cA3wnIPSz58u8BxmZ2yWw6Kb7bzLopneXkRFwtTnocgbNagNr j3m9cRvL2uJeb8zO4ntLfSPyGzqjjqKBj3/J+xNOrdaZ8PuTdq3WnoQVzczO4I+qtkgz8T2JWYgR zIeZifzjWr4C5nU1BpPipxd5tiiZu9DcjjCc02xx8jQu0GLI5QyIDMtaQm5XxMqy1ojLHbKweA3a kUTCQMzqeA1FQTB41ueO2rRaW9Ttjtk1GnsM5nY7uYN4gNpbQskZ6eK7AKUzmXKUSk520RGLmbiZ 5q1Go42jrRqT32rzm1i8+OkFx6oi5OESTPj3S5+K1QuP8fzsLOYizhA/oN4C/Tgu1dzWg4V5nPod lkV7cG0RlN/w+qHqLdU/ryad1c7quH/aOEUcPh6fVsvGUW5U4OkZOdWhGVlXS9mCRTKJAWlbfSnv bCHqpFCNeBzUsaJ1ReXgTRuyuU0HB9v2VPCsQcs6tI5VTekVDf6xUXddOqzjzaxWR67yuXWM1Spk Rz6/ZfsXrskHgoaAyefhGd4X7t65/PbDrJ5nNDoLrOpO4kViLfUrWNUUhknfv0/+nHoTvn9L+n4H rPpN6fu/KD9/Duwq+vdPSyh0AgoN1G+x5VjrE1gTvvZkqDpUrXdA0lHQY3ouy2Wt+ckmBxVHUFiV QGSuAwYucEZygTMlhkaiKbIml5XuMZCdICEdUYwZAqmEkbSBDv4Z0VDRM9rYtMllMLKkVevQab3R KndjtzWSdYa6G0Ph9vW1zppUSKtRW3RWraklWVtjjWZcod6GMHk8v67Z6+TVBt4iLBMYhuc0jTlH 1OPQCZGavtrcilqXmhM1Goupw0Bp3TURR8Rrh5/V9iI01sDqH5Fk4rsSGg5A57vUG5gXcx3zso4p 4tAxE2mAt0lyolRDmp6zeNEygzdv755m/HGrx6gl31fTuoDPZONY8tlvk5AeWp1uLcUQb4s6dCcj 8ZTJpiPRp3MniD4N2o6ts5mRrVMkFQtAtOo+FZoOutF9izCL48a5gDptzCPML3yXImFlyCzxPIVr PTabi6dV7cXXmwi14LLZvFqcwjUEK4CeewQNsWrH88R7Bp4lcIqhj09SkESRakFP/IxhVQSh0tAP FL+P0FFkDf29XXS/Gb6uwLPS3WbTyuMUpvVoktFp+rq5ZymgXPQH0/y5aUVAlt5ypjR80H0qZunO q7Uo0Czu45xOA36IYikSBULFH/8ZRunjn/FKmCdJajmLgRFtxDdtIsNZec7CMd9R62wG3magX2d4 qzRjSRuwRqx+MmlHD9cOVmnQGxasgameTFm1pCeGPnkmhLn8TL4laybDz5TbKWHONwfF8kC1bHe7 nI79nOHtZtFpYN7CWZgUbzGw+Cs4zvA2MwoqPGKn1QeRxrPkvzNGs93YqxF1LPFLCAPhBell4dyT JIqUVLQKPn977vjLDjOcQjj3e0JvdHA0pRP0sEJFv7FmrHpSm0UPDIcs5DS+GvNg9cALLmUPIJ7Y 5wQHrW0m84O5pZUE+QJPHBClJw7k5uMo4k0W9DRidNps3It8SMTBXxsg1oPY2yPUm5xmk/YhzuWw CyBMkLLzDgijzuoEEHzBa8M/4+6ozK2MFTeU6h/Ej2xm2mAXiy+6QJOS2WVe/OslRiNdUOyV9LyB 9GSIPo2vwwSIBG8raDAhNI2eFzBtRgqqmyi7+WlmXuCW3DRX/pgA4sZw1/blq9QGVFvgGIfwT86q tq60/U53ImkZ7I9kA0bVuZYrlkeLv53jw4/sJpUhUt9bE87amOJZcziHdEOxJFgCi7ZpMB/MMoFZ YNRiEeIQxgMLnNNKFoc8CNJdxX1c5J4T4hGiYnC8q+2a/kqad5mNTp6yJhoj0ca4lRIgHXaB0fhD 99hQNNy7uxt/u4RbsSk3kHM4Mv0Z/Nl5LDHsIZnw9EXo60uJiP1/ppfIsY9Ab5WT6vRSojrPS1MX J9pzQbqT/uM8MbUKfe4j0elF9J0F9Jd5Uo+rfzZPbOICdFCiszJpDpbRt2XSiuel0QV0ajHpdlyQ ZvW3LyTDTsNODlfo7/87iXcuoa4ldNs8CR8TzpaT8bbzk+iX6AGZTFvnybxFoZ/O0RuLybLJygE5 l9BPbDvPR3b/Ajp8ATrrGHWcdvqdhxR6VqI/ufa6nnOb3J8E+jdPr+crnnPe1RJ9/b+BXvD+8RJd ov86+fIL6NP/g+jMJbpE/+vpJd9L/nqgwiLq9q8AWivRD4F+Hrj0uvS69Lr0uvS69Prf/Lp2jp5Z SMH64MMKnUUUGrxEl+gSXaJLdIku0SW6RJfoEl2i//kk/cUrHMOI+9BeTfwmjMbVmAozzr4L41Wz v4BxYvZrmAp/YPZ7MH5r9icwPjP7Q8yFqWbfhtE4+yaMm2f/A3PhxOyrMPKzv4LRMft/YfTM/hTG G6TxAfQv4QwvwPgMjGvgDFfDODH7HrYGfvcHMPKzL8HogPOsgd/9IYw3SONdMJM1+AOYDsZnYNwM v/sujBOzv8c2wznfgvGZ2Tewq+D4v2MTMH4ZRuPsOzBunv0jjBMYi03AVe6EkZ89CqNj9h9h9Mw+ AOOO2edh3CuNH5fGG2b/CcZbpc+flca7Zr/6/5g79/ioirvhz9nd7D0hhFu4FDaAGC6Gq0ABMWhQ CBBiFIpYdUMusJLLstlAglxWBAyWWrQU8VJFqoiXqvVWa61dIQURRMQQU0ItRIKKUallQ17L43m/ M2cTNoB9aT/PH+8O3zlzzpmZ87vM/GZOICz5a6q8W/+bZkKjr8jD+ifku/XDWgfqNJM/rJ8hD6vy bvJEnvsN+XLy3tyNkMu7vbn7T61c9VOu+ilX/SxWVxarK4vVleWUz5Dvpu069ZR16inrVD/r1FPW 85Ra8kS9gbyHfpy8t95Ivlz/O/kGZF6vhUUn8t3CqW2ghy/Iw/ox8t16vfYwPXxGnqjyHtx9mB5O ki/Xm8gf1j/VwtRpIJd1wtRpIu+t8uXIHOYpZ8gfpv8wz3KT4y9tN62OkSfqJ8h76J+T96aH3bSS 5Q203a1a7VatdksJ1di8wtRXyP9TXX7yVW5WIzZBncmySSSYLdGyWfQ3J0XLlpg6cSLZPDpatsZc t4nF5qxo2S4GcccoO4THXB0tO01b2uq7xGzz8WjZLQZZxkXL8abNltY6CaLIelbOKfUZYVsQLWvC Zns4WjYJm/1ktGwWSfZ/RMuWmDpxwu0wR8vWmOs2Md7RIVq2iy620mjZIRIdmdGyU8tuq+8Sgx1z o2W36OJYEy3Ha9MdrXUSxGjnCSTRLI6onY2yYWejbNjZKBt2NsqWmDqGnY2yNea6YWejbNjZKBt2 NsqGnY2yYWejbNjZKBt2NsqGnZ8RHjFCDBPDxUhKM9S3yQVEKfO9VBSKINeuVd/CZ3wXXy5XfJRK RBp3JokikkfkcG0+sSNIK3lWwLGA2ovJ86l5Le2KqDOPaz5q+FS9XCimr3xVt4SzMq6VqHtGex8S eCCXej56qORsCaUgz/Ko7/6bR7mIuh4lczmt89V3C85XvZRGew1Sozj6TFnDg46l6pkF6jsEpS5T la6FXMlV320XUFp41DFXaSmfa+iRx50hqudidaVI9ZiLjYzrrU8ppp8iZTF/VMoSrhSrpxp9Sj2D MRLIJ/qVLq3ffWhY25BdPqkUC3jUt/7NV1bwqe/5k9+fGFRnUuNgmz8MmxlP8SjZS6J6lSrbzlM1 z0kcq5G0WoVqZ2i9kPM0NR5ivXm56q1Y9VCp7FAe9XysvaXHDP0LlPxSf8MvATUa5NF4ovS1hz78 bdoYMs6P1injbGm09yBaGB5a3OalXDVGcrla3E6v1tGchyS56vl50eenqRE7X/lK3rlwDoy7QOvZ 0ZHji46xK+llrBj9b0Z6UD0zX41E+ZSFbT5otc3F5t786Lj2t9WWI9fweAn1C9TYmU6NPJGqbDqQ Ovmqv+tV21LVf5DkR4+hpCUqpak51f55adHeh1KuVCNwvpLaTw+VXJUWK1Qay5HavtfW64XqGz8D ary09nez0sEYJZXKu2VKwqAax2Vq3hmtPUoHOQcKlAd96hkFyofzVNtWa00Ws9B7UrRtIOaOMX/y lU3OzYkl0W/KXPADzzXOZd08PFiubJjfNsby1X2/GiGVMePKrzQtiY4so68ClcuZcr7e8r4xI1Np JT0lR8O8tiddTKqSC3q+dBud6701KnqicS2o5M5rF18u1L01mpwv1/gYC0hNDF2MKNu6TgTaIna+ ilklKnbl/qCmhp1z29nUmPGl0dzQyiiXq5FXrlrmq/kvtSlo60fWLFKz5t956H9rXpybE0OVNHIO GJE/TfnKLyqe8YwYNnykZ4YvL1BaVloY9FxbGvCXBnKDvtKSNM+koiJPjm/+gmCZJ6egrCCwuCA/ 7drcIt+8gM/jK/PkeopL8wsCJZ6y3JIyD/d9hZ7C3GJfUaVniS+4wFNWPi9YVOAJlJaX5PtK5pd5 SqkaLCimZUm+J680UFIQKEvzTA16Cgtyg+WBgjJPoCC3yOML8oy8siGesuJcJMjL9VOWTYrLi4I+ P12WlBcXBKhZVhBUHZR5/IFS5JZi03tRUekSzwIE9/iK/bl5QY+vxBOUeiAZTTxFvhKeVVromeeb rzo2HhQsqAjS2LewIM0TVfPyMk9xbkmlJ68c5Q25gwt4fsESTyAXXQI+1KZhbrGn3C8fQ4/zuVLm W0r1YCkKLZYq5XqW5AaKjWdJM+ctyA0gWEEgLadgfnlRbqDNA+NaHz0b46CO58q0saPbGT0YyM0v KM4NLJQaSGnOeW8+tvbLy3mlKF7iKyhLm16el5pbNtCTX+C5PlBaGlwQDPrHDR26ZMmStOLWdmlU Hxqs9JfOD+T6F1QOzQsWlpYEy6JVZbkwl8cvlPVuLi3HJJWe8rICHo5A8rYnFw8UBIp9wWBBvmde pRJr8qzpk7gbUCf4J7/c8MSSBb68BTFtOfpK8orK82mKxfJ9Zf4iHiBt5Q/4qJBHrYKSYJqn9dml JTgy1TfQU1A8TzY611VJa+WLSqSqy6GIW8qCAV+eMV7ani6HSWtf45UAqT6ewpCVcyIgB3Z+6ZKS otLc2Icic64hKY5HXWwsC+VBf3kQsy/25RXIOgsKivznKXQpvlCeGJpfUJjL4E/LLfNXtL03CT1Z rBUX+2jUYOctOgmbrosO8vfq1NuG0FI5Vhk/G/g3H4v5Qbdbo4720qXWj4+X9U1jL7V+hw6qfvhS 6ycmyvrmKZdav2NHVf/Apdbv1In6HIV8+7Ko+vLts5fKk0Q8pR4ig33lZDFK/IQV/jaRRZy9Re44 NJMo1zqIkJYofq71EJu13uIp7VbxklYq/qSVi/e0xeKQtlwc1daJL7X1ooX3cjPv3Qnaa1oP3qQv 4714mDlTu8r8oJaJqDnt5dBm/4AcE5BjKnLMRg659/cjx3LkqEKOTcjxBHK8iBxvIsdu5DiEHEeR 40vkkD9XMCNHAnJ0R44ByDEcOSYgx1Tk+AnPvb29HKbXYuToRuky5BiJHJnIMQc5CqPvWquQ4yHk eAo5XkWOMHJ8gBz1yPEFcrRoizWXtlzrpq3T+iHHCOSYiByZyDEHOfKRw48cK5HjPuR4sL0clukx cnSnlIocY5AjGzluRw75Te7LkWM9cjyFHL9DjneQ433k+BtyfIEcZ7RyzYYcPZBjAHKMQI5JyDED OW5GjvnIUYYcK5HjPuR4DDmebi9H3D9j5OhJaTByjEeO2cixCDnuQo77keN55NiNHDXI0Ygc32q9 sf2tWqJWqvVBjmHIMRk5cpDjduQoRY5lyLEOOTYjx1PI8TJy7ECOj5DjSHs5bB/EyPEjSuOQYxpy LECONcixidLTyFGNHMeQQ/7MSkPzDsiRghxDeeIk5LgROe5AjgqevBY5HkSOp5DjFeTYiRwfIsfn 5kxTnPlBUzfGQ4qMK3YbfxITU1Mzlq1aZY/T7FZ/VYhPld9u4eRUKMSf0Cm7XbM7d+58is9DD9mt mt1eXf3kkxs3rl+v2pyqqqqS9VQb74ZQuidxg1dVW218KtRzVq3KyEhNTUy0xmlW2yl7RVVVhWxu 4wFVsgerRbPG+eXj/eq6XVahkqrvr2oJhSrsmma3hERIfYyT6Mdq16zO1/es46Pqv/SubBttykd2 yVOrDFGtZs1qOWo05KlWfyg8LPGozSJslvRT6XyGqZay9uYF1jhhjauqys72eOzniunpMc8XIbNZ s8dt2bKlvUWxgW1shqyRMba9RR2a3fVO6J3QVtJGUhXpAsva/nvLOuI0hy0Ua1qrYVp1w95mW3nD u+GUtHmsbR2a5miz7X9qXOnHl8LnGdduEXZL+sWtaz1nXWurdWMlUOZ1SPM6HMLhsIvOQn6FeV8C +UolsMOmOewTrlGVr5mgVGwJGaZucTg1hzvM54n0J9IfUGk9yWHXHM53nnji/nXr1qy522GlgxYM 2qK6kx3ImeC326v8snPHKuOTMVZJICtN4ulSBimLXdjiNBtNMOvmBU6r5rRT441qOqx+Q94y5lWV X92yWCzB9dxaH7RZNZu9YvXqs6HQMkPhqP1DTk1znnNAyObQbO5XxD41Toyk2qpHrF7d2o8cEc62 69VvyJYWzRb1hirLYeBNTDzqsAhHXNQf6cNUB6o9QklVpBvwgzOmjFOcmskZ1+aUkMWiOa0b+DjZ r+CWc45ZiXGUGnbN6Zg4yWgxaaJS/6z0ijw/63RpzviwN+zFs1vu99zvuZe0miSbKecY3lHNpHcM 9yCUU7nHmyj9oyrfFf1cM0HJcqGDcJFhJMsydHRZNZd0UayPbFEfqXuWS3GSS9NcMU763/KSlKVC Db5T/5WXXJrJ1eqlqJtcyk0up3A53Sw0MqWQ0kMrQ+kh/qS77JrL0Ts3XbVJz+2tjCA9FXWVK15z dQgnh5O3pG5J3TBlwxQ5e9fY19hX2V0OzeUKh7aQNpCqQqtJq0h3hVw2em1ZzcQxPKd6rVjNE4Zh 4dUVqmnogs8kMVEoWaVk/AmlKGml1G6SCoDKkdjBbdPcDsOTcoJWv9Eu6Kq7Jj7jrpN3rxun2o7N kM7MGGtMslZvhtg0u2PdGbK7NHvCH8K71JhsTXabZncYDyPCy5OxGUZocJ27o5yqonbUqSEVzxlh jFmGLCPYmp7eotyaPlb1YnSIhER0e2tEd8WeJHo8bs3ktrbJZ/jWbZO+dbuE25UgEtjMyDQ8NDzk Da9kcsn55XZobmcf4Q95RTgmebnSRygbfS8j5FmZhb93J2juxKO9jvY6NeHAkLqiuqJ3p+/bV71+ 9/qd7p1ut1Nzu4+GT4UPhOtI+0i7SDvCO8PvhN12nnN2186dO3cZfam+JxSGw0creiVYrfsqVPPw RT65oauF0kHK65VZWOpgaCP1UmF42S6rdcWuXfsXx9u1eKdsd+TETvk5ccRYAwpVZ4UT1H0zn/Hz 1f3542XAR5Rdu1B13oR4kxZvCfMC0yZA9ErMx+HWHB2OHP1s2K52Sa0c0cfu3KnOJhSqcuEEd8y9 E0dkH3IpqTva2qNcZiqqpTXc6ytcccxLr7fFa3zGqq6i3SKvXGjkFiFPyDSa1IvkvvjlZNIwEW8y xVvPKYBycVYt3r5PftRbkVO8bnpemPMqA0Wi8/xAwUKRVZQbLGEk9Bama2be6BGJN+ZcI7/1Vv4P DnJXauMNtFv0TCOKJvIg48zEW2pH9vCylnHFTP9JvOF0Feap2dlTRP+cmTM8YthNOdM8zGijjkW4 eLPtqc7M8v+Jkf9xnboTx/tRF/bAxpn8m6quSNUnz1/mF2+pfIfK31X5fpXXqPywyo8uLAiUiBMq b1L5typvUfn3MtcsKneqPFH+GEbrqvJBKp+o8hyVF6p8qcrvU/nW4oXFC7XXVf62ynepfL/Ka1X+ icpPqPzrtjfXS8u1/yi3Y3+zshMhQsi/nfv/65oJ38b/18cEPC//DkX+1H+VeEBsFS+LHeKgaOD9 S447ocaiYYkmIf/+snUsafK9RhtnHKvWGsdft8S0Ybx+vbXdueY+2/48IaP9ecdh7c87vdH+fECv 9uep590fNLb9+ags4TDFnF+ZFHPfKrTr57Y/n76do5MZksp7sgnrWLCKMA0zZYuVpidNH4st5l+b fy1qLEHLE+JQ3EfWKs3svNGZq/3BeQ+blHfdie7Jpmvdt7gfM1XG58ffYfpT/Mr49abqBFOC3XQw 4UzCGdNfhRZqlrax1sa/ftF0gHQ4/nhMOhlNBy6STif0bUuppHGkDNIdKm0+P8UfSNia8Gripmja EpOelamjuGhydsxuS/d23NiWmo2U1OsiKY00qvPDMelJI6k756XOL3d+ty3t73KUdEKmrpaLpaS0 rkldU7vdG5M2qrTjoulAt+9aU3Ln5B5tKSOaMi+aslWaHT22T6FoLuvtUqmmLRmtP0k+1X1Q9/zu j3XfLtP5vXd/4WLJ6L37G90boun0uSSf0v079ayQ5EfT+41rS9P75bSl/Gi6gxTqd4f8KpH+6Zel XZbR7w7ytMt2DHj38lqVTqfOJfkHDiANGdgwsAUaBn4/6N3Bj8k0sGHwW4NPDj45xDIkYUjnIW+S atImkrLT5g59NJreHh4aOWDk56MeGD2KNHFM8pi5YyrGvhxNb43dNbZm3CDS2HFrxx+5yqrShqt2 qHR24uiJz0fT61ed5fz5iafU2amrTVebJj5/9ZD0+9LfmpQ2eQ7pk+sXXLXBqM3xlFFr6kRZb+r0 zL6ZwzInZm6fNkCl7Gl3qFQxbe20R8krpr1HOjp96fTQ9E9m+EmbsrzUys7an7V/2nvkR2SJ1JDV lPXdzJBK22buU+mTmU3wyczmbMvMZu43Zc/NPpLdcEOQ9ECOh3rbZjYbd3KWzmzOOZ7z9azs2bvm zLk16dZetw6Yb5k/d37d/O9ajwuGkF4uSSzp66/wr/KH/Q3+Jn/zIsuiEYsyFhUu8i9auqhq0aZF zy96fVH1ooMBf+CBwPbAt2WiLKlsStm8srfKaoOjgvOCj5bPLq8qf7v89GLr4iGLr1v8/OITSzKW fFfRq+K6Cm9FoOLRihcq6ir7Vv608vXKusrvlrqXdl06duk1S/OXbltad+egOzPuvO3OzXc+e+eR O5uXpS9buuyt5dbl6csDy19avmv52RU9VixYsW1F08pxKytWvhDK/oFY9fr58ah9tAktPpdkHFEv L9FkRJAfmHuZ58+49vPEGOkXjTqtkScmtY8doV3nkowOoZpzyYgLMoYmPpu8q9tG4vDhiaeImioG qyPxtmM28XVzwtbETfEH2mImdTs298uXbeNfT9h8LnYaViI6Z6j4a9Tqm7C11XryqozFqu5heV/V j1qQfl+PP04k30qLw6q3A0i3ieNhlc6tDifPWxUyYtaBcyvBVin3BdH/2QuivzMa8+9V8V5FedUP rRMyKG9ujYT4Y3vUX8QmI/4Y8S3qR2IiEVB6Lb8tOrZ6lBiXnBlqkC3O+bhfTqgh1EBvstZp7mV3 b+iXc+GYIA7WxETUi8TZ2Lh6YUyNRu5dajQZUXR6a/yUcZ0rPDXU1H07V3KSs0ePytrf1WKsY+rI mtXtuy5HGVVJratP66qS1Kur5dwKZIxKubap2hZZg7Y7uibJO/KKrCWvJ/WKP9A6UpN7JPViBUyS 7WXZuHpuHY1dSaUsatWMrpsxK2cSPZy/Tm5stzoeiK6MnVul5/53xtPl86dldzmanIE87awvrSZt jKdiZmyrjY2ZKK1pjJR++dg7U3pTWiI5u/PDyt/bpW9iZvW47i+ga+sKW2P0GmpKDoWajCSfII/9 cqRXZMkYafIYarosrf8IA2OF6z9CrUoxSa5wxuqm1sf/Mqk1NSZdWEOttDEpuuK2pQtbyJX2P0tq Lb7k1LZi/0A631Iyta3jP5DUyn7JSe02LjGdbx21R4lJF9pP7V1ikhz3hqf/s3Rhz/9v6S4tGXaW e5eErVdZM/tedTb+sNz1qLRBXbHKnY4625DZV+6BovdI7KDGyl2TcVXGflmSSe2O5qidldxDnZp4 Su2P2B1R2nHVBrU7CbXtYmTaNjOUdWRmSO5g1Nm26D7HKG9jF9Qgr8gdjWyXFU1qxxNUeyPqqrvb ZN79BWpvk7sposWArCNq31URTdnqygC561Jn2VlHZFyK3iOxcxvGXk3u0GS7tapEUvs0v9rPUVft 1Nr2a9OyrzYpi5yVtrghaFjiKqvSB4kNSae9p/qWT1qr+lL9tp+JF3o0dhxcXmucCav89//mGfpb 5lmig3mOcJsD+j/Mb4sxQv4r+AOcNapSk3mWflxo5GeEiXyPeY5+gDf15/Szolo/q3lFJy1X5Gjz RHctT6Ro+aKjtlB0pOYoal5tLtL/LDT6+VRYqOumbkfquqnrVP01Uutr4dBuE72434/7s7j/I+73 o6/L6CuF1o8gzyfCRell5O1oXoYcy/XfI+8486f6g+bjYpi5UYwwfyYGm7/QPzSf5G1X9n6A3huE hZLJPOf7fyHNRnraKSpEB5EpEmGcGCjGQ77+oSiAQijTPxNB/bQoh8WwBCqgUrjFUv2guBOWwXJY AXfTfjWsgbVwD1TBOrgXfgbr4Q/iGvEmtFD+HnQxUBOgQbYYr90AOXAj3AQ+MVPbJfqgsc88W0ww 3yLs5tuhSFSZV4re5ruEx3y36G15XD9o2QJPwEEx0PIR1MAhqIWPoQ7+CoehHo7A38TAuET9w7ij +sG4L4U7ronyV3BKP2iNE5nWgRxHioHW0RyL9A+txVACpVCuf2ZdDNjGim2s2Ma6FLCN9UUx3voS /B7OiPG2QaKPbTDcLgbavDAPFkEAKiEEdwE2sm2A++FxeEJcY3uO41fwNZyCf8C3cAawoT0P8qEA ykUfhxDjHZ1FHzV2TzCunar0BV4/I7owal9h1L7CaBvAaJvEaFvFaLuR0TaP0TaV0ZZO7ScZL2nm 2fp95p/oSxlBVzJufkUPXvPb+jbzp4yzRmE2n2AMfiFuUePsOLWOsM1snRW3iaEx/U+h/8X0P5n+ x1B7Ln1vpO/f02okfW+i70fo7y36my0S6OUbevmGXhLp5XJ6KaGXofQylF4G08vl8vdJ6CmVnvLp ZQQ9bFea7qH0okimjz/Tx5/pI1W7XX+TfobSz+30M4p+bqSfqzWf/gF9DdU262/Q8o/0Z6G/xUhW SJ+dkOxuevuZuUE/jXTvmT9ntn4hrjCfjM7YjvQ6iF599DqGXifTa396TKW3j2j5ETNvBlrOEq5o hPkfIomMLA+Ju/UmsRrWwFq4B6pgHdwLP4P18J7eIvbCPngf9sMHcAA+hIPwEdTAIaiDv+m6+AT+ DkfhGDTAp/pecRwa4Vu9XvyTeX4aItAMZ6CF6PZ/uP8d/AvOwv/A98ii602aAE1FxU/NcxlhP9W/ Md/G0at/YzmoN1k+gho4BLXwMdTBX+Ew1MMR+Bt8rrdYvoCT8CU0wVfwNXwDp+Af8C38E04Dsli+ B13fG5ek77Wl6y22yZAJ0yBL/8x2E8dZMJf7t8BtcLveZPPCPFjIvUUcAxCkvAQqoJLzZRxDHO+C tZTvAfxg+wXHDRzvh19S3gi/gk3wIP0/zvWtlJ+k/BzlFyn/EfCRDR/Z8JENH9nqdd12BPCRDR/Z 8JHtKG2OQQPgI9sXer3tJHyJLk3wlX7A9jV8w71T9P0P+BZOc47vbM0cz3COj+x5kA8F+Msk7hOd 1cplFvcxdmcxhuXqFcfZbznL5Gwqo7za/IEYLP9nYr1ZZDAy6xmZ9YzMekZmPSOznpFZz8isZ2TW MzLrGZn11P6MkdbCSGthpLUw0loYaS2MtBZGURMjppkR08yIaWbENPO8MM+rN98q4sy5MI8RlKd/ yqipZ9TUM2rqGTX1jJp6Rk09o6aeUVPPqKln1NQzauoZNfV4shlPNuPJZrxYjxfr8VwzXqvHa/V4 qxlPNeOperxSjzfqsXoLVm/B6i1YvQWrt2DVJqzahEWbsWgzFm3GivVYsRkr1mPFeqxYr2bsYWHD lpOYyXbW3j+x9r5mPsBa+yGrEKuNsu9JNPwQDY8p+y7jLJmzXth3FT18LOawTqawTqawTqawTqaw TqawTqawTqawTqawTqawTqbwpNGslf1ZK/szZ2uYszXM2Rrm7DHmbIQ5G2HORpizEeZshPU0iTnb yJxtZM42MmcbmbP4W0xj3RzFPD3GPP078/QY8/Tv5nligDkPisRq1tE+rKN9WEd7snamsHamsHam sHamsHamsHamsHamsHamsHamsHamsHamsHamMBcbmYuNzMVG5mINcy/CnKthztUw5xpZ41JY41JY 31JY31JY11KYK42sbSmsbf2ZK42sbymM/xrGfw3jv4bxX8P4P8b4P8b4jzD+I6x/Sax/SYz/RsZ8 DWM+wphvZA1MYf1LYf1LYf2T/zLrPv1bbP0t+7P79DV4YArx/BjxvBxPTMETT3F3PaN9svkgO6ka /XvzITFPea+e2oepVceKeZ++grN5tD1I24+4mk7b+2i7m7aZtK2h3c3CGp1HP6HmIWrWUDNT7a/k mHla9VTA/au5v5/7tdwfT0/ruPsSPV1DT+/R0zBV/69qn/iJypuFU+sg+mhzoQiKoRT8sAgCEIR7 Wek7amERz1NW0XsF/exRe6Mtopv5j+JK8zv4v0H0Y9W+kV1iEit3D3aJ/cyfExm+QIKTXPtSXMl6 HtDfoUVX9pR95ZpO+yIxlRVsLmP+FjHVfJvafU0VCUjWE8l6IllPJOuJZD2RrCeS9USynkjWE8l6 0rIzLUto2ZmWJaplPC3jaRlPy3haxtMynpbxtIynZTwt42k5gJbDaTmAlsNVSzct3bR009JNSzct 3bR009JNSzct3dGWo6ItR6HJLWIQpUHKxq+oPcIZrFUvf68QboAcuBFuEk72bk72bk72bk72bk6H /Ltfi/xNU9pkR3ca1cpHx0SNlqo3aANhEAyGIXAFpMFQGAbDYQSMhFFwJYyGMTAWfgzjYDxMgKtg IlwN6TAJroFrIQMmw3VwPUyBqZAJ02A6zIAsmAkPwyPwKDwGj8MWeAK2wm/gSXgKtsHTsB2egWfh OXgefgsvwIvwEvwOXoZX4FV4jd1amOM7+mFtB+yEavgL7OL6bv2Q9i7sgfdgL+zTT2jvw374gB3E XN5WbtMPWP7CTmIX7IZ3YQ+8B3thH7yvH7Lshw/0Q3Ed9Ya4ztAFukI3SIbueoP1F/AQYAPrY/oJ 6zb9G+vTsB2egWfhVa7v5Mhu0/oXygf0Q9aPqF9HuVlvsP0IekMf8ECK/o2tL/SD/nAZDNAP2S6H VP2wbSAwFmyMBRt+t43gfCT3xusnbBM45ujf2E16g90MFogDK9jADg5wggvcEA8J0AESAX3tSdAJ 0NuO3nb0tqO3Hb3t6G3vAT2hFyC/HfntyG9HfnsK9IV+0B8ugwHINEI/YR8JP9YP2cfBeK6lw3Vw PdxOvXkcC7k3n3oLwAd3QDn3lsMKWAkh+AXXf0P9p6m/XT9sf4bzZ+FbrkX0BocG6OropB9yoIej i37C4WEM3al+IxvraFhHwzoa1tGwjoZ1NFpoWEfDOhqWUb+33RGSoBN0hi7QFbpBMnQH+Zvd8ve6 +4AHUqAv9IP+cBkMgMshlbfsgTAIBsMQuALSYCgMg+EwAkbCKLgSRsMYGAs/hnEwHibAVTARroZ0 mATXwLWQAZPhOrgepsBUyIRpMB1mQBbMhGz9uHYD5MCNcBPMQu7Z8BOYAzeD/A32FbASQnAXrIK7 YTWsgbVwD1QB7xvq993vhwfgl7ARfgWb4EGQv9P+CDwKj8HjsAWegK3wG3gSnoJtwAqobYdn4Fl4 Dp6H38ILQKzViLXa7+BleAVelb9tTyx/B3bATqiGv8jfpId3YQ+8B3vh/CgyS88lSs9hHehA5J/A OtCB6D+BqP2hhYhnIeJZiHgWIp6FiGch4lmIeBYinoWIZyHiWYh4FiKe5QXeUV6El+B38DK8Aq/C a/CG/pXlD/Am/BHegj/B2/BnCMM7sAN2QjW8L9yW/fCBcMd1FM64zsIV1wW6QjdIhu7CZV2vf2X9 ud5k/QXlTZQ3659ZH2JNwgcqmm3hHrpYn+IeMluR2YrMVqK09UX9uPUleJl7r4CMcq9T//dc+wP3 34Q/cv4WIKcVOVX02835e9zby3Ef196H/fABHBBu60c8m3c7K+921lqufayfUZHyMLLxPmf9jLa8 s1ibKLO7trK7tn4DvLNYeWex8s5i/Sechgg0o9sZ/bgtQf/K1gESoSMk62ds3aEH9IRe8CPhtPWG PuCBAcJtuxxSYSAM59oIjiOBVdbG6mpEXeG2m4TLbgYLxIEVbGAHBzjBBW6IhwToAInQEZKgE3QW TnsX6ArdIBm6Qw/oCb0AOe3IaUdOO3LaU6Av9IP+cBlcrn9lH8w72hC4AtI4Z6dgH065NRKPojwa xsBY+DF6jIPplGcA77n2mbTL1qvtN0AO3Kyfsd+OnIXUOz9K875r533XvgSWI8MKWAkh6q/j2cx/ FbU3cdxMvw/Bw/AIPE1/26E1ij/HNXxoj9D2X/oZh9CPOzT5L5n1Jgf2dDg5duR6J+FWkZ0VytGN a8nQHYjHjl7y55Jypkf3VcuZoYfUHm1H2/USrleqn6PI/dbXIs40Rf+peYa+k92pU/5si3tfiSGm YfpJ0ygYA1fDFP1D01R9r2kazGBXPkv/hN3FEXYXR5xz9L3OuXCPftJZBevgXvgZrIefA+9yzl/A BrgfHoBfwkb4FWyCB2EzPAQPwyPwKPwaHoPHYQs8AVvhN/CkftI9WD8pzEjabJrDO3GAd+jxyB9B /ohpnN6I/BHTtRzX6cdM9/Lucou4gvh1BTX3Om/UG503wWz4KeTpx5x3QBGUgB+CcI8eQbcIukXQ LYJuEXSLoFsE3SLoFkG3CLpF0C2CbhF0i6BbBN0i6BZBtwi6RdAtgm4RdIugWwTdIugWQbcIukXQ LYJuEXSLuDL1Y65pMB1mQBbMhGy4QT+G7hF8OEb/GA/tMyk/6u+qnxz2Qfft6L3ddIv+gikfimGd HsYGYfn+je7b0X07um9H9+3oHkb3MLqH0T2M7mF0Dzsr9BeclXAn3AVr9BeQK4xcYeQKI1cYucLI FUauMHKFxSQ84MMDPmT7FA/4kO8MI+g0I+g0cv4dSeqQpM486/vT5jnfR1hd4vHMUFaXeLwzNPqO X83oOs3oOo10dUhXh3R1SFeHdHVIV4dnfHjGh2d8eMaHZ3x4xodnfHjGh2d8eMaHZ3x4xodnfHjG h2d8eMaHZ3x4xodnfHjGh2d8eMaHZ3x4xodnfHjGh2d8eMaHZ3x4xocF6rBAHRaowwJ1WKAOC9Rh gTosUIdnfOJarODFCl58sQcrePHHHtMU8SO0z0L7rOjPW38WfZ8ehBW6YoWRWKErVhgZ/Snxzfhq D77ag6/24Ks9WCMLa2RhjSyskYU1srBGFtbwYg0v1vBiDS/W8GINL9bwYg0v1vBiDS/W8GINL9bw Yg0v1vBiDS/W8GINL9bwYg0v1vBiDS/W8GINL9bwYg0v1vBiDS/W8GINL9bIwhpZWCMLa2RhjSys kYU1srBGFtbwChtj4TQau9H4fjRejMZJaLgCDZeI7tioGvtUY5tabFOLHZKwQRJ3f4n+1ehfjf7V 6F+N/rXoX4v+tehfi/616F+LHLXIUYsctchRixy1yFGLHLXIUctc8elPnxfvTosrTDcQ4+aAjzh3 BzFuIRQBfSPx0bZYt5yYsVLf67pTP+laBsthBayEENwFq+BuWA1rYC0QG13ERhex0UVsdBEbXcRG F7HRRWx0ERtdxEYXcdFFXHQRF13ERRdx0UVcdBEXXcTFBAc4wUXMk5H9pJI9whxvZI43MscbsZt8 Tx/A3YPM3UbmbiNzt5G528jcbUT2CLJHkD2C7BFkjyB7BNkjyB5B9giyR/4vcfceH3dd53v815k2 aScT7hQQFLnIiq4XUHAFUdHKsuvKruvKsrri7grUFiotUKCtBWpQduVS7hSlgEutBaTVzhZFaLgV KIGUpJ0002loQtOQZPrLNEkzk2kKfs9zspWDe855nPPPOeePl7/5zfzm9/t+3p/rN6bB2kvWXrL2 krWXrL1k7SVrL1l7ydpL1l6y9pK1l6y9ZO0lay9Ze8naS9ZesvaStZesvWTtJWuv1qzzwhZqv0rh Z9+pWVWLOqOTWZTx+Xafj/LGW7zxFm+85dpO1052bZ1MSbH0ozIlxdqP7vsZ0Is89BYPvcXKDCsz rMywMsPKDCszrMywMsPKDCszrMywMsPKDCszrMywMsPKDCszrMywMsPKDCszrMywMsPKDCszrMyw MsPKDCszrMywMsPKTHQKSxr4Zj3frE/MiI7in/Us+I4M2CMDyiy5niWH7fvJzGHVn8yw5J7qT7P4 bj3free79Xy3nu/Ws6qBVQ2samBVA6saWNXAqgZWNbCqgVUNrGpgVQOrGljVwKoGVjWwqoFVDaxq YFUDqxpY1cCqBlY1sKqBVQ2samBVA6saWNXAqgZWNbCqQR6fN57Hf8aK1/b9f05nWfUdVr06qmNv M3ub2drMrkPZdKhP7mJPM3ua2dPMnmb2NEc1ibn8emXYk7gqvJm4XlzcHIqJu6o/affuWOL6UI4m +N890YmuKCeuFhHzcH1oS/wompy4wbdvCn2Ju6t/+ynsTdwb9taZb+vMt3XvxftwNN6PY3AsLnDN hbgI0/FdzMBMXIxLMAvfw6WYjTm4DJfjCszFlbgKV2Me5oe94/aMWWl3YmHoZcuOxJ1hV8JOL/pG 4jLRfjnmevdqVs7DtaElcR0W4Qe4Pjo08aOwKrHYdbeGrsRtuB13YEl4gn1P1CXCq3VJTMQk1KAW kzEFKdQhjXrsh/1xAA7EQTgYh+BQTMVhOBxH4D04MhRpWKRhkYZFGhZpWKRhkYbFutNCS93p+AzO wGfxOXweZ+IL+CKm4Us4C3+Os/EXuIAdF+IiTMd3MQMzcTEuwSx8D5diNubgMlyOKzAXV+IqXI15 mB+eiCaKnG1U3ETFNxJ3hyGxdH0YFiej0d/wQoUXKjwwxgPVCHtDxynrOGVXlKlcoXJFhynrMGUd pqzDlHWYsg5Tpn6F+hXqV6hfoX6F+hXqV6hfoX6F+hXqV6hfoX6F+hXqV6hfoX6F+hXqV6hfoX6F +hXqV6hfoX6F+mPUH6P+GPXHqD9G/THqj1F/TJcr63JlXa6sy5V1ubIuV9blyrpcmboV6laoW6Fu hboV6laoW6FuhboV6laoW6FuhboV6laoW6FuhboV6laoW6FuhboV6laoW5FzV4ruai4upOk1ovv6 aD9qd1N7O7V3RbNp3EjjRpHe58r1tO6mdXdivvOFod+3hkV+LPJjkR+L/Jgf3uaHRn5o5IehxC3h JRnQLgPaZUC7DGiXS6+qDS/yURsftfFRIx818lEjHzXyUSMfNfJRIx818lEjHzXyUSMfNfJRIx81 8lEjHzXyUSMfNfJRIx818lEjHzXyUSMfNfJRIx818lEjHzXyUSMfNfJRIx9181E3H3XzUTcfdfNR Nx9181G3DIllSCxDYhkSy5BYhsQyJJYhsQyJZUgsQ2IZEsuQWIbEMiSWITEfN/JxIx838nEjHzfy cSMfN/JxIx+38XEbH7fxcRsft/FxGx+38XEbH7fxcRsft/FxGx+38XEbH7fxcRsft/FxGx+38XEb H7fxcRsft0UzeLCHB3t4cDd/P8eLu3guz3M7ea7Ic0WeK/Jckf/T/L+a92LeixM3eu9mnl4cHuPB Ph7s48E+HuzjwQEeHBIna3mxkxc7eTHmxZgXY16MeTHmxZgXe3ixhxd7eLGHF3t4sYcXe3ixhxd7 eLGHF3t4sYcXe3ixhxd7eLGHF3t4sYcXe3ixhxd7eLGHF3t4sYcXe3ipyEtFXiryUpGXirxU5KUi LxV5qchLRV4q8lKRl4q8VOSlIi8VeSnmpZiXYl6KeSnmpZiXYl6KeamTlzp5qZOXOnmpk5c6eamT lzp5qZOXOnmpk5c6eamTlzp5qZOXOnmpk5c6eamTlzp5qZOXOnmpM/o4L5V5qTyejf/phRFeGOKF IR4o80B13zRE3SHqDlF3iLpD1B2ibpm6ZeqWqVumbpm6ZeqWqVumbpm6ZeqWqVumbpm6ZeqWqVum bpm6ZeqWqVumbpm6ZeqWqVumbpk6Q9QZos4QdYaoM0SdIeoMUWco+pDK8JbK8Jbsj/XzVOJGVtzE ivHVe303luj39+rbR5rqjsJ78T4cjffjGByLC1xzIS7CdHwXJkhaj9J6lNajtB6l9SitR2k9SutR Wo/SepTWo7QepfUorUdpPUrrUVqPRt+ldR+t+6w4tuJYFhRkQUEWFGRBYVz/P2QA3f+HyDfBJ6o/ 2fhfR3sff/TxRx9/9PFHH3/08Ucff/TxRx9/9PFHH3/08Ucff/TxRx9/9PFHH3/08Ucff/TxRx9/ 9PFHH3/08UcfBWMKxhSMKRhTMKZgTMGYgrFsKMiGgmwoyIaCbCjIhoJsKMiGgmwoyIaCbCjIhoJs KMiGgmwoyIbC/0E2FHiowEMFHirwUIGHCjxU4KECDxV4qMBDBR4q8FCBhwo8VOChAg8VeKjAQwUe KvBQgYcKPFQY7/GD4/8v5Kl8FfNVrNrEqk0P7WPaVzWOaRzTOKZxTOOYxjGNYxrHNI5pHNM4pnFM 45jGMY1jGsc0jmkc0zimcUzjmMYxjWMaxzSu2hizMWZjzMaYjTEbYzbGbIzZGLMxZmPMxpiNMRtj NsZsjOuqsTAXV+IqiDc2xmyMowPU4tIf54xIu3E808tqavl/lyNm9yvNqHamsi0t22pk2xsy7VCZ lorOeaeizNWNF+Ia+/LrPevfwqDIHnR1RW4O6s4jvvVRCpcpPPKuqWlQdA+K7kHRPSi6B0X34P+j ajMo+gZF36DoGxR9g6JvUPQNir7B/6tTUXW3UqHUS+/sW0ai5L73Kry0N/o6bZto28R/A/w3QNvq zibPE5Po20vf3vH6t9j5nfYId5mUlnjv3tBL11669tK1l669dO2lay9dm+jaRNcmujbRtYmuTXRt omsTXZvo2kTXJro20bWJrk10baJrE12b6NpE1ya6NtG1ia5NdG2iaxNdm8TUgJgaEFMDYmpATA2I qQExNSCmBujeS/deuvfSvZfuvXTvpXsv3Xvp3kv3Xrr30r2X7r1076V7L9176d5L916699K9l+69 dO+ley/de+uqds7FlbgKV2Me5ofecY337MuESnRwYk00NfGsifM5cfl8uC7xUliR2G3OKIXFiT2h JalyJj9i9/qxsCr5ydDzzm8rnxsdkPz7KL3vdwr70lvDBh5b5r4r8ZwMeD5kE+tE+gt4yTPXO74S tiY22OlmPa3NcTP6oimJfplaMuOWTUKjGAtDySh0JWsxGUfY/X8sdCdPCruTJ+MTOCWUk6eH7el/ CnH6wtCcvhhqRPpSx9lha3oO1IT0AseFjtfADJ1ugI6ZvhmyMr3Y53d4T+1L3+N8Ce5zj2VhT/ph 91+FX4Xd6V9jtfcyzp9wZFO6xXut2Ih25zls9boDXa4bCF3p3RgNXfWHhGL9oZgKu8N6u8P6470/ MzTXm+nrrav+hjBSf3PYXX8X7sVDoRj95T5V8/xUoWo7VQeoOkDVt6i6g6o5qrZTdTdV26naTs0y NYepOUzJYUoOU3KYinuoWKJiiYolCg5QME/Bdgq2UzBPwXYK5iiYo2Cegrn/omCeggMUHKDgAAVz FMxTME/BAQoOULCdegPUG6BeiXolyg1QrESxEsVKlCpRqkSpAUoNU2qYUsOUGqbUMKWGKTVMqWFK DVOqfZ9SeUoNUKpEqRKlSpQajo5NPBIWJNaEX1GqUQzupdByquxMbAvTxdncRH94QHSfmxgxae8J nxVnLyaTYV2yJtySTIfvifa25CHhmOTR0UXJD4QrRP6xyY+GL1DtIdF/lpj7afKz4ZrkmeGb+347 qzP59+HB5HlhZnJGWFv9/SVW/U5NelaXeB4vhdc98U3+2OaJPZ7Q766D7rjdHXfJpdPl0hl2hI/w 2LOh1beq+fLqeI70Re/z7Y2++bJv7rC2Hmurc4fseD58MmR989nwsm+96VuP+8bBvvGG53WO569d 9XgOHy1PP+L8Y2Gbb3VZ5brovSJr9/g314msF7BexLzi2xtEVdYU2ea4OewQHTtExw6RsUNkvCEy 3hAVb4iK3aJit6jYLSIqIqIiIioi4g2RUBEJFZGwg+d28NxuXqtW/r5oP+upsfJlnveI5/6WrU9g fRijawc9e9JXh7L7D7v/sPsPp+91fn8ou89wNNG3Rqz8Mt/YXo17k/AjaskatjwfWry7NdGqjlQ1 3BYKdGt133b3bY/O89TFrr5OTnWPR8tvw0JPX+ibQ5QYo8SYO3RTIlBiZF9ejVBiJJELK90xI5Ja ErHoSeGQcGFyKm8chsNxXLg8eTw+EHYmP8jPJ+IjvEf35Od8fub47y6fZDUnyb1u6o5Qd0TudVN4 hMKBwkHudVNhIaUDJRZTYjElFsu/bmqPUXuM2mPUDvKvW/51U32M6mPUWkj5EYotTD+mEq3Ek+Hy 9DrHV9GMDdiCPF73WafjG+6xPVxeH4UX6yeFlfU1qMUxzk/ATBVqUVgsB7t5c6z+7rC9/h4swU+w NKyM6kTksGjcztOfUH3eVn3eVn3e5vVPyfS3ZfrbMv1tWf12dBR/VH1Zpv0g7Qd9q0aNGlKjhtSo IbaPsH2E7SPsHmT3ILsH2TrI1kH1ZUh9GVJbhtSWIbVlSHwPqS1D1jpinYNqxZBaMaRWDE1IeeIi EXA37z/D+7fz/u2JtTzaiGfDS4l1uuILeCk8JAr2JjZ6Pyu2cmFuYkt4KpHHVnTgdWwLNyQ6Hbej 2z13OPagF33RItGSSRS83olY5A04FrErXJ4YxJDXw9gdZqhNLSp3TuXOyeBz1agNib0+ewtvh7WJ 3zsGXXgCEqjWr4mibZLXNepUKlyXrPM6HWaN17P9HQ/AgTgIh4TTRevZovVs0Xq23vqj5HvCVckj fXYUjo7+IXmM47E4Ts07Hh8I/5g8wfmf4IPOT8SHvP5TfCR8UY38Z5XlMV5bxGuLeG2RaP+Kenlz 8lTXfAp/Fn6Q/LTjaTg9XJv8jOMZ+Gz4lqw4O/l5r88Ml8mMc/f9xuxjMuSq5Deiw5PnY0Z4TX39 ZXpGaEnPxOywV5bslSG3y5C9omSRKFkkShalF/n8B/hX/Bt+jJuiqembcQsWu/4u792Ne5wvwb3u 81Pn9zs+EGalf4aHsCz8KP3zcJVudm36EeeP4pd4LJwlq87S4a4VgYtE4CLzwY90uWvT/xF+kF6D x133hPeedN1TXq9Fo/fXOX/J++vdt8l7r+BV7zVjA1rcqxUbscn17a7NYYvP8lC9RfciWXtWelt4 SuaepYteK3vPlr1npbu9JwbTYjD9JsRhug/94Zm0OEyLw3QMMZjehUEMqQDDKHtdCWvTezDm9dsQ c2kxpypcVy/u6sVdfTKsrZ/oOCnMVSXmqhJz6yc7n6J6pCAG69Phmfp67Of1/jjA+wfiIBzs/UNC TqfP6fS5+sPc73DXHIH34Egchfe69mifvx/HeP6x3lNhVaPr6q8NLTJ8Uf0N0dR6vq7n63q+rr8R N+Fmn90RrpL5i1Sqs1Sqs1Sqs1SBRarVWfU/dZ+l1v2Aez7k/suc/xzL8YtweXSMKnGZKvHr8c78 3Hg/f0El6JXxi2X2t2T2Glm7Sta+rOeWZOzTMrZbVrbKxiZZuFYWbpJ1X5JZ58ukVTLmZhnzgozp lSV3yZJNsqBR9P9c9P+16H9G9Ff/pcKpIv616F/Uq4et5Jc61sbEKl1qjZrwW+89gef0ued9ti5s Vj0361zPqFkDOtcaPXDAavt1rzW61xr1a5mVv6BO9Vv5BrVonVXn1Jvt6s12K+9Vr7NWvkvNzqrZ WfVkndU/phY8phY8ZpV7rfJvqzOP7rUx/c8q7YVhjQ62RgfbqIOtkZsDcnNAB9soPx+WnwPy82H5 +bD8fFgH25i+3vd+iBtxU9isqm9W1TfLzQHdbKNutlGF36zCb5abD+tma+Tmw3LpMXH/mDh/TEz3 6ydZ/SQrbvv1lKxY7Ren68TlMnG5TFwuE4v9Ym27WNsu1raLrX6x1S+utour7eJqnV6UFVPrdLg1 YuphHW6jzrFZfCwTH/3iY7sJcq04aMSzJrSXwm8pvUN3aBULX1DNO1TzDvHwClW7qNpC1RYx8RuV extl16vUHZRdT9n1YmOn2HhTNd6kGm9SjTeJkT8VI6OqbF6VzYuVLeKkR2VtVlmbVdZmMdOmmm5R RXMq5yYVsVVFbKX6DqrvoPYOFbBVBWxVAVtVwFYVsJWyO1S9VlWvVaVrVdFyqlheFcurYjlVrFkV a1bBcirYFhVsi2q1RbXKq0551SmvOuVVp2bVqVl1aladtqhKeVUpv68qNatGedUopxpt4p31KkuH ytLBS+t5aL3qsk112aaCbFMtOlSLDpWhQ2XoUBk6eKqFp1p4qkVV2KYCdPBUC0+1yPwOnlov81tl fKuMb5XxrTK+Vca3yvhm2d4s2/OyPS/b87K9WbbnZXsHL7bI8g5Z3iHLO2R5hz1xn+m4Old/MrwV nSLLqvusi2XUEhm1REY9x8/XyZo9/LqcXzP8mpEtBX7t5teVfLqST1fKiIosqPDFdXxxnQyo8Md1 Ir4iypeI8iWifAlfXCfKK6K8IsqXiPIlonkPvVbSaaVo3kOrlbTqplW3qN5Dr26RvIc+Gfpk6JOh T7do3iOa99AoQ6MMfVaK3oroXSJy97A5w8bnw80idpQFa53ttvZSeERsbovew7LdznpY1s+yfpYN sqpZHSiwrJllzVa32+qara7Z6nZbXbNV7bai3VbUb0X9VtRvNbutZrfV9FtNv9U0W0V1L9sfHe1J JU/a4kk9ntTjSX00rO5RWzxtxNNaPK3F00qe1uJpLZ5W8rQWWgzTYthTS7QY9uSSJ/d4co8n99Bi 2NNLnl7y9B5P7/H0Fk+v7g977BG2qZe7w2usfs2TRzyxQy17QsVtV3Gr+4PfjFfcGleN7NtDFfb9 G6aPJc+LTh5XrssnHT7pGj+r7u32jus4ad+3hp3F7r/Z/YdMwzkzbUzhMXamKBFhkpm0BrU4xvkJ WBoG3WPbuGdaXb1VF6mucSQ6wT1e8Mlv6TfsXr9zxZt/2N+P95tIfanFZKTC71j1VdZ8h47DdNxG x210rO6vt9Fv2Bp+Zw0vWMML1vACLf94330kjnrX/vsY1x8vF09wXOr6B7xX3XNPYHMxOsz6hqxp yJp2WtPOfT/B2WX1/da1y7p2Wccu69hlDbs8e8izhzx7yHN3eu5Oz93peTs9b6dn7fKcIc/YGR3v 7k+y/kWWr39Xlc3S+TFPKo9X1dT4b4r8cJ8vt7B+RvU3ev5QfVi83lOf9NQnPfXJ/2nlqVaaY1xX rTInOFYrxlLX/teKMWW8i+42B+yxt67h16+H2ft+u+M1T/6H8d8YPdm6t7nyN7zWbF+w2fqfptKq d1WQamfIUWopX1f77pvUWkqtpex52l1vdLeVvNhsdttMwaUUXMqTzVRcKiNyMiLHo83se1pW5Ni4 jY3b2LiNV5vNYJvNYJvNW5v/S+XI8XIzLze/UzmOcY/jw1K2P83ubbzcPF49jqT6VqpvHf9pREkV 2ROet+oBym+14gErrv4MZ4DaW6m91SoHrHCAylupvJXKW6m8lcpbqbyVwls9aYDCW6m7lbpbqbuV ultlVUnVHdP9RI8IK4Wno4QuOGZS2hMlTSMvORty1hsd46xoD1MxnxTNJ0WdclSnHNUpR/f9jLBg Zhk0x1d0vIJOV9DpRnW6UfN6RbcrmNEr5oqimbyiu43qbqO626i5u2LuruhsozrbqLmjqLMVzB5F nWZUpxnVXUajKXr5Hiu5T+8u6tnVue5NTy3y4EM8+NB4VZmi248kD1FJPhJiFvS7Kk6eEu2vwtjz RCd5Ti6a6D473Kf6M9dK1QIWp8d/glCoXk+JQ+TTKaHi/epPZV3he9ujQ51VrR9h/QjrR8Yt/4ZZ 4fzQ9i7LR1g+Mm51i2MrNmIrOsA6lo2wbIRlI9H7PW0DfUv0badv+7t35p4de0oPbUue0OMJPe/s xleP/8Svh7Yl2rbTtvRHO/R257nxnwKO79Rp2+7pPbRtf/duPZrA8lJ0fLLeq0PCA6alommpaFoq WtPj1vQ4tUompn4TU/WnawN02mkyKvLAWzzwKA88ah95kH1k9bcjq1NPv6mn37oeN930m276TTf9 ppt+00y/aabfeh43yfSbYorW9LiJot9E0W+i6DdN9Ee1VvNrT97tiRVP3O1pezztFU97JTrOp2/Q rdcat1jjFleW9/0M+7976BST3eni+kw6LAu9NByj4dg7XlrtvYzzJxyfNGm95Phur7U7z+EP3nvd NV2u3x62/JEXp1Kti2pdVOuiVBeluqy7c9/PpLoo0kWRLmp0UaOLGl3U6KJGFzW6KNFFiS4qdFGh iwpdVOiK3sPO19n4OhtfZ+MuNmbZuImNm9i4yaRajbpN7NlkqiyYKgtsed1kWY3ATWzZxJZNJskC OzaxYxM7XmfD62zYxIZNbNg0/q8oj0t+OzouWhJdEO6NLsRF1f/yaHgwmh9uixbg+1iIa9AdlkQ7 0INh1+wJt0Zj2Iu38Ha4dcIHQ8uEE/EhfBh/io/go/gYPo6TcDI+gU/iFJyKT+HP8GmchtPxGZyB z+Jz+DzOxBfwRUzDl3AW/hxn4y/wl/gy/gpfwTn4a8yIDpvwTHh6wrPhNxOew/NYhxfwUlg7YT1e RhNeCWsnPhBum/ggfoZm5xvwGtg68fcI4dZJB4R7Jx0UlkwyZU8yZU8yZU86DIfjCHSF2ybFrhnA YLit5kScikvCvTWz8D1cirnhwZorQfeaxaGlpiWsrbHjqT0hrK39E3ww/Kb2RJyMTzj/DL4RltR+ E+eHW2vvwTJ0OX8D28Fntf3hwdoCdvlsxHk53Do5EVomJzERk1ADk+Jkk+LkKUihDmnUYz/sjwNw IA7Cwfh0WDv5NHzb64scr3P8heOK8JvJpdAyxb2mHGw+/lZ0UNgQHQzVLzoUU3EY/gQfxIn4ED6M L+Ov8BWcg7/G3+Cr+Ft8DefiH3BBuE/k3idy7xO510RXhKXRXFyJq3A15ocVonmFaF4hmleI5hUT fxw2TLwRN+Fm3ILFuBW34XbcgTtxF+7GA773IH4WVvD6fZPaw4ZJHXgdnejy/puOvYh9PoBB770d NtTUoBZTkMLhOAIfwAmgQw0dRMeKmk86nup4uuOf41s4H9/GP+GScJ/IuU/k3Cdy7hM514ica2rY W8NeEbRi8qVVbaLbQkt0O+7AnbgLd2M5foEVeBiPoAmv4FU0YwNeQwtasRGbkEUbcugOq9WE1WrC ajXh5Wg3RlBCGaPYE1apE6vUiVXqxCp1YtXEvtAysR8F7EQMu5OJRezCIIYwDDuWiSOofu/3CGGV fFtdqxbUyv1auV4r12vlee054eXav3P8Or7hmm/i/LCq9mLnV2AursLV+D5+hBsg32ppVEujWhrV 0kg+rar9d8dljqscnwQdaulQS4daOsi11XJttVxbLddWy7WX5drLtTsRY5fvjnifHvJu1YSPRhOj A6NJqEEtJqP6t8NTqEO6+icmsR9Oi6ZGp+OCsECMLxDjC8T4XDE+U4zPFOMzxfhMMT4zmucO88Ms cT5LnM8S57PE+ayoIdo/uh4/xI9wA/4V/4Yf40bchCei90W/Q3eYz6PzeXQ+j97Joyt4dAWPruDR FTy6Iqr+Bek9YSGvLuTVhby6kFcXTvhJaJvwU9yH+/EAHsTP8O94CMvwcyzHL7ACD+MRPIpf4jGs xCr8Cr/GamTwH6Et8fFo/8RJ0dTEJx0/h7PDgsRfhMsTX8ZXnc8IixIzwyWJi3FJuMTM9uXkN8MV 5rYvJ7/teEVoSs4NrcmWaFKyNTokucnU22ZXvjlKJbvDiuQOs0hP9MHkm4691b8N5LgzOmjiFdGB E+fiSlyFqzEP87EA38dCXINr8UCYpV7MUi9mTdwY7T9xE7Jow2a0I4ctyGMrOvA66CnaF4r2hWrN gkkHhjZRP1+NmTVpZ5RSXxaoLwvUl1mT9kYH1iQhtmoOwsE4DieGWTUfcjwJn4imqimzaj7l9SVh gfqxQP1YoH4sUD/mqh9z1Y+Z6sfMGrFUMx9iqebe0Fbzk/F/Qd9W+168D0fj/TgJ54QVMm2+TJsv 0xbWzon2r70M12ERbsM93n/A8WfR+2TTwtpHve5y/RvYDjEnc+6UOXfKnBUyZ0XtQDSltohdrh/x ufiTQQtrR6P9Jx8S2iYfiqk4DIfjCLwHR+IoWOtka51srZOtdfIxOBbH4Xh8AN9xrwtwIRY6vwbX hrYpE0Jb6rxweeobWBguSV0LeZOSNyl5k5I3KXmTkjepm3ELFuNWsDd1O+7AnbgLd+MeLMG9+Al+ ivuwFPeDPqkH8TP8Ox7Csmj/ugX4PhbiGlwL2tbRtu4HkN918rtOftfJ7zrrrLPOOuuss84666yz zjrrrLPOOuuss846a6yzxjprrLPGOmuss8Y6a6yzxvSHo/33m4IU6qr/5b3kazKlWzWqvqr+7ZHD ElepZunqfwdcNUurZmnVLB1V/4vYKdSN/wdKqn/BPq2apU0AeRNA3gSQNwHkTQB5E0DeBJA3AeRN AHkTQN4EkFf5Dlb5DjYJFEwCBZNAwSRQMAkUTAIFk0DBJFAwCRRMAgWTQEGVnK5KTlclp0ffDcVo BmbiYlyCWfgeLsVszMFluDzMUFFnq6izVdTZKupsFXW2ajpNNZ2mmk5TTaepptNU05RqmlJNU6pp SjVNqaYp1TSlmqZU05RqmtJ3O/TdDn23Q9/t0Hc79N0Ofbcjqv68YwUexiN4IjpC5T1C/y3qv0X9 t6j/FvXfov5b1H+L+m9R/y3qv0X9t6j/FvXfomo9R7Weo1rPiXrtZfvQjwJ2IsYAitiFQQxhONyj si9X2Zer7MtV9uUq+3JVfZ6qPk9Vn6eqz1PV55npc2b6nJk+Z6bPmelzZvqcmT5nps+Z6XNm+pyZ Pmemz5npc2b6nJk+Z6bPmelzZvqcmT5nps+Z6XNm+pyZPmemz5npc2b6nJk+Z6bPmelzZvqcmT5n ps+Z6XNm+pyZPmemz5npc2b6nJk+Z6bPTfibaOqEr+Jv8TX8HX4SsjpRVifK6kRZnSirE2V1oqxO lNWJsjpRVifK6kRZnSirE2V1oqxOlNWJsjpRVifK6kRZnSirE2V1oqxOlNWJsjpR1l4iYy/xlL3E U/YST9lLPGUv8ZS9RMZeImMvkbGXyNhLZCa8GqUmNGMDXotSulhaF0vrYunEadV/o+r4Rcezw7W6 2Tm62Tnj3eybIU5cgBm627u6WmJWiHW2M3S2mTrbGTrbTHvxxcnLw2PJJ8NzycZov+Szut9r9vOt 9umbosN0uYIul0y229//Z6ebpNMdP/43Jgve36nzXBGldbm0LpfW5dK6XFqXS+tyaV0urculdbm0 LpfW5dIm6YJJumCSLpikCybpgkm6YJIumKQLJumCSbpgki6YpAsm6cLEe0Jx4hLci5/gp7gPS3E/ HgjTdM5pOuc0+66MfVfGviuji6Z00ZQumtJFU7poShdN6aIpXTSli6Z00ZQumtJFU+bMojmzaM4s mjOL5syiObNoziyaM4vmzKI5s2jOLJozi+bM4sRSiCeWMYoK9mAMe/EW5ITOPE9nnqczT9eZszrz HPu/nP1fzv4vZ/+Xs//L2f/l7BLydgl5u4SCXUJeB582aUco2ink7RTyOvl0nXz6JGuaZE06+jQd PW3XkJ/0e+chFGsiTEACySit06ftKPJ2FHk7irwdRV7nT+v8aTuLvJ1FvuYo174Xx3nvA85PgFpr l5E3GUwzGaRrPu5zMWg6ONiuI29CmGZCSNt55O088nYeeTuPvJ1H3s4jb3KYbnKYbnKYbnKYXqOO 1qijNepozeW4AnPDDNPEDNPEbNPEbFPENPvZnEkia5LI1tw//heZptb8Cv8x/leZpta84NgSMqaM bA1f2vfmakajqSaOrIkja+LImjiy9sIZe+GMvfBT9sJPmUCy9sNP2Q9nak+PUvbEGfuCon1B0b6g aF9QtC/oMKUsty8o2hcUTStzTCtzav8xxLXfwvlhnv1BsfYSr+VU7fdwKWZjjnteBnbZO3TYOxTt HYr2DkUTTsqEk7KHKNpDFGt/7Pobx/+qYNHUk7KfKNpPFO0nivYTRVPQPFNQyhR0hH1F0SQ0zySU srco2lsU7S2K9hZFe4uivUXRhDTHhDTHhDTHhDSndod79+BNqPW1ar2p6R5T0z2mpuWmpuWmpXmm pTmmpeWmpXmmpZS9fs5eP2evn7PXz9nr5+z1c/b6OXv9nL1+zl4/Z6+fs9fP2evn7PVz9vo5e/2c vX7OXj9n6sqaurKmrqypK2vqypq6sqaurKkra+rKmrqypq6sqStr6sqaurKmrqypK2vqypq6spNP tqZP4NMhM/k0fNu9v+P8AlyIi7w33fG7mIGZuDQUTGhZE1rWhJadfJ3vLPb+L1y7Ijw1+WGvH0Ep 5KZE0VQTXHYK26YcHDJTDo1Sqa+F7tTf4VycF84x2Z2T+kevrw5xah4W4A+T3iKvf4gborSJL23i S5v40ia+tIkvbeJLm/jSJr60iS9t4kub+NImvrSJL23iS5v40ia+tIkvbeJLm/jSJr60iS9t4kub +NImvrSJL23iS5v40ia+tIkv/f9x4kv/0cR3aHRL+MyE86OvTPin6GsT/jm6esK/RF+a8J3oMxMu iP4+cXZ0XmJGdG7y6+ELyfPCmcnfheXJxvCV5PbwstnwkKQKl3wz3JbsCy8l+6MjkwX7rZ2hHB0d 3fL756NHw8ZoXdjo7p/d99dgT3X3D7v7h9398xNmhLLe2uMpdnN2ZV8Pp3nKGZ4yN/lUeDK5Fo2/ j5PPhDV6XHvyufBC8vlwi6df78mVZE/o9fTTPH2xpyc9/X5Pfz6anNwQliVbrMlOPrkxfCe5KTyR zPrW5rBVV3zdnPpoeNHaXnTlf6PuSuCjKLL3666ers5MdxJCCCFc4UZdFVy88Ijroq4CIqt4cCso q4IHciineIGAnAooyCGgq7CIF7eAAuIJckMwHAmQAKHDEQiQMPX/qqYTExLIQVb33/P7uqur63hV /eqr96p7Zh7B3LkOqScidX+2MRhE6hlIfTfm0a+Qoy9yvKd+2/FqSDsQs3l1zN536y0xkz8pntSf IaZ/Ajt5lXhMXysm6bvoWv0kZuRoimBXi9lsGdmYpa9GCz5DTWvhjzK2Eb7mFvElZmkfSg+iRZsx U/f3Zmrm+aQMLUtlB9GqQ4g/LI5oD5EhFpMPMAEOWEAY4AcCgA04QDgQIZZSJNBU7KSbgFfFfHoN eB14AxgKDAPeBIYDI4CRwCj04WKxgZaIDZoudmoMMAAfYAIcsIAwwA8EAAeIBCoAUUBFIBqoBMQA lYFYoApQA6gJxAO1gNpAHaAuUA+oDzQA7hNJWmvgn8D9wAPAQGAQMBh4GRgCvAK8CrwGvA68AQwF hgFjxA5tLDAOGA+8DbwDTAAmih16IzFfbwIkAK3FIv1NkagPF4nQ8ja4K+nQsxzo2HzciXToWCvo WA47FUxjWRgRpwVnZ4JZ7GxwJ8sWJssJprJzIoEFES9EFcMXTDNMcbvBBTesYJYRFtxp+IVpBIKp hi0SDAfx4UjXSyw2egN9gL7Ai8BLQD+gPzAAGAgMAgYDH4idxkxgFjAb+BD4CPg38DHwCTAHmAv8 B5gHfArMBz4DPge+AL4EvgIWiSRjMbAEWAosA74GlgMrgJXAN8C3wCpgNbBRzDc2AZuBLcBWYBuw HdgBJAI7gd+AJDHfly0WmwyA/po+sdSMwrEiUAe4HGgM/FXsNK/HcaRIMicAk3COdpqzEUZ7TLTH RHtMtMf8FHHzgc+BL4CFwGLELwGWAssAyG5CdvNHhH8Cfkb4F2AdsB7YCmwTO8xEXEsFDgPHgOPA CSATOAlkiSQeDkQAkUAFIFbs4FWAOKAqUA1oInby64HnxXzeE3gZGAKMBaYBM8QGPgfHLDHfaiCS rCvETusqHBvheC/QCuFHxA6rC653BR4H3kT8JMS/C7wHTAbmANliRxiJpLAKOGJ8hWFchcUB1cRO fxeR6H8K6A48AzwH9AIw3v0Y736Mdz/Gux/j3Y/x7n8LGAWMBsYAkNc/DhgPvA28A0wAJgKTgHeB 94DJwBTgfWAqgDb6pwMzgA+AmcAsMT9wj0gMNAdaAC2Be4FWwH1Aa6C/WBQYAAwEBgGDgZeBIcAr wKvAa8DrwBvAUGAY8CYwHBgBjATeAkYBo4ExwDhgPPA28A4wAZgITALeFYvsK8T88DCxKNwPBMQi MjBXzAfzH2Jb6Crwcg69Q/3EZOoPDAAGAoOAMyIR/nMi/OdE+M+J8J8T4T+78J9d+M8u/GcX/rML /9mF/+zCf3bhP7vwn134zy78Zxf+swv/2YX/7MJ/duE/u/CfXfjPLvxnF/6zC//Zhf/swn924T+7 8J9d+M8u/GcX/rML/9mF/+zCf3bhP7vwn134zy78Zxf+swv/2YX/7MJ/duWvcGnfQc61Ih0+azp8 1nT4rOnwWdPhh06CHzoJfucm+J2b4Hdu0meJNPV+ZOito716ltiL2Ww7ZrHJbD3VxHy5BzPYSPhw k+HDTYYPNxk+XDp8uHT4cNJ/SoT/lAj/KRE+kwufyYXP5MJncuEzufCZXPhIk+EHTYafMhk+yWT4 EJPhQ7jwEdLhG7jwA9LhB6Tzy0Uiv0L9Hmc6bH9pyyfCzk6EbZ0IWzgRNnAi7F8X9q8L+9eF/evC /nVh/7qwf13Yvy7sXxf2rwv714X968L+dWH/urB/Xdi/LuxfF/avC3s1HfZqOuxVFzZqutUbZb+M 8EfyV9OEC3vThb2ZHhaN8fSwmAQbcxJsyk2wKTfZA0WaPQgYLNKcaLHXqQTEADWBeGAI4meKvaRj VpmLeR12HFtCN7Kl1IGtoCZsJcWifxeyb2FJraIGbB3di76+F369DxbDrfDto9hmugb9vhuWQw3Y OcmITaHLYS/cC3uhPkujO1Hut95a9hWo6RsxB+nHqzrn49pTsCqWUjjifsDZevm7lIV/S1d7khKK /j1dyNMYo+Nm1NoC8+HdkCEU0xizZRZib8dsuRSz5SH1G8WH5b9RIrYazm5Va4qVkbYeZJD/RXCA rkSKq3C2nhLQwmhcq4G2yl99e1j8wnpRU8j/rXEL7DUdMd/j7CekxtwEmzADZ0k4604Ozs7i7Htq QAYlkA8wAQ5YQBjgBwKADThAOGpsQ5VYW9h4HYHuaNNS2IErYWd+IzYYvSjB6A30AfoCLwIvAf2A /sAAYCAwCBhMCfDlE+CzJ8BnT4CPngAfPQE+eQL87wT43gnwtxPU/184sG4zUVMSWnGArcCdlP9m 8o1YAOv2MNreC32yBHJ9jVRoLdruUJT2K9XRNlAj9ExH9MPfWVukakftWEf1G3PtWHfxjfxVItZH JLMJdB2bSNejHhd3uh4smXnGjXSN0ZQaobfaUQ3kqIF6muBu9qJ41HRE1q9qcrz/NVnL2iN3B6Tv jOOjOPaChv0qdsBGTod9fEbpz1aykIuRKf8JBaljkDIGKcOQ0kWKDIqhFLAobCjaD7upJ2qS97SP 2AS7Ox13PQKMu0GVtxl3cAtyoUxpEfuiRA58+Bz48DnwkXPgI+fAR86Bj5wD3zcHdbYRafIbTyjx cowUrkrbIjKpcoE624OzOgM90LZesMTXi2OQLgPtcKFxlVD3SeRag3oDqPd0sfUGUG+y/G8WlBaF en0o8SRKTEeJmSgxDKUd81qRg3HWBrHy9wLbw5LvDPTElV5UBTnDILGJnKeQMwc5HcgSlL2GnNkY FSl0F+0D9gNnoNlngWwgBzgHdmgDz+Vh0Yi1B1t0oE6sM46P4tgDvk9PyNNHzGQDoBcT6Abow83o 8V9RY1N1bzaK91Vtm8VWjLloeDlnPR25xkDZRhAQ1MAXRXfxtkA7oCM14BOBWcAenO8FkgHIyTMQ l4njKcgmf/8xA5KdQZvPQLLL0e4zkOxytDsO7ZaMYaG9frQ1lW2jSKV1y5DjW+TYhxxxyLEPOeKQ 4wakjoTMB5TmbRTZkPs0cu5TuTar/yVoi/raQZM74tgJx95gxWSqDcbLAMf4wYxVwIwVwHfL1D/q yPuXiFQMMRm4D20QeliNDflreDHsBWhVX8x3ByB3Gmo8KFylb3uQbx/y+VG6hZJ1XEmkKtRVHKPH gSeAF3D32+B+toVcHYHe0EyZOgVacgA9nQqZDsK/PIRSDmOevIUq+yLFMV86cEQcM7sDPYBngGeB 3kAflBvu/SfQdpSciJIT2QtoVW9wfjLuYwq0aB9GkGoteDgNfXRQ/Kx88cqQLxvyZUO+bK/1ck15 F0rZhVJ0lHI5ZIxEKVkoJYhS5C/NWyhhr/w/IsiXDfmyIV825MuGfNmQLxvyZdOV1JVa0OPAE0A/ akb9gQHAQGAQNUONEajxL+AsH3q4NTjLh15uDc76CD39OXr6a+jpWujp3dDTFuwTMRZt+gkzRP2Q NJi3pDRpsCZupKbQ0abGLWK7MY2aGdOBGdTMF0ktfHtwTMfxCHCUmpmXAdcB3amF2QN4BngWkPJZ kOqUpze6pze6uleyBw+KVLUaMQ9yf+ilivFSxUBuFymvUSsQB8UmaEb34Cr4gkfg++2Br3cEvt0e o2FwP3Ste9BFbAZiMoyG4laU2j24i51CP2cjdw644ZxYZ/hEFvzC00ZAZCLlOqS8U+X9Blc3IGYD Yvwqr8vOor5s9Mo5sQU+ZtAIIxN5g0i1Bb5kECkTwEvdgwdQSxBeaiYkS2dncMxGrTnQzFDOHNQa hHeaCYnTDQtHP6QIID5UUg5acBJa1x1+bRZpKCUDpQRRikAJaapukzTkzkDuIHIL5EzzZLhM9lNw DGRIRu46yL0TuU+xsxixUvoc6PE5aFwQdoIQ5yBLMkqrg9J2orRTRpjYrFoVwH22KRKe8iGUfA4y /UfOokJHiachRxILko5cp1F3kuEg3FDUkimC65EiFfXJnkpEilSUKXspEWUcRe+ed79w9737hNzF 3B+VVt0XpC3mfqCNl3gfwKel7H+wTDn3O9p4gf5WV4rsZwo3oinMqAT5YslvxKG0qshTDTZDdYRr 4FpNXKuNa3VxXg/X6uNaA8wHhhGDGqriajyO9XBPbCMaZ/AhjMqoPw41VEVNsqwaiK+J+FqIr4v4 eohHObgLMrWsuaqXQtYky4qCXDqu7jdiEFMZiKUakC8KKfejzBqQT4d8OnLtN+JxvRZQG/F1kaYe 4uoj3ED+KzlKSYKssoW6UQWyxpHPK0XmToL8soW6UQfX6uJaKLeO9kYDlaB7MZA5FuXGoS1Vcfer oa7qsl24XhPX43G9Nq7XRVw9XK+P6w3QPrQC96YSyo1BbGUgVmyFDEH0TrJRDfeyOtpcA2lqIk08 rtcCaiNNHaSpizT1kaYBZjZ5n2zVr7EUDTlkj52GHNGQIwA5bNW3tXFeV/XgacgQDRkC8q4QU22P 8/o5JL3sPabaHcqR4UmtU0RZdQKj1kX/nacXGO1Xk1Na3UCuRsQvpB+4Wo8qlpeOoLS/oNVl1BPk bkgVLlVXUMqNskXloy+4Ez+q+1gmnVFzg1NavVGs3pCdCh4Ek3YG41QDq7VkZ4MZYLU7WE7wENin K1gtHqzW1PAFD4JRO4ONqoHVWhphwQyw2h1GIHgIzNQVrBYPVmtqRAdPoUeuRI9chh65zIjFeRXx F/RIOKRqjF6pj16pZ9RAfE2ki0eaWkBtnNdBurpIVw/p6iNdA2hNGDw3Gz5XApP/67OKKsLajYal WxdWxQ2wFdbA2otQ/y20ROtIN2md6U7tURqhPYZjF3jubcQU9iB8kYfEElgeU9Q/1V12kVRrVCr5 H0jbVGzu2fy8Mx2e/HJtpZivQvLf7ZIRioCXfCURNYVPejn9DZ9G1Jzup8b0ID2E2Edgy91M/6KR dA+Nok/oWVpCy3G2Ep+x9CNtpXG0HZ9plATvZDqlosSPtapaVdqo1dCupE1aC60lpWittAdov9ZW a0+HtU5aJ3K1R7WulKF1156hE1pvbRKd0t7DJ06bgk9VbSo+1bSPtU+06tpKbb1WU2+kX6NdrTfR r9eu0ZvqTbXr9Fv1BO16/e96M+1G/U79Tu0m/R96c+1mvaXeUrtNb63fr/1Nf1B/WGumt9PbaXfp nfRO2j/0rvrj2t16N72b1lx/Un9Ga6H31Pto/9Rf1IdqD+lv6m9p3fTR+gStuz5Jf1frpc/SP9P6 6F/oa7TX9LX6Vm2ivl1P0T7SD+qHtS/0DP2otkA/rmdpi/Qzera2XBeMtG+Yzpi2inHmaGtYBIvS fmbRLFr7lcWwOG0Dq8Vqa1tZXVZP284asMu0RPYXdqWWxK5mV2u7WWN2jbaHNWHXacmsKbtJ289u Ybdqqew2dpt2kN3ObtcOsWasmXaYtWSttHT2AHtYy2BtWRctk3VnPbQg68n66sQGsAG6yQaxQTpn E9hE3WLz2Dzdz75kX+oBtpAt1G22mK3SHbaObdNjWTI7rNdmp5jQ/2L4jHD9OiPaaKjfZtxi3KK3 MXoZQ/UHjeHGV/pTxiJjuT7B+MVYr79vbDT269ONNEPoX/r8Pr/+s8/22fovvkhflL7Ot8m3Q9/g +823R9/uS/Gl6Em+A74D+i5fmu+gvtt32HdU3+s77juup/pO+rL0NN8Z3xn9sC/bl62n+86ZPv2I yc1w/ZQZaUbqQTPKrKQLM9aswZhZy/wr85vXmtey6ub15l2shtnKbMOuNjuYr7DrzNfMN1h7801z BOtkjjZHs8fMseY41sV8x3yHPW5ONKewJ8zp5nTW3ZxpzmQ9zNnmbPaMOcf8gj1rLjCXsRfNFea3 bLD5nbmWvWr+YG5hr5vbzO1snJloJrK3zV3mbvaOmWoeYhPNY2YOm8yJ6+wjznk8+4TX503Yan4j v4Vt4rfx29h2/nd+F9vB7+H3sl28NW/NUvgD/AG2jz/IH2T7eVveiR3gXXhXls6f5E8ylz/NX2QZ vB8fxM7xl/kQQ+dv8KGGwYfzEYbJR/NJhsXf4+8ZUXwKn2JU5FP5NCOaz+KzjBg+hy81KvNV/Aej Id/AtxpX8538uHEtz+RnjZY8hwvjAau+Vd942GpoXW48Yl1lXW20t5pYTYyO1o1WU6OTdbN1i/Go dZt1m9HF+od1j9HVamG1MLpZ91qtjH9Z91ttjKesR6xHjB5WF6ub8Yz1rPW88YLVz+pn9LEGWgON vtbL1ivGi9ZQ602jvzXCGmkMskZbo42XrXHWOGOINcGabLxifWT92xhmzbHmGMOtedY8Y4R13Dph jLROWieNUdZp67QxOgzEZ4wJM8IMY1wYD/Mb48PssMrGxLAqYVWMmWFVw2oYs8Liw+KNf/vv97c1 PvZ39nc2PvN39Xc1Pvf/y/+k8YX/af/Txlf+Hv5njAX+5/zPGYv8ffx9jMX+fv5+xhL/AP9gY6l/ qH+uscK/0v+9sd+/xf+b4fp3+fcbp/xnAnFGMFAnMMYXHxgXmOEbFVgQWO6bGlgfOO77yOZ2rO8n +wr7Dl+S/bD9L99p+2n7OTPM7mn3MiPsPvaLZpTdz+5nVrIH2K+bMfYwe5QZb4+xx5gN7HH222ZD e4I93bzC/sD+wLzOnmXPNa+3P7W/NG+zF9pLzTvtr+2vzeb2CnuF2cL+xv7ebGn/bG8029ib7c1m e3urvd3sYCfau83O9l77qPmEfcI+bfaxz9o55gA76JA52NEd3XzFMRzTfNWxHMd8w4l0YsyRTqwT a4534pxq5ttODaeuOdGp79Q3pzqDncHmNGeI87o53RnmvGXOdsY64805zjvOBHOe867zrjnfmexM Nj9z3ndmmJ87M52PzIXheni4uSw8Kryy+UN41fDq5vrwrPCz5kbS/bDfiezbK9xHDSmeymkTS0SK OECNRBrCO4tMERSTxaf4ZIjhOLtPtEOeNQiledfTxCHs93pnpwrll1cPiUx8fr/Gi6jnBPB2sfL2 B74uELMLNcTIWi64wfNCuh0iG2EbM3l7cnCeUlDG3NYUUefPYo9wxS8oIRmtTS1OxhJsFkqd4JW+ T6SLNWK/d3a8UO2HgSSxW2wSp8U9FIa+u5xq5bseLK4ycRL3LhMl/C45+h8WS+jqbDGbbCDvHp6X +wiwXySijF049cHOqk+3IlRTXV0t1omt0B/oDvz2ouv/RHwgpuI4DEgQV4neohdC+foxt/UIpRfK HRTfiVRo0HfiJ8iB+yB7r2CuvLQ/F9MVBD+VKFyFRnkxLsr+JVc382uFF5OJlh9H3+8UJ2DvRyCq Ce5CXu3isLpDh3NTF8qfLg5ijLm5PS5XRtXxt/xpipPbS5dY4Oz5Amffl6wMbI1Vek/TxDbcP0ts K6bmrHxjuzHdUEzqueLfckSL70osU8H8B6R2SJ0tdGVLCXKjZeINFVpw/ngWj5UgP3REfKl4a5e8 b6XdxMeKTT9GvxberBKVkCGWKNYsoV4UUcLxkmtVEbk9hhUby5R7vtpvk8xR7ttfS1D/gdBcJrKh RydKXYN90asNgH+qWnJnvL2hj3e9ZhF5LsOnJj6XFZDyQ++4PvS5SP7GReb3ehdachLsdPJCAoM/ j4hjYLA9akxJrT6t4seryzXESrFcbJYz+gXy5+QLj6Aq4P+HqJUcIV5cEuaGpYW5OC9Pdr7wGMw8 EXQ3dUZ4nheXgt7bcOFZNbd+pdHvIn8Y2Kenx+Qy/nPxKTGx8IL5z9dCH6ynboh/y7v+vViL/v/R OyvM32fzhYcjdxVqSdISSvDivhaLUcJ/Llj/vqLjg7hjkh9Fa3Gv6CpaeamnFcr/ClhstviP+FVs zhetUwd6lUYiNIpGy+/M0Fxo7jxaCOtwKS2na9SqwnW0irbS9bSD9lNzStU0eljrrHWmF+DR/5N6 SV+e+kgvnvrqT+k96CX449tpoL5TT6FBepqeRkP1Q/phGiZ9cxqun9KzaKSerWfTKOmb02jpm9NY +OYBGs9qspo0ibVnHehd1pk9SpONBcYCkl6toKm+KF8U/Wx+ZX5Fv5hfm8tpnbnT/I1+NYUpaKP0 6WiT9OloO7+Pt6Yk6dPRbvh0D9Ee6dNRsvTpKE36dHRI+nR0WPp0dEb6dBSETzdCI3hzYzWTj+eT tDDp02kR0qfTIqVPp1XgM/ksraL06bRK0qfT6sOnO65dCW9OaK0sZvm0dpZl+bWOlm2Fa49aFayK WlerklVZ62bFWdW0p6waVrzWw6pj1dOes261ErQX4LU9rvWGdzZMexHe2Qitn/S/tP7SJ9IGSJ9I GxjoHxijDZGejjbRjrRjtaX2XHuuttpOsY9qa6SvoW2Svoa2Q/oa2m/S19B2S19D2yN9DS1F+hra QelraEelr6Edk76Glil9DS1b+hFajvQjtHPSj9D18LDwgM7DK4VX1v3hp8PP6vKZwjalMZrSGB0a MwEexUR6Dzo9mWYhZjY+nD6kTzBLzYE+mUqfTOjTMoy6r6FVfqVVfmjVD4j/kTZTgLbgo0PLtsKq 3kG/wbpKomSMsRToXC1KpWMY8cfxqU0nKIvq0Gl86tIZOkf1KAiNrKA0srrSSKY00lYaaUMju1Ok 3gN6aSu9jIJeJlGMvkvfRRX13fpeqqwn68kUq6dAX6spfa2q9DVW6Wslpa9xSl8r6kIXVJHB/Kdo aK2OPTaqBN3lCOPmUxUWBj2OVnpcFXrcnuqzDtDmBtDmzgg/Cp1uoHS6OnQ6iTRjl7GfdOOAkUqm kWa4FDAyjEyqYZw0TlGEkWXkUE3jHLS/ntL+Wkr7qyvtr660v7rS/urQ/r9TNG/Gm1GA38HvIIPf ifHgw3i4BzHNeXPEtOAtiPOWvCVZ/F6MkzoYJ/chb2uMljA1WgJyBYQc/hDGTDjGTDuqxdvzDhTB O/KOVI93wiiqoEZRBTWKNIyip5GrO38OaZ7nPRHzAn+BdN6L90YtfXgflNwXIy2AkdYfuQbwAYgf yAci/SCMPUeNPU2upyDNMP4m6h3OR+DqaD4aMWP4GOQay8cizXg+ATET+URIMolPQgzGJ/nl+EQ5 U/lU5JrGpyF+Jp+JcmbxWUg5h89BzFw+D3k/5Z+iH+bzL9EzX/HFkHMJX4I+WcqXQqpVfA2k/Y7/ gDI3cGgm38Khk3wbT0RpO/luiud7eAr6ZB9PQ10H+SGqzQ/zdPTkEe5SXZ7BM1DjUX4cMmfyTKQ8 yU/i6il+CvFZPAuSnOZnUP5ZfhYlZ/NslJzDc6giP8fPofYgDyKv4EL+v6rlo+qSTbAHm2APNsEe bII92AR7sAn2YBPswSbYg01IA5sMxX6YNYx0ySlkSE4hTXIK2eCUAdgP9A+mSMksxMAsW8kObAts JyewI3CcIiXLEJMsQ1XAMilU0d5n76Noe7+9nxz7gH2AYuxUOxVX0+w0irUP2gepmn3IPoKwa7tI n2FnIM1R+yjSnLBPIJxpn6Q4+5R9Cmmy7NNIc9Y+i6vZdg4F7KAtKNaRrnVFyV/YG46Bvc8xKQos ZlFlJ8zxUyUn4ASQ0nYcqgZeq4iYaCeG4iS7UQzYLQ77qk41pKnh1KRoJ96JRzm1nNoI13HqIH1d py7C4D7Eg/sQ874zFbVMc6Yj1wxnBkqe6cxCmbOdj6iSZENikg0pUrIhRYKxPvPYcAw+TLGhD2w4 CeHJ4EGmeNAEC85FeB4twn4xQdvAhisR/hYcyGgNeJCBB7eAMbeCX5lav7cUDzLFg5UUD8YoHvQr HqyseDBW8WAVxYNxigdtLUKLIEdrq7XFvrvWA/tntZ7Y99J6YT9cG04OWLI16Yolw8CSXbGXLBlQ LBmmWDJccWK0nq6nUwXFg1GKByvq5/RzFKEYMJIZzKAocJ+FsJ/5qQJry9pSNdZOvckmua+64r6a rCPriPhO6u02yYPVFQ/WZI+xLlQ1jwdTiYEBM8kC9+WQX7FenGK9GLlqi/H5N/43jN7b+e3EFMdZ /C5wnAGOa46wZDem2M1U7BbLW/FWiJHsxvj9/H7sH+BtkFJynKHYLUaxm1+xWxzYrTPZ/DH+GPZd eBekf5w/jn033g17yXSWYjq/x3S9eC/E9AbTmYrjLP4Sfwl5+/F+SJ/LdIMRDnHcK/xVhCXTWYrp mGI6Px/JRyLXW3wUYiTrWYr1bI/1xvFxiJfcZynui1OsxxTrGfx9sB7zWG86n47wDD4DjPYB/wDp JQ8yxYNx+XiQKR60wINLEA5x3zL+DcKr+K/YS+6zwH2JCEvWq6RYL0axnl+xXmXFerGK9aoo1otT rGfzE/wEcknui1HcF6u4L87jvhxwHFMcZ1uapRELsZX/Rf9LFObv7++P/UD/QAr4B4ObAv4h/iGI ed3/OoUpntID4wLvkq4YJ9o+Aq6JtI/ZxylK8UukYpZoMEsWwqftMxQBTglinEtOqeAwh1EE2IRT uOKRKMUj0WCQKIQlg1R0KjuVkUZyR7RT3amO+Joed9RCCZI7ohR3RCruqKC4Iwrc8T7KnOZMQ66Z zkyknwXWiFKsoZN+zVG58nr9gb9fR/fQwxey8/9/bCJNHJTwzvYU5XfJdR611lfasvfJFS7lea9U 5ztz61T7Xz3vM136n8oXTRTJIrXgik7x9eau0InnSi9h+W6iOTxPebyg710oRxo87bVlX5fJKyf9 /DNxTO29ePiKmejZZOECeSt7+TzR6Hy5E5FqO8l1j8oIeSuMud71H7T586TJX69Nj6i4w0WtLohD hdfmxHGxV+zAlUJPIcq65a6SFzyT48fT6nzrBZCd5YXTL3SXxe7Cq5rltRX9BKfYXLPEDHXMUavh 30vI9SHxMUI/eGlyNUuO4JNifW58qerZp3Q0+fdzuQomkvKleEutB8m18t0qtA/S5Gcor39Len/V qnVy8elKv0HT8pUrTokc4Kxc6xLnCqS72HOp/7HtDx7zJdjElEvIfF8R5SVTQ+hgjUso9eJbQ1Lc KvlUcWqRG7ihxM8QL32uOK+8AlLlH3slzP+5WC7me88HosU0sVzFpsjZPf/sXSb7YTu4cY+yH1KV baLYTM5JYg+Oc7xUrnre9iOwBp/UgivXismqUO7a7GrMBT+IDcAUxN4jNomfVPzmkBWhnmg/UnpJ C0l+sMCZmkPFZ/linhIzRQ/xplzlFz3zYm9C3CI57go/dST5zLXws9BDYiXaklh+IzVXH+Q8BgbL tQt/IO/5bH4ZwMt5z0bkM5ZiSv6lvGQs64ZectRxrHzeXOhqL7G6QNrQMQmzW4rUkDLUt0VqvbK3 VD/JEOa3PV6vYS+eFOvU/c4iVsQc5lCjQmW6GAdHvKdLDMyR+9QpK3T10ue3359DF3xemWulSNtL zdv78HEL2Z67le1ZxGjHaC5n7ipqO4/PNhW6nnN+jBf/fNHxVJrn6KXexBOlzBB6x2KYeF0dMxQD fCGB0L/FglBIXcu1z9TzTtypxWWQ7nOxCIz5lXe2WnxC8v2ghTIMgDnBYqvBErlWcAbY9yePJ0LP z8ILlblWfCVWeGVGyzMvvgA7CFF6aVU+jFKxI+8s13fZK0O5fmXIEleM9oPUj9A7It74Oa4YuYO4 T52tIPk07zmgL0JjxCTMdX29UvK924IeWCr6lUHaR8VA8YHogdC3GNUfiG6KH97CbPQB+nmFmCL+ hbk1Qz4DVC1bIuaJ6aGavVkjTnx7XpmpYiu8ytDIvTYv5Nmd4kwIJbeYC5SdqcZ73ltBBWcpNU/n eb7K8t2j3nvI/8bFVQXfWPmjtoJPcdUbTEeKl0S1qND7V3/EVtCTlb0KHT5RHH+qu1Nunm5ptvz2 B0aD9LK24XiBJ915KQ9durzifTFAvCYmqvB66PsM+aaMNw+F7MWT4ktg+aXVo0pqFHqT5ZLKSBEH MBOq+RH39AD0MM/mDt11cRQ2x9GiLMBS11UGmztf7p9CdxWySB78xTvb7Y0fT+o/ZzwXtYknxONi mVhAujobKPqArTuHLAKxUJzG2UjxvLhR1AGPNhF9xZOXUFfIfoy/JHk9Tgr5tHnvG84oeLU8NzGr HMqQ2rs1xOqwbwvdfXU9WWz8fRb+czdIsxNjTq15Qoelp5jnqYQsXVxdC1zgXdU/eoO8o/KPXNhX S/5MeS68YbT1krZT6E1X8QKso80YfaFrK9R+p1gs2ok3ERotfgvFlbGutZcubylrzMz/ntf/7pZn 4x6/9Lcri3rXvTy3kHUI+3s/Zr1yWLEo7h3li+YtoUaJT9Xa/uGy15Rvq1IupZRogy10yZarGFse khRTh8d0sG4veV2+nO5ScbWkwLL9L4+U8ttg9WSWW89EXYIc5THe/8DnEWXRRtg9yaGc3jc7ctdF 1qnnDOsumvkZL+380tf7R29l+Q5EoTIu+DTkInnUar1cKQp5wqEVnbxnwf6L+cdqbbcK9SCz9PWq /GX4lpdIVXPH798ly12TK6lvF6C7Sl/rn7rFlDVj6Z88kXyrQT6XzvPsxVK1PwJ+LvZpxP/aBrv/ 5IW/M5Ev3en/viwl20rGkGWd1Yv8rlSxdak3CH7/7qB6YpGnWf4iM+WmlWtV1agdxtyfsBW03UOs Ae+pGJ5VT2L+hPU+cawcy9pL3opykd84ukx9y0k+QV9fxNXiypbfo9qbmzM3pFb493oxuXXepOo6 T658Z0N/LzNXFvl9rUJSyW9lNZZPacritYsp4kOxJO97YF5IWgTemub6PDkaF5L3w9LXVyB/Gd4U EhvVU4kf887VO0CwN80SP+krwbf3LlB3kd9NLibPAbVqJWdyxQXqbDXGXogZ/BezL9WMEkG3luz7 mkXkL8v7D5vk9y0VToXO1d5bNb84O3htqVbwfSPo1zGxQWEKVYZNetB7mrQnNKaVrj1VekmLaUfo CVs+b110Fn3FR2Kq+t2AvHd6RHPxeSlLXv3HWMxSxgvXI4JFPVUOPVE8L+5Y8U9xyrqpd2Q8ZhbH YU8ch320XST+zkQiHXHymfEN4kF1/gU0YKvoINbIc7FCvC2+kyvm6tr4AmUn5caXSqJWoocYIu7x zlQIGthNhT8UM0VP6MEUWGtLMPPKFAvEV+JLb9aWq/Mx1Eg9c35RdFdxofcRp8Kufl/eD/krCXlv ARVYCxJncr/NXyp53xUfw1d7zztbp+qeonh+neoD+fR1vsgU36gEoW/te28YeFp8belr/bO2/8q3 sQvXsjeXsULPnf+srSzPqXCnj1C+VYe8X0goydxTkeT7O/ercDVqAt8zXuXdD6tjv5pNqtJfxRaM UPlJErvEjRgv3cgWoXnd81MxOkM+VWXv/HPvSYVOed+YVvFzL9IO9W6F6Id5zluBFH8TnYDm4gmq KEJzcO5vaAwE7hA3iTbC+2aD+F78pt6WkCP2EOakvZ7/egU1VDPnFSrVxVc3ipZrhpiJ/cd550uk L1fgzYoHvEA7+ifdQNeo34mpp67kb7s/uFEEgllqplwmnhZfyDlMDBKvyhBKHV6g2tA7YE+XQd7u 4lm0/1l1YiHUXfHmq2qm3oB7mRoMfZN+ofpVkNxN9ax4wSujBD5ekXUfLD5NoTzp6o0AaScobVLa vBrnhrpsX9Tekbki6GZIr9OmYn7Hrq33O3av0P9Rdv5RUV332t9zZs6ZM8Phh0gMIBIliIiEIBIk CAQJIcRYQokxXmucAYbBwDAM80sdhjM/kIFYaqw1xlprrLHWGGusscYYr7XWWGu81hpjrDXGWK+x 1vpaa4011txnf2divV3rXet9w9rP7HzPPvucOTPs/Xn+4PEpjaC5j1konW4BpdMNUjrdYs1szQts qeZFzYtsOeXSvaLxaBazlZohzatsC0+nY7t4Oh17j6fTsd08nY79p+aXmt+yXwiFwkR2RCgWSthR nk7HPhQeEx5jx3k6HftIeEp4mn0sOAUXOyUsEBay08JS4XvsjLBeWM/OCT8RtrA/CjuEd9ifhXeF d9lfhN3CHnZF2C+8z/4q/Eb4Dfub8F/CEXZdOCr8jt0QPhQ+ZDeFE8IJ9g+too1nt7RJ2mR2myfM sa8oYY5RwpyozdZma/SUMCdTqlyctkRboomnVLkESpVLolS5ZMqTG66drf2WJkU7V2vSjOB/K6dJ 5alvmnSe+qYp0L2j26OZzVPfNM086U3TypPeNFYxSRymaRNTxDTNizzvTdMlnhY/03h53pvGz/Pe NL08702j8rw3TZDnvWki4t/FLzUDPONNs4RnvGle5Rlvmtd4xptmLc9406znGW+aN3nGm2YPz3jT /IJnvGmOSi9IEc3HPN1N0PB0N0HH090Ekae7CXqe7ibI0lrpdSGB57oJyTzXTRjOc92EDJ7rJjzI c92EcdJvpJPCeJ7oJjzKE92EMulz6c9COU90E6byRDfhGzzRTWjgiW5CO090Exbyv48TVFmQBSEg S7JeCMpxcpwQlhPlJKFPTpFThH45VU4TIvIoeZQwKI+Rs4SXeOKa8G2euCYM8cQ14WV5ojxR+C7P XROW8dw14Xs8d014Ra6Spwqv8tw14fs8d01YzXPXhB/y3DXhNZ67JqyTrXKb8DrPXRN+LLtlt7CR p68Jb/D0NWETT18T3pRfkl8StshD8pDwlvyyvFTYytPXhG08fU14m6evCe/y9DXhPflteY+wW94r fygclE/IHwun5d/LfxDOyJ/InwufyX+S/yZc5qlswhc8lU24KX9l0Aj/4Klswm2eyib8k6eyaTWG NEOmNp7nsWmHG7IMudoUwwRDgXakochQpH3A8IjhEe1ow2TDFO0YQ4WhWptjqDHUaPMNtYY67UOG aYantYWGbxie0RYZnjfM0j5isBuc2snG0cZsbTlPd9NO5elu2qd4Wpt2Gk9r0zp4Wpt2IU9r04Z4 Wpv2pbgZcS3aN/lf7Wnf42lt2l8peiVRe5jntGk/Ur6lzNNe5Tlt2js8p02n4zltOj3PadMZeU6b Lo7ntOnu4zltugye06YbxXPadKN5TptugrJeeVOXz3PadMU8p01XxnPadI/xnDZdFc9p003lOW26 p3hOm66B57Tpvslz2nQzlM+Uc7rZPGVNN4enrOle4Clrumaesqabx1PWdB08ZU3XmSAkyDp7gpKQ oPMkJCek6BbwZDVdT8IXCV/o1ESWqNEFmKA5h1UvAY4vkSUxDRuGHy1Lxj6sY6nYu0Xs6mNRz8GP no3DLiizfKySBqyHU5iC9ZD/Ow+V9C9g8BUzgVbMRKyYM3HW8/gZhnXzBcw4l7WwKmbBGjoVa6gT 5ODCTzVzswXsPrYQPyOYj6m4cgArbCpWWIWlaeI1CSyd/kJ4pCYJa+5DWHPHoZKryWWFmvGaPNQn aCagn4+1OI3W4olYi5+BNmBFfoLyQtM0L2BdLqJ1uYjW5UlYl/2o92oGWLFmUDOIOV/CSj0SK/XL rESzVPMKm6xZgVV7Iq3aE2nVnkirdiFW7TfQ34S1uxBr9/vYDw5oDrApml9rPmDlmsNYzStoNRew mhdDH8GaLtGankRrukBrehKt6Sm0pj9Oa/rDtKaX0pqegTX9DfaAsEnYxEYJbwo/ZWOELVjls2iV z6JVfjRW+d3Q/8Ran0lrfTat9aOw1v8X9AhW/NFY8Y9Cf4d1P5PW/Uxa9x/Euq+wsdp4rP45tPrn 0uo/Dqt/KsvTpmnT2ARtujad1fCdAH3sBGw8doJx0FzteJyF/YDl8/0AZ5Vpy6BTtFNwtEJbAa3U VmIM9gYo9gZU+N9aP0l/a11Hf1/9JP19dR39TXUt9okAq9QFdQNMg91iKUvUfVe3gj2qe1W3kg3X fV+3hpXpXtP9iN2vW6f7KUvTbdH9nKVjR3mHFfE0UVbM9xVWzvcVpvB9BZokJrGp4jBxGJvIdxdW hN3lONOKH4kfsdHiCfEESxQ/Fj9mOvGk+HsmYtc5jcon4ieonBHPML34qfgpk8Wz4ll2n/iZ+BmL 43sSi+d7EkZeFC+yYeKfxD+xZOxMf2Ya8bL4F1zxivh/2HDxqniV3c/3Klzx7+LfWap4Q7zBKsQv xC9wbzfFm7iff4j/QP+WeAv9L8UvWaX4T/GfmPmOJLDhklbSsUpJlESmwQ6nZ9gsJJnFSwbJyBKl OCmOaSVFUliqFC/FswopQUrAGOyC/F91l4bj3BTpPpybKqVhfLo0kiVLGdIozJwpZTKegDoGmiVl YYYHpQcxPlvKxvixUi7Gj5fGs/ulPCkP9QnSBKaT8qV8liA9JBVg/oelh3FuoVSI2SZKEzGmSCrC uZOkSUzhOy6uNVmajHqpVIaRU6QpmKFcqmKiNFV6AiNrpVqml56UnsQ9PyN9E++rUXoO878gmXH1 JqkZV2mRrJinTepgVZJN6mJTJYfkxhU9kpdVS/MlrB7SQsnHRkg9Ug/u1i+peC8BKYh5QlIIM4Sl MGbok/pYnLRIWoSr9Ev9GBORIrgKCICN5ATACkEA32XF0jJpGZvEOYClgQNexdGV0kqWLn1fwjog /UD6ASuXVkur8bTXSmuhP5LWsSKeAYvxYAXM8Kb0JnSzhG+ptEXagnPfkrayJ6SfST/DzNukt3F0 h7QD574jvYP6TmkXRr4n7cbIX0h7cfSX0j5WAsI4gPqvpV+zAnDGbzD+kHQIlQ+kDzDysPRbjDwq HcX9/E46hjEfSh/iDo9LH+GeT0gn2EPSx9LHbLJ0UjqJc8EoOOuMdAYzfyp9irM+lz7HbBelSxj/ Z+nPGP9X6e8Yc0O6gafxhfQF7u2mdJulcY5hk8Ax8egn6IexYn2yfjgbqU/R389K9Kn6DDZZP0o/ mk0E5Yxj5fpc/Xj2lD5PP4FN0efr81F5SP8wq9AX6gsxw0T9RIws0hdhzCT9JBwt1sM7go0eZY/o y/RluNYU/RSML9eX42iFvgLX4pkCGs5MrIgzExTMBAUzQcFMUDATFMwEBTNBwUwsnTMTG8mZCQpm Yg9xZkIfzMTKOTOxNJ5VywrkqfJUnAVyQgXkhDEgJyjIiZVwcmKTQU5wAnKb3MYqwE9dLFF2yN0Y A4rCuaAo1EFRGBmUg5gnJIfQD8th1EFUuB8QFca/LL/MiuWl8lKcBa5ik8BVK1B5Vca3Tl4p/wD9 n8g/wbU2yhvZU5y0UAFpMSMnLShICwrSgoK0oH+S/8oek6/J13CVv8l/wzygLlbIqQv9r+Sv+L+9 ZWDsCYPGoGFpnMDYSBCYHiobZPaIAf+xQoPRYERfMSRAEw3Yfw1JhiRWYhhmSEZluGE4KzekGFLY JMN9hvtYhWGE4X7U0wxprNiQbkhnDxlGGkain2HIwFVGGUbhaKYhExWwHfpgO9wJ2A4KtoOC7aBg OyjYDgq2g4LtoGA7KNgOCraDgu2YkbMdewxs9yxLMs4wzmCS8Tnjc+jPNM5E/3nj8+jPMs5mKZz8 UBkwrmeC8cfGzeiD/9AH/2EM+A9j/hGnYUKcEJfOHucUyEqj2Q2cApnAKRAKCoR+S/kWG6XMUeaw 0coLygtsmDJXmcseUEyKiT2omBUzy1KalCamVZqVVvStihXj25Q2jJmnzMOYDqUDfZvSybIVu2LH mC7FgTFOxYmjLsXNMkGW81FfoCxAHXwJ9St+aK+isgwloATZGCWkhDGyT+nDyEVKP644qHwblSFl CWYGg+Iqy5Rl0O8pyzFmhfIq7nmlshLzfF9Zhf4PlB9g/GplNfo/VH6IOdcoa3D0NeU1Nk5Zq6xl 4zm5slyQ63o2Qfmx8mNWo2xQ3kB/k7IJY95U3sTRt5S3oFuVn7F8ZZuyDUffVrbj6DvKTpanvKvs QuU95T1UwLtQ8C70l8o+Nlb5lbIfY95XDrAc5dfKrzHyoHIQVzms/BaVo8oxzAkaxvwnlBPQj5WT GHNK+QOOnlZOY55PlDPof6p8yopByZ9htnPKOTaOszLLBCuHWUZ8X/wilhXfH4+nBG4eZPnxL8Xj WcUPxQ+xB+K/E/8dVL4bv4xNiP9e/PdYDedpVMDTLJ/zNEvhPM0EztNQ8DQUPM1SOE+zIpBdFfF0 LfG0QCQd5eaviZnzcQLxcQL7D/wkEBnXERlPIzJOJjKeTmQ8gsj4fiLjVCLjtHvye0TK75Epv0ek /B6R8nuMlN8jUn6PSPk98ZTfI1J+j0j5PSLl9yRSfo9I+T2JlN8jUn7PU5Tf8zTl9wyn/J5vUH5P PeX3PEP5PQ2U35MOUo8DN8dr4onR09gjmnRNOhiak3opSP0ZVkYs/qzmOc1/oM5ZfIrGqrGCsD0a D9Sr8YGb/SDyySDyQVYBFn8J/W9rvo3xnMgng8hfZVVg8dVsKih8O/Tnmp+zas0OzS9wlFP480Th jxOF1xCFPwEKL2RaonDtPfytBX8/Tvz9FPj7aaJwnjCko4ShYZQwNIwShu6jhKFhxOjfJEZ/VHhJ WMwqebI/mxEjdc7lE4S3hLfYeGEnuPxBIvKxROTjhA+ED8DfnMXHCMeEY6h/BP4eQ6lFo4TfC5+A yD8VPoXyBKN8SnXLE84L/43K58LnUJ7tlknJRtnCX4Qr6PN8oxzhr8I19HnKUa7wpXAbfZ519IBw R/iKZVLiUZZWoxXQ57lHOVpRK6LP04+yKP0oWxunjUMlEfRfQNxfRNxfTNzfqB2pzUCd03+B9kHQ /8PaHNB/AdF/oTZPm4d+vjYfOlE7iU2CE5iMfqm2lD2kfRR+oID8wERtOfxAgfYx7WOYn/uBAnIC z5ETmElO4DlyAjPJA9SC/lewBHD/GpZMxJ9KxD+SiL9UtwPEPwXEv59V6N7XHWbVxP0192QyiZTJ lEiZTMMpk6mBnMA0cgJTKZ/pafIDZfADHzKJPIBe/D08gEQeQE8eIIHoX0/0nyqeF8+D8i+In6PC uV8i4r+fiH8aEX8yEX8qEX+aeF28DuVMX0tMryemTyamryWmFyQJTK8nmtcTzacRtdcSr+uJ1JOJ 1NOIzmuJy/XE5anE5bVgcfheqQBELhGLJxOL18YovFgqxvgSqQTjOYvXEoVHmVtPnK0ntq4jtp5G bJ1MbD2d2HoEsfX9xNapxNZpRM9p0pA0BKb8jvQd0CSn5zIi5nJphbQCdU7MjxAxT5XWSGvAkZyV S6R1YOVyYuWRxMoV0gZpEzj+TVDySKLkZ4mPK6Tt0nacxSm5hCj5WVDyTpz7Llh5JLFyKbFyhfQr aT9meF96H+M5K5cQJY8kSi4lSq4gSq6RjoGSy4mSpxIllxAlVxAlVxElP0GU/Ij0ifQJjnI+jpLx I9Jl6SoqnI9LiY/LiI+fle5Id0ConIzLiYwrQMb3o8+ZuIqYeKp+jH4sqyYyriEyfp7I+HHi4KnE wc8TB9cQB4/UT9ZPhnICfoIIuEb/mP4xzMkTxRIpS0ykLLFEShFLpBQxkVLEjJQiVk8pYiKliIn6 Rn0jrs6zxETKEkukFLGnKUVsOKWINVCKWDqliKVTiphIKWIipYiJlCKWSCliw+9JEUukFDEjpYgl UopYOqWIiZQilkgpYuI9KWIipYglUoqYSCliwylFLJ1SxERKEUukFLH0e1LEREoRS6QUsQZKERMp P0y8Jz9MpPyweMoPS6T8MJHywxruyQ8TKT8skfLDRMoPS6T8MJHyw0TKD0uk/DCR8sOeovywpyk/ bDjlh32D8sPqKT/sGcoPa6D8sHTKDxMpP+xpyg+rp/ywhnvyw0TKD0un/DARHmY4K4NjGcumkj+p lsfJ4+ANcuVcsP4EeQIrlfPlh+A3CuQC1AvlwphvKZGL5EnsCXIvJXKJXArlHqZGniJPwTzcw1TL tfKT0Dr5acw2Xf4GxtTL9ewR+Rk4mQq5QW6EQ3hefh5HuZ+pkk2yCffTLDfjrGgSI3c4NXA47bgW dzgJcrfsxDwu2YWzPLKHPS7Pl+ej0isH8C64zykjbzOSkhtLyOGUy0vkJVDuc54gn1MuvyJjlSCf U0IOp0J+TX4Nldfl13F17nZqyO08L78hb8JZ3PNUyD+Vf4oxb8lboW/D+cTJZ+Q/Qv8bnieOPM+T 5Hmq5evydczMPU+Z/KX8Jd4d9zxx5HmeJc8zlTxPObmdEnI7ZeR2SgzxcDjlcDjDWBU5nBpyOI+T w3kCDmcEXND9hlSMTIPDKSVvM5L8TDX8zDhcJQ9+Jg5+phhaYiiDVsDDxJGHiYOHeQbK3UscuZc4 ci9Pwr3MiDkW7lVmwYfMJscyxzgHlRZjC6s0thvboTajDWo32qEOowPqNrqhPItuGGXRDaMsuvso i+4+yqIbRll0w8j5aMnbfDNuZFwWezRuWtw3WWWcJc7HZlBSnY7cjg4OZwJcBPcwE8jDjFda4WHG KC8q7SB17lvGkGOZAMfShb5D6YZz8CpeVLhXeVDpUXpQ6VUCcCncn4wlfzKB/Ml4+JPFqHwbLmU8 uZRxysvKyxjP/ckE5RVlBY6+Cn8yDv7k+5iN+5Ox5E+izuRBciYFyo+UH0FfV16HcmdSTM6kUXkD zmQinMlm1H+qbGGF5EwmkjOZRM6kGM7kbVS2Kz9nDyk7lB0Y+a7yLurcnzys7IY/KVD2KHtwdD+c SSF5kmLyJI3KIeUDHD2sHEGdO5NJyofKhxjJPUmx8nvlFOp/gCeZBE/yCWY7A2eSSc6kUDmrnMV1 uT8pIn/ysPJHBYxH6YD5lEeap1xSLqPCkwKzlCvKVfR5XmAO5QVmUV5gPuUFZlFe4AOUR5qp/FP5 J5RnB+YrXykgQEoQzAaYgwApR/AByibNpDTBUZRNmkmZgjmUKZhP2aR58QnxiajzfMGc+OHxw1Hh KYO5lDL4QHxqfDqO8qzBfMoazKGswVzKGsyOz4rPwlGeOJhDiYNZlDiYHd8e387GkBMbCycWIieG 70P8QPwAHNog3NdYcl+TyHc1wne9gv6K+JWskNzXpPhV8avQ58mFOZRcOIqSC/MpuTCXkgtzKLlQ xzQjr2UEAb+KdjH7lDHzAjQVbRHaYrSlaCvuvmocx/G6Gm0d2ka0LWjb0Xah7UU7gHYY7RjaSbQz aOfRLqFdRbuBdpsJwevUWJNATQjeYkKIoS+jJaCloKWjjUbLQctHK0IrRauM3kNTzf/ldVp0Luo3 xM6ZiTaHjrGmZrR50fulc/ZG32OTHc2N5ovWY69CSKKmcZxCO4u+crcWbcloqbE+Q8uM9bNjLS/W CtFK0MrRqtHqYmPraTxrCqJFos+paejuM4+OnUHjWNMytJVoa9DWx97Dptj1Zsfe61a0HWi7Y8f3 xY6bY82K2kG0I3g/F9Au330v0feMz7jpFNpZtAtol9Guod1Eu8NYsy72arznNTa+OQltRPSVxl+L /v/d4xloWWi5aAVoxWhl/3rln1lzFVrt//OrELLd81nhvTVPR2uMft7/X6+l//uVf7+bZ0WvQ9+l WJ2ue2+bi2b51yt9BqWx79sc3JMT9XY0R+z7x+fx/uu12Y8W1g0zGTvdvbfMW7rySAtJS6Dbu8qh u7qqoXu76qAHuuqhh7tm9N7iZwUi5mNdswNDpqROn8pMIzqDqmQ+2WUmtd7tn+myqRI/GlhmyuiM qIr5fJdTVaL9mGZ1DqnJ5ktdC0hV6FXqX6X+ja5F0Ntdi9XkJqFrKVTuWqEm87MCK6HL0M/tXKmm NiV0rYamdK2DpndtVFN5PbDGVNC5Rs1sGt21BZrTtT2w3lTcuV7Nbsrv2kW6l/QAtKjJDi3tOgyt 7DoGrek6CZ3WdUbN5mcFNjU1dJ1XD5jKOjepeU0zuy6peaaqzq1qIdfAVlNt5w61pGlO11Voc9cN tYRXAjui9ZhO79ytlpsaO/ep1U3zum7fVbtDUKt5PbA7prM6D6p1TW6HTJoA9VE/6EiBRhzp0CHH aOgyR85dXenID+xrWuMoChw0ze08otY3rXeUqvU024xYZZOj8mvllcARk6XzuDq7aaujhnTa131e Dxw3tXeeUs1NOxwNqpn3A6dM7Y6Z6Ds6z6rWpt2OOaTNd/v7HPOgBx126BGHG3rc4YOecgSpH1Gt /NzAWZO384JqM/k7L6vOprOOobt6wTEUuNB02bFMdZrCndfUBabBzpt0DytJ19ztX3Osx50s6byj qk03HZvu6h3HVlU1Lbfr1EUvXlq4iXQr6Q7o1YW7oTcW7oPeXnhQXdQuLDwClRceVxfxs/rXtycs PNW/ybTKblQXm9bak9Sl7SkLz0LTF14g5f3RCy+rS/nR/q2mDfYRamF7zsJr0Hz7iP4dUTVttmeo K9qLFt4kvQMtpX4p9St9OmiNzwid5kuCNvhGqCv4Wf27oVnob7PnqqvbZ/oyoHN8WdBmHyq83r/P tNNeoK5rn+fjavcV9x807bEXqxvb3b4yru1bqV8F9flqoUHfdGjE1wgd8s2CLvPNVTfys/qPtK/0 WfqPm/abFXVL+xpfu7rFdMhepm7nGqo3HbVXqbva1/sc0E0+r7qLV/pPResxPWGvVfeaTtunqwfa t/r8d3WHL4zfHdT7z8b0nL1RPdy+2zdIuuRuf59vOfSgbxX0iG8t9LhvA/SUbzP0rG9b/4X2C76d WH8u2mepx9ov+/b0X6bZTsYq13z7oTe58kr/NdMV+1z1TPsd3yHSo1/3eb3/pum63aKe79D5Tqjn eb//TofRdzqiM92yt6uXOpLw5Lmeu9sf4bsIzfBdgWb5rkNzfbegBT0MWtwjqZf4uRGjmdkd6lWz ZPeqNzrKepR/06qeZPWGWbH71dvmZHs4IHTU9qSSZt7tT+/JDgjmVPtgQO5o7Mm7q7N6CgOyOdO+ JJDQrHPsIN0NNVI/ybEPOsJxEJrhOALNchyH5jpOBRLorMvNBY6zgWvmbPvyQIo5z74qkN5c7LgA LSOtIq11XA6k09Gb5kL72sBoc6HjGlfeb57uuBkoNZfYNwRymhsdd7h26/6tP6vbCJ3bnQS1dI+A tndnBHLorDvmcvvmQL652r4tUNTs6M6Certzof7uAmi4uzhQZK6z7wyUNg+SLukuC+rM9fY9gcrm 5d1VpLWk0wOV5vruRvRXdc+Cru2eC93QbeF1+56gsXlzdzsq27odwSTzDPv+QE3zzm4vdE+3P1Bj nm0/hE8BGhzRvL87HMwwm+1HMf5Q9yBmMHcv4Wo/GjRG6zG12k8Epplt9tO4t6Pdy6EnSE93r8KT QT2Y1Xyuey12T+qbnfZzgYbmi90bSDff1Svd26DXu3dCb3XvCTS0sO79UKn7EFTpPhrMbUnuPhEs wDwXAzPNdd2noTb7FegC+/VAZUtq9zloJldewX2q9luBOS3Z3Rf/t/J6sLglr/sKZi7svh4sMy/q YoHmlpLuW4Fm3g9WmRc5UTEv7pL4+3JGVfm631LuTIZWO1Ohdc5MaL0zGzrDmQed7SzEe8e5eL9L u5TAPPOKruSAvcXsLPk3tTrLA3bz6q7UgNu8risz4Gux4TsMdVbfVaezLuAzb+zKDgRbFjjroSrp IucM6GLn7GAtZ5Lg9JalTjP4BGwQbGxZ4bSqyS2rnTboOqczuoMHZ/F9MDi3ZaNzgVrXssWpqnV8 JwpaWrY7F/FdybkYir0m2N6yy7lUNbfsda5Qzfz3JehoOeBcjd8dfG+D3pbDznWBnJZjzo3Qk84t se+Yn3++wXDLGef2QIPZ6dwF5c9hsOW8cy9/Js4D0Og7veQ8DL3qPBbw8R0nktQxt6cEuw9W/siI DktPubqio72nGuroqYuuz5EMvspFsjq8PfXqYdO5nhlQvs7kdvh7ZvM1p8esXuIrSaSgI9xjxeox 2GMLCPybHzS23HCeDC5pue08E1xuEZzng6sssvNScK0lwXlVlSwpzhuqYkl33g5uaLntEjBmtEsO brbkuBKC2yz5rpTgTkuRKz24x1LqGg2+8rpyVJul0pUf3G+pcRUFD5nCrlJ1gWWaqzJ41NToqgme MM1yTVPrLA2uhsA1y0zXzOBpyxzXnOC5KG9Yml3NwYuWea55+NRAFMErFrvLHrxucbvc/FNw+b7e 2S0+V5A0Ag3i3m5ZIq6hELMMuZaFJMsy18qQYlnpWhNKtqxxrQ+lWta7NoUyo0zblO/aCoqLchRR imWTawf2DuJGy1bXbugO1z5QHL4boeymIRfUstt1JJRn2ec6Hiq0HHSdCpVYjvCRpgLXWTXTctx1 IVQeJTfzAdfl3luWU65ruBYxquWs6yZItcZ1R822XHDrcPVlbiOew2V3EvSae4Rab7npzgCDHXdn 4X7uuHNVa6vOXRDc2TTaXaxmthrdZaHq1iR3VfAWfwKhutYR7trodztU35rhnq7WtWa5G1Vza657 VmhGa4F7bmh2lDBbi92WkLm1zN0esvLfi5CttcrtAKWD1UPOqLbWur1RAg8tuEdV0kV0lcWkS1un u/1qcmujO6ymts5yD6qZnKhDK1rnupfE+qtJ1/Hfr9DG2JMED4e2kG7ndxXa1WpxLw/tivZJ97a2 u1ep5a0O91rwMKg4dKDV694QZeDQ4Xv0GEh1jVrf6ndvhoa5cmoNnYxq66B7W5RUQ2dal7h3qrNb l7v3QFFHZZV7f5Rag+3/0tB5/lsfukR6Naqta92HwKIg0tCN1g3uoyBPcGnodutm9wl1Qes292no Kvc5MOdN90WwJT6XsBDV1p3uK2G5ebr7On67+cpc2rrHfQu753QPQ3+/RwonmOs8Ct8RPMnhlNZD ntRgRutRT2Y4vfWEJzs8uvW0Jy+c03rOUxjOj63ttHqbF3lKwkWtFz3lWI3XearDpdGVsPWKpy5c 2XrdUx+uab3V7QhPszLPjHBDjAGWe2Zj56JdxirxdTu6R1sVjzk805rssYbnWFP5bmvN9Niw62HV Cjc33/I4w83WbMed8LzmPZ4FgRprnkcN18T25aOeRYFSa6FnMWcJz9JAgrXEs4Lv6Z7VmLncsy5Q aa32bMQeJHm28P3LgzXQWufZhXq9Zy/qsz0Hvt4prDM8h8N262zPMdwbWCJUbjV7TgZv8XcXdlut njPRlTZwx2rznMc8Ts8l7ALYc8M+6wL76XCQ71PhiFX1XA0PWRd5boSXWRd7bodX8ucWXkPzrLcu 9QrhTdYVXjlwhK/h4a0x2oEGB2Maoxr72vAOrtFKeDfpPn4P4YOkR6yrvQmBfOs6bwqe20ZOI5xM goPWLd70WD+LK87CXhA+zlfd8HHrdu/oKFeET8WUU4Tfusubg/2C+vS+jlv3evMD06wHvEUgCnBF +Kz1sLc0RhGD/9Lwvuaj3srATOsxbw30pHdabMf3cw1fsJ7xNkR3+fBl63nvzMAc6yXvHCjqqFz1 Nkd3+fC1e/Qm36fCd0j3ce3TWW9452Hvxg7eZ7Te9tqxU2Mf70tqE7zugLtN9vqgCd4gdrEF3kgg yJ953wjSjOiTaUvxDgWa29K9ywL2ttHelQFfW453TSChLd+7vi+rY0mPM1LcsbxnwaIFHat6VOja nkXqro4NPYvVpR2be5aqhR3belZEyjBmNY7u7FkXqerY07MRR/f3bInUdhzq2R6Z3nG0Zxfc0KGe ver2jhM9ByKNpj09h9WNHad7jkVmdZzrORmZ23Gx50zEgh3zvHq440rPpb5tHdd7rkbaO2713Ig4 ou7AdL3ntnrexvxCxGuTwP9+m+KXI2Fbsj+hf4c52Z/yNYfbUv3pkUFbpn80+tn+nL7Ttjx/fmSJ rdBfFFluK/GXRlbZyv2VkbW2an9NZIOtzj8tsjnqQNvd/gZ4LnI6UU9hq/fPjGyLujzbDFRW22b7 58Bz8b1+Z/sRf3NkZ0ejf15kj83st0f226x+d2Q5/CBGmnb6feo6m80fjByK+qwXL/kjd/0seUyb k3yluyOJOz7/0NdXbz/uXwYlr2Rb4F+pHot5nFx4zEs21Z8esrbP86/B/Iv86yNHbYv9m/ov8ycQ OWFb6t8aZZX+3bYV/h3qYdtq/+6AYFvn3xc5bdvoPxg5F/WDti3+I5GLtu3+45ErxDnXbbv8p+Cp 4awjt7gOMNte/1nsGnDQ2C+gAxLXAHnqAYVfZSA5qrYD/gt4R4fhuVbbjvkvq+u4/x1ItZ30X4v1 M0mzOS8N5MWeJNzrQGFMcVcDJbYz/psDJdE+abntvP+Outd2qVcH9woPO1Btu9prjDrWgbp7tL79 Wm8SntiN3hHQ21y5xwyGo9op9GZEfeXAjE65N0s905nQmwtFHZWU3oKoxxyYfY+aOcUNWEltUe1M 7y2Gc4R/HHB2ju4tg0+EixxY0JnTW6Xe7szvrYUW9U4PCJ2lvY2RQf65DKiki0w7e2cNpHZW9s5V z3fW9FrUG53TetsxsqHXoS5qK/Ju6ssl70D7Ea1d8Cxtpd6tfQVtld4dfcXmQu/uUHlbjXcf3zu8 B/vK2qZxRf9IX1Vbg/d4Xy301F2d6T3bN71tjvdCX2NbM84qinq6tnney32z2uzea31z29zem32W Np/3Tl97Ww1fP7kGs9qC83XhdL5a9jlIvc2b5xsDlW2R+Ul9/rah+SP6wmbz/IygsW3Z/Ky+wbaV 83P7lpAu5+tk36qYt4L2rW1bM7+gb0PUZ7Wtn1/ct7lt0/yyvm1tW+dX9e1s2zG/tm9P2+7506H7 /oe974GKIjvzvVU0TetgDzKOEoYhDMMwDMMYhjHEEIYxBg12V/cwhHFdxkinq7q7qqto+j+NS9DB xkOUZ9B1jHGJ47o+Hs8xrPG4hhDHMS4xLuEYYoxhPT4OIa4xDof4HMK6xDDvu19VAyKTMWd3z3nn JOc7v+/evnXr1v3z/atLVVFXsa2X2sxtfcgHXBfqNmy7AnzTljzXxTph2zXX5Tr3tmuqT3FdrfNu G3EN14W33XTdqGvYNuYarWvaNu66U9fyphOtaIHrbt2uxjbXVN3ebZOiru5AlIgL6w5F9bZ9dR1b PGJS3bEtori07kTjkOqhKI8m2jrBG0K+rrvpiBq5OYrqzkSTxbS63miKLbeuL5ouZtYNRLPEnLor 23Jc6+uubePE5XUj2zaIK+puRnPForqxaL64qm48WiiurZts7BG58Llo8X2tVURIdLW4IaKPlomb IolRqyhEkqOVojuSEq0SvZH0qE0MR7KiTrEhkhtVxKZIftQvtkQKoxFxV6QY+N7I6mixxg9EyrYY xUMRa7RR7IhUbjsmHotURaPiiYgtukPsjjijbeKZiBLdJ/ZG/NF2sS8SiR6m6xvtFAdsh6Nd4pVI Y/SkuDYCNl+8FtkR7VHXThyJtEXPijcj+7Z2i2OR9uh5cTxyGPhkpDPaL5FIV/SSpI+cbCqx+SNw hyUlRs4CT46cjw5KKZH+6JCUHrkEPKtOiF6XciODTQYpPzLUmC8VRq5Hb0nFkVvR29LqyO3GfVJZ ZCI6IVkj96L3pMp6tpmVqjyTbzolW71hmyA5643NBml1/RKoqdSnNhu1q/jrM5qXSJH67K2TUmN9 XnOqLV+s2JIhResLmjNszvqVW0zSjvqS5myprb60OU/aV29qLpDaxY7mAltjPXhn6XD9+maI5eo3 btkqddbbm0ukrnqxuVQ6We9pNkk99cHmctfG+s1NqZQ3r1fv+qWz9VubN0rn67c322n00izSKKXZ Q3dRmoOqxtEYY8spbafifu24qe4VqDsDzZul/vrWbRXUvzdvpffgzdupNDa3qrtD1D5szZQuhc9B +xiJSYP1e7ZMucrr92+Z0nZvcF9FGvIcaN4jptUfbN6v3vVL1+uPNB/Eu84GwpJlzG3m/xLC/I6Z ICwzyfye6JgPWYbo2XhWTxawj7CJ5BE2iV1MFrGPs0vJo2wq+wRZzGayT5PH2Bz2OfI4+y32W2RZ XFncOpISvzb+iyQ13h8fIGnxP4j/AUk3ApFPGjOMFpJhLDduJFZjtbGZvGHcbXyPNBkvGEfJd4xj xglyBXrzGtHhfz8wkkfJArKYVJJHyHpiJ68SgewkG8n/ILtIlLSRn5Ht5Ofkl6SP/IpZSH7BJDKL yIfMo8zjDMPQd5wM9LlJZhlTxbiYNEZitjO5TAuzlylj9jPfYl5n/on5CfNG3Lfjvs2EdUFdiKnT bdU1MfW6Ft1OpkG3W7eb2ar7hu6bzJu6t3X/wER1XbrjzNd0p3TfY1p17+neY9p0P9T9iNmN72Pu 1V3S/Yz5hm5IN8x8U3dD9xumXfdb3W+ZQ7rf6f6d+Xv6FB1zJP6x+MeY/xX/s/gpplMfr89iLuuf 1T/LjOuf0y9nfqf/jL6I+T19w4P5UP8FfSmr06/VW1i9/lX9Rtao/4peYNP0cLPAZuhD+kb2Bf3X 9LvYz+jb9O3sy/q39R2sib45wVbou/Q/Zr+kv6i/yPr0A/pB1q+/pr/G/o1+WD/MNuh/rb/FfpU+ j8W+qf9AP85u10/op9iWBJKwiN2dkJzwOPt2wrKEp9l/SMhO+DR7POHzCQp7NiGQsIcdTXgr4a24 xIRvJLTHLUp4J6Er7jH6f1XjliV8N6E7Li2hJ+EHcen0eaC47ISfJwzGrUi4mnAjbmXCbxL+PW6N IdtwIq7S8MGCp+J+afy98fc6+r5chHQATyS59J3t1Rc1ZGswTeezd/auW7qzr9S5brzUunNg55Wd 18qmdo7svFm6o7yrNaU1vTWrdLA1tzW/tbC1uHV1axmXw63aOcbt3Tm+RlyzfedkK2nVtya2JnOr 1thBwhJA3m+jvP+OMCDvkyD1HzIfkjiQ8SSiM37W+FkSb3zZ+DLRQ+0n8TlVwr7DvkMY9tvstwnL Hme/A7XfZd8l8ficqp79CfsTYsD3xBawP2Mvk4X4hGoiPpu6iP0l+0tixKdSH2V/y/4WdIc+d5oc x8Qx0/9TOD5OT5bie2UpcUvjlpJPxKXEpZBUfI70ibicuBzyJL4zlh5XHFdMMvANsafiVsV9nmTi OzNZ+ETHMzCiRCYZ55VyIq8lDfJamZMr5A3yJlmQ3bJXDssNchPwFnmXvFc+gDgkd8jH4NgJuVs+ I/fKffKAfEW+Jo/IN+UxeVyeVIiiVxKVZCVFSVeyELlKvlKoFCurlTLFqlQqVffRoGJTnIqi+Kcp ojQqUWXHLGpT9intCkSwSud9NARoVLqUk0oPpDE6q5xX+oFTuqRchxZvQb3bkJtQ7tWwNYYaI7TZ WbOkJrUmoyYbxs8sUDSbQt9oX4xzkgIUR9KAdCSbPEviSR5QAvkUkIEUAS0gxUALSQnQI6SUrMFn z81gk+hbmY+SvyZVJIlsAkoGqySQx4gItIQESBDfx9yMb2JuwefNt5FUsFa7yRPkG0BPkr8DSif/ E2T/k+QdoKdIF1Am+R7Q0+T7QFnkXaBnyD+TXuhfH1AO/q/s58gg+VfQlv8DlEd+BfQC+TXQcnKH fAB9v0v+g7xIpoBeYlgmgaxgFoJlLMKnyz8HljGJFOPT5SVMOvMUeYV5mnmafAHfBi0FW1mO73tW kbXMlxkb+SJjZ+zEjE+ac/jup4VRGIVYmVqmlrzKhJgwKWe+yjSRCrCs28kGsK1fI3/N7GRayRtM G9NGvozvfm4CO9tNqpkepofwzFnmB0RgzjM/Ik7mX5h/ISLzY6afSCi/MtiIHKIYcg25pBaf3fMa XjQUEB8+rxcwFBmKSNBQYighIXzPKIxP59UZbIavkHoDb+DJ38Da3iATKPuF9LsT7kJAMWA1oAxg 1VCpoQpgI3/lLnavdpe5re5Kd5Xb5na6FbffHQHe6I66dwC1ufe5292H3Z3uLvdJd4/7rPu8u999 yT3oHnJfd99y33ZPuO/JrGyQjfISOVXOkLOB8uQCeaVcIpfKJrlcXi9vlO2yKHvkoLxZ3qoslLfL rfIeeb98UD4iH5WPy6fk0/I5oAvyRfmyfBVoWL4hj8p35LvylKIDSlKWKmn0/4vG2+MlcJFfNm7C ry+s+S+TbwvQoyjlSSjli1HKH0MpX4JS/jhK+VKU8hSU8lSU8idQytNQytNRyj+JUp6BUp6JUv40 SnkWSvkzKOXZKOXPopQ/R/qBclHWn0dZz0NZX46y/imU9XyU9RdR1l9CWf80yDpLClG+P4Py/Vnm SSYd5J5KdjFK9sso2SX49sQrKM2rUJo/j9K8GqX5CyDNXwUd2MJsAR2g71B8EaW5DKXZxPwt87eg D1SmOXx7woLSbEVpLmf6QY4rmIvMRfIlw+uG10mlocpQRV43SAaJvs2dtDVpB6xTIsz9I/jUEJFO AnoAZwHntbJ+wCXAIGCIlukWS6e83XLlHwfWqfKvl057z0jnvL2y7X7QMumCt092AhT/RgrpondA 9v9x0DrSZe8V6ar3mhyZAf0tDXtH5EZA1G+Xbnhvyjv+OLBOm1+URr1j8j7vmHTHO464652U2wGH fbcx3+n3yF3+oDTlI26dTy+fnAH+7vFvdi/0JcpnPwbn/Vvlfv92d5IvGbHUl+JO86XLl1TQPB2b PDgD+tud6cuSh3xZNEXk+HLl6x8PWs+93JfvXuErlG/dD3eRrzjW7my4V/lWy7dn4F7rK3sY1A6H 09ycz+qu8FXOiw2+KoraG+FMCvcmn+2hIPicbrdPeQBen5+idjSQ5A77Ig+D2jvhHHeDrxHR5Isi Wnw7KGrvhpfT1HM7lOce8V137/K1uff69s1F7VR4hfuAr/3j4NWFi7CNQ77DiA5fp/uYr+s+nPCd fADdvp77cMZ39qHR6zvv7vP1P4AB3yX3Fd/gA7jmG7oPdNwPAXnC3+q+6bvlHvPdnhdwTL7n36Ow /v1Yb9w38VCY9N2TiZ+dC9qGYgAY/Qdlvd/wMFCW+I/IiX7jNJL9S6ZBj6cCMvxHMZ/tP67k+U/J Kf5U7O8cKAX+0zimdH/Gx0FZ6T+nlPgvzD5fzvJn34dcf94DoOeW+i/K+f4CxeS/jGm5/+p8/fko yIX+lXKxv+QBrPaXymV+0wOw+stnQ1nvH47Z9vtssWYrYzZO2ei/EbNBit0/OtuOTMvJrHWdXpfY HIn+O9Nz6/Hfnd0naku8C8GmgO57k1Qb4F2q6TDVqzRfO/UbVN69mYCc8KqYPHuX+wbpdehxJeif UjYHdMrWwEJleyCJ+helNbCUltOxKXsCacr+QCa1r8rBQA61k8qRwHLlaGAF9QHK8UARte04ZpB3 5VRgVcw+K6cDa5VzAY6OW7kQqKBzoVwMbKC2k7aJuBzYpFwNCMpwwK3cCHiV0UBYuRNoUO4GmtBH Uh9EfQKdwynwk5o/q9F5x2PzXLMwkFmTFGihbeCxpYFdNWmBveh7Yr521hpNt0mh+ZSYL6B9or6x JjNwgPatJidwaHqdaX1YO7r26JfB59Gx1SwPdNCymhXgw0+roP6azu99uKj6ZfRZ1B/DdWK+mKYI kB86trk+lqYUNUU+QkF9bMyvxlCzypdMEfOR6DM13zjbV97nIzU/GUPNWvCDsMbo+8Af1nC+YgqU W+rnVqmYtlmAmorAMUw3BE7UbAp0o46B/agRAmdq3IHeGm+gryYcGMBy0GHqP1BvQY+oPtU0BK7U NAWuUVtU0xIYQdup6UHMLlLZou1QO1ezC2xTTEfoeoHdoufHbOBc3ZqrVzH7Mq1bVA7BbtbsDdzE NT8QGIudj/VB32oOBcZrOgKTtN81x4Kk5kRQT2042iQ6hu5gYs2ZYDKe93E2SOtXTa9qx6f7YZhl o7Q+41jn2OPp8YAdjuEjbd1H2NOaPi0d8BfQMcXwgJ2cbSupfYzZyFn2ENeetkPrUNsEc1BzxX/R uyK81lsU5ihobEPXm8Y03lXhCiwDm+WpDLZ514Y3xOIXLxfe5NEHV6Mdg7jDWxEWMKYAm+bJDyoe EiyOxQTeDWE32jTq/2ncQG3dprCX+mivEIZMuMGzOtjo9YabvOFwi7chvMvbFN7rbQkf8O4KH8KY TLOX9FyMzWJxE415YjEKbUtrA/u4N9xB7SX2KxbbxeKw8IwNRsRiGC32oG3ReMx7IHyMxjveQ+ET 0+fT+nQ89DeNBWnMBWPzdoS7sYzGjTFoceJ9mBsLarHffdDmdW5cNw0ai8UwN66LxWjzxGbeYyo+ Njajsdfs+IvGXLG4a3aMRftKz6V1YnMyV7dA/2quBVMe0KuRYHosxqq5GcyqGQvmUls0ba/Gg/lU rmsmg4UoT7FyqEP1isofponBMk9y0Ir5lGClJz1YRTFb3zxZQRu1EZ7coBPlszDofyCOAXiKgxEE yCMF6iHYLU9ZMIqpNbgjpoNUJzxVwX0eW7B9Wv9ArzzO4GGqbx4l2OnxB7s8keBJ6ntiQHtE77Go /sGYPY3BHk80eBbbBvvh2RE8j+PU6nvagv2efcFLnvbgoOdwcIjaIk9n8LqnK3jLczJ429MTnKD+ jwLtE8QEnrPBe57zIZbaY09/yEDllPpCz6WQ0TMYWuIZCqXifF0PZXhuhbLpfYJnIlRA58lzL7SS 1q9lQyW1hlBprTFkojEgtf8x21y7JFRemxpaT0HbQz9D74cyQhvpvNdmh+y1eSGRylltQciDNgzW sXZlKIjHSkKbsY3S0FZqy2tNoe215aHW2vWhPbUbQ/tr7aGDtWLoSK0ndLQ2GDpO57d2c+gU2jIY f+3W0GlMt4fOUXmobQ1dqN0Tuli7P3S59mDoakx+aAxO44/aI6Hh2qOhG7XHQ6NYrtnc2lOhO7Wn Q3dp+1RPas+FpmovhHW1F8MLp2U1dh+g+Siar70cTqJ1aq+Gl9IywhLGuN3YRshf/r7yZ/T3lVFy Z+bvAEKEKEK7cFjoFLqEk0KPcPZL24XzQr9wCfigMCRENDqMuC7cEho1ui1MCPccrMPgMDqWOFId GY5sR56joDLJsdJRUrnKUeowOcqFNpUcSygc6x0bhX0qOewO0eFxBB2bHVsd2x2tjj2O/Y6DjiOO o47jjlOO045zjgtCNEZQ46LjsuOqY1jYoZLjhmPUcQfq3cX+0R7RmvQYvSJcge7zLzoKsr3uv2Qf 1AK68SrQYtwHTcZ90MdwH/Rx3AddSkTiJsuIApSKu6FP4G7ok7gb+kncDc3A3dCncDf0adwNzcLd 0GdwN/RZ3A3Nwd3Q53A3NBd3Q5/H3dA80Ll+spxcBHoRd0MLcDf0JdwN/TTuhhaSX5PfkM+Q94GK cE/0c7gn+jLuib6Ce6KrcE/087gn+gUmnUknpbgnugb3RNfinugXcU+0DPdE1+GeqAn3RM24J8ox X2W2ECvzJvMmeQ33RCtwT/RLuCf6Ou6GrgdN/y75K+Z7zPdIFe6JvoF7ol/GPdFq3Q7dTmLD7xDa dd267xEB9Po8cepu6n5DRNDfCZhL+rfAxhlZ5TeQAn4Dv4kXeDfvBQrzDXwT38Lv4vfyB/hDSDf5 MX6cn6QLIuiFRCFZSBHShSwhV8inxHfwx/gTfDd/BqkXeR8/APwKf40foUTlhn0e5OYFTW6S8fpU YlhYo2dBeqis6GD+C0B6qKzoUVYSQFLWgAzRPfMFIB1VIENUPh5B+UjEffJFMC4ZJIlKQxLIwm6Q JyoHySAFHSBPVAKWkO8APY4SsBQlYBmsfy/ILd0P/wSs+b+ChNFVfwJXPQ33wJ+Elb9F0nGNM5gk WOOncHUzcV2fxhXNYqoZG3kGV/RZWFEvyWHCsKK5uMv9PNMKq5iHq/gCruJy3NP+FPNdppvkE8ZQ aCieWQ/7Md1i+7G5xN8TWPsJe3eM+E77GY1655JgsPfZB1QSjPYr9ivCEiiZQ0KqkGG/BjQCdJOS kI3pmH08RkKeffJBEgqwhUmeaKRXSVjJJ/KJQgnw5AdJKOVT+PRpyqJ1NcrVKH8uSflSIV/IF8fI 6edXa1Q2l6Ri3hq7lrSarwTKgpI5JJziI3wVEL2ejZLrKN8GqRPPQHJ4H2ydL3NdwBbKYjPLKypJ Zbyf90u5wCMPkmSF8TXGCM6KTtMOjR6cKZNQDn3aFyNhPd9OSdg4MxMxEuz8Yb4zRrjiIt91Pwke QJA/idTD9wibtfKtwnZIz8ZGBL0jQit//kES9vD9wn7+Ej9ISTjID6kkHOFvQ8l1/rpwlL8+084M Ccdhjm5N021+YppsKgmnqHwLp1F2+4RzwgWUsYs4E5dRoq5CbhjH2yXcEEaxR6PYX7UlKimVuEpW qUqyoTQ4cfYVOtOCR7gDunNC2Aiac0a4y+cKU9B6m0NnH3AsdCSBLI84loK8TzrS+KgjE2Q52b7Q kQNzlexIAjnRQ93ljhWOIr7Rscqx1sFBj6n8JzsqcJQjsGImXu/Y4CiCFjc5BGiLai2OiNbUdIWu rt5+xeHmzzu89mOOMJQnQr1u+00+0dEAuRPCsKPJfsbR4tjl2Os44Djk6EBdvqKS45jjBNVXR7fj DFCvow+0dUzVWMeA4wq9Gr2S4xr0ZoTqpIO2fMYx5hh3TDqJU8+nOBM1/aMamOtMdoyBrLWhvLXD 0RS+n+9xpvPtzixnrjOfH3IWwvrCajmSnMXO1c4yGEMXfx7mPkUod1qdlVC7CsjGn3QWUwnEUeJa 0XpAIDF0lpxOgMKfBx1OdkagfMLZ6Iw6bc4dTri2c5+z3XnY2ens4tuEUedJKu/OHudZ53lnv/MS lXGQJVxz56BwFKStxznkGHNeB7rlvM2fpQTHJpwnnfdgBP38oPO6i+WHXAYqp8Cvu4yuJa5UV4aj w5XNK648/parAOSRSqTNtdJVAte8DhI6Qccn+flCKeK6AbOyWmoEa2uD8Zx36MCyRKUdYAVypTaw FGXOFJdH2mc/wBfbOeclqV06TPUaZAZmS+qUuqSTzlypRzoLEgqWA+SxEGcnVyqWitUafLJYIZ2H tqi9QwnGmmhlqARDW5VSP58iXQIZH4QjUahXDP3xS0OQK3QOSdf51cJp50nXaemWdFuaQCuoWTLp noSW1dkjVUqVbtZtADvnVG2d2+heQq9Gr+RO5RV3BrVmwP3uDHe2O89d4NrvBovuHFItF9quHZLi LnEb+SF3Ke2JqxTWicrOkMvkKqfyo5IjCfpd5lpPbZJro9PmsvOX7AMuEeSqC67S5fKAxch2Bfmz rs2urXBku4vaHadrj2u/nbNzroNgb7JBcvz2SdcR11HXcdcp12nXOf46yBnV9EK+x3XBdZH3uy67 rjqdrmFHA5/ouuEahfVM4W32bkF0nQMNbgObdR2O3HHddU3x7aJOXCgmiUtBR3aIaWKmmMNXisvF FWIR3yauglbbxLUix1dByzaxAvrUZufEDeImURDdolcMQx+tIA07wNa3iQ1ik9jCJ4q7+DJxL+jx AN8lHoBzumB9esRDfLvLI3bAHB11eVweRxLMgc1ZKR4TT4gdMA9RsVs8I/Y6rWKfOCBeEa+JI+JN sY/vh3TMGRHHxUlnpUTEJFe5pJcS+QkpWUqR0qUsMUnKFW5gNPXCX+4w/4zuMEXixacaltL/NWPL JYwtSpbYsoHygAqAVgKV2EqqgGylttLqquoqmwmo3FaOZeuBNgLRMjuQCATnbfBu8No8QEFbEK7D Gq3GV+EaSXhHQ/COhsV7mTiMeXV4LxOPdzF6jHkT8C7GgHcxC/DO5RG8c0nEmNeIMe+jGPMm4T3L YrxbeYwwSUKSB8eUTu8Iqk8RpvoipKchvaxbXJZTfeFhsK4f0uWAFR+BIhXrhlSUrXpIrAVw86BC xboJSDc8HEwspJs0CBrcKtbZ1NSUCsiAvBcQfhCmPEgbPh6mlYASyDdpaAHsmoO182DvHBz4E3AI 0DEPjs3TLsWJOeh+OFjp3J8B9H4E+lRYN6goG3hIXAFcmwcjKqx03W4+HKx0bcc0jGuYVGF1q6nF DuteCSAA/YOwggysS/x4WMNaG8kaUgDpc5A1D3LnIP9PQCGgeB6sBpTNA+scVD4cTCKkVap+zAs4 ZvIAglo950NCAfjnQZXW5lZIIw8H03ZIG2chOguxOnu0dD/gIOR3zFxrNkxHtHzbx8N0FHB8Thv7 5qB9HtBzT0F6GNLTWnpu/v58JDoBXfPgJKBnHpy9H6YL1TP2e7a9jdnLmB27OGNfTJfvtx/TcjJ7 XWPrEpujq7Pmdvj+Pk3blNk2QNPfmG6hz9Bk3gp9uE+mI+px0w3AKOCOaiOofzFNqeV0TGYdYKFq X6uPq3bSvBSQVo0+wJxZrdr3BlXezTkz9tkMPs28Qh2vuUidB/Mq1V7SNhG0XVhPM9hFM8ydGfpg pu26tfmNzSftP/WTMR8mzMwzttOktkGPmcFfmHdp/Zq7TnPWaNqfaOuEY6V92av2zXxg1vkN2vrR 33Rcbm1sh7Sy5bNQNA/m+uWKebChesa/zvKx0/DOwlwfG/OX/xk/eaj6fl94rHrGB87yd9M2C2Du 1VLwW+YBrRzshxl8khl8kBn8j/mmVt6u+g/U2wuqPpnBz5jHVVtkntT0IqYHml1E2RrR7Fx0Rkfo elG7Rc+ftoFzdWuOXk3bl1j/F6opp1fXnEucdX6bqm8c+CYuRe03Bz6Joz7IptkkGAMHPojL1877 OPsz147PVyfW53ns8TR2zMJHXevj7OnhOZhrJ2fbypPVMzZytk2s0s7t0o5VqjbaCvJjPaaCxjZ0 vTGuOaGVgaxw5yFP7ZgWv1ghNuIimi2DNbVS2dKr9oyjc0/nS4sJrH2aLaP+P0Wzc1T+wEdboT0r tMdBf600/qFxDciZlbYJMvYq0exnzF7ma7FZLG4ar56JUa7MtEGPvapX7SXt1wN2eI4Nno5hYnaY jhPaepUeA5l6NXnmfKxfpv3u1fQExvZqilZ2Zhb65sHcWHBkHmjzOjeuiwFjsRjmxnWxGO0/E5sV Vt8ff62unom7ZsVYtK94bvHMnDygW6B/nPVBveIqq6djLI7qtU21RbF6nFOVa07R5ClmB66oesVp +sWBXeE0veNAx7g2FbP1jaN6RcvbNfnsrH4wjgFwXRpOqkDdo+33aOnZGR2kOsGBr+MuzdI/aoMG VX3jwEdz1wG3VN8TAx0vvcei80THzN0GTGhtwzi4e9o4tfoWuKezGABGwJJqtEWWVADcw1myAXmq /6PAGARiAksBYKVqjy0lmpyCL7SUAkyAcnW+LOsBG9X7BIuozpPFo9a3gO+wbAZsVWNAav9jttkC PsDSqsGk+hkq25Y96rxbIAa1HFTlzHJEnUe6jpaj2rHjWhunVFtugRjRAvGhBWyPBeIxC8RhFoir LBBPWW6o82sZ1ewYHf8dLb2ryoMFYiErxEBW8BHWpFnyo6jxgBViISvEQtZMrVyzuVaIB6zLtfUD PbHCHFkhBrCumiWrsfuAmI+CvHWtWsfKqWX0aYxF5xb98C9PY/w57ZXpcnW99C+qbB/5R0ISMgDZ gDxAAWAloGRWWgowAcoB6wEbAXaACPAAgoDNgK2A7YBWwB7AfsBBwBHAUQ3HAacApwHnABcAFwGX AVcBw4Ab2jVHPyK9o6V3tfpThBh0arlhISBJ69uolsIYDEsBaYBMtXw6zQEsV/tqWDEzZkMRYBVg LYBT2zFUqNczbABsAghauRvgBYTVdg0NgCZAC2AXYC/gAOAQoANwTEtPzEpj9bsBZ7T0kHbemVnH ewF9gAHAFcA1wMhMSufFcBMw9ieksbkYB0yqc/mnpDgns9Ny9Z/N0/ZxnbRyvN4sLNADEmdSXMth rV3AgmRAirbeUL4gfSZdkAXIJf9o6jMNmK6YrplGTDcRY6Zx06SZmPXmRHOyOcWcbs4y55rzzYXm YvNqc5nZaq4EqjLbzE6zYvabI+ZGc9S8w9xm3mduRxw2d+LvLqCT5h7AWfN5c7/5knkQWhyC1q6b b5lvIybM9ziWM3BGbgmXymVw2VweVwC/V3IlXCln4sq59dxGzs6JnIcLcpu5rdx2rpXbw+3nDnJH uKPcce4Ud5o7x13gLuLx/dxl7io3zN3gRrk73F1uyqKjsCy0JFmWzos0S6YlxzRmWa7RCqD58kVA qyxrLRzkKzTaYNmEEIDcQF5L2NJgabK0IHZZ9oJP+MS832Mg2vcYDPg9hoX4PYZE/B6DEb/HkITf Y0jG7zEswe8xLMXvMSzDLzF8wphhfJE8YXzJWEpeMPJGkbxiVIw+ssYYNNYTs7HRuIW8Zowam8mX jLuN3yevG981niFbjReM75Mm/DZDx//HPWOYZMaLz6v00P81n1miATQh06ShXMP6WXkKsKyZdi1P 64la3qMhqAGsbSZY20ywtplgbTP3aHX3a/Vp2cFZv49o6VENx2dd85T2+zR53gQia6owbTBtMtE/ 2buRCyYvUNjUYGoytZh2acSZ9poOmA6ZOqD0GJQfMp0wdUPdM6Ze0ElVK8OglwOmEVirR/E7HAS/ wMHiFzjijAXGAqIzrjGuJfHGdUYLScCvcSQaq412WAfJKJMnjX5jgGQYNxu/SjKNTcZtJNt42nia 5BjfM75HnjOOGkdJ7n9z68zUG7ovAK8C6WCmHsH8Qsy/iPkXMf+Srgz4ivggltux/BuYbwVeEP8d zJdhXj33RcyX47mfAr4cy1foPNgOPbcA29+oe4ny+Dfos0/xmyG/RLea8vgQ8BNY52163T9g/g/v Yh+asFzG/EuYfwnzK9Teanwzch/WgTb/8Evd88CHtRE9j0ffwF7hSHWfxXFJ2HOR5uMGMW/AowTP +t9YUoPnmrHkUcy/gufWYWuPYk9eQR6PdQqxjhN4PubzMV+gK8JyN+YLsQUsR/4SHi3Ao5/RfY7y eBl7UoQ1af6luDtYR52HVmztNLZWhvm3sSbln9J1Yh2Vr0RegXUEbP8Utg8zw75Gr86+EG8D3hwP ms6GMf8K8sF4P/BGWodhkb+F9bHPLKE8zok134rngXdgm4tpCfMLmmc+wKO7sf4arP91zC/B1j5A Poz1J3U/hnJW90PgFbrL9Co0z/wWS5y6XwAvpnXIBOWMCfl/IH+X8rg4rLkO23md1md+hS10Yv7b ePSLWP9DrJ+L+RvIzyH/J6z/vq4WanLx/wz5u1SGWX38e5CfouWMPb4P+IgOpIJNpXXI+/FvAv8d 5cwNrQR4XAG2k4o8Dc91IN+NfJnuQzz6Fcj/hHL2GuZPIx9A/pZuI10j/fvITyE/irwF+RjlCSlw rRXqCmLNZj39nood868gX6Txo8hbkNNzl2HNXjx6HEsGsaQRSw6p607zwE8hP4q8BfkYclp/HdZs wLOIyuO/SaUC829hzzsw34O8Qys5irwF+RjyUhjL2fgWlCKRcrz6L5B/gOfu1vgp5EeRtyCnLezG 2fg6rRO3H/nXsc8fIB/GdoZpn5n34/uBjyN/P/5byL3Iq5GjJMSPQgvLcL3uYs1h5Lc0/ibKwDkq G1gyhS1MYQtT2MIUSsUIHh3BkhGtpAd4HI7lqfhelJl+5F7k1ch/SjlKwrAqYzQPkkZb+ynm34f4 nvYBStgijcNY2B9RKWXTsCQNS9JQu9Noy8B/iLwHJfMYjHGzKp/Ychvy3dq5VC8CKPPL6P/shmt9 C7kXeTXyHyIfRU7bvIbnXsPZGMDWBjD/Fubf1jidvT7s52sJtLVFKlclDfMdKo//Pq6sF9eRHv0A 8+/rX6YzrHLaK4IlcH9LeSqWD+DKDmDJCdSRbOQZaIVeRPvWrM8BvgXLf422aBzze6g3Yf4Nbdoi 1R7SmszCeBfwx9CaRZEvw9nowjp5qAs/x/xryDs1Gwi+hsH22QTK9T+lq6/fSWcjHm2pzkbnRN9N 8/o8mo+7ibLdiXJSgNLbj2d1x5+g5+q6sFf0qFu153pqOZ+nHHTzMurUZdQjqh3PYH43Hv03bYwB 7I8Tz30H67+D84wWJv4mnR/KwVZTrq7XC3rwlWwY6y/CfC/Wb9Ssx1G0Ay3UO6AOOrH8LeSLkT+D V/kF8g8TyuhqJhzD69Kja+gqg+bS/BKN0zY/rdnkg5BPQZn8f7SdeXgVRdbwq6u6+8YQCsQQISyG yI7sEQEZNlnCIgLCiIgoq4igkV1k2ERFRhEUFdlEZBQRXEFBFhEhKCKbLIKKjDLIIAaECAzCzVfn 13eeR/K+f4zzfd/j4y+nT506XXXqVFVX5+ayC00GPBiWkfFlvX2JfL6NdXuFrKLBbnJyp1gGVcm9 JNG4sZMcTpX13NsWzWJ3bnY7AuOyWyLs1oEPybEPmZURNzNfPoSb2UFkrU6Xui6eH1FrEjNoEnko dxkprTLtpNS0i1YV3z23eOWY4y2ptSo8x/og9g2ltS6TRXNUZrrL8L2ys9Dyeon1ZxKWcpfFcCbc GFYROXyKmXuL7DLM3G8oXZtgNENF7hbWoPQEmhO0XyLcINwlax2tnS+7ofcFe2I6rb2E/h1iXg45 g758L09NurMv/rf71vGYPEnq0kI3XpNYVWTU5tDHBTLXTF32wWpCk+E7jf4Mz3OxPIPn75C/Q26L /20SeUfx3J423y9UbyMfh7cFyUqeK8T/jYxUdTxsj/ZfeaZyzwl9WP0kw6fx9HLcH0wvJN+upXQO Ld/FvdbhLV166n8p0QiIiX+O8R0l+7tJE29mr8j+jcht6G8evTjHWnGOmZhOO1nt9Vppocmi71ck WistyUS+znfPsd4Wev2B754Mvea07VPqku26sT9E5ji1usnzsO5mfnac5bd2npsyjiv8/pKfeq6T 9+DtxwTF20v4uR6f9Xzf8Qehy7pySp7KXARMjDi8Rq1hcAY5cMyX6L2Jh6rwBfx0Qh5J3+cT55b0 cTC1foTfwHslYu4pS3oxWZ5anXyFZAV70FC89aWd3fATBs/LCpDIRundGtpzIawoDM7AvXAd+kzY XtaE6JlTLHUd2DjYzz4icpvoKRQ/u+AW/GzBzxb8fI39QOwHikbnoGmCplP01CqyOistcdwL16HP RBb7otGTLXdZF5HnqHb4aSd1dXfk7pEsfhzXoc+E5dCUJX943sDnD3jLh0vgcrjMlx2wLT7b4rMt Ptvisy0+2xKltuLZVBdLU50IbMTDRuSVyCulFy6qC2i/8L2ovyK7ti3AzwJqncGDaBrSznMJbmVm SRu6BrWZrTI6k3x52tyQOB3IXTb7+5iznA7EUkVP8kd4ti/NKSAbfoa30vg/C/fBZdTtAdtQdxX6 H+E232VpmCn9CpcK/cFi428PVruZzr3CYYHsU72IVQ4R+Bf2VqIaLmVe16W1u8iTH+CMxDllP6OT S07uZ9T2ExnyU2aZi0BlGangasd5nIk0luWx3IU8hbs3ifKNsXhdNMYwUgZ9O+x/gOfgEpjLk/yS 8Ch3EU2BjIsbX5GPJshYI6+KMkc0LhPaM4LtGXF3plZTzJfuXNkpKCIM3Rn20g6ZiZd2BG6UzVye lLZKTPxGsu/4A0Q278Bn0S+R5zH/JVZF7N2zsTwXXUPdDjwX3Yflx3Le9LfIKm04P5rucnb2i1P6 HrX+JoyVQZ+Gh4twGfZ3kyfjZSzMSomtOYTcFtYX+hkyRn4muTEV+4/IqAPCYDE29cmKdLE0TzCy PyMPprQapaXIllZ4iM6qy2A292rGU8FL7IBtJGLmB3aQqayNm9g1cuX5xCzkiXQ6e9Aing/HoXmU p5o8/KyHe+BeeAA/R+B2OJq96QD77Cph8DHyeLia1fUse9Dj8vzm1+Ap7kBCfh8uhVNhnpTKySs4 TvzbYZkCG4W3O0YnMk6IZnWCS+FUKB7ewXIMtVaKxlE0nUUT9CYrevGsOxp2gDk8GQ7j+bMNZ1Ke YP3K5M8a7oWlmSprqY/GUXpxDM+VEnwfLoVTofMWVJMzafgRObMlSHO1iuBtIewHOZ/6qfT9IeT3 E3wfLoVTKZV+PSSx8teJHCsXvgh7iH9q+QlKfDgjmGUSB9OMp75xCc6HOfAuSC7Jk1uYzLjfiWUb WRuDSsEWJ58MPnZ8Ef2+BHPgXXAzrC35Rmkumlw0T8izrnlLZqj3F56ly8M/wdE8W2ZwDmrEs+t1 PBVPJ6NGk7HT5TlQt8Hze8gPcXpdQdu+Rf+t+PE70P5DovHLJDgf5sC7oMyvKtIq/xo5w4avRTkv M0IfwVsRuJAnhInMo1SeHx4k/+dReiDB+TAH3gU3Y+Pi6VeQuwQfyztGR7FZTa3VyKlE4CxROhgs ZS6Ul9KInFiPyonVPyaaYJ20xH8f+SSyT5742I8LfmIUIsrpdYecXl00JCu2+xNpm2SsQl5Ny1dT Gq2iTWGRINVRyXgFpcMuTl4k+qACmfwtfCixlsrKs5a1dCY207B/nRn3M/OoCCtqQ1bgOchrZAV2 eeVqBRsYl1x8cno1z+B5KN5qIL8v5193wpXSHCzXCpPWSYYnKU5bL+CZdyaxaLX/nNPNVGbocWbQ SmbH9ZDTsVmOh9fwpvxHXa21+PlA2ubznsrnROzGQvbQAZyFh4vsPOTBPczrPLiH2ZoH99Da95z8 FHdcRZQuyjOAmcvqtAX6tG2NnJH9V+AIoeHNidkaPib7HbN4JvJK7F+i7lPM9KmiCQfJahDeh/5j 7A/D7nBheFYY6yk7HTZ/k8yJlUFOg/XxdhH7WbQ5WXYHv4S8p/JrB+nkj8ha2hackNH3SzB3xkXn TfJhWfCp5Ino/R8SZ2p5Y7mUM04j5nVb2SNi2YzdXkbqRpHD5KCoKz3PnrVaTsQue2VNaCWlsWx2 loUym9x69SHczLr0IZQ9tD3vkWqgP4T+EPqT6I+gP4C+F96+5S7RyWscO+MeuFruGxyWHoW8jzXv cuJexB43W+z1J3K+dqvcXUT4HG2WdamRnLXDosz6PGb3eqGL5DbWmdq0RLid0iI8FxWRJx+3Hl5i LsxnxZDS8XBqYvWQWvtZNz6Sc7ezmYN+Du1nvQonOPl92tzaL+P4stDPIP5v09OvGZ1R2NyWsBRN ec5Bn0kf/SvljGx4q2yiU9tXnNo+ZU1+mDiUZdxrci57kWwpFbi1KEyi1jmeEN6S83gw2HcnC386 a+z91L2fuk8iL5F76Ru4Y1/G5SVO/f3p0eOccPcwI3w0T8mp3K9BO+/A/hR3pFXBFORxcjY3DyBH NkPx0ADeKc9L7rlRZuVq/2rZF2jhj+R5dJpuQSa0pe+1zVrXr57iJxwBxwr9hf5yVk6ZETeJHIwJ xtAqiWc3bKLfd6xjNQuk1AyXXSzw8FOc+K+mhX+Tc7c5iHxSTuumLnJbOa2bN+hLMWlJwAzyb/NL O80C2j/RnHScYFwm+MflNz7hKzwT9pHTuuudtKeMnNnNNHwOT1BiWBTeJuf0YDW8Xc4R5jfpe5hG BNpzBv+eWnfLOd2URF5PaT7t+SctfBf9L/wuI0MiE1bl7k3hXfR3CGyQeLaUXbU0tbbJyV1/KSd3 8zjxKc37w8O0sA9sz+g8wTh2kFFz2euol6MpSzvncIqZCZtFMieUmcy1mZx0ZsqpypW6k0hQhSfq DVg+AlcGj7Ieimxhh4h46ICHDnhoi2UeZ70aovFroNmPZo7vRtyjrq4IH+O8fCvn5Vs5hTXifPei nJVcJjh7PQjLA9wxjefPmnirKXX9VsiTIqKZJN4c16HPhOXY2V1kgl30brDvToVmHj4b4T/qXVP4 sJw9XfvpBT5r4LMGPc2jp3kSK/828Ry2CnbDRySL8PB2ROLTFzmbODQLOxIr4S2c3w/K+d31oqO8 +/J3cd+OzKCv8XAGbx1lt5JWuZVHONev5Njbn+z0Y1hROS+787WUPgHLomnqT3Fyji9tq4mG9dYv x1j8DH8Rmq3CYLvQrwknSd2gFncpic92sDFcjLepUazwcBJWJcIPwaGy4sW2SASSOhHP85z77uMt /VCRYyG7Xh8pDaoQ4a1YtkIeIHJsi3hL6iRPJkGc82Aj+hXlRkNGuRXjMg85FQ9NsHlD3g+YuyX+ fjqj8Da5UUF2MXNUemeWIxdHHo/NIViTWpkwldFMk7rBIhnxYDH6+li+xig/IbL+GU2jsAGcJfmG ZWkZTZcnj7IGCnficxlyJdqcSgwfFr2zPE9rzzND+a19wevKU6bgM+Tl8ttqWK/gNeRqcKr8xjxR +jpchP1Y5Iil4Ez0Ud03kd/E2zL4LZpvkb/Cxul1lwJ5I1oTPgpHwWbwKzhe6GmhykdTDyqhGYj8 HHwVXpmQ5bcG+6l7Bs1M2JpaTyOnUnoYXkDDXXRXNCeRI/9NuPtZeIDSf8F1eDPYtIPd0f+QkKUN S9AsR9MWuYBa1ZGPwo1wJfwJy47I55FD5DgsBb+PV5cnQ9qDvfpVNCaKTFmYLhqPXnu3wR3ov0Fe C3diE0WvS7yF85AVjYXIuhlcABdGo4BcDyr4HHw1Lk+nG6L4i8Z7C56h9As8z456h3x1FHls4thU iPqC5jCtOoq8K9GXFvQrydUdS91xolHEx5uAZb14J3oxh5bPobVzaJtwJpoz8Cc0FYQqksvCdHiE O1aGGbAu/JF7RRn4DPI/YHq8pWM35KsY2SlRTopev4l8XVxO33uRG6MnK3RMGJJp4WihvxoPlyQC 4VCRg62M9atRZArmym8bsf9rlBt4e4Y2nMPmX8Sqi8xKN6dKkf/CGdEoXzotM46ejkpQwwzHq2Ez OJ7S8XgbLxoXT9G3QV8PqgQzZF9Afi5BsexEtPcnIp/BKCyAIrcWvXma0nxqXU8LowzPp0fE3zsY jQg9fSnKZ+T+2KwgSruj1UNi5e8hYtH8TUUuS2Q2Yr8x3lzeSiGPws9I5PlCwyw27cjA88RtJqWM plcO/U8SQ+8ibQ6JXjo9SiJKcaHLq0iWPhIr768wysM+CWZQdwF+xH4HPndT+joknuoUvT4O58Mv Cq5yvEQfk9G8g1wOOYNR64y8nZYfo7S0yG7FWOI0zSkdDudQuoAIkO2mLnI009MlYroa+mhGfAbn 4nkAHgbgeV8iSiJHK9s25vUmZuuPjAKriucT+RvxE62E2+E/C+pLJJG3RmsgltOwvDZaA7nLLvTM Pn8ic2cL8rmCtq6d0T6yiNVmr8TKvxG5Dfo8/JxDZiXUV8AaMDOas9hsgR8kVqfrHdkpvE+xWRHN aMgKoGcRpabY7IHRukHeavYFF1V3pjDMfe81OAxGa0VV+AIciX4Ecks4mAx8CP3rib1A8nlyQpYI RHtHL+xZQ3TfaE9hNEPiXwrOhDvgWsh67r3DeBUgr4EXqLszGi9kIumdRB4IOxGls8hFKV2H3A52 j5+VFqL/AZ8z4HK4LDF/o3tJ5m8h888yI7rDtug3IjfEfhLe2He8zdw9Tm6wM3qs5KY0luvIFmTv LKvxPuRl6HsgR+sqox8uJaOKw0dYYXg+CcvjLVqRutPalQXz5HdMeCiI/5X+Onq58ALrcFdWkuWw N5YXWIdT6Eu0T6Um1tUMcltWhiZomhC9JqwqZ9EXJQ7rEpS112DZLkHxsITS5QlmsO8MIYYZtFPW pQxKt8GVRLunrizRkPcAprp/r+xl/iuys4us8/xfJAeE5rT/qpK3Os5SfSP0BlErWxgs5U1CCGv5 42RG4GGJ7542TS88XJTSsBu1usIsPhVwHib56RJn87C002wSG5H1RPkbEz1EaHLMIbw5S/Wp0MuM aqHZLfRPCF0vhIvMU9IL/LSSs7zOjfxQ2kMYTMbDeXgIToPvGnmLUl2o1xo5U2fIaVqfR1Mi6Ek7 5bNbKaJRu0VW3widvcifin3QBD8Z1Kpj5FNzlc1s2e/MItq2TN4kU+td2BhNVbEP1lPrSKIlUtoD zQIzVuY4+qYJyqd3/IS3RRIl2va+yN5h2mO0Jwzy5XtnkLXWovHWUyqfAa7vfc/nVOWzZJ31NMea 8q5Dr9VPy1qnH5eW67/JbBJZP6Yfcxyv5XfKWuy9mbCr0NyHzXOaTxjqGY61zROO7yBfZ17Dzwx5 WsCSuro1dZ9GvgpvZyRLve+4+wV9lcwgLVnRQ5eincVlTdD8bl2HTtNCF5MZpKvIDBJ7rxPsIlS/ Co3BQzbeuuvSslLpHfgU+az+QdZq5GVYdsRDnLrXIB+FH3sS4RW04bh3rbOs5cl7RbcayTODJ7/b veTlywqs68hqpifyu/JU2V+8w9IeoddCp4lGr5L9wvuH7HSwLKwldN4c1Q/IM2AJ7xCWh2Q/Rf7G GytrOD53eIsdZ3lfyy4gLVE/4uFXaYm+qJR8Dtw/JQxTkf+OXJTPhxdBvgH9W2icH//l0Pn0e8JW 8ITQHIPLhUEK+otC7cOn0FTF5k5huB/L6rAjpZnIfZF7YHkUDXp/mjBWHrkKpR/BfDTcxXyOPAB5 IuyMZjIcI/RorW5K6WfIh2lPiM1MuJTSzcjvIP8Mb4G3o6dH5hJ1I2/b4CPwXrgXyyxk+mV+444P Im+iPfvgcTSv4K0/tRpiuRV9BeQ3kecTk1XIo+FLsBq1Xo65NT8sE42OyP4JWBCNkchBCpqLyM2j MULzTDRSIps7YV+Yg7fe0XhRKxaNGjIxCU9Go4b9cniU0kxhrDyaj2hbbSyfhIOj+HD3m2jhhigm otFlkaOIEWd/EWzCHYm29wulRFKvxQNZF8yCudgvhLvhzZBe+1Gmzaed47GvhAdiHljaQP7oyuTe FdgfweYN5GZYRjnWElph0htSN6kk7TTYtMXDBzAVfRl6XZXIbMX+OUqZI/4ealXkXsTWzIrmHTHc T11i60+DVfDzHjZ18E88dQvqrkDPLAuiXB3EvaKZWD7KPfx8gYylfoJaP2HzLIwyhOiZYVEmc98K xOpNofcLmrncK8rD6+GNsAt1dyLXx0M9+CP8F/rHuFc/5FvxQ78C7h40wHI6fmYjE3nN+uAvhqNg d2yiO34JowxZQ+l9kHExpbnjA5DIx9D4Z7jjWPTRmsYc9KPZzcwNiqEpAVkZDFlh8KajlYpVRZ/C nrr+CPg6XII+WhuRzQ40W5APcXfyyjB39GlqkXVBNJuiHq3DJhn7eWiicV+PvitMh7TZsGaGU/EZ tYqs8L+GzCmf3PBoeTiBWg9jfwGZmeiPg1+hZ0wN8Q96oWeN8lm1fPJBs6r7A+GH2OeTMxPJn2i9 WgpZiwLmkXkETbRy5lE3GlPG3TBSIblk7oDMNTMDkr2x7cIksiJg/wrI9pBox+h7SKmPvWGNMo3g LXJ3peTJ3385Lr+j6QlbwRNCcwwuFwYp6C8KtQ+fQlMVmzuF4X4sq8OOlGYi90XugeVRNOj9acJY eeQqlH4E89FwF/M58gDkibAzmslwjNCjtboppZ8hH6Y9ITYz4VJKNyO/g/wzvAXejp4emUvUjbxt g4/Ae+FeLLOQ6Zf5jTs+iLyJ9uyDx9G8grf+1GqI5Vb0FZDfRJ5PTFYhj4YvwWrULUPdAmyaIz9D aQ5yb/QxSF/Ck7A2pU/CwfAmam3gvmVpYdRy+usvgk2oS6+9XyilR3otdRn9YBbMxX4h3A1vhlEL oxGP+jUeVsIDfQ8sPhlHXZkcuAL7I9i8gdwMy2isW0JqJVGaVJJ2Gmza4uEDmErpc8hkpr8Hm4p4 JjKG9pv3KK2DHyKjW6BfgZ7sDaIcGIS3KMOjXP0CPTb6CTQ/UfosZHQ0cTDD4Fy8ReN4PbwRdqF0 J3J9atWDP8J/oX8Mn/2Qb8UPLQ+4S9AAy+n4mY1MrDQzy18MR8Hu2ER3/BJGY7qG0vsgkTSlueMD kOjF0PhnuONY9NFqQPb60bwg54NiaEpA5pRhHA3edDTHmY/6FPbU9UfA1+ES9NGqgmx2oNmCfIi7 kwmGDNenqUWeBFHORz1ah00y9vPQRCO7Hn1XmA5ps2G1CafiM2oV4+5/DZkFPqPv0fJwArUexv4C MnPHHwe/Qs+YGuIf9ELP7PbJBM1K6A+EH2JDVvvRSpKHHI0Uo2mIf0iGmDsgOW9mQHIvtp38Z6wD 1vOAXA2JYYwehZT62BvWB9NIqL7WB5S8FdnuSitG7zHMdKfJ5tw9UN42mEW8SWhH6QL561STIZ8K M7N5l6JFo/+Jfrro5WMN8m4WTS9hsFvo10KfT90cSo8Jw2HIA2E23vIiS+7bI/E2o6KSdxRyNlyA 5tHEG49a/EWbvEVpz/uTC7wPSeXdyDL0i6Wu3olmIKXPI2s85MFRcAl9TxHqiUSgm7wh0bm8tchC zjIfSF2xUQW8r7gq8f7EUf1dbIJ6+OlKrVa8IWksGu8qf57TpyXejSzjHcgy3oc4xp8pkPdUnQu2 y9qL3EPOtnqnyF5r5J6UtkJeh/wVluOQk5AbU/oJtY6jKRF5Q/N9XE7612FTglp1YF9K90WkNB35 AqUv4qEi+r+hb4BcndIQ+R7kx6M2iOwdiNpA6RiR410LzrpMqIzmXVXa8SDyApFNMc7yBULTFJ5G cwF5NpbfCYPdQt9Dr+EySpOEXj5yHqyDvcJmOqwOp1A6ijbMQu6LvIQ7/oTNWORPKR2Cn2T8b4SL Ey2XlgxGswrNWjgN0lOTTalFMzG+hn8HXTyvj8ubwAw8359og+i/kTEyTYXqG+q+CWfgjTce+gia bmLjV47LJ8SaUdoi/ppjXHV0+uLY1BWNPhW1Gc+LpA1hOTTrRPZmoO8af0fyU+z9TZTuk1LXdxmd FDx3RV8Kn0/T/jIFF1w7J9PaX2nbQakV5NCXo+gXknXjpZbXgHuNRc7ET534Rd7bX5R4wmlC9zQl PIymLDZHkUsIzU20KotRy+VeY/A8kBYeFoY+sa0aZUhBd8k6sdElRCPfgONWSGaZX1z6EpbC/qjI QRtsUtD0jPKQaJflLilEpoREzHuMXveIy7vZIbRwCXJy/DbJsbi87bwKduLuuUSjNXJfsfTyqVUH +SyWuXiYgfwk+n1EYxv6ymjOUDoTzUG8zUTTDMuTQrfiMF5RHtL+jvTl77ThMJkQZfIs6bU7BRwi Sow7nMhI5WMfx0Mt7tWY0jrkz2H0DYVufZdxaZewER4hB3bjeWcU/0Q0pOWt6MthYpWGvijsgeWQ xH0vMi8uknunyYTIUuJWXmSX26fJZLHpDWeguQ3LdO6VjuV2auViMweuorRTYv7Wc30JafMK+vgF +rLwI9ozKLKkv/dHvRZLl0W8tSajwkRUF5HVREMi4w3C8/OsA+uJ3sbEvcRPPUYqLVqpqJVHrY1Y xsn2OliuIDNTRQ4zVTEybQ0jLu2fF83oxBwRb70Yo4rwblp4IrHilWavkbtsS8zZ2a707Wguize3 Wj5Pq+pRK1pXxfMU3hLnqf7kVX/Z0wu6OPnPZN1xbFgHTDSPnqRuJ/05mb+G0ZQ+bojWRiwnoO9G 5GcJ3bq0hrVCVpVoRJbAJEoz6HVL+nsITocX8dyK8WoOM2H7hI2scuMT4ygr27OyZrp8WMNseo2s uMjvTy+SqxfJ54uMhcjnidvExC5WGo30eg49bRLtYqw5eYzOWmGMLIqxy5hjWPaH7HHqlOShewb+ ljXwNGugrDDdaGdjsrQOObyTrGYtcpaLsBT7t9APwTIbuQP6xbR8H/Iy9G3ie2AOs++0PJPLXeKz C75nvLrKbGVMb6ZfmdG+Fv+E35KXlNbS8sn0JQPLrnGeeahbVpV3PtMTI+vkS8vFs1J805ry5a9j Em8ahSoZfbLolRJN/A75bHO8p3z+PM5fYcSTkesi10WuL5+OjmfJJ9idPgf9UuS75FNb8nl4J29G zkM+IbL87Yyr+6F8zwz6LPkMnvPzBt+O8ivfMLNWKJ/eV0r+ujyeKn9DEU+Vv8KIvxsOke+ZiU2S 75kR+dI6keOTw6fle2Zip8R/eEQYO4n8tfiPHUP+DTmy6QLrY9kH9pdvnpG2XToctTl8AftFyFGt 47Q5H31F9MWFseb0rhY8SX+nULoCxtDfgGVL7nUC/VZ81kPTmMhEmguU3oH9NO64lShdgBO4ewss a1BXLOsg10GuF36K/jxyDfxE+sq05M/I1ZBvx89+YVIMme/SSUqi9A40T+BttXzzDB5uwENd5LrI 9eWv1J39LuQ0WJJarWlzPdrcl1GeT09/pZS2ha+iuQtuhvmUXu1YO/YW8tv4XI/8JDbvwWfRr0De jXxGWijffeFaK3lYn9+Gm0sFyMRNfn8dr3vpn9KeS4yF/L7baU5L6aV1EslIE58AMyC18FD30iYs qXuJXl+aj3wEn58g70POo5SMunQAzY/4kc8SdObvdPL5O7iy/LVO2fA9WQcS31Ah3/DQkO+1uMTf Z1WT2eHtEOql/A31Zj6/zV95eP/w5dstNvCpZv5iUbcKi8jOy19BbhdZf4x82v9K3j/wd6wF/mZW QaWSvfXJTZTp99CwISr1nmED7lMrhvQZcb86ppor3fKWWzNU8Vu7tsxQbm8pKFAllVUxlaGqOilL NVEtVDvVTfVT8lQu39E5Sz2oxqgJ6jE1N2FfTCWpCqqaSlPXqz+plqq96u7Wr/vcve9U09Vzaph6 SE1Uj6t5Cfvi6gqVqaqrq1UD1VTdpDqoP6sBaojSqrd62u2Nw9VYNUlNVfP5dwqjOleqZHWtqqFK qRtUM9XK7S63qYFqqDLqLjVDvaBGqIfVZPWEWuBaYdp17pyt2ne95eYM1bdb1w4ZajZerlYlVBFV UZVT17kdpqFqrW5WXVQPdY+6392pjrpbzXSWI9U49Yiapl6izhWqkqqp0lUj1UZ1Urerumoh+lLq KpWiKruVuJYqoxq7SLZVt7iVuqcapB5Qgdvb+6hn1ItqlPqLmqL+ql5OtCBVFVVV1DWqtiqrblTZ qrO6Vd2h7nWxD1V91Vc9q+ao0Wq8elQ9qRapV/rVG97P7IHfwCPwBMyHF4W+36/PkBF+CkyDGbA6 zIJNYXa/PsMH+F1hD9gb9oeDYQ4c1a/f0Bx/HJwGZ8NX4Qq4Ee6Eh/oPufce/zg8Bc/2v/+Bof5F YaBhErQwFabDDFh54LA+/YLrYAPYHLaH3WBvOAgOczfpE4yDk+FUOH3I/SOHBrPgHLgQvgqXwXfh Krh+yAP9hgSb4Da4Gx6Eh53JsOAoPAFPw/MwLgx9mAyLP+B+hGmwLMyEVWEtmAUbw+YPDOt/f9gG doRdc0TfA/aG/eFgmANHwXFw8nA3suFUOAM+DxfAxXApfHf4vfcPDFfB9XAT3Ap3wn3wm+FD++WE 38MT8KwwpmAyTIXlhw+vUzdWFdaBDWFzmA07wx6O9WJ3w0EwB46BE+FUOMOxfmw2XAiXwLfhKrgB fuqYFdsJ98Fv4PfwGMyD+cNH9h0euyBMUjCEKbAELAXLDx+ZMzypIqwO68AGsAlsCbNHuPgndYLd YE94NxwIh8BhcIySb0K+yq0Df/yncetQGVX2/1Ly+PLU/4SBWxUDty7FVNL/pyufq0j23KpYmEX/ EI3bI4rwDdP/byTPre7/O0v8IWr3n+FKX3blJfZnYfIf5JV/kOX+B4v/IUqbM7jK+B9X/9apy3T2 P6Rxu3uaKvVfS1cjafcEkvlf/bxWVfyvflZSlf+Ln57b/f9T/qcR9NzTzH/KYn+Add1T3Aj39DJL LVYr1Ca1Rx1R+Z7vpXoVvSyvldfN6++N8KZ4s7zF3gpvk7fHO+Lla1+X1x31WD1Nz9FL9Yd6qz6o j+sLJtmkm+qmsWlveprBZqyZZuaYpW7uy72SotlgOhW67lvo+slC19N/d+0XKg/d8vKVinm/u07O uvw6ZdHl9e3Zy/2n9rz8uqS63H/J1ELXlQvZZxe67lXoulB/Sh68/DqtaqHrzoWux1ze/rILLy8v t/by60rXFbqu9btrN38r1SlUPplr7dacElEPq3SOflaNeu67/Etza2LlhHZn4ufBxM8jiZ+n/jfr 6lmJn00TP7MTP7td3orq0y7vZY0Gl1/Xil9uX7vH5dd1C41CvXqFrrMKXe8sdL270PWJQtd5l1/X L/G7LHNCg9RC1w0ut2/QsNB14fL2ha47FrrudPkoNmrvaF1k+nnPqYHePFbrvu4/5WbqLOUFxYMr 2YVKqDClnc1Nybab7Aa70WlC72fvZ2d3yjslp0nvtNLer96vytgWtoXy7U32JrdfSz5o09rIeGld Qpd0GvmrLCvtMUVdzVruOs2dqIa5M1+uOqwueKmuDUmuVakpXZROyU7p6tgu5VZH6V1xt4bLibOO OxE2sceU0cVdm/7Jz1x73P0s6a5/4meu3ae0u/rKMdcedPzU9VUyNF1l2sOurRtc6d/5mWu/dz83 uusf+Jn7O8sjCct/JCyPJix/TFj+u70daG9H2nsz7f13SSdKbqGk8+9L7FZauI0WbqeF/y7ZSclu SvZQolVMu//cNCui5SRfXBd3US3pompS2qS0dVHfYDeo0LVpo4uUUfJM4RneH7r/q7r6k12vJrvL Yl4xNcFL98qpifx7oVO8nl4v9ag3xBuqpvJvhE7zHvRGqL9607xp6mlvtveimuH94v2invHOemfV s95v3m9qlqSGek6HOlTP6xSdol7QV+or1WydptPUi7qMLqPm6Gv1tWqurqarqXm6ju6s5usReqRa r0fr0WqDW/3Hqo/1X/R4tVFP0VPUJv24flxt1rP0LJWrX9AvqC16sd6vPjVFXdZcNFkmS8VNS9NK FZh2pp2nzXwz3zP+CP9lzw/6Bf28esGAYIBXP7gnuMfLCu4N7vWuD4YHw70GwchgpHdDMDoY7TUM vgyneo2Sb03u451MfryI58VTiqe01g+l3JGyQL9VtH/RwfpM0QlFn9QXrLZJJslWsBVMMXutvdYU t5VsJXOlrWKrmBK2mq1mrrI1bA2TamvamqakrW1rmzRb19Y1V9ssm2VK2Qa2gSltG9qGJt02to1N GdvENjFlbVPb1JSzzW1zU962tC3NNbaVbWUybLbNNhVsb9vbZNr+tr+51g60A01FO8gOMpXsUDvU VLYP2AdMFfugfdBUtSPtSFPNjrajTXX7kH3I1LAT7ARznZ1kJ5ma9lH7qKllp9qppradZqeZOvYp +5Spa5+2T5t69hn7jKlvZ9lZJss+b58319vZdrZpYOfYOeYGO8/OMw3tArvANLIL7ULT2C6yi8yN drFdbJrYV+2r5k92iV1imtqldqlpZpfZZaa5fdO+aVrYd+w7pqV9z75nbrIr7UrTyn5gPzCt7Wq7 2rSxa+wa09aut+tNtv3Yfmza2U/sJ6a93Ww3mw52i91iOtrP7GfmZvu5/dx0sl/YL8wtdofdYTrb XXaX6WK/tF+arnav3WtutfvtftPNHrAHTHf7tf3a/Nl+Z78zt9mf7c+mhz1lT5nb7Wl72vS0+Tbf 3GHP2nOml0vePqxfipXL8y54F9wqVuAVuNUj0O78wTwLmGch8yym03W6StKZOlNdoavqqirZZLvV rUjQN+irUoL+QX9VNBgYDFQ2GBQMUsWCYcEwVTwYEYxQVwajglGqhM2wGeoqm2kz3RyvaCuqkray razSbFVbVV1tq9vqqpS9zl6nSttattb/Ye87oKs2um7PzEh37pV0xwYbA6b3Dtc2GFNC772FFjoY MCUQMCYk9BYIkBB6x3QIvfceeg2h9957b4Z3dKwQSMj/5f/ae+utrFnWUbu6mj1He+8ZyVcQrHzK R+8BCIPkKo/KAylUXpUXUqp8Kh+kUgVUAUitPlGfQBpVWBVGtrL5Nx3xb3pVWpWGDKq+qg8ZVVPV FDKpSBUJmVUL1QKyqDaqDWRVn6vPIZtqr9pDdhWtoiGHilExkFN9qb6EXKq76g4+1VP1hBDVV/WF UPWN+gbC1EA1EHKrwWow5FHfqe8gXP2gfoC8argaDhFqpBoJ+dRoNRryq7FqLBRQ49V45OuJaiJ8 oiaryVBITVFToLCapqZBETVDzYCiapaaBcXUHDUHiqu5ai6UUPPVfCipFqlFUEotUUugtFqmlkEZ tUKtgLJqlVoF5dQatQbKq/VqPVQg/qtI/FcJufMnqIzcuR2qqJ3InlXVbmTbamovsm11tR/ZtoY6 iCz7qTqELFtTHUaWraWOombUVsdRM+qok6gZddVZdRY+o9/gr6fuqXtQXz1QD6CBeqQeQUP1RD2B Rk4vzXY+uYlrs2Bu6aw+q4+rI1kkMG2lthK4K84VB8JdyF0Iefjfk33IgX9n39/Z52RfMGVfVttt sSjXqb9z7O8c+zflGNNboZ/3Z2l5blFKqw3JIT/dv7HvYzSBVujfv0Jn+S0Mg3EwFX6EJbAGtsBu OAQn4SLchIfo7IG5mOX5EoSnoyfa04ViJ89XFGM8X1Ps7OmGMRrnulOM9vSg2MnTk2KMpxfFzp4+ GDvhfn0pRnv6Uezk6U8xxvMNxc6egRhjcL9vKUZ7BlHs5BlMMcYzhGJnz/cYO+N+QylGe36g2Mkz jGKMZzjFzp6uwHFrb5x28gzAaYznO5x2/hcQGUk17+gZ5SAz2kFmjIPMWAeZcQ4y4x1EJjiITHQQ mewgEusgMsVBZKqDyDQHkRkOIjMdRGY5iMx2EJnjIDLXQWSeg8h8B5EFDiILHURGYP07eiYRItMJ kR//RUQWO4gscRBZ6iCyzEFkuYPISgeRVU6urHaQWeMgs9ZBZp2DzHoHmQ0OIhsdRDY7iGxxENnq IPKTg8g2B5EdDiI7HUR2OYjsdhDZ4yCyiBBZQZmyiRDZ/i8iss9BZL+DyAEHkYMOIj87iPziIHLY QeSIg8hRB5FjDiInHEROOoiccnLltIPMGQeZsw4y5xxkzjvIXHAQueQgctlB5IqDyFUHkWsOInsJ kUOEyHHKlIv/IiI3HERuOojcchC57SByx0HknoPIfQeRBw4iDx1EHjmIPHEQeeog8sxB5LmDyAsH kVcOIq8dROIcRN44ufI2HhkD4pExWDwyBo9HxhAOMtcJkbuEyGNC5KWdKfZ7MO3zptG02pCFHeKT RQVRWTQXLUQr0Vp0FJ1EZ9FFdBMDxEDxrRgkBosh2Au+KC6Jy+KKuCquievihrgpbonb4o64K+6J ++KBeCgeicfiiTfcfk8VO8gO4hdMsv/3WpQX5YGLSqISCNFMRIImWooocIkOogO4RbSIBo+IETHo BL4UX4IpuoquYInuog94xXgxHgLEGrEPAr15vHlolCEYDC2llkpLraXR0mrptPRaBi2jlsmuGZ7R ExqNj/cryZ2xiWz2NvxM/Gg2E23e7ZHZ2SO7PTYl2uAW0AI1+1fVMmuZwXzvc/HfG6gl0oK0xFoS LakWbP+eIO772/dySA9+WkItQNM1lyY1t+bRDM3ULM2rKc1P89fs8S4N69YDT9L+DNc+0QqBpRXV ioLCbeGQRMwUs8U8sVD8JLaJ7WKH2Cl2id1ij9gr9n0McXu0TMwQM/CIs+z/WhdzxVzEe4FAHkXk tuL3XRS33h19Bu41F7euEWvFOrFebBAbxSaxWWwRWz/WxnT0mWImHn22mG0/byvm4dEXCmRnPMN9 eHS7HvbRc0LgR4/6kXoQZhcdzOzP/cXsos/Z2YCf0z/ny6AP9IV+0B++gQEwEK/rQTCY3t76PQyF H/AqHw4jYCSMgtEwBsbiNT8eJsBEmASTIRam2M81wHSYATNhFsyGOcgHc2EezIcFsBAWwWJkh6Ww DJbDClgJq2A1csVaWAfrYQNshE2wGZljK/wE22A77ICdsAt5ZA/shX2wHw7AQfgZWeUXOAxH4Cgc g+NwAjnmFJyGM3AWzsF5uICMcwkuwxW4CtfgOtxA/rkFt+EO3IV7cB8eIBs9gsfwBJ7CM3gOL+Al vILXEAdv4C2mMeNVeTVendfgn/KavBavzevwuvwzXo/X5w14Q96IN+ZNeFPejEfy5rwFb8mjeCve mrfhbfnnvB1vz7/gsfw4P8FP8lP8ND/Dz/Jz/Dy/wC/yS/wyv8Kv8mv8Or/Bb/Jb/LYw+B1+V5j8 Hr/PH/CH/BF/zJ/wp/wZf85f8Jf8FX/N4/gb/hYpyP5fCiE0oQuXkMItPKKqqCaqixqinqgvGonG oq34QvQV/UR/8Y0YLsaKCWKRWCyWimVilVgt9osD4qD4WRwSv4jD4og4Ko6J4+KEOClOidPijDgr zonz4oJWQCtovxdXO6wd0Y5qx7Tj2gntpHZKO62d0c5q57Tz2gXtonZJu6xd0a5q17Tr2g3tpnZL u63d0e5q97T72gPtofZIe6w90Z5qz7Tn2gvtpfZKe63FaW+0t7pXTyiLymKyuCwhS8pSsrQsI8vK crK8rCArykqysqwiq8pqsrqsIT+VNWUtWVvWkXXlZ7KerC8byIaykWwsm8imWCKxtMASJVvJ1rKN bCs/l+1ke/mF7CA7ymjZScbIzvJL2UV+haWr7Ca7yx6yp+wle8s+sq/sJ/vLb+QAOVB+KwfJwXKI /E5+L4fKH+QwOVyOkCPlKDlajpFj5Tg5Xk6QE+UkOVnGyilyqpwmp8u5cp6cLxfIhXKRXCyXyKVy mVwuV9jv1pWr5Rq5Vq6T6+UGuVFukpvlFrlV/iS3ye1yh9wpd8ndco/cK/fJ/fKAPCh/lofkL/Kw PCKPymPyuDwhT8pT8rQ8I8/Kc/K8vCAvykvysrwir8pr8rq8IW/KW/K2vCPvynvyvnwgH8rn8oV8 KV/J1zJOvpFv3eBmcoacKWfJ2XKO/FE+ko/lE/lUPjO+NLoYXxlfG12NbkZ3o4fR0+hl9Db6GH2N fkZ/82uzq9nN7G72MHuavczeZh+zr9nf/MYcYA40vzUHmYPNIeZ35vfmUHOcOd6cYE40J5mTzVhz ijnVnGZON2eYM81Z5mxzjvmjOdecby4wF5qLzMXmEnOpucxcbm40N5mbzS3mVvMnc5u53dxt7jH3 mfvNA+ZB82fzkPmLedg8Yh41j5sXzEvmFfOaecO8Zd4zH5iPzMfmE/Op+cx8br4wX5qvzNfmG/Ot BRazuCUszdItl3XJumxdsa5a16zr1g3rpnXLum3dse5a96z71gProfXIemw9sZ5az6zn1gvrpfXK em3FWW+st17wMi/3Cq/m1b0ur/S6vR6v4TW9ltfrVV4/r783gTehN8Ab6E3kDfIm9ibxJvUGe5N5 k3tTeFN6U3lTe9N403rTedN7M3gzesd7J3gneid5J3tjvVO8U73TvNO9M7wzvbO8s+kuNY3t0xh7 Dz6ZI4PSyPkUUQ71/YioiPp+TNQVn8EJ0UA0hFOkpmdEe9EezqLi9YJzYpgYBpfEGDEGLpOyXyHd ukq6dY106zrp1g2xQqyEm6QQt7V8Wn4GNALPdUM3mE/31/1ZCI2xh7ouuK6y69Inc7O7NN7+yPjG GM+5McPYyBMbu4znPJRG3ZvQePtMVPuH4IEkkBY1vxI6oHGoABuQnfErzH7A1S6am0dz9j0afwiC 5OYOXD5m7sTpCXMXTk+Ze9/tewznNoMb/UQSSIkOIGv83SPzhL3ePIXTPeYZnO4zz+H0gHnH/qRK ZB9RBdlHVIntI9Kx4uiov96j8eDSNmXgdIcyP9jiR1v8aUuCD7YkoS1JaUswbeHgwVbzYdtFcPsN VAV4AeC8FC8FgpflZUHjlXll0I3hxnBwGSuNlSCN+8Z9PB7XZ/Of/0Ma+6HC/v+tr/8dhbU19K/q 5n9SMxPKZrK5bCm/RgWylbMkamYFUrOqqEzfkU7WRo201TFeGyP/oip2/Qd6+Ec1HIs6+JsCvq8u /6+p4Tu1Q10cg/r9vioWRfdhe49452H7jiroPF44vuMVuo466DgmkeeYjI7jJWZtTczUhnZe/qqd vO2Humn5WwmshFaAFWglsoKsxFYSK6kVbCWzklsprJRWKiu1lcZKa6Wz0lsZrIxWJiuzlcXK+lG1 7fdxvVUeZSjzL6nuvD/qrvJT/irBH9R3h7nT3EUavPejKnwMdfiEeco8Y577VY9VkEpMmnznT1U5 7o+6rJKopCr4n1LnD7TZivsvqHMlxlki7MoGs8wQyKqwGpCO7rlnZg1YJGRjLVgLCGNRLApys9as LeRh7dhXEMG6spFQgo1jE6EBW84OQBPegUdDNx7Du0FP3oP3ggG8D/8GBvGBfAgM5d/zYTCS7p6P 5aM4sj318ScJSySEySJQBMJMESSywiyRXeSCdSJElIBNpPiHSfGPUO/tqDZVOwA39QR6ApZEf6o/ ZUn15/pzFqy/1F+yZC6EiyV3DXQNYSlc37uGs7Suka4xLJNrnGsiy+aa7PqR5XLNcy1jBVwrXNtZ CddO10H2qeuo6yhr4DrhOsUaus64zrEm6A3iWKTrLXqD3jJcFmCr5CeyMNvgzuLOyja7s7tzsa3u EHcI2+EOd4ezne587nxsl33/jO12F3EXYXvcxdzF2F53KXcpts9d1l2W7XdXcFdgB9w13DXYQXct dy32s7uuuy475G7obsp+cUe5o9hxD3b72QmjidGUnTQijZbstNHKiGbnjRgjht1CnR3PbqPObmRP UGefszcmNz/j0qxvfsUbW5Oti7yHd4h3HN8a/3wL9kYX0B2X+qy5s2bFe2sY5AeX4z0yoqfJjdtn YLGnC9AVzKBoL613ltbj0hks9lM22Vg2zJqcLCfKXQSLwGOWZqVRXMqz8qCxMWwMPWWzExrrwXoy PbmeQk+pp9JT62n0tHo6Pb2eQc+oZ9Iz61n0rHo2PbueQ8+p59J9eogeqoexX9hhdoQdZcfYcXaC nWSn2Gl2hp1l59h5doFdZJfYZXaFXWXX2HV2g91kt9htTWiaeCqeiefihXgpXonXIk68EW//lXUa VkXjNNKg0X9yJKCxnyRYBCTHoiFymbCm2cF+Li0XFjeimh99YkEsBhTCYkIJKAkWlMeioBYWP6gD ddEfNsCSEJphCYCWWAKhI0RDIugCX0Fi6IElKV6dHIKZH/OHZHiNBkMKlpKlhJT0dEwqvF6rQGq8 XutCGrqrm5au1HSsDWsD6el5mQysE4uBjKwb64bX9EA2ELKwQWwwZGVD2VDIjlfwOMiBV/ByyMk2 sc2Qi21nOyCE7WV7IYzGm3LTlRdOnrocjTo1oFGnRu/Gwn5yxsJyIFIpeAgPQccYzsPt//LhJdAx luPl0DFW49XQMdbitUBH3xMJLnQ8rdExDjC+Bbcx2BgKpjHTmAX+xhxjHiQ0jhrHIMg4YZyGJMY5 4xJ66a5md0iD6tEX0tvKAFlQGaZANpvHIRfy+FEIQfY+A3mQwc9BOHL4JciLPH4FIrBvdQ3yIZff gPzI57egAHL6HWwj+/mvArzeu7rsduqSE+uS8oO65OP5cF+7RoJXwb6MRjXSqUYu9Hd1QVK93Oje vgAP1cugenmpXgmpXoHGAmMR1miJsQKSUR1TUx3TGteMG5DRuGXcw3rZNc1JNQ2hmoZTTSNQ/2Zg /2AW9jIKU61LUq1Loy49hfKoSnHYM7FrVJa3cu6+2v/D2oxqlMuuI6tG1z28WwM0lslZS1bk3TrO arDsuBT4bj+8Aj6CRUFeELGwEdGojXXCxUW4SMLFTbh40PfWB4PQManVLcLIa9Qx6oDCnnl38MPe 1zBs+xHGeEiOfbAVkN5YZWyEcOyJ3YNCxgPjOUSih/gG2qJbGApfoTuYB71R+5fDSNT6EzCR2n4V tf1qVPALsIYyYC1lwDrKgPWUARsoAzZSBmxCZb8Hm1HdH8AWVPg42Ip67oL96HGSwFH0NWngLHqZ rHAVXYkJd9FdJIAHqPHB2ANAJsQe0hcAdg8SitmjDFDVfm4LqptfWyVhP34mBRtLTzmK31oEmhCu Psq6Ku+1iO+3FoEaUOjdOg5F6O554Lv9OAhjgjEdv3mTsROz7YVp5y+upX52/PmkoTPxOd/O8VuC /xlmxU8mIh4C4iFGPCSIhzTiIZ14yEU8JImH3MRDHuIhg3jIJB6yiIcU8ZAf8ZA/8VBC4qEA4qFA 4qFExEOJiYfs/xrfgjWweBmxBpH4R/dhODNYQjzLtCwrC2X5WTFWjlXDs2vCWrH2LAa9S282gH3H RuC3xrKZbB5bwlaxDewntpsdRGxOIw7X2V32mL1E8ndxiyfkSXhKnp5nRXTDWVasfWbEIgfFuqh+ dqzP8lFswPJTbMgKUGzEClJszD6h2IQVotiUFabYDK88O0ayohSbsxIUo1gpim1QUe3YjlWmOE5P bEdthZ6E4ko9qR3VK7dpRz3AbdnRNd3tpbjerShucPtRjHP7U3zjTkDxrTuhHdG9BFAs7Mfoe1qx LMgEfqjzHJey47Quqr3tHZAPsJaYg1jHEJw2YqE4bczCcNqEoY/AuuXBaTMWjtNIlhenzVkx+9kP VhynrVlJnLZBv8CxVmVw2p6VxekXrBxOO7AKOB3HKuJ0AquE0/F6IHCsbyKcrtTtkY9XbmwYrClm NdZTw+l6N/oNrKPLfprJLXH6xu3G6Vu3BzjWDd2PuzBkwauqHuptG9TZrtAXBsMImADTYR4sg3Wo Y3vhMJzGnv9tvLad+3mYSUkw19NjLvlYOCuI2VSGVUKGrIv1bo61+BHRGocIzaVYn82j2IDNp9iQ LaDYiC2k2IQtotiULabYmC2h2IwtpRjJllFs7k5hR6xjSjtiLVNRXO9OTXGDOw3FOHdaim/c6Si+ dae3I9Y4A8XCbBK132RquVhquSnUclOp5aZRm02nNptBrTiTWm4Wtdxsark5dnu4AwnxRIR4ECGe mBBPQognJcSDCfFkhHhyQpyB5gf0VLcgrgC60pmf/S8a9u80V6Jn6jNDKGqxMxLFgijXElOOJLG/ 2z4KS/purqWdSTb3Ip+MolyhqX2HjPkjQwFLhH0aRkzEiV9sTUsCA9mnrBarw2qzmqylURvVp278 uDDvxLvzAXykGCfmiCXqtYpTb9Rb5NeJxiRjshFrTDGmGtOM6ci1m40txlbjJ2Obsd3YYexUzxRX QmlKVy4lldt4Ybw0XhmvjTjjjfHWRNozfzCHmcPNEeZIc5Q52hxjjjVXmCvNVeZqc4251lxnrjc3 mCfN0+ZZ87x50bxsXjWvmzfN2+Zd87750JKW2/JYhmValuW1lOVnZbOyWzmsnFYuy2eFWKFWmJXb ymOFW3mtCCufld8qYBW0PrEKWYWtIlZRq5hV3CphlVSW8iqlEqoAFaieqxfqpUqmkiv7HmRG6vUB 9fR0dA7lUdNa8Tao2tHYo7N4N+zReenpZ0X9Nz/qlfnT2GsCsVgshoSuha5FEOBa6VoJiVzPXM/Q t2FfBRLbfRX0N2eNK5DF7rGgmxmA2p0f++zLoTj2tk9ABexxn4KKpN2VSLsrk3ZXIe2uStpdjbS7 Oml3DdLuT0m7a5J21yLtrm2+QdWuY/mjUjchpe5GSt1TJUKl7oP1XAN1/0qL/nMt+B9pp19byCA0 gdD0EI4JCcdkhGN6qnkOqnk41bwq1bwGeZRa8T0/nd6eiPPlwB7XLQYp38//32fxn+djfO7gERJQ pgBliqAWdlF7KmpPP2pPf2rPBNSeCak9A6g9A6k9E1F7BlF7Jqb2TELtmZTaMxjbLTEkc87e1NV7 Z6/QbzpXrH3NU54C5SmjPOWUp8L5rKX7vffZJOhK3rHAr1c6MQddBZTJOmWypEx2x/di2QP2lL1y 3EACHsST8XQ8iyirN9Uj9RZ6lN5R76R3VmlUOpVBZVJZVDaVQ+VSISq3ClcRKr8qqAqpIqqYKqHK qAaqmWquWqq2qp36QnVSnVUX1UP1Uv3UAPWtGqK+V8PUCDVKjVHj1AQ1ScWqqWq6mqlmqx/VPLVA LVZL1XK1Uq1Wa9UGtVltVdvUDrVL7VH71AH1s/pFHVHH1Al1Sp1Td9R99VA9Vk//fqr872cu/03P XHLwR8/fXA9Qr1DzC/+lZ8rxSmStXKffewLYbT8r4zxV8z8+I/PuORo8Bv+EN3jXZ49fUx4Z6Nc+ L2eP4Rl69Dw8Avcojusq86q8Jq/D6/FmyFXtkfW62fe0Plbs+1jvFzzKhyXij8W+6/V+se+RfbQU /10pZd9B+6BU/mOx76a9X7Auf1JQDz4oWOcPS52PFdSPDwqi9GFpQOW35Wa/Ky2wtPqT0v5jxXzz YUHV+rAk/V1J+2Fx6hd/vnSEv8cm/mRsgsFZ1M+CqPVl0GXXgLp45TbHnk8H+BK6Y9/nWxgKo7D3 MxVmwwLs/6yBTbAde0CH4Dji56N7vf/bacQ/Na38z0w/Ov5hj41YyEOj7F4PFLV7Aqh0QdR3sO9w MJYFe9EctX4kzo9io3F+DLPfhz4J+12cLWf37F/3ZQ+wt/KQ3m/yhD3F+WfsBSnmK5x/zd7Yv03E 7bfLcK5hxunchfOS27+Ia3LsfXMvvavFn2MPmyfkgTifiAfhfGL73SuoqslwPjlPg/NpOfbbeHr7 rS6osFlwPivPivPZeDacz86zg/22mhw4n5Pb70Uaz8fj/AQ+Aecn8ok4P0mUpl/oLQtClNMD7N8A 1LG+erBe0v7VSr00CL2M3tj+DXY9Cudb2e9ZRqXujPNf2r8GpvfT++F8f30T2O+M3ozzW9zIy26O fUjuzuhpDczTxoM+z9PWOweY90cv9nm9c72bcX6LdxvOb0efylRKdBkCveRb6t8hJ/txvwzx/+FM LcOhifN/ub85EEYOhJEDYe/9/ygjB8LIgTByIIwcCKP/+mDkQBg5EEYOhJEDYeRAGDkQRg4k/gw5 +RBGPoSRD2HkQxj5EEY+hJEPYeRDGPkQRj6EkQ9h5EMY+RBGPoSRD2HkQxj5EEY+hJEPYeRDGPkQ Rj6EkQ9h5EMY+RBGPoSRD2HkQxj5EEY+hJEPYeRDGPkQRj6EkQ9h5EMY+RBGPoSRD2HkQxj5EEY+ hJEPYeRDGPkQRj6EkQ9h5EMY+RBGPoSRD2HkQxj5EEY+hJEPYeRDGPkQRj6EkQ9h5EMY+RBGPoSR D2HkQxj5EEY+hJEPYeRDGPkQRj6EkQ9h5EMY+RBGPoSRD2HkQxj5EEY+5NffHXn3KyTBOzAG0loI 3ujrHbzW5cnav0z/Z14meWzv4Hm4ajZnLMT0eVx6NiV4sA6+xi4jm4tprHdezrTY6r6qvuzvrUk+ NWXP5HQzpyBUhibQEdohhUZCNP7ZN3cK+dK8dzAtMKBHv05dksYE3a2Q45r2bburc76+PSK2d6Le vt7aVl9vMTdWcMZ5QBieYtiVTP2nqXJZe9IJh/m8786W6Xhenek0xaeaK4B/Wj0kwJfAXnAHGLUa d2wZ9XmL6Hafh/j7lL1SBshqkc3atvu8WUhKX3J7jRGQqGJU0w7tOrZrHp26eLsO7dt1aBwdhZ9I 40tlbxcBSX7bXiOqbWSO6tGN27ZPXaV4UV/KxN6QMF9YaN5Qny8iNKwuLub2hb9b9PVa+h85M6/P tLebAVrFylWqhWTyZYhfTPl58aj2LSM7pC5RvWTqktUr5S+VJzQiR1jevHlzRBTNGx6SwZcuvkbJ P1qj6pEdYqKaRvp6s7TvI2y/UKw3shSuN3hvxmD32d1J/VKNqtm74fFioYfdbVdM3LTlTteIubXD 5rfuVWXVgDRG/YWjcwytu2NrziUVDjeNrh13btvAGgfNvXET+iboMm9amrRtw84vOJuhSMlhlbxN 3dkG5T1TWbY6nfWAf93va9Wf+MnLxE359vaF1qa989niZ6FrLn+xrsvb53tu1Coc/fXVh9261qqd a94hNfvEgBNFUuVPW/SiJyOP3Xslw/7BLfqcK/W8X8WtJ5un3NGxe4FlMYlnzoiNjf509pVGSYo2 idgRWWquFtS85s0XM/cUO1C/RrNcvZ4fiAA//9YX+uQcUqjM7bI1y90eF/V4j5//K5m7XJM2bMjn O1L33V3v56ZjU35X/7bfjKAyP7Y+myYXF3gdTevNPIiI7kuBkKZQaMYDoXayQne2PXAN3xDySfiy eWb90Pu9KIdSpNOS+IJ6BqbL/fxEtVLtjTtFXsW8Wppt0dY8S/18NewdUmkVfeV9ZWNLx5bsX7xl dHT7/LlyNe3QJmfbX9spZ9N2bXO1bx1lr83VvkO7Zp2aRnfM9a4Z7VakRsSszIm7+Gq73Hhh6rpk TKvgK+cr8+uyj/cv6HxB586dP/YFkR3+hyNH+wLs882gWT7j10MK9+8uSGFnCX97abC4ea97xOrV XScXqNZn+st0EYfFqlZ1lt88326AeNyuaquR+Tv1u578tNxWaWKy2fvTlw5MXzlP58UT1mX6+vv6 lV+7Bo0e/SLL+GdFUlTr9V1MGdH94fjEKxec+CztD00LhDbM82r7DwX33lNjexZy/RAR8JVVYUPY qY135hfd3jVZ+q4Bp43X5b9NrafwDPwhn6yUptLZNl3br537IPV3z8d82ej0oBEHIjeMGuoXO6Hv nXrLuxaNbZxjffEWkcFZex+e9W2dZ6GXpl3bNmRJ2rXDMh9fNLj69y1Ll55ynC160DjRT4mn5LiU v03ldgs/uXs2y6ISe7YOa7EG9vt9l+Dez7x3SNkRYyZWLfPl/BRHi6xAGruNNHb4PRpblGChMehg gclniIYX/Z7GuvxHyCKdL038RR/8/vZmkamrR7X4HI/6HpGFhOYODQ0LC8sXT2S53y36evX5bxCZ s7v4k93/ITFdX1hvamrv88xd1+lf95h/91bMvMzVC+c/VaTb0u/CrtYqPKNqotw1ZhxYNmhO4dl5 L+SocidPUKV7Fb86FRAzYFH2+3Xqzbl14ViWTpeT9cs0/tHzHJOKhmczi7zaUGDN6nqdhgdVK787 bFveRY9udZ/9pGiieu7IFGny3s++Jq3pv9h/Yue0/fp2rbw62dBFT6a9GfTYGlcp9skuI83FHy+x 8NJxuXq36iWezMlzekStia/KH1a9T0V8n/DNpaNfRQ9odqHJTxlyZl0wMUkqlXLFloXpl6kq684m H16v7Mwuy1ec2v+i/deZWd9VWbMc2DhH1y+c9/uiYtz8eun6ZLm1Y1u5ndcz9f2l+/bi5kjQF1eO /GLbr8TUCBGp97ELVbzHVnW+mFk3rOLJMbLn274pN3zzokNo0Ye+qvbmBBryxfRSvhK/bx/MEHtR D8gaFpInX55suZs3bu5rkjckR+NmYXlz5G7cOCxH43BczBvepKkvT2hY7tyNm31AgHsSXN99aFlQ bbYrb86woKDVFcYZqXw14wmwsg8pMBYpsH/J/xUBYi5jJmMSN/Sh1oXkCPWF+IgC675HgZV8SILv UWChv0aBf3Ls6I/xXcixz7MmrBXW68jE7bde5D9coqJ70t0G51p9trLLAT5hXUzLSUOnTDC39pg6 +EHFNSPzvfKevzD+cf30fsmGDEiUv+up+fuX7mqzJl/2kt3SJ6iR0ef1vi19U8grl5vXz/71xBRz /F8mXxT9sHJU60lz0vc9eWdU7LmO0++1Cp5XvsmkB103BfYos6/ikhIv7hcc3rbY8etdryaOHd+y pSfzCz76XgKxpkW1+ZtvLO0481DTfeUuFrr8qFLc2ynn1/KAAvVTn/208LQFQ4uERHTK3ECbU6rt 1SdfdSmyPtW+6yWPLLhYv9CTTjuuNm/aaO+RcX2/GZLe9+xe7oNNUywu1qKcKr8xv7q3YmT+WRGX MwxzzxzQHG2bvg75bno83xmNwzIGk1sL+T3NNST2MDzDMg4c/jB7M5Y0SCDwIUl9iT9Y6XnXLiE5 fNnieSH9b7xQrV07JAdsqKjmUU0bR0emLtopumW7DlHRXYjM0ICFhYSGhuQLC0UyC3UWQ+3F/5s8 +48YbEmHOvWS+pptTDGuUerUxcbGVG9TKNnRdnv3PLjZ+s3oIP/z5/JH9wlemSs29Pbbs1uKVUp3 pAOcylPLGLh7Qeqyj++3nFex/JAZ67uU/2J8aXkyLsO5iZ0GHPixY4kex3qderT+Yfj0XfVKnl44 /5PzmVuODp41o0PHmg8Sj7gcl2dEh9ijMQ1Tdi7Zp19E0MGOn+mYMkNmLInKdTKp+WZYdJaLMblq nAn01Xl+aEiTuD27GpYKqbI6U8DlIr4DHbL4Z067I2+l/1PdmUY1kWVxPAl7wICJLCI7yB5SQRBs iayGRQirUSSAoICASEgjEFSEKIgIgrLLYhJEERLZW2xQBkUNi+wiiohsHRZBRBRZlAnYKt3tzPR8 mOOZT1X3vapXdV7976/uve+cKgxVG5P0iKbPG03A4Smq6jzaN3c9sT3A7kB6vtmJYTP4Qe+xtNx2 l3hlx9HwQqsZbKuegX5uRSghXzw3oWl9It6gjiHgztX5hWBunBnZBwivkAGx8nFjHoCLs1lDr++S ZAVW0sLc3BwFxgBwXoHfUxNRMDfP6sCc8PdrG2RllI/taFynclzqQMb+7QXowKsGNT1IYOPXgzZA uIVkoCBH0FFOOmMKMv4Dy2AMyn4jvEr6yGbEkvoA1DHVefgKYPeZZZaAObCTako1jjH8+yz72k3i SHsFQasUc1pDMQuAA+U1FNP/bwK5FYcx/TzqX/kFAYOct+04qYwtngg0KtWu9JuAoY4UWM5NuB+d tN6OfGLKFPzUNIZE5yk2H7fLiJR3ZWBQ1r/SC/DZQ8TqqooP5EpL0tyOceOTjQNC4r5N+dlyyAVB u3r8I+SQVUcNkV2wjs6Vj39ZFbdrz0yqSfabt6+nhmJkdQyq8JemHRWj1a9QpJIHU/ikZwZxH+Jp jaOI/As41qaORFKqelBAluQHqWnHbp9mhWWC9CN6/G2VMvIBvBnd/tH8WN5efF8WZKcZyn322Y0u ivaRpSupiOEJX/Z1uuYdloYIzOt8Zu87+gJcWcBLP+VNuKxVdfsAfrQtLE2C0KAr5t6XLG15HnmH qWMmNSUiKgly7dN1kW/JeCgwFQ2Ltw2AIXCY42oW2aT2t4cb614R8/Zc3HMiJYG6yYJr31xrng80 OH/rJBIlzvqNpAefDSw18KHMO5QlbBHzkoHF9Ym8ODgb2ILt6hQfI9dzV3QuavbLxuUyoIsIFSPm 8PzA9ZPYar795l77jXAlJq9wk+Uh5B6ojkCAVCRadhDm1DdCWxwxF2EezFi2E9M6XssjHz6Yaqzi ey85MbUhoSdL/sY6QvY0/UbMoVNCfsjqEH+QdBpzRuzYe7FTSrdiW/0KzNGoS8+HgjBPQBGe5u0t sQ1VEgswUkJdHqYYYuS37JuVNihSIFKhZ8fffQ8DUHj5OPx+/YXfYod0Vvkt9SP4DegBOgCH2Lpb gJVgVBu9anJSbY7549L9/0Tvy7TDpf29FhfVj/trbRy4PTh0P9Ne0Y7Z0ieBUxKear/Wbs0MBuTW T/A9dkoVtUzZZHLxRgYBUH4G8h89dvvVWT7hORh3xvTZZtmmLUpncmZmfaQ0l46xY6XH2bg8Wp2i Y2PCws5WgTa34rYSE276/NXDyT5PVJ9jHUti2kZUsVoqjBjb3Q5Cw1yai35JScCRM2+dgZyFiO70 8lH59IgPHYi3/DcdAxwqdiZdtgBZmXuvV1HzLkgf7uSNsqLPn7623nyDAOXy6cndYZ/Al6Tt+KNB IgB28uYLRWx1PdLpcrFMmDE6tDmrf/upZJoHpFJ6XenSXFYZuEVhl9PyPM+9u3KCX+hdxJmRa/+O 3t9NhP9Ab5G19F75cTkQlfEZvlFJQFTC9/FLO3DF438uT4oImSlGs6LmM61/3jvLh9Dy+r+h/t9K 3TlzLZIed4/AZba1b6yCGdrbQra3AZdqBQe5BAghilruHEus0uqC0+MDPKv2QJpwcgi7zL5wo8E9 1cV7L0kNSINjGNVhM+faXm0HTw3eSYTysBIsBqcdRftsiy4OsxP8HkfW/ZYyw4uK5hq7oK6kQFx8 vzQclqm1bo5vkFgjgcs57w8lpVbRtmX7IO/bw8Y9CYZiGefkDAf5JLXnm9FWIWiMBkmQNU7ELEdD Ef13oR7np59UiU/gzp28r6vhllc7UXNC0ORYlyNJfgporA7zIriAxaEbYB3PNmS8M7jlvbcciWLP R8c02+NHc4gphxnbrLvek2sLJcI91V7Ts9R0eEMlPRswMgGylGnBh5rVrablI/OvTlQOXSkI1q3C 3Q9ShCuHCBo4xAftw5puqCkvL7HxYV02WY4ky0fmigLeoyZwN0lWroJ8m+mYxlj1rEWzZlePdqS1 srqFkvu+cfzrqy8ycxp/CrwdpRLMu34qRL42i1Kn4vRLqR/mLC3Eo+IIDXG1ttB8Gh74MU77cNmn fntWvGKD9+0c6TPwgxAMstg5sWpYfqSypPFARZgTT5exlh0jpSQ/rKicmnZU8unFM4ijCijtAv4j VJf4zbXU16cb5bsnZGwbLk1ZvpwDewWeFTzB8mX9dmT8WnoLWm0Zdt+F0GOzidazgMo11Not5t+A yPuIpnBzXJj7GgQMBjju9uPi5e+XTb4VkalR9Svh2u/6FeBCC62tUHNu4JsliIYBa3tFV4LBLydy ozlQSstOPR/HG5GIxShuF48Q2iT+opIIHFxzihAaDzhR1SNVQTYgX9ABEAkUuFrk9gYFg+RATiAy iMixfDjtHpy9QyAyTTlS6V86azCZGOhD8iAeIsv96aXCTQGDPGq4rPbjmHpZRUu9eg5TBRfib76L GW8dtTVs65Y8/i6y97FfYmSjjbnh9JbW3o+2yT5at4lbKcukB9a9aezcQQOeoBx40qN1Js3lLvsy qntu8Vsn1yemz5R37OetL2ph3grLj3qKGGrfFlPPghu2TtrEMc6hytZlYKv54b5Cfos5sPpQgeHD Wzzop+tjNzqLqbDfXG/SFNgGf2eT7D0FHpoH4yXJaaXDxVAFxrx/+LB4pr9FjivLclv4ZmFrKYnZ heDCrffKxRzqRoqaRyxNgZ9ja8cNh+RT4ZaVfp7MhyNP2YbB3RcYB5/fnXkxsAGaSRPST9tl03lx x4HXo46dOqhKGgWiClAgSt+eES+aAhHlNK1fVeX5HxYFfH9FYo0mXQGJtZIU/LayAuZc/GsPD1p4 teimh9ZHb92irYPe9xdF7jAxHnmLTzTVFf0FN94+ecM2U4LwJ16vaIXmziocIrTbnO1PQ6mp8GQf 4jIuzOPVMSphfTpzJ2Fa0IBmg9VqrTFRjn0Ju0AKUYgOvHGOHXDPxJiNHdmogfPKXbaGagc9lMin Tbne5VJ4pp/vzK9lFkWgans40aWOC8dKRwi8r8M7iExdd/7Vf1Ho6jnuiKXrzzEJtwplYvZCmw0k IaWf/J18y04wnC4Jbm2iGqjSGl26Uo/Oi7WHINDMUOVKpWY9Mq9MnP/oUseSBlwXHNWWEy5tthxm Rk3SfWu/0foCRrJbBh3qWn/rkGLxT4jTZSi3f2zsP1bSBW7rmAa7XVPzVG15yHyA8r3S5so4rTGa Z/4gUAn57glxQqDBCPRP+6hHjg0KZW5kc3RyZWFtDQplbmRvYmoNCjEwNCAwIG9iag0KWyAyMjYg MCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAw IDAgMCAwIDYwNiAwIDUyOSAwIDQ4OCAwIDAgMCAyNjcgMCAwIDAgMCAwIDAgNTMyIDAgNTYzIDQ3 MyAwIDY1MyAwIDAgMCAwIDAgMCA0MzAgMCAwIDAgMCA0OTQgNTM3IDQxOCA1MzcgNTAzIDAgMCA1 MzcgMjQ2IDAgMCAyNDYgODEzIDUzNyA1MzggNTM3IDAgMzU1IDM5OSAzNDcgNTM3IDQ3MyA3NDUg MCA0NzRdIA0KZW5kb2JqDQoxMDUgMCBvYmoNCjw8L0ZpbHRlci9GbGF0ZURlY29kZS9MZW5ndGgg OTA3MDMvTGVuZ3RoMSAxOTE3Njg+Pg0Kc3RyZWFtDQp4nOycCUDU1fb4z/1+Z2E2mGEZlmFgYJhh GRh2FEQYERBUVIQpcAUFpcUkFLcybVMjzcr2snrtLyuHUQvTysr2rF7Zvtny2inbXyoz/3O/Z1g0 ey2v33v/9/tx4czn3nP3c+693/ulMWAAEIEfMphSXlc97q6Oi9tBeLEYIOatirLy+m/qPhgL8O52 AI2iomzi2PHKiFEAb4ZjhRvHlVdUfvzodwDCcxMBxC/HTZlcF/fyujcBPtsN7No54+rcZRcVj98L whoLQFX65LrMnCPqNzYBsNew16a5C5rb79n84+kAOVHYXsncJYstmdX51QDuIABF0Lz2+Qv+8lnZ XQAFDQCqsPnNi9ohCqzYvwzr6+efunzeS8bkAwDT9QC1I9tam1u+/EZch+3PwPyCNlToNmi+xvRl mE5qW7B42aJHE3AswkiAzAOntHacdu3Myz8FePoq1H156sK5zXMX194JcFcVQNykBc3L2mNlxtex fg/Wt5zWvKD1nep6bH8fim5G+8JFi/0mWAPwxoc8v72jtf2Jg4udAKWnolGvA25b+VupP7UUnjU7 pPh7iMZpYdj1+ZnPcj6nm91z+I2+DaovgqZgWRUIQAHrKcAHbK/6xsNvHFqj+kJqaUgIepprQuyw CeSwDESsqYdMaALQzsV+BcwVZeOF3ZgbJL9anotNxhHFF+B+AYJACFEKokwmCrIDIPhdcJef+gWo qbNYAG1kWUVjUF4v2C3AbuB54h55MJ8pth48OBr2PHrvdYiEPxBkxTD5t5QTP4YNf6T94wUh8c9r qz8ofH9em7KywbZkZx/drvgklP6WNuSFsP7PGs+vBdk4UP/uOiNhjfgMTDtu3iV8Tw0GcePR6d/d 13WD9QX9P28L86N+Me/I8esqqmCN7Inj58neAPdvHScPYt9gOzLbMXZYCGOPW+cMMB3V511w3m/t T5YPJkUXOI7b7j7Q/Fp98VsY91v7GuhzApwlNkLV8fKUK0mvCCZi2QlH1VXC+N/b339z4Lbqj7Mf 4ZRfK49lzvqjZRTnwFlD+/vZWGqO77NfLD+kLeG1o9sVs6H6eHXk+4/WC4///Lki2/rrzxpeRu6i csqUXy/Py+B4l/9auf4gPgVG+Q/8LnKcvKfB+Fvb4UF4CAqE72GaUA4jkUXCE1A0kHcYprEVg89I tgSmyU7Fsj+hfA+FvJ5UDjBdBMXsEMTyOsKtEC0z8ec45t32x57N/20B1zWw9//ToxgOw2E4DAcK wrXw0S/mnQTP/zvHMjSI7RArlsLo/1T//yyI5/z25/BwGA7DYTgMh/+dQQyjv8eIRqjnFO6DZUPz mefotOyawbTwHcVFHSwT1tE7lbgMTvufHvNwGA7DYTgMh+EwHIbDcBgOw2E4DIf/P0P/O+bQ8Hve Mwfq4Psmf9eU2hx+zxwOw2E4DIfhMByGw3AYDsNhOPz3BDEgsfTvAlgOpjAmpoCM8e83FoAFZNI3 HXWQCGNgLFRANdTAFKgDN8yAVjgJ2mEpLIcbWbY53ZxtzjcXmkvNYyyr/H6pBx22MLTeVKleM7TB qdBxTL2SQD3m/x7A/6j/ef+r/o/8P4IS2wkTw/sHzSb550L+52sHf95rDvzriZyjZpcmfaZAFuqL 4PhBFMeLV8I0mMUEFsL0LIbFsWlsJlvIOtkStpJdwNazi9k1bAfbwx4GBftBqvXDsf9aA9NC4N92 CPDPAxvS778S+L+PCQXuOwqZAZZLnyei4Kzws21oJbF9YBgD85VSOGeJA/PG+NCZA3viXxrtvyOI /xONsnnDe+G4ewFclbNnzZwxfVpjg7u+bmrtlMmTaiZOGF9dNa6yonxs2RhXacno4lFFhSNHFORn OjPSU+y2JGtifFS4QR+i06hVQUqFXCYKDNIrrJVNFo+9ySOzW6uqMnja2oyK5iGKJo8FVZVHl/FY mqRilqNLurDkvGNKuqika6Ak01uKoTgj3VJhtXj2lVstPWxabQPGN5RbGy2eXileI8Vldimhw0RC AtawVES1lVs8rMlS4alc0tZV0VSO7XVr1GOtY1vVGenQrdZgVIMxT4q1vZullDApIqRUFHULEKTj 3XpEW0Vzi2dKbUNFuSkhoVHSwVipLY9irEcptWU5iY8ZLrR0p+/pWt+jhzlNDm2LtaV5RoNHbMZK XWJFV9daj8HhSbWWe1JXfBiFU271pFvLKzwOKzY2YepAB8wjt+mtlq7vAQdv7f3iaE1zQKOw6b8H HuVTHDAT5vfHAceGI8T5JSTwsVzY44I5mPCsrm2gtAXmmLzgynQ0eoQmnrOnPyfCzXNW9+cMVG+y JnBXVTQFfpe0RXlWz7FkpKP1pV8b/mK+xSPam+bMbeNsbu2ylpeT3eobPK5yjLiaA3Ot6M7KxPLN TTiJk7gZahs8mdZ2T7i1jAqgwsJ9cFJdg1QlUM0TPtYDTXMDtTyZFeV8XJaKrqZyGiBvy1rbsBNy /Qe68yymbbmQB418HB7jWHSKvaKroWWeJ77J1ILrc56lwZTgcTWi+RqtDa2N3EtWvSf1AHaXIPUo 1cK5HVO6vzCfudIWZGkQTGIj9xYqLJX4YS0rxgw9uktKco+WFVsamAn6i2EvgRI8dlQ7mBBtY6t4 lsirjq0yJTQmUPgnQzIFxiS3eYKGtKVHxcCYqJ9fHBqV5gNKtVS0lg8Z4FGNygMDDLR2/HEK3BaB jrFGEHdnVX+WaMOdizoBm5FU3ItRFg9MsTRYW62NVlxDrikNfG7c1pJ/J9RZJ9ROa5C8HVgl9Uel KH8kpTyQgNn9CWEsrsFKh6nfrVJ6nJQeSFYdk13dn23pCrJOqOvijVsDDYIFdxBOWmGvbr5wZGge bs1KPN2slc1Wi95S2dXc4189p6vb5epqr2hqK+JtWKtbuqx1DcUmaaxTG1aaVvCuQmECm1BflpGO Z09Zt5Wtq+12sXV10xp26gEs6+obvAITxjaVNXYnYV7DTgue7ZJW4Fqu5AkLT/CWpmIiSCpv2ukC WC3lyiSFlJ7bw0DSBfXrGMztEUin79cJqJORziXpeEAnRbWhifG4rbC0cPec2djW1dTINxcY0ZX4 yzzMWgIewVrSzQSF1qO2tpZ5NNYyri/l+lLSK7heiQuDGRkah59JXU1WPKdwQTWAidFSFHmTlh6/ v74hYZ+ptzEBl9oMlGkNHpUDz365bTyWG8elCdXjPKvnNvNxgLuB11Xaquc24rLtbxCLVHtU2IIq 0AKWqJTq8OWIleaib9CBUv3VmPCsbvQ0OninDSc1SstZ74EqaxG6ndqU23lHmY1dodYcaW/iVlDb 1nKocGxQ10AaEyaxs0YyklKLI59rxay5TRa0tgzm1uFSp7NUbSJNKx6JMnurJGpTIBP4tESbRqf2 qJzYIP7yuMbJt6TcpmxspMFLqbWBAti33qPBEdmHmDJQAa2DWdV8LPi7FofKiz7Mm6ntganWZXiy 8EFLLSkx26OzVTfj4U/1NaixjuyvHMTPCE2gjb2kVfKZa9Huoq2+x3+7dXnCkJCRbuUPB74wwbQT FzY0dh2r8Ex3ZKQHHavVSequriDd8SuQvYJ0A0QldKvEHuEnb5w5vkf4hzfOgfjRG5eO+IHwPeE7 yvuWUt8QviYcJHxF+JJK9hK+IOXnhM8InxI+IXxM+Ijwd8KH3jgV4gNKvU94z2sORRzwmqMR73rN mYh3CG8T3iK8SUXeoNTrhNcIrxJeIbxM2E94ifAi4W+EFwjPE56jQewjPEt4hvA0dfsUlXyS8ATh ccJjhL2ERwmPEB4m7CE8RG0+SHiAlLsJuwj3E3YSegj3Ee4l7CBsJ2wjeAnd3tgchIew1Rubi7iH cDfhLsIWwp3e2GzEXwl3UL3bCbcRbiXcQriZcBNV/wvhRsINhOsJmwnXUdPXEq6h6lcTriJcSbiC cDnVu4ywiXAp4RLCxYSNhIuo6Q1UfT3hQkIX4QLCOqqwlrCGcD7hPMK5hHO8pjzE2YTVhFWEswgr CWcSziCsICwnLCMsJSwhdBIWExYROginE9oJC70x+YjTCAsIpxJOIZxMOInQRphPmEdoJbQQ5hLm EJoJTYTZhFmEmYQZhOmEaYRGb/QIRAPhRMIJBDehnlBHmEqoJUwhTCZMItQQJhImEMYTqglVhHGE SkIFoZwwllBGGENwEUoJJYTRhGLCKEIRodAbVYgYSRhBKCDkE/IIuYQcQjYhS4LIvFFOTGWS0knI IKQTHIQ0QiohhZBMsBNs3shRiCSC1RvJF3SiN7IIkUBKCyGeEEcwE2IJJkIMIZoQRYgkGAkR1EM4 9RBGylCCgaAnhBCCCTqClqAhqAkqajOIoCSlgiAnyAgiQSAwAkhgfoKP0Ec4QjhMOET4ifAPwo9S t+wHaUbse1J+R/iW8A3ha8JBwleELwm9hC8InxM+I3xK+ITwMfX3kddoRfyd8KHXiAuMfUB432sc iXiPcMBrHIt412ssR7xDeJvwltdYgXjTa6xEvEF4nfAaNf0q4RVq7GVqbD/hJcKL1NjfqN4LhOcJ zxH2EZ4lPEP1nqamnyI8SYN/gvA49feY11iG2EsVHqWOHqFRP0yN7SE8RHiQ8ABhN2EX4X5qeic1 3UNN30dN30vYQdhOHW0jeAnd1K2HsJVwDzV9N+EuwhbCnYS/eiPw3GV3eCPGIG4n3OaNqEHc6o2Y hLjFGzEZcbM3YiriJm+EC/EXKnIjFbmBilxPRTZT3nVU8lpKXUMlryZcRRWuJFzhjZiCuJyqX0bY RLiUhnQJlbyYSm4kXOSNqEVsoJLrCRcSurzhDYgLvOGNiHXe8BmItd7wmYg13vDxiPO94dMR51He uVTyHCpytmsr8mBIRfxXwVXxB7ST4h9BeRhlD8pDmhPivSjdKB6UrSj3oNyNchfKFpQ7Uf6KcgfK 7Si3odyKcgvKzSg3ofwF5UaUG1CuV7fFX4NyNcpVKFeiXIFyOcplKJtQLkW5BOViVVv8RpSLUDag rEcZoxKOCIfgBIgXDiPbIJ6t8obx7XiWN5QvrcWERV4DX1odhNMJ7YSFhNMICwinEk4hnEwoJozy 6jmKCIWEkYQRhAJCPiGPkEvI8YbwdZpNyCKEEgwEPSGEEEzQedEpPUxL0BDUBBUhiKD06rirFa7p yC9RelG+QPkc5TOUT9Gd76K8g/I2ylsob6K8gfI6uuU1lFdRHkR5AGU3yi6U+1E2oyuuQ+lhq8nS K7wGvuSXk3GWEZYSlhA6CWMJZWSHMQQXoZRQQhhNU44ghBPCOHaKoih4XfG3PCgKsB1lL4ooAo3l DEIdeX0qjayWMIUwmTCJUEOYSJhAGE+oJlQRxhEqCRWEckIiIYEGbyHEE+IIZkIswUSIIUQTomia kQSj61pkH8oRlMMoh1B+Qgf/A+VHlB9Qvkf5DuVb9Oo3KF+jfIzyEcrfUT5E+QDlfZT30Lv7UJ5F eQblaZSnUJ5EeQLlcZTHUPaiPIrSg3IfevxelB0o21G2oVzLvS/0kY1XEs4knOQ14FWItRHmk1nm EVoJLYS5hDmEZkITYTZhFmEmYQZhOmEaoZHQQDiRcALBTagnZBKcZOoMQjrBQUgjpBJSCMkEO8FG vkkiWAlygowgEgQCox0JrpuQfhQfyido2FdQXkbZj/ISyosof0N5AeV5lOfQ0DtRzhdt8eeJzvhz mTP+nKrV7rO3rHavqlrpPmvLSrdm5aiVE1aKmpUmxBkrt6x8c6XizKoV7jO2rHDLVoSvENTLq5a6 l21Z6tYsZdolVZ3u+s4PO7/rFMM76ztbOhd3Xta5HxXKWzq3d+7tFHv8e1yhnSNHVa7uvLhTCMd8 ATpZCFcndGqCKxdXdbgXbelwyzryOoRR33WwAx1MyOpgUzqaOgQsta0jKaWSl87vMMZU6juyOlwd 4ulVC93tWxa6Jy9cuHDVwhsWPrRQvmrhxoXCVowJroUqXeVpVQvc7y5gsFvwgx5lj+D3iuqFuwQf MPhK8Ln87BQ0wMloiJOc891tW+a75zlb3K1bWtxznXPczc4m92znTPesLTPdM5zT3NO3THM3Ohvc J2L5E5z1bveWeneds9Y9dUute7JzknsS6mucE9wTt0xwj3dWuau3VLmnVLFxzkp3hVgQj08QiMPf 9rjVcQfjZJomc7tZaDcfMB80i+2xB2OFVSYWErMqZmOMGIIfAn1Ex0dvjL4hemu0PESKiNr20NWh QrthtUHIMrgMLxgOGGRguNEghGwMuSFka4g4OWR2yFch/hDZ1hC2Nfih4OeDxcnBs4MXBoshwTwt 6l3BzuzKEF28zjUuUycWZ+pKdZN14kYdc+mcOZUuXVJyZal2sna2VrxBy1xae2rlV2q/WnCpMeMr lV8l+FUMRGZhDJgeIQZxH7GI+Epcj9uMTM7watFdX+dwTOhR+qdO8ARNme5h6zy2Ov7pqp3mUazz gHva9IZuxi5q7GbC2HpPOP/DsZQ+f8MGKDNP8JjrGjw3mhsneFZjxMUjfoyAudsIZY2OWYs6Fy1a 7FjkwA+UWYtQs7gTfyUw/ER2LuY5ixcBFnH8QuAlFnF0SoUWdc7uxDYwA9WLJDVPzZKK/FIb/9bw izP5dwT2n+z8/3aImj0LQHk9gG/TkP/ifTb+XAdbYAfcDw/D0/ASfMvU0ATnw0PwAXwG38Bh3KZK FsFiWerv/urALwbfufIFoBP3gIL/X7v8h/yf+v7q/xRAHjxEswlTkTL7oMYf6u89Vufb5OvxPafQ gF6qqxeeQe1B1us/JJTytL+Ap4W1PC7VOKi83rfVd8NRw2mHDuiEZbAcVsAZsBLOglVwLqyBtbAO LkBbrML4hbAeNsBFsBEuhkvgUtgEl8HlcAVcCVfB1XANXIt23AzXww2BPJ6+Hn+ukHJ5zk1wG/wV 7kLeDLfArXA73IHpO9H6d8E9qCMNpe9GzY3wF9Tehlpeiuu24o8HusEL22A7+ozS/ake2AP3wn3I nejNXbAbHoAH0Y970LOPSDqu6U//ckn6fBT2wmPwODwBT8JTuDKegWdhHzwHz/+hnMcGNDz1AvwN XsS1th9ehlfgVXgd3oR34F04AO/jqvviZ/mvYYk3sMzbgVLvYam/w6dYshdLUjkq85aU+4nUwn6s ewA+ZEHwPRPgMPgxxr13heShqyU/cu9x79wi2Zn7YyumuYduH/DN3Wjju9GfPMXj1wS8cQ+W7UYL 9tvv+FZ7LuAdsvduLMNtwXP2BWzxRMATvJ0HB+o+I+V5pXqPDLQ6aFGa4ctDrPPWEBv+HT6SLEPW o9xB6/ESH2IZbmXextG2fR/rkvV5Xa4fWofnvYHpT/F0+AItzfm55InP4eOB+MeB/F74Er6C76XP g/A1niffwneY/gE1BzH1c+2xmh/x5x/wExxCDx6BviGpvmNy+sCHPgbGmMBE8A3GBrWSyPCKocAz LYipmJppmY4FS9/2UR6ToxnIMfwsR3ucPJWkCWVhLBzPy0gWxWKYCc9NM4tj8SyBJQ7Jix7IsWCO lSUxWyDPKNWMHqgbjyUih5RNZVlsKX46mJNlYjyb5bF8NoIVoiYD0zmYLsK8LIllMAXmwKlwSP6J 8Cy2H46nSjfI8QReJL6JJ6YISiiEGpgE9btBxzbjsVrEntleXh6UoXwQkwJY2DMQhObb7AqTCTqT qdSar1gv1hqqS5XrhXoo7Xvn7cfxY19oYeY+lvl27yu9+r7HDYWZvft7s7OYIcEgSXiwoFQqFNZE p5CfbC/Izc0pEfLz7NbEYEHS5RWMKBFzc+IEMbxfUyLwNBPfPDJZrOhLEpYnjKrLljOHLTI+LChI jI/T2XItIRNqrAUpMXJZkEKUBymTC8qs7qXjE59TRyXHmpOj1EhzLLLvEXnwoW/kwYdPlJUf3i18 UthQkqRYrtMIclXQ5pS4iKTs2NETdCE6ebApMiZWGWQIVqdVNfddHWOLVKsjbTGxNt6WrW8UWiTS f0j2qDwcEsEO7/Hrp7thJyT5P9muCWETrT3+T1xxPGbT6qxROjCyYKNdo7YmqsEiszKD1W7DVzpX nEsDWhYqarXJ5iSrNU6tM4I1MUoZap4a6pa7Iaq0tDQ0snCkIdeAlp09a2ZuTE1vDovOnDUzJmpf Tu7KtXv3sqi9s2ZSNDsLL6mmo4exg0f+ld6ysxyORpvRSH5LFhOUwaI10W4vGMHIWZFKq5gg69Yq jCOzcwvjtLITfTFTZTpzvsOZF67Qso0KvbUkd1RlskHxCLuPLZyTlBYhF1V6HZP1BYdpZIrINKvs TEOERhQ1xrDH+97AN6vJ/s9lWrkVV+WFZFtvLDgeFJ6AYIhizZAA9sAU7fy9PKxOhi/d9+VnRXFV Fn9xd6lOwPnE1PQ59veW8g+GaxENZNr9RxvIzmq0hQfT4s0LLSjAqSsiAuuUr+CI8DiBL2huEplW VKiNpdM7y89/5YopDde/fX5Bi7vcpFaIMnWwKsRZ3VpZs9ydnnniGTWV86ozdWptkGxvtDU6NDIp wTj15u9uupXBPdNCzXZTaKw9Ni4tRmt1WEs7b2vruP3U/IQUS1CUg3+DdgOAuB73bzp4yErdMck9 wqWuEFWYJcwCKoiJ0uF8Yu7HWxvO914dq7HbFdE9galH9zCnS6WrTZZmncz//uBS1Euz7nWU9jpw ETh6HSwzM7SwMDNTz5eC6d4/o0kypWBNSLTnG/IKchPQZJIpEwzHRHF66hBV35KEjIwEYY0qWC2X owF9OWytKoTHQ1S+5exFHp+PG12TnC5rS09WRyfH4XbX+PZqIvEAsEeqfZs0UcmSxfyH2OW4ayMg rX/PgnDZDpdaP5U2AMvEkeI8t/Ur+sfK3W4IHEcR7HJdXE6yPTdOp4vPsSfnxOmS1Hq1QoEfssf7 Y4H+FKejh4rhderPpdFlZUVmZqqdUVExPULL9qRsrVaNkfsgqaA2WquJ2sUywAVO/8HteqswMbvH f9Bl4bFIPf/U0WdkZla2UxGfUhvvHti6fO/yOz7ftDk5OJP9vTmGXD3/MBSOzszNNeTixHb8ub0c ZR4r40cDHhLMahi0GT/n8ZRgufy8kMynOF1jzrIlZcVqBd8FstD4rMTErPhQ0XeFoInLRL1ZU5Bx l7Msy6JlUTKWqItPHWnrNiVHD7Gy+fCHOoNalGv0Glns4Q8G9GfnFoRYC9OO9IksrSgpJBhr8e+i ox9kIvohFlJhdWCvJCl2CZvAAGbhYZcKDDZpyeJB6dimUGitPQNnKHNsd0XUaqXp82WMa5jviv29 gR3x+yqiwfhz0Hq0hXCty+R5Tq7mZ4hMLD/ngdWnBhaZNjuFZTvrFi+tT/f1ZlXWpLYvKXUXxIrn L7hjUbFv7sDc12dmKiNLZq+aU96QpvFVJ452B2ZegzMvgHLYTDPfrncaUtW7hMfxpWeEcK03tdQg fcfBqe8fu76H2ba5XJGj+xWje1jqva6E2sj+ZTAwn0I8WHP243MenxmFaI7uP9bKkHWULDrFn5nH GBkn8nNBGSdGRhqNLM+ebLf3W6smKK4oJy3HrJUtjkjJdqVN7TdcRgKbnFtmmrTyRGeCa1axOTcj JWxBiNp3d1FZeG7GkjUj60fGJmpC1DKZxqBlCdkTc2N8YQP2vDI9WSZqCk5cWjPmlPqSsOCUwmqn 324VW1wNoXKF7xJTdjnf46X+T/GYskE17Oo/U8YIV+5IyknK0Zr4d09A6+TbbQSoWca9hhH4Yyzu N0lxD8twaceY5Kl1RmkdGfkfjF3yE/rPTLRqr8NAB7C+ly876TTulR5lzj+p2f5FmeiU9V+56G7m VATSxz7qFOL6iefcM3fsooZRMRoZHsDBuVMWVmdNzI/NqpnTNqcmq6LzhkbnjCkl4Uq5ICp1Gk1W 5YwRDpcjInNyS1vLpCx23rxr5ucZ4xNjsp3xaTGahJSEyLQSe3pptiNrtHtx7cwNM53BUXHhwZHW GHNKjDY2wRRhyzM7KH8R2n29/1PZ3XiWO+BEsvtusAgX45o2CptcWrV9qn6qSZq7if99fsjcSxnd S00uzT8pNGiTIQe/IfCQH9TI7q5c9+Q5Kx5ZM04bj4sOHwX2cXNHl8wpt2njcu327Dgte3/p7nPK R5+580xxYG31yWpOH2+zV59SLmoGnxcCqHG3lsjSIQlSYMqOqMhkrV3XI9S61K5IuwWVGjs+K27a AXabOQ2frnqXSqsNNbeGtsnbgJ/NuJdwH+IFMQo3ZGFhaGGM/u0YimVnDV7iko+9xMnoEufQBBlH jcgeGauRjfHNGy3nl7iM7DClhk1SGJJKclNHpcYY8BEnXMJss60peI1Thuge7AnGk1hhTEsUr9aH qWVMptQatLf6JuJ7xRq8oRyU2SEOvTQS3N323F3CqaCBeGHzjhhNRIQGeoQXXOHpmphVySz53Rey D2QLC7NZdrbSxv9Lob4lt4cFdSvnQ2lvKS78zJmn984s5JsA3y1CC+kERi/JfnaVwHOCSedpBHdX 2ODRKh60lp7Q2lHp88alpsax2tZLWgoiUgqTMqeMSvTdH2ofkdW1KTMv0ZAT4Sgfdd22zKJUIxtb PKsqJyE4yS5eak+KK5tXlVxRmKYNSi49gZ1hdlr0RyKsmb45ltykMN83oYnZuDan+T8XL5SNgnwY 7Y2C5F3CS6DFl4D87RYzMydK/812ntDDQu/NzC7NFrLTe9gp3cqT8D1q/8xe6SNwXbXxuQ2+CMl+ 6cIpXqgy51ZNz+98YE1VzQV7Fjvqxo2M1cqDdEHapKKphSVNYxJTqltL8mpGJmuVeA29JTXLHBsV Ur7u2bXrXryoOjgyLjY7x2yPUpsspuxpZ02cdm5dcrQ5OsiYylclelFWhF4MhXhIfgjChJtxl8UI q/CGGcWyvMEtuHmyu+XkpcDmYsde8IY+3opqL3/5Yt87kgeKLtp30XjfDwlVi5tOOaWho8YuJF7+ wjmjyNiusx+5oHJZY05fc/qJq9GufD1l4EjSYbR01111nwpvumGgiulhwffq7Uy6jDKDV9eC28PQ rRhYOafjwPYN3GN/4foZcez1M4ObsO8RPlChCKMyGX74zmYVQcEqmUwVHOTbxc5FlbzZhO+INGaV 0R5rSopUf4gRU4zNqPL5VJE2/qRYg7vbiLs7E/K6rVr+lb7IJE2PsHk7RKa1anvYApcqKemY7Uz3 uMFBS8dRguHnJ1PC4JFkxKPHhkeR1rdUG5cjxZB2G5JdIMXw2Rivpimo2VW+tv64+PHAHXsNW9Ef D4yddeHYIyCM35k3b1frW6VRMv4sOs4VuQvPQ6lrnZl3HT/YofipSqeSy/HD74cobHeT/A7BDvfg olII9iggPwvfYW9R/LvGYdxCSl1reA8r7JZJHkVfSr0qAk4cMAJ+Ct+Fhfb54lJpyvFaVoF9ylpH ONE9D/b3fGSvOiolMC/5o7iiRkLV9vSIjOSoHqHRpUrUZaozMhLz8LRtcxkgMb8lw6gRzfYWc5s+ 4Bx+ESbnhOLtGp+nUfyqze9AQy/EgQP3eBfisNww6UJsjJA/qjFl2exZsWrB95JsZKklIzZE9L0q oNZuzzSpnfatGS5nvPZ12bu6eEdR8t3J6YPGzD7ytCFEFqQNEguOPD+g9aam6xMLU/r2CoVpRdaQ 9NT+9TcGrToKnN0JofyLeLGyLIRLB7EFrZq0SEtLZJs4n5Ze4VErT2HFx0WyaLcnW8Ol5+DPZmM0 RuY6xSEPxjEO+1OpWaFvJ7jimCAwVVRaYmJGtMppfyE0Psaoeto21iIwgTFVdFqi1RGtcqem29PY 45WXjImrrBoX5xOGTkYVZg73zZh8aZV1ytQpSWxP/+sfnk5u/2ey82XFEAbJ/HQKF27HhRQn3AFq iGaF3pB5Vr5u5Cf97HQa8gcm6XAacqbKzh/X9cy5Zz+2pqIaeeaj66p835hKWqsnzis1mUpaqsfP d8UKCWteunRi8bl/23T2C5fUlJz77DVTVk/PGjH7zAr3edMzR8xezU9O/yHxPlxdZnz+ZXfb8Y1j Nb5x4OC8YMADSrdNLtfaOCNatHxV8ZOqd+Dd4rgvCvwmLB96/RXvG3X6rYtOlnZ6rlnrtLP0lIlJ ZW1Vyb6vs51hadEnd+YWp4QJ78zeODvL9+BQqyqUmrzJJ58wYlKIXO7bEeMshcCYP8Yx5+ILYtlO UAt3bs/WOwx5/KvZ9lEGfmzFOgz4eN42alRkIQ5+B182tCmk8QdeCXAJvTLkaEhOPs61fuBhTZf6 waf0x1pLUYYjzxIs1gSbbZm28f3TwydGfevGtqKY/El50Wm2RL1bHeR72GAvLlhyWm5pWkSYUi0X ZWq99oOUQnuob9XAdB+wJyVWLZxQMG1cvl4dlzE6+fVYs/BMbJY13PdluC2P74//x96XgLlR3XnW KakOqUpn6T5K9321pFaf1W6777bbFwbjxjbGB8ZgN77A4CxsAhlYIAxZwuAcMJOQIQcJ7jamwQ62 g4PDBpJswpdhQ2BIQpbA4hxAQobQ0rxXJXWr293gTXY3+31j/vCkekhV7/3+9/+9p+6uvonHgCQN IsufQBZhNz4Wago16VxwUzmiyxxDYZWUBk7bWAZk7ZhEmcdc3WR8ixW6GkXAYFw9b7RekzjVecfX sY6dh0YLl4+UjRoVhmtYmk33bugItsSEyKJVF6/qirRuvWMkdVFPjleTOK5mKCbWPpLx5QOGaPfq S1YviqKtIO9J8zaXgTN7LJ6IlXaKDt6TcIrZsC+S7920aGDPSExntvE6QbTZfSaNYBd4Z9giZkJi ONcLT9A6gCxsALLgRTyHEQK4qgkLR4C8rjThuIKWBTaHpk9PPQ/np2rk7rRyyW50g56vQjcQzrq0 VY0WckSrwTENSxH4qebkB09Pc6ldqdnCemsYPP8TQLcjwGLFkQCM7m+Uo/ubHqNDm/nNjhm17pyr 1h8WsEc69n/z2qsf2d/OunLBMHBQ7vKyVGq45GTcmVA07WLQB/d+dkdLfsuhm7HtdX8x9c8rV5Uc rtLSQWxzvU/Bh3CC8YlIYRwRgO8oH5VEwUsL5knsRolmBNdmC1lzlAZgUeXAvBaVyyF5vWACQvFi g1fIgVBdjX2P5MSOfHtPiCcr32FIcymbKboY4t+w9witqymRzBk1TJw30TjOmA34P/ijJlhX5T54 C9fyRoZQm6N+MMZ49X3VejDGNuQiiUrTLNKWybC5SWylRLexglUb9PtZEbBW0lvZ0ubY5oyfwRuD EODmpgduS8NUwsor7w1lOeevTwL34wtNZ/bEyJUk5+/It/UEdeTD+EMkH5CaCt1BPVn5I4XbW5qS eQeNfxv7LsE6cvFMyc0Qz2JHcMaZTyRyFpxWpszaTNjVU58yWthZ09dzH0xhf9abGJDTG/kpHPtA D6AgTTE5AmOAPD8t51fpJxABu2Zcy9rh2YGAFSQiN4FsyrPZqjJsVtX5lZ4qv3yWf1lexJiWrfmZ VTPATm3ltFFraiulSh4teQY/AZKofLzYYmYN6K2V+6eDrq1YVyACBqzh2Mo+ECxxGpw0AX5hSG/1 DXwf/i/Q/qLRWvWbEoD5vfQIEg4jLZPYEonX4wL6joAKk2wT+kET2gR3NlGsFh1qakp1xSZRq+R4 VUTxg+KdIiaJI+IGEedEj4ixhCgSrsnqq5KOBVmvy8qjw673UwOwRiNR4KL9NYkdJhBrul6yjStr AaOj60dhbpmOwxxsDCjc6TKMpWHNR+L+xqORq0cw1AqFCoXaAhPU93yh5tdrPYRsAdSKjbXkc8US vs8UjyWj+tKdF/XuX5Npv/7I/jX6cFemc9NQnmf0jIp29ly2s/XKezck3tvQflHR1ttZuCTl0fFq Na/rbV0U7N/Rt3T3YKAY64yZnKJTZw8JnoDL7zZGV9+67qeGQN7XLBWboF/9WPUNAiF3ITGkHflM ja+0r3gM2wCC6jj2CYlCzHSx4CPITL2Mk5lEByVtaMDRww+V5TJFGW4Alcjh6TIFLKoL5VrIAJlx 9C+9R0PBI2w+15AqalwPlNR6i0UOlJCmyz91aXJp75IAY4u5PVEbzboywWDGxYqLF/dFNt2+JlL5 sz7Wnbdl8kV3YWMhuzhpQt/a/9StffpQS3SjXH2jOYb00zyjUjE8XTGKGY9u2a0Te8vbV2R1YjFS eXFxb25kC9DfPuChffhPQF79+el1ofBT2B55XcgD0tP60lcAbnE1DhBPon1IFkgjw6DD2YQ8/QTc JytRw/Xlnfj0AtHpXG2B6K+706yVorp3VynOXTUra/fhpNraMrAmtfWBHaXu6750eWS4u2ChSNzE 60NNfbnLt9nzw/mmweaQlmLVxKN2v5UTfHZeOnhkz61P39Shs7otnNVva0kD0bvvnr5rBoKekId2 xBAFKzVBXofsRXZPbF2/fDs0IJnScsQ5ia2fCIfXm57C1iMaEOfsQdYjcdQlMTt7m/7U0vlO7oq+ 1cfAbIeQXrRHotcOI05cHNLBxZ3hw/iA7HBhfjD1wtnOPGyUqBqGfrlXXpArwcBeKiayMVOQ56+e 6QiFasEOMT885lkgWgSg3AqcuJn42qJbBy49OCyyzmwgmHWyhlBzKLuxWL+knExTf8riDNIq3KTn xdySbA3LgUIAYKkhcFJjae6/SEZe2v6JJbyoc1iLu8cPlNYuiunxi6XOtm3/ZdPUy7SSaNDoVNdA wdXTPfXNeg9xG4baYmVPqjXMWfyOlrTdY1d44A66GXvcZ/cLnMVnlbl1y7euK5OkTUp07b4oS9Ks Qa9wiPwJOYZ8DLnxCLL/ymX4JLbuSF9pmQ4EEuslJt+eXwZovym0dhLbI9H7h95bsebtgRv7robc uQJZj/ZMXDucB9GnZ0LX3ueE28CTw92TqPOwpkfOdjrzZ3PTbJJLSnI4Kq8K8c8Ak3FaD1k1DSxm NivAy7GcpYERRD2sC802rOfNPfQDm9C07dDWK+5Zn/o2hNBkfDrVavJaDWoVrSEYvTdVdg9d0yde YTRBdDcZg+WgvzlsFgIUiZl4Xswszs7Rh0btkbbfAniIH7V1JbrGVmbSaz9x0VJaiLhK6crYaL+a UqvNAWcio9ex6tCy67agj6VLrohANyWXJCyWcNkf7whwAtSkaS4qmuRr1DnAxWYVtOWDwEc/R16N hEBGcG/NEjGO8jEM/tRQGrtWoo2+HqYcdhC6WN0QAz/YL1HWgSbZdjSBqyOSbpgcqi8PKVZYCWUV t0r9pfdoXJVr9IdAiaYNOj6tfjLLSvhztDXq9kZszJL71m2585JI/vJ71g8eaGNkc+5k3y9uKmZ7 42ZDdHGTPZsvesW66d40sAJY603QpLe3or+s2/GppsV92RWbC83bV+Y4sRSBuA0A3I6C2CaONKGk gtuE0ehLwDOT8SaQYADkfHjCmMAciacJGEYIWnQYIXgCGxohNhDYg8SjBEYQzjRAZIJDh+Gr5AWf Sb8WGrD+EdHxOkyP6ygriw5TVvAB6t8kZ91Ax18AocPZWhQxOnbZaPzsZaMwWX0ZGi8Z8f+3z5Zd rsrvW1BtwHW4KPNJjR+NBqZ+7mgd7Vp0RX+GAzYMxwiNtmXtnkX7J65r7dj3le27HtiSeRe/dH2m N23D0PdTifJol2gUjGqDz2bxWDidVdC3HXjy4P4Tt/Qs2vvgZd7t1wfaV6aBJfoYiIt/BGKTHHJ1 fQ2LwdaP52KmSWzDhDtma1zUG5YoKTkQ6LENKYJXX8dT0n4A4/j5fX720vpc7zAdeNQcCf6junE3 BsqhzOWFepxRf+36ZD/0COLCFrsxxlDsO5TJq6rvo3eSS0EQ5kOWKLM/AbLME4gTMYPYjEY86A2P STa+Xxn9T8Dg6wtIT8zz/+bdMGCEJhKYziK0hAfmjtzYsWp1a/vqVW3TY8cPAL0CIwWzyAy1NPcP tZYVLqEH8GfqNdgNR2j5wQvXYM950swDbqy/q98XcN+MdNZ2KXBaMwoCHYZGtQjKECA52gA3SfQo 06xtkpDj8FHHRL17/q0SC49hhh3KGFQUsAwjyNdq6/M9RhiouN05Gp4KH+kIw0g5h/ANgjU+OBCY nInThiWd1DXQ0ZNs7k8OzUgbjFVqxhEAVZYXj86WZfb9VTf7CPldSKDNteRRCajNKop1wuKvi9H7 C8HkuiLAKQBx0ovFQGrdtJjT9qjHGxPogU+PlC5ektNHhgcHw5ccGPRO44npk3ME/tyeGb5vHRkR 4m3BeEfY2Lb19mGkbgUAD3LIzTUexIwQdLdsDBA3UOrfTYDwV1Zutq7cDFDumC3QP42RQUGotkei DvT/zjfPzzKYP8oyTEN2/8qPsAyzYAFwbAR2oQ/kawRAA9aVx+p2wYTtlavLe2F1eWbTk12iuAG/ tbbvw9mYXclCV7MW5/uNxrXnhSrURNuByRv2P7qnuf3A4zdc9+ju5sqUObeys3lV0WHJruooryra 0TeuPf53A4s+Nrnv2m99cqDrY5M3L9q5IhVdtrMXvCajS3fCrLRyL4GAWTZmpb4iXc9Kb/mwrLSf X/ZXZ6UfdY/GrHQeEVgoKwXBy2XhrvY277Qs2KIeN8hOw4NLV6Yvh1np+/pod86WhVnphqbskoQZ Pbv/xK19nCflqayrWybilbpgXBlpj5qGbx3fX75yRZaDWelPu/tzy7coeoMdkys2u2p6E+KAxZRY xM7RHjpN41qchkED0AB6El0p0VJ8IMSZvf1mWe7rNmU9jEZO1zSG/ujPN2CjzH4BfFTYMRAp0BqT zW0wx5JAUeYoiL+judmpdXutDElg+GAgZafVGrU+0JaYeuFcFdmZ6wpxuJqiWXMMzL6/+gb2Nph9 P/LGzP6X1PT+l8WSiLBECk29VgLuhH5dX5KgISh5Sxgub1rh2tA2uP/MIW9ceQ1uWhmw8LB6hFhQ nrC8PS0UAJ/azpVRuca+fjTOnx0F/87aFiN5/y8/7S/YLYO9Xd5218rcpX0ZC0toWIqJS6uLYiFs CrYPLx9uD+Yu++Sq2DIpYQSJKa5mNVSoPJgRc14+1LFs+bKOEOoe2rM0zAlWczLh8pvVNrddZ4/Y 3XGvU0xIazulq4ZirMHMcWaP4BBNarPVrLP7TZ6Y1+lLSJcoXCI/B3LNe5DPnECasRSyGVmHLUa6 kF1Y95FA1HjDLTDnNHM27uquzV1GjjN2bSaGb0aGb4BHRJ2Sc29P87rtPeHXU4Ovr0gBWpN/LbR9 YM3bPcO3cLBEYuu7DSSgh6lhOfPMycnn9EoI3BwmL9uCDFQAfXBPqZKFvgJNBK+EL6qFk0xsLqLm D+VAQ7FggZyW/Bym0nBiqugcuqbXf6XBTDIctc0YBklnS9Ric1K4hoFsGGpkw4czsbB6R8kkcjZr 4crPbtl0z4Z0Pc9Ntpm8Nr2c5x5wimatDsR2IAldgT5bT0IXJy3mUNGbbLY3RefhX/uHc7/7yr4g SZi6Q9I1K1KNme9ofy3zhd5dqL6F3UUcRlqQTyt6+rher22NIv4kjK8EbbJum5OwoODvc2nrHVrI X6EvCwsMkrqmHsA8Py87t/xU7nROryRQTyDJv+Qmir8/t8bwYQzE7mIM/nTJOXhNn3iVUjPYzriU OKCxwACBZ1TkgUTaOAf2M8DIkyQw8mfmwlWtQrSIxeRSLIQ+DBy+GgtijyM1FIkMQLEL6RxPd/EA uiNxtzsO7P36o3gh3tXHx+HMWwt9JjDTieAwBQP0s53Pn4VbcpVME8g9AAvNWRqqY76PqrfUscB/ FfPV453KzoYZ0obAAnDgJwPiBw9PB4U/mpmoM5E0L4iKMltSQ/wcGItRMFsdFJT40ouhpbBoF2md gJBCfBWytK+rr6+v9WIdnPt4oc8AmRwcXgcNgloxCMAk5J7PpWHycDqdbyhDyVjMcH8ODueahDoO vo/Qbw1j9KdKDlhSqtzcABNOqnkxNT9Q6H+akSAdQ5oNsurKJSo1kKCUScfWsGqA0OmzcFrdQiC+ V9/e9945OqlImeopWcqOKFJGZutSpvoqwH07snXc07EMAs5uz23XbR8d3a7DHUshIxZlEfgSdKwE MEu6K4b7hjr6sn3NzfFliAPyIdhHQAaYaxZZgb8TVmvzcslDNsQyE9Ly+tb5yV8D7r7zkGD0Sw3Y M0ZxARGdQR6TYuKMfDfgL39Z5if2bqMEZwwLSvAM+AsrQMPXIfLXw8oeyLFzyFW1WI4JK2U9D2AC Z0z2hxnS1h+w1tPEOQU4ZeMMCPjlCp7ufD4+X7VuzgJ2sTRTt3sOhrK+qBWkNSvWHRz2ycCBYM4Q BMnPxlK9Xic2ZjTbbtuCTXdUND1y+oMtb6gBWEDuNwHmnUBW17IA3ueZxD5xVDL7vCqffxIblVgJ 8foi/T7G3s/UAlG4Mmy3vgzm0rCq7Xh8zodqEZN6+nzATF4jGIVSbYkYn0Bxkqi8S+rD3cVCd0hP Vt5VqVHGmQ1G4ebu76lU38W1znQomLbT+AOkTm/RffA/9GaWIFkzj4dNXp0K1uVJSs9Ojdls2KdY PUUSNAf56q++T/4YzG8Jcl/N+zldhlQiwccmsW6JcfHNOp7AW1r4tkksLmklnO/qz/fzGYbra5ms /nACvCbAq6SDb1p4XAj2C0PUUP3QVDwer62Sy1DU1sbrC+XK/luHxMF7zvPt2m5jlbq+gI6HZ97O RDINWDW8JX+s0vyG5H3t2WyHnyc+g2G3E1ygI5trB1dvUSSQj2Ak52Twwxj2ZVxrTweDKQeDj+PY VzFYegimHTT+ION1z2CJuSlq6hczyLp8DM1RBEFDYFkWAgth5uipHUztiqA4KEWVe/EjAOUAsk1B +ShKUTrEDvKARUelgN1L262T2G6Jk3R2T7+NNvbTg8QyZLBeW2mAsCZN8EQhhI6d9+MANh+uqEzJ GAqF0VBTw9I8DAQtJjX28R3UyHAkY8XU+7VmsvK81lpOx3NOnfpH+EmVMVGKlx2aymmbRc1b9Whc ZdPhTf6gWYOzNmHqa9hGu16jsQTlcyRF7Di2mXQjSRBFdYyrzS2T6DeOIH4/0jSJPiIZOa/XYb4j naYd90XGSvfSe/DdsvOX18b05TQwDM/XV81RpSS4wHL1TPTauFqNbQ7Fk37fJe2ppS2+yLJ9ywq0 NeaNtCc9tMHCd18l9W3t8jxVELMebUT0Zm3Yqzoty4XEiAAizGxP0uwwe8y0wazPxASb22IrrGi+ Q6O3GVxupxPMbi2Y3TEVi4SQEtI0Tnsyx9BHYfkDfULSI0YPrUt8QxyzXa3bnX+U3CMvA8KZNaT5 DevHc82YwhZ1rZhjVvJ07JhPWtfqbsokLIEMPNFJW0JOV9Ciia3Od60t275HCUGnMx9wF9yOoJXB /9C3e0WCsfitBaCsGkaN8ypaheOgqbzu92VWXNXjLsZt3vh9gYAt1gTksRn7FmYnnUgGKYxbkeAk elTS0eYv/ADuwv4SN4Y/BHT65OMGc18i8hX1Hrj/Oj5r/7W8t3yaGQ1pnUrhiDwpzI6TGvHi8p33 JEd2dRtj4aCFUbZsabTerKu5o63NXwyxFEWgeMFg0zNm5z/cNbJvOARML8foBYPOaeVUdsPwyMig 4NMKXihpLYAXn1UxQJMKSG6cshUgLxAkiR6ReL3nahuFR75uGcs9wjbIWMPiEVpjwHmt/gDB+qyY tnpM6uTGtsWjZbtP2tCZGgrCDcyukIX6trvocUSsDCWEnY5mP/ZLBf1iMpNdvqMN8CTu86FmtcIK dWUgELLHig53KeYQ4/W53A60JoikkK7DKRCVPHrEodc7QpPo1yUBceh0FHHno6GTISwUskY/7R2j 7rfumdm4LStOPXBWpjazYmIxz2LRzHoJdrvDUXmY8zdHo115H62laEeo2JN88IHYyO6BgasWe4/j +SZHxK7D8Pc8blfCzVEsLfgDLh3g29/f37d3JB7p3VgWmtsNnpgd7unHvoM9CLQjg6QPRwyQHU6E QQ9LHOLURwTd4fiYeLWwm9wtbw5u0ItZ29JCH77IgT0IMHc5gwIVidsLHmB2XM6QhZ5Ri3TrirwF +6WagVvRGTWabi4GxMpX6teNCiGKgY7VZYj/Muw7wKwx8gqH9zhiQX8L/1wK+ujjtOe3Nn6XPORX ztkaOz24UuPihZsyB10uMECgmuDVTGlTXVIy3dmVnBkVZtLQahxX05onC9FIvikq77QG+KFOgJ+y egFEgOavlh+Npud9LOqcO/2ZJ8zMs3ZnQg/kqweRDhf98DcXU216hUE96DclE6073DXmPVweaytG c7uiu6e5pFQl4MzTZ5U1gQ9h1dxrCIdSg7bUa/mEnjKHnJB94Ygt56lDFYzac9O89KczYmZjoe8i qy2bztnalmfNC/Nz7jVm1oF/mjOpXMwqCkygfUW5JpkPgPknkOThgH5GMnWIU/doeCwgeHfVpwx8 5tnpuvyHTHZmclAqH4BnGpwhRSrdlAUYZXkmaX9mU7FtZU6YNYMSGPHD54xYHiuGlIEtOA7GagTW QDyOmNCjsJ4O7DJF2x7gxvxfVDzLQhu11bPK4MAdJ1Zdv3Tl/qWB6IobVi7btzT8XcaZ8nvSbo5x pPytXfgfenavSEWGdvX3XLs8ERnaOeRvTdiEeFso1BoThqB2rEX/gB0DI4JerzTuydAQQLPs9UyI mc6kPQQJHZ9jF7+30fEJ8zu+WWI8jeG5jq9zfbstFgJhRk0uNEaPkPGnr2iXLm22y47PURTdBYA0 dHz9u5cnKL1d/ztYRCI0tAp7XQ3UACCbyqSX7+iFfk+MfiYQVPwe1LVX5DglNCHaEQ7ohMTa6VPh MZEzu3eZdyM14UfTU6cNDROYW0dW5EA5I4a+gpG0Wk1r9Vqt1e7WN0q0JRwUDTqXSY2jxAm7D7yS hMbgsVS+NVsQWsEXKEKtMXjBKNuALJBglJ3IkieQMnrPY96EN8HaJtGvHkHY2F1Z+TffLLa+bPFu W5kMjtF36y13k7KblndaQ289zx7rhppgEURU9Utilvd2ExgZWbKhLHZkPSwYrUZFuWMlvz8RblvS GglIlxQ9zQkXgFilIVWOSN4V8sXa+9qj+A3p3oyN0XGsy2206khOr7M6BbtZiHYVE4uSgobRMk6P UdASLM86TVa72RLpAnN1YsfRZ8gHQF6ZmED8njDkCG/kGM/O8EM25iHjzvhX1YrkPy8fbzk9dfrl hgCkULPAs4piFrnooUQi8s9kPKPRWsWQcesGSafV6TqhokL7M6YDl9fafTYPSaqB2XS5RC2lJjdu +sAXjbn3AEEiCNDscceivleDAZbkbLIMHcceJE3AZycPU34l/HBBq6L3U3h0l7DLOz4dfHTK7k7J eueGHg2prGVWJos9KGasXoMmtaXUtiInUIJs5alozFZyA/mXQ496rFHOZAIdK8voUij1OGgqPyo1 B0R0Tf0a+gEb9gx2BxhxGCmPG0D2io4flYw+rwZkr+g3QPaq9vp8Wvsu7W5kl2ILa8lrY+6KgpE1 JmKh0OzkC4uCYdGE6kH4CxeJeMGtxR9Uk4wQdrvDAo3vIIitOG0JkiZMTfFWSyXB8iBVonkGfcFi 5YHe4iqWqtzr9aJXUawK/p05L/YM/mcw6m5k9eNeX9aSTpuSkwBnxmcytJo06vZ2UyfMLvRqU3FX ut2EOyK7HLvrk1COIU1vz54n7Zw7o/DCk2t4i9/vkjX1Xpyxp0PhjIPFVqHYEDyTFI6kHSx+t5qg hbDLE7ZS2CiGbsQoE/B2fhOFbcOwizFGqGFgsTZg4NFqKz+fQUQQZhBhWQUROYT8+/oVrIWh72B3 Anx8iATjhrcnNBpaAAAdlXwWL2UxTaKPSyxtce4yU9wu6lp8H9I532Z72UDUUsUSPrOFuzS9hRu9 UyW1iVELRg78mMaN8aAYtrKqMWwTRlkiohg1oSpMr9cSYOhfxzDBxaswyqCvnEbRbpgdk5zDIv/d O/ykvJ+EQVjEBPdpnDiionC2D+l85flaqNMQT6F31jd/VHYTz9X2elS+Bu9DhNAbyIdn7vPf5ftc scB9bmgdGWlpGxkpV24hk73NxSXgv8oRcJ//Wf09hpDbgEuLIh4Q/WGTiBcxY3cdZcigY5jvAXC9 /P26u61LxszGlTm/xPNzlLbFPd6YjUbtrKcQiTR5tKTWV4xGS16t1luKRos+Lfpwff0Uv0Nr0qrU WqP2z8uizSLHic3RWNnPcX45Mv1B9Q30ReIaeWwwMsX+SR7bPx1l+BgY3ZUIGBp/em4sgM9YlDmj e4oWol5fTKDslLMQj+ddFOvOh0N5IHeefCicd7PoFkoLi15aCntBZwRDY426D5qCOa9O580FQ03w FXpQZ+UlfAd5AozMdhyMdBChwbj6xxmeRNIwj4dnAsjpA9UzRwLwyzWYkEtEsk6WnDpK1d8TP7V5 dMAlcoxqt92tvANPaa+mcA/xSv0pJfkppfN4ilmDWXLxSMbOEBWHGrNkwHsHQ9xhdeoIXM3RZK/N qcPhwXuA8vX4FdhPyf11CTBjKiBUPkx1NEo6Qr18L5CA53PgaT+ZF+Tp2AYPKSEN9jRlFu0OoOpW 1pHwehMOurKDMvntDtGsQQUUdnZl8bvqxVf0RL0gW+ma3Wc2wxOg2HPYn8lfYyrNhFz7XoU9jT1N vo2UkfJEPK51ATMOcix6nE+NR3hAVu+JwiRWHbeeICexiuwyG05cnT0Nq9nGWr4LfzQCKgk8e1Yv o3RgJTlol0+eKfK+Kr/xjosHRt2ciSEMnNrAaD3hnCc/kLZsvCzQFHJqGYOaMxCMCchvsiW89s5N TcSKS+/f2e7TU5zFa8t4NSq1yaANLlpb2Huz1mDSqDTejM0rcBRl4KimLfeCeV6H/RAbI18D85xE EPn6ObRZnvfx+jUhyv//ZP0a+4Z8/Z3p65fk62dknFoATksBTt3IoqPxf86zDxkM8DdUTUJfHgZO Os7YlzfkDULzl9vtZAhANS58FSBWnXVMLR5XVl+nmZzCZYMyN3jC6lDObPvFlsYHt7Z7O0sprZan cIalxKaeVEtbtv+i/mxiaFOzo60prCZUBKrWaTypFtENEojswJqBLP5kx2i7RwX8AMWbvY4QCJNM SZ8YD4bKq7vKq8tOjc5Aq1i9zRRy80ZeZ7GxYtwfKK4EKFyDfRunZdS+i0ALUpMeJAC8/pDkCmrD Op3FEg6xYYbBcW/AHg6GjmvDHpZVeeCv9hoRFYQgDw9XG8r5szkU/jSO/VlrGq5hlvlnlVeAiMVS m/D0zyXAHyire0k8H8Z+T5LhghgRNHimUknilCnkyYZU5G8JRoj4Qyk7Q77w5RW4kRVUZgrEKJq7 bofH3hgTKWixw6xOjWEanbYyPAW5WZMORETaDptA6PIzyaS2clYOUZuO3+S+24253YTxOAPZ6DlO 1Nh47sF2dPpItHxWFM7AZ64JOwgVQRc2ZjBUNltF0YrezxuNfOXsrw0GeJzt16jZYMDdSZ/djT3k snvSSe9/9SQFt1512KeMUJZXRIsIT4HrnyEqhAaA4nAonY0OqZY1oM2R5nI40twcwd7i9HoOe1mn 1+tqd4KSjsQRSaJExKvT+HwW1TH0JcBRHn3pcYtPzeFM2A4na8QZebL5fGdeTrnkkwaQZ0pwU3uk XAQOhXH9zBAU914/Y02IgeZC6JQ6nM/FyCeAHQ2GvWPuuNtCHfoCZXYEbHsiYm2c7NTbBpbjMG7q Hfl6QvQzloC1sgJ9xOYXGL8I5a6mnYgAOJY57FEfA4BoESv6qkQjWs9xYOTcx/VPAnxoGZ/5Dvaa G8dqESwWdf0XK4rYN2LLr1taCLc0hwOuydLWWLHzjD2UMqay3a3E/+rc1h95XR7akx6P3uLausId tlCvSPVxASsBLH0TMjgR4H00/NMeCBKDf8zDl+WhZOktgeyTJ7kfcq9yOMcZM8ftUDNIxKhohvxD G/VTvPl07TzH9DFe+eDx3KGDuagt8BAvPjOHl1TmWMAdMFF4j5BLOuFkROsL7ji/8dqB3o7YIob8 jSWYsWVbS93YmyDGJ3ANq3mkJVt5Q57bKZcdw3Q7Roc324Mb77eZMcIpGtXj8tmWmhVAXEgQ1rN+ JgvOz8Y1dlaWmRfxmoLkp0MHVWNCq2Qi9Suc/uYXhw+sTsULTYmhxUv6Y8WmGMH848OhketXoaeh 0FY6LxkcWob+N0WA5V90BYQOfwi9ei5h158XHT5fwveeF70NifiiQuT6eejZv4RU2QXpEbWpgS6p 0eSHk8Yi06I5NDyL/nMD/Yna1ECH5yeakenvFGL0DbS8Rv84L73DXt9A35tL2scXIt0lut/OEHeS O8l/nv+8vqyQgfwb0cdlenEuGYlzqGeGTBrTpxrJjC1AX4Jk8dfojzMkvKeQ9a5pOjSXbHrbKUDP zyX77Q7VvLTPGW2g++cnl8Y15vq+u8l9n0zvekoyXeF5zdvi/bj3rPesT/IdFTlxm/i0fyWgr/0N 6Af+dy7QBfrrKdA1i+76q+hU4N3/cxTsvkAX6D88DQJ6HNCJGp2p0Q9k+hdA/xpaC+jyC3SBLtAF ukAX6D80PVOnsFCjthp9YZrejIwC+twFukAX6AJdoAt0gS7QBbpAF+gC/f9P8l8eRREEexO0B9Cb EBW6DiEQQ/XXoN1WfRkh0EPVU6A9Wf0+aM9Un0acCFF9HbSG6i9Ae1n1LcSJYtVfgZaH/agd9qPu 6iugPSi3h+Sek9XvgfZU9UXQngHv14D77EXWgO++CFq++lPQ2sEd1oDv/itoD8rt3dU3QXsI4UB7 BrRrwXN/D1r43LXgk78A7cHqz0B7svob0J4Cn18L7v8mcpk8zstA/xugPVU9C9oz1V8i20D/sygG RnUWtCervwTtqervQHum+hLKgSf+EbSHqn8C7Un5/Sm5PVP9A8qD0b4L2oOgxw0+8zZoT8rvT8nt GXDPtfKd18p3Xivfea18571y/165f6/cv1fu3yf375P798n9++T+g6DnfdCeqn4A2jPgubfJY7tN Httt8nNvk597mzy2O8DYfgxaHtznDogkaN3VN0B7UH5/t9yeRAygPYWwoD2DUOjd4G5vgPZk9TXQ wrvdDe72c/QQuNtboOWrvwKtHXzmELjb66A9KPcfqv4aPQk+8wvQAr6D1g76T4LPnAXtQbm9G4z/ JOAdDdqTCEATPBe2gI/oKfDdf2fuzOOjqu7+f+7M5M6aBHCAhFIcwSUghAioESLihsoaUChglckK kWxMJkOCAeK+lFpqqaKiorVutIjWtlatDQJhESGPYAwqNAQFF6ABQ+QBfrnP+5x7Z5gAPj/b1++P 3xzf95577znnfs73+z3LRBO/4diFkmuoe5hjH/q+hrr/4rjE+I7jk8TjGlV3jdK8RtXdQN09HLsY +zhKbRtUTzdQ9xuOsu4G9d4Nqu4GVXcDdT0q3gfZ+nK0q3y+OtrVKEhSV3b133W57AOsvF2k2x1W 3iFS7L2sfAL5IVZeJz/GyjtFxJ5r5V1igEiy8m4RsDdZeY9tRexdXjHVfszK+8QAxwQrn2hb5qiy 8kmi2NlFjlP1GeKssfKacDpXWXmbcLi7Wnm76OnqsPIO4XO7rXwC+e5WXid/npV3ihHuQVbeJbo7 77HybtHFPdvKe7Ts2Lu84mJ3lZX3ie7u31n5RG2c+y0rnyQu8zpQojnclp3NvGlnM2/a2cybdjbz pp3NvGlnM2/a2cybdjbzpp3NvGlnM2/a2cybdjbzpp3NvGlnM2/a+RUREENEhrhEDCU3XhSJPBES ZaICCkWYe9eSC4lydczhThG5UpHOk6tFMSkgJnNvFnNNmFryqoBzAaUjHPMpeS31iimTy70iShSp cjlQQlv5qmwpVxXcK1XPzPpFKAhADuWKaKGaq3nkwrxLlqmkxTD3C7iSmiupnc/zUtTIVsqsVsOU KLHeKUsE6GOZeqd8S4Xqy02qr4XckX2s5H6BqhFSd4qV6rDVjzyeDFQtl6g7xarFHGxk3o++pYR2 ipXFyi2VpdwpUW8125T9DMcpkG8sV30x7R21tqldvqkMCwTov2lxqaqEsjm8P6yuZI/DMX+YNjPf ElDaS61+lSnb5qqSpxTH90harUrVM3s9h+t0FQ/x3rxItVaiWqhWdqi0PB9vb+kxs/8FSr/sv+mX kIoGeTbfKH0doI3yWG9MjbOsMhVczbdaD9ML00ORmJdyVIzkcLekU7+i0ZyHkhz1/jzr/elnifrh Z/QzIK7hWTGtTbWipsiKr0tpIVNcdlr5QbHyPxz9YaUjX0Wn1DQn5peovc42HmdZsV4eKy2j2YyC UsoXqHgaR4k8kabs3J8y+aq9G1TdMtV+mFROTweT5qmUrsZZ5/elW60PJl+tonKWUl1OC9XclVYs VJaQ0du51eh9OYLN3s+JtTdd9cGMnGrl8QqlMKxiu0KNRbN2QPVBjosC5dUi9Y4C5ddcVTdqrevF FPp9tVU3FPfEHFP5yianxsk89a48NY7O9l7zWpbNw4OVyob5sbjLV8/lyDZ7EI21ctXTUivazLYK 1FGOntP7LZ+bozSNWtJTMhpyY286m6rSM1r+8TY61Xp0pgxYc11Y6c7rNOec2ffoDHO6rhFxFpA9 MftizrzRtSMUm8Xz1TxWquaznB/sqWnnnE42NWeBMuto9srMV6rIq1Q189WcIHtTEGtHlixWo+Z/ 89D/q3FxakwMVmrkGDBXg3Tlq3JR9UpgSMYlQwPji/JCZRVlheHAtWWh8rJQTriorDQ9cHVxcWBy 0azZ4YrA5IKKglCkID/92pziotxQUaCoIpATKCnLLwiVBipySisCPC8qDBTmlBQVVwfmFYVnByoq c8PFBYFQWWVpflHprIpAGUXDBSXULM0P5JWFSgtCFemBm8KBwoKccGWooCIQKsgpDhSFeUdexcBA RUkOCvJyysnLKiWVxeGicposrSwpCFGyoiCsGqgIlIfK0C1l03pxcdm8wGyEB4pKynPywoGi0kBY 9gNlVAkUF5XyrrLCQG7RLNWw+aJwQVWYykVzCtIDVjcvqgiU5JRWB/Iq6bypOzyb9xfMC4Ry6Euo iG5TMackUFkuX0OLs7hTUTSf4uEyOhSRXcoJzMsJlZjvkmbOm50TQlhBKD1m+uHRdwauKSvOn4pp 6Ezg0vTMy6z7g+T9TuYPh3LyC0pyQnNkX6SuU36chdXL5e28MkxQWlRQkT6uMi8tp6J/IL8gcEOo rCw8OxwuHz548Lx589JLovXSKT44XF1eNiuUUz67enBeuLCsNFxhFZX5whxeP0eWm15WiXGqA5UV BbwcQfJxIAdfFIRKisLhgvxAbrWSdf2UcVfzNKQu8FR+pemTebOL8mbH1eVcVJpXXJlPVWyXX1RR XswLpNXKQ0UUyKNUQWk4PRB9d1kpLk0r6h8oKMmVlU41VRotfFZFqrgMShxUEQ4V5ZmRE3u7DJho WyOUgLQi3kLwytERkiGeXzavtLgsJ/6laM4xlRICdBcby0xluLwyjNkjRXkFsszsguLy0zr0Y3yh PDE4v6Awh2GQnlNRXmV9pxJGivw/6J3lo1GCXTnf452GwdFmfRMRWhrnpebPIv6Xj8P+uM+nUUZ7 98eWT0yU5W3ZP7Z8crIq/8WPLd+liyxvr/qx5bt2leUdvh9b/pxzKM9ZyG9mDlVefhs9Vx27iUTR W/RiPr1IXCeGiZ+xY57Bbux2tYKXazaxQEsWD2pdxG+1XmKF1kf8UZsh3tJuE+u1MrFdqxTNWkR8 qy0Q8qcImrZYS+L7fyrf78/X/qxl8F19BN+5R/PdeZJ9jHa7vVybY39cuxPZ93TWpD3wH2h6DE3P oek1NL2Npo1oakTTF2g6qi3QBJq8aEpBUz80paNpBJpGo2kSmnLRVIamBWj6JRp+21mTvXecpp5o ugBNQ4X8o6M/E9PQVIgmuVrejaYlaFqOppVo+iua6tH0EZr2oKkVTYYW0bqhqQ+aBqDpCjRdj6ZJ aJqJpjlomoemh9H0BJpeRtPbaFrbWZPjn3GaUtGUhqbL0TQaTTPRVIqmBWhajKan0PQSmv6KprVo 2o6mf6LpX2jq0CrxVUQ7D02D0HQFmm5E0y1oCqKpFE3z0XQ/mp5A08toegtNH6BpR2dN+p/iNP0E TRejaQSaxqKpEE0RNN2PpsfQ9Dqa3kPTNjR9jqaDaDqu3YafyrSfoGkgmq5G0wQ03YqmOWiqQtN9 aFqKpufQtApNa9G0HU1foOl79WvLnTS54jX9FE1y7zEWTT9HUzWaHkbTS2h6C00fo2kvmo5qvTQ7 HuquzSBebtMuRdNoNE1DUxmaFqDpF2hajqZX0fQWmjaiqRFNB7UNNod9jO08e7ltqP1x201oulnK cjkNlzMlJev8woWFha4E4dLLN9bx2ViuLo7V1fFP3TGX/FFGnfVxuYXLs6Z2L+n72o9rd9VuIqni rU1NTa2yhE7Dx7ZsOda0ZcuWaKutVSnLyl1O4XLVm58aPUHoemtKVVNTlSpUVycbaGrVHUJPKJev MlWkyCIUUuXLm1DUqXyT2ybcqBOWvHitukvonvbP5Md8m6pgNcRHvsC6i3DdLnRHs1nR1NBcntHs dBhOR7A1yCdD1Ww6pYZMdnm5fIubVxQqG1p3M4JBl01zOVRzaPMmCHdCbe2oUYFAoEsXl8tu11wJ K1asUCbJzCwuLu6or3fpmstZtU5WWUcntR90gebynuECWRerbzmmXKD9kAt44tpifqriXODWhdsp 3yQfHIvzgXrg8/lq5IMaXRe6s2rLybq6mk41tnT2gnUVdYNH6N4TtVvqokm1YtazGpRqXLG7xywP tJ7uDJdDuBKCUW/I8ltMWXHecOPzTRjl49p5zMp5opNP3DbNbfpEOYUu6KZTpE8cdpwki7rdwu3u zci8jCTbWCTW1K6pdTs1tysrV9XOzXLrmtt5ss500Mm4hmX/vZo7sZnP4eb/Cn5G2hzcSpJVXNEe 1sWulJfcCTSHl5rLM3GT26W5PWvNT2GWUxdOZ9Vi6YMaj655XDGzH3MmaE5z1G4sV4+irtpS49Q1 pwvTniSYOtfa4rFpHkfMW3XWZfTj9GhOX7y/ttSptqzK0Xalzzyn7ssuOR2a0/KayuvKbRnNbhn9 weAx6bdgpmpgiyXSSdfq64n/zEynVzi967BTad0ddXfWXVJ7Sa0n7nFKRoYUmlAX81+iLrzMAzIY MjJSUlJ8PkeC5nHKAerxCI/HJ/qQhpJyaheRVF+dWCJrYYvMtyzMUoY5iRuPof/kydMs4fFpnqTm 8lY+O1fLtC1jW0Y9SbbiPsmQre84aTWqLk9ii/p61WjVyXV1x2p8i09WeVyaJ+rM/QuzTFuexE0n a7xOzeuWb/pctfW5dKezSg35KvVM5xNRzyKm3U/iz9Pr8cbODvXaNG9cN5RHEz+rNeI96tScbqu2 yteot9R4Yvc7Ppc1ZXzJSTfm0da6YEar8qiOR6VLqzJVA6opZLqE00XUFmZlpTh9wumT9ioLlgWv qLuiLrXWE/cYj0qlUY9K+UlO4XNaLlUe1XV86lU+9bqF1xMdlpepYWkOzDW1Xhf2GLloj2pmz6KR 0j6ujg7pUm50dHR6jTRQouZNbs5szmytalXLy4fLPly2bdmGlA0pyrSnXFsnm/ao65Mn6+vXrvXq NC2d21zVW3rX69a8XlPFqbS3dpEYKdRkW3VyMQPyZLHPqfniXNbxuTnb01DdupNV6mnM2ZjR5dRc 0icdde931MTV3afMbDk46u86n03zxTu8zuXTXEmfNxut+1W8mkm1GW0i+gLlda/5pD7qdrX4NB1r NttKkEKPyQXkWKsnQXiijsfzqpV6y/UuF4uZ9K10rssnXInme8uCRcHq5oy6DIwZVwL3+2w2nx4T He9/NaJ9lv99yv8+r/D5kkQSGzmZ5PywqG5RXZDidUGfW/N5zhWLaoO1tBNLQYb9uULZT4ZDNB6k veLjoc6XpPm6Nvdu7t2a1ZrVVNxULGenDYs3LF7rW+vzuWj7ZMeGtWs3mDEhX+btEIZYq1KHOCnq VU76Xr0sa+H7BEhWkn4/vvVoPl/dGZ89dYtqrxJyUcEN9+sLpQUTXVqix3T0fjlbdHyuVonMmi+4 90VNpnpu5zNikXq+aIRaKbIW7l9ryLiP1d9t7DUnHKunsUipS7RpiZ26Xuf2ae7k02OlPkO1HGsn 9h41h/nkVUyjbEMuX9GAMZc2QpshIkeIHMDRkCFm4ha3DcadarGVdstTS60c2XKMu5P4Rxp/1rJZ y/KX4ZXWlGAKbj5LaR8phZRosyWeiibZ564ukeTqPJ3odntCgpboUvs461uqR/zF9gdhz6sOFQv/ rFDBHDGhOCdcKuT/n8d2zcSbA6LLzZOvCYiB6q+FyJ27k2/4Pa0rjZ19F15vXrH1EV35/iNLmXfs tN+Nb409hP2m7OwbxfmTJ44PiIxbJo8NMEmYZRzCK84hqOWVXf5VIvlnJNWTBL5zdud7gnmlE/49 UHVuXnlFuXhXHd9Xx43quFUdd6jjp+rYPKcgVCr2qeMBdTyijsfUsUMeNYc6etSxi/whl9ZDHQeo 40h1nKyOheo4Xx0fUcfnS+aUzNH+oo7vqWO9Om5Vx0Z13K2O+9TxUOwnAz/uqP1bRxf2tys7sbEW 8t+M/v91z4ZvE//jcxKeTxeT1b9duVs8Kp4Xb4j3xUeiRRzRZNwJFYumJQ4I+e+Oo7Gkye972nDz /OAO8/z0k3F1iNf9vTpdawnhztf6u52v3S93vvZldL7us7Tz9XmnPe+7uvP1wHrhtsVdD3o47rku tKs+6nx9vfxLhx5GSJrIpj9J1LkbU2XYssUi2wu2T8QK+9P2p8UOR9jxnPg4Ybv+oGb33OzJ0f7m ecCraRt9XXzX26713ep7xladmJ94h+3viYsSF9vWJdmSXLaPkr5P+t62U2h3ZUvb6NsTV581bSbt SNwdl76w0uazpENJvWOpL2kYaSQpX6VHT0+Jm5OWJ63qssRKT8alF1Q6frbU1dF1TCzd2/WRWGo1 U7ceZ0lppHT/0rj0jJnUk9OS/w/+92NpY/dPSc0qdZwtdUvr4evRt+e9Vno4Li1V6f2zpoaex6Mp xZ/SK5aus9KYs6ZslaZa586p1jrKcvUq7Ygls/bulNbUAan5qc+kvizT6a2nrjpbMltPfSu1xUpt p5J8S+px9a5ayU/H9UuPpVH9RsfSNCvdTgr3u/38C0nDLuh7QWa/2zn2veAvF7570WaVvkqbQMrv 34sU6N/Y/wA09j8y4N2LH5Wpf+PFqy/eTTo20DbQNXAVaWP6ENJ16RMGL7HSG5eEh/Ya+vmw+y9L Iw253Hf5hMuLM1+00urMtzM3Du9DGjg8MmJLVrtMV9ZcuUqlr0b2GbnUSs9c+RXXS0c2qaumkd+Q ll7lHxUZ9cLVPa4fRaq/IfvKGrM05yaz1E0XynI3DRvjwagXjlkyNkmlzLGTVWobZxuXMq7v2DZy 2aTC8WK8Pj5/fPv49gm9J+yjXObEWybeMi6bY67MkWZPDE2szdZVGpg9QaVgdikEs6uy786u4nko u2nSjEnBSUcmHZncZfIzlBvIM/Vk8rHsqptzby6esvVn101rvG3JbU/e9sKsu2c1zZ46uyp6nv3q 7FeLMkofKV1R3j5XzB05Nzj3jrnhuXfPXT33/blfzD0091hID/lDA0LDQteEskOHKrpUXFhRXrGw YklFfUVzeHj4lvAb4ebKXpU7Ko9HMiKFkarIk5E35/Wad8u8N6pmVz1c9WbV1qrmak917+rR1Uuq N88/f/7o+bPnz59/7/wX56+e/9Gd/jtH37nszjfu3FKj16TUjKnJr1lV89WCAQvCC1YtaF7YZ+Gw hXcsfHBh4yL/ohmLXl60r7Z37Xs/MGutPn1m6jzv1H5xKskZ5a6kU8mcS35g9I05fcx1HilmrJ91 /onOQXGp8yxy17BTSc4Pd11zKpkzg5xNu7yQUt9zKTPyjpFNzJ9qNlZnZt6uY5hpH01a3mVJ4ubo 7Nn1kcQdXVv7TZN1E1cnPXpqFjWtxDw9Us3EZqneScuj1pN31awsy+6Qz1V5y4K0uzpxN3P6cmrs UK1tRt0SzjtUOrVOfHHa+jAybkU4tSYsl7rPWAdeOH0dYO53WPP+vdEZX7VD7aSR5B+NzoX442XL X8xO5gxkznCWH5kVmQOl16bF5seoR5nlUsbI8qc83G807cjnbdzPTm3h+oxoYA7cETebnmWOjZ9T z5xPrVm7XsWROYOOis6dck7nzmjZLtejU7IvS5t4S/cOcyVTZ1atnsdZqzp6+FiHrJUnuqJ069G9 49TqY8ajXN9k+e4dsgS13+/hk0/kHbWWcUc+69YjcXM0TlN68byZN9BGz3vVlbp/akWNX1OlJrV+ RlfQ2BrKmuk7y5q59Iw1s8FcKVkj/dG+8Py4qUMpuXdsZvdPU65DWydvSCuePnKjFjdHpLStGTH9 pmH9MdK30i4p2f6lyvMvS0/Fje701FXdesTW2h1Wq7VmPEi/mPGVuuqCvudfaGKuaudfqFaiuCRX NXNFU2vif5jUOhqXziyhVte4ZK2ysXRmDbW6/ltJrb8/OsVW6R9Ip1tKptja/QNJreY/Oqkdxo9M p1tH7Uvi0pn2U/uVuCQj3fT0v5fObPn/ru7HJdPOcr+StDyrfYznyq8Sd8idjko18k5Wu9zdyKsr a8Z45L7HfCYTu6aBcqdk3lVr0TdmUjuiUWo3JfdNTSOb1J5I7puaqFGj9iN6bN8i08BsfWJuti73 LOpqoLWzMfMD2ffMlnfU7oZ68iyTLE8NXbUWVE8HymPqKkoPlPunHr6xSRNz5V5L7rNUylR3kuQ+ S11lTsyVM5H1jCSnCbkjUzs0m9qbkWR5asgdHCXlbuzU/mxs5shvlD2+kpaYdMS0Q1a76g16TZ3j smXLar9nk22Z7XYeh2f6Mz4KLtpsXgld/j6HfbzxB/sUkWqfJpLtIWO//T3RX8jfiPiAqyaVO2Cf YuwXGsf/FjaO2+3TjO18R19ptIt1RrsWFP20HDFFy+WcJ9K0fNFHmyP6UHISJWfai41NQqOdL4WD ssmU7UPZZMp6VHsHKHVYuLXbRS+eD+L5TJ4P5vkg2hpCW2nUfknp8ZJ7A7197DXGGvsC41n0DrXv NZ6zfyEG2b8UQ+z7efa10WT/hm+7UbUtwkHuXHJ9ULOSlraLKpEsLhVdYLg4T4yAfNovgEKoMHaJ MKoqIQLzoAqq+YY731gv7oQaWAAL4R6RKu6F++B+eAAehIfgYfgFLIa/8Q38bThGvgMMkaoJ0CBb ZGqTYDLcDLdAkZio1Yue9HimfarIst8qfPaZUCxK7Yvo6V2in/0e0cfxrLHesQKeg49EqmM77ICP oRE+gSbYCZ/CZ/A57BKpCV2MpoRmY33Ct8KRcID8QWg11usJ4lK9P+eh4jz9Ms7FRpNeAqVQBpXG Lj0C2EbHNjq20ecDttFfE5n6avgrfC8ynQNET+fFMFOkOoOQC3MhBNVQC3cBNnIugV/Ds/CcSHOu 5HwQDkErHIYj8D1gQ1ce5EMBVIqebiEy3X7RU8XuIeLao3Jf4/VjojtRu5mo3Uy09SPaxhJtdxNt M4i2mURbNtF2I6XriJdr7FOJlZ8ZrxI3U4ibB2khbH/PeNK+lzj7Unjs+4x/2L8WY1Wc7afUPtE1 NipuF1lx7c+k/Qran0L7V1M612p7HbWupO0VtL3Sai9bJMW14qGVy2mllFayaCXLGhOXo3I/Ld1M S7+mlWxa+Ifq6V9VLoU2/k4bf6eNNG2m8TbtZNFOEe2MpZ0ZtDNaKzI+oq0sbZnxZ2q+Q3vdaK8a ZRW02Qtl1bT2qL3FOIy6dfavGFlfE3PfWCM2MW7EDqLVIdbolyP2Y2ruYuSNN54mfr3mDIM3NO7v FE+Ie4wD4l64D+6HB+BBeAgehl/AYthsnBAfwBb4ELbCNmiA/4KPYDvsgI+hCXYZHWI3/BOaYQ+0 wF6jQXwBX8IR4xPxnbFHtMFRaIfv4ZjxsfhvxvRxOAEn4f9AB1oM44AmQFOz4j77DKPV/nOj3X47 56DR7vjIOODYDjvgY2iET6AJdsKn8Bl8DrvgK+OE42v4Br6FA3AQDsG/oBUOwxH4DtoALY4OMBiz 3YwG5yjjhPN6GANjYYKxx3kL5ykwg+e3wu3GeudM44AzCLkwh2dzOYcgTH4eVEE11zWcaznfBfeT fwDwg/NXnJdw/jX8hvxS+C08Bo/T/rPcf578C+RXkn+N/DuAj5z4yImPnPjI+ZnR4fwc8JETHznx kbMZjXugBfCR82vjE+c38C19OQAHjY+dh+BftN1K24fhCLRRFt8527n/Pdf4yJUH+VCAv2ziEeHH U8eFXTxi7IytXglc/Y2rxVwtIMqb7NtEX6Fxt11cR2Q2EpmNRGYjkdlIZDYSmY1EZiOR2UhkNhKZ jZTeTaSdINJOEGkniLQTRNoJIu0EUXSAiGknYtqJmHYipp33fcj7mu23MRJyINf40p5nfEnUNBI1 jURNI1HTSNQ0EjWNRE0jUdNI1DQSNY1ETSNR04gn2/FkO55sx4uNeLERz7XjtUa81oi32vFUO55q xCuNeKMRq5/A6iew+gmsfgKrn8CqB7DqASzajkXbsWg7VmzEiu1YsRErNmLFRjViPxRObJnJSNZZ e59m7V1mbxDn2f9LdLOz2ij77rfsu0fZ9yGuruDqWuxbJfcWYhrrpJ910s866Wed9LNO+lkn/ayT ftZJP+ukn3XSz5sGsVb2Yq3sxZjdzZjdzZjdzZjdxZg9ypg9ypg9ypg9ypg9ynqazJjdyZjdyZjd yZjdyZjF38y2U0Ua4/Qg4/QA4/Qg4/SAPVcMtOdBsci31tFzWUf9rJ1+1k4/a6eftdPP2uln7fSz dvpZO/2snX7WTj9rp5+1089Y3MlY3MlY3MlY3M3YO8qY282Y282Y28ka52eN87O++Vnf/KxrfsbK TtY2P2tbL8bKTtY3P/G/m/jfTfzvJv53E/+7iP9dxP9R4v8o618y618y8b+TmN9NzB8l5neyBvpZ //ysf37WPz+emmYclFFPHxnb7NIeYfaewto11djNrP4Uzx/EH3/m6YvE/BD7R+QZlfaPWcekDz+h 9C5KNTFTP2Is5KqaujupK+/mW+vgh9QdRN2t1BstdEq+SMkFlGyh5D8peYfaZcnIeVW1dCvPx/N8 K89ljFxDS4t5+hwtpdHSOloaqMofULvFverYzvqXzF5wBhRDCZRBOcyFEIThYTFYdNXq1FhfTuuP yrcrz66Ad8Qw+xpoYZ+7V4xmr5jM+u1nr5hq/4rz1+ysvuHet+zM7NTcSo0e7CxT5cpO/WKRxTo2 g33XrSLbfrvag7FKoywNZWkoS0NZGsrSUJaGsjSUpaEsDWVEH++4lR3b7ZxnilJV009NPzX91PRT 009NPzX91PRT009NPzWHUPNqag6h5tWqZjI1k6mZTM1kaiZTM5maydRMpmYyNZOtmmOtmnKPcise m8m4kjZ+W+0UjmOtFvk7nazlk2Ay3Ay3CDc7ODc7ODc7ODc7OLdb/h6oQ/7mMHXuwMLj1H5c+ugL sUNLM/Zq/WEAXAwDYRCkw2DIgEtgCAyFYXApXAaXQyZcAcNhBGTBlTASroJRcDVcA9fCdXA9jIYb 4Ea4CcbAWBgH42ECTIQnjRbtKVgOz8CzsAKeg+fhd/AC/B5ehJfgZXgFXoWV8Af4I6yC12A1vA5v wJ/gTfiz8R0WadHWGLu092EtrIP1UM/9DUajthE2wWb4ALawn/gQtsI2xu0MIvd2Y7tjvfGdox42 wEbYBJvhA9gCH7IabIVtRmNCV6MlwW/sTegOPaAnpECqsVf/FTxhtOjYQH/GOKC/aHynvwQvwyvw KrzJ/bWc18F68g1Go76d8uxb9HZjr/OnRouzD5wLATjP+M7ZF/rB+XABXMjKcRGkMW/1hwGUuxgu gSFcD+XZCFabLM6Tje9cNmOvyw4OSAAdnOACN3jACz5IhCRIhi7QFbrBOeA3WlzdoQf0hBRIhV7w E+gN6Heh34V+F/pd50Ff6AfnwwVwIZqGsG8YClew8g2HEdwbBaPhBpjJ+3I5F/JsFuVmQxHcAZW0 sQAWwiKopeyvuP87yr9E+ZeNXa5XuH4VjnDvqLHXrRktbvrqPsdodNMPd3fjgDtADFWp36q3gwMS QAcnuMANHvBCIsjfve8K3eAc8EN36AE9IQVSQf52vvzd/HMhAOdBX+gH58MFcCFcBGnMNf1hAFwM A2EQpMNgyIBLYAgMhWFwKVwGl0MmXAHDYQRkwZUwEq6CUSDns2vgWrgOrofRcAPcCDfBGBgL42A8 TICJkG18rU2CyXAz3AJT6N9U+BlMg+kg/wrBQlgEtXAX3A33wL1wH9wPD8CDwLcO9TcLfg2Pwm9g KfwWHoPHQf5VgadgOTwDz8IKeA6eh9/BC/B7eBFegpfhFWA11FbCH+CPsApeg9XwOrwBf4I35V9M kH/zAN6HtbAO1su/ZQAbYRNshg9gi3GIWeQQs8ghZpFDzNIPMEuXsQ6kMvNnsQ6kMvtnMWt/4mDG czDjOZjxHMx4DmY8BzOegxnPwYznYMZzMOM5mPEczHiOVcZBx2uwGl6HN+BP8Cb8Gd6Cv8Hb8A68 C3+H9+AfUAdr4H1YC+vgQ5Hs2ArbRHJCV+FJ8IukhO7QA3pCCqSKJH2xcVD/JbPQr8g/Rn6ZsV9/ Qnh0fMBsdkhfwTP6ov+eZ2jW0ayjWWeW1l8zvtZXA3p19DLLHdL/Qvm/cu9vPH8b0KujV0enjk5m v0P6Bsps5tkHXG+BD2ErbIMGkaxv5918w9P5hqc3cu8T4zgz5SH9U7TxrU7fT91vyR8gzx5bZ4+t /wv45qIfpvwR+A7a4Ci007fvja+dScZBZzJ0ga6QYhx3pkIv+An0hp8Kj7MPnAsBuJBd4UWQBv3h Eu4N4TwUhjHzXg4jjEPOLJHssokklx0ckAA6OEH+t19u8IAXfJAISZAMXaArdINzwC88ru7QA3pC CqRCL/gJ9AZ0utDpQqcLna7zoC/0g/PhAmCecV0MA5kRB0E6+QxmzkvIDzEOMRMfcg0jfxlcDply ZqYfw2Ec+fEwwdjvmki96cZx10y0FfJsFvVmQxHcAXzTdbGvdM2DBbx3ISyCWso/xPsY88zUh1yP cV5GW0/Ak/AUvER7L8MrPH8VVnKvjXJHqXvCOO4WxtduTXjcLmZubOj2cO7K/XNEMrP5ITerkrsn 91Ig1Tjo7gW95U8k5ei29lIPMSpb1L7sH7H793L/HvUTFLnHOiwSbDcaU+3j5U+mhEf+VEs9G2jL MPbZhsHlxn7bVZxvNHbYbjLW28bCeKOBlprYUexjR7HPM81Y75kBD5B/EB6Ch+EXsBh+CY/Ar2AJ /Boehd/AUvgtPAaPwzJ4Ap6Ep2A5PA3PwLOwAp6D5+F38IKxz3exsU/YUdpum8a3Yal/BPrb0N9m G240ob/Ndi3nh4w9toeNPcxbAeasACXXe242mjy3wFT4OeQZezx3QDGUQjmE4QGjjb610bc2+tZG 39roWxt9a6NvbfStjb610bc2+tZG39roWxt9a6NvbfStjb610bc2+tZG39roWxt9a6NvbfStjb61 0bc2+tZG39roW5t3jLHHOxbGwXiYABMhGyYZe+h7Gz683PgEDzXZlB+Nd9TPIs6l7yvp90rbrcY7 tnwogYeMTdhgk/w2Qt9X0veV9H0lfV9J3zfR9030fRN930TfN9H3TZ4q4x1PNdwJd8F9xjvo2oSu TejahK5N6NqErk3o2oSuTeJqPBDBAxG07cMDEfQdJ4IOE0GH0fkpSlpQ0mKf0vE9epOtbzODrG8z g6yfETYRXYeJrsOoa0FdC+paUNeCuhbUteCZCJ6J4JkInongmQieieCZCJ6J4JkInongmQieieCZ CJ6J4JkInongmQieieCZCJ6J4JkInongmQieieCZCJ6J4JkInongmQieiWCBFizQggVasEALFmjB Ai1YoAULtOCZiLgWKwSxQhBfbMMKQfyxzXaj6EXvp9P76XgrnW+vz1nfoYda6+pga10dbH0vDuKr bfhqG77ahq+2YY3pWGM61piONaZjjelYYzrWCGKNINYIYo0g1ghijSDWCGKNINYIYo0g1ghijSDW CGKNINYIYo0g1ghijSDWCGKNINYIYo0g1ghijSDWCGKNINYIYo0g1ghijSDWmI41pmON6VhjOtaY jjWmY43pWGM61ggKJ7FwmB73p8cL6fECetydHpbRw1tFKjZ6Hfu8jm0asE0DdkjGBvLfH71K/1+n /6/T/9fp/+v0v4H+N9D/BvrfQP8b6H8DOhrQ0YCOBnQ0oKMBHQ3oaEBHA2OlCEt3nu+OiEG2SUTp NOa6Iua5O5jj5kAxlBofq59cROe6BcwZi4z13juNfd4aWAALYRHUwl1wN9wD98J9cD8wN3qZG73M jV7mRi9zo5e50cvc6GVu9DI3epkbvcyLXuZFL/Oil3nRy7z4P8Tde5ycdX0v8Cczm91ksssohJty kQYRaClyrYKXYlujVRTbanOwoj0GJICAkACLctFEUC4JARLAcC1LgIQCRUKbTU26AiEhZliy7GZW M9nNhbmwk5k8u5MNWZTfec80cqinffX09Tqvnj8+PDPPPPP8ft/P53sddiaT5MVJ8uIkeXGfiZCC SXLeuManX/W918R4vxjvF+P9eJuEt0mN6Lkq9IvdfrHbL3b7xW6/vdfsvWbvNXuv2XvN3mv2XrP3 mr3X7L1m7zV7r9l7zd5r9l6z95q91+y9Zu81e6/Ze83ea/Zes/eavdfsvWbvNXuv2XvN3mv2XrP3 mr3Xc9a0sAnbWQyveCdn1S3aFJ3Iog6vv+71MWqMUmOUGqOu/aVrP+zaj4mUFEuPFikp1h7Nj26t 534KjVJolJUdrOxgZQcrO1jZwcoOVnawsoOVHazsYGUHKztY2cHKDlZ2sLKDlR2s7GBlBys7WNnB yg5WdrCyg5UdrOxgZQcrO1jZwcoOVnawsoOVHdEpLGmnzXrarE/MiA6gz3oWnCsCyiJgG0tuZckh LDmWJYew5FiWzGXJ07RbT7v1tFtPu/W0W8+qdla1s6qdVe2samdVO6vaWdXOqnZWtbOqnVXtrGpn VTur2lnVzqp2VrWzqp1V7axqZ1U7q9pZ1c6qdla1s6qdVe2samdVO6vaWdXOqnZxPK0Rxx9hxQZW PLv3/8fW+4rF0ST2rmXvWrauZdf+bNrfK0+xZy171rJnLXvWsmdt1JyYReMrePCVoZSY4923qg8L 6p+xO7snMSeMRuP8d3d0jCt2J65yrr1x/pXEDdHExI3erZdPLIzek7jb+XvCnknvh0PgUDgMDocP wBHwezAdzoXz4FtwPsyAC+BCuAi+DRfDJXApfAcug8thJswC+5t0JdjTJHuadHXY07Bnj53mE9eE KlsKiTtDJXGX/Z+duExeuxxmOXsVK9vhurAhcT18H34Ac6JDEzeElYl5rrst5BLz4Xa4A+4Oa9i3 ZlJCLktCE4yHZmiBCTARUjAJWqEN9oE0vAfeC/vCfjAZ9ocD4EA4CA6G98H7Q4zDGIcxDmMcxjiM cRjjMJ50Wtgw6XT4GHwcPgGfhD+GM+BT8Cfwp/Bn8GmYCp+Bz8J0dpwL58G34HyYARfAhXARfBsu hkvgUvgOXAaXw0yYBVfAlXAVtMPVYU3UxHO2YHEQi6XEwvAWX5oT3uAnu6OzqFCjQu1dntSr4lRU nIorKliuJepd2jdDRYWpqDAVFaaiwlRUmAr2a9ivYb+G/Rr2a9ivYb+G/Rr2a9ivYb+G/Rr2a9iv Yb+G/Rr2a9ivYb+G/Rr2a9ivYb+G/Rr2a/+pB/+5fXwOPg9nwhfgi3AWfAmmu8e5cB58C86HGXAB XAgXwbfhYrgELoXvAG6wW8NuDbs17NawW8NuDbs17NaiCdgd4OGjPLycuJYPz4kmY3srtrdiO44u xXEXjrt4et6VGVzncZ1PXC1Sr6HEtd55XdjJ83fy/J08f6e7NNNhHR3W0aGamCtj3ha2iYBtImCb CNgmll6TG9bSqJdGvTRaR6N1NFpHo3U0WkejdTTqolEXjbpo1EWjLhp10aiLRl006qJRF426aNRF oy4addGoi0ZdNOqiUReNumjURaMuGnXRqItGXTTqolGeRnka5WmUp1GeRnka5WmUFyE7RchOEbJT hOwUITtFyE4RslOE7BQhO0XIThGyU4TsFCE7RchOEbJThOyk8Toar6PxOhqvo/E6Gq+j8Toar6Nx L417adxL414a99K4l8a9NO6lcS+Ne2ncS+NeGvfSuJfGvTTupXEvjXtp3EvjXhr30riXxr3RDAqW KVimYI3eK6hYo9wmylUpF1MuplxMubr+B9J/OfXK1CsnbnbuVkrPC09ScAcFd1BwBwV3UHAnBUf4 SQ8Vi1QsUrFMxTIVy1QsU7FMxTIVy1QsU7FMxTIVy1QsU7FMxTIVy1QsU7FMxTIVy1QsU7FMxTIV y1QsU7FMxTIVy1QsU7FMxTIVy1SKqRRTKaZSTKWYSjGVYirFVIqpFFMpplJMpZhKMZViKsVUKlOp TKUylcpUKlOpTKUylcpUKlKpSKUilYpUKlKpSKUilYpUKlKpSKUilYpUKlKpSKUilYpUKlKpSKUi lYpUKlKpSKVi9GEqjVJptBGNc6I0FWIqjFBhhAKjFKjPTSPYHcHuCHZHsDuC3RHsjmJ3FLuj2B3F 7ih2R7E7it1R7I5idxS7o9gdxe4odkexO4rdUeyOYncUu6PYHcXuKHZHsTuK3VHsjmJnBDsj2BnB zgh2RrAzgp0R7IxEx8oMYzLDmCy8XT1PJW5mxS0N/7F7jxfC3V6/J4yJuDERNybixkTcmIgbE3Fj Im5MxI3hegzXY7gew/UYrsdwPYbrMVyP4XoM12O4HsP1GK7HcD2G6zFcj+F6DNdjuB7D9Riux3A9 huux6HxcD+J60I7LdlzPXwVRUBAFBVFQaPD/2wiYx8tvkw3nw+1wB+jgE/VPNv5jbx+kxyA9Bukx SI9BegzSY5Aeg/QYpMcgPQbpMUiPQXoM0mOQHoP0GKTHID0G6TFIj0F6DNJjkB6D9BjEYBmDZQyW MVjGYBmDZQyWMViPhoJoKIiGgmgoiIaCaCiIhoJoKIiGgmgoiIaCaCiIhoJoKIiGgmgo/F9EQ55C eQrlKZSnUJ5CeQrlKZSnUJ5CeQrlKZSnUJ5CeQrlKZSnUJ5CeQrlKZSnUJ5CeQrlGzW+qivdEp36 Tva6U8bRS+K+jPv/nowyHc6F8+BbcD7MAJqzsczGMhvLbCyzsczGMhvLbCyzsTyp7guz4Aq4Evgb G8tsLOtxr2DR/46Zsoivybf1SB+VU0f/sxjRu1+hx57Dj2/grzd7fIteaZ7pe2G0b/QFzFUwV2l0 5dfAta6a4/hjef8mMPeJzXp1jr3rmEZ3u8Dju8Mwhod5d5V3V3l3lXdXeXeVd1cxX8F8BfMVzFcw X8F8BfMVzFcwX8F8BfMVzFcwX8F8BfMVzFcwX8F8BfMVzFcwX8F8BfMVzFcwX+F9Vd5X5X1V3lfl fVXeV+V9Vd5XpcwwZYYpM0yZYcoMU2aYMsOUGabMMGWGKTNMmWHKDFNmmDLDlBmmzDBlhikzTJlh ygxTZpgyw41pZTem1r0zt8RRsjHXmKSp9Fb0Zdz24baPflX6VdXSXV7dRIlJ+C3it9jIf/OodKeM skCndLcO9p5QwmsRr0W8FvFaxGsxVa8NidCH1z689uG1D699eO3Dax9e+/Dah9c+vPbhtQ+vfXjt w2sfXvvw2ofXPrz24bUPr3147cNrH1778NrHp6p8qsqnqnyqyqeqfKrKp6p8qor3It6LeC/ivYj3 It6LeC/ivYj3Et5LeC/hvYT3Et5LeC/hvYT3Et5LeC/hvYT3Et5LeC/hvYT3Et5LeC/hvYT3Et5L eC81OK7zPoTjN6N9E8t4cld4MfFzfvl8mJl4KTycGAm/TOwKNyX2hFeTbWFr8rgwlDw+PJY8OQy+ 83fKX4nel/zrKL3375W3UquDGk+KsJ/z/uf1sC9Q4kV4SaStocw6jzN60dco2evYB8Vo/0RJFdvl faPevxvGrBaFgWQLTAC10eqF5AnOnwgnwSlhZ/L0sK31G6Hcem5Y23ohyA+tlzhioxUbrfJB63cd rwnF1mvhOpjt3C3O3QpzwbzTeodzd8JdHvOe1nvdoyOMtj7u/k/B02Go9R/gGed+6vlyRza1djv3 KmyAjZ5n4Vceb4JB1+0IA60jsDsMtE0Oxbb94QA4HD4ARzp/QVjb9n2P7avtxlBquzUMtS2Ae+Bh Hcuf72V1C43ewupGrOawmsPqb7C6CasFrG7E6jBWN2J1IzYr2Cxjs4zJMibLmCxjcTcWYyzGWIwx WMXgFgxuxOBGDG7B4EYMFjBYwOAWDBZ+h8EtGMxhMIfBHAYLGNyCwS0YzGEwh8GN2Ktir4q9GHsx 5qoYizEWYyzGVIypGFNVTJUxVcZUGVNlTJUxVcZUGVNlTJUxtXEvU1swlcNUjKkYUzGmytERiSVh RmJZeAJTq/ngrzH0JFaKic3hMn52faIUFvPsGYla6OTZZ/OzXDIZssnmsCjZGn7U8PTJ4fjk4dEF yQ+GG3n9p5J/GL6JtZ/z/M/zuRXJT4SHk2eE6Xs/kcrt/avkC5IzwipRsCJqtXofnfqs/gurbadF xmpb3b3sjiPu1udusRg6XQydEe1j36PetcG79nhXPT5G7fdE787ujcCife2wr0Pcoc8d8u7QG7U1 LH1e5/RSeNo7TvKOLdbb5F09LHrLO7d41+F735X1roHoUB5V9a4KTxrhSSO8aIgX1XhRydq7eFGJ F5V4RYlXlHhEiUfUeESNN9R4Q5U3VHlDlSeM8IQRnjDCE2o8YIQHjPCAEsVKFKtSa0SOL0ZH2ksb ezv0dUus+0/2sBzWhDcbf8M7jQdcFSrun3f/vPvnW+/x/P5QcZ981ORde+z8PO/orSsrbywJL9N8 wNleZzMJ3tXgb7N8MRl3Xw697tsbTbPqXFdfL5by3vG01a+x+jXeuRsTuzCxyx02JtaZzTPWeQ0j vY59kA1L3XEZD9qQKPOGFEwOVyXV1KSamlRTk1PC7OSR8EEaH+35MXCc/upkun/S4zNCzW4+azef FXN57O7B7h4xl8fwntZLo8mt3wGdGhauaf2ux9eEuZiYi4m54i6P7V3Y3oXtXa3zvH6Hc3fCXZ7f Dfd4373udb/j32PuSVgRZre+4PgLWA8Z6IdfQs5rA45bYGuY3RaFn7eND0vbmqEFjvD8KLgg7KHA XLGXp+autoUUuQvuhp/AfWGpitzV8MStlP60rPO2rPO2rPM21f9EhL8twt8W4W+L5rejQ+gR476M +zzu897V9u7cxPaY7THbY3bn2Z1nd93WPFvz7+SVfyen2Gtsn/l354hxKSvO4gE/pH4n9WdTf3bi ZxRdCV2i9YXogMSL8JIcso6fbnC+nj+yqmK/6fuX8CvYBDnYHG5MDDhuhW38b7vj61CAYvR93vJM 4g2Ph6DsHjscK1C17k6IPR6GkXCVnNQjYxdk7ILonVHPTYm3nPs1/Ca8lnjbMYjqcZCAet5q4m3j PW4OT/HImclJjai/TtQPJtPhzuR74L2wL0wOZ/DWs3nr2bz1bDX1ieT7woPJ93vtEDg8+lryCMff gynhTJ58Jk++NnmU5x+Co8M0Hj0teazHfwDHhb+QG2fKKuuptoRqS6i2hLefJU92Jk91zR/BR8JP kx91PA1ODx3Jjzl+HD4R5oqKs5N/7PEZ4XqRcZ58ukU+rf9l9tXJs6PDkufAjPBK/TPy1hlhQ+sF cGm0jyjZR4TMFiH78JJZvGQWL5nV+n2v/wB+BD+Gm+CW6IDWW2EuzHP9AucWwl2e3w33uM8iz+93 fCDc2foQPAwd4YnWR8KDqlhH6xLPl8IT8PdhmqiaprJ18MAlPHCJvuAJ1a2j9dnw09Zl8Jzrlju3 IpzZ+s8e/wxWOv+C9/Gt1jXu+7Jz6+AXzq2HDHS716uwAXpcv9G1Wej32i/hV85vgpz7bg49Inea 6tkhes8WvWe2bnOOD7bywdY88MPWIpRCbys/bOWHrWXgg61V2Akxu4dh1OM3w2ute2DM498An2vl c7LCzDZ+18bv2pLhtbYmx/HONUMLTPB8ouyRAj7Y1hp629pgH4/T8B7n3wv7wn7OTw4FFb6gwhfa DnS/g1xzMLwP3g+HwKGuPdzrH4AjrPF7zsmwstHMtuvCBhE+q+3G6IA2WrfRuo3WbTfDLXBrWNJ2 R3hQ5C+RqabJVNNkqmmywBLZalrbIve5z30ecM+H3b/D80dgMTwaZjc6ifNliZ/KCmt1EgMyws9k gl+J+B+L7MtF9lJR+4So7VJvayL2H0XsdlG5UTS+IAqfFoUbRN1nRda5IulhEXOziPmpiNkiSm4W JetEwUrev2jvd5ye4/3PNf6f9mXhleh/yleL7WSxirUm8ZQavSysk7celrcetqt69vwn2fN52fN5 levxvTW8Sw0s2u121atL9eqSvx638xflqbydZ+oVzK4L8s12+Wa7nW+Wr3N2Pipn5+Ts3N4K96hc 8Lhc8Lhd7rLLS+rf0lC91rT+rR733NClgnWpYGtUsK53eoQrPL8qPLy3V1gsPheLz8Uq2JpWc0fr D+FmuCU8L6s/L6s/3+gd7vD6nXCX53fDPe5xr/ve77giPM7vH+fnj/PpvHqSU09y/DavpuT4an5v 9XqcXz7OLx/ni3m+tp2vbedr2/lWnm/l+dV2frW9Ud2O1En+a4Xr4lOLVbg1Ksfz/ONx/pHnH9uj WarEalViNX9YxRcewXRVdVjNF74om/fI5vUs/iJWc1jdgNUNfOIZmXsAs90ydQ9muzHbzTfiRoY+ ILwmG78mG7/GR07kI3tk2X5Ztn9vv9Yts66QWVfIrCv4zCuy6auy6BqZ8zUZcbWMuBrrVaxXsV2V AVfLgKtlwNUy4GoZcDVmq7LeallvtUy3WkZbI4v1y2L9stgaWWyFLLZCBlsjg70qg70qW70qW/XL Tv2yU7/s1C87rZCdVshOK2SnV2WlflmpX1ZaISutkI36ZaM1stFr1OmWWXpklh4qdVOoW3YZkF0G ZJAB2aJHtqhnhh6ZoUdm6KHUBkptoNQGWWFABuih1AZKbRD5PZTqFvmrRfxqEb9axK8W8atF/GoR v0K0rxDt/aK9X7T3i/YVor1ftNejfIMo7xHlPaK8R5T3mIOLOuN6T31yGItOEWU1EfUNEbVARC0Q US/RuUPU7KbrYrouputi0VKga4WuS2m6lKZLRURNFNRo0UGLDhFQ75Q7eHyNly/g5Qt4+QJadPDy Gi+vd8oLePkC3rwbX0vxtJQ378bVUlxVcFXh1bvxVeHJu/GzGD+L8bMYPxXevJs378bRYhwtxs9S 3lvjvQt47m42L2bj8+EGHruLBU95NmLvu8L9fDMbvY9lVc/6WTbAsgGW5Vn1sjxQYNnLLHvZ7urT 2ct297LdVe3uZbuq2lHVjgbsaMCOBuymajdVuxmwmwG7edkuqnYxEB1upZHGXDJqtd0wpkv8jT45 anQvsdV6rFavViNWq/tMj9VGrFavSiO4GLHqCC5GrDxi5X4r91u5HxcjVh+x+ojV+63eb/Ueq49Y vd+MsDncy/JXWP2KlWMr5uWyv5NxN8q4G+W0+2TcdVGzq0b3zk/x3m8sHZecFk2JjhblBVFecMWA K7b/drp25QBLRlmSEeV13jIsybAiIwIKIqDAmgxLMiwZZckoK0ZFQEEEFERAQQQUREDh30y+B7rm UOd+OwFP8fjIkOHNhfq0y5sLvLnAmwu8udDQ9ld29mZD2/GeDTc+U9kDYzJJc/3bSLqqU3VVp+rV s2wohx1eK8v1O+TOHXLndrlzu9xZz4075MUd8uB2d9vc8JvXGndKNhiMo6PcY5lXllN3yL06XbHz HV70EDgZwscQPoas0bn3byzbqTyEnyG8DFF5CDdD1B2yh057WGYPy+xhGaWH/g0n7/f8EPgtJ0e4 /kjPj3K8z/UPND4zKUfjWB9HB9rf0N46t8meNtUj15622v3r9rXVvrbax1b72GoPW609ZO0ha9fX 3WTdTdbdZL1N1ttkra3Wqa+xKTrS3R9lfSfLV7yrBtRn/U4rVRo5P9X4S5079nrapkZne5n8uDc3 sniFVR+16qNWffTfzYv1PHiE6+o58CjHej67z7W/m88m2s0/2sHmxqcNzY3vxV5g5Ves/Mre7wmt jk6076wrn6daxtSSt/81WFqFpU4s1ff+Dzy6ztSztK53BRVsPYutZ9mzxl0fcrdOKmZ0lvVK/CwG n6Vk3cuf5eUFXl6gaIZ9a3h7gY1ZNmbZmKVqRoeY1yHmdYP1Ct2J6U5Md/L6ApUzVM5gvRPrnWxf g/ln2b6G3VkqZyjQGb0f691Y72bzWhZU2f0vdl1nvtuOK3ZcsbsKtrux3W2XFTusYLkby91Y7sZy N5a7sdyN4W4rVTDcjd1u7HZjtxu73eJrV7gdNxvwUeJhKoJ4Ol7NPiW8GSX1Susbn66dEjZHR3i2 q/Gp5RQ57kg4IQyr48Pq+LArRtXwIR1Vde+njEPq8JA6PKwOD+/9lHGo8SnjCnnvXz9pHFZ7h9Xe 4Xd90jis7g7rikbU3SGd0Yg6OKwODqt9w9FEncZuO7lXZxE3PsE9ORStWv9GwmMUfKzxqe0EvUic nGzPxzU+H9zW+LziFO/+cvRn8t9hUZN7bGvc4/jwVv1zV9bSz/VbXbsFC5NZdErY3eBjpUeVaH+P 4t/5pLGSPFvne07YwuIKiyvv+mSw8h98Mlh59wQffcBK9U+Dd+B1O163/84nwkWr7MDpDivssMKO d31yu8MqO3C6A6fbcbrjdz693YHTHe98eptzzaDnW2XCd30iG41jdS06MtnWUPwRPdyIHm5EDzdi T8/Z03OY2q2Pq+rjqq4ebnzW90mvn9H4lt8yzC+Thz8gD9f/nrqgF6vqxar29Zyeq6rnquq5qnqu qh6rqseq2s9z+quq3mrEnp7T51T1OVV9TlWPU41a7OYZK9canzDWFTzDyl8OXVbriqZ4dQveNtvj Jnvc5Mr6J+pv4K+EvxL+SvgbxN/u+udUONyMw9043I3DEg5LONyMw9043Gyvm3C4GYclHJZwWMLh ZhxuxmEJhyV73oTD3fa7CYclHJZwWIoOwNoA1gawNoCpHKZy9r3JvrOYGsBIDiM5bOSwkcNGDhs5 bOSwkcNEDhMDWMhhIYeFHBZy0fvYWWRjkY3FBhvHu/MJKvKJcBJ8RLw8LU/9Azzr8TJYEYr63WG2 ZNiSYUtGfzvMjgw7MuwosqHIhgwbMmzINL7DWf9r44Oju6PpMsG5cB5cHh6Lrg63Rd+F78E1cC1s C49E2+F1GHbNnjAvGoO34NfwmzBv3NGhZ9wxcCz8PvwBHAd/CMfDh+EEOBFOgpPhFDgV/gg+Ah+F 0+B0+Bh8HD4Bn4Q/hjPgU/An8KfwZ/BpmAqfgc/Cn8Pn4PNwJnwBvggzovq/rrt2XFd4YdzP4Xl4 AV6El2ANrIWXYV14oemBcFvTg/AQrPc8A68AW5vehhDmjX9PWDx+3/DI+MmhZ/z+cAAcCAfBwTAY bhtfds0O2Bluaz4GToWLwuLmb8PFcAnMCo81XwF4b54Xepq7wwvNo6Gn5ajwQsuH4Gg4Bk6Ek+Bj cHZ4pOWrcE6Y13IXdMCg51tgK9CspRQea3kDql6reT4a5k1IhJ4JSVDfJ4yHZtC/TtC/TlC/J6jf EyZBK7TBPpAGNX2Cmj5BTZ+wH3w0vDDhNPi6x+c5Xu/4qONjsCv0THSvifuFF6KvRfvyuP1gMuwP B8CB8CE4Go6BY+H34XPweTgTvgBfhLPgS/AX8JfwFfgfMD08wXOf4LlP8NyboplmhFlwBVwJV8HV 4Une/CRvfpI3P8mbn2y6KWSaboZbQFQ0zYV5cBvMh9vhDrgTREzTQnjA+x6Eh8KTVH9i/MaQGS+6 xudgAAadzzsWoOz1HbDTud+ETHMz6KubJ0IKDoKD4YNwFOChGQ+848nmkx1PdTzdcSp8Dc6Br8M3 4KLwBM95guc8wXOe4Dk38ZybmtnbzF4e9OSES+rcRPP1VLfDHXAnLICFoN+K6v3WY/A4LIGXYR38 AtZDBl6BbngVNkAPvAa9kIVtYZmcsExOWCYn9ERmnqgGtI/4bmT2kSdWyROr5IlV8sQqeWJVUzH0 NJXgDRiCMpiZmiqgD23ShzbpL5vcs8k9m9yzqf6+tyGEVeJtWYtc0CL2W8R6i1hvEect4rzlr+DL cLZrvgrnhFUtF3o+E2bBlXAVfA9ugBtBvLXgqAVHLThqwZF4WtXyd44djk85rgA8tOChBQ8teBBr y8TaMrG2TKwtE2s9Yq2nhU0tbBJzq8TcshZ8iLtV4/4watKNjIdmaIEJMBFSMAnq/3hGG9R/c/q0 6LjodJgeFvHxRXx8ER9fxMcf5OMP8vEH+fiDfPzBqD3al5/P4edz+Pkcfj6Hn8/5L/yW1IlRJ2wL Cym6kKILKbqUoispupKiKym6kqIrozej91J1LlXnUnUuVedSde5/1/fiEx+ODk6cEB2XONnxk/CZ sCjx2bAw8Tn4UnRQYkZYkrgg/CBxIVwUfqBnuzj51fAjfdvFya87zjTJzFKnu6N08tVocrIHelXZ vuiw5LawKrnd89ejo5P5xq86TEm+4TgUpZtmRoc1zYIr4Eq4CtrhavgufA+ugWvhusbvaM2RL+bI F3P+q7+jxdvn8va5vH2uXLOo8Z38fcNCOWbO+KFoX/llkfyySH6ZM/6t6LDmJPCt5n1hP5gCx4Q5 zcc6ngAnRcfJKXOa/8jji8Ii+WOR/LFI/lgkfyySPxbJHw/KHw8286Xmq4EvvfNd/56w9f/43n79 u/hfCCtF2kKRtlCkzX3nd7h++xtc9d/eusv5f/39rRNF09zGb3ANun4LbAU+J3KWipylImelyFnZ siN6b0sFqq6veZ3/iaC59d/p+n/2Hf13/9bXu75rX/8efWpaWJhiV+qa8IPUdSBuUuImJW5S4iYl blLiJnUrzIV5cBuwN3U73AF3wgJYCHfB3XAP/AQWwb1wH9wP+Ek9CA/B38HD0BEdPOm70UGTvgfX wLVwHVwP34cfwGyYAz+EG+BG+BH8GG6Cm+EWuBXmwjy4DW6HO+BOWAAL4S64G+6JDmr9/ejgfSZG B+2TgknRQbrFV0TBtsavmLzS+OWTwxJXymZp2Swtm6Ub/zbDBJgI9X+PcRK0QhvsA/vqbveDybA/ HAAHwodAB60DyOkAcjqAnMw3ReabohMo6AQKOoGCTqCgEyjoBAo6gYJOoKATKOgECjqBgiw5U5ac KUvOjM43ac2AC+BCuAi+DRfDJfW/VYfvwGVweWj/dzPq1WGqbDpVNp0qm06VTafKpinZNCWbpmTT lGyakk1TsmlKNk3JpinZNKXu5tXdvLqbV3fz6m5e3c2ru3l1N6/u5tXdvLqbl3mnyLxT1N9Y/Y3V 31j9jdXfWP2N1d9Y/Y3V31j9jdXfWP2N1d9Ytp4vW8+XredHhVCOilCCN2AIyrADKlCFnRDDcHhG Zl8usy+X2ZfL7Mtl9uWy+mxZfbasPltWny2rz9bTZ/X0WT19Vk+f1dNn9fRZPX1WT5/V02f19Fk9 fVZPn9XTZ/X0WT19Vk+f1dNn9fRZPX1WT5/V02f19Fk9fVZPn9XTZ/X0WT19Vk+f1dNn9fRZPX1W T5/V02f19Fk9fVZPn9XTZ/X0WT19Vk+fHXdWdPC4L8FfwF/CX8FPQkYlyqhEGZUooxJlVKKMSpRR iTIqUUYlyqhEGZUooxJlVKKMSpRRiTIqUUYlyqhEGZUooxJlVKKMSpRRiTIqUUYlypglOs0Sq8wS q8wSq8wSq8wSq8wSnWaJTrNEp1mi0yzROe4XUWrcesjAK1FKFUurYvuoYumEeUclSyfMNKrZctVs umo2vVHNvhrKiekwI9z17qqW+Hbj112mqmwXqGxTVbb6ryQ9lbw8PJpcoYqtjNqSXeHG5CvhaVUu rcqlVLmCKpdKbgxbVbqle3+76LDG71y+4fxQNF6VS6tyaVUurcqlVbm0KpdW5dKqXFqVS6tyaVUu rcqlddIFnXRBJ13QSRd00gWddEEnXdBJF3TSBZ10QSdd0EkXdNKFprtC3HQ33AM/gUVwL9wH98MD YarKOVXlnGru6jR3dZq7OlXRlCqaUkVTqmhKFU2poilVNKWKplTRlCqaUkVTqmhKnxnrM2N9ZqzP jPWZsT4z1mfG+sxYnxnrM2N9ZqzPjPWZcdOuUG4ahd3wJuyBMXgLfg1iQmWerTLPVplnqswZlXm+ +S9r/sua/7Lmv6z5L2v+y5oScqaEnCmhYErIqeBTx28PsUkhZ1LIqeQzVfKZ4+1pvD2p6FNV9LSp ITf+bc9DiJsjGAcJSEZplT5tosiZKHImipyJIqfyp1X+tMkiZ7LINR/i2kNhinMf9PwokGtNGTmd wVSdQbr5w14/wfGkaIqpI6dDmKpDSJs8ciaPnMkjZ/LImTxyJo+czmGmzmGmzmGmzmFmszzaLI82 y6PNl8NMmBXadRPt73QTcqh5NquTyOgkMs33R6nmp6KDm5+GZz3+R8cXHbtDpy4j00xLc2+2uf6L nIeGjI4jo+PI6DgyZuFOs3CnWXiVWXiVDiRjHl5lHu5sOT1KmYk7zQWxuSA2F8TmgthckNelLDcX xOaCWLcyX7cyv+VvQrnla3BOmG0+iFsu8lhMtVwMl8Cl8B33vAzYZXbImx1is0Nsdoh1OCkdTsoM EZsh4pabXH9z45cNY11PyjwRmydi80Rsnoh1QbN1QSld0BRzRawTmq0TSpktYrNFbLaIzRax2SI2 W8Q6pPk6pPk6pPk6pPkt2937dciDXN8i1+uantE1PaNrWq5rWq5bmq1bmq9bWq5bmq1bSpn1s2b9 rFk/a9bPmvWzZv2sWT9r1s+a9bNm/axZP2vWz5r1s2b9rFk/a9bPmvWzZv2sriuj68roujK6royu K6Pryui6MrqujK4ro+vK6Loyuq6Mriuj68roujK6royuK6Prykw40Z5Ogo+Gzgmnwdfd+5ueT4dz 4TznvuV4PsyAC+CSUNChZXRoGR1aZsL13jPP+Udd+1hYNeFxj5fArpCdGEUH6+AyE9k2cb/QOXH/ KJX6y9CTMhemvgLTwnSd3fTU33h8VSin2uG78NtO7/se/xBujNI6vrSOL63jS+v40jq+tI4vreNL 6/jSOr60ji+t40vr+NI6vrSOL63jS+v40jq+tI4vreNL6/jSOr60ji+t40vr+NI6vrSOL63jS+v4 0jq+9P/Hji/9bzq+/aO54dPjzonOHvcN+NvoqnH/M/rbcd+Mzho3PZqe+Ez0qcSM6GPJL4evJKeF LyU7Q2dyZZie3Bp69IaTk9sbv/H6ULIYMsmSWeoN89ZQGI0Oj+a+XYyWhu3RC2G7u3987y/SnuXu Z7j7GXt/SXa0/lvRVjnYKimrfNwqU61yW/Kfw8vJn8HKkEr+i2NX2Jb8ubs/Hx6w+kNWfiv5emP1 L1r9XqunrL7M6j3RhGTGFd32ZJJPbrD3nrA2+ZpzfSriRle02ts6e1vnym+onRlXP+TqH7l6f1cv dfVX1NFV3nGtd8yOjqj/vqTdPqia/4HqPSNxpko+I9ySuLj+t53REYnnw6zES+GhxObo9MQu8+hk /fPx4bnkP6u+K6MPs2CNlTrNo6nkhsYsmlGl0+7+FosGVeof7a3Uqb0zaYplcbLEqsYvDYbquL+O msLiaDw0QwtMgImQqn87G1qhDfaBtMn+PXBayESnw+zw42gO/BBugBv/F3VfAl9Fka1/arldfe/t TkIISwDDvqgPZ8gw+sZldBx1ZsSNcRkFRVTQUXFjE5FFHB1AEQEVUFBBEN8YB5lRREAWRRlxCUtk EYloAgQwLM0SlsCt/1d1mxCWAAnI/72+v6+7bnUtp6tOfXVOd9+6wCBgMPAM8CwwBBiq59J0/T7N 0O8zDvtHABKIAA6gABeIAjEgDvhAGoB5kqUD1QFwCQOXMHAJA5cwcAkDlzBwBwN3MHAHA3cwcAcD dzBwBwN3sGZAc+A6ncfaAn8GMLYZxjbrC/QD+gNPAAOAJ4G/AU8BTwN/BwYCg4BhegEbDowAXgBe BF4CRgKj9AL+Sz2YtwYuBtqi9wbrXP4Mema2/jN6pRh6VgIdm4KeKE6u+YjvJYlPxC6dIXYn8sWe RJ7Ym3hblCZWiH2J6WK/josE4nWiWEYSn0hHZ0iVyJduIk9GE2/LWGKFjCemS0/HpY/4FKTrrifJ HkBP4FGgF/AY0Bt4HOgD9AX6Af0B2LYStq2EbSth20rYthK2rYRtK2HbSti2ErathG0rYdtK2LYS tq2EbSth20rYthK2rYRtK6cCH+o8OR2YAcwEPgJmAbOBOcBc4GPgE2Ae8CmwRA+WecA3wFJgGbAc WAF8C6wEvgNWAfl6cKRUT3IEAP11IjrHScexOtAYOAtoBfwKdsF5OA7Rec5IYDS+4zqdNxHG9Ti4 HgfX4+B6nHcRNwX4N/AeMA2YjvgZwEzgIwCyO5Dd+QLhL4GvEP4ayAUWAsuA5XqBsxLnioCfgADY BmwHdgA7gV06T6UAqUAaUA2orReoTKAOUBeoB7SGnXIe8IgerLoCTwADgOHA68B4/b7KwXGXHuw2 13nu2ZjjzsHxlzheA1yL8C16gXsXzncCOgPQR3c04l8GXgHGADlAqV4QJZ0XrYYjxlcU4yqKOTqK +Tl2F3Af0AV4EHgY6A5gvMcw3mMY7zGM9xjGewzjPfYcMBR4HhgGQN7YCOAF4EXgJWAkMAoYDbwM vAKMAcYCrwKvAbjG2DhgPPAGMAGYqAfHr9S58TbAVcDVAK41fi1wHdAWeFyPj/cB+gL9gP7AE8AA 4Engb8BTwNPA34GBwCBgMPAM8CwwBHgOGAo8DwwDRgAvAC8CLwEjgVHAaOBlPd47Ww9OierxKTEg rseTBPtPAfMXiaWYy5ZjHnuJeoM/Hwf6AH2BfsAecOleoBTYB+wHV7XQAfznAP5zAP85gP8cwH8O 4D8H8J8D+M8B/OcA/nMA/zmA/xzAfw7gPwfwnwP4zwH85wD+cwD/OYD/HMB/DuA/B/CfA/jPAfzn AP5zAP85gP8cwH8O4D8H8J8D+M8B/OcA/nMA/zmA/xzAfw7gPwfwnwOzHhibr/PhsxbDZy2Gz1oM n7UYPmsx/NA34Ye+Cb8zH35nPvzOfD5RF2BGm4SZbD0v0Zv4Lr3J/rLpY/idCzEbLdL5mMEmwYfL gQ+XAx8uBz5cMXy4Yvhwxn/Khf+UC/8pFz5TAJ8pgM8UwGcK4DMF8JkC+Eg58INy4KfkwCfJgQ+R Ax8igI9gVhAN4AcUww8oVmfpfHW2XQ3UrARqbPlc2Nm5sK1zYQvnwgbOhf0bwP4NYP8GsH8D2L8B 7N8A9m8A+zeA/RvA/g1g/wawfwPYvwHs3wD2bwD7N4D9G8D+DWCvFsNeLYa9GsBGNSt05sMODWCD FsPuDGBvBrA3i6MZOh825puwMd+ETZkPmzLf66sLvH5Af13gZ+hNfg2gJlAfaAAMQPwE+3bTGj0J 8zpsTDGDfiVm0l1iDjURc6kO2vcr8QnVEPOoucilNmjrNtavX0K/g2+fKr6hbLR7sbmLDTunALGF 1BL2Qht7D9v8nmEDrJbkvexs1PSxno70022dU3CuHwnU1wJxeSYlxdl1FGNtgT8D1wM3APdSNry3 GLw347nF4KXFouafXCXkycLouNCuiYz5EDIkY7IwWxYhtgVmyxzMlnnWHoQ3jpoLYQltoN/Ze4om bTZkMP+HsA4SJ9dPtqtKG5vIPDex68/drBeL7mibj6FDF1Eq8t6sl+DbKqSeBVtwrt6JbwX41gX5 5uo9+LaEmpNE6RHAARTgAlEgBsQBD/CBFNR4I1UT7fR/RAegC1pxpl6GklajpEWyO2XLHkBP4FGg F/AY0Bt4HOgD9AX6Af0pG758Nnz2bPjs2fDRs+GjZ8Mnz4b/nQ3fOxv+NmSxss6ATTcTbTVL/yjm YBTN1d+ixpmwbjfj2rvT2dCJajgbGF3AtWdQOltEZ7DF1DR8L62zaIdUyZWazzYrNYsu9jddX4qe sG9H0pliFDBDb0BPN4Il82/5GzpLnk9N0VrtKQU5UlDPL9Cb3dEDs/Rm1PSlrclHDT+hhlxxK+q/ DRZoRxzvwLE7almkV8FGLoZ9vM/qzzKKIFeMHPNvLEidiZSZSJmJlAFS7KSaVAgWhQ1Fa5Or99ka e+IInkCvR8C4K1DeDrDuTuQITJnGIo6k6xL48CXw4UvgI5fARy6Bj1wCH7kEvm8J6rwR13ozSumO nstFLlOauWNa65A6b0X5HYEHiNm6F6LlFyF+MepbgnbOg+YshWW+jOInVG88rLcApaXiKkpRYgFK LEaJAUp0wrtvETt/pCB1IG62cuRDjnzR1fZxY0ishFm5OSlLCXLGIUspchsPJaBzqJDOozXAWmAP NaO9QCmwD9hPzVByR+st3YpxdhvdKDrieAeOD8CT6YqSe+p5og96ciQ0fRRGLKwetFET2zdL9L9t bd/o5RhzGfBy9kFHsqEj2RJlywSgqVkknc5T7YD2QAdqpkYBE4Ef8P1HoACAnGoL4nbgWALZopCs BBK1hDQtca0ZYe9gdsUIMH28HDpjNG0O5J+DlilC6gy0ThFyZCBHNlJHIecmtMx2yBpA1t2mXW2u XKuf6CPocmOM3RLoc2PRA0xYQLWS9jr0tQi9Y36ntUHPs//kY/osH6liiNkJOQ6sEBe+HSO6QUce xfhfD33YgPZ3wjXti5AH3IYrWAds0PmUSZ0gSWfgbqCb/QeDEsiTC1lykTrDpi5EjdaLw7kNYER7 3xXz4kWUFUnTRZFiYJMucroADwAPAg8BPYCeKDcl/F8EsxJnPkrOF91wRT1wpQXot0K9EVe6J3ml ehekLkUtC6zvXQvyBZAvgHxB2Shph5I6AN0gWw/0SwFyFkJ240cnvU1zdT+Y/0CCfAHkCyBfAPkC yBdAvsAxz1RaEjx36gzcDfTG98eBPkBfoB9KTv5r0pngqJRwHXrDOL8DR41CK09FK38KvZwBvbwQ enmFeBv6WgDJCnFtVhrMU0Xos/U6Hzp5HnTyPHmRXiFfp5ZyHDCeWkbS6IrIDzgW47gJ2EotnTPN s0+gC13hPAA8CDwEGPncsI+MzkRCnYnYvlpnNSKwdx9yIPekMFVmmCoTcgdImW1lM/3viC6Jt8Ru vQW+Xr5Uegt8uXzZIvE5ZO6S+AGxJYgpkS30f6HULonlogQ9VYrc+1DSfl0gI3qPjOlSCXsEKQuQ spXNOxlnVyBmBUrbafPmir3gCZN3P7RBI0+UlM3rwQdLwbGFzqJ0pPwctZTCKw0gWbEwb4WXotZ9 ei9yLkbOEtRaCm80gMTFElYRStkDCfaipMUoCfImfkRPdYEfmyxlJ0opRSkJI7OtO5l7J3KXInfC yp6UIUI1kbMLZCgQu9Bmu3Hcg/aDlRxe+QqxH2M6odeipD2QpUA6lInSClBaiYxilk+2CK6fotLX a1HyHsj0nJk1EwUo0bRBkUhgzlH2+oukj3ALTTbFu7ZH9tpUyV6J2lSmZ5agdQ/rL9gTYT8h93H6 x6a1/YK0x+kPSjvZfiCvsu0PLT7F7Q4dr6C97ZmjtjOlyAxyZQ2UWptisg5QF3nqIf8ZCMNalfVx rhHCTYCmONcM55obq1LWRBl1cbYBjk1NG8gMfIPPIGshTR17NrBlZSG+PsINEW5iUwemHHJs6tq2 1p02RSNby05Kh1wRnC2WNRFTC6hNWZAvFSmLUWYW5EO5QH18b4DzDYFGiG+CNE0R1wzh5qgjBaUU QVZzhRGZidrrkAhLMbmLIL+5wohsjHNNcC6ZO0JpkCGG3JvsldZGuXWQqi5arx7ik/XHUMIm2wKN cL4J4prifDPEm7pxFSi/Bs7W1FtlLXOt0DgrA/qyHuo9A3FZSFMfcQ2QpqFpA6SxsiBNM6RpDqYz /ZRq27U2ZYT9VAo5MiBHCuRItW3bCN+T/VQKGTIgQ4rpFdt6kTDXjkOkN9edzLGjTOrUquoERu03 CB2mFxjt9cmvrG4gV2OM0gr0A2c5VT9VOoLSaiCminqC3B5VO1ldQSk1zRWdGn1BT0y0/VglnbFX 5FdWb1DnblizJYnF4MKWYBwJVmsl9iZmg9Xqin2JeWCf34hEohSsliYjicXgxpZgIwlWayWjidlg tboynpgHZvqN9BOlYDWMwcS3aJE6aBEfLeLL2onP0SI1ZJ3EOkjVBK0i0SpcZiFdfaRrgDQNgUZI 1xjpmiBdU6RrhnTNoTVReGqp8LGuEOZfhOZZqz4DVm4WrIpsc98e1l6m/SejGawDXcA60hXsDnqW 3YnjXchl/nfoJv2Z+AusoZv1WPvveGceI9VnNtWBf1waW/ZtStk3znx4wC2J6Hy6mM6Cz/07+iW1 oeupFd1Ef0HsLbDbLqS/0hC6kobS2/QQzaDZ+DYXn+H0BS2jEbQCPsfrVMRS6Z+sLqtLy1gWa0nL 2VXsasRey26gDawdu5W2sNvZ7bSN3cE60XbWhT1Iu1gPNpr2slfwyWJj8anPXsOnAfsHe5s1ZHPZ QtaY/5Jns1/x1vw8di4/n5/Pzue/5RezC/jv+WXsIn4Fv4JdzP/I27BL+NX8anYZb8uvZ5fzm/jN 7I+8PW/P2vDb+e3sKt6Jd2ZX83v4Pexafi9/kF3Hu/Ke7Cbeiw9k7flg/hy7nz/PR7KH+Wj+MuvF J/J/sd78Pf4ZG8T/w5exMXwFL2Q5fD3/iU3jW/hWNpNv47vYLL6Hl7J5XAti8wUXgn0ulPDZFyJV pLPFIkNksKWipqjDlomGohH7TjQRTVm+aC7OZKvFf4mWrED8QvyCrRGtRDZbK1qLc1mROF9cwDaK i8RvWbG4RFzCNotLxaVsi7hMXMa2iqvFtSwQN4ib2Q7RTtzF9ogu4gFU3VU8yiOij+jD46Kf6Mc9 MVKM4r6YLCbzVPG+eJ+niWliGq8mpot5PF3kiuX8DFEgfuLNRYnQvJWMyBR+gcyQLfjl8iJ5EW8n u8uBvL18Rk7lD8kP5Ww+Rn4tF/I35BK5lr8p10vNp0dikRhfHPEiHl8SSYuk87xIXuRbviyyKvID z48URgp5QWRdZB0vjKyPbOBrIj9FtvJ1kW2Rbbw4sjOyi2+K7Ins4VsjpZFSHkT2OxG+zVFOCi91 0pw0IZx0p4aQTm0nS7hOQ+dXItX5tfNr0cg5z/mDaOxc69woWju3OU+KC5ynnL+LO5zBzrOik/O8 87y4xxnujBB/dV5yXhL3OaOcseJ+Z5wzTjziTHAmiK7Om86bopuT47wnujsfOB+Jvs4c5xPxlDPf mS8GOQucRWKwk+csFcOd5c4K8aKz0lkpRjrfO6vFKKfI2ShedgJnn3hVkeLiH0qpBuId1Uy1FvPV +eoisVRdoi4R36rfqz+IlepKdY1YrdqqtmKNukHdINaqm9RfxDrVTt0u1qu7VCexWd2r7hVb1f2q lwhUb9VPaPWEGiCl+rt6VjrqeTVaeuoV9YqsqcaqsbKWek29LmurCWqirKNy1ExZT81TC2RLtVht k63VDpDcTW4zt5m8023hniXvcs9xfyHvdlu7reVf3d+458t73Qvdi+T97h/dK+UD7lXuVfJh9xr3 WvmIe717o+zm3uLeInu6d7n3yEfdh9xHZB+3t9tb9nf7un3lE+4T7pNygDvQHSyfcp91h8iB7vPu 83KwO8IdIZ9xR7pj5LPuW+7/yOFujpsjX3Anu5Pli+42d7t8yd3p7pSj3N3ubjk6CjKTL0dlVMox URVVcmwUm3w1mhpNk69Fq0dryHHRzGimnBCtG60nJ0azollyUuz6WDv5VqxjrKN8N9Yp1klOif01 dq/8V+z+2P3yvdgDsQfl+7GHYw/LD2I9Yz3ltFjvWG/5YaxPrL+cHhsYe0fOis2NfS4LY0tjq2Rx 7PvYWrkjtideR+6LN44Pi2TFR8THR4bEP4jPjoyNL4xvi7zpKa92ZIF3tnd55DvvZu+vkRLvfu9h R3ldve6O7/X0ejlpXm+vt1Pd6+M97WR4g7yhTpY3zBvmNPVGeC86zbyR3jjnTO8N7w2ntTfRe8f5 tfeu977zW2+aN9O5zJvlzXL+5M3x5jhXeh97nzttvK+8Jc713jfeN047b5m3wmnvrfRWOx28H72t Tidvu7fb6e7t9fY5vb2ET05fn/vcecKXvuMM8KO+7zzlp/k1ncF+bb+2M8yv49dzhvtZfhPnRb+Z 38wZ4/f3+ztj/QH+086r/iD/OecNf7j/gvM//kv+SCfHf9l/2fmnP8Yf40z2X/XHO+/6E/y3nPdT eEqKMz0lPaWWMz+lbsoZzlcpu1L2OguJR5/EjELxGWkfUXOqT6dk09/r1dQSnhXpxUc9X6qH6sn4 lOhe+Ha77qzf0VMRKrBnC3QR9j+GaUuOyG3OFukAn4PnMo5ItQV46riSDgL+Ve77CpRew9RQ4RbT e410ejvC5h3ZP1AzfM8vK2F9WajgKPUt1qv0Bv0lPgV6K6z1k91qocxxtuRCXawXHKhdFx9Rc7Ft tWKdj9a/g+qixc40kodnS49Xkd6pN+tter1eWxZVHbGb7bn30Xup+gOE1hw1L1LpTai9RG8g02pZ 1JguSUqPM8v0MmjLahOqoO7X9FhzlboHcI2+VA/QAxFaXXb+p/JXeVjeUrT196j7Y/0Zrj5AT0XC M98elnL+cdtgB4WapofZfaC3oPRQC8u1zIH0O9Fi2/RuvRTprrRXewFaPpRSb9Qbsd8Qpt19RO4t aLN1RkfCcVFCdewxr+KrrUDu/EO+3V8u/NGJlYDtnIM1osfyKKKXHqdWMwI3hl/OotbHTDtJv2L0 xOhQ5Te91lwhtGvVEWd+PG7ercDfbOidw3vQsNNxchcCMywjrTw48k90g1bvtPu8o5xMPaEStgE/ VLbeMO/c8Di1Cnlftfv55vpP8Xb+ceten+xXvQdcurmSpR+7Vc8DbrR1/JjcJz/h2aPNjmfiUx+f Mw+RcJLdL0x+jpG71VFzr7P7TXoHuGtHRaLinGG1jfo7Mw5NniSHJ+c8sN2n+gv9nwpzl5tV9WBq CEa+mq5F+B82Jg/z1Ed6RYW5y81begTmgUy6HJ4nRpCN+Q5j4dOD7FxR3WYGhR6Z3K3htYbxerqe hjm2Ql46yPXhlor2a4f4x+zZWfpDPVfPDtNuOiJ3uZkdLZVq5yEzq1xlYz5F7TP0jArrrsAuSBiL 4Et9i26r79c3hmmPYDI9GO36uf5arz6EZzh1oL/BQyf468+bX53QO+TRZJpGLWgmfPds67ufS/Pg u59H38J3bwMvndHNrCPrSN3gPf+Zuhu/mXoaj5ke5ffxB+gx+L4rqC//jn9P/XgBL6Qn4Qevp6f4 Rv4TPW28YRrIS/guGsxLeSk9a7xhGmK8YRoKbzhOw4RZk+glcau4jUaKjuIOGi0/kB/QK/AjNY2J pEfSaYEz1ZlKXziznNn0pfOds4q+drSjaaHxn2iR8Z9oqbpOtaWVxn+iVcZ/onzjP9Fq4z/RWuM/ UZHxn2i98Z+oxPhPVGr8J9oP/2k4E+oFNZo5xotinvGimG+8KJZivCiWZrwolm68KNbYeFHsLONF satc4UbYza7rxlh713NTWAe3mlud3eHWcGuxTm4dtx67x81yG7D73MZuU/aA+1v3YvYwPKfOrCs8 pEGsBzykZ9mjxgdivYwvwh4zvgjrHX88Poz1Mx4Ge9FL82qzD713vHfYx16ht5V9Ymx8tsjY+GyZ sfHZt8bGZ6uMjc/yjY3PfjA2PltrbHxWbGx8tsnY+GyrsfHZLmO/s93Gfmd7jP3OEinRlDgXKTVS anEnZXfKXh6F3iy1esOs3nDozUhY8qPoFdg3Y2giYt7ER9EkeptcyoFWOVarHGjVRxSlWdCtmNWt GHRrAeK/oG8ojlKXIu8yfHxo2ypKoXwqwBgrhOY1oCIKMGq24dOQttMuakS78WlMe2g/NaEE9LKa 1ct6Vi+F1UvP6qUHvexCafwBaKdntTMd2plPNfn30NHq0NECqsULoal1rabWsZpay2pqDaupmVZT q3PNNVUXBH3NgL5y7LFRDWitQhjdTrVFFBqcYTW4DjT4VmoqboMeN4Med0T4DmhzM6vN9aDN+cTk 93ItcblOFpEj18vNFJdb5A46Q+6UJZQqd8l9lCX3Q++bWL1vYPW+ntX7elbv61m9rwe9/z1lqMvU ZRRXl6vLSaorMBIiGAlXIqaNaoOYq9RVpNTV6mpy1TUYIY0wQq5D3rYYJ1E7TuIYJzeRr/6C0ZKC 0dKeGqhb1W2UqjqoDtRE3Y7xU82On2p2/DCMn/uRq4t6GGkeUV0R0011I666qx6opafqiZIfxRiL Y4w9jlx9VB/E91V9kb4fRp1vRx3DqBuINIPUYNT7DEZgKkbg84gZpoYh13A1HGleUCMRM0qNgiSj 1WjEYGRSzIxMMiPzNeR6Xb2O+AlqAsqZqCYiZY7KQcw7ajLyvqveRTtMUe+jZaaq6ZBzhpqBNpmp ZkKqeeozSDtfLUCZixV0Ui1V0Ea1XK1Ead+p1VRf/aAK0SZr1HrUtUFtpIbqJ1WMltykNlNjtUVt QY1b1TbIvEPtQMqdaifOlqgSxO9SuyDJbrUH5e9Ve1FyqSpFyfvUPqqu9qv9qD2hEsirlaa44RGq Z3gEe/AI9uAR7MEj2INHsAePYA8ewR48gj14hBh4ZCD2g9xBxA2bkDRsQsywCXlgkz7Y9431pzTD KSTAKcvIiy+PryA//m18G6UZfiFh+IVqg18Kqbq3xltDGd5aby353jpvHdX0irwinF3vrada3gZv A9X1NnqbEN7sbUb6Ld4WpNnqbUWa7d52hHd4OynTK/FKkGaXtxtp9np7cbbU20dxL+FpquVj+FN1 w1zYS19iH/EdSgd/xaiGH/fjSOP5PtUFl1VHTIZfkzINo1FNMFod7Ov69ZAmy69PGX4DvwFKaOg3 Qrix3xjpm/hNEAbfIR58h5hX/ddQ/uv+OOQa749HyRP8iSjzTf8tqmEYkCwDUpphQEoDS/0zZMBh +IgyBhyN8Bhwn7DcFwHzvYPwZPoQ++k0wzLgXIQ/Ae8J+gzcJ8B9S8GVy2g5wivwUZb7hOW+DMt9 NSz3RS331bTcV8tyX23LfZmW++IslaWSx9qxdth3YWA69hDrin131h37Z9gz4L62vC1xy4wumLET 9oYZY5YZXcuMvmXD6ryYm/+NMAxYzTJgOt/P91OK5b5UIYWkamA9F+GYiFGaaCfaUV3RXrSnMyzr 1bOslyU6iA6Iv13cjnjDgPUsA2aJO8VdVKeMAYtIgPt2kALr7aOo5btMy3c1zF1RjM9L1aUkLK8p MFob7A2XCctlEctltdS16lrEGC4T6np1PfY3qBuR0rBYDctiUctimWCxjhjbd6o7sb9L3YWUnVVn 7O9R92BvGE1ZRouGjNZddUdMDzBaxHKZUo+pxyyj9UZ6w2gKjNYf4SSXPan+hrBhNGUZTVhGi6oh aghyPaeGIsawm7LsFg/ZbYQaQcJynLIcl2nZTahXwWsi5LVxahzC49V4ctQb6g2kNEwnLNNllmM6 YZlOgelmIGzYTamP1McIz1OLsDfspsBuKxE2vJZhea2G5bWo5bWaltdqWV6rbXkt0/JaXG1X25HL sFsNy261LLtlhuy2DywmLIvFXeYyEkk+ivWKPUZu7PHY49j3jfWlWKw/2CcWGxAbgJinY0+Ta5mI x0fEXyZuOaW6twlskuoFHvjUMkiq5Y7q4I5dCO/29lAKWCOBkWxYI80XvqAU8IUi3/JFNcsX1cEU 6Qgbpkj3a/m1kMZwRHX/DP8MxNcHR6SDIxqiBMMR1SxHpFqOSLMcUQ0c8SrKfN1/Hbkm+BOQfiLY oZplB0685c3mbmarvRc+BY/khors+P/Nm96mCwxsODj0zk1ZmhK99pj3KCsq29yR/R5YYL99fyDO eC/27mCpuUOWvF8EKYJD72BW7A+G55eEx7srL9mp2nR7PdYet51Q6gKda7y9E72PVmE5xYeGzX3W sntl2+D1Feh805p6eVmqg70X3rm2bW5WA8iiVJPaxh1x7/tn3WKhJOVrTaXf2rgfDu99vfnI+13Q nq/1Ar2rKrp5/E0vCo+FoSZvLXdu+wHprRRH6U+96uhj6ZRIVumS9Tg9yh5L9CJoxkJgsn5RLwn7 vUx+e2dxEXTo8yqN92Iq9xQi+dyk3Nkheit4pDhs0fVGknKZD2jDzhOoZzcd9WnHyW7oyYPS70Bb bQbMXaNdh6TaeGTO/21b2T2vDSemKyfLSMcs+2h3mytOPV9P1Z/qKYanEE7e2cwL71FuKEu17iC3 VaLs78z9y5D7NtonQAEYxDwVmZwsH9/n4fgfA4QPuZ+pc8jwU/aBqwLr5oGlLqaGennySYAu1Ln2 OPTAHb6T28o/3Uo+PdL/LPv+qr5PD9Yd9RyEby2LvVR30dPtTHNYqx+NpXAFM/Qc6HiF906rKPc2 yzSh9EYS2+LlZ62g/J1xvfKYpX1+aqWrzAY2Cp+/6e6HnflUP10WLpvBoBGGL9ZgZj3mNVVQm2FM 0xe2bax+bgzbCXvdw9aj7PPgw2fqDPuWVvmyjAXwPeasmCkptA32hOeC47X5Cch6kCnLPQU7wI1J ewQcX2TrOkTz7HgrOmJ+L67qc6WqbkmrtNz3Cq2f8k8wy8XOPLXylCv5xkokts959KDwmWIJRvQ6 84RQT9E5ySeFh8zvQahlH+h/V0Guj2AXTAvDn4Oj7fNcMz6NDsDGKAifqZRYZl0RWhdJFvUPK2uO 5Z6plufnJJ+B6C8OSbG/8hKGOZdQuaftIXMusRw0x4bBhZY3P05qQfKJZHJ0hGcu15fZb7P03WjJ +4An9XM4vmdjPz2ktvfQ6t31n6sg50N6rOFuXP+PCLVHaAA8hLH6bcyBw3RbPcJ4DIg1PsO7ekJy zOh7bOaMA89Tw7LyMNph+VMLG056WaH1ZZ7q2fdHjH5U4R0QqzVlT7aTc3EYzqfQ9znox9GhtlmD w997+Pm38jakeSanN5lZ/5g5DrPvT892yHNN+2Rdbzq2JWZb+fR6aVS+PaE/u60dtfPY/oHlmCrI WfHz50qUcVrbR7+mn9JDdU8bLoA3Okm/HJ4p1t/Y4yYw8aaDlluVarlUv3aScn4H3ys3vBOzRi/T X5V7h8za1fB4FurtZe8PVK2W49yzOWbeQmN745gAvoJ9Hs4G9n0D826Ptfgremfr9G1g7Y7arGlc 2357FN+7wVOxnrNpAV2qp+nh+nzMIbng8HFV6zk92h4an5SkyX6dF34LvdjknQAq502d/FaJ97oq KmGrbUHDwxtgrx7Ryzi/0nh9p9pXqewGy2oDpEj6oxuhp1vLnbOzDPT4K4ywL46a/bRtkDOn/Lsr 4KV5//+kOdqmO+tbDUMafwb7ofg+RX9tw6HHBz2Ypq/TQ8j4Xz9UTcdOdz9AO/ac3hortx1gff3T ke+PVqKUn/UeWGhRFmPO2nJy9/mqeu/APJ84wZTv2reND39LrLJbw5PMf8Ib5viTuNenh586SSqo IeR3vflkev5Uzm0V1pGv957uexaV3/SH1mc42fZofkqE+dm2k/1lA2aaKjytsfeSy+5+2XeED4yt WMWjzNrIjakdqSrUWFwV1ja9f9BfC+8Fntjb4559R/n/wpZZlUzmHn4Vci0pP7OY33Fgnir5eZ5C /hwb7Ncdx5+x9L4qlJxXlTf0reW/4ZBvB9oyeoxcRoMzqQ109DRvxhstC2+wfsCPx2Ygez/8NN+3 KS/lSZXzY4jPjjh1ZvhbgoxyvzuoTMkL0W4LD9RiQhYHfgtxoL4LbE2HyFPu28CDpYWYlDyW28xv HlqZo56RfF+jknJOQr5JYdiG7L3vGeE1HJCg1WFyTqp8TWV5fzj6LxmPk+vb8lduSjjy6UuFW5Xu NKCX1h0/1RG5NoTj3T7zt8+DDrxPETvGL1DMdWTS76oy3vW6490BPmqulSGSTzXM3e3NFD7dOEau 5N3SzEPHn16h19tfe55J9XC0z0Yx+1irw2rTLZWX75iyf2z3ZT6/7q076vF6lH06fHDMtNdv2GPp ke9dHOUXgoHe9PPczbdvhCSfVa2AjZMH73QF7OuyX8bYJzbmTv4l+ib7/QvdFanu05/jiqbph8P7 moc807LzSGd9TRWk6YJSrw3DNmR/NzxKT9Vz9Uv6dv2p1YhM+2R7yQGPSj9g4qipeTqku+mHbFwJ 2ny1Hodrmaqn6H+ET3AOuYdl54bn9QtVkHOinl92N2++Ho/926E9Uqj/rV9A3NYwabSc559kwCaV r+90b6fjiYzVquT7Ckfo+2moPb9Kz+M2ULk7MKH2Hb+cakA6XWHDTWDXN6ZG5voxssw//Pw3tQAf FQBFGH1FGDlXgSdS9a9s+nhZbX31FWEw+eT507Lfc6rk2y9hug8rkD3JeKPA93bG0f11W/0I8DQ1 0hfYJCG/219gX6Qv1ffo2xCaZQD5xum39QL77k2ytgbUjFJwtL8th8bnHLcdjpRpShLhtxm4pnLP McK3a7JhadYn8198B35HPrtcmpqJbdrTv9drwEtz9EMoY7QeiuuaoZ8r3yp04PfcTyb5oZJyPgZ9 Sf5GOILQQ/pe/ZzVoRX2jU8/yfnlPCH7y/PkmwEnbAccWuPGI3/TeAK5gnDsWg/XPrvZTo49lXqM +d3kyKQL0f+cPjvOukPtwnWHnqQ/Mc5qUCe7plAvu6bQILum0DOsHbuNhrF72b30ol1N6CXWgz1D o9kQNoommzWFaIZZU4hmmjWF6COzphDNYh+zhTSH/5K3olzemp9Li8yaQpTHL+YX0zdmTSFayv/E 29By3pV3o5W8F3+MVvFh/AX6nk/kE6mAv8UnUyH/gE+jn/h0Pp028Y/4bNrMP+WfUcAX8AW0nX/N c2kHX8QXUwnP43m0my/jy2iP8IRPe0WaSKd9Zl0g0nZdILLrAkVEE9GEKbsukGvXAoqLc8W5zLdr AaXYtYDS7FpA6XYVoOqinWjPMkQHcTuraX57wWqbtXpYHbNWDztHTpOzWTuzVg+706zPwzqb9XnY 3ZG0SDV2TyQjksnuNav0sIfMKj2sp1mlhz1uVulhfcwqPayvWaWH9Ter9LCnIzsjpezvZmUe9pxZ mYeNNCvzsNfMyjzsdbMyD5tgVuZhb5uVedgsszIPm21W5mELzco8bJlZmYftMyvzMG1W5uHcrMzD hVmZh0fMyjzcccY5E7hn1uThaWZNHl7NrMnD65g1eXhDsyYPb2rW5OHNnDxnBT/HrMbDW5vVePiv nSLnJ36eWY2HX2hW4+F/NKvx8DZmNR7e2azGw7ubX2PwXi53OX/MdVzFe7txN877uKluGu/rZrgZ vL9b+/9RcsZxTZ33/n84SU4OeEBKKSIiQ0qRIiIioxQRkTrqHLPOOud1TgKEEGJIQgghhJCchBCC ddY5Z531Mmeds5RZxxxzzut1zlmv9eflOsccs9R5/TnnvF4vl1nnnPt9nm+Quf33K6/vJ4/f85zn nJyE7/P+9vXiI80UFGm2NFsISHOkDKGL++cI3dw/Rwhx/xyhV1ooLRTe4C46wlbuoiN8lbvoCG9K y6Rlwte4l46wg3vpCN/gXjrCLu6lI+zmXjrC25JBahD2ci8doU9ySA7h29xRR9jPHXWEd7ijjnBA 6pV6he9KW6WtwiHpTWm78C531BHe4446wgB31BEGuaOOcJR76Qg/5F46wo+4l45wjHvpCD/mXjrC T7iXjnCCe+kI/8K9dIST3EtHOBU9MzpV+Bl30RE+4C46wjnuoiMMc1cc4T+4K47wCXfFUTHuiqOS uCuOKn7a2ml1qgL+lxyqCu6Ko1opa+Xpqte5H45qo/xl2ahq4344qm7uh6N6g/vhqLZxPxzV17gf jmoH98NR7eV+OKp3uB+O6gD3w1F9l/vhqAblA/J7qh9wPxzVT7gfjuqn3A9HdZb74ag+4H44qnPc D0c1zP1wVL/ifjiqK9wPR/Ub+bfyddVvuZuN6j+5m43qBnezUf2eu9mo/pu72ajGuZuNaiJOiJNU f4yT4+JUj+IS4hJVf+UONmoh7pO4T9Sa6Wx6lFpkQtRPUaHiUImms3gWhb31GabC7joD2WQ2C5U3 lb2AfBZ+tGwum8cklouKFo0zFmPvK2VLsKeWobrJVN1kqm6xqG7rcNaX8DMdNe4rWHsTq8MZ+sl6 Z8d1WvCzhDmYiz3L2vGTyNzMy55jPlTDJFRDmc2Iio2KY8n012Ezo+JRH1NQH+cikx2VzeZHvRiV g/y8qHkY56JuzqC6mYe6+Rp0NapnOTmyzYj6CmroAqqhC6iG5qOGepDvjOphC6PCUWGs2YuqOhNV 9U1WELU96htsUdQuVNg8qrB5VGHzqMLOR4V9F+N+1Nn5qLM/Z8ujzkadZS9FfRD1ISuOuoDK+zJV XgGVtxD6adRfkepvHNVfgepvHNXfBKq/ZVR/c6n+FlL9nYX6+y5LE/qFfpYqvCd8j6ULh1GR51BF nkMV+VOoyCeg/4K6PJvq8vNUl1NRl/8P9CKq86dQnYeh/4EaPZtq9Gyq0Rmo0TLLVMWiUr9AlXou VeosVOpk9qJqpmomy1GlqFLYUl61MUbVZtmo2nOh2aoXcRZqN5vHazfOKlGVQBerFuPoEtUSaJmq DHNQx6Go48jwv7OroL+ze4X+tq6C/rbuFfp7umWo6T5WolbUPSwKlX07i1V/Tb2LfVr9lno3e0b9 TXUfK1J/S/1t9px6v/p7bIb6sPqHLBnV/0dsAfdrYwv5HsCK+R7AYvgeAI3XxLNSzTOaZ1ge3wnY AuwEl5lK80vNL9mnNCOaERar+ZXmV0ytuaL5NdNgh7iKzEeaj5AZ04wxreZjzcdM0lzTXGPP8p2D TeM7B+bc0txi0zW/1/yexWP/+AOL0tzR/BeudVfz3+wZzT3NPfYc31FwrT9q/siSNPc199nLmk80 n+CuHmge4E7+pPkTxg81DzH+s+bPrETzF81fsPJjUWDPiCpRzUpEjahhUdiHtAxlXJTYNDFajGGx 4jRxGlOJsiizJDFWjGUvi3FiHOZgr2LTsVc9i3MTxedwbrI4E/NTxFksXkwVZ2PlNDEN584R50Az xAys8Lz4POZnipmY/4KYjfkvii+y58QcMQf5eeI8phZzxVwmi/PFPKy/QFyAc/PFfKy2UFyIOQVi Ac5dJC5iMXxfxLVeEl9CvlgswczF4mKsUCqWM424TPwMZlaKlUwrviq+int+TfwC3tca8YtY/yui DlevEWtxlTrRgHUaxM1ssWgWraxUtIkOXLFVdLIlYpuIuiG2i26WKHaIHbhbj+jFe/GJCtbxi36s EBADWCEoBrF+t9iNoyExhPWxN7OZfG9m87E3f40tFHeIO1g+36HZDOzQb+HobnE3Sxa/KeJ3X3xb fJsVi3vFvXjO+8R90G+L+9kC7qyH+djFscJ74nvQARHfTPGweBjnvi8eYeXi98XvY+VB8Qc4OiQO 4dwfiT9C/ph4HDN/Ip7AzH8VT+HoT8XTrIDv/cj/m/hvmHlePI/xh+KHmHNB/HfMGRaHcSe/EH+B u7os/hL3OSKOsBTxV+Kv2CLxingFZ4EVMH9MHMNqH4sfY/7vxN9hnVvibcz/g/gHzP8f8Y+Yc1+8 jyfwifgJ7ueB+IjN4DzB8sETsRjHaZ9hC7UJ2mfZTG2idgYr0CZrU9ki7WxtOssDbcxlxdps7Yts uTZHO4+9pM3V5iIzX7uAvazN1+ZjhYXahZhZoC3AnEXaRThaqC1EvkRbgqss1i7GzFJtKfJLtEtw Ff43pFGcWtgCTi1QUAsU1AIFtUBBLVBQCxTUAgW1sGROLWwmpxYoqIWlcGrBGNTCijm1sBmcWjAf 1IIxqAVHQS1QUAsr4NTCFoFaDJjfIDWwl8EuVhYr2aRmzAHB4FwQDPIgGMxUJAXr+CU/xgEpgDxo BncCmsH8N6U32UJpu7QdZ4FpWD6YZhcyb0n4dkm7pbcx/q70XVzrkHSILeeUg8y4NI4V/lf6X8wB 67D5nHXYzGj+Pz7Ko6Oio9gMTjzIgHig+I/NB/Fgf4yOj45nBeCeZ1lxdGJ0IsuPfi76OfYy9xNk C6NTolNYSvSs6FkYp0anYh1QEVsIKnqdxcWsjVnLxJgvxnwR43Ux6zD+UsyXMF4fs4ElcGZCpifm ABNivhMzgDHICWOQE+aAnDDnT9OimDBNmJbCyjg/scLIX8JyfmIC5yco+An6ZfnLLFXeKG9kn5K/ In+FTZc3yZtYmlwtV7MMWSfr2By5Rq5hKrlWrsfYIBswv0FuwByjbMSczfJmjM1yE3tetsgWzLHK Nsyxy3YcbZEdbDaYrA15l+xCHmQG9cgeaKfsZbNkn6ywdNkvBzCzS+7CzKDcjSuG5TeQ2Spvw8qg N1xlh7wD+nV5J+bskt/CPe+Wd2Odb8p7MH5bfhvz98p7Mf5n+Z+xZp/ch6Pfkr/FsuR98j6WzZmP zQXzHWA58nfk77Cl8kH5XYz75X7MeU9+D0ffl9+HHpG/z+bJg/Igjv5APoqjP5KPsRflH8vHkfmJ /BNkQIpQkCL0p/Jplin/TD6DOT+Xz7IX5A/kDzDznHwOV7kg/zsyw/IlrAmOxPoj8gj0V/IVzBmV f4OjV+WrWOcjeQzjj+WP2ULw5W+x2nX5OsvilMlmgzIDbFZsV2yQzYntjsVTAnGG2bzY3lg8q9it sVtZWuxXY7+KzNdid7Cc2K/Hfp0t5SSKDEiUzeMkyhI4iTKBkygUJMqIRFkCJ1G2AEyUSyT6CpGo QAwaIc4Ia057iixj2T/hJ5aY8jPElK8+xZSfJaZMJKZ8jpgyiZgy+SnXAw25HojkeqAh1wPNpOML dz3QkOuBhlwPYsj1QEOuBxpyPdCQ64FMrgcacj2QyfVAQ64Hy8n1oJJcD+LJ9WAFuR6sJNeDz5Hr QRW5HswA404DccZGxRLdzgTd4ocVEuMWgXFfA01yin0t6otR/4Q8p9iXowxRBvZp8Gsr1BnlZiVR HrDsp8GyYbYYFNuL8RtRb2A+Z9lPg2XfYktAsXtZGfj1KPSHUT9kS6OGov4VRzm/vk78Wk78uoz4 tQL8ms/UxK9qItfpRK5qkCs+IZDrZ9mzwufAr8+SL0PEsSaOfBniyJchgXwZ4ohuP090+5LQK2xh pdx1mK0mxk0lop0nvC+8z14UjoFonyeWfYFYdq7wofAhyJVT7BzhknAJ+V+CXOeQ18Ms4dfCR2DZ j4WPodz3IYdccLKFG8L/ReZ3wu+g3AtnNvlBZAj/JdzFmLtCZAr/I4xjzL0hsoQ/C48w5g4RacJj 4a9sNvlEpKuiVALG3C0iU6VRaTDmnhHp5BmRoZqmmobMdHDzfCLmhUTMi4iYV6lmqVKR59w8X/U8 uDlPlQVunk/cvECVo8rBOFeFTgoMvYgVgKFfwrhYVcxyVS+DpOcTSeerSkHS81VLVUuxPifp+cTQ XyCGXkMM/QVi6DVEz6+Am3eBm98CKz9DrJxErDyTWLlIPQRWfhmsfIYtVv9cfYEtJWJe9pSThYac LGRysognJ4sqYuhXiaHLyNWikki6mLhZS8SsJWKOJVbWEisnaW5oboCDb2p+hwzn4+eIj199io+T iI+TNROaCSgn4FeIgLVPEfArRMCCKIKAtcS+WmLfZGLcV4hutU9xbTKx7CtEsVqi2CSi2FdArvNx 9G/M+grR6jSxUCzEzCKxCDM5s75CtBphUy3xqJYY9DPEoK8+xaCfJQZNJAZ9jhg0iRg0mVgzWdwq bgW5flX8Kisk1iwmviwRd4m7kOd8mUJ8WSb2iX2sgsiyUNwPsiwhspxJZLlYPCj2s6Xgy8PIcKZ8 jWhysXhUPIqzOFMWElO+BqY8hnN/DLKcSWRZRGS5WPyZeAYr/Fz8OeZ/IH6A+ZwsZxJZFhFZLiay XCZeEi9hBc6XZcSXhcSXi4kvlxBfVhBfpogfiR/hKCfLJ0x5R7yHDCfLIiLLYiLL18TH4mNWQkxZ Qky5GEw5A2NOk0uIJsu0c7QvsKXElMuIKV8npiwngiwjgnydCHIZEeRM7Uval6CcICuIIJdpl2qX Yk3utyKT34qG/FZk8luRyW9F85R31EryW9GQ34pGu0a7Blfnrisacl2RyXWlklxX4sl1pYpcV2aQ 68oMcl3RkOuKhlxXNOS6IpPrSvxTrisyua5I5Loik+vKDHJd0ZDrikyuK5qnXFc05Loik+uKhlxX 4sl1ZQa5rmjIdUUm15UZT7muaMh1RSbXlSpyXdGQ64rmKdcVDbmuxJDrikyuKxpyXal6ynVFQ64r MrmuaMh1RSbXFQ25rmjIdUUm1xUNua4sJ9eVSnJdiSfXlRXkurKSXFc+R64rVeS6MoNcVzTkulJJ risryXWl6inXFQ25rswg1xUNegBQLIj/BVZGfL9UmivNZYtB+dmsRJonzWNFUq40nxWC+POQz5fy J7m/UCqQFrEKov9CqUgqhvIeYJm0WFqMdcqlcmil9Cp0hfQ5rFYlfR5zVkmr0DO8hn5gsfQl6UvI 835giVQtVeNOaqVazI94U/EOYRk6BBOuEukQmiU7VmiRWnBWq9TKyqU2qQ2ZTsmH++d9QjH1BjPJ y6qQOoQSaZu0Dcr7hArqE0qkb0ioD9QnFFKHsFj6lvQtZN6R3sHVebewjLqF16V3pX6cxXuGxdL3 pO9hzvvSESjvH5ZKE9IEVuD9Q7H0Z+nPbAn1D69R/1BG/UNJtBQtsULqH4qjY6JjMI5F/1AS/Uz0 M5jPu4hl1EWUUxdREZ0UnYQeY0Z0MmbORC9RRF3EzOj06HS2FF3EWjadOofp6BnWs2djNqBzeDZm Y8xGZOpi6lhpjCnGBDXHmKGWGAvUFmODOmIcUO6wE0cOO3HksJNADjsJ5LATRw47cdSBqKnH+Py0 WdMy2EvTVk77Aiudpp/mZqsnncB416FCpzGPqamXmEe9xItyPfUSjbIJpMv7hznUOcxD52DF2CY3 g+CdshMZ3jM8L3fIHch0yj7QPO8TXqA+YR71CS+iT9iCzBvoFl6kbmGu/Kb8JubzPmGe/A15F46+ hT5hLvqEb2I13ie8QH3CHOoQnqcOYb78bfnb0Hfkd6C8Q1hEHcIq+V10CPnoEAaQ/558mC2gDiGf OoQC6hAWoUP4ATJH5R+yXHlIHsLMH8s/Rp73CXnyCfQJ8+WT8kkcPYMOYQH1BouoN1gln5c/xNEL 8kXkeYdQIP9C/gVm8t5gkfxreRT536A3KEBv8BFWG0OHMJs6hAXyNfkarsv7hIXUJ+TJ/ymDtcjz KId81LLl2/IdZLj/Ubp8V76HMXdByiQXpHRyQcohF6R0ckFKIx+12fJf5L9AuSNSjvxXGSRGvkgZ AGSQGLkjpZGn2mzySJoVK8VKGHOnpExySsohZ7Xs2LjY6chz16TM2Gdjn0WGeydlkXdSWmxybAqO cgelHHJQyiQHpSxyUMqIxQ+Och+lTPJRSicfpYxYU6wJ/Q/viF5AR+RnqeiI8H2I7YntYXPREW1F nndBBdT/rEL/8w2Md8XuZguoCyqI3RO7B2Pux5RJfkyzyI8ph/yYssiPKTPi1saiZo2nKniVVVvY x4zpXAgvIojYgtiO2DX1GtU8jNe9k7n9iEOIw4ijiOOIU4iziAuIS4griDHEDcRtxD3EfSYEdlMw 3SMKIdCHOMBYjYCQEHGIREQKIh2RhciNXLumAFGMKHvqdflT/145udZqxDrERkTtU69GhAXhmDyH v7oRCiKE2IrYMfUqBPopoppHEFcxPjKVi8QQ4sTk+ADi9OT43GRcnIzLiFHENcRNxJ3JueM0n9Xg edT0Ifi9838fofuKzH1A81jNEOIE4jTiHOIi4vLk9R5jPIq4hriJuIPg5zyIHO9ST0YMcphbq8b7 uY64NfVeWC2O1cYjkhCpiAxENiIv8txrCxElk6/lT70+mV8Z+Q7wV5qfN/nvJ8erEGsQ6xGbEHqE 6W+v/POrtSGcT716EIGnXsOIbVOvQlf85H3vjLy32j2IfYiD/3+v/Lv1d6/4ftcORO6D7uvJfNs/ xCDi2OTr4OTvx99C6OLv/STiTOSzqT2PGH7qdQRxVf1Mtd5i8/XVSLYs0lzSAmicrRiaaCuDptiW Q9NtK6FZttW+Pn6WP60m17bOn1ltsjh9B6ptFo+vv6bAtpG0dmpcbDP6+vlRf0610xLwHakps1l8 RyLjSfVYwr6hmuU2B6n7H8YrbQp0tS0EXWfbCt1o2+Eb4mf586sDlm2+E9Vhy07f6Zpa226o0dYH tdgO+E7zvL+oeptlj+9cjcPWD3XbjvhLq3da9vku1ii2IdITpKehIds56FbbRegO22XobtsotM92 DXrAss9fUdNvu+lfUb3HctB3ueaI7Y7vcvU+y4BvtGbIMuBfVX3QMui7VnPCNg49bXsAPWcZ9K+t uUj5c1yrByzHfDerBy0nfXdqLtseT+los9p3h+f9Gyb1mOWMb7zmGo5Cm2Omxjeb46F3mpOg482p 0AfNGVP6uDnbr6tVN+f5DdUnLed9D2pjmgt9D2i1x5OZ+OYSaBJXnvGbq89YhhV1barNTep4MuZ5 v736vGVEianNaC5XYvjY76rNbq7EeNhyVYmvzWuuIl0zNS5sXg8tad4ELW/WQyubTdCqZhuNndA1 lqt+b/WI5bqSVH3VcktJrV3f7PEH/043NQf8werrlrtKRvUty4SSXatvDpNumxqbmncq2dV3LQ+V vFpb854pdTbvU/KqJ6xMKTSNdiSTppFmQq915EBvduRD73QUQcc7SqEPOiqUQn5W0GV63LGi51L1 Q6uolOiYVVbKN6s7VkFjOtaS8nF8xwalnB/tuaITrQm+0c1JHTrfaGQ8qbI1WancnNphIDX/wzij ww7N7nBB8zq80MKOoFLJz+oZ0yVY05QqXbI1U1mzuaRjC7S8Yzu0smOXsobne27o0qw5yvrNVR17 oWs69vfc1mVa85VNm9d3HCI9THoUuqnjOFTfcQpq6jgLtXVcgDo7Limb+Fk99zZ7Oq70yLocnV3R bw50jCl6Xb61SDFx7bmvK7KWKrbN4Y4b0G0dtxUbz/Q8iuQntdRaoTh1FdYVimfzzo57U7qn477i 4fmwMKkrrKuUwOZ9HY+4eoSp8UGPBB3wxEEHPYnQY54U6ElPOvSMJyssbT7vyQ3H6VZZ1yrhzcOe AiVMq22bzIx4ip8oz4QTdWutG5Sdm6/is4N6yp6MeT6cottg1fH35VmO+8e459Hm656VGOusBmXP 5lue1aTrpsZ3PRuhE55a6EOPUdljZh4LVPQ4oLLHrezh54bTdQarWdmnM1vtykFzgkeZ0mTSNE9I OYhn68ITtlu9yoA507OVdMfUOMezWxnANyGoVJnzPX1TWuQ5gO+Gy7pFGaz1NB8kHZgaB5oHoeHm Y9BtzSehO5vPQPc0n1cG+Vn+LbX7mof923Ve63blmC5o3aWcrD3YPAIdIB0kPdZ8VTnJj/p36bZY 9ypndFuar3Pl49qTzbeUEd12637fidozzXdJJ/5hfL75IXTYzqAjdhF61S77TvCz/Ht1u6yHlPO6 vdbDynDtdXsC9JY9GXrXngadsGcqw7r91qPKSO1DrnXMnuPfrztkPa5crRPt+aRFpKXKVd0hewXG sn0FNMG+CppsX8vz1uP+Q3Vp9g3IZNp1/sO6w9ZTyvW6HLsBmm83K9d1R61nlVt1Rdaz/qN1pXa7 ckt33HoB8yvsLugKuxfrIOM/RHo8clR3ynpJuas7a72Ce1tlD07pWvsWPBnk/afqNti3+89GxroL 1jFlok5n30W6d0oN9v1Qs/0Q1G4/DHXZj0K99uPQoP2U/0LdFvtZ/yWsc0N5WLfdfkF5iPFt6CXr PdzhLvsl0iu4K2Rwn1es9/2sbq997O+V8lfq9ttv+MfqDtlv43d/zPrIL9Ydtt/zizS+oRuz38f4 hk2gd/SIa8vfxmtbJOjRljjo8ZZE6KmWFOjZlnR8UidbsvDecS7e722bpKh192xxfrnuQkvulF4i vdJS4Jd1922J/gTdI1sK/w60FJOWPdG6sZblynCNYEv3J9fdaFk5pbdbVkPvtazz3667Dya5V/eo ZSP4hLPBfb3QUusb0kstRmhci2VyB3/E98GAoE9scfjG9Sktbt8434kCkj69ReG7UktIiddnWSYC cfrclq1Ktr6gZYeSzX9fAon64pbd+N3B9zaQoi9r6fOd0C9vOQBd2dIf+Y4F0vnnG8jSr245okzo LrQMQfEcArn6dS0n+DNpOQ2ld6rf2HIOWttyURnmO044y1zq6VcKeeUP55orPEeUSvMKzxB0ledE pD6HC3iVCxeb13pOKwHzBs85JUB1psys81zkNcdzGYpKEl5uNnhGUT3MnmvKAP/m+w/pjS2XFafe 0jIaKNA7Wq4FivXulptKjF5puePr14daxn1H9FtbHgTKMOcx5uxwqAPL9bsdMf5SfZ8jXjmpP+BI CqzU9ztSfaf1RxwZSpJ+yJEdWK0/4cgLrNOfdhT6RvXnHCWBjfqLjvJArf6yoxLPedRRFTDqrznW BCz6m471AUeEN/R3HJsCbv24Qx9QOFH4XfoHDlMgpH/ssPFPweEMbI3s7PVqhwca4whA4x3hwI76 JMe2wO76VMfOQF99hmNP4EB9tmNfoL8+z3EwcKS+0DEQGJpkWsUxiE+f2ClCKfUljmOBKW50nPSd ri93nPGN0nfjdM2443zgdH2lYzhwrr7KMRK4WL/GcRVXWU8zNzmu++7U6x23ApfrTY67GNscE76+ eqfjIdTTynxD9YFWERpulX0X67e1JkB3tib7xuv3tKZB97Vm+h7UH2zNgQ605uN+BluLoMdaSwOj NY7WCt+5+pOtKwLX6s+0rlJK+BMI3Kw/37p28ru9pX64dQPWGWnVKdn1V1sNgTv111vNgfH6W5ww 6++22gMP6idaXYHH/PeiS13/sNULSgerd8WQxhtYazBC4F1JpKmkGaTZ/CpdeRE1iK1bfCcMcut2 32lDQusu3zlDsmVPV6EhrXXv5LiEtJz/fnVVGjL5k+Q83FVFuoZzb9d6Q07r/q71NN5Eqjfktx7y 3TQUtR4GD4OKu0yG0tajEQbuspE6ST218a3HfQ8MFa2noCu4cmrtCpCGDataz0ZItWubYW3rBUVt 2NB6CYo8MrrWKxFq7dpJuod0H/+t7zpIOhBRg6F1TEkymC3XuwYN9tYbSqrBZbnVdczgbb2tZBiC rfegW1rvK9mG7a2PwJb4XLpOkp4x7HIKgeK67U5URcNeZ1zXecN+Z2LXMDKoioZDznTc+WFnVteI 4agzt+uq4bizQLllOOUs7rpuOOss67qF/PKuu4YLzpVdE4ZLztWo6lS9DVec67oeGsacG1GNHzlr gyxSCQ03nMagaLjttARlwz2nI5hguO90B5MNjzgD1IlOBXtBZJehuh3ZoxsEZwg7PnbbYFqDxHfb hjjnVux0qFrBzDq7c0cwsyHRuTuY05Di7FOuN6Q7DwTlyL5ct8rZr4w0ZDmPcJZwDimDDbnOE3xP d57GygXOc09224Zi50W+fzkvKxMNZc5RZJY7r0FXOm8+2SkaVjvvBPMb1jnHMd7ofBAsaqh1Pg6W 8ncXrGgwtqkjlda/t8HSFoN1HG3xuFt3W1JwRYPSlhpcZbjSlhFc2xBqyw5uaNjalhfUNexoKwwa +HMLmmkde11OWwnexe628qCL1/Cgd5J2oMEg6ZYnVGPdG9xOSpwT3Eu6n99D8BDp4Ya+tkrlPO6k CndygNNIQ7/1aCC34Ujbmsg4eJT0ON8Lgqd41Q2eahiiJwy6CJ4lvcDJIZDecKJtPfYLjIOXSE81 nG7bpNxtONemB1GAK4JXGi62mSIUEcjlGhwjPV63qs2mPMRRJ/Rymyey42M1aPBGw2hbILLLB283 XGsL+1nDzbZtUOSRudO2M7LLB++R3id9xPepboEr7p+PpYbxtj3Yu7GDd21reNC2Dzs19vHuuIbH bQf9CUZ124A/ofZu2yC+GzfajvmT+TPvTiRNoecwZoxpO+kXjfFtZ/yyMantPPZ0olBjatuwssls 99wMrzS7PHe6s8xez3h4tTnoedA9bt7ieRxeZ97eqfaNmnd1xvA5nfGYs7czCdy7vzM1vNF8qDMj XGs+3JkdNpqPduaFLebjnYVY4VRnSdhhPttZHnabL3RWKibzpc6qsGK+0rkmHDKPda7Hvnmjc1N4 q/l2p15JMt/rNIV3RLoD8/1Om2IzP+p0hneb73tW9jxqEjo94b4mqTPAd9XOcPhAhMOb4jq3ke6E JnbuCfc3pXTuCx9pSu88GB5qyuocCJ9oyu0cDJ9uKug8Fj7XVNx5Mnwx0oFuXt95Bj1XpNOhnqKp rPN8+HKky2ta3jkMXdk5go6A7/Wjmwc7r4ZHzfmd18PXmlZ33sJV1nXeDQ9tLqGZGzsnQlebajsf hm9G+izTqBc9b5PRK+JaqV5ZqWyyeBPQV673JiubmhzetCdXb3J7M3EP1CU1Kd4cdEyR+wl586Fb vUXhO5urvKXK+qYd3orweNNu7wpwO55A+EFTn3dVhFV6xpoOeNditX7vBmWg6YhXF37cNOQ19Koj /WDTCa+5N6bptNfeG885pzep6ZzXhX0NnXVvKmlG00WvN9Iv92Zz7VrD1b+KMnn8Kr10rd4Sc5GX P//LXvTCTaPe7cp63v/2ljdd8+6aHFeSVnFe6n3yJNG99q4n3cTvqlffdNO7t1dPYxOpremOd7/i bBr3HkL3ih6219n0wHs40rH2RjRAir7SexRP7LH3+BPlPWYgi2vvNovaeyrSV/butMR4zyo7LfHe C1DkkUnyXor0mLg6VxMpdZq91DP27iM9aEn1XkHniP6xd8CS4R1Dn4gusnfQku29oZgsed7b0ELv PTBevvc+OkF8Lr3HSE/q0ryPes9YSnyCYrOU+yTloKXSF6cMWKp8iUqhMaNtRBk0HG27qowYs9uu g1H3oyqOGPPabgVFY2Hb3e50Y0nbhP+UsbztoX+/sdKF3m1Kxe4sY5VL7s6FJpAmQ9e40roLjOtd md3Fxk1tD9G1UU9nOOrKwcp6V353mdHkKupebrS5SrtXGi7x+skVV3G6KrpXGz32Dd3rjAHoxro0 Fzo4Y9i1qrvWuM21ttto3Ona0G0x7nHpuh3GfS6Dcpdrt5vXyW5lsrciNR50mZUM44B1rDtkHHTZ u7caj7lc3TuMJ13e7t3GM65gd5/xvGsL9Ixre/cB47BrV3c/6RHjiGtv9xB0P/Sq61BgFHo4MMpr afcJ43XX0e7Txluu493njHddp7ovGidcZ7svGx+6LnSP8irafa2RuS5132wUXVeUPY2ya6z7TmOC 64aibkx23fbLDQ7Xve7xxjTX/e4HkR2KquXjGsF5J6SuEVyPQjERcqufaBdC8Y2Z7VIoqTGnPS6U Wn2sPdE33pjfnhLKaCxqT+8uaCxtzwplN1a05waUxhXtBaG8xlXtxaHCxrXtZaGSxg3ty0Plf7ea rn1lqBK6OlTVaGhfF1rTaG7fGFrfaG+vDW1qdLUbQ/pGb7slZGoMtjtCtsYt7e6Qs3F7uxLyNO5q D4UCjXvbt4bC0B2hbY3723eHdjYeau8L7Wk83H7Av73xaHt/aF/j8fYjoYONp9qHQgOTerb9RGgw 8m2pS2s/HTrWeKH9XOhk46X2i6EzjVfaL4fON461j4aGG2+0XwuNNN5uvxm6inXuYJ177eOh6433 2x+EbjU+an8cumsS3Gr/JZPkjglNGLPd8cqEKc6dBE10p4YemlLcGUoMNBua7s7rYaYsd2GPaMp1 l/TIpgJ3eU+Cqdhd2ZNsKnNX9aSZlrvX9GSaVrrXKztNq92benJM69x6PzNtdJtCGaZat60n32R0 OwOjJovbExqZvIrDHegpMrnd4Z5Snde9radCt8W9UzljUtx7elboTrn39azSnXUf7FkLHVAemkLu wZ4N0GM9G3RX3Cd7dKat7jNKVY3gPt9jMO1wD/eYTbvdIz12U5/7ao/LdMB9vcfbeMF9C08J2hOM dP2mfvfdni2mI+6JHvr/Nv+Pve+Biuq69j73zh9GQyZICKIhFBUJIUQJUWMoIcagNQSGmcFQH0Fj icydO3P/DMPMMDOxxlBLqPXjM1Of4fmo5fl81s9aY13WGh8x1lrLsy7qZ6yPunyW+Kg1lmWsNcaq Nd/e+96BEUlj13tvrW+t1r1++5w595xzz5/f3ufc453hDdqrvNHp2aNufWOTZnG4x3h9oX5Scbt1 DGhnBdrJwNe7Pd3R629sxfX9jR34DP7Gbo2T2ukQni28fsBz8FX2xj5tJ+bpedUMuvfV5Nc79dMb OldxT1PXv3EAreONw9pTv+fEq6lvHMX9T0s249l47hL3e8a4j7mrjOeuczeYkfuU55iZN/FmNoa/ h09m9/Ap/Dh2L/8An87u4yfyD7Jx/GR+Crufz+MfYQ/w3+a/zcYbFhieZxmm+aYvsYkmv6mJZZp+ bPoxy7KCsC9Ys62VLNtqt9Yxm/Vl69fZS9Y3re+xFmuPdZD9wHrRepWdhNY4mJG+v2pl97ExbBxb yO5hNayeVbFl7Jusjv0v1s5WsbXsfdbKfsk+YEfYf3Jj2b9zydy97FPuPu4BjuMmcnmcBd9f5MZz tZzAZXIi18rlc23cOm4B18F9m3uR+yH3C+4lw/cN3+dCxoAxyMGW1tjCRYxtxm9yy41vGt/kVhrf Mv4D97rxO8Z/5lYZdxh3ct8w7jG+w60xvmd8j1tr/KnxZ9yb9O2/dcbjxve5t4xnjP3cPxjPGT/k Oo0fGT/iuowfGz/h/gnfZuM2m+433c991/S+6Ra31Wwy53AnzA+bH+aumB8xT+M+Nj9pLuZu4DcV uE/Nz5nLeKN5vrmSN5urzHW81fwV8zI+0+wy+/lsc9C8gn/M/A1zO/+kea25k3/a/B3zFr4cvwfA O807zD/nq8295l6+0XzM3Mf7zafNp/lXzf3mfn65+bfmC/xX8X0p/nXzH8xX+FbzVfMtvi2JJd3L v5mUmvQA/52k8UlT+H9Oyk2aye9MejZJ4g8kNSXF+MGkv0/6ewO+69NpuDfpe0k7DPfj34MzjE/6 UdJeQ2bSvqQfG7LwfR1DbtIvk/oMM5JOJZ0zzE76MOkTwzxLrmWXYaHlD2MmGT6w3rDeMOI3vsJs C+hklo/fcp1rBUwE2HWUDcVzY+bn22LJsdRYxvNHYlmxnFh+rDA2K1YS8ztisXBsRWyV40RsdWxt bH2sM7YptnWeMq/1Swdic2ML5h2M2WILY7WxpTFXTJrXOq8bGJYEfL9EfP+YccD368D6T7lPmQE4 nsKM1qesTzGT9Wnr08wMuR+i90UZ/z3+e4zjv89/n/H8Tv4HkPtd/l1movdFzfwv+F8wC33TaQz/ Pn+CjaU3RZPpHdF7+Q/4D5iV3g69j/+I/yj+t8EMnIEb+luIJoOZpdM3ozIM6YZ0NsGQYchgE+l9 zgcNeYY89hB96ynLUGIoYdn0HadJhjmGZ9lk+gZIDr3RMRV6lMyl0riiZnIrWy63ymvkmNwhb5Q3 y9vknfIeuVs+CLpH7pVPyKcA/fI5eVC+DNeuybcUozJWSVHSlUxlspKnTFNmKMXKHGW+UgHaqSxS lsC1JcoyxaP4lJCyXGlR2pR2ZZ2yIVHUfKVL2aJsV3YNyV5lv3JIOZIgx5STymnlrHIe8g6JCjtB CC8qV5TrKlPNQ5KspqoZahZJjrJLLVHNkHsuxGAvDjHY1UGdXSrs0FRJuQL958ZIuk/Bb52PozHJ ADGwTBAjy2UPMxMrAEli00EsrBhkDCsBGctKQe5hZWwefbvwBfBJ2vcK/47V0vcKl0B9y0DuZ26Q NNbEAuwBFmFRNp69BjKBfQ1kInirN9mD7C2Qh9g/gmSxfwHuf4F9D2QS2wEymb0DMoX9K0gOexdk KvsJOwTtOwKSR3/d8xHWx34F1vIfIAXsP0EeY78FmcYusz9A26+xP7LH2S2QJzieS2IzuLHgGYvp Le8vgmdMYSX0lncpl8VNYs9wU7gp7Dn6PmMZ+Eo7m0d/BW8+t5hbyr7E1XP17AV647uCvr1YyUmc xGycyqmsigtyIWbnvsq1MCd41la2CHzrN9jfcd/k1rCXuLXcWraYvr24BPzsXvYyt4/bx17hDnA/ Zsu4w9zPmIv7N+7fmJv7OXeUicRfL/iIPCZZ8i35TKV363yWxy1FrJHep2uyFFuKWcBSaillQfo2 TYjenmu2LLV8hUUsr1heYa/C3J5jV4n7s/DXcKTlgBZAG6AdsE7HBh1dgC3sy1KL1Ca1S+ukDVKX tEXaLu2S9kr7pUPSEemYdBLkNOCsdF66KF2RrstMNsvJcqqcIWfJOXK+XCjPkkvkufIC2SYvlGvl pbJLlkD8clheIa+SV8tr5fVyp7xJ3gp5d8i75X3yAaVcPiwflY/LffIZeUC+IF+Sr8o3FR7EoliV NGUiSLaSqxQoRcpspVQpA7ErNUod/tU0U71JhCVysXUJMJYHfv538bsS5D5ieQqxfByx/H5ieRqx /AFieTqxPINYPpFY/iCxPJNYnkUs/wKxPJtYPplYPoVYnkMsn0oszyWWP0wsf4QdBcknrj9KXC8g rk8jrk8nrhcS1x8nrj9BXJ8JXOfZLOL3k8Tvp7iHuCzgPTK7hJj9NDG7lL7F8AyxeQ6x+Vli81xi 83PA5q+CDbzGvQY2gN9l+BKxeQGxuZz7FvctsAfkdAV9i6GS2GwjNtu5o8BjJ9fL9bJqy4uWF9lC S62llr1oES0ifh85ZWXKapinZBj7exgXyGTMewVwHfgH0yaZIW0yhLDvkVIBGYAsSMszjvNeDTC5 /c+D8qwLdnhvBswSH0iWN9wOTJMsgVS5C7AluBEhWQMZ8vY/D8wjpQWypImBHHnXMPCzlB3Il/cC 9gc3S7mBQvnQnwflORLcJhUEZsnHArOkokAJYXZgrnwScDq4k+Jng3vk88FuqTSwQCoL2OSLw6DP V4IHpfLAQvn6n4fCgj1Uhz1QS6gJLJXqAi7FrAHjUn1AUpKHgZ8ld8CvpAb8GBKUQFjJ+HxgPikQ WCFFA6uUrNshrQyslloDa5Wc2yGtCaxX8ochxQKddwP/regsqSOwSdoY2DoqNgd2IJqM0RKEtC2w +66wM7BP2hM48FloGhudK3UHDt8N/NbIfOlg4CihJ3Cc0BvoQzSlRBdg6C+NhJrSozbpROCMdCow MBL+iRGn1B+48HloyowubJocrZXOBS4RBgNXpcuBm7fhWpC/A7eClkTIxqD1rjE2mCanBCfegfRg tpwZzB2JkWMtTw4W3A2UwmCvnBcskqcFZ48KuKbMCp5QSoKnKN+MYOldoThYNhp3qL65gAXBfnlO sPxuoNiC5+T5QfsQKoI1Q8DrCwG1wUGKLw1eVlzBa7IzWEftHQFFCt6i+KJg/edB8YeMSjg09rY6 lgTdt2FZUBkJZUUoRVkVSpc9wYCyOpRJ4drQ5NHa85nwBaNyKLjyDiwPtsotwTV3oC0YS4SyPpQX 9+23+WLdV8Z9nNIZmjbkgzaFZiT6kSGeJM5rfF7iY7Q1VDw0tjtCcxLbhL6kKQ98CvCxaZrGy6YZ ug2jXRUD5kSXIt+b5gMqoq44n5ucEOJ87g7NV/aFKpQDIadyOLRIORpaguuLcjy0DNOpb7BGKH0h D64lypmQTxkIhZQLoeXKpVCLcjXUptwMtaNvxz6rfGidagltQP+sWkNdalpoizoxtJ38Mvp0GAs1 O7QLfaeaG9qL9aoFof1qUeiQOjt0RC0NHVPLQifV8tBp1R46S2skrkE4ljCGak2wQ60Lncd1TK2H 9UcfZ9Ud2qsqoYtYB10LhK6o0dB1Wnvia23CHMXrpHr1NSW+FmC7cG1UVzYztbXZrK5pTh6aZ8wP c4dzr8aaU9WO5gx1Y3OWurk5h9K2Bcy4jiNwvcZ1+zZYtXVZ3RnIovUY7hNfizEkAH+obyPWWAwR 6p7AAgSuj/F1NQ61O1CLGFojcc3U18bEtfK2NVJfJ+NQD8I6CGshrX2wHqo9gdUI4i2uc2s0qL3N +chL9URzoXqqeRbF+5tL1HPNc4mz4D/UweYF6uVmG1271ryQwlvNtT5j81K0W9/YZhfaE/bLl9Is +dKb/b7M5jDZRdwOdL+IvtQ3uXkF+jlfHvgm3UZ805pXod/C8nEfeIdtjbCrIf+i2xbWgX7TNyO0 xFfcvBrbOFQe84O9+eY0r/XNb17vq2ju9DmbN/kWNW+luUG/BH3wLWne4VvWrK0Nn+d/9Hb5PJof H7LxuQl59DZTX0f446H+oB+O47Pu9Rn+1OfTw1AwgHMxhJF+MtFXon+M+8hEn4hjiPVgHrwGY+Bb HkpvWhSVcI6blkT92M+mZdFwkye6oskXXYXp6LP8p6KpTaHoatq/AO8wb9Py6Frab8C+o6klup72 FOjT2qKdtE/T9wRN7dFNTeuiW3H9b9oQ3UG+riuq+cIt0X0ItNGm7dEDTbuih5v2Ro+iH27aHz3e dCjaR3sy8JdNR6JnqOyx6MDQngn3PPE9Ctal10F7qZPRC/7uyBVqV3xvF98fdA/7YIK+h4nvPbAu quN09FLjqnA3lYmXh/y038DPuKbjGGDfzkavUhruG+PQ94m34W72gti2+J4uYV83BNzPxTFyXxff o42yN2s6r+Fz92a490rcf+GeS9933bbPwrZiWcyjj0nctnwtzfsobGs+4GtvPky2g3ueuF2taz7q 29B8nNDV3Ofb0nzGt715wLer+YJvb/Mlwv7mq75DzTcT+e47EuYJx8IWsr2TYavvdDjNdzY80Xc+ nD2aveHzge9iONd3JVzgux4uamTh2XF7azSHS4fiyeEyQmq4HIG215gRtjdmhWsozAnXxW2wMT9c 31gYdjfOCitD9gd21VgSDmB7GueGo+izGheEV+LaEwfuKRtt4dbGheE12OfG2nCscWm4A30X+o9G V3gjrinx/I1SeHOjP7ytMRze2bgivAf52Lg6fLBxbbincX24t7EzfAL3BY2bwqeoHhi/xq3h/sYd 4XPoj3H+G3eHBxv3hS8TDoSv4Zjj2DUeDt9qPBoxNh6PjG3si6Sg7248E0mn/AORzMYLkcmNlyJ5 uAdsvBqZFvfNjTcjM+Lrkp+PFPstkTn4POJPi1TgM4U/O7LInxtZ4i+ILPMXRTw4jv7ZER8+j+Da 7S+LLMc6/OWRFpxnvz3Shnblr4m0++si6/z1kQ1+d6TLr0S2+AOR7bi+07VoZBfaHMax3f6Vkb3+ 1sh+/5rIIWy7PxY54u+IHMM592+MnPRvjpzGfvm3Rc76d0bO+/dELqJPGPK54Cf9ByPXca3090SZ vzdq9p+IJqO/8/dHM/znolnIXRwvjPsHoznIZ+SC/3I0338tWojjyHjGWVutaxn72/+v/BX9/8og uzz8/wDuPUxyn3L3u8+5B92X3dfct0SjOFZMEdNBZ4qT3Xt06UeIeeI0d7cm4gyxWJwjzhcrRGdN rrhIXCIuEz2ir8YuhsTlNSvFlppysc3dq0lNLkJsF9e5T2hSU1QTFTeIXTXZ4hZxu7hL3CvuFw+J R8Rj4knxtHhWPC9edB+MC+S4Il73MI/Z3aOJJ9mT6skQz3qyqH3YJsyJ1/COcAc85793G3D7+f+W c9BKsI0qkHF0DppK56D30znoA3QOms7czMPGMwlkIp2GPkinoQ/RaegX6DQ0m05DJ9Fp6BQ6Dc2h 09CpdBr6MJ2G5tFp6CN0GppPp6GP0mloAdjcUTaN9YI8TqehRXQa+gSdhs6k09BZ7LfsQ/Yk+x1I MZ2JfpHORJ+mM9Fn6Ex0Dp2JPktnos9xWVwWK6Mz0Xl0JjqfzkS/RGeiC+hM9Hk6Ey2nM9EX6Ey0 gvsq9xqzca9zrzMHnYk66Uy0ms5EX6TT0Bqw9B+xL3PvcO+wWjoTfYnORBfTmejLxtXGb7Kl9Et6 9ca9xnfYMrDrw8xlPG/8kLnBfq/CWOL/Ba4Y5qqwghUJK4RVwmphrbAepFPYJGwVdgi7hX3CAeEw yU0377a4re40kInubHeuu8Bd5J7tLnWXoQhHheNCn3CGyq8XBkhfEC6BPgpyFQV5wz8KvHlM500q 3R8Zw8McPQzsQa4YYfyLgD3IFTNxJQmYMg84hGfmY4AdtcAh5Mc9xI9kOie/F/rlBSYhG1KAC28C n5AHqcCCLcAnZEAa+wHIA8SAdGLAeJj/Q8BbPA+fAHP+K2AYzvqDNOuZdAb+EMz8BZZFc5zNpcAc T6LZnUzzOoVmNId7mVvKptKMPgwz6mN5XAhmNJ9OuR/l1sAsFtAsPqb/yiSeaU/nfsTtZYWMs8yy lAzPh+uAcZzrwEgRBoXLrsOuo66rmgjXXIeFWyiu4yPFbXT1uc5o4h7rGnANuFMgZYS40wWL6wLI JRCq051J4U2Bj4t7smC5U9x5gtXVJ6QJE3XJ1sQ9jfQM0Ll3irtYKBCK4gL3LIxLvF5qyW2i5nuu CbOF0riohUKZLuUjRZ0lWAW7JmqJUAMSgJQRos5VFwh1qk2oB3GjqAuVYggVyK2LWitERwqM+GXB 6t4CrVipiatEE3Wp0Cq0qgtBl94pqqvhurBmSOqFWFygRq3uDvecETLfXQFlN8bF7RQ2o0BNd/Ta vci1Stg2JJhvpbDzdnEvASwT9pB0C91uj57uc4cgPKjVjuJe7m4Reu4Ud5vQ624XThBfLrjXYY9R 3BvcXe4tLpd7u3uXe+9wPQk17neVDPNJOCX0uw9pIpzTxH0E+e0+Rtztc590nyaOnSXOnEd+uC/C mFyh/u50XxcZtgg01C6ahX6hn5gi0XWr6lfDOKrqChr9VTjSYrKYKmaIWWKOmO86LBZCuVlCrlgi znWdEReINnGh65JYC62ziEtFlyiJfjEsrhBXiavFteJ64GW+2CluEreKO8Td4j7xgHgYWtwHrcwV j5KVXRKPi33iGXFA3AE1XhAvCTxZLfWIclrITqBH4lXXgHjTw3ssrgMeK9RdCPmOgi1le9Igdtgz 0ZMNOtdT4CnyzPaUesrIlgc08ZR77NhbT42nzlPvcXsU100UgfcEPFHPSuI43MnTCvWtQWv0xAAd no2ezZ5tnp2ePUKBp1so8hwk+wLL8/R4enWubvSc8Jzy9HvOCd2eQdcZz2WwvV6h1XPLa4RRPucd 603xpnszhQ7gTI+w2TvZm+edBpzr9s4AKRb2eOcQAztAaK4oXw8yBufKOx9Q4XV6Fwkd3iVwpd+7 zOvx+rwh73Jho7fFY/G2edu964RS7wZvF5XY4t3u3QWylzi+GTiAqfu9h7xH4K7HvCe9p0HOes8D h1E2ey96r3ivQ6t7XRdgw2AWWqVk5KmUKmVIWVKOlC8VSrMksFpprsBLC4CPp7Bvkk1aKNW6twMH +oUOaSnwpBA82XawuDJ1Ncxbj1KsrlXXg2fpBD67hXp1E3iKqLpVtKk7gGOlrkJ1t1IMngTs2rVD 3SfE1APqYfWouNvdpoRcl2BegJUwouif6tXj6nHIBTngU5HaJwRwPjQGaznJx8CsuHYINeqZhuvq AHD8AqTHIF8ptKBVxRKz1avqTaHMx/ssPqsvzTfRl01esMaXix7QV+ArEup9s9WbvlKSMvBziubr PNk+uhsy2Me7Snx29GY+u9BKOWt8db56n1soUK/qngt9V1SVVMnHw5iuwZZ4nZJLwn9+KSytEDa7 UqVV0ipXKnBlrLRaWos+yXVUWi+ekTqFzdImaatnUNoh7JR2S/ukA9Jh4aB0VDoOV/qkM1DXgHRB uoQWK12Vbsq864LXKFtkq5wmT5SzZV7OlQvkInm2XCqXuT1yOcAu18h1cr3slhVxvRyQo0KaXOZ1 CrnySjkX6i/3XKYr9E6O6wy+lePNFFPxzRzBMvRuTo/cK5TLJ+jtHP3dHMGN7+bIpaJNez9HviYU jPqOjlNZJJcqS8DW6t0hfEsHtA942g183auEwBr7leXgG2OuwuE3d0RYLZQuIaq0eKL6Wzv62zpC r7Jf7tDf1Gmjd3WG38yJv5GT4z1Nu6nH/vaE+Vf0hOlmPnqrIR00c9kY5+pkaa5yELvLXne47rCr BoR38RSvc9UtLl9c7qoHcbvclKaABEAg7aXzL513RUFWulYu3rh4o6sVZI0LfzeTt9qsVXCPFHqi YfREw9OzjIH2vEZ6ljHRU4yZ9rxJ9BRjoaeYMfTkcg89uSTTntdKe977aM+bQs8s4+hp5X7GpSxL UahPWfhE0NDLuIbLEMIzZsM147hyd8Pg3aDCDKECCHwGohoqMjSUr7xLtALWjIKYhopCCDvuDhUl EG7UsVnHNg0NPVpYsRBQC/GdgD13osIFYffno8Kv13FQB9bfOwInRsGpEej/C3AOMDgKLgOujYJb t+MF493B4YNwLCDlM5CuwRHS8ELmXWIyIO+z4VgO4bS7gx2488IMHcU65mhwtGihHebH0Qbx+YCK O2EHnr3g/Hw42gHrIL5IxxLAshHwjALfCIT+AuBYtIwC7E/7KBg51uvuDhWbINwA6PoMwLWKrYAd er4td4ntDaNzZ4Ne5z4Id90dKg5AuJdwmcL9CYjnOaqHxwF9ED80fK9EVJzR40c+HxUDgAsj6jg2 AifvRMUlwFWInwa/06uFlfzo7flMnAWcHwUXAVdGwfXbUWlJ8N+J/jbuL3U/Vmkd9i+Vabf7jyGe JM5rfF70MaqcONzmyuwRbYr7lERexm04bltYl855B85nIqfhWmUuoABQBJjdMGjboq0vlWVaOvYJ 14jKcm0taQAfW1kDqAPUA6D/lYru37G/sFZVRjX/XAllK6FM5RrNF5NPx3GIaf6yskOrtxLWkwa4 XgnrRyX4lEqoqxLrOqiPb3w8+7V1srJXX8M2J4wz1tWv1YHXKsGXVw7q7Ro5TyPmaGg9ic9Th7Y2 VoLfr4R5qryVUL5bnz/4bIOxt4Eft4Hd2dL1PEoCoqNg5LocGwUdDcPra8IaO4SdCRi5xsbXy//K OnluxFp4OWENTFjvbHM0XtrA/9sq9DhwzrZI5yzwzQa+3LZMv+bRQ/DVtpBmt7blmj1hv2zgf23g f23tul3E7UD3i+hLbet0P7d/2EZsXZr/wvJDPnCkbY2wqyH/otuWTffFyH/bdq2NQ+WPaPZmg/I2 vA/2C/yf7YjWbvJL0Acb1Gc7qZf7PP8z0o+Plife5lH88RAOJeCz7vU5/hTn4TaM9JOJvvJiw7CP TPSJG/Sy5/Vr6zQf7TiizbHjmNZPB9zPAfkcZ/W5B5/lAO44sNxkjXeY14H3QH7BvsOB9VXo/uy6 lie+J3AyAPgEXP+dyZqfc6Zq9TozNKCNOrMAOYB8zQ87wac5ZzVo/hP8pbNELzu3YXjPVNww5Eep Lr0OvOZcAG2ZprdrpB8e4YOH9jC6H8a6qA5bw2DVVb1MvDzmb9c/p+hjgH1bqKeNTUD6KLibveC0 huE9XXHD0L5uCPMTMHJfF9+j/Vf2Zssbbt9/tTUM77sS17I8vWxLwpjotmW7oofAhyrWMLzn0e2q CjhRlawD+FAFY14F81cF81eVrwM4UDWr4Ta+V5XoQB6AfVXBPFfhPMH4V9U2jGpv6BurlgLg2aZK AsA6F7e3qnBCfIWOVRrQ9qpWA9bq4fqGIRus6gSAv6uCveGQ/UGfq3bo7dmt+ayqfdraEwfuKatg P1d1WO8z7Nuqjmu+C/1HVZ+2psTzV8F+rQr2YVWwD6u6pPGx6ibs3WE/ZYc9jt2q7QvsaVo9OH52 2JPYs/W9Lcy/HfYQ9gIdRdqY49jZsVwpAPYS9nLNd9vten7YQ9hhD2Gv1/aAdlg7477ZrgyvS3bY T9ij2vOIvVV7prDDGmmHNdIO+wb7Zm0c7du05xFcu+17tDrs3do82w9qdmWHZ0g7rId2WP/sWDes dfZz2vpO1wY1m6M4thvm1Q5rnv2W1nYHPruN1ebcgb4sXeuXA30Y2JsjT/cJcZ8LPswxQ1srHejH 8Nlpvu7v0Jct0riL44VxxxKdz8AFB4yrw6ONI76Nce/Be3/6t7cx/prOyoz5xkP4P6r8EfY2Y0nZ gFxAAaAIMBtQmhCW6WE5wA6oAdQB6gFugAIIAKKAlYBWwBpADNAB2AjYrGMbYCdgD6AbcBDQA+gF nNDvdQrQDziXEA4mfL4MuAa4xZjFCBibEKYA0gGZWn4MLZMBeYBpgBmA4oRwDmA+oALgBCzS8y8B LAN4AD5ACLAc0AJoA7QD1gE2ALoAWwDbAbsAewH7AYcARwDHACe1fllOA87q4fmEMJ7/ojamFJ7S y7kTrl8BXKc/AM7GmAFgr2NSh0McnzEZgKyEMAeQnxAWAmYNh9jmMSWAuYAFANtfFuKc3RYCT8Ys 1O5P7YnnzxiBWsBSPazV5z4BY1wASRvvMX5AOCFcAVjF3rZfsV93MIfZkexIRZjDjgxHliPHke8o dMxylDjmOhaYJYfNsdBR61jqcDkkhx8k7FjhWOVY7VjrWO/odGxybHXscOx27CMccBymz0cdxx19 jjOEAccFxyXHVajxplly8k6L00pIc050ZjtznQXOIudsZ6mzzLHDWe60O2ucdc56p9upOAPOqHOl s9W5xhlznHF2ODc6Nzu3OXc69zi7nQedPc5e5wnnKUA/lTnnHHRedl5z3qo2Vo+tTqlOr84kTK7O q55GmFFdTJhTPZ9QUe2sXmQOVy/RZdlQDOPLqj26+EBCzvrq5ZA+X5eW6jZAS3U7yDqQDdVd1Vvg +nbCruq9sCZMGPX3GJj+ewwW+j2GsfR7DMn0ewxW+j2GFPo9hlT6PYY0+j2GdPo9hvH0SwwTrNnW x9mD1iesZewx6ytWN3vGKlkb2TxrwBphL1hXWF9jDusq69dZtfVN67+yF63vWvezldYe6+9YC/02 w5b/j1vGcamcj95X2cceZWzKWR1g5VMu6rii43pC/Ar+GXeAWf8M+XKS9fRUHRk6wKpzIHMOWHMO WHHOLC1vTomeH9PmJnxeoIc2HQsT7lmrfc5Zyh61+0BC9uX2FnsbSLt9HckGe5d9i327fZd9r30/ ySH7Efsx+0n7aftZSD1vvwixK1BinW6Nmj2iJSY7cmCu7qPf4WD0Cxw8/QKHwVpkLWJG6zzrfGay Pm+tZEn0axzJ1pet9TAPotXLHrL6rU0s2xq1fpVNtrZYv8Zyrd3WbpZnfc/6HnvEOmgdZPn/w7Vz t14yfhF0rckD+h6Kj6X4DIrPoPgTFH/caENtWknxAOgi01sU/yLFPRR/lOIvUKkC0NP02qqpthV4 lfLXGfNQm5z41pMpCvE0Yw5qUxD0LsrzHSz7J4r/6V2qp4XSvVqr9LaVUs1NFF9A6Vr8Xoo/R/Gn Kf4K1PMBtvBP/aZF1NpS6pGW/1HK8xK1dibV+QrFn6K4SC1/jnrnprIYf9zwKaU8RvEPqIZ76OoC SpepZmqDqZHi91H8Gcozje5eR3e5j+7yDMWfo7iWfxbld4EupHghxYuMxaRnUQ2UQvoJSn+SRulJ k5fuUkx5MP6EoYNKHaacAap5E8W7KN5L8TUU78Y23JpD+UspJUZXZ1JtWqlVoKeTfoLm7gnjPNJP Uf5l1AaR9DuM4yVTO+hSUxvor5ugJXyI4uNJG0j3mTaAbsWc3DjSG6hUEWmG2vAa5dxk+ibo3aZ/ BD0JU7gBjHM36Gon5V9M+bsoPoN0GtX5IeWZYvw56EzjT0E7jSfwLhjn/i/pn1G6y/jvoG2Yk7OQ XkKleIq/i9qQQzlfoXQZ83O3qIYfUfxdulpDVydS/nlU9hzpPxpVSK8wYc5rRgXiZtP7OBqYztWb joD+jRFYxE/FPOyG6V1IsZL+nZ4C2vAs1TOVdC6VlUh3kJ5kepiufgVHCTV/g+InSf+G9FvGOpyj pIdI86jNN0mfoJSppBfDvVZoM0g5v27+E84jxcdrmkqNp1LjqdR4yrOTru6klD5KaaWUf0ImcOMw DppHjTWAPkEpUyn+J+IDsI5fRvmXU9kiSmEUZ6azpDElj/QmSt9EfdlN8d1anFq4m1q4m9qz2wye xPAL6tckYuAkyj+TWjVA+oam0Qr4TrraSbV1Um2dVFsn1daJowQMhDYY6L4G7Y5pVCqNevch1fYh 9euPsCSCNg2Q7iH9NumbdBUszjCB5vEa5TxF+iLpa6bjxI2ryBlMATvqIf026Zukj+MsU/7fUJ2/ 0VKwFHcvtaoQ4+wG5gFG9ZB+m/RN1EbwDDyncQ/jnJVq+53pJ6gxhd1IqqX8H2B7qCVTsUf8TWpD LqXkUkoutTCXWpirXaX25xovQk9f1phsuoIcprt0UNnZ1HIP6UnmEOXpIf026Zt035nIbcxvMGma xvM3pN+i2t6iETuClgUeaROxej9xVdPEQIrv1jTV3EnxNMqfRvOehikwOzKNPGnsHYyhTP0lm0UN dx+g8ceU7cSfp0g/Tz5wgum7oD80V4Bup/Q/oOZIg3V8l2b5/6C1Ukof5VxMVpBGegbVU4Ta0E7x Tab11HIoZZhJ9f9vKjuH8n9A8Wmk39H4TJ7zR+RFf01WkITp5uvIDfNWHDfTQ1jW6MXRM/8a42Yb xg17ifnzic+/RJ1kxP6a1xn7sbXErlU0bk3YHrBHG435dNITaMynk55AIz+d9AQa/+mkJ5A9Tic9 geZiOmnM/zG1/02qOZP6LpFv2U06TfNd5kfJU80AnYUt4W5gnPsxzWxp0iPowSi/geJ9VKpV81HU 8lay3yLNz+BVw2tk169Rnk2kJ5F+hix6QNNJP0QNz+14R7y6mJizmDxDF6bA2oT1L6CrMzQvQWU/ TPoyMQSsgJ9Outj4K/JOmOdpSplq/DXZ4Ceg55C9XDbDysv/BNPBIj4hzw8Wwb1C8R+ghzedI7tg mN+0kPzAR5QygXzOz8jWxiSBP+TeI3sx0uxfx9kEj/QR8fwjsvSPyHI/QjvVNdkgxU8YyTaxHl42 /R70faihhuNUSvM/6GEuUl9WYJsNNtN7oKs0X0fro0z9qk+C3RT/mtZr9DlQ8/PYd6wfPM9UXAGp F8/q/vA4tQd1h6bN3yJ9hbxHF+0W0BfdoKsndY1eotr8NfIhM8lmUT+XNJlW6l+Tj/o1jSSs1Nwh 4xm61+/Jf36CI0NXf0g5H6R4PnnO6aY3IH7BWA76ktFLc4dedCbddybFk0h/i/rbS5o3fQw9sph8 tL5jPTNol5JDY1VGd3mf9FHK/3Oq4eea56S720l/jHPB5ZHnXEz+/KcUj5F+BXfI/CKqv4ZmLZvq GaAU8vzcKdKvUv7t2GvuurGJ+vgq6HzjSfQnlOdfqEe/w3ZyG6mGLuy7aSaOkikXteEt5CT4JajN 8BHGjc0Ub8aWGxw0yxPIU32ieyrk1f1Ym+EL2EJYDbHXqdSv/zCe/n+0nXm8jtX68Ne91n3fz27b bkObTBkylJ3ZzrCTZGqLcHbaoXKwESIbIUPIMVeiTMl0HJXj7BRJRfzkCGmSdpJKKjkyNZBkePa7 ru96zueTfX5/1Hnf99On776ea13rWmtda76fgZXr+29b+SU0jajJj/Bh6nCAdmUgdyFvG3+dZWtf duq5Itt9R2L1OZY1TCkrn8TbBbgafSs8NPanWv4I2wd2jmuful1Nia9iv8bfKeMNn+fhVPQ/4yED b3uRe6HfERykzjLyp8hpzZ7KRlnOl5Xc6ltb/3eFDa39UF/m1EChPR9KrjbE57ngbebdWEag8C05 yeuq4V3wRpgGk2E3OMfSnXWzsEyHWWEtWfFE9j5MMA0mw25QbPphPwtvs9B0RNMzkDU2ibxJUrpl GkyG3aDYN8ayB5abHTnL5eAnh5oPRh6ckNNgMuwGs1lnetgo3czZO47PON5edT791TLC8ZONn2z8 ZOMnGz/ZRCNbvJk2Ymk6wW7U/Ah+jiDvRN5J/auGHxENR9fSj6gVDFLw+RF5b4SiHxvY25+OYCl7 v5f1sBWrnF0ldCf0Twu9ncgDgtbMbmEemn1YlqKlFfyXLMeLrLXQZCLnwMGSy5QQ2t1H8pYk12b8 n0CTKzNRZwdNGMMSw9kSsbCFtDTcLvSXSC7/FzkhB8dFDidz6mhMDMcQW419C/LuZ/424u7TWe62 NlY5RCmHKOUQpRx6KocoifwW9emFvUGuSpwHC230GL1BJxmlcou3rZC94Gl/q9VUSIxbNzKTGY1u TKYxupLlvkafVkOfg884fDVB2elejY3EXmzKSa/Z8VCL1jm68VALmzRS56CZQ21H2DV2srHzMd7R nBYGVZR36QN5BnLpg+ARa/+M3NbN7qCnjWdTWeH9viKbtfAp9KuCYZbLxNLD3u7+ln4l8rYXhvdj +aY8qfB3ynMMcwgPd8qzEb84qS+T61lhrDz60ni4CPOw78nNdLz0u3lFVm9zEPlW2FDoV5b7rH8N +/J07P+Hnv1UGKzEpqHIfjmxNDNYVU4iDyS1JqllhGFrPLgbdB7MpKybZQ00y+Tph2kr+6z5hlPB dO4F2+XcbnbIjdienayNN0vi6a0gquPQTJETQnAKP1tgPvwYfoqfw/B9OMovQN9LTrPC4E3k8fB1 7stnuR2/LKc+/2bOfpsSshbKyc0yH011Uu3OEjYm/oOxTIFNw9GWW/HwGDzpKB4s89GIh7VYPkOu i6LxL6Lh5BnMY3+cx4l0OxwLD3DC/JCT5HbOscu4QcflVGnHkpyQj1BiF/iKrLRBWXyWlbzBGOQx ThY/lvlorJ/gL3JTjmnaZYLSlrfj5xj1bC/z3X8BD1GC4ifCT0R8XqAtL0h8gqYix0aET8OHZGzg Z7QjUb0C/3nSdjOSM94njnJ+s9wFX4QXsbHrWNiKvp6EZdvA3jiCBWEl6+0muWmaDaL3r3IUD5Yv wouwo7SOVG7QZodozAryHpVZ6X3OOflhOB9u4zw5kTvpNO6kj3BemsXZgHu6d0pOgHo5nssg75Fb s2kexGXuoG8ofvyvpf4+Z2+/ryP6vtS2L7XtS21nSa384XJ3Dt8jl+LEWIG2c+82d8DXOCe8TIvm c4Oew0nsXfzXdqSU2pRSm1JqY/+uRNWfJmWF6cE4uIsnG5KrlCOaTkTjLBE7F3zJXMhgVDvK+Kwj d2c73qwmzA0YG8gDaNFo5tRo7D8JvqNHHCXCFeUe7fuiCXr7b1BDkScil6L+pdCUZDQuhF2DVOvt sNyFg1vCWVbzkeiDxaS2EZpNyKfFxi/B3Xk7NvliHyQzdyrBbtyFX+AW/IMwKCvntGCM5AqbU0oL fL7N/vgFntfibRKM5MbtbyD1WWZTKrxSUq/gSVFSd25eBbJKBzmyvsXeZA1vK7L+jLt5Y+bURebL MjeL0YR4uCA+k7r7S22uEuwCv0oNbeSldy7JPdquV2Xpl7pQ7tdLuV//Q2RrWReWZabXhWXpr7pQ 8j4byjpwiDrwpMLvElaQPY71aicczRpSTW7i/ldy+/bXCe0+KKNrd/gs41zm+Hbki7RiGXkPsTa+ Ippwr6wV4f3o34R9WB8OkfdOeDJWH06VHVA0QUxGVKw89qXhs/hkRTWr5K7t3yr3Dr8XTGVHvitY xug6g2ztw67oe3H/2sSNL4e59k1Ylr3P6gNusnYOyv3oLc5U34ul/wjrwGQ57ccWMR/PST+GHejN eaIJWwUSnwpyq7UjXNY0nvXpZcLYItmDzF6ZfWak3LItpRUbkDcwu6eLbPM6SmptUisxs5w8Wurg N5RS7N5qb2R+M+5ln/A8J19oZ9CL7KRn2EPlxjRK2hK8Lzts2IXV9UdOAiu4xfTn1var3NN9nj2a 5XJD19NkhQ8HSp2DU6wJW1hdexGBj0XWh+H7pN4RFoO5UqKMItsXh2VHJnU8PMU68zq5eApqrpI7 u12R1lLztbLKhXbM+0Xpi9qwN702zpf19i1YQNu/pXcqYsPt3syBM+Cf0Gdzg8uXlvrt0FRFvsH/ AP9y7yNu3mdEI4VoXM1NfLLc4v2x/glbw77kai/nq+Aoo2W7fzdrkbR3E3k3kbc9o6UCkT8Op1Of jfRdee6Pj9Pjr7PLrKKvm6N5Ue4RPrdRfwv2bfH2sjD4CHk9a3uIPJ47tfOQASfJHd//grl8pZxa /c5SzyAIFsuKQT0XMVo2clacYHZY/WGJZPixjFK7EwmnCv1vfOmXZ1nnx4ocfBfIXv8Ku9WX2PRn JTzPOtmb1JJC87TsksFMqWF4OxH4gtrul1u/X0Ru/WY4N+iT1Kojra5Eu9pIrYJ3iMBd6NdJK8w2 394a/CXy7pu/2HxKHawcfoL/fdj3pZf7ynMAO86lxA/RV0V+JmEjPh+T5wChEvrL5WmAnyX6cBR1 mIN9BXkaoH/Afw+Yhf4rPHQWOXgKuborhadztZmV7I/hZ8RqI+QkbFbDcdDNx1KcYzcTT+N/ZuU0 2ZXMdqK3gOefJSmlA2xBxHazMlxiNTtHfGbAWxljdbgrbYSNEvKNMA0mw26k2rtP8Dhn+BNYPgpf CVZZ/xnIteGsBNNgMhQPt2JZkZvmBNH4E9CURnOKG+5M7pjLYTe4h7s89dHPc+N7kmcLZ+R2Zuea zaWfw/IM5T4sJ15/BT5XSF5/CvKRBG+EaTAZSk1+lGcC9ubbw0ayNm18Vd7dNv/CZxrsCd+Um69/ Hd5mJHgjTIPJpHaDNmL+B+I53Crv+lk+Zz38k1zVEpQorcNzpkTDxrkTERM+QdsryvME2wqrCb6Q pw22FJE/R65G6dVE46+hbs2E5rRv79dmqP8/Mi+Cx1jZJPUcqT/DgWgelpu1WQPvF03QGvuHiG0l eEZoV4aXZHdGXgGPSK7gktDfh88c0ZtpeK4MT7A+zPDXW3Yn9QYivBzOEZukGhKBJOIQPMF98zS7 5z6RY0PYQ9eQ+jgRnkD0boJTGGPz8VBDfCatkxNR+CS30U3+Jpv6UGJs23u0eTExPnO4Q8nImSay 9ZNDj+cQYZFvkKcT/ihKWSp+7LmxjowExm05WI36LKOsPkEJywZC05F4jqdPD8L7sZ+A/TXIo+j9 O0UTVpMREqxE3xCWoZ4zRNYn8fBoeA/8SfoOm4el98PWpG5G0wyfeWj+RM1HEfM3RR9uDYtS56JE Qz6J0bDA7gLKFLyN/IK8+w8bFDyPXBNOl08mJFL/DvmEQMEYZMcycA56l3cN8hq85cEv0HyBvB8b q9eDCuSZZ3M4BY6EV0ED98OpQq+EUMXRNIBKaCYgr4DrYRUnx+V59WHyXkCzGN5LruXI6TAVm++Q q8IKMAv9h3Anmn6wI5ok6nMSjUazGc/V0OTAwehdnQdTn1eRs2E57NtgcwT+ir4D8jnkELkW/DYu 62F1yqVFXiQa7zh+bsG+BqyOfiE2ribOfh9cgGZQvLGMVRd/kfVVcD/8q4s5ch8Xc2QFV8D1cZnL H7iYi8abCy+Quhj/6127kMsiryPVwHquLcieawseiiVaIfqvXLvi71kPf8ZDP/RNXOuwbxCvbDW9 49m0IpuaZ1PDbGoiTEX/K3IVoS03G8/ZlCVsSlntiGd5/J+G5SjFjRPGjJkFa9KuG8j1BGwRt+cT z9W5DnwdFocxYayMMJwr9N+DTaXt4d/QJ4lsXkuM4caMzL7yDqwbmXF53+pn5DnxalY+G29Ebx6h H48Qf+FY18uXDsgso3XN40NlliGPdPKl3chFiJtwKqlT43fAIkRS9J3RNyCXQlYJuYjMQTQrEhwK JdcdaO4QjXeY+F9IcCgsQu+0hSLfK6lmOTbfJSje6hL5M7ToJjd34vIErAX6nxKjxUZG/9ONiksX rDyKEbVWNMF5bDaKJijDPGp3ic8tEOEF8eJy2o83kXl6Sc7qjEBvicTW24BmvNB6ltsTK4DphP9z RHshlgsYmVXx+esleUegTlz2mg60IiQaoZOJfDlaXRQaWD3eDhZhfIrmCuJwXHIp4mZuSYxYieGf 4UJsHoE5aEYlvElsyyO7yC9IUGy2x+2eoiNa+grxcWM+jfofIyY/JGLb1MqMc0t5is5I9p6C70NN 27dJDG0Nm0LRsB6a1vj5CL6LN9Z/71OxUacYyVXjVS07o1+I/i3RqKPoi8EUemFeYu5Lf3XFZ2W3 QsID8Fj8Ii1tAuX9GnYQ702Yh96NCrdOZuH5ODVZir6ejDGf8eMfFvugRoGNiXHr54dSH/O9xNAf hTyKlv6JVLfW/eLWAWmvpdT2SmwqoS+JzRfI9ZFfSqyHtrZeIzQ/QreG0C6dAbtA9g7tYst64n0O 2ZW81ehbwcYQb7p93J6UNOuJuRrLNZB9Vu+FveB09LOxdHXYhGYOvAjfTuxN0jvzXZ1F9l9AHkeu oXCg290YFSFjrBYMyXsYeR+pNyCvTYwBkaF2u3BlNB+iaQ57UlYS+gNwM3p2B7vz7rH1Z1X34qSO RZ+dmK3ZeMvGQzbrRjapojmC7HbtUtCdNwbg7R3o9sRhyJwcvI1ELBPLL9gjSrgel91BV0TOxfJL eIiVvz/kzOPfD9lbAyIfclIyrh8H04qdBf2Y3W0kPq7XnD7RLtkRslidNsObsal66Sj7SDYcyqou cltW+2/hh6wYHdF3jN8MixCfIsRf9GmsIZuJ0uaELHtBXVJzEhxKbYswm8Tm1URs20LR94TlWPk7 4W1ngpK3FeteA51h5ZmBPBdK9wfIDdr/m+VukfUeXz6tsU5ofvLltpUvluqI0OtPrkxhsEXoh7CO L8/cMvGWhZ9VPHlojp+LYhN2IW+WK1eoD8DWfjnLc2YstGda0w95JPquQpNrDopeZLVX6NUi9YAw SMVmMswzj1tqPLT2Pdoi+jEQb8F8VyI8CCfCdUaeVaYJ9VzkykF3Kx8W2Tsjn9e1NbTnbZMiGrXL 2HuZ+lyo3xC92iX2QVvylnYeRK+TzCYZsWaDrKVmBXrJdUpSg2RsVsFT6GsIrV48pAuD5dTqHMyA E8WP7pqos7X3fKG/X2iyYB41NNoTyjMTpZG11qLxtpDKLcb7ms8kn7A+B+mZshroadIuLe/YLhXZ O63lU3D7tDy5fUyPt5yql8qpRuy9+XARNEIzAQ8r9AzL9Vre6a5i5LM9LcwMWaNE413AZjEl3kuu 5cjpMFUnybkFm6paThoV9JXSs1rey8sU2dsJ8+TfT9QddTIsLfMLDoOzYSQ01fCQI7IerCvKOqbt WNVDRNYl9Rcys9BvxjIby3LkbePJOUfj7Yj3DzmZeDWsprp3TM483nErl/Dkc31GZK+WrkcNbVvU eT9V9iNJ9QI4UzcSjX7Nem5P3uqwRkI+YBkTqp/xthDWw3917xtiaOOjL3jjpF/QfIvnBdjEhOqU 5FK/SE30p0rxbYL6wvBeoXw63WpeQn4b+WfkAcjz7Ij6NFxpOQ42EwZFhPamL8xDUxamCPU18Dns e2LTWxjGsWkDB5DaEvlh5Eew3AXPom+KfpMw1gK5P7wOm4+Qb4VN0LyDPAf5CdgVzWLqUxy6cgPk i9QqE81OeIBcl5APwupohsCxaGivfwN5ZyL7pL4HT6Npj9wNOUZZ04XeL8guep/gYRI2t6Pfj74+ 8g7kt4kD0TAvwN2wDrk+jQ2Sp/quX0QOisCrXe8gl4UpsJXrHZH9t10fiWx6w6FwJN7Gu54iVxXX X8jDXE9huQueRd9UGGuB5+vQf0TdGmJPW/zHXWSw6YVsXExEo4dTnwrU3KWeh92J0hbkXGxKwKPk 2oe968eK8CpqS18HRClwY8DV/CnoavUZNXdj+Ecsh1O3jfjvB91468MIpG7hQCwpy3wAt2FzD+yL 5jhyJEw6KD6TGMlhTfIOxhs2sc7o06lJTTdfiN5xcr2FTSr6I+Stiow3cwK5LfIU5GRkN6LG4SeP XojTrpZwE+wPn8Tyz+TagMwICR+g7W4+HqbcacgZ6E9iSTRio5E1ubKRH3Rjm9L/7uIMK5F3JTL9 pYleuAQuQ+PWijluvuChPr28A5agzh2wyYHMqaAaMv3id4KN8XAncg94Gzb58BCp90Onvxayhmjm sv8P2A7/b8Ln4UJsWA/1cnIdYwyfQkNfaNrir4XMWf8WLNfDj+EavNVG/hmbLvBeNKyxIfYha1Hs buxZV/0QmVJC1lX/DGSOmO+RaVEwCg3rp4+lIcKaEWi+RmaWBa9gswq6NW0GerfSvg7pR+OiOhWy KgbfIC+AV1CrG7FkFBnmhaGGht3BH0EuNxK+RE8cYqwAQRb6N9AzB81NkLkfvkidB0FGjk8rfHrW J6ratcL1L7tDyErru/4ir8/KYFxZr8G90I0it8K4ldDtR49SN/YU3+1rjApTFLkUZKaEbmW+ldH7 BOO2OOP2AHMcPz6zMiDO5j1SWeH966FbB+jfgPFs5lOfh/A/GzISzBjoduevkH+FeE5idU2izsHL 5GLGxdyatho9vROS6v+TvKyNZojUSqmCDFgGviA7TlzeOxsHmwmDIkLzL5iHpixMEepr4HPY98Sm tzCMY9MGDiC1JfLDyI9guQueRd8U/SZhrAVyf3gdNh8h3wqboHkHeQ7yE7ArmsXUpzh05QbIF6lV Jpqd8AC5LiEfhNXRDIFj0dBe/wbyzkT2SX0PnkbTHrkbcoyypgu9X5Bd9D7BwyRsbke/H3195B3I bxMHomFegLthHfKmk3o1bIUf7M1QOBLNeFKrwGHkaoge//7jsBc0lDscVsCD05+H3cm7BTkXmxLw KNyHvYtnRXgVJRLzgNoGri+og/8UdDX5jFQ3ln5Epg7+Rjz3g67f+zASqFs4EEvKMh/AbdjcA/ui OY4cCZPozSRGVFiTvIPxhk2sMxr0SW+hSSXvEfRVkclrTiC3RZ6CnIzs+vFJ+Gc0G5Dpl/ABWuFG +GF8TkPOQH8SS9oVG42syZWN/CCWf0euhP1KZKKtaXu4BC5D42Ycs8DvgJwDGYFBNWSi53eCjcl1 J3IPeBs2+fAQqfdDp78WMuM0I9//B2yH/zfh83AhNqweejm5jgm9U2iIoabO/lrICPdvwXI9/Biu wVtt5J+x6QLvRcOKFGIfMnNjd2PPKuSHyJQSsgr5ZyAj2XyPTIuCUWhYbXwsDZHUjBPzNTJzIXgF m1XQrQAz0Lt16XXIqDYuqlMha0jwDfICeAW1uhFLRohh9BpqaFhL/RHkcj3+JXriEGOOBFno30DP TDE3QWZo+CJ1HgQZIT6t8OlZn6hq1wrXv6ylIeuS7/qLvD7z17iyXoN7oRtFbh1wq41bvR+lbqzA vtsFGBWmKHIpyCwI3crg7F0kWev86yHz0afvAsaqmU9ZD5F3NqSXzRjo9qmvkH+F+ExiZUuiPsHL 5GLWxNyqsho9kQ9J9f9JXlYn9YExSp6JySdDqgXJPI2Rb09n8kSon5H3lFfwHKkdqUuDQMkTpFTL hTxJ06LR36GfJXo/FEu7CQXy5AT9PcJgr9Cvg/4MHnJJPSoMhyH3g5n4POUsKX2mfNPcpMgTM70U zZTE86468iSBp2e38STtvHtihmal5NJ70GjsT8FVtDFFqCfS0i48E9vB06p05HTzquQSG1Ugeu/K xFMyS/UVz8Qa4CeLXK15cpUhGu9Kf7GSZ2V5MmtIXQq7CuO5BfK9184F8jmcNwrkyWRXeYKh94js 1ULuTmpr5M3I+7EcJ7IXx0MNUv9Jrn3IJZ03NF/HV6CRvPVgb/RxsfTOo3ka+2rkfZbURshppIbI 9yFPwzKD0j/F8hipD4kcz5L6+B1cK5R8mvScyKYYZV2DnKt4sorGR7Mb+wPC0FcyNqiJScOmDLKG B7FMQk5B7ii0Y0jkVZS4Dnku8iosS8MVPB06gtwPm5Hk7S4lmg2JOkvqGMp9l3ruRz6TKFFGYz3k e7DvHd8kT95Er/bG5SluJj7nkzqRvFdI/O2Kx3NRNLPpkUH47xB/njqIfS+R9Q6puaklsh3TjWU3 JFcb0di8S2zqkvgGGytGiPdaXJ6OrpFUu3Y9T3ulRWl4+Fol84R8A2ugfAvyGleKfMbA1lZqvhp9 GSJfijbuEZ/BQ/iP4vOszXpsZsdl5JfHZ0TqNlhfauUtctGT1nlTYQOx1zXiWyl3t/SOyPoN5Bow CdYT2rLeQN5KWctkHFLiZJUqc0fK1W+oYvJkkoidosQs9IfhDnp5ObnyqNsh2ILRxVgK+qCJi705 WHCnnAMLTliexucgV4rrL+bXucQsk8jMRI4J5Ve27OrKKPKnw5YyBsJGkhp8InUIOhecpy/Wwjxm ouQt72oiso2MxOrngu84Hc1lhlIusaogfedNpW6t0YyUvtMzidsq5Ix4c4lPvB82/UidTCsmi/9L 36M5yrta4iEFthaNrinvm/hNiPApNDviY2T0Slu8Y/TFIeyTYPW4fMc/4D2XxVI3kxr/G2XlMiPy 5T0Caquo4dXx4zLjCuR99iTa+BKtvkLGlXcbY7WfRMB/yfWXlO695kaXWIaMMdu6rezsEsNqrDNf u3VD5qBtncTwjKSGa6QULx+fHahVV+JZkrz1mAslRW9vbbzjIAySpYamE3Ozq/SXOi8RsDHJoxdu x1Ja1DH+CfyKEtMYyeJnbPwJ8krMh0lMLF8g70HyHmWEyzgvJzHxysR5H4fUu+M/I8t7MT4x34bN GuxXOhKTRXw6aAGp8/DQlBbNoKymiU9QbOVkJX7WuU8T4T+HOicR87vokVVCbzbxeVdl2ZgUZ32o h2aiUO2SaNiIzWIdmydzjTWnhfixfXSBugXsPsJ3sT8lkQyWwwb0XTlWp55ib6MtIyGklAPEfC7r my/j365prGb0b1dWm6miUXxSS30O1xOrNczKGozDWdi/4XJRSh/qc4z2Nk+swM2IrZSymTEz27UC P0mitztUwOdAZBa3lXLDJ+W3kuwIl2+xvaWayx2QUg4zu3MZadXwnyfl2hF+gfFZjFUrlb0mlV2J nYXxHzFOfFahHtifZTWbRU0OqAase49RZ5EX2h3JjnOiUYaxqsW/uYf4v+ZWp8Sq2JZduDErWBP2 a/G/GMszRON+PExOtMLKoVvPZ7u5ltjd5Bt8E/U7yLIj7CJWjWhpfvwDVundzL5NxEG+N9pFGPzA J7424GEuI3wQmubEcLp4s3N5LXGTvj4KZzGuxqEvzrybyKgYI7L6hR3tfTTjsM9PzOg89iy35jeQ VYXxkCIxV5/Trh6u99mvV7pU1tV9zI4yrKIT4SA0cfbH0pwiMthTtqBhzQ9WM0IaEMkxvFc+kjFc gR2B01qM84zdwTlXUFYZiZXJT4z2fFaPDayBila4lTyfdUDYA5ut8UVK3gHPpVayztyBh47YrGIM 90dTA/t3E8ylX3IZ7fm0NJfWbWAXXkGdrSb+a8HXjIQs2vuAtfy72zHJNSxxKnMnNxmHb5F3oqpo 5a20cSP1/1IYry/eCs7Kr05Z9rY2Q3m+d5QncjwFTeK9J5UsNpa9ebdONAoPdwfyyc/uoV2v4kWQ k5HrI9dHTg8PoFmOJh95mnxqNMxDzke+RKr8DliD2A3yW2Ro0m3viYePsfH5FbJPhOE5qUNM/KSG bYSx+fJbZPJdufiy2Cr5LTKRL20WOT4pXCS/RRb7Xt5Zjl0FzwnDb8W/k+W3I6z8K3p+Zyz2d+SW yP3lF8mCnfKLZK6N4WGxTyopciwZy4vUtiF+emFTjtRM2tUE/kqrZ5H6BvI59DXQvA/lm8gNkqrg sxmlD+Q98Xxkjc1f8LyWKOVToqb0GcivkjdDPuvrKPW3MTwk+qQIOQMPTt+AOvREbop8Hx6+wr4Y 9YHUp4GrTziX+myT3w2j1Y0TrW6I517Y3I39DOQmMEaum5H5tbfY/ci0N9aJVkgp6Yqa8PtmDcOA 1K7IPqWcJCbT0DQk1fZOvC5sGDPwMWy+hR9hWYC+PnXeSJ3pOz6bZy6dQm4Ms6WUSzukDpc+QP5S GO8Nu6M5KpaX1kuEE/oRsAgshZ9SyGNhY3JtJNc3yDvRE59LyyjrdfTviBzXeKDHE3X4CZuD5Koi qwTfLz7N94if4TuPz8QqyxqFXC+UE1195Gv5JPnz/AJPB77vn8G3qjMCGxPvW37R4luRNd+8tjdx +a6K+32zOJZV+S2CnXyDoyu/V9A1tGdyj18Y8I6LrJ18OrCz0rTmdwzKBnXcu/0q2duS3EyZnNHD BqnU+4b1vV+tH9TrwQfUUdVC6Zad7qisit+R1bKysvfOggJVSkUqpiqr66yUbs8Ct6h2qovKUQOt J/kN6LlqqHpITVBT1TMJ+2IqSVVRNVVpdYO6SbVUt6k7VR9lR5e6V81S89QwNVpNVNPU4oR9cXWF usaeF65SjexJoZVqr7JVXzVIadVDPaHmq+FqjHpETVdL+HdwXZ4Sdlevqq5XZeyefbNqrTqou1Q/ NVgZ9Wc1Wy1QD6qxapKaoZbaWph2nTtnqtuyOt1eWfXuktW+slqIl6tUSVVEVVNXq1p212qi2qjb 1Z9UV3WfXdN9VU/1VHOs5Qg1Tv1FzVTLyHOFqq5qq3J2TrRVHVU3VV8tR19GXalSVA27xtdR5VWG jeStqpPdIbqr/mqI3fUaqF7qSfW0GqkeVpPVo+qviRqkqqLqWlVJ1VUV1I0qU3VWd6i71QAb+1A1 VL3VU2qRGqXGqyn2XLNC/S2nwfAckw8/h4fhCXgGXhT6fk6vQQ/6KbA0rAzTYDpsDjNzeg3v62fB rrAH7AMHwlw4MidncK4/Ds6EC+FzcD3cBvfAg30GDbjPPwZ/gGf7PDBksH9RGGiYBCOYCsvByrBG v2G9coJasBFsAW+DXWAP2B8Os4X0CsbBSXA6nDXogRGDg7lwEVwOn4N5cB18DW4ZNCRnULAdvgv3 wgPwkDUZFhyBJ+BP8ByMC0MfJsPiQ+yfsDSsAK+B18E6MB1mwBZDhvV5IGwLO8CsXNF3hT1gHzgQ 5sKRcBycNNz2bDgdzobz4VK4Eq6G64YPeKBf+BrcArfD3XAP3Ac/Hz44Jzf8Gp6AZ4UxBZNhKqw4 fHi9+rHrYD3YBLaAmbAz7Gpp9zvYH+bCh+BEOB3OtmwYWwiXw1XwJfga3Ap3WabH9sB98HP4NTwK T8Ezw0f0Hh47L0xSMIQpsCQsAysOH5E7PKkaTIP1YCPYDLaEmQ/a+Cd1hF1gd9gT9oOD4DAoT4y0 XTtS/4u/xq5D5VWF/0vJ48fDfw8DJc8aQ7sbJP1/euXzysmeqvQfLPqHaOweUYR/weD/jeTZ1f1/ Z8k/RG3/M7zSl73yEvuzMPkPssQf5NX/weJ/iFLnyryq/B+v/q1Tl+mi30ljd/fSqsx/LV2FpO0J 5Jr/6m9Vfnb7j/+trmr8F389u/v/Xv7eCHr2NPN7WewPsL49xT1oTy9z1Uq1Xm1X+eqwOuP5XqpX zUv3WntdvD7eg95kb6630lvvbffyvcPeGe3rirqDHqNn6kV6td6od+sD+pg+b5JNOZNmMsxtprsZ aMaYmWaRWW3nvpSV5GaD6Vjode9Crx8r9HrWb177hdJDu7zsVzHvN6+T0y9/nbLi8vzR2cv9p3a/ /HUpdbn/UqmFXtcoZJ9Z6PU9hV4Xak+pA5e/Ln1dodedC71+6PL6V1h+efrVb1z+unqtQq/r/Oa1 nb/V6xVKn8Rrbdeckq6F13Z2f69zLfft+Ctt18QaCe2exN8Dib+HE39/+N+s09ITf5sn/mYm/na5 vBZpMy9v5fWNLn9dJ365fd2ul7+uX6gXGjQo9Dq90Os9hV7vLfT6RKHXpy5/3bDkb0aZFRqlFnrd 6HL7Rk0KvS6cfluh1x0Kve54eS82vc0yspHJ8eapft5iVuve9j9lZ+pc+SxOUIJdqKQKU9pFO1Iy o+3R1mib1YTeSe+ktfvB+8HeJn/yflLa+9n7WZnolugW5UetolZ2v5bxoE0bI/2ldUldymps2SaS +piiNmcd+7q0vVENs3e+HeqQOu+l2jok2VqlpvxJ6ZTMlCzLdil3WErrits1XG6c9eyNsFl0VBld 3NbpO/7uiI7Zv6Xs6+P83RHtU9q+2m+5IzpguUv5jNBy6prokK3rVpv6FX93RF/bv9vs62/4u+M3 locTlt8mLI8kLP+VsPx3fdtT3w7U93bq+++UjqR0IqXzb1Oi3dTwXWr4PjX8d8oeUvaSkk+KVjFt /7PTrIiWb+8U18VtVEvZqJqUtim32qhvjbaq0NZpm42UUXKm8AzvFNv/r7P5J9lWTbIvi3nF1ASv nHe1msi/Rz3Z6+7do6Z4g7zBajr/BvVMb6j3oHrUm+nNVE94C72n1WzvR+9H9aR31jurnvIueBfU XBkaap4Odajm6xSdohboErqEWqhL69LqaV1el1eLdFVdVT2ja+qaarGupzurJfpBPUJt0aP0KLXV rv5j1Jv6YT1ebdOT9WS1XU/T09Rbeq6eq3boBXqB2qlX6k/ULlPUjpqLJt2kq7hpaVqrAtPOtPO0 WWKWeMZ/0P+r5wc5QY7XIOgb9PUaBvcF93npwYBggHdDMDwY7jUKRgQjvMbBqGCU1yT4KJzuNU2+ I7mX933ytCKeF08pntJGj065O2WpfrFon6ID9emiE4o+ps9HOkoySVGVqIopFlWNqpriUfWouikR XRtda0pGNaOa5sro+uh6kxrVjmqbUlHdqK4pHdWP6purovQo3ZSJGkWNTNmoSdTElIsyogxTPmoW NTMVouZRc3N11CJqYSpGLaOWplLUOmptKkeZUaapEvWIephroj5RH1M16hf1M9Wi/lF/Uz0aHA02 NaIh0RBzbTQ0Gmqui0ZEI0zNaFQ0yqRFo6PR5vpoQjTB1IoeiR4xtaMp0RRTJ5oeTTd1o5nRTFMv ejx63NSPnoieMA2iJ6MnTcNobjTXpEfzo/nmhmhhtNA0ihZFi0zjaHG02DSJlkZLTdNoebTcZEQr ohXmxmhltNI0i56LnjM3RauiVaZ5tDpabW6O8qI80yJaE60xt0Rro7WmZfRy9LJpFf0f9r4DOoqj 2bq6e2Z7d2a2JRAIIUCACCYIWCEQCDA555xMFIicEWBjcsZgGxuDMTnnnHM0OZqcc845GvFqSgMG G7/P70vnP//x6aOuSTs7dbu67u2e0ewytUwUVSvUClFMrVKrRHG1Rq0RJdR6tV6UVJvUJlFKbVFb RGm1VW0VZdR2tV2UVTvVTlFO7Va7RXm1V+0VFdR+tV9UVL+oX0QldUgdEpXVEXVEVFHH1DFRVZ1Q J0Q1dUqdEtXVOXVO1FB31B1RU91X90Ut9VA9FLXVY/VYfKaeqmeiDgZvQ8pfQJmLsZfsJWaxN+wN Zg+d4/iD+plO/cxF/UzyYB4Mbh7KQ8HDM/AMYNhRCKYerUeDpTfWG4NXb6I3AaU305uBn95B7wD+ eqweCwn0znpnSKhSqVQQoEJVKPbxtCotJFbpVXoIVBlUBkiiMqlMEKTCVBgkVVlVVghWPuWj35mJ gOQqp8oJKVQulQtCVJSKgpQqr8oLqdSn6lNIrQqoApit7PybhvJvWlVClYB0qq6qC+lVI9UIPlEx KgYyqKaqKWRUrVQryKTaqDaQWbVT7SBMxapYyKI6q86QVX2uPodsqofqAT7VS/WCcNVP9YPsaqAa CBFqsBoMOdRQNRRyqm/UNxCpvlPfQS41XA2H3GqEGgFR6kf1I+RRP6mfIK8ao8Zgvh6nxsGnaoKa APnVJDUJCqgpagoUVNPUNCikZqgZUFjNUrOgiJqj5kBRNU/Ng2JqoVoIxdVitRhKqKVqKZRUy9Vy KKVWqpVQWq1Wq6GMWqfWQVnKf+Uo/5XH3PkzVMDcuQ0qqh2YPSupXZhtK6s9mG2rqH2YbauqA5hl q6mDmGWrq8OYZWuoo8gZNdVx5Ixa6iRyRm11Vp2Fz+g3Xuqoe+oe1FUP1AOopx6pR1BfPVFPoIEz SrOVTw7KtRkxtnRWl9XFzTEsBpi2QlsB3PXa9RqEO787P+bhv6Pv7+j7d0dfMEVfJlttseauU3/H 2N8x9m+KMaa3QD3vz0J5DlFcqwnJIQ/dv7HvY0RDC9TvXVFZfgXfw2iYDLNhMayGzbALDsJJuAg3 4SEqe2AuZnk+B+Hp6In1fEG2k6cr2c6eL8l28XRHG4tLPcjGenqS7eTpRbazpzfZLp6+aDvhcf3I xnr6k+3kGUC2s2cg2S6ewWg743FfkY31DCHbyTOUbGfP12S7eL5F2wWPG0Y21vMd2U6e78l29gwn 28XTDTju7YN1J88grDt7vsG6y7+AyAjyvKNnpIPMjw4yoxxkfnKQGe0gM8ZBZKyDyDgHkQkOIhMd RCY5iEx2EJniIDLNQWS6g8gMB5GZDiKzHETmOIjMdRCZ5yAy30FkgYPID+h/R894QmQqITL7X0Rk kYPIYgeRJQ4iSx1EljmIrHAQWenEyioHmdUOMmscZNY6yKxzkFnvILLBQWSTg8hmB5EtDiI/O4hs dRDZ7iCyw0Fkp4PILgeR3Q4iCwmR5RQpGwmRbf8iInsdRPY5iOx3EDngIPKLg8ghB5HDDiJHHESO OogccxA54SBy0kHklBMrpx1kzjjInHWQOecgc95B5oKDyCUHkcsOIlccRK46iFxzENlDiBwkRI5T pFz8FxG54SBy00HkloPIbQeROw4i9xxE7juIPHAQeegg8shB5ImDyFMHkWcOIs8dRF44iLxyEPnV QeS1g0icEytv4pExIB4Zg8UjY/B4ZAzhIHOdELlLiDwmRF7akWL/zrJ93TSbVhMysoN8gigrKogm oqloIVqKjqKT6CK+EN3FIDFYfCWGiKHiaxwFXxSXxGVxRVwV18R1cUPcFLfEbXFH3BX3xH3xQDwU j8Rj8cQbaf8OIjvADuAXjLffyiDKiDLARXlRHoRoLGJAE81Ec3CJDqIDuEWsiAWP6Cw6oxL4XHwO pugmuoEleoi+4BVjxBgIEKvFXkjkzenNSbMMwWBoIVpKLZWWWgvV0mhptXRaeu0T2zO8oic0Gx+v V5I7cxOZ7X34mfjZbCZavTsig3NEmD03JVrhHtASafb7kTNoGcB873Px35tIS6wFakm0IC2pFqwl 05Ljsb99L4e04Kcl1AI0XXNpUnNrHs3QTM3SvJrS/DR/zZ7v0tC3nniR9me49qmWHyytkFYIFO6L hCAxXcwUc8UC8bPYKraJ7WKH2Cl2id1ij9j7McTt2TIxTUzDM84Q9pN2c8QcxHu+wDyKyG3B77so br07+zQ8ag7uXS3WiLVinVgvNoiNYpPYLLZ8rI3p7NPFdDz7TGE/PzJXzMWzLxCYnfEK9+LZbT/s s2eFRB8960f8IMwuOpjZn/uL0UWfs6MBP6e34UuhL/SD/jAABsIgGIz9eggMpV8H/xaGwXfYy4fD DzACRsKPMAp+wj4/BsbCOBgPE2AiTLKfa4CpMA2mwwyYCbMwH8yBuTAP5sMCWAiLMDssgaWwDJbD ClgJqzBXrIG1sA7WwwbYCJswc2yBn2ErbIPtsAN2Yh7ZDXtgL+yD/XAAfsGscggOwxE4CsfgOJzA HHMKTsMZOAvn4DxcwIxzCS7DFbgK1+A63MD8cwtuwx24C/fgPjzAbPQIHsMTeArP4Dm8gJfwCn6F 1xAHbzCMGa/EK/MqvCqvxqvzGrwmr8Vr8894HV6X1+P1eQPekEfzRrwxj+FNeFPejDfnLXhL3oq3 5m14W96Ot+cT+XF+gp/kp/hpfoaf5ef4eX6BX+SX+GV+hV/l1/h1foPf5Lf4bWHwO/yuMPk9fp8/ 4A/5I/6YP+FP+TP+nL/gL/kr/it/zeP4G0xB9n/hCKEJXbiEFG7hEZVEZVFFVBV1RF3RQDQUrUV7 0U/0FwPEQDFc/CTGioVikVgiloqVYpXYJ/aLA+IXcVAcEofFEXFUHBPHxQlxUpwSp8UZcVacE+fF BS2vls/+3XXtsHZEO6od045rJ7ST2inttHZGO6ud085rF7SL2iXtsnZFu6pd065rN7Sb2i3ttnZH u6vd0+5rD7SH2iPtsfZEe6o9055rL7SX2ivtV+21Fqe90b16QllIFpZFZFFZTBaXJWRJWUqWlmVk WVlOlpcVZEVZSVaWVWRVWU1WlzVkTVlL1pafyTqyrqwn68sGsqGMlo2wxGBpiqW5bCFbylaytWwj 28p2sr3sIDvKWNlJdpZd5OfyC9kVSzfZXfaQPWUv2Vv2kX1lP9lfDpAD5SA5WH4lh8ih8mv5jfxW DpPfye/lcPmDHCFHyh/lKPmTHC3HyLFynBwvJ8iJcpKcLKfIqXKOnCvnyflygVwoF8nFcolcKpfJ 5fZvt8tVcrVcI9fKdXK93CA3yk1ys9wif5Zb5Ta5Xe6QO+UuuVvukXvlPrlfHpC/yIPykDwsj8ij 8pg8Lk/Ik/KUPC3PyLPynDwvL8iL8pK8LK/Iq/KavC5vyJvylrwt78i78p68Lx/Ih/K5fCFfylfy V/laxsk3bnAzOU1OlzPkTDlLzpaP5GP5RD6Vz4zPjS+MrsaXRjeju9HD6Gn0MnobfYy+Rj+jvzHA /NLsZnY3e5g9zV5mb7OP2dfsZw4wB5qDzMHmV+YQc6j5tfmN+a05zBxtjjHHmuPM8eYEc6I5yZxs TjGnmtPM6eYMc6Y5y5xtzjHnmfPNBeZCc5G52FxiLjWXmRvMjeYmc7O5xfzZ3GpuM3eZu8295j5z v3nA/MU8aB4yD5tHzKPmcfOCecm8Yl4zb5i3zHvmA/OR+dh8Yj41n5nPzRfmS/OV+asZZ76xwGIW t4SlWbrlsi5Zl60r1lXrmnXdumHdtG5Zt6071l3rnnXfemA9tB5Zj60n1lPrmfXcemG9tF5Zv1qv rTjrjRe8zMu9wqt5da/LK71ur8dreE2v5fV6ldfP6+9N4E3oDfAm8ib2BnqTeIO8Sb3B3mTe5N4U 3hBvSm8qb2pvqDeNN603nTe9d4x3rHecd7x3gneid5J3sneKd6p3mne6d4Z3Jt2lprl9mmPvySdw zKA0cz5JlEZ+PyLKIb8fE7XFZ3BC1BP14RSx6RnRTrSDs8h4veGc+F58D5fEKDEKLhOzXyHeukq8 dY146zrx1g2xXKyAm8QQt7UoLQ8DmoHnuqEbzKf76/4snObYs7suuK6y69Inc7C7NN/+yBhojOHc mGZs4EmMncZznp1m3aNpvn06sv1D8EAQhCLnl0cFNBoZYD1mZ/wKsz9wtZOW5tKSfY/GHwIhubkd 14+ZO7A+Ye7E+pS5592xx3BpE7hRTwRBCCqATPF3j8wT9nbzFNa7zTNY7zXPYb3fvGN/UiW2z6gC 7TOqJPYZ6Vyv6axv79F4cG2rMrDerswP9vjRHn/ak+CDPUG0JyntCaY9HDzYaj5su9zc/g+DvDwv cF6cFwfBS/FSoPEKvALoxnBjOLiMFcYKkMZ94z6ej+sz+S//IY79kGH//+bX/w7D2hz6V3nzP8mZ CWVj2UQ2k18iA9nMWQw5syyxWSVkpm+IJ2siR9rsGM+NMX+RFbv9Az78Ixv+hDz4GwO+zy7/r7Hh O7ZDXhyF/P0+KxZC9WFrj3jlYeuOiqg8Xji64xWqjlqoOMaT5piAiuMlRm11jNT6dly+5U7e+kPe tPytBFZCK8BKZCW2Aq0kVpCV1Aq2klnJrRRWiJXSSmWltkKtNFZaK52V3vrEymBltDJ9lG37f5xv lUcZyvxLrDv3j7yr/JS/SvAH9t1u7jB3Egfv+SgLH0MePmGeMs+Y597ysQpUSYiT7/wpK7/+Iy+r IJVUBf9T7PwBN1uv/wvsXJ5xlhiHssEsAyRiFVlVSEP33DOweiwGMrOmrClEsOasOeRgLVlryMna sq6Qm3VjI6AoG83GQT22jO2HaN6Bx0J33pl3h168J+8Ng3hfPhCG8MH8axjGv+Xfwwi6e/4TH8kx 29MYf7ywREKYIBKJRDBdBIpMMEOEiWywVoSLorCRGP8wMf4RGr0d1SZr++GmnkBPwIL0p/pTllR/ rj9nwfpL/SVL5kK4WHLXYNfXLIXrW9dwFuoa4RrFPnGNdo1jmV0TXLNZNtdc11KW17XctY0Vde1w HWDVXEddR1k91wnXKVbfdcZ1jkWjNnjNYlxvUBv0kZEyL1spP5UF2Hp3Rncmtskd5s7GtrjD3eFs uzvSHcl2uKPcUWynff+M7XIXdBdku92F3YXZHndxd3G2113KXYrtc5d1l2X73VXdVdkBdw13DfaL u7a7Njvoru9uxA65m7ubs+MeHPazE0a00YidNGKMZuy00cKIZeeNzkZndgt5dgy7jTy7gT1Bnn3O 4kxufsalWdfsyhtaE6yLvKf3a+9oviX++RYcjc6nOy51WRNny/L3tjDIAy5He6RHTZMD90/DYtfz URVMI2uvrXPW1uHaGSz2UzaZWWaMmqzM/nXJ3Cw3nrMEK4HkUoaVAY2NYqPoKZsd0FAP1pPpyfUU eoieUk+lp9ZD9TR6Wj2dnl7/RM+gZ9Qz6Zn1MD2LnlXPpvv0cD27HsEOscPsCDvKjrHj7AQ7yU6x 0+wMO8vOsfPsArvILrHL7Aq7yq6x6+wGu8lusdua0DTxVDwTz8UL8VK8Er+K1yJOvPlXtmnoisZp pkGj/+RIQHM/QVgEJMeiIXKfoKdhYD+Xlg2LG1HNgzoxHxYD8mMxoSgUAwvKYFFQA4sf1ILaqA/r YUkIjbEEQDMsiaAjxEJi+AK6QhLoiSUp9k4OwcyP+UMy7KPBkIKFsBAIoadjUmJ/rQipsL/WhtR0 VzeUemoa1oq1grT0vEw61ol1hvSsO+uOfXowGwwZ2RA2FDKxYWwYhGEPHg1ZsAcvg6xsI9sE2dg2 th3C2R62ByJovikH9bxI0tSladapHs06NXg3F/azMxeWBZFKwcN5OCrGSPvNoLwoL4qKsTQvjYqx Mq+MirEGrwE66p4YcKHiaYmKcZDxFbiNocYwMI3pxgzwN2YZcyGhcdQ4BoHGCeM0BBnnjEuopbuZ PSA1skc/SGszA2REZpgEme08Dtkwjx+FcMzeZyAnZvBzEIk5/BLkwjx+BXLj2OoaRGEuvwF5MJ/f gryY0+/Y/yeM15eX13nnyy7Hl6zoS8gHvkTxKDzW9kjwijiW0cgjnTxyob6rDZL8cqN6aw8e8ssg v7zkV0LyK5Ex31iIHi02lkMy8jEV+RhqXDNuQHrjlnEP/bI9zUqehpOnkeRpbuS/aTg+mIGjjALk dTHyugTy0lMog6z0GkcmtkeleAvn7mtZ7J+NyaNsto+sMvV7eLcFaC6Ts2as4LttnFVlYbiW6N1x 2AM+gkU+ng+xsBHRqI11wsVFuEjCxU24eFD31gWD0DGp1S3CyGvUMmqBwpF5D/DD0df32PY/GGMg OY7BlkNaY6WxASJxJHYP8hsPjOcQgxpiILRGtTAMuqI6mAt9kPuXwQjk+hMwjtp+JbX9KmTwC7Ca ImANRcBaioB1FAHrKQI2UARsRGa/B5uQ3R/AZmT417AF+dwF+1DjBMFR1DWp4SxqmUxwFVWJCXdR XSSAB8jxwTgCwEyII6T2APYIEgrbswxQyX5uC6qYX1rFYB9+JgX7iZ5yFL+1CND/w+Joz466iu+1 iO+3FoGq9v+gO9s4FKS754neHcdBGGONqfjNG40dGG0vTDt+cSuNs+OvJzVdic/5do7fEvzPZFb8 ZGLKQ0B5iFEeEpSHNMpDOuUhF+UhSXnITXnIQ3nIoDxkUh6yKA8pykN+lIf8KQ8lpDwUQHkoEeWh xJSHklAest+Vshk9sHhJsRqR+Ef3YTgzWEK8ylCWiWVneVhhVppVxquLZi1YO9YZtUsfNoh9w37A b53IprO5bDFbydazn9kudgCxOY04XGd32WP2EpO/i1s8IQ/iITwtz4ToRrJM6H0GxCIL2drIfrat y6LI1mN5yNZneck2YPnINmSfko1m+ck2YgXINsaeZ9sYVohsE1aUbHNWnGwrZFTbtmUVyI7Wk9hW W64HkV2hJ7WteuU2basHuC3buqa6vWTXuRXZ9W4/sq/d/mTj3AnIvnEntC2qlwCyBfwYfU8LlhEz gR/yPMe1MKxrI9vb2gHzAXqJMYg+hmPdgGXHuiGLwDqaoY5A33Ji3ZhFYh3DcmHdhBW2n/1gRbBu yYph3Qr1AkevSmLdjpXCuj0rjXUHVhbr0awc1mNZeazH6ImAo7+JsV6h2zMfr9zYMOgpRjX6qWG9 zo16A3102U8zuSXWcW431m/cHuDoG6ofdwHIiL2qDvJtK+TZbmC/eeEHGAtTYS4shbXIY3vgMJzG kf9t7NvO/TyMpCCM9bQYSz4WyfJhNJVk5TFD1ka/m6AXsxGt0YjQHLJ12Vyy9dg8svXZfLIN2AKy 0Wwh2UZsEdmGbDHZxmwJ2Ri2lGwTdwrboo8htkUvU5Jd505Fdr07NdnX7lCyce40ZN+409oWPU5H tgAbT+03gVpuIrXcJGq5ydRyU6jNplKbTaNWnE4tN4Nabia13Cy7PdyJCPHEhHggIZ6EEA8ixJMS 4sGEeDJCPDkhzkDzA3qqW1CuAOrpzM/+Fw37De7l6Zn6DJAdudiZiWKBFGtJKEaC7O+2z8KSvltq ZkeSnXsxn4ykWKHavkPG/DFDAUuMYxpGmYhTfrE5LQgGs2qsBqvFarLqrJlRE9mndvy8MO/Ee/BB fIQYLWaJxepX9VrFqTeYX8cZ440JxkRjkjHZmGJMxVy7ydhsbDF+NrYa24ztxg71THEllKZ05VJS uY0XxkvjlfGr8dqIM96YmPbM78zvzeHmD+YIc6T5oznK/Mlcbq4wV5qrzNXmGnOtuc5cb540T5tn zfPmRfOyedW8bt40b5t3zfvmQ0tabstjGZZpWZbXUpafldkKs7JYWa1sls8Kt7JbEVYOK6cVaeWy cltRVh4rr5XP+tTKbxWwClqFrMJWEauoVUxZyquUSqgCVCL1XL1QL1UylVzZ9yDT06gPaKSno3Io g5zWgrdC1o7FEZ3Fu+OIzktPPysav/nRqMyf5l4TiEViESR0LXAthADXCtcKSOx65nqGug3HKpDE HqugvjlrXIGM9ogF1cwg5O48OGZfBkVwtH0CyuKI+xSUI+4uT9xdgbi7InF3JeLuysTdVYi7qxJ3 VyPurk7cXYO4u6YZh6xdy/JHpo4mpu5OTN1LJUam7ot+robaf6VF/7kW/I+009sWMghNIDQ9hGNC wjEZ4ZiWPM9CnkeS55XI86qkUWrEj/x0Q/dSLywN9rxuYQh5P/5/H8V/Ho/xsYNnSECRAhQpglrY Re2pqD39qD39qT0TUHsmpPYMoPZMRO2ZmNozkNozCbVnELVnUmrPYGy3JJDMuXpTV+9dvUK96fRY u89TnALFKaM45RSnwvmspfu999kgVCXvssDbnk6Zg3oBRbJOkSwpkt3xo1j2gD1lrxw1kIAH8mQ8 Dc8oSumN9Bi9qd5c76h30ruo1CqNSqc+URlVZpVFZVPhKoeKVLlVHpVP5VcFVWFVVJVU9VRj1UQ1 U61VW9VedVJd1Beqp+qt+qtB6iv1tfpWfa9+UCPVKDVajVXj1UQ1WU1V09VMNVvNVfPVIrVELVMr 1Cq1Rq1Xm9QWtVVtVzvVbrVX7Ve/qEPqiDqmTqhT6py6o+6rh+qxevr3M5d/P3P5b3rmkoM/av4m eoB6hZxf4C89U449kbVwnX7vCWC3/ayM81TN//qMzLvnaPAc/FNe792YPX5LGcxAb8e8nD22fyeE 5+S58YgiuK0Cr8Sr81q8Dm+MuaodZr3u9j2tjxX7Ptb7Bc/yYcn9x2Lf9Xq/2PfIPlqK/K4Ut++g fVAq/LHYd9PeL+jLnxTkgw8K+vxhqfWxgvzxQUGUPiz1qPy23vh3pSmWFn9S2n2smHEfFmStD0vS 35XQD4vjX/z10hn+npv4k7kJBmeRP/Mh15dElV0VamPPbYIjnw7wOfTAsc9XMAxG4uhnMsyE+Tj+ WQ0bYRuOgA7CccTPR/d6/6917n+qrvDP1B+d/7DnRizMQyPtUQ8UskcCyHSBNHaw73AwlhFH0Ry5 3n4v5Uj2Iy6PYvZ7TcfjuIuzZeweLt9nD3C08hBzCUOufIrLz9gLYsxXuPwri8PlN9z+3SnONfs9 mdyFy5J+ucnkOPrmXu5H/weJI2yekNtvBUzMA3E5CbffNRfMk+Fycm6/hSmU47iNp+Wf4HIGnhGX M9GvRGXmmXE5jIfhchaeBZezcvsdcWP4GFwey8fi8jg+DpfHixL0DudSIERpPcB+U66O/urB9puU 9OJ6CRB6Sb0hLkfrzXG5hd7efn++3gWXP9f74XJ/vT8uD9A32u881zfh8mY35mU3xzEkd6f3tATm aeVBnedp7Z0FzDvbi2Ne7xzvJlze7N2Ky9tQpzIVgipDoJZ8Q+M7zMl+3C9d/H84U8twiHb+L/c3 BcJIgTBSIOy9/x9lpEAYKRBGCoSRAmGkQBgpEEYKhJECYaRAGCkQRgqEkQKJv0JOOoSRDmGkQxjp EEY6hJEOYaRDGOkQRjqEkQ5hpEMY6RBGOoSRDmGkQxjpEEY6hJEOYaRDGOkQRjqEkQ5hpEMY6RBG OoSRDmGkQxjpEEY6hJEOYaRDGOkQRjqEkQ5hpEMY6RBGOoSRDmGkQxjpEEY6hJEOYaRDGOkQRjqE kQ5hpEMY6RBGOoSRDmGkQxjpEEY6hJEOYaRDGOkQRjqEkQ5hpEMY6RBGOoSRDmGkQxjpEEY6hJEO YaRDGOkQRjqEkQ5hpEMY6RBGOoSRDmGkQxjpEEY6hJEOefvekXdvIQnejjYRbYXgDb4+wWtcnkwD Sg545mWST+wTPBc3zeSMhZs+j0vPrAQP1sHX0GVkdjGN9cnFmTaxiq+SL+y9Lcknh/RKTjdz8kEF iIaO0BZTaAzE4p99cye/L/V7J9MShc0/me5BxfMra/SdGTyx3vA0/onSHZ/YJ3EfXx9ti6+PmDNR cMZ5QIT9bHFU9pKbFu8s+YguOLPP++5qmY7X1YUuU1TTXAG8WpXwAF8Ce8UdYNRo2LFZ8zZNY9u2 Cff3KXujDJCVYxq3btumcXiIL7m9xQhIXK55ow5tO7ZtEpuqSNsO7dp2aBjbHD+R2pfS3i8Cgn7b X7V565gsVWIbtm6XqmKRQr6QJN7w7L4oX47s4eHZI3LUxtUI3PB21dd7yX/kyrw+095vBmjlKlSs HP6JL138akibIs3bNYvpkKpolWKpilUpn6eIr3iOLBG+3JFZihYrnjs8nS9NvEfJP+pRlZgOnZs3 ivH1YaHvI8x0EH0wS+F2g/dhDKYv9ykRM79i7QEt+08oOSlk58a79UrJ/ufbjey2flX96Pqu9IeG RK0JCp2W9ft5x8sMyhO8YEzf+TvqRQ3dnP3LwM/v5Mqd50H0q2Z9eLPbt9YU/GpR3KSwyOgG7aIa RKtX24Jyt134/dGC3l7TvZ8PiWw54Kv0SYLeLLxVbvWajAFX65T8pl3xyPRxOXLOyXHh2cnjdW7+ 1D18RbmUNW51OzrC28QKUdmT5A870mvSvlvPRn3HT2+q/zp3r+dRPes23pWrTt5Kn9XtX39fSPJX OdbXv5KhWruqY1fe7gbVin+WYVSG6mUvPFjtSTqyd8lMvh3PIlK1utZ8y5LDW8rv94XkOjyq8uFZ aYotnl+nUKkKS6ObDecC+9GUPsyDiOi+FAhpCoViPNG0oIgqBUY0mFQk8N432xYczLx6fM0DFEMp 0mhBvsBeidLkeH6icvF2xp2Crzq/WpJ54ZacS/x8Ve0DUmrlfGV8pSaWmFhsQJFmsbHt8mTL1qhD q6yt37ZT1kZtW2dr17K5vTVbuw5tG3dqFNsx27tmtFuRGhGjMise4qvpcmPH1HXJmFbWV9pX8u26 jw/I53xBly5dPvYFMR3+lzPH+gLs602nWT7j7SmF+3cdUthR0mPPwi+vZFt/rfqy/R1Pza78S2DU tqV7Xx6LC4lZdq3kozHFB+lNWqQfUC9uYM3T2xp9k7vXY3fxbpk7LlIbCs3evX32D1Nz3W8cdWHr kRf75L45l9Pdbz7/cPGLcU2y5zv249bsqV/eDU43sZ5VOCxBRJ4+fV/fSbFk/b7vpn6Xrv2qOR0W jl9weT9ED243a2XpikPvZgttPG3m1XItR4Ql/+L2jCnhJ4c1GDa1Tdxw7i0Qlta7rUX63pX6lvZf 06lR0dnN3dvErYv7zTvV89y+12GGYT2GQ6ErF4R2WHLt57Fmhom9dl26cCyqie9a8SRB1172eVnL 7Lp2pjcu+RsxpNHicgl5mgpZlvTvl/fipBLX9yfGNHYb09jh99LYwgQLjCEH8k44Q2l44e/T2Bf/ kWSRxpc6vtMHv7+/cUyqKs2btsGzvktkEb7w7DmyZ4+IiIiyE1kOTGNvV329+/43EplzuPiTw/9h Yrq+oM7kVN7nGbqt1b/sOe/urc5zM1QpkOdUwe5Lvom4WqPAtEqJc1Sdtn/pkFkFZua6kKXinZyB 5e+V63oqoPOghWH3a9WZdevCsYydLifr/8mYR8+zjC8Umdks+Gp93tWr6nQaHli5zK6IrbkWPrrV Y+aTQonruGNSpM51P2x1qOm/yH9cl9D+/bpVWJVs2MInU+KGPLZGl5/4ZKeR+uLsSyyyxOtsfVr0 Fk9m5Tz9Q41xr8ocVn1O5f42Ydylo11jBzW+EP1zuqyZ5o8LSqlClm9ekHapqrj2bPLhdUpN/2LZ 8lP7XrT7MgPrtzJTxv0bZun6hfN+7cu9nlcnTd+Mt7ZvLb3j+if9DvXYVsQcAfqiCjHtt75NTA0Q kTof66jivWxVq/302hHlTo6Svd70C1k/8EWH7IUe+irZuxNomC+mFvcV/X37YITYq3pApojwnFE5 M+do0rCJLzpXeJaGjSNyZcnRsGFEloaRuJorMrqRLycyYI6GjT9IgLsTXN91cGlgTbYzV9aIwMBV ZUcbKX3V4xNgBR+mwImYAgcU+z8lQIxljGQM4vq+3FkiwrNk94X7KAXWfi8FlvdhEnwvBeb/aynw T84d+7F8F36sTaaENSJ6Hxm37daLPIeLlnOPv1vvXIvPVnyxn49d27nZ+GGTxppbek4e+qDc6hFR r7znL4x5XDetX7KvByXO0+3UvH1LdrZaHRVWrHvaBFXT+7zeNyVuCnnlcpO6YV+OSzHL/2XyhbEP KzRvOX5W2n4n74yceK7j1HstgueWiR7/oNvGRD1L7i23uOiL+/mGty58/Hq3q0kmjmnWzJPhBf/x XgKxumnleZtuLOk4/WCjvaUv5r/8qPzrN5POr+EBeeumOlutwJT5wwqG5+6UoZ42q3jrq0+6flFw Xcq914sdmX+xbv4nnbZfbdKowZ4jo/sN/Dqt79m9HAcapVj0P9WZeTyUaxvHnxljGxoyWSMGEVme GUsqUyh7TUQjmZPsu9E0lkmFcQgZOpaQyNgrW+GkgxzRJ1uWkjaSMbKGcBIp70Oncs7pfc95/3g/ fd6/5rmue557ns99/+7v/K7rMXAzQ5nX7UBN/Zy8o0CHvTmBJz/KFbJtnDUQ73I/8Q7poKEgserW sH/GnP0qPZC8CQrRiTMqzjBxEQ5o4bHioOgfkrxf9gWrCm79xAX5r1w4SCZDcIA2ysPVw8mB6iKj 7091J1M8qLRVmIGgDuTEcNjtGjgIZrjfQ9xK+D05+3cEu0GxJYmDznVSF4/JyBikBVh579rYQ25r fTPm9TFFRPBl/w5quMRN9SzcxPKLOwYEuUcU4LmWDTK6pUTGdG7avWi/OSOvlmZ+PN2Y+9mHzf0Z /lEdV0/sDXkc9ny2dkY7t5lk2FtajH+5xT1FoiCPcoL4RjSJ/UEriZLVE2C/KdAwPEJHpPOEHSck GUbeDQ/1Z+J8HxOoSqwAdeu+DaDtuwcMxw+tzfZGWItbimi2HthBURLcIntvGwGfhcOfv8/U4Yog EYj0LcqcuJvmjw84DT9QdXxjiB8u4gHeGjEzu+xiFaxGTl41mzHq2Kark1kRSMoTzWS0ro8n6tYX 8dpzPPxMsKPQihwBBVbIgIbKXgQnyAF9rKHXN0myAispAQQCUmAkKMTF+3tpIgxDcK5ODNnfLzn4 yiwfurCEhwoxyQOpx3YWYsn5ujVPVEHxL1/aAEfwb0ICVoA/VM7sAfT/wDJUEf2YHlExZWgzekl5 AGmVbMvOBS0+scwUNAYNs/Zk6Ufu/ucs+zJMgaS9gqBVilmvoZgJCEF5DcV0/hsjt3Jg9nya9a/8 gsMA2+27QhSMSsfJetdxlZ7jKHXfQtP5cXv/1/t2qj7eU8z3sXVUFZsj13bKIjUU80MRXn3fL9mF xEuDftVVFe9olaaU+V1j+iEtA/yiHq15l2RUF/ksGon3VQfNHtT4DReuy+bII76sijG3mUk2uPRm dmpyMFJaU7eKeHHaSi5COZcumchK4paaYRHexTJbRtB5PxGaNj6IpyQrH/dJl3gnOW3V49Ymu0yS up8dW6t4g+ZE3JtteX9hNOcwsS8dbrhX3X7uWUk3Hee7lJuMZo97DF/JVrndtFUQ5RKX9vy37EUh BV4XnaQ3J6XNqrsGiCOdQRfESM1aIvZ9iVKmcaq3izX3Sk4KCksAP/Rp2WHaU+/xTkagYg/4oNAE /Cklk0uUrlnvlvoJvxybBJvTSYysjSYcR+Y7ctyQ1Dzt16rqok2vKNuE5sjXdd3oCwdvMDREXDah YvoEXzjPkduNuh+KjtIaERUP36v0S8dkFiHfoxX1itkLA1dCjKq5jxm7HNMjlBlMEF6XB9CeIDV5 fSRDsdIslHXfEPP9kLFgsXPqsoWI2qk6TsxJVrK+okdDYnxyM+NJOqZkHenSdHZJpHs4v6dqdYAX IHWheEYk+K1IuPytqA7PQmOs+sXeweP4x8AZR+Ou9qjmKrFFFIVRn4Mvhet5LnukX2AJFgpWbLPg 6WnAg3QubojfU5/5LeKuucpvye/Bb3AbqAlCxNbSAFfMKA67GmqAK+H3K/f/jt6Xmd7X+5+bJCif 8lITH6hlDd5Ns5SzKG7vEyPIC0x2FXTtK6aCMuvHuR9ZJwubJm00SChJJYEKzwCvkeDaiWhugXkU InU6uk26VUP+bMbMnJukylLwcJTU2DAhh1kvZ9XCWDTs4O08WtpZZoDIXsj3TnR7vKXXyKossnNo i5GaYlHkgUMH+dkcKu89z58Hfc/O2oIZi2d6UspHMCln3j1Az/LctPI5WGF4/rIJYGbsul5RybUw hf2QK8wse+HHgvXGG3jpl398fSjoI+yilAVPBCAIGr2++ULOqLpR1fpy6aYgfWxgW3r/zvBEpgO8 Umrd9aX59Buwdllz6+UFzoY7Mnyf6X0NWpGC/0TvbxbCf6C34Fp6QxkADEv9BN+w82AY49v4ZTrl OvzP5UkXpBWLMM2y8or3nTg8x41Wc/m/of4/Kt2htRZMiWkgcezV7hutKA583k6z3A+7rkY9bufD j77Wfjs4vkqtWyg71sexygbeSpBBW6T1ndRj2VSXHr4oOSAFiyyqDpo51zmxEzbJuh2P5GximLCm rYT7DlxLYA8zPB+F1r9KmuFSj+AY/UlZXtbv/dsldlCa2rp5bpZfjRghI84LSUmuYm6/5KZ61xI1 5kjaLZJ6TmY3i1sCt9CGNQvA4rdS+JrG/PDLEUh0/x2kQ9z04yrRccK5kLtaW4/m1I3XnOYzCO62 omAmwZbqIBeSHUwUuQH14NmG1N90b7keLldVH16IiGyzJI5k+CV5F23f1/2WVndV7KSj0lR2upIm V6CEYzN+k480fZrvnkp1x57yoYWJ05WDuYVUrSrC3eNyQgoBfLoHY48fMdqzoaa8vGy/W9Nlg+VQ GiY0Uxh0HTEQOirRlCmL6dwzunW0es6kTaX7CS50n4Kyibz9kTHiVP6LtIyWHeTaMEUq1/rJAExd Or1e0frn6574aGaAQ4UvE51fd9V4Woj8IQbnfeNjv2VTrFyza22G1FkhZzhetdQ2voqNGaosa3Gq CLLm7NZXsyhKKssLulaedcFf4mnCWbS/rDqukMc3yy52c13W1I8tmJ7xTQeaL06avpyHuZCj+U43 eTS98h0rSGnHKi2j7tqRnuzfyHyyqJ65W+2QiFczOucDlo6AjjCiAA6DgdBx+35++dttk69N5Kyw xhW79rt+eTmw/Gs71NADfI34sChw7ajwihn8fCMCC0Gp1ACL6wzYT4ge2HlQP9dJxvgpx2bQec0t /FgiaJ2lHLoF2A94AE4ABSCvNrldASogA1gDNMAPitygvAN05Q7QmAqh8v/2sFJpfmQ3ioOfO03m T38qCDoM4NRe0pE/U5bjZ03XykU7x7E4uEx46lX2+3rbHzukkbQ35Gnwr7NtnXJsN8nE3Ds2r2oD opuvg2PxpEWQurUQeZRjhx3d5BF+CuNaxw5mPXokg5a1tdlhiUKMir4OoKadQGuJb20QKZ/MpN6d tezp9cnHNygHbNP1Cox0UotyuYwyiypZJ+lEhlssJZ45daVko//0urDgWJ5BtkChGIbRkqrgqcWV 4XgjcYFRM7WU0mMco5RneznpeGUt/65Do3UWIckTvS39abh7D2S05V+fOz2YVcp3ewgrTb+TInVA t90CObq5bizdRPh5XUTClYap5MdTaZo3+0FNhxDS7aP1nVfimHT4FpAOl/+6R1xYOlwYSq1fVWXc d3MB334jsUaTP4BiayXJ9/XNCgz68S8jnFiB1abbNqwOVlsDp4k98hdFjl/l1rPWMSQx1vc67nRR 3+4uRn32J16vaIUr1s5WLjzO+kh2GGfzR8PziAXOzY0pphiRwJF2SsFF8V2/nTj34k6QeFFqeOOH 8DfBYfsEtE7AMwJpQU+HjyKCtDNmDfeSE9mDA9Gn/EVe/Kxerxi10dD4ntusT+sTuBeswsQzUtd3 7tqSfZ65rl3lLddGJ/mD3qLjmpJawrqa6Wqt0XjtuCCgtyo7P77g3PYr3Rs6TarhzxUmtH4pRIn1 Bo41YKNygIzTLDfiKQ5t/8D7QyX6mkH9QNd51IAXh86FV/feYSYnEeYzm4x/tdIKg22/V1fRoXTM zMo5+FbjGZx557XFDENum0rOfIGYmrbOMtm6MOz8Sw9X7j41+TQrwEMC+Bfdy1XxDQplbmRzdHJl YW0NCmVuZG9iag0KMTA2IDAgb2JqDQo8PC9UeXBlL1hSZWYvU2l6ZSAxMDYvV1sgMSA0IDJdIC9S b290IDEgMCBSL0luZm8gMzUgMCBSL0lEWzw0QjQ5NTQwMDYzN0RENDQ4QUFENTdDNUMzN0QxMUYw ND48NEI0OTU0MDA2MzdERDQ0OEFBRDU3QzVDMzdEMTFGMDQ+XSAvRmlsdGVyL0ZsYXRlRGVjb2Rl L0xlbmd0aCAyNjY+Pg0Kc3RyZWFtDQp4nDXRuzIDcRTH8f/GLeKSbJLNIkHu2HXJ1SUh0XkMj6Ey tCoUKlF4CIUZKg+g8ARmdOj0a/P7corzmTNzTvGbY0xYQWCF3TZmyCk8iEhWxL9E4gQ+hX0MbyJ5 BB8idSnS58KpiUxVuD2Ri8K3KFyJYh5uRCkGZ/Ajytei8i68V+E/ivqtaPhwL5oOXEAgWoMwXBjT MwfQgz7sw9/KYXjQfvqfImDBCIzBKIxDFCZgEqYgBtMwCzMQBxsSkIQUZCANDrgwBwswD1lYhBws QR6WoQBFKEMJKrACVViFNfDAh3XYhA3YgjrUoAEtaEIbdmAb9mAXutAJf9Th0113iDV4FncvxvwC FSEvow0KZW5kc3RyZWFtDQplbmRvYmoNCnhyZWYNCjAgMTA3DQowMDAwMDAwMDM2IDY1NTM1IGYN CjAwMDAwMDAwMTcgMDAwMDAgbg0KMDAwMDAwMDEyNSAwMDAwMCBuDQowMDAwMDAwMTgxIDAwMDAw IG4NCjAwMDAwMDA1MzkgMDAwMDAgbg0KMDAwMDAwNDA3NiAwMDAwMCBuDQowMDAwMDA0MjE1IDAw MDAwIG4NCjAwMDAwMDQzMzEgMDAwMDAgbg0KMDAwMDAwNDQ0NyAwMDAwMCBuDQowMDAwMDA0NTYz IDAwMDAwIG4NCjAwMDAwMDQ2NzkgMDAwMDAgbg0KMDAwMDAwNDgzNiAwMDAwMCBuDQowMDAwMDA1 MDA3IDAwMDAwIG4NCjAwMDAwMDUyNDggMDAwMDAgbg0KMDAwMDAwNTQyNCAwMDAwMCBuDQowMDAw MDA1NjcwIDAwMDAwIG4NCjAwMDAwMDU5NTAgMDAwMDAgbg0KMDAwMDAwNzE3NiAwMDAwMCBuDQow MDAwMDA3NDA1IDAwMDAwIG4NCjAwMDAwMDg1OTIgMDAwMDAgbg0KMDAwMDAwODczNiAwMDAwMCBu DQowMDAwMDA4ODUzIDAwMDAwIG4NCjAwMDAwMDg5NzAgMDAwMDAgbg0KMDAwMDAwOTA4NyAwMDAw MCBuDQowMDAwMDA5MjA0IDAwMDAwIG4NCjAwMDAwMDkzNjEgMDAwMDAgbg0KMDAwMDAwOTY5NyAw MDAwMCBuDQowMDAwMDEwOTU5IDAwMDAwIG4NCjAwMDAwMTExOTMgMDAwMDAgbg0KMDAwMDAxMjY5 OSAwMDAwMCBuDQowMDAwMDEyODQzIDAwMDAwIG4NCjAwMDAwMTI5NjEgMDAwMDAgbg0KMDAwMDAx MzA3NyAwMDAwMCBuDQowMDAwMDEzMTkzIDAwMDAwIG4NCjAwMDAwMTMzMTEgMDAwMDAgbg0KMDAw MDAxMzQ2OCAwMDAwMCBuDQowMDAwMDAwMDM3IDY1NTM1IGYNCjAwMDAwMDAwMzggNjU1MzUgZg0K MDAwMDAwMDAzOSA2NTUzNSBmDQowMDAwMDAwMDQwIDY1NTM1IGYNCjAwMDAwMDAwNDEgNjU1MzUg Zg0KMDAwMDAwMDA0MiA2NTUzNSBmDQowMDAwMDAwMDQzIDY1NTM1IGYNCjAwMDAwMDAwNDQgNjU1 MzUgZg0KMDAwMDAwMDA0NSA2NTUzNSBmDQowMDAwMDAwMDQ2IDY1NTM1IGYNCjAwMDAwMDAwNDcg NjU1MzUgZg0KMDAwMDAwMDA0OCA2NTUzNSBmDQowMDAwMDAwMDQ5IDY1NTM1IGYNCjAwMDAwMDAw NTAgNjU1MzUgZg0KMDAwMDAwMDA1MSA2NTUzNSBmDQowMDAwMDAwMDUyIDY1NTM1IGYNCjAwMDAw MDAwNTMgNjU1MzUgZg0KMDAwMDAwMDA1NCA2NTUzNSBmDQowMDAwMDAwMDU1IDY1NTM1IGYNCjAw MDAwMDAwNTYgNjU1MzUgZg0KMDAwMDAwMDA1NyA2NTUzNSBmDQowMDAwMDAwMDU4IDY1NTM1IGYN CjAwMDAwMDAwNTkgNjU1MzUgZg0KMDAwMDAwMDA2MCA2NTUzNSBmDQowMDAwMDAwMDYxIDY1NTM1 IGYNCjAwMDAwMDAwNjIgNjU1MzUgZg0KMDAwMDAwMDA2MyA2NTUzNSBmDQowMDAwMDAwMDY0IDY1 NTM1IGYNCjAwMDAwMDAwNjUgNjU1MzUgZg0KMDAwMDAwMDA2NiA2NTUzNSBmDQowMDAwMDAwMDY3 IDY1NTM1IGYNCjAwMDAwMDAwNjggNjU1MzUgZg0KMDAwMDAwMDA2OSA2NTUzNSBmDQowMDAwMDAw MDcwIDY1NTM1IGYNCjAwMDAwMDAwNzEgNjU1MzUgZg0KMDAwMDAwMDA3MiA2NTUzNSBmDQowMDAw MDAwMDczIDY1NTM1IGYNCjAwMDAwMDAwNzQgNjU1MzUgZg0KMDAwMDAwMDA3NSA2NTUzNSBmDQow MDAwMDAwMDc2IDY1NTM1IGYNCjAwMDAwMDAwNzcgNjU1MzUgZg0KMDAwMDAwMDA3OCA2NTUzNSBm DQowMDAwMDAwMDc5IDY1NTM1IGYNCjAwMDAwMDAwODAgNjU1MzUgZg0KMDAwMDAwMDA4MSA2NTUz NSBmDQowMDAwMDAwMDgyIDY1NTM1IGYNCjAwMDAwMDAwODMgNjU1MzUgZg0KMDAwMDAwMDA4NCA2 NTUzNSBmDQowMDAwMDAwMDg1IDY1NTM1IGYNCjAwMDAwMDAwODYgNjU1MzUgZg0KMDAwMDAwMDA4 NyA2NTUzNSBmDQowMDAwMDAwMDg4IDY1NTM1IGYNCjAwMDAwMDAwODkgNjU1MzUgZg0KMDAwMDAw MDA5MCA2NTUzNSBmDQowMDAwMDAwMDkxIDY1NTM1IGYNCjAwMDAwMDAwOTIgNjU1MzUgZg0KMDAw MDAwMDA5MyA2NTUzNSBmDQowMDAwMDAwMDk0IDY1NTM1IGYNCjAwMDAwMDAwOTUgNjU1MzUgZg0K MDAwMDAwMDA5NiA2NTUzNSBmDQowMDAwMDAwMDk3IDY1NTM1IGYNCjAwMDAwMDAwOTggNjU1MzUg Zg0KMDAwMDAwMDA5OSA2NTUzNSBmDQowMDAwMDAwMTAwIDY1NTM1IGYNCjAwMDAwMDAxMDEgNjU1 MzUgZg0KMDAwMDAwMDAwMCA2NTUzNSBmDQowMDAwMDE0ODY5IDAwMDAwIG4NCjAwMDAwMTUxMjcg MDAwMDAgbg0KMDAwMDEwNTY2MSAwMDAwMCBuDQowMDAwMTA1OTIzIDAwMDAwIG4NCjAwMDAxOTY3 MTkgMDAwMDAgbg0KdHJhaWxlcg0KPDwvU2l6ZSAxMDcvUm9vdCAxIDAgUi9JbmZvIDM1IDAgUi9J RFs8NEI0OTU0MDA2MzdERDQ0OEFBRDU3QzVDMzdEMTFGMDQ+PDRCNDk1NDAwNjM3REQ0NDhBQUQ1 N0M1QzM3RDExRjA0Pl0gPj4NCnN0YXJ0eHJlZg0KMTk3MTg4DQolJUVPRg0KeHJlZg0KMCAwDQp0 cmFpbGVyDQo8PC9TaXplIDEwNy9Sb290IDEgMCBSL0luZm8gMzUgMCBSL0lEWzw0QjQ5NTQwMDYz N0RENDQ4QUFENTdDNUMzN0QxMUYwND48NEI0OTU0MDA2MzdERDQ0OEFBRDU3QzVDMzdEMTFGMDQ+ XSAvUHJldiAxOTcxODgvWFJlZlN0bSAxOTY3MTk+Pg0Kc3RhcnR4cmVmDQoxOTk0ODgNCiUlRU9G --_004_8405f4a73b8d45fcbc8c970341f32773DFMTK5MBX1505exchangeco_-- From nobody Thu Mar 13 23:17:51 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2847E1A004A for ; Thu, 13 Mar 2014 23:17:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IVCMyWVD4oHH for ; Thu, 13 Mar 2014 23:17:48 -0700 (PDT) Received: from mail-pb0-x22b.google.com (mail-pb0-x22b.google.com [IPv6:2607:f8b0:400e:c01::22b]) by ietfa.amsl.com (Postfix) with ESMTP id 4B5991A0052 for ; Thu, 13 Mar 2014 23:17:48 -0700 (PDT) Received: by mail-pb0-f43.google.com with SMTP id um1so2163603pbc.16 for ; Thu, 13 Mar 2014 23:17:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=v02cogg34Clqjdbv+zyw+XCpAR+ezYArBX0BsQ7Xrw0=; b=yKK0Ux9QHjGg/ibqana+Gb5VEAON8hf1k7x2m4H3Ka8V5rU0V7Qtend7JWzrXLw8dL vI3eLIMTVD9eAkdNsDIMSIUYuQNJzFcTwzlsAv+q23VcGl0nN/dR/6MrTzStPkQtWSfu 3i0dBhZTrj61+EmsIb3ejk0QQKefNPaoz/EKQu/p5m+u57jFZJPPiNVTiFGq86VIP+4G gYaPpX90//sV1Z/qHmI3ucfBBya1cBMcLjxSkpuXrnHmQ7IDPzhbdLk+cYhQvcYRub4J CqqxL/ACiJAZSOG7zHkJ7Zx8NbBXDlBW4oFGNmaV13/NPAaEycNHuNqv96/08185ZXMM Tc3g== MIME-Version: 1.0 X-Received: by 10.68.254.103 with SMTP id ah7mr6895649pbd.159.1394777861721; Thu, 13 Mar 2014 23:17:41 -0700 (PDT) Received: by 10.68.195.104 with HTTP; Thu, 13 Mar 2014 23:17:41 -0700 (PDT) In-Reply-To: <8405f4a73b8d45fcbc8c970341f32773@DFM-TK5MBX15-05.exchange.corp.microsoft.com> References: <8405f4a73b8d45fcbc8c970341f32773@DFM-TK5MBX15-05.exchange.corp.microsoft.com> Date: Fri, 14 Mar 2014 09:17:41 +0300 Message-ID: From: Jerome Athias To: Trevor Freeman Content-Type: text/plain; charset=ISO-8859-1 Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/2sOv7sFGDlOaORvI72X0IazY39Y Cc: "Nancy Cam-Winget \(ncamwing\)" , "sacm@ietf.org" Subject: Re: [sacm] SACM Requirement Simple Architecture X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Mar 2014 06:17:50 -0000 +1 NB: that remembers me the CAESARS (Continuous Asset Evaluation, Situational Awareness, and Risk Scoring) architecture 2014-03-14 8:29 GMT+03:00 Trevor Freeman : > Hi Nancy, > > > > We need an endpoint posture attribute collection service whose job is to > collect the posture data from end points for SACM. That is a separate > function from the evaluation of the posture data to interpret the state of > the endpoint. There would most defiantly be a repository associated with the > collection service where that captured data is stored. The interpretation of > the data to deduce the endpoint state could be done real time as the data is > acquired, or post acquisition as far as the architecture is concerned. You > will need policy to determine what data to collect, and how often to collect > it. If you were collecting event logs for example, you would likely be > collecting them on a regular basis. How to interpret the posture attributes > will also need policy from multiple sources. For example, the endpoint will > likely have an update service so its software can be patched, there may also > be an AV service which will be publishing regular updates. To evaluate > therefore if a device is both patched and its av is current would need to > know the current policy from the update and AV services. There may well be > other services to collect policy data. > > > > A posture attribute consumer can query the evaluation serve to find out its > view of the endpoint state, or it may prefer to query the repository > directly because it wants to make its own evaluation. The posture consumer > may also query the repository for historical data about the endpoint. There > is no reason to think the posture repository would only have the latest > collection data. The collection process would be additive i.e. the new data > would be appended to the existing data. Conceivably a posture consumer may > also set policy on what data to collect, e.g. if the collector was > investigation a new incident indicator. > > > > There is definite value in standardizing how the collection process is > performed on the endpoint, and how the repository is queried by the > consumer. I don't see much up side to trying to standardize how the > collector stores the data in the repository, nor how the evaluator interacts > with the collector or repository. We can, for the purpose of the > architecture, consider them a box. Implementations are free to build them > however they want. > > > > Given the above I would draft the SACM simple architecture diagram slightly > differently. > > > > Trevor > > > > > > . > > > > > > > _______________________________________________ > sacm mailing list > sacm@ietf.org > https://www.ietf.org/mailman/listinfo/sacm > From nobody Mon Mar 17 10:49:57 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1297A1A044C for ; Mon, 17 Mar 2014 10:49:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -15.047 X-Spam-Level: X-Spam-Status: No, score=-15.047 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0CX91cQayJ5v for ; Mon, 17 Mar 2014 10:49:50 -0700 (PDT) Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) by ietfa.amsl.com (Postfix) with ESMTP id 461C51A042B for ; Mon, 17 Mar 2014 10:49:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=16754; q=dns/txt; s=iport; t=1395078582; x=1396288182; h=from:to:cc:subject:date:message-id:in-reply-to: mime-version; bh=krBJ6CYbZ3+J0rZ8cwpnWXYIxCKfC9WWCywaFleFLxQ=; b=UNTDkhCMbqTSFSiMq6rv2eZxbkrwcktGc/ybiZycDWKncBegMZFUGqXy SD4ZrNCAkxXqPreOVoscj9Nr11X60NduwpZ7lCiAZW3C7rJklkb7nQOYB vYHsLFj3kJMGGAnRCUAUDbJ2sKON2aip1VD1Kmcp1eJ5y+U6ctiNjCB2o 8=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AjYFAOc0J1OtJXG//2dsb2JhbABPCoJCRDtXvg2DdYEdFnSCJQECBC1MEgEIEQECAQIoORQDBggCBA4Fh3nSfBeODBM4EQeEOASYRpIvgy2BakE X-IronPort-AV: E=Sophos;i="4.97,671,1389744000"; d="scan'208,217";a="310883180" Received: from rcdn-core2-4.cisco.com ([173.37.113.191]) by rcdn-iport-8.cisco.com with ESMTP; 17 Mar 2014 17:49:42 +0000 Received: from xhc-aln-x14.cisco.com (xhc-aln-x14.cisco.com [173.36.12.88]) by rcdn-core2-4.cisco.com (8.14.5/8.14.5) with ESMTP id s2HHnfXb025433 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 17 Mar 2014 17:49:41 GMT Received: from xmb-aln-x02.cisco.com ([169.254.5.240]) by xhc-aln-x14.cisco.com ([173.36.12.88]) with mapi id 14.03.0123.003; Mon, 17 Mar 2014 12:49:41 -0500 From: "Nancy Cam-Winget (ncamwing)" To: Trevor Freeman Thread-Topic: SACM Requirement Simple Architecture Thread-Index: AQHPQglFrh2no2GPBke7c9UsgYAdvA== Date: Mon, 17 Mar 2014 17:49:41 +0000 Message-ID: In-Reply-To: <8405f4a73b8d45fcbc8c970341f32773@DFM-TK5MBX15-05.exchange.corp.microsoft.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.3.2.130206 x-originating-ip: [10.155.84.61] Content-Type: multipart/alternative; boundary="_000_CF48BBA7A1F12ncamwingciscocom_" MIME-Version: 1.0 Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/l9g6dRi0PnAfAoRVVsc5ZTi3pAE Cc: "sacm@ietf.org" Subject: Re: [sacm] SACM Requirement Simple Architecture X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Mar 2014 17:49:54 -0000 --_000_CF48BBA7A1F12ncamwingciscocom_ Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Hi Trevor, Thanks for providing this perspective! Please see further questions commen= ts below: From: Trevor Freeman > Date: Thursday, March 13, 2014 10:29 PM To: "ncamwing@cisco.com" > Cc: "sacm@ietf.org" > Subject: SACM Requirement Simple Architecture Hi Nancy, We need an endpoint posture attribute collection service whose job is to co= llect the posture data from end points for SACM. That is a separate functio= n from the evaluation of the posture data to interpret the state of the end= point. There would most defiantly be a repository associated with the colle= ction service where that captured data is stored. The interpretation of the data to deduce the endpoint state could be done real = time as the data is acquired, or post acquisition as far as the architectur= e is concerned. You will need policy to determine what data to collect, and= how often to collect it. If you were collecting event logs for example, yo= u would likely be collecting them on a regular basis. How to interpret the = posture attributes will also need policy from multiple sources. For example= , the endpoint will likely have an update service so its software can be pa= tched, there may also be an AV service which will be publishing regular upd= ates. To evaluate therefore if a device is both patched and its av is curre= nt would need to know the current policy from the update and AV services. T= here may well be other services to collect policy data. [NCW] I believe you are detailing a specific implementation of the Endpoi= nt Assessment Use Case (e.g. Section 2.1 of draft-ietf-sacm-use-cases-06)= =85..agreed that these are things that need to be addressed by the things w= e standardize but what you describe is only one potential instantiation for= the need to describe the set of posture attributes and "profile" that driv= es what posture attributes to collect (I am trying to distinguish this from= "policy" as imho "policy" may be too vague for our purposes, as we have us= ed terms like "configuration checklist", "endpoint characterization" and "c= hecklist verification" in the use cases that would help drive 'what' attrib= utes would need to be collected). A posture attribute consumer can query the evaluation serve to find out its= view of the endpoint state, or it may prefer to query the repository direc= tly because it wants to make its own evaluation. The posture consumer may a= lso query the repository for historical data about the endpoint. There is n= o reason to think the posture repository would only have the latest collect= ion data. The collection process would be additive i.e. the new data would = be appended to the existing data. Conceivably a posture consumer may also= set policy on what data to collect, e.g. if the collector was investigatio= n a new incident indicator. [NCW] From a SACM perspective, the query requirement needs to be addressed= whether the "provider" is an evaluator or a repository (or a system that c= ouples both, or a system as you describe in your diagram that does collecti= on, evaluation and storage). There is definite value in standardizing how the collection process is perf= ormed on the endpoint, and how the repository is queried by the consumer. I= don=92t see much up side to trying to standardize how the collector stores= the data in the repository, nor how the evaluator interacts with the colle= ctor or repository. We can, for the purpose of the architecture, consider t= hem a box. Implementations are free to build them however they want. [NCW] Not disagreeing that we need to address the collection progress, am j= ust not sure we need to constrain it to "endpoint" only=85.agree that imple= mentation (e.g. How the data is stored or how evaluator interacts with the = collector or repository is in our scope). Which is why, from SACMs scope, = I distilled it to a simple interaction of a Provider who could provide: - a list of endpoint and their identifiers - provide "profiles" (e.g. The grouping list) of posture attributes that e= ither need to be collected or evaluated - posture attribute values (marked by some filtering to address the use ca= ses; e.g. Either by endpoint, list of endpoints or a combination of the end= points and the "profiles") To do the collection and facilitate the orchestration, we need to start wit= h the information model, but we'll also need the data models, protocols and= transports to instantiate the standards and ensure interoperability. The = charter states that we need to identify how what we standardize is distinct= from other standards (like NEA and MILE and others outside the IETF)=85..t= he simple architecture I drew was to first call out distinguishers from NEA= =85.but obviously, we need to clarify this further. Given the above I would draft the SACM simple architecture diagram slightly= differently. [NCW] Can you help clarify from the provided architecture diagram what wou= ld be in scope for SACM? Trevor . --_000_CF48BBA7A1F12ncamwingciscocom_ Content-Type: text/html; charset="Windows-1252" Content-ID: <6917EF7FADA61247A7EE9BC733E18CFD@emea.cisco.com> Content-Transfer-Encoding: quoted-printable
Hi Trevor,

Thanks for providing this perspective!  Please see further questi= ons comments below:

From: Trevor Freeman <trevorf@exchange.microsoft.com&= gt;
Date: Thursday, March 13, 2014 10:2= 9 PM
To: "ncamwing@cisco.com" <ncamwing@cisco.com>
Cc: "sacm@ietf.org" <sacm@i= etf.org>
Subject: SACM Requirement Simple Ar= chitecture

Hi Nancy,

 

We need an endpoint posture attribute collection ser= vice whose job is to collect the posture data from end points for SACM. Tha= t is a separate function from the evaluation of the posture data to interpr= et the state of the endpoint. There would most defiantly be a repository associated with the collection servic= e where that captured data is stored. The

interpretation of the data to deduce the endpoint st= ate could be done real time as the data is acquired, or post acquisition as= far as the architecture is concerned. You will need policy to determine wh= at data to collect, and how often to collect it. If you were collecting event logs for example, you would li= kely be collecting them on a regular basis. How to interpret the posture at= tributes will also need policy from multiple sources. For example, the endp= oint will likely have an update service so its software can be patched, there may also be an AV service wh= ich will be publishing regular updates. To evaluate therefore if a device i= s both patched and its av is current would need to know the current policy = from the update and AV services. There may well be other services to collect policy data.

 [NCW]  I believe you are detailing a= specific implementation of the Endpoint Assessment Use Case (e.g. Section = 2.1 of draft-ietf-sacm-use-cases-06)=85..agreed that these are things that = need to be addressed by the things we standardize but what you describe is only one potential instantiation for the need to = describe the set of posture attributes and "profile" that drives = what posture attributes to collect (I am trying to distinguish this from &q= uot;policy" as imho "policy" may be too vague for our purposes, as we have used terms like "configuration checklist&quo= t;, "endpoint characterization" and "checklist verification&= quot; in the use cases that would help drive 'what' attributes would need t= o be collected).

A posture attribute consumer can query the evaluatio= n serve to find out its view of the endpoint state, or it may prefer to que= ry the repository directly because it wants to make its own evaluation. The= posture consumer may also query the repository for historical data about the endpoint. There is no reason to t= hink the posture repository would only have the latest collection data. The= collection process would be additive i.e. the new data would be appended t= o the existing data.   Conceivably a posture consumer may also set policy on what data to collect, e.g. if th= e collector was investigation a new incident indicator.
[NCW]  From a SACM perspective, the query requirement needs to be= addressed whether the "provider" is an evaluator or a repository= (or a system that couples both, or a system as you describe in your diagra= m that does collection, evaluation and storage).  

 

There is definite value in standardizing how the col= lection process is performed on the endpoint, and how the repository is que= ried by the consumer. I don=92t see much up side to trying to standardize h= ow the collector stores the data in the repository, nor how the evaluator interacts with the collector or repo= sitory. We can, for the purpose of the architecture, consider them a box. I= mplementations are free to build them however they want.
[NCW] Not disagreeing that we need to address the collection progress,= am just not sure we need to constrain it to "endpoint" only=85.a= gree that implementation (e.g. How the data is stored or how evaluator inte= racts with the collector or repository is in our scope).  Which is why, from SACMs scope, I distilled it to a simp= le interaction of a Provider who could provide:
 - a list of endpoint and their identifiers
 - provide "profiles" (e.g. The grouping list) of postu= re attributes that either need to be collected or evaluated
 - posture attribute values (marked by some filtering to address = the use cases; e.g. Either by endpoint, list of endpoints or a combination = of the endpoints and the "profiles")

To do the collection and facilitate the orchestration, we need to star= t with the information model, but we'll also need the data models, protocol= s and transports to instantiate the standards and ensure interoperability. =  The charter states that we need to identify how what we standardize is distinct from other standards (like= NEA and MILE and others outside the IETF)=85..the simple architecture I dr= ew was to first call out distinguishers from NEA=85.but obviously, we need = to clarify this further.

 

Given the above I would draft the SACM simple archit= ecture diagram slightly differently.
[NCW]  Can you help clarify from the provided architecture diagra= m what would be in scope for SACM?

 

Trevor

 

 

.

 

 

 --_000_CF48BBA7A1F12ncamwingciscocom_-- From nobody Mon Mar 17 11:29:54 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D1DF1A0440 for ; Mon, 17 Mar 2014 11:29:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.347 X-Spam-Level: X-Spam-Status: No, score=-2.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RP_MATCHES_RCVD=-0.547] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6DGfJtjUcPty for ; Mon, 17 Mar 2014 11:29:50 -0700 (PDT) Received: from server.threatguard.com (server.threatguard.com [207.55.247.173]) by ietfa.amsl.com (Postfix) with ESMTP id 99CA91A02FB for ; Mon, 17 Mar 2014 11:29:50 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=threatguard.com; b=GPobyLTmCCY78LbbT4Pe6tPAaEKIAI9UIN4uRu3Nz4r9p4aq/IUzhiPY5TapdCgRtf2P3eDGkSZDU71GCIpXFaf9y9cSbhzDbfNBD9lRAkoH0sG3y5DG4ZjavjfUCCOM; h=Received:Received:Message-ID:Date:From:Organization:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding; Received: (qmail 3763 invoked from network); 17 Mar 2014 11:37:47 -0700 Received: from h96-61-82-50.cntcnh.dsl.dynamic.tds.net (HELO ?172.16.1.22?) (96.61.82.50) by 207.55.247.241 with ESMTPSA (DHE-RSA-AES128-SHA encrypted, authenticated); 17 Mar 2014 11:37:46 -0700 Message-ID: <53273F29.3080505@ThreatGuard.com> Date: Mon, 17 Mar 2014 14:30:01 -0400 From: Gunnar Engelbach Organization: ThreatGuard, Inc. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: "Nancy Cam-Winget (ncamwing)" , Trevor Freeman References: In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/4uHpR7f4bfJSaiq3UoJ8RRK5kSg Cc: "sacm@ietf.org" Subject: Re: [sacm] SACM Requirement Simple Architecture X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Mar 2014 18:29:53 -0000 Referring to this and other discussions we've had in the past, it seems that SCAM, at its lowest level, devolves into a set of discrete logical components. These components are defined by what type of action requests they can handle and respond to. A "collector", for example, accepts a request for system artifact(s) and responds with those data items (or accepts a request for change notification). The collector might be an agent on an endpoint, a front-end for a CMDB, a proxy for an SNMP/NEA/etc link to endpoints, and so on. Within this model there is a very wide diversity of how these components can be combined. So my question is, at this point in the process, is there a consensus on whether there should be any restrictions on how these can be combined? In any case, it seems that it help communicate the functionality of SACM if multiple architecture examples were available, but none of the existing documents seem like a good place for that. Possibly in an architecture document, or somewhere else? Also, while this might seem a bit soon in the process to be drawing such examples, I think in fact being able to visualize more examples would assist the rest of the process. --gun On 3/17/2014 1:49 PM, Nancy Cam-Winget (ncamwing) wrote: > Hi Trevor, > > Thanks for providing this perspective! Please see further questions > comments below: > > From: Trevor Freeman > > Date: Thursday, March 13, 2014 10:29 PM > To: "ncamwing@cisco.com " > > Cc: "sacm@ietf.org " > > Subject: SACM Requirement Simple Architecture > > Hi Nancy, > > We need an endpoint posture attribute collection service whose job is to > collect the posture data from end points for SACM. That is a separate > function from the evaluation of the posture data to interpret the state > of the endpoint. There would most defiantly be a repository associated > with the collection service where that captured data is stored. The > > interpretation of the data to deduce the endpoint state could be done > real time as the data is acquired, or post acquisition as far as the > architecture is concerned. You will need policy to determine what data > to collect, and how often to collect it. If you were collecting event > logs for example, you would likely be collecting them on a regular > basis. How to interpret the posture attributes will also need policy > from multiple sources. For example, the endpoint will likely have an > update service so its software can be patched, there may also be an AV > service which will be publishing regular updates. To evaluate therefore > if a device is both patched and its av is current would need to know the > current policy from the update and AV services. There may well be other > services to collect policy data. > > [NCW] I believe you are detailing a specific implementation of the > Endpoint Assessment Use Case (e.g. Section 2.1 of > draft-ietf-sacm-use-cases-06)…..agreed that these are things that need > to be addressed by the things we standardize but what you describe is > only one potential instantiation for the need to describe the set of > posture attributes and "profile" that drives what posture attributes to > collect (I am trying to distinguish this from "policy" as imho "policy" > may be too vague for our purposes, as we have used terms like > "configuration checklist", "endpoint characterization" and "checklist > verification" in the use cases that would help drive 'what' attributes > would need to be collected). > > > A posture attribute consumer can query the evaluation serve to find out > its view of the endpoint state, or it may prefer to query the repository > directly because it wants to make its own evaluation. The posture > consumer may also query the repository for historical data about the > endpoint. There is no reason to think the posture repository would only > have the latest collection data. The collection process would be > additive i.e. the new data would be appended to the existing data. > Conceivably a posture consumer may also set policy on what data to > collect, e.g. if the collector was investigation a new incident indicator. > > [NCW] From a SACM perspective, the query requirement needs to be > addressed whether the "provider" is an evaluator or a repository (or a > system that couples both, or a system as you describe in your diagram > that does collection, evaluation and storage). > > There is definite value in standardizing how the collection process is > performed on the endpoint, and how the repository is queried by the > consumer. I don’t see much up side to trying to standardize how the > collector stores the data in the repository, nor how the evaluator > interacts with the collector or repository. We can, for the purpose of > the architecture, consider them a box. Implementations are free to build > them however they want. > > [NCW] Not disagreeing that we need to address the collection progress, > am just not sure we need to constrain it to "endpoint" only….agree that > implementation (e.g. How the data is stored or how evaluator interacts > with the collector or repository is in our scope). Which is why, from > SACMs scope, I distilled it to a simple interaction of a Provider who > could provide: > - a list of endpoint and their identifiers > - provide "profiles" (e.g. The grouping list) of posture attributes > that either need to be collected or evaluated > - posture attribute values (marked by some filtering to address the > use cases; e.g. Either by endpoint, list of endpoints or a combination > of the endpoints and the "profiles") > > To do the collection and facilitate the orchestration, we need to start > with the information model, but we'll also need the data models, > protocols and transports to instantiate the standards and ensure > interoperability. The charter states that we need to identify how what > we standardize is distinct from other standards (like NEA and MILE and > others outside the IETF)…..the simple architecture I drew was to first > call out distinguishers from NEA….but obviously, we need to clarify this > further. > > Given the above I would draft the SACM simple architecture diagram > slightly differently. > > [NCW] Can you help clarify from the provided architecture diagram what > would be in scope for SACM? > > Trevor > > . > > > > _______________________________________________ > sacm mailing list > sacm@ietf.org > https://www.ietf.org/mailman/listinfo/sacm > From nobody Mon Mar 17 13:41:21 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A28201A0476 for ; Mon, 17 Mar 2014 13:41:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -15.048 X-Spam-Level: X-Spam-Status: No, score=-15.048 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iG5nGSYIRTEv for ; Mon, 17 Mar 2014 13:41:16 -0700 (PDT) Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) by ietfa.amsl.com (Postfix) with ESMTP id A15E61A01E1 for ; Mon, 17 Mar 2014 13:41:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7578; q=dns/txt; s=iport; t=1395088869; x=1396298469; h=from:to:cc:subject:date:message-id:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=f00Uvcg7BSPCWQmsl+dxTiYGXH71hl3c8XmAaIUfCEc=; b=KV5/gxxsIJHW/nMXjXfb4BdvKSrHZVgVNiykReh1FbK/UGC8cKl5xVb+ PYqMxCOTH6VjtEffCi3bRMLgWjZsHBd1zC7hALxmE36Qgl5oXIjxKEKyr uslBRxyG3Vsaxlhpm06KTcHldFdsf+msFMBLnEXsY1vUi8YYia6Y+d33h o=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AgUFACJdJ1OtJXG//2dsb2JhbABPCoMGO1e6V4c9gSQWdIIlAQEBBAEBAWsLEgEIEQECAQIBJy4LFAMGCAIEAQ0Fh3kN03gTBI4FBxMWMwcChDYEmEaSMIMtgWpB X-IronPort-AV: E=Sophos;i="4.97,672,1389744000"; d="scan'208";a="310900882" Received: from rcdn-core2-4.cisco.com ([173.37.113.191]) by rcdn-iport-7.cisco.com with ESMTP; 17 Mar 2014 20:41:07 +0000 Received: from xhc-aln-x05.cisco.com (xhc-aln-x05.cisco.com [173.36.12.79]) by rcdn-core2-4.cisco.com (8.14.5/8.14.5) with ESMTP id s2HKf79F000643 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 17 Mar 2014 20:41:07 GMT Received: from xmb-aln-x02.cisco.com ([169.254.5.240]) by xhc-aln-x05.cisco.com ([173.36.12.79]) with mapi id 14.03.0123.003; Mon, 17 Mar 2014 15:41:06 -0500 From: "Nancy Cam-Winget (ncamwing)" To: Gunnar Engelbach , Trevor Freeman Thread-Topic: [sacm] SACM Requirement Simple Architecture Thread-Index: AQHPQiE47I9AG6TaqEeW1iVXGpF/Bg== Date: Mon, 17 Mar 2014 20:41:05 +0000 Message-ID: In-Reply-To: <53273F29.3080505@ThreatGuard.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.3.2.130206 x-originating-ip: [10.155.84.61] Content-Type: text/plain; charset="Windows-1252" Content-ID: <00F7CF1EFD02F64A99796A1D61EC1A27@emea.cisco.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/LfnWCeNeF0SLBFCZVy4NQW7WOuo Cc: "sacm@ietf.org" Subject: Re: [sacm] SACM Requirement Simple Architecture X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Mar 2014 20:41:19 -0000 Hi Gunnar, You raise an excellent question: So my question is, at this point in the process, is there a consensus on whether there should be any restrictions on how these can be combined? [NCW] I had presumed that to be the case given the use case discussions=8A. Your suggestion to visualize especially the use cases would be good=8A.anybody want to help with that? I can try to start on this but may take me a week or two as my work schedule's full at the moment=8A. Nancy. On 3/17/14 11:30 AM, "Gunnar Engelbach" wrote: > > >Referring to this and other discussions we've had in the past, it seems >that SCAM, at its lowest level, devolves into a set of discrete logical >components. These components are defined by what type of action >requests they can handle and respond to. > >A "collector", for example, accepts a request for system artifact(s) and >responds with those data items (or accepts a request for change >notification). The collector might be an agent on an endpoint, a >front-end for a CMDB, a proxy for an SNMP/NEA/etc link to endpoints, and >so on. > > >Within this model there is a very wide diversity of how these components >can be combined. > >So my question is, at this point in the process, is there a consensus on >whether there should be any restrictions on how these can be combined? > >In any case, it seems that it help communicate the functionality of SACM >if multiple architecture examples were available, but none of the >existing documents seem like a good place for that. Possibly in an >architecture document, or somewhere else? > >Also, while this might seem a bit soon in the process to be drawing such >examples, I think in fact being able to visualize more examples would >assist the rest of the process. > > >--gun > > >On 3/17/2014 1:49 PM, Nancy Cam-Winget (ncamwing) wrote: >> Hi Trevor, >> >> Thanks for providing this perspective! Please see further questions >> comments below: >> >> From: Trevor Freeman > > >> Date: Thursday, March 13, 2014 10:29 PM >> To: "ncamwing@cisco.com " > > >> Cc: "sacm@ietf.org " > > >> Subject: SACM Requirement Simple Architecture >> >> Hi Nancy, >> >> We need an endpoint posture attribute collection service whose job is to >> collect the posture data from end points for SACM. That is a separate >> function from the evaluation of the posture data to interpret the state >> of the endpoint. There would most defiantly be a repository associated >> with the collection service where that captured data is stored. The >> >> interpretation of the data to deduce the endpoint state could be done >> real time as the data is acquired, or post acquisition as far as the >> architecture is concerned. You will need policy to determine what data >> to collect, and how often to collect it. If you were collecting event >> logs for example, you would likely be collecting them on a regular >> basis. How to interpret the posture attributes will also need policy >> from multiple sources. For example, the endpoint will likely have an >> update service so its software can be patched, there may also be an AV >> service which will be publishing regular updates. To evaluate therefore >> if a device is both patched and its av is current would need to know the >> current policy from the update and AV services. There may well be other >> services to collect policy data. >> >> [NCW] I believe you are detailing a specific implementation of the >> Endpoint Assessment Use Case (e.g. Section 2.1 of >> draft-ietf-sacm-use-cases-06)=8A..agreed that these are things that need >> to be addressed by the things we standardize but what you describe is >> only one potential instantiation for the need to describe the set of >> posture attributes and "profile" that drives what posture attributes to >> collect (I am trying to distinguish this from "policy" as imho "policy" >> may be too vague for our purposes, as we have used terms like >> "configuration checklist", "endpoint characterization" and "checklist >> verification" in the use cases that would help drive 'what' attributes >> would need to be collected). >> >> >> A posture attribute consumer can query the evaluation serve to find out >> its view of the endpoint state, or it may prefer to query the repository >> directly because it wants to make its own evaluation. The posture >> consumer may also query the repository for historical data about the >> endpoint. There is no reason to think the posture repository would only >> have the latest collection data. The collection process would be >> additive i.e. the new data would be appended to the existing data. >> Conceivably a posture consumer may also set policy on what data to >> collect, e.g. if the collector was investigation a new incident >>indicator. >> >> [NCW] From a SACM perspective, the query requirement needs to be >> addressed whether the "provider" is an evaluator or a repository (or a >> system that couples both, or a system as you describe in your diagram >> that does collection, evaluation and storage). >> >> There is definite value in standardizing how the collection process is >> performed on the endpoint, and how the repository is queried by the >> consumer. I don=B9t see much up side to trying to standardize how the >> collector stores the data in the repository, nor how the evaluator >> interacts with the collector or repository. We can, for the purpose of >> the architecture, consider them a box. Implementations are free to build >> them however they want. >> >> [NCW] Not disagreeing that we need to address the collection progress, >> am just not sure we need to constrain it to "endpoint" only=8A.agree tha= t >> implementation (e.g. How the data is stored or how evaluator interacts >> with the collector or repository is in our scope). Which is why, from >> SACMs scope, I distilled it to a simple interaction of a Provider who >> could provide: >> - a list of endpoint and their identifiers >> - provide "profiles" (e.g. The grouping list) of posture attributes >> that either need to be collected or evaluated >> - posture attribute values (marked by some filtering to address the >> use cases; e.g. Either by endpoint, list of endpoints or a combination >> of the endpoints and the "profiles") >> >> To do the collection and facilitate the orchestration, we need to start >> with the information model, but we'll also need the data models, >> protocols and transports to instantiate the standards and ensure >> interoperability. The charter states that we need to identify how what >> we standardize is distinct from other standards (like NEA and MILE and >> others outside the IETF)=8A..the simple architecture I drew was to first >> call out distinguishers from NEA=8A.but obviously, we need to clarify th= is >> further. >> >> Given the above I would draft the SACM simple architecture diagram >> slightly differently. >> >> [NCW] Can you help clarify from the provided architecture diagram what >> would be in scope for SACM? >> >> Trevor >> >> . >> >> >> >> _______________________________________________ >> sacm mailing list >> sacm@ietf.org >> https://www.ietf.org/mailman/listinfo/sacm >> From nobody Wed Mar 19 09:53:56 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB8FB1A073B for ; Wed, 19 Mar 2014 09:53:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xa6n5RH1Z8nY for ; Wed, 19 Mar 2014 09:53:47 -0700 (PDT) Received: from na01-by1-obe.outbound.o365filtering.com (na01-by1-obe.ptr.o365filtering.com [64.4.22.93]) by ietfa.amsl.com (Postfix) with ESMTP id 79BE21A06D8 for ; Wed, 19 Mar 2014 09:53:47 -0700 (PDT) Received: from BLUSR01CA101.namsdf01.sdf.exchangelabs.com (10.255.124.146) by BLUSR01MB591.namsdf01.sdf.exchangelabs.com (10.255.124.165) with Microsoft SMTP Server (TLS) id 15.0.913.2; Wed, 19 Mar 2014 16:53:36 +0000 Received: from BY1FFOFD001.ffo.gbl (10.255.124.132) by BLUSR01CA101.outlook.office365.com (10.255.124.146) with Microsoft SMTP Server (TLS) id 15.0.913.3 via Frontend Transport; Wed, 19 Mar 2014 16:53:35 +0000 Received: from hybrid.exchange.microsoft.com (131.107.147.100) by BY1FFOFD001.mail.o365filtering.com (10.1.16.83) with Microsoft SMTP Server (TLS) id 15.0.898.4 via Frontend Transport; Wed, 19 Mar 2014 16:53:35 +0000 Received: from DFM-TK5MBX15-08.exchange.corp.microsoft.com (157.54.109.47) by DFM-TK5EDG15-02.exchange.corp.microsoft.com (157.54.27.97) with Microsoft SMTP Server (TLS) id 15.0.847.32; Wed, 19 Mar 2014 09:53:30 -0700 Received: from DFM-TK5MBX15-05.exchange.corp.microsoft.com (157.54.109.44) by DFM-TK5MBX15-08.exchange.corp.microsoft.com (157.54.109.47) with Microsoft SMTP Server (TLS) id 15.0.847.32; Wed, 19 Mar 2014 09:53:30 -0700 Received: from DFM-TK5MBX15-05.exchange.corp.microsoft.com ([157.54.109.44]) by DFM-TK5MBX15-05.exchange.corp.microsoft.com ([169.254.5.115]) with mapi id 15.00.0847.030; Wed, 19 Mar 2014 09:53:29 -0700 From: Trevor Freeman To: "Nancy Cam-Winget (ncamwing)" Thread-Topic: SACM Requirement Simple Architecture Thread-Index: Ac8/P4N6GIiG0PR2StmAAEIIQPSM+ADBG6uAAAwiRgA= Date: Wed, 19 Mar 2014 16:53:29 +0000 Message-ID: <3d88976fa9274a9ea99e0608fa0285f7@DFM-TK5MBX15-05.exchange.corp.microsoft.com> References: <8405f4a73b8d45fcbc8c970341f32773@DFM-TK5MBX15-05.exchange.corp.microsoft.com> In-Reply-To: Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.59.235.233] Content-Type: multipart/alternative; boundary="_000_3d88976fa9274a9ea99e0608fa0285f7DFMTK5MBX1505exchangeco_" MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:131.107.147.100; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10009001)(377454003)(52604005)(199002)(189002)(51856001)(54356001)(63696002)(83322001)(79102001)(44976005)(19580405001)(15202345003)(76786001)(19580395003)(20776003)(46102001)(59766001)(77982001)(71186001)(56776001)(69226001)(65816001)(81342001)(80022001)(81542001)(4396001)(512954002)(53806001)(6806004)(80976001)(15975445006)(81686001)(81816001)(74366001)(16236675003)(49866001)(47976001)(50986001)(74706001)(74876001)(93516002)(97186001)(31966008)(74662001)(85306002)(2656002)(97336001)(92566001)(76482001)(97736001)(83072002)(95416001)(95666003)(2009001)(94946001)(93136001)(85852003)(84676001)(87936001)(90146001)(56816005)(76796001)(54316002)(87266001)(47446002)(74502001)(77096001)(66066001)(47736001)(84326002)(94316002)(19300405004)(33646001)(24736002); DIR:OUT; SFP:1101; SCL:1; SRVR:BLUSR01MB591; H:hybrid.exchange.microsoft.com; FPR:F6FFF23D.ACF293D1.F1D13C43.50E8CA71.206BB; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en; X-Exchange-Antispam-Report-Test: BULK:None; ACTION:Default; RISK:Low; SCL:0; SPMLVL:NotSpam; PCL:0; RULEID:(2001) X-Forefront-PRVS: 01559F388D X-OriginatorOrg: exchange.microsoft.com Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/KPNFgAU4O5gaYj7tX8r7W76Eqas Cc: "sacm@ietf.org" , Atul Shah Subject: Re: [sacm] SACM Requirement Simple Architecture X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Mar 2014 16:53:54 -0000 --_000_3d88976fa9274a9ea99e0608fa0285f7DFMTK5MBX1505exchangeco_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Nancy, No problem. Hope this reply makes sense. I have been grabbing time between meeting to c= ompose this. Don't want you to feel that you are alone in this endeavor and that the dia= log will help us all:) From: sacm [mailto:sacm-bounces@ietf.org] On Behalf Of Nancy Cam-Winget (nc= amwing) Sent: Monday, March 17, 2014 10:50 AM To: Trevor Freeman Cc: sacm@ietf.org Subject: Re: [sacm] SACM Requirement Simple Architecture Hi Trevor, Thanks for providing this perspective! Please see further questions commen= ts below: From: Trevor Freeman > Date: Thursday, March 13, 2014 10:29 PM To: "ncamwing@cisco.com" > Cc: "sacm@ietf.org" > Subject: SACM Requirement Simple Architecture Hi Nancy, We need an endpoint posture attribute collection service whose job is to co= llect the posture data from end points for SACM. That is a separate functio= n from the evaluation of the posture data to interpret the state of the end= point. There would most defiantly be a repository associated with the colle= ction service where that captured data is stored. The interpretation of the data to deduce the endpoint state could be done real = time as the data is acquired, or post acquisition as far as the architectur= e is concerned. You will need policy to determine what data to collect, and= how often to collect it. If you were collecting event logs for example, yo= u would likely be collecting them on a regular basis. How to interpret the = posture attributes will also need policy from multiple sources. For example= , the endpoint will likely have an update service so its software can be pa= tched, there may also be an AV service which will be publishing regular upd= ates. To evaluate therefore if a device is both patched and its av is curre= nt would need to know the current policy from the update and AV services. T= here may well be other services to collect policy data. [NCW] I believe you are detailing a specific implementation of the Endpoi= nt Assessment Use Case (e.g. Section 2.1 of draft-ietf-sacm-use-cases-06)..= ...agreed that these are things that need to be addressed by the things we = standardize but what you describe is only one potential instantiation for t= he need to describe the set of posture attributes and "profile" that drives= what posture attributes to collect (I am trying to distinguish this from "= policy" as imho "policy" may be too vague for our purposes, as we have used= terms like "configuration checklist", "endpoint characterization" and "che= cklist verification" in the use cases that would help drive 'what' attribut= es would need to be collected). [TF] I am not wedded to the term policy as it often comes with the kind of = baggage you describe, but the collection process does need input from a var= iety of sources on what posture attributes to collect. I also don't think c= onfiguration by itself cuts it. I think of configuration as a set of parame= ters necessary for the functioning of the service itself and therefore a ma= tter for the local admin. This data set would be more dynamic. A posture attribute consumer can query the evaluation serve to find out its= view of the endpoint state, or it may prefer to query the repository direc= tly because it wants to make its own evaluation. The posture consumer may a= lso query the repository for historical data about the endpoint. There is n= o reason to think the posture repository would only have the latest collect= ion data. The collection process would be additive i.e. the new data would = be appended to the existing data. Conceivably a posture consumer may also= set policy on what data to collect, e.g. if the collector was investigatio= n a new incident indicator. [NCW] From a SACM perspective, the query requirement needs to be addressed= whether the "provider" is an evaluator or a repository (or a system that c= ouples both, or a system as you describe in your diagram that does collecti= on, evaluation and storage). [TF] In your diagram, every evaluator has a repository so I am not sure of = your distinction between evaluator and repository. The collected data will = need to be stored so it can be proceed so every SACM posture attribute coll= ection will have a repository of some form. I don't think that impacts the = architecture. Different instances of a SACM service may have a repositorie= s of varying capacities. From an architecture perspective, this is all irre= levant. Conceptually, the consumer can issue a query to the SACM service f= or either its evaluated option, or raw collection data. The SACM service ma= y be unable to comply with the request for a variety of reasons. Maybe the = repository is of limited capacity, maybe it has a large capacity but the se= rvice is new so has no data. Maybe because of policy (that word again I kno= w). The consumer will have to handle those cases. It cannot expect to have= all its requests met. There is definite value in standardizing how the collection process is perf= ormed on the endpoint, and how the repository is queried by the consumer. I= don't see much up side to trying to standardize how the collector stores t= he data in the repository, nor how the evaluator interacts with the collect= or or repository. We can, for the purpose of the architecture, consider the= m a box. Implementations are free to build them however they want. [NCW] Not disagreeing that we need to address the collection progress, am j= ust not sure we need to constrain it to "endpoint" only....agree that imple= mentation (e.g. How the data is stored or how evaluator interacts with the = collector or repository is in our scope). Which is why, from SACMs scope, = I distilled it to a simple interaction of a Provider who could provide: - a list of endpoint and their identifiers - provide "profiles" (e.g. The grouping list) of posture attributes that e= ither need to be collected or evaluated - posture attribute values (marked by some filtering to address the use ca= ses; e.g. Either by endpoint, list of endpoints or a combination of the end= points and the "profiles") [TF] I agree we should have a short description for the typical cases. We a= lso need to respond to new developments i.e. specify arbitrary attributes t= hat need to be collected. Something the attribute by be explicitly defined,= i.e. file in in this path, other times it would be more descriptive, i.e. = all executables in this location. Sometimes the collector may be harvesting= event and log data i.e. upload the file or files from this location or exp= ort the event log. These are all potential attributes of the posture. To do the collection and facilitate the orchestration, we need to start wit= h the information model, but we'll also need the data models, protocols and= transports to instantiate the standards and ensure interoperability. The = charter states that we need to identify how what we standardize is distinct= from other standards (like NEA and MILE and others outside the IETF).....t= he simple architecture I drew was to first call out distinguishers from NEA= ....but obviously, we need to clarify this further. Given the above I would draft the SACM simple architecture diagram slightly= differently. [NCW] Can you help clarify from the provided architecture diagram what wou= ld be in scope for SACM? [TF] The SACM box in the diagram is meant to represent the logical set of s= ervices that SACM is defining based on the use cases. The diagram is inten= ded to show how those serves interact with external parties via standardize= d interfaces based on the use cases. For example, interaction between the = collector and the endpoint would be standardized via a protocol. The compon= ents within the box are free to interact with each other by whatever means = the vendor wants. It shows the posture consumer interacting with SACM repo= sitory, the repository could be a single or multiple physical services. It = could be a file system or RDBS. I don't think SACM should care. The same i= s true for the collection services. While we know the services inside the = box have to interact with each other, it's not clear we need to standardize= those aspects based on the use cases. We assume implementers do whatever i= s appropriate and are free to offer a range of implementations to meet diff= erent markets. This is a similar model LDAP for example where we have sta= ndardized the protocol for interaction with the service but it is an implem= entation detail on how the LDAP service stores it is data. Trevor . --_000_3d88976fa9274a9ea99e0608fa0285f7DFMTK5MBX1505exchangeco_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi Nancy,

 

No problem.

 

Hope this reply makes = sense. I have been grabbing time between meeting to compose this.

 

Don’t want you t= o feel that you are alone in this endeavor and that the dialog will help us= allJ

 

 

From: sacm [mailto:sacm-bounces@ietf.org] = On Behalf Of Nancy Cam-Winget (ncamwing)
Sent: Monday, March 17, 2014 10:50 AM
To: Trevor Freeman
Cc: sacm@ietf.org
Subject: Re: [sacm] SACM Requirement Simple Architecture<= /p>

 

Hi Trev= or,

&n= bsp;

Thanks = for providing this perspective!  Please see further questions comments= below:

&n= bsp;

From: Trevor Freeman <trevorf@exchange.microsoft.com>
Date: Thursday, March 13, 2014 10:29 PM
To: "ncamwing@cisc= o.com" <ncamwing@cisco.com> Cc: "sacm@ietf.org<= span style=3D"color:black">" <sacm@ietf.org>
Subject: SACM Requirement Simple Architecture

&n= bsp;

Hi Nancy,

 =

We need an endpoint post= ure attribute collection service whose job is to collect the posture data f= rom end points for SACM. That is a separate function from the evaluation of= the posture data to interpret the state of the endpoint. There would most defiantly be a repository associated wit= h the collection service where that captured data is stored. The=

interpretation of the da= ta to deduce the endpoint state could be done real time as the data is acqu= ired, or post acquisition as far as the architecture is concerned. You will= need policy to determine what data to collect, and how often to collect it. If you were collecting event logs= for example, you would likely be collecting them on a regular basis. How t= o interpret the posture attributes will also need policy from multiple sour= ces. For example, the endpoint will likely have an update service so its software can be patched, there may al= so be an AV service which will be publishing regular updates. To evaluate t= herefore if a device is both patched and its av is current would need to kn= ow the current policy from the update and AV services. There may well be other services to collect policy data. =

 [NCW]  I beli= eve you are detailing a specific implementation of the Endpoint Assessment = Use Case (e.g. Section 2.1 of draft-ietf-sacm-use-cases-06)…..agreed = that these are things that need to be addressed by the things we standardize but what you describe is only one potential instanti= ation for the need to describe the set of posture attributes and "prof= ile" that drives what posture attributes to collect (I am trying to di= stinguish this from "policy" as imho "policy" may be too vague for our purposes, as we have used terms like "config= uration checklist", "endpoint characterization" and "ch= ecklist verification" in the use cases that would help drive 'what' at= tributes would need to be collected).

[TF] I am not we= dded to the term policy as it often comes with the kind of baggage you desc= ribe, but the collection process does need input from a variety of sources = on what posture attributes to collect. I also don’t think configuration by itself cuts it. I think of confi= guration as a set of parameters necessary for the functioning of the servic= e itself and therefore a matter for the local admin. This data set would be= more dynamic.

&n= bsp;

A posture attribute cons= umer can query the evaluation serve to find out its view of the endpoint st= ate, or it may prefer to query the repository directly because it wants to = make its own evaluation. The posture consumer may also query the repository for historical data about the endpo= int. There is no reason to think the posture repository would only have the= latest collection data. The collection process would be additive i.e. the = new data would be appended to the existing data.   Conceivably a posture consumer may also set pol= icy on what data to collect, e.g. if the collector was investigation a new = incident indicator.

[NCW] &= nbsp;From a SACM perspective, the query requirement needs to be addressed w= hether the "provider" is an evaluator or a repository (or a syste= m that couples both, or a system as you describe in your diagram that does collection, evaluation and storage).  

[TF] In your dia= gram, every evaluator has a repository so I am not sure of your distinction= between evaluator and repository. The collected data will need to be store= d so it can be proceed so every SACM posture attribute collection will have a repository of some form. I don= 217;t think that impacts the architecture.  Different instances of a S= ACM service may have a repositories of varying capacities. From an architec= ture perspective, this is all irrelevant.  Conceptually, the consumer can issue a query to the SACM service for eithe= r its evaluated option, or raw collection data. The SACM service may be una= ble to comply with the request for a variety of reasons. Maybe the reposito= ry is of limited capacity, maybe it has a large capacity but the service is new so has no data. Maybe becau= se of policy (that word again I know).  The consumer will have to hand= le those cases. It cannot expect to have all its requests met.  

 =

There is definite value = in standardizing how the collection process is performed on the endpoint, a= nd how the repository is queried by the consumer. I don’t see much up= side to trying to standardize how the collector stores the data in the repository, nor how the evaluator interacts with th= e collector or repository. We can, for the purpose of the architecture, con= sider them a box. Implementations are free to build them however they want.=

[NCW] N= ot disagreeing that we need to address the collection progress, am just not= sure we need to constrain it to "endpoint" only….agree tha= t implementation (e.g. How the data is stored or how evaluator interacts with the collector or repository is in our scope). &nb= sp;Which is why, from SACMs scope, I distilled it to a simple interaction o= f a Provider who could provide:

 -= a list of endpoint and their identifiers

 -= provide "profiles" (e.g. The grouping list) of posture attribute= s that either need to be collected or evaluated

 -= posture attribute values (marked by some filtering to address the use case= s; e.g. Either by endpoint, list of endpoints or a combination of the endpo= ints and the "profiles")

[TF] I agree we = should have a short description for the typical cases. We also need to resp= ond to new developments i.e. specify arbitrary attributes that need to be c= ollected. Something the attribute by be explicitly defined, i.e. file in in this path, other times it would be = more descriptive, i.e. all executables in this location. Sometimes the coll= ector may be harvesting event and log data i.e. upload the file or files fr= om this location or export the event log. These are all potential attributes of the posture.

&n= bsp;

To do t= he collection and facilitate the orchestration, we need to start with the i= nformation model, but we'll also need the data models, protocols and transp= orts to instantiate the standards and ensure interoperability.  The charter states that we need to identify= how what we standardize is distinct from other standards (like NEA and MIL= E and others outside the IETF)…..the simple architecture I drew was t= o first call out distinguishers from NEA….but obviously, we need to clarify this further.

 =

Given the above I would = draft the SACM simple architecture diagram slightly differently.=

[NCW] &= nbsp;Can you help clarify from the provided architecture diagram what would= be in scope for SACM?

[TF] The SACM bo= x in the diagram is meant to represent the logical set of services that SAC= M is defining based on the use cases.  The diagram is intended to show= how those serves interact with external parties via standardized interfaces based on the use cases. For example, &= nbsp;interaction between the collector and the endpoint would be standardiz= ed via a protocol. The components within the box are free to interact with = each other by whatever means the vendor wants.  It shows the posture consumer interacting with SACM repositor= y, the repository could be a single or multiple physical services. It could= be a file system or RDBS. I don’t think SACM should care.  The = same is true for the collection services.  While we know the services inside the box have to interact with each other, it&#= 8217;s not clear we need to standardize those aspects based on the use case= s. We assume implementers do whatever is appropriate and are free to offer = a range of implementations to meet different markets.   This is a similar model LDAP for example where we hav= e standardized the protocol for interaction with the service but it is an i= mplementation detail on how the LDAP service stores it is data.

 =

Trevor=

 =

 =

.

 =

 =

--_000_3d88976fa9274a9ea99e0608fa0285f7DFMTK5MBX1505exchangeco_-- From nobody Wed Mar 19 10:19:49 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB3C61A078F for ; Wed, 19 Mar 2014 10:19:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[AC_DIV_BONANZA=0.001, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F3QWioVcXb34 for ; Wed, 19 Mar 2014 10:19:40 -0700 (PDT) Received: from mail-ie0-x230.google.com (mail-ie0-x230.google.com [IPv6:2607:f8b0:4001:c03::230]) by ietfa.amsl.com (Postfix) with ESMTP id 8A1121A070D for ; Wed, 19 Mar 2014 10:19:40 -0700 (PDT) Received: by mail-ie0-f176.google.com with SMTP id rd18so9226493iec.35 for ; Wed, 19 Mar 2014 10:19:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=2VgkJxrt8/HuLdlLD7Q6D5osQgBoAHuXetjODbuEV0E=; b=MYCDjs4iXdDVumE5bWylBmm9xH5dMYWRKylfTG0brpdDJjH48dgf+RwMHqO+oOFGQ7 l+f2R+mq8+wbm9jT+3ttsPO8CvCrrZICkJcVuP1x+kwfKKW+W0ziPNf4fWUluBRxCA7f 8WasP15e7uX5kRZdD35GMYWVqOADAyEf5IimAXiHnglw6QST5hIOGnnu7HUcBIRp6i8k aNE0Heswaf8FLMZ89PhNjS0pAdd7VQTMvTY/BVyRHWJHSwjLLHXW1lAk6qZKrAuRbZNX VHwWtGbPbQvP5AQC6OwIFXK4Kp7SUCEIy7u5FJkh2K6pyTBWt44xm4FAaWf7lK/ZSoky hpjQ== X-Received: by 10.42.4.201 with SMTP id 9mr8212055ict.57.1395249571800; Wed, 19 Mar 2014 10:19:31 -0700 (PDT) MIME-Version: 1.0 Received: by 10.50.168.100 with HTTP; Wed, 19 Mar 2014 10:19:11 -0700 (PDT) In-Reply-To: <3d88976fa9274a9ea99e0608fa0285f7@DFM-TK5MBX15-05.exchange.corp.microsoft.com> References: <8405f4a73b8d45fcbc8c970341f32773@DFM-TK5MBX15-05.exchange.corp.microsoft.com> <3d88976fa9274a9ea99e0608fa0285f7@DFM-TK5MBX15-05.exchange.corp.microsoft.com> From: Ira McDonald Date: Wed, 19 Mar 2014 13:19:11 -0400 Message-ID: To: Trevor Freeman , Ira McDonald Content-Type: multipart/alternative; boundary=001a11346bd219ac0c04f4f8db90 Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/jxnbxPMSJ0YOw29ZxV7gBRwg-Js Cc: "Nancy Cam-Winget \(ncamwing\)" , "sacm@ietf.org" , Atul Shah Subject: Re: [sacm] SACM Requirement Simple Architecture X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Mar 2014 17:19:47 -0000 --001a11346bd219ac0c04f4f8db90 Content-Type: text/plain; charset=ISO-8859-1 Hi Nancy and Trevor, This is a fascinating thread... It seems that the word "policy" may be overloaded in this architecture discussion. So a suggestion: "configuration" - scope is admin configuration of the SACM service itself (as Trevor suggested and commonly used in IT) "preferences" - scope is consumer choice of defaults and protocols for interacting with the SACM service (as commonly used in browsers and applications) "policy" - scope is decision-making rules for the evaluation of collected posture attributes (as commonly used in AAA and other security topics) Cheers, - Ira Ira McDonald (Musician / Software Architect) Co-Chair - TCG Trusted Mobility Solutions WG Chair - Linux Foundation Open Printing WG Secretary - IEEE-ISTO Printer Working Group Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG IETF Designated Expert - IPP & Printer MIB Blue Roof Music / High North Inc http://sites.google.com/site/blueroofmusic http://sites.google.com/site/highnorthinc mailto: blueroofmusic@gmail.com Winter 579 Park Place Saline, MI 48176 734-944-0094 Summer PO Box 221 Grand Marais, MI 49839 906-494-2434 On Wed, Mar 19, 2014 at 12:53 PM, Trevor Freeman < trevorf@exchange.microsoft.com> wrote: > Hi Nancy, > > > > No problem. > > > > Hope this reply makes sense. I have been grabbing time between meeting to > compose this. > > > > Don't want you to feel that you are alone in this endeavor and that the > dialog will help us allJ > > > > > > *From:* sacm [mailto:sacm-bounces@ietf.org] *On Behalf Of *Nancy > Cam-Winget (ncamwing) > *Sent:* Monday, March 17, 2014 10:50 AM > *To:* Trevor Freeman > *Cc:* sacm@ietf.org > *Subject:* Re: [sacm] SACM Requirement Simple Architecture > > > > Hi Trevor, > > > > Thanks for providing this perspective! Please see further questions > comments below: > > > > *From: *Trevor Freeman > *Date: *Thursday, March 13, 2014 10:29 PM > *To: *"ncamwing@cisco.com" > *Cc: *"sacm@ietf.org" > *Subject: *SACM Requirement Simple Architecture > > > > Hi Nancy, > > > > We need an endpoint posture attribute collection service whose job is to > collect the posture data from end points for SACM. That is a separate > function from the evaluation of the posture data to interpret the state of > the endpoint. There would most defiantly be a repository associated with > the collection service where that captured data is stored. The > > interpretation of the data to deduce the endpoint state could be done real > time as the data is acquired, or post acquisition as far as the > architecture is concerned. You will need policy to determine what data to > collect, and how often to collect it. If you were collecting event logs for > example, you would likely be collecting them on a regular basis. How to > interpret the posture attributes will also need policy from multiple > sources. For example, the endpoint will likely have an update service so > its software can be patched, there may also be an AV service which will be > publishing regular updates. To evaluate therefore if a device is both > patched and its av is current would need to know the current policy from > the update and AV services. There may well be other services to collect > policy data. > > [NCW] I believe you are detailing a specific implementation of the > Endpoint Assessment Use Case (e.g. Section 2.1 of > draft-ietf-sacm-use-cases-06).....agreed that these are things that need to > be addressed by the things we standardize but what you describe is only one > potential instantiation for the need to describe the set of posture > attributes and "profile" that drives what posture attributes to collect (I > am trying to distinguish this from "policy" as imho "policy" may be too > vague for our purposes, as we have used terms like "configuration > checklist", "endpoint characterization" and "checklist verification" in the > use cases that would help drive 'what' attributes would need to be > collected). > > *[TF] I am not wedded to the term policy as it often comes with the kind > of baggage you describe, but the collection process does need input from a > variety of sources on what posture attributes to collect. I also don't > think configuration by itself cuts it. I think of configuration as a set of > parameters necessary for the functioning of the service itself and > therefore a matter for the local admin. This data set would be more > dynamic. * > > > > A posture attribute consumer can query the evaluation serve to find out > its view of the endpoint state, or it may prefer to query the repository > directly because it wants to make its own evaluation. The posture consumer > may also query the repository for historical data about the endpoint. There > is no reason to think the posture repository would only have the latest > collection data. The collection process would be additive i.e. the new data > would be appended to the existing data. Conceivably a posture consumer > may also set policy on what data to collect, e.g. if the collector was > investigation a new incident indicator. > > [NCW] From a SACM perspective, the query requirement needs to be > addressed whether the "provider" is an evaluator or a repository (or a > system that couples both, or a system as you describe in your diagram that > does collection, evaluation and storage). > > *[TF] In your diagram, every evaluator has a repository so I am not sure > of your distinction between evaluator and repository. The collected data > will need to be stored so it can be proceed so every SACM posture attribute > collection will have a repository of some form. I don't think that impacts > the architecture. Different instances of a SACM service may have a > repositories of varying capacities. From an architecture perspective, this > is all irrelevant. Conceptually, the consumer can issue a query to the > SACM service for either its evaluated option, or raw collection data. The > SACM service may be unable to comply with the request for a variety of > reasons. Maybe the repository is of limited capacity, maybe it has a large > capacity but the service is new so has no data. Maybe because of policy > (that word again I know). The consumer will have to handle those cases. It > cannot expect to have all its requests met. * > > > > There is definite value in standardizing how the collection process is > performed on the endpoint, and how the repository is queried by the > consumer. I don't see much up side to trying to standardize how the > collector stores the data in the repository, nor how the evaluator > interacts with the collector or repository. We can, for the purpose of the > architecture, consider them a box. Implementations are free to build them > however they want. > > [NCW] Not disagreeing that we need to address the collection progress, am > just not sure we need to constrain it to "endpoint" only....agree that > implementation (e.g. How the data is stored or how evaluator interacts with > the collector or repository is in our scope). Which is why, from SACMs > scope, I distilled it to a simple interaction of a Provider who could > provide: > > - a list of endpoint and their identifiers > > - provide "profiles" (e.g. The grouping list) of posture attributes that > either need to be collected or evaluated > > - posture attribute values (marked by some filtering to address the use > cases; e.g. Either by endpoint, list of endpoints or a combination of the > endpoints and the "profiles") > > *[TF] I agree we should have a short description for the typical cases. We > also need to respond to new developments i.e. specify arbitrary attributes > that need to be collected. Something the attribute by be explicitly > defined, i.e. file in in this path, other times it would be more > descriptive, i.e. all executables in this location. Sometimes the collector > may be harvesting event and log data i.e. upload the file or files from > this location or export the event log. These are all potential attributes > of the posture. * > > > > To do the collection and facilitate the orchestration, we need to start > with the information model, but we'll also need the data models, protocols > and transports to instantiate the standards and ensure interoperability. > The charter states that we need to identify how what we standardize is > distinct from other standards (like NEA and MILE and others outside the > IETF).....the simple architecture I drew was to first call out distinguishers > from NEA....but obviously, we need to clarify this further. > > > > Given the above I would draft the SACM simple architecture diagram > slightly differently. > > [NCW] Can you help clarify from the provided architecture diagram what > would be in scope for SACM? > > *[TF] The SACM box in the diagram is meant to represent the logical set of > services that SACM is defining based on the use cases. The diagram is > intended to show how those serves interact with external parties via > standardized interfaces based on the use cases. For example, interaction > between the collector and the endpoint would be standardized via a > protocol. The components within the box are free to interact with each > other by whatever means the vendor wants. It shows the posture consumer > interacting with SACM repository, the repository could be a single or > multiple physical services. It could be a file system or RDBS. I don't > think SACM should care. The same is true for the collection services. > While we know the services inside the box have to interact with each other, > it's not clear we need to standardize those aspects based on the use cases. > We assume implementers do whatever is appropriate and are free to offer a > range of implementations to meet different markets. This is a similar > model LDAP for example where we have standardized the protocol for > interaction with the service but it is an implementation detail on how the > LDAP service stores it is data. * > > > > Trevor > > > > > > . > > > > > > _______________________________________________ > sacm mailing list > sacm@ietf.org > https://www.ietf.org/mailman/listinfo/sacm > > --001a11346bd219ac0c04f4f8db90 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Hi Nancy= and Trevor,

This is a fascinating thread...

It s= eems that the word "policy" may be overloaded in this architectur= e
discussion.  So a suggestion:

"configuration&q= uot; - scope is admin configuration of the SACM service itself
(as= Trevor suggested and commonly used in IT)

"preferen= ces" - scope is consumer choice of defaults and protocols for
interacting with the SACM service
(as commonly used in brows= ers and applications)

"policy" - scope is decis= ion-making rules for the evaluation of collected
posture attribute= s
(as commonly used in AAA and other security topics)

Cheers,
- Ira



Ira McDonald (M= usician / Software Architect)
Co-Chair - TCG Trusted Mobility Solutions WG
Chair - Linux Foundation Op= en Printing WG
Secretary - IEEE-ISTO Printer Working Group
Co-Chair -= IEEE-ISTO PWG Internet Printing Protocol WG
IETF Designated Expert - IP= P & Printer MIB
Blue Roof Music / High North Inc
http://si= tes.google.com/site/blueroofmusic
http:/= /sites.google.com/site/highnorthinc
mailto: bluero= ofmusic@gmail.com
Winter  579 Park Place  Saline, MI = 48176  734-944-0094
Summer  PO Box 221  Grand Marais, MI= 49839  906-494-2434



On Wed, Mar 19, 2014 at 12:53 PM, Trevor= Freeman <trevorf@exchange.microsoft.com> wrote= :

Hi Nancy,

 

No problem. =

 

Hope this reply makes = sense. I have been grabbing time between meeting to compose this.

 

Don’t want you t= o feel that you are alone in this endeavor and that the dialog will help us= allJ

 

 

From: sacm [mailto:sacm-bounces@ietf.org] On Behalf Of Nancy Cam-Winget (ncamwing)
Sent: Monday, March 17, 2014 10:50 AM
To: Trevor Freeman
Cc: sacm@ietf.org=
Subject: Re: [sacm] SACM Requirement Simple Architecture

 

Hi Trevor,

 

Thanks for providin= g this perspective!  Please see further questions comments below:

 

From: Trevor F= reeman <trevorf@exchange.microsoft.com>
Date: Thursday, March 13, 2014 10:29 PM
To: "ncamwing@cisco.com" <ncamwing@cisco.com>= ;
Cc: "= sacm@ietf.org" <sacm@ietf.org>
Subject: SACM Requirement Simple Architecture

 

Hi Nancy,

 

We need an endpoint posture attribute co= llection service whose job is to collect the posture data from end points f= or SACM. That is a separate function from the evaluation of the posture dat= a to interpret the state of the endpoint. There would most defiantly be a repository associated wit= h the collection service where that captured data is stored. The<= /u>

interpretation of the data to deduce the= endpoint state could be done real time as the data is acquired, or post ac= quisition as far as the architecture is concerned. You will need policy to = determine what data to collect, and how often to collect it. If you were collecting event logs= for example, you would likely be collecting them on a regular basis. How t= o interpret the posture attributes will also need policy from multiple sour= ces. For example, the endpoint will likely have an update service so its software can be patched, there may al= so be an AV service which will be publishing regular updates. To evaluate t= herefore if a device is both patched and its av is current would need to kn= ow the current policy from the update and AV services. There may well be other services to collect policy data. =

 [NCW]  I believe you are deta= iling a specific implementation of the Endpoint Assessment Use Case (e.g. S= ection 2.1 of draft-ietf-sacm-use-cases-06)…..agreed that these are = things that need to be addressed by the things we standardize but what you describe is only one potential instanti= ation for the need to describe the set of posture attributes and "prof= ile" that drives what posture attributes to collect (I am trying to di= stinguish this from "policy" as imho "policy" may be too vague for our purposes, as we have used terms like "config= uration checklist", "endpoint characterization" and "ch= ecklist verification" in the use cases that would help drive 'what= ' attributes would need to be collected).

[TF] I am = not wedded to the term policy as it often comes with the kind of baggage yo= u describe, but the collection process does need input from a variety of so= urces on what posture attributes to collect. I also don’t think configuration by itself cuts it. I think of confi= guration as a set of parameters necessary for the functioning of the servic= e itself and therefore a matter for the local admin. This data set would be= more dynamic.

 

A posture attribute consumer can query t= he evaluation serve to find out its view of the endpoint state, or it may p= refer to query the repository directly because it wants to make its own eva= luation. The posture consumer may also query the repository for historical data about the endpo= int. There is no reason to think the posture repository would only have the= latest collection data. The collection process would be additive i.e. the = new data would be appended to the existing data.   Conceivably a posture consumer may also set pol= icy on what data to collect, e.g. if the collector was investigation a new = incident indicator.

[NCW]  From a = SACM perspective, the query requirement needs to be addressed whether the &= quot;provider" is an evaluator or a repository (or a system that coupl= es both, or a system as you describe in your diagram that does collection, evaluation and storage).  <= u>

[TF] In yo= ur diagram, every evaluator has a repository so I am not sure of your disti= nction between evaluator and repository. The collected data will need to be= stored so it can be proceed so every SACM posture attribute collection will have a repository of some form. I don&rs= quo;t think that impacts the architecture.  Different instances of a S= ACM service may have a repositories of varying capacities. From an architec= ture perspective, this is all irrelevant.  Conceptually, the consumer can issue a query to the SACM service for eithe= r its evaluated option, or raw collection data. The SACM service may be una= ble to comply with the request for a variety of reasons. Maybe the reposito= ry is of limited capacity, maybe it has a large capacity but the service is new so has no data. Maybe becau= se of policy (that word again I know).  The consumer will have to hand= le those cases. It cannot expect to have all its requests met.  

 

There is definite value in standardizing= how the collection process is performed on the endpoint, and how the repos= itory is queried by the consumer. I don’t see much up side to trying = to standardize how the collector stores the data in the repository, nor how the evaluator interacts with th= e collector or repository. We can, for the purpose of the architecture, con= sider them a box. Implementations are free to build them however they want.=

[NCW] Not disagreei= ng that we need to address the collection progress, am just not sure we nee= d to constrain it to "endpoint" only….agree that implement= ation (e.g. How the data is stored or how evaluator interacts with the collector or repository is in our scope). &nb= sp;Which is why, from SACMs scope, I distilled it to a simple interaction o= f a Provider who could provide:

 - a list of e= ndpoint and their identifiers

 - provide &qu= ot;profiles" (e.g. The grouping list) of posture attributes that eithe= r need to be collected or evaluated

 - posture att= ribute values (marked by some filtering to address the use cases; e.g. Eith= er by endpoint, list of endpoints or a combination of the endpoints and the= "profiles")

[TF] I agr= ee we should have a short description for the typical cases. We also need t= o respond to new developments i.e. specify arbitrary attributes that need t= o be collected. Something the attribute by be explicitly defined, i.e. file in in this path, other times it would be = more descriptive, i.e. all executables in this location. Sometimes the coll= ector may be harvesting event and log data i.e. upload the file or files fr= om this location or export the event log. These are all potential attributes of the posture.

 

To do the collectio= n and facilitate the orchestration, we need to start with the information m= odel, but we'll also need the data models, protocols and transports to = instantiate the standards and ensure interoperability.  The charter states that we need to identify= how what we standardize is distinct from other standards (like NEA and MIL= E and others outside the IETF)…..the simple architecture I drew was = to first call out distinguishers from NEA….but obviously, we need to clarify this further.

 

Given the above I would draft the SACM s= imple architecture diagram slightly differently.

[NCW]  Can you= help clarify from the provided architecture diagram what would be in scope= for SACM?

[TF] The S= ACM box in the diagram is meant to represent the logical set of services th= at SACM is defining based on the use cases.  The diagram is intended t= o show how those serves interact with external parties via standardized interfaces based on the use cases. For example, &= nbsp;interaction between the collector and the endpoint would be standardiz= ed via a protocol. The components within the box are free to interact with = each other by whatever means the vendor wants.  It shows the posture consumer interacting with SACM repositor= y, the repository could be a single or multiple physical services. It could= be a file system or RDBS. I don’t think SACM should care.  The = same is true for the collection services.  While we know the services inside the box have to interact with each other, it&r= squo;s not clear we need to standardize those aspects based on the use case= s. We assume implementers do whatever is appropriate and are free to offer = a range of implementations to meet different markets.   This is a similar model LDAP for example where we hav= e standardized the protocol for interaction with the service but it is an i= mplementation detail on how the LDAP service stores it is data.

 

Trevor

 

 

.

 

 


_______________________________________________
sacm mailing list
sacm@ietf.org
ht= tps://www.ietf.org/mailman/listinfo/sacm


--001a11346bd219ac0c04f4f8db90-- From nobody Thu Mar 20 03:29:10 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 744E41A08B5 for ; Thu, 20 Mar 2014 03:29:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.037 X-Spam-Level: X-Spam-Status: No, score=-7.037 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, GB_I_INVITATION=-2, HTML_MESSAGE=0.001, J_BACKHAIR_54=1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7stkDjzXJcXF for ; Thu, 20 Mar 2014 03:29:06 -0700 (PDT) Received: from worker2.doodle.com (worker2.doodle.com [188.92.145.82]) by ietfa.amsl.com (Postfix) with ESMTP id B50731A07C4 for ; Thu, 20 Mar 2014 03:29:05 -0700 (PDT) Received: from worker2.doodle.com (localhost [127.0.0.1]) by worker2.doodle.com (Postfix) with ESMTP id 2A55292862E for ; Thu, 20 Mar 2014 11:28:55 +0100 (CET) Date: Thu, 20 Mar 2014 11:28:55 +0100 (CET) From: "Dan Romascanu (via Doodle)" To: Message-ID: <1649819437.993924.1395311335171.POLL_INVITECONTACT_PARTICIPANT_INVITATION.doodle@worker2> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_993923_1769245457.1395311335170" Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/X9LBB10dQgGiyHa2BGmJDmFKsEk Subject: [sacm] SACM WG Interim Meeting #3 X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: Dan Romascanu List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Mar 2014 10:29:08 -0000 ------=_Part_993923_1769245457.1395311335170 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi there, Dan Romascanu (dromasca@avaya.com) invites you to participate in the Doodle poll "SACM WG Interim Meeting #3". Dan Romascanu says: Virtual (conference call) Interim Meeting of the SACM WG duration - 2 hours Time Zone EDT Participate now https://doodle.com/8yeieqbqefyg4iiv?tmail=3Dpoll_invitecontact_participant_= invitation&tlink=3Dpollbtn What is Doodle? Doodle is a web service that helps Dan Romascanu to find a suitable date for meeting with a group of people. Learn more about how Doodle works. (https://doodle.com/main.html?tlink=3DcheckOutLink&tmail=3Dpoll_inviteconta= ct_participant_invitation) ---------------------------------------------------------------------- You have received this e-mail because "Dan Romascanu" has invited you to participate in the Doodle poll "SACM WG Interim Meeting #3." ---- Doodle AG, Werdstrasse 21, 8021 Z=C3=BCrich ------=_Part_993923_1769245457.1395311335170 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable =
=09
Dan Romascanu invites you t= o participate in the Doodle poll "SACM WG Interim Meeting #3." =09
=09 =09 =09
=09 =09=09 =09=09 =09=09=09=09=09=09=09 =09=09 =09=09=09=09=09 =09=09=09=09=09=09=09 =09=09=09=09=09=09=09=09 =09 =09=09=09=09=09=09=09 =09=09=09=09=09=09=09=09 =09
=09=09 =09=09=09 =09=09 =09 =09=09 =09=09 =09=09 =09 =09=09 =09=09=09 =09=09 =09=09 =09=09 =09=09 =09 =09=09 =09=09
=09=09 =09 =09=09 =09 =09=09=09 =09 =09=09=09
=09
=09=09 =09=09=09 =09=09=09=09 =09=09=09=09=09
=09=09=09=09=09=09
=09=09 =09=09=09 =09=09=09=09 =09=09=09=09=09 =09=09=09=09=09=09=09 =09=09=09=09=09=09=09=09 =09 =09=09=09=09=09=09=09 =09=09=09=09=09=09=09=09 =09 =09=09=09=09=09=09=09 =09=09=09=09=09=09=09=09 =09 =09=09=09=09=09=09=09 =09=09=09=09=09=09=09=09 =09 =09=09=09=09=09=09=09 =09=09=09=09=09=09=09=09 =09 =09 =09=09
=09=09=09=09=09=09
=09=09 =09=09 =09=09=09 =09=09=09=09 =09=09=09=09=09 =09=09=09=09 =09=09=09 =09=09
=09=09=09=09=09=09
"SACM WG Inte= rim Meeting #3". =09=09=09=09=09=09
=09=09=09=09=09
=09=09 =09
=09=09 =09=09=09 =09=09=09=09 =09=09=09=09=09 =09=09=09=09 =09=09=09 =09=09
=09=09=09=09=09=09
=09=09=09=09=09=09=09Dan Romascanu says: =09=09=09=09=09=09
=09=09=09=09=09=09
=09=09=09=09=09=09=09Virtual (conference call) Interim Meeting of the SACM = WG
duration - 2 hours
Time Zone EDT =09=09=09=09=09=09
=09=09=09=09=09
=20 =09
=09=09 =09=09=09 =09=09=09=09 =09=09=09=09=09 =09=09=09=09 =09=09=09=09 =09=09=09=09=09 =09=09=09=09 =09=09=09=09 =09=09=09=09=09 =09=09=09=09 =09=09=09 =09=09
=
=09=09=09=09=09=09 =09=09=09=09=09=09 =09=09=09=09=09=09 =09=09=09=09=09=09=09 =09=09=09=09=09=09 =09=09=09=09=09=09 =09=09=09=09=09=09 =09=09=09=09=09
=09=09=09=09=09=09=09=09Participate now =09=09=09=09=09=09=09
=09=09=09=09=09
=
=09
=09=09 =09=09=09 =09=09=09=09 =09=09=09=09=09 =09=09=09=09=09 =09=09=09=09 =09=09=09 =09=09
=09=09=09=09=09=09 =09=09=09=09=09 =09=09=09=09=09=09
=20 =09=09=09=09=09=09=09 What is Doodle? Doodle is a web service that helps Dan Romascanu to find a suitable date= for meeting with a group of people. Learn more about how Doodle works.
=20 =09=09=09=09=09=09
=09=09=09=09=09
=09
=09=09 =09=09 =09 =09=09 =09=09 =09=09 =09 =09=09 =09 =09=09 =09 =09=09 =09 =09=09 =09=09 =09=09 =09 =09=09 =09=09 =20 =09=09
=09=09 =09You have received this e-mail because "Dan Romascanu&= quot; has invited you to participate in the Doodle poll "SACM WG Inter= im Meeting #3." =09=09
=09
=09 =09=09 =09=09=09 =09=09=09=09 =09=09=09=09=09
=09=09=09=09=09=09
To: Ira McDonald , Trevor Freeman Thread-Topic: [sacm] SACM Requirement Simple Architecture Thread-Index: Ac8/P4N6GIiG0PR2StmAAEIIQPSM+ADBG6uAAAwiRgAARp61gAArakKQ Date: Thu, 20 Mar 2014 13:03:34 +0000 Message-ID: <9904FB1B0159DA42B0B887B7FA8119CA2E460075@AZ-FFEXMB04.global.avaya.com> References: <8405f4a73b8d45fcbc8c970341f32773@DFM-TK5MBX15-05.exchange.corp.microsoft.com> <3d88976fa9274a9ea99e0608fa0285f7@DFM-TK5MBX15-05.exchange.corp.microsoft.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [135.64.58.45] Content-Type: multipart/alternative; boundary="_000_9904FB1B0159DA42B0B887B7FA8119CA2E460075AZFFEXMB04globa_" MIME-Version: 1.0 Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/7C9Yhsh0C1XfWOgJ2UeKVUPYo-Y Cc: "Nancy Cam-Winget \(ncamwing\)" , "sacm@ietf.org" , Atul Shah Subject: Re: [sacm] SACM Requirement Simple Architecture X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Mar 2014 13:04:06 -0000 --_000_9904FB1B0159DA42B0B887B7FA8119CA2E460075AZFFEXMB04globa_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable ... a proposal for draft-ietf-sacm-terminology? Dan From: sacm [mailto:sacm-bounces@ietf.org] On Behalf Of Ira McDonald Sent: Wednesday, March 19, 2014 7:19 PM To: Trevor Freeman; Ira McDonald Cc: Nancy Cam-Winget (ncamwing); sacm@ietf.org; Atul Shah Subject: Re: [sacm] SACM Requirement Simple Architecture Hi Nancy and Trevor, This is a fascinating thread... It seems that the word "policy" may be overloaded in this architecture discussion. So a suggestion: "configuration" - scope is admin configuration of the SACM service itself (as Trevor suggested and commonly used in IT) "preferences" - scope is consumer choice of defaults and protocols for interacting with the SACM service (as commonly used in browsers and applications) "policy" - scope is decision-making rules for the evaluation of collected posture attributes (as commonly used in AAA and other security topics) Cheers, - Ira Ira McDonald (Musician / Software Architect) Co-Chair - TCG Trusted Mobility Solutions WG Chair - Linux Foundation Open Printing WG Secretary - IEEE-ISTO Printer Working Group Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG IETF Designated Expert - IPP & Printer MIB Blue Roof Music / High North Inc http://sites.google.com/site/blueroofmusic http://sites.google.com/site/highnorthinc mailto: blueroofmusic@gmail.com Winter 579 Park Place Saline, MI 48176 734-944-0094 Summer PO Box 221 Grand Marais, MI 49839 906-494-2434 On Wed, Mar 19, 2014 at 12:53 PM, Trevor Freeman > wrote: Hi Nancy, No problem. Hope this reply makes sense. I have been grabbing time between meeting to c= ompose this. Don't want you to feel that you are alone in this endeavor and that the dia= log will help us all:) From: sacm [mailto:sacm-bounces@ietf.org] On = Behalf Of Nancy Cam-Winget (ncamwing) Sent: Monday, March 17, 2014 10:50 AM To: Trevor Freeman Cc: sacm@ietf.org Subject: Re: [sacm] SACM Requirement Simple Architecture Hi Trevor, Thanks for providing this perspective! Please see further questions commen= ts below: From: Trevor Freeman > Date: Thursday, March 13, 2014 10:29 PM To: "ncamwing@cisco.com" > Cc: "sacm@ietf.org" > Subject: SACM Requirement Simple Architecture Hi Nancy, We need an endpoint posture attribute collection service whose job is to co= llect the posture data from end points for SACM. That is a separate functio= n from the evaluation of the posture data to interpret the state of the end= point. There would most defiantly be a repository associated with the colle= ction service where that captured data is stored. The interpretation of the data to deduce the endpoint state could be done real = time as the data is acquired, or post acquisition as far as the architectur= e is concerned. You will need policy to determine what data to collect, and= how often to collect it. If you were collecting event logs for example, yo= u would likely be collecting them on a regular basis. How to interpret the = posture attributes will also need policy from multiple sources. For example= , the endpoint will likely have an update service so its software can be pa= tched, there may also be an AV service which will be publishing regular upd= ates. To evaluate therefore if a device is both patched and its av is curre= nt would need to know the current policy from the update and AV services. T= here may well be other services to collect policy data. [NCW] I believe you are detailing a specific implementation of the Endpoi= nt Assessment Use Case (e.g. Section 2.1 of draft-ietf-sacm-use-cases-06)..= ...agreed that these are things that need to be addressed by the things we = standardize but what you describe is only one potential instantiation for t= he need to describe the set of posture attributes and "profile" that drives= what posture attributes to collect (I am trying to distinguish this from "= policy" as imho "policy" may be too vague for our purposes, as we have used= terms like "configuration checklist", "endpoint characterization" and "che= cklist verification" in the use cases that would help drive 'what' attribut= es would need to be collected). [TF] I am not wedded to the term policy as it often comes with the kind of = baggage you describe, but the collection process does need input from a var= iety of sources on what posture attributes to collect. I also don't think c= onfiguration by itself cuts it. I think of configuration as a set of parame= ters necessary for the functioning of the service itself and therefore a ma= tter for the local admin. This data set would be more dynamic. A posture attribute consumer can query the evaluation serve to find out its= view of the endpoint state, or it may prefer to query the repository direc= tly because it wants to make its own evaluation. The posture consumer may a= lso query the repository for historical data about the endpoint. There is n= o reason to think the posture repository would only have the latest collect= ion data. The collection process would be additive i.e. the new data would = be appended to the existing data. Conceivably a posture consumer may also= set policy on what data to collect, e.g. if the collector was investigatio= n a new incident indicator. [NCW] From a SACM perspective, the query requirement needs to be addressed= whether the "provider" is an evaluator or a repository (or a system that c= ouples both, or a system as you describe in your diagram that does collecti= on, evaluation and storage). [TF] In your diagram, every evaluator has a repository so I am not sure of = your distinction between evaluator and repository. The collected data will = need to be stored so it can be proceed so every SACM posture attribute coll= ection will have a repository of some form. I don't think that impacts the = architecture. Different instances of a SACM service may have a repositorie= s of varying capacities. From an architecture perspective, this is all irre= levant. Conceptually, the consumer can issue a query to the SACM service f= or either its evaluated option, or raw collection data. The SACM service ma= y be unable to comply with the request for a variety of reasons. Maybe the = repository is of limited capacity, maybe it has a large capacity but the se= rvice is new so has no data. Maybe because of policy (that word again I kno= w). The consumer will have to handle those cases. It cannot expect to have= all its requests met. There is definite value in standardizing how the collection process is perf= ormed on the endpoint, and how the repository is queried by the consumer. I= don't see much up side to trying to standardize how the collector stores t= he data in the repository, nor how the evaluator interacts with the collect= or or repository. We can, for the purpose of the architecture, consider the= m a box. Implementations are free to build them however they want. [NCW] Not disagreeing that we need to address the collection progress, am j= ust not sure we need to constrain it to "endpoint" only....agree that imple= mentation (e.g. How the data is stored or how evaluator interacts with the = collector or repository is in our scope). Which is why, from SACMs scope, = I distilled it to a simple interaction of a Provider who could provide: - a list of endpoint and their identifiers - provide "profiles" (e.g. The grouping list) of posture attributes that e= ither need to be collected or evaluated - posture attribute values (marked by some filtering to address the use ca= ses; e.g. Either by endpoint, list of endpoints or a combination of the end= points and the "profiles") [TF] I agree we should have a short description for the typical cases. We a= lso need to respond to new developments i.e. specify arbitrary attributes t= hat need to be collected. Something the attribute by be explicitly defined,= i.e. file in in this path, other times it would be more descriptive, i.e. = all executables in this location. Sometimes the collector may be harvesting= event and log data i.e. upload the file or files from this location or exp= ort the event log. These are all potential attributes of the posture. To do the collection and facilitate the orchestration, we need to start wit= h the information model, but we'll also need the data models, protocols and= transports to instantiate the standards and ensure interoperability. The = charter states that we need to identify how what we standardize is distinct= from other standards (like NEA and MILE and others outside the IETF).....t= he simple architecture I drew was to first call out distinguishers from NEA= ....but obviously, we need to clarify this further. Given the above I would draft the SACM simple architecture diagram slightly= differently. [NCW] Can you help clarify from the provided architecture diagram what wou= ld be in scope for SACM? [TF] The SACM box in the diagram is meant to represent the logical set of s= ervices that SACM is defining based on the use cases. The diagram is inten= ded to show how those serves interact with external parties via standardize= d interfaces based on the use cases. For example, interaction between the = collector and the endpoint would be standardized via a protocol. The compon= ents within the box are free to interact with each other by whatever means = the vendor wants. It shows the posture consumer interacting with SACM repo= sitory, the repository could be a single or multiple physical services. It = could be a file system or RDBS. I don't think SACM should care. The same i= s true for the collection services. While we know the services inside the = box have to interact with each other, it's not clear we need to standardize= those aspects based on the use cases. We assume implementers do whatever i= s appropriate and are free to offer a range of implementations to meet diff= erent markets. This is a similar model LDAP for example where we have sta= ndardized the protocol for interaction with the service but it is an implem= entation detail on how the LDAP service stores it is data. Trevor . _______________________________________________ sacm mailing list sacm@ietf.org https://www.ietf.org/mailman/listinfo/sacm --_000_9904FB1B0159DA42B0B887B7FA8119CA2E460075AZFFEXMB04globa_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

… a proposal for draft-ietf-sacm-terminology?

 

Dan

 <= /p>

 <= /p>

From: sacm [ma= ilto:sacm-bounces@ietf.org] On Behalf Of Ira McDonald
Sent: Wednesday, March 19, 2014 7:19 PM
To: Trevor Freeman; Ira McDonald
Cc: Nancy Cam-Winget (ncamwing); sacm@ietf.org; Atul Shah
Subject: Re: [sacm] SACM Requirement Simple Architecture<= /span>

 

Hi Nancy and Trevor,<= o:p>

This is a fascinating= thread...

It seems that the word "policy" may be ove= rloaded in this architecture

discussion.  So = a suggestion:

"configuration" - scope is admin configura= tion of the SACM service itself

(as Trevor suggested = and commonly used in IT)

"preferences" - scope is consumer choice o= f defaults and protocols for

interacting with the SACM service

(as commonly used in browsers and applications)=


"policy" - scope is decision-making rules for the evaluation of c= ollected

posture attributes

(as commonly used in AAA and other security topics)<= o:p>

 

Cheers,

- Ira

 


Ira McDonald (Musicia= n / Software Architect)
Co-Chair - TCG Trusted Mobility Solutions WG
Chair - Linux Foundation Open Printing WG
Secretary - IEEE-ISTO Printer Working Group
Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
IETF Designated Expert - IPP & Printer MIB
Blue Roof Music / High North Inc
http://sites.google.com/site/blueroofmusic
http://sites.google.com/site/highnorthinc=
mailto: bluero= ofmusic@gmail.com
Winter  579 Park Place  Saline, MI  48176  734-944-0094=
Summer  PO Box 221  Grand Marais, MI 49839  906-494-2434

 

On Wed, Mar 19, 2014 at 12:53 PM, Trevor Freeman <= ;trevor= f@exchange.microsoft.com> wrote:

Hi Nancy,

 

No problem.

 

Hope this reply makes sense. I have = been grabbing time between meeting to compose this.

 

Don’t want you to feel that yo= u are alone in this endeavor and that the dialog will help us allJ

 

 

From: sacm [mailto:sacm-bounces@ietf.org] On Behalf Of Nancy Cam-Winget (ncamwing)
Sent: Monday, March 17, 2014 10:50 AM
To: Trevor Freeman
Cc: sacm@ietf.org=
Subject: Re: [sacm] SACM Requirement Simple Architecture<= /p>

 

Hi Trevor,

 

Thanks for providing this perspec= tive!  Please see further questions comments below:<= /p>

 

From: Trevor Freeman <trevorf@exchange.microsoft.com>
Date: Thursday, March 13, 2014 10:29 PM
To: "nc= amwing@cisco.com" <ncamwing@cisco.com>
Cc: "sacm@ie= tf.org" <sac= m@ietf.org>
Subject: SACM Requirement Simple Architecture

 

Hi Nancy,

 

We need an endpoint posture attribute collection service whose job= is to collect the posture data from end points for SACM. That is a separat= e function from the evaluation of the posture data to interpret the state of the endpoint. There would most defi= antly be a repository associated with the collection service where that cap= tured data is stored. The

interpretation of the data to deduce the endpoint state could be d= one real time as the data is acquired, or post acquisition as far as the ar= chitecture is concerned. You will need policy to determine what data to collect, and how often to collect it. If = you were collecting event logs for example, you would likely be collecting = them on a regular basis. How to interpret the posture attributes will also = need policy from multiple sources. For example, the endpoint will likely have an update service so its softwa= re can be patched, there may also be an AV service which will be publishing= regular updates. To evaluate therefore if a device is both patched and its= av is current would need to know the current policy from the update and AV services. There may well be othe= r services to collect policy data.

 [NCW]  I believe you are detailing a specific implement= ation of the Endpoint Assessment Use Case (e.g. Section 2.1 of draft-ietf-s= acm-use-cases-06)…..agreed that these are things that need to be addressed by the things we standardize but what you descri= be is only one potential instantiation for the need to describe the set of = posture attributes and "profile" that drives what posture attribu= tes to collect (I am trying to distinguish this from "policy" as imho "policy" may be too vague f= or our purposes, as we have used terms like "configuration checklist&q= uot;, "endpoint characterization" and "checklist verificatio= n" in the use cases that would help drive 'what' attributes would need= to be collected).

[TF] I am not wedded to the te= rm policy as it often comes with the kind of baggage you describe, but the = collection process does need input from a variety of sources on what posture attributes to collect. I also donR= 17;t think configuration by itself cuts it. I think of configuration as a s= et of parameters necessary for the functioning of the service itself and th= erefore a matter for the local admin. This data set would be more dynamic.

 

A posture attribute consumer can query the evaluation serve to fin= d out its view of the endpoint state, or it may prefer to query the reposit= ory directly because it wants to make its own evaluation. The posture consumer may also query the repository for= historical data about the endpoint. There is no reason to think the postur= e repository would only have the latest collection data. The collection pro= cess would be additive i.e. the new data would be appended to the existing data.   Conceivably a= posture consumer may also set policy on what data to collect, e.g. if the = collector was investigation a new incident indicator.

[NCW]  From a SACM perspecti= ve, the query requirement needs to be addressed whether the "provider&= quot; is an evaluator or a repository (or a system that couples both, or a system as you describe in your diagram that does collec= tion, evaluation and storage).  

[TF] In your diagram, every ev= aluator has a repository so I am not sure of your distinction between evalu= ator and repository. The collected data will need to be stored so it can be proceed so every SACM posture attribut= e collection will have a repository of some form. I don’t think that = impacts the architecture.  Different instances of a SACM service may h= ave a repositories of varying capacities. From an architecture perspective, this is all irrelevant.  Conceptually, t= he consumer can issue a query to the SACM service for either its evaluated = option, or raw collection data. The SACM service may be unable to comply wi= th the request for a variety of reasons. Maybe the repository is of limited capacity, maybe it has a large capacity= but the service is new so has no data. Maybe because of policy (that word = again I know).  The consumer will have to handle those cases. It canno= t expect to have all its requests met.  

 

There is definite value in standardizing how the collection proces= s is performed on the endpoint, and how the repository is queried by the co= nsumer. I don’t see much up side to trying to standardize how the collector stores the data in the repository,= nor how the evaluator interacts with the collector or repository. We can, = for the purpose of the architecture, consider them a box. Implementations a= re free to build them however they want.

[NCW] Not disagreeing that we nee= d to address the collection progress, am just not sure we need to constrain= it to "endpoint" only….agree that implementation (e.g. How the data is stored or how evaluator interacts with the collector= or repository is in our scope).  Which is why, from SACMs scope, I di= stilled it to a simple interaction of a Provider who could provide:<= o:p>

 - a list of endpoint and th= eir identifiers

 - provide "profiles&qu= ot; (e.g. The grouping list) of posture attributes that either need to be c= ollected or evaluated

 - posture attribute values = (marked by some filtering to address the use cases; e.g. Either by endpoint= , list of endpoints or a combination of the endpoints and the "profiles")

[TF] I agree we should have a = short description for the typical cases. We also need to respond to new dev= elopments i.e. specify arbitrary attributes that need to be collected. Something the attribute by be explicitly define= d, i.e. file in in this path, other times it would be more descriptive, i.e= . all executables in this location. Sometimes the collector may be harvesti= ng event and log data i.e. upload the file or files from this location or export the event log. These are al= l potential attributes of the posture.

 

To do the collection and facilita= te the orchestration, we need to start with the information model, but we'l= l also need the data models, protocols and transports to instantiate the standards and ensure interoperability. &= nbsp;The charter states that we need to identify how what we standardize is= distinct from other standards (like NEA and MILE and others outside the IE= TF)…..the simple architecture I drew was to first call out distinguishers from NEA….but obviously, we nee= d to clarify this further.

 

Given the above I would draft the SACM simple architecture diagram= slightly differently.

[NCW]  Can you help clarify = from the provided architecture diagram what would be in scope for SACM?

[TF] The SACM box in the diagr= am is meant to represent the logical set of services that SACM is defining = based on the use cases.  The diagram is intended to show how those serves interact with external parties via stand= ardized interfaces based on the use cases. For example,  interaction b= etween the collector and the endpoint would be standardized via a protocol.= The components within the box are free to interact with each other by whatever means the vendor wants.  It s= hows the posture consumer interacting with SACM repository, the repository = could be a single or multiple physical services. It could be a file system = or RDBS. I don’t think SACM should care.  The same is true for the collection services.  While we know th= e services inside the box have to interact with each other, it’s not = clear we need to standardize those aspects based on the use cases. We assum= e implementers do whatever is appropriate and are free to offer a range of implementations to meet different markets. &= nbsp; This is a similar model LDAP for example where we have standardized t= he protocol for interaction with the service but it is an implementation de= tail on how the LDAP service stores it is data.

 

Trevor

 

 

.

 

 


_______________________________________________
sacm mailing list
sacm@ietf.org
ht= tps://www.ietf.org/mailman/listinfo/sacm

 

--_000_9904FB1B0159DA42B0B887B7FA8119CA2E460075AZFFEXMB04globa_-- From nobody Fri Mar 21 04:24:20 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A1C31A07DC for ; Fri, 21 Mar 2014 04:24:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.547 X-Spam-Level: X-Spam-Status: No, score=-2.547 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JruBNPJ8hSPH for ; Fri, 21 Mar 2014 04:24:17 -0700 (PDT) Received: from QMTA11.westchester.pa.mail.comcast.net (qmta11.westchester.pa.mail.comcast.net [IPv6:2001:558:fe14:44:76:96:59:211]) by ietfa.amsl.com (Postfix) with ESMTP id 7082C1A07B5 for ; Fri, 21 Mar 2014 04:24:17 -0700 (PDT) Received: from omta06.westchester.pa.mail.comcast.net ([76.96.62.51]) by QMTA11.westchester.pa.mail.comcast.net with comcast id gB5M1n00316LCl05BBQ8uj; Fri, 21 Mar 2014 11:24:08 +0000 Received: from JV6RVH1 ([67.189.237.137]) by omta06.westchester.pa.mail.comcast.net with comcast id gBQ71n00k2yZEBF3SBQ76P; Fri, 21 Mar 2014 11:24:08 +0000 From: "ietfdbh" To: References: <20140321111021.2860.30355.idtracker@ietfa.amsl.com> In-Reply-To: <20140321111021.2860.30355.idtracker@ietfa.amsl.com> Date: Fri, 21 Mar 2014 07:23:57 -0400 Message-ID: <01fb01cf44f8$0cffc2a0$26ff47e0$@comcast.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQH8w2X80pFmpmBSJTvalfqBKgn8gpqQZ/pA Content-Language: en-us DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1395401048; bh=nDmC55pwEqidVNUqo9YAf5fkyNWp7XvIKVuqX1RI0pE=; h=Received:Received:From:To:Subject:Date:Message-ID:MIME-Version: Content-Type; b=ZmnkTbVhd0kJvu99038zJfQjfS0ROIPpZB2xPowzgl8QdhUkQrGsMXAsEKNnZjFW7 pXQwLKHorbREqAEqlR9YoArrzbc9SysZuCAUmYb5Eq7VeP0SvfpCzCw3grMoF/RXT7 2f977WuGTmav00crafHumK3LMe7qw28KY35GqpjYa2pb4kOZXxf0yjNoQgG9Bm3x1u 2YHWqDdhRM7ljk+KZrsU6T6th1lJYObB+A37htSYhGwbI24x91UCRsd1oE139QGmSI S+qR9OMlN5naCl3bWUdPh9KgzYEUUlYXh5TvBz0aVXNY1NQM2GWFGkvBleBJUUtzUE Q92qO5Uic9LXw== Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/Lg3HsSkKSPg5iKdfPo5v3bJRIbs Subject: Re: [sacm] I-D Action: draft-ietf-sacm-terminology-03.txt X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Mar 2014 11:24:19 -0000 Hi, In the "newly defined terms" section, it states these are not explicitly defined in the IETF. Actually, by putting them in this draft, assuming it gets published as an RFC, they become explicitly defined by the IETF. David Harrington ietfdbh@comcast.net +1-603-828-1401 > -----Original Message----- > From: I-D-Announce [mailto:i-d-announce-bounces@ietf.org] On Behalf Of > internet-drafts@ietf.org > Sent: Friday, March 21, 2014 7:10 AM > To: i-d-announce@ietf.org > Cc: sacm@ietf.org > Subject: I-D Action: draft-ietf-sacm-terminology-03.txt > > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Security Automation and Continuous > Monitoring Working Group of the IETF. > > Title : Terminology for Security Assessment > Authors : David Waltermire > Adam W. Montville > David Harrington > Nancy Cam-Winget > Filename : draft-ietf-sacm-terminology-03.txt > Pages : 10 > Date : 2014-03-20 > > Abstract: > This memo documents terminology used in the documents produced by > SACM (Security Automation and Continuous Monitoring). > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-sacm-terminology/ > > There's also a htmlized version available at: > http://tools.ietf.org/html/draft-ietf-sacm-terminology-03 > > A diff from the previous version is available at: > http://www.ietf.org/rfcdiff?url2=draft-ietf-sacm-terminology-03 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > I-D-Announce mailing list > I-D-Announce@ietf.org > https://www.ietf.org/mailman/listinfo/i-d-announce > Internet-Draft directories: http://www.ietf.org/shadow.html > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt From nobody Fri Mar 21 04:38:01 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 898B81A08B9 for ; Fri, 21 Mar 2014 04:37:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.318 X-Spam-Level: * X-Spam-Status: No, score=1.318 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_06_12=1.543, RELAY_IS_221=2.222, RP_MATCHES_RCVD=-0.547] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p-6tPfUAMdYs for ; Fri, 21 Mar 2014 04:37:57 -0700 (PDT) Received: from cmccmta.chinamobile.com (cmccmta.chinamobile.com [221.176.64.232]) by ietfa.amsl.com (Postfix) with SMTP id E70D81A08AE for ; Fri, 21 Mar 2014 04:37:56 -0700 (PDT) Received: from spf.mail.chinamobile.com (unknown[172.16.20.12]) by rmmx-oa_allagent01-12001 (RichMail) with SMTP id 2ee1532c23facb2-c6cb2; Fri, 21 Mar 2014 19:35:22 +0800 (CST) X-RM-TRANSID: 2ee1532c23facb2-c6cb2 Received: from RonpuzzlePC (unknown[10.2.46.85]) by rmsmtp-oa_rmapp02-12002 (RichMail) with SMTP id 2ee2532c23f85e5-780c8; Fri, 21 Mar 2014 19:35:22 +0800 (CST) X-RM-TRANSID: 2ee2532c23f85e5-780c8 From: "Minpeng Qi" To: Date: Fri, 21 Mar 2014 11:37:41 +0800 Message-ID: <007c01cf44b6$e9d327e0$bd7977a0$@com> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: Ac9E+HmdHbDfV+pbQmSFfOS6frvrvgAQrbtg Content-Language: zh-cn Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/3hiR0Ayix6Jp4SKWx7r-ItX42V0 Subject: [sacm] FW: New Version Notification for draft-zhuang-sacm-telereq-01.txt X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Mar 2014 11:37:59 -0000 Hi all, We have updated our telecommunication requirement draft in order to make = it more clear.=20 The main update wording is about problem statement section. We removed = remediation and gave more detailed description for the other. All your comments are welcome and valuable. BRs, Minpeng -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6----- =E5=8F=91=E4=BB=B6=E4=BA=BA: internet-drafts@ietf.org = [mailto:internet-drafts@ietf.org]=20 =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2014=E5=B9=B43=E6=9C=8821=E6=97=A5 = 19:29 =E6=94=B6=E4=BB=B6=E4=BA=BA: Judy Zhu; Xiaojun Zhuang; Judy Zhu; Minpeng = Qi; Xiaojun Zhuang; Minpeng Qi =E4=B8=BB=E9=A2=98: New Version Notification for = draft-zhuang-sacm-telereq-01.txt A new version of I-D, draft-zhuang-sacm-telereq-01.txt has been successfully submitted by Minpeng Qi and posted to the IETF repository. Name: draft-zhuang-sacm-telereq Revision: 01 Title: Telecommunication Requirement Document date: 2014-03-20 Group: Individual Submission Pages: 7 URL: = http://www.ietf.org/internet-drafts/draft-zhuang-sacm-telereq-01.txt Status: = https://datatracker.ietf.org/doc/draft-zhuang-sacm-telereq/ Htmlized: http://tools.ietf.org/html/draft-zhuang-sacm-telereq-01 Diff: = http://www.ietf.org/rfcdiff?url2=3Ddraft-zhuang-sacm-telereq-01 Abstract: This memo documents describes an additional use case based on telecommunication scenario which is also fit for common enterprise = scenario = =20 Please note that it may take a couple of minutes from the time of = submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat From nobody Fri Mar 21 07:19:49 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B7431A0760 for ; Fri, 21 Mar 2014 07:19:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.448 X-Spam-Level: X-Spam-Status: No, score=-2.448 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Spdr0E52dvsU for ; Fri, 21 Mar 2014 07:19:45 -0700 (PDT) Received: from extmail1.yaanatech.com (extmail1.yaanatech.com [63.128.177.51]) by ietfa.amsl.com (Postfix) with SMTP id CAA161A0738 for ; Fri, 21 Mar 2014 07:19:45 -0700 (PDT) Received: from [192.168.1.51] (pool-71-171-106-160.clppva.fios.verizon.net [71.171.106.160]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by extmail1.yaanatech.com (Postfix) with ESMTP id 078375808B; Fri, 21 Mar 2014 14:22:21 +0000 (UTC) Message-ID: <532C4A77.6070705@yaanatech.com> Date: Fri, 21 Mar 2014 10:19:35 -0400 From: Tony Rutkowski Organization: Yaana Technologies User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 To: Minpeng Qi , sacm@ietf.org References: <007c01cf44b6$e9d327e0$bd7977a0$@com> In-Reply-To: <007c01cf44b6$e9d327e0$bd7977a0$@com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/12P7Sn3aot_BzKR4Xl6IXhn-EL4 Subject: Re: [sacm] FW: New Version Notification for draft-zhuang-sacm-telereq-01.txt X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: tony@yaanatech.com List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Mar 2014 14:19:47 -0000 Minpeng & Judy, You should be commended for integrating the telecom requirements into the SACM work and presumably also facilitating collaboration with SECAM work in SA3. best, tony On 2014-03-20 11:37 PM, Minpeng Qi wrote: > Hi all, > We have updated our telecommunication requirement draft in order to mak= e it more clear. > The main update wording is about problem statement section. We removed = remediation and gave more detailed description for the other. > All your comments are welcome and valuable. > > BRs, > Minpeng > > -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6----- > =E5=8F=91=E4=BB=B6=E4=BA=BA: internet-drafts@ietf.org [mailto:internet-= drafts@ietf.org] > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2014=E5=B9=B43=E6=9C=8821=E6=97=A5= 19:29 > =E6=94=B6=E4=BB=B6=E4=BA=BA: Judy Zhu; Xiaojun Zhuang; Judy Zhu; Minpen= g Qi; Xiaojun Zhuang; Minpeng Qi > =E4=B8=BB=E9=A2=98: New Version Notification for draft-zhuang-sacm-tele= req-01.txt > > > A new version of I-D, draft-zhuang-sacm-telereq-01.txt > has been successfully submitted by Minpeng Qi and posted to the > IETF repository. > > Name: draft-zhuang-sacm-telereq > Revision: 01 > Title: Telecommunication Requirement > Document date: 2014-03-20 > Group: Individual Submission > Pages: 7 > URL: http://www.ietf.org/internet-drafts/draft-zhuang-sacm-t= elereq-01.txt > Status: https://datatracker.ietf.org/doc/draft-zhuang-sacm-tele= req/ > Htmlized: http://tools.ietf.org/html/draft-zhuang-sacm-telereq-01 > Diff: http://www.ietf.org/rfcdiff?url2=3Ddraft-zhuang-sacm-te= lereq-01 > > Abstract: > This memo documents describes an additional use case based on > telecommunication scenario which is also fit for common enterprise = scenario > > = =20 > > > Please note that it may take a couple of minutes from the time of submi= ssion > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > > > > _______________________________________________ > sacm mailing list > sacm@ietf.org > https://www.ietf.org/mailman/listinfo/sacm --=20 Tony Rutkowski Yaana Technologies LLC 542 Gibraltar Dr. Milpitas CA 95035 USA From nobody Sun Mar 23 10:23:23 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C1F61A08A0; Fri, 21 Mar 2014 04:10:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0GJWbrCv2lBp; Fri, 21 Mar 2014 04:10:21 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D38881A03DF; Fri, 21 Mar 2014 04:10:21 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 5.2.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20140321111021.2860.30355.idtracker@ietfa.amsl.com> Date: Fri, 21 Mar 2014 04:10:21 -0700 Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/Bzsa-Ot9pAq1DP3aKLSHSm57KAk X-Mailman-Approved-At: Sun, 23 Mar 2014 10:23:21 -0700 Cc: sacm@ietf.org Subject: [sacm] I-D Action: draft-ietf-sacm-terminology-03.txt X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Mar 2014 11:10:23 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Security Automation and Continuous Monitoring Working Group of the IETF. Title : Terminology for Security Assessment Authors : David Waltermire Adam W. Montville David Harrington Nancy Cam-Winget Filename : draft-ietf-sacm-terminology-03.txt Pages : 10 Date : 2014-03-20 Abstract: This memo documents terminology used in the documents produced by SACM (Security Automation and Continuous Monitoring). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sacm-terminology/ There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-sacm-terminology-03 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=draft-ietf-sacm-terminology-03 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Sun Mar 23 19:13:10 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B87AC1A00B0 for ; Sun, 23 Mar 2014 19:13:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 4.855 X-Spam-Level: **** X-Spam-Status: No, score=4.855 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DATE_IN_PAST_06_12=1.543, MIME_8BIT_HEADER=0.3, RELAY_IS_221=2.222, T_RP_MATCHES_RCVD=-0.01] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PCoSLsZzA5jV for ; Sun, 23 Mar 2014 19:13:04 -0700 (PDT) Received: from cmccmta.chinamobile.com (cmccmta.chinamobile.com [221.176.64.232]) by ietfa.amsl.com (Postfix) with SMTP id D10BA1A00AB for ; Sun, 23 Mar 2014 19:13:03 -0700 (PDT) Received: from spf.mail.chinamobile.com (unknown[172.16.20.21]) by rmmx-oa_allagent01-12001 (RichMail) with SMTP id 2ee1532f941d027-ff027; Mon, 24 Mar 2014 10:10:38 +0800 (CST) X-RM-TRANSID: 2ee1532f941d027-ff027 Received: from RonpuzzlePC (unknown[10.2.51.6]) by rmsmtp-oa_rmapp03-12003 (RichMail) with SMTP id 2ee3532f941d8c6-b0092; Mon, 24 Mar 2014 10:10:38 +0800 (CST) X-RM-TRANSID: 2ee3532f941d8c6-b0092 From: "Minpeng Qi" To: , References: <007c01cf44b6$e9d327e0$bd7977a0$@com> <532C4A77.6070705@yaanatech.com> In-Reply-To: <532C4A77.6070705@yaanatech.com> Date: Mon, 24 Mar 2014 02:12:56 +0800 Message-ID: <00a301cf46c3$847e23e0$8d7a6ba0$@com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: Ac9FEEliGNcw7EWmR3CIZbbcb569gABrLeZA Content-Language: zh-cn Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/RES1fh6SEk8_s9E0gN4-NZm1iq0 Subject: [sacm] =?utf-8?b?562U5aSNOiAgRlc6IE5ldyBWZXJzaW9uIE5vdGlmaWNhdGlv?= =?utf-8?q?n_for_draft-zhuang-sacm-telereq-01=2Etxt?= X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Mar 2014 02:13:07 -0000 Hi Tony, Thanks for your comment. We'd like to merge it into the current SACM = work. The revision version is for clarification because we had received = comment that we need to make our requirement more clear. BRs, Minpeng -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6----- =E5=8F=91=E4=BB=B6=E4=BA=BA: sacm [mailto:sacm-bounces@ietf.org] = =E4=BB=A3=E8=A1=A8 Tony Rutkowski =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2014=E5=B9=B43=E6=9C=8821=E6=97=A5 = 22:20 =E6=94=B6=E4=BB=B6=E4=BA=BA: Minpeng Qi; sacm@ietf.org =E4=B8=BB=E9=A2=98: Re: [sacm] FW: New Version Notification for = draft-zhuang-sacm-telereq-01.txt Minpeng & Judy, You should be commended for integrating the telecom requirements into the SACM work and presumably also facilitating collaboration with SECAM work in SA3. best, tony On 2014-03-20 11:37 PM, Minpeng Qi wrote: > Hi all, > We have updated our telecommunication requirement draft in order to = make it more clear. > The main update wording is about problem statement section. We removed = remediation and gave more detailed description for the other. > All your comments are welcome and valuable. > > BRs, > Minpeng > > -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6----- > =E5=8F=91=E4=BB=B6=E4=BA=BA: internet-drafts@ietf.org = [mailto:internet-drafts@ietf.org] > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: = 2014=E5=B9=B43=E6=9C=8821=E6=97=A5 19:29 > =E6=94=B6=E4=BB=B6=E4=BA=BA: Judy Zhu; Xiaojun Zhuang; Judy Zhu; = Minpeng Qi; Xiaojun Zhuang; Minpeng Qi > =E4=B8=BB=E9=A2=98: New Version Notification for = draft-zhuang-sacm-telereq-01.txt > > > A new version of I-D, draft-zhuang-sacm-telereq-01.txt > has been successfully submitted by Minpeng Qi and posted to the > IETF repository. > > Name: draft-zhuang-sacm-telereq > Revision: 01 > Title: Telecommunication Requirement > Document date: 2014-03-20 > Group: Individual Submission > Pages: 7 > URL: = http://www.ietf.org/internet-drafts/draft-zhuang-sacm-telereq-01.txt > Status: = https://datatracker.ietf.org/doc/draft-zhuang-sacm-telereq/ > Htmlized: = http://tools.ietf.org/html/draft-zhuang-sacm-telereq-01 > Diff: = http://www.ietf.org/rfcdiff?url2=3Ddraft-zhuang-sacm-telereq-01 > > Abstract: > This memo documents describes an additional use case based on > telecommunication scenario which is also fit for common enterprise = scenario > > = =20 > > > Please note that it may take a couple of minutes from the time of = submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > > > > _______________________________________________ > sacm mailing list > sacm@ietf.org > https://www.ietf.org/mailman/listinfo/sacm --=20 Tony Rutkowski Yaana Technologies LLC 542 Gibraltar Dr. Milpitas CA 95035 USA _______________________________________________ sacm mailing list sacm@ietf.org https://www.ietf.org/mailman/listinfo/sacm From nobody Tue Mar 25 05:14:31 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C171E1A00A8 for ; Tue, 25 Mar 2014 05:13:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, GB_I_INVITATION=-2, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, T_REMOTE_IMAGE=0.01, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1_dkUkxqIV3B for ; Tue, 25 Mar 2014 05:13:53 -0700 (PDT) Received: from co300216-co-outbound.net.avaya.com (co300216-co-outbound.net.avaya.com [198.152.13.100]) by ietfa.amsl.com (Postfix) with ESMTP id 764171A00B4 for ; Tue, 25 Mar 2014 05:13:53 -0700 (PDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AmYFAFJyMVOHCzIm/2dsb2JhbABZgkIjITtXgwe4DAgbhzUZgQkWdIIlAQEBAQMBAQEPEQo7BhsCAQgNBAQBAQsdAwICAiULFAcBAQUDAgQTCAYUh1cBDKF9ikaiPBeOPRYXCgGCLkE1gRQEkFWBNId2hUKLPoMugis X-IronPort-AV: E=Sophos;i="4.97,728,1389762000"; d="txt'?scan'208,217";a="55002350" Received: from unknown (HELO p-us1-erheast-smtpauth.us1.avaya.com) ([135.11.50.38]) by co300216-co-outbound.net.avaya.com with ESMTP; 25 Mar 2014 08:13:51 -0400 Received: from unknown (HELO AZ-FFEXHC02.global.avaya.com) ([135.64.58.12]) by p-us1-erheast-out.us1.avaya.com with ESMTP/TLS/AES128-SHA; 25 Mar 2014 07:59:46 -0400 Received: from AZ-FFEXMB04.global.avaya.com ([fe80::6db7:b0af:8480:c126]) by AZ-FFEXHC02.global.avaya.com ([135.64.58.12]) with mapi id 14.03.0174.001; Tue, 25 Mar 2014 13:13:50 +0100 From: "Romascanu, Dan (Dan)" To: "sacm@ietf.org" Thread-Topic: [sacm] SACM WG Interim Meeting #3 Thread-Index: AQHPRCc4hwCovtyXRkioe+2teMX5i5rxvkcw Date: Tue, 25 Mar 2014 12:13:49 +0000 Message-ID: <9904FB1B0159DA42B0B887B7FA8119CA2E465698@AZ-FFEXMB04.global.avaya.com> References: <1649819437.993924.1395311335171.POLL_INVITECONTACT_PARTICIPANT_INVITATION.doodle@worker2> In-Reply-To: <1649819437.993924.1395311335171.POLL_INVITECONTACT_PARTICIPANT_INVITATION.doodle@worker2> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [135.64.58.46] Content-Type: multipart/mixed; boundary="_004_9904FB1B0159DA42B0B887B7FA8119CA2E465698AZFFEXMB04globa_" MIME-Version: 1.0 Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/ELWSJRYXnLj_msbLy0MXrhp4FGA Subject: [sacm] FW: SACM WG Interim Meeting #3 X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Mar 2014 12:13:56 -0000 --_004_9904FB1B0159DA42B0B887B7FA8119CA2E465698AZFFEXMB04globa_ Content-Type: multipart/alternative; boundary="_000_9904FB1B0159DA42B0B887B7FA8119CA2E465698AZFFEXMB04globa_" --_000_9904FB1B0159DA42B0B887B7FA8119CA2E465698AZFFEXMB04globa_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 VGhhbmtzIHRvIGFsbCB3aG8gaGF2ZSBleHByZXNzZWQgdGhlaXIgcHJlZmVyZW5jZXMgZm9yIHRo ZSB0aW1pbmcgb2YgdGhlIG5leHQgU0FDTSB2aXJ0dWFsIGludGVyaW0gbWVldGluZy4NCg0KV2Ug YXJlIHN0aWxsIG1pc3NpbmcgaW5wdXQgZnJvbSBtYW55IGNvbnRyaWJ1dG9ycywgaW5jbHVkaW5n IGEgZmV3IG9mIHRoZSBtb3N0IGFjdGl2ZSBwYXJ0aWNpcGFudHMgaW4gU0FDTS4gSSB3aWxsIGxl YXZlIHRoZSBwb2xsIG9wZW4gZm9yIGEgZmV3IG1vcmUgZGF5cywgYnV0IHBsZWFzZSBwYXJ0aWNp cGF0ZSBpbiB0aGUgcG9sbCwgc28gdGhhdCB3ZSBjYW4gcmVhY2ggYSBkZWNpc2lvbiB0aGF0IGlz IGFjY2VwdGFibGUgZm9yIG1vc3Qgb2YgeW91Lg0KDQpUaGFua3MgYW5kIFJlZ2FyZHMsDQoNCkRh bg0KDQoNCkZyb206IHNhY20gW21haWx0bzpzYWNtLWJvdW5jZXNAaWV0Zi5vcmddIE9uIEJlaGFs ZiBPZiBEYW4gUm9tYXNjYW51ICh2aWEgRG9vZGxlKQ0KU2VudDogVGh1cnNkYXksIE1hcmNoIDIw LCAyMDE0IDEyOjI5IFBNDQpUbzogc2FjbUBpZXRmLm9yZw0KU3ViamVjdDogW3NhY21dIFNBQ00g V0cgSW50ZXJpbSBNZWV0aW5nICMzDQoNCkRhbiBSb21hc2NhbnUgaW52aXRlcyB5b3UgdG8gcGFy dGljaXBhdGUgaW4gdGhlIERvb2RsZSBwb2xsICJTQUNNIFdHIEludGVyaW0gTWVldGluZyAjMy4i DQoNCg0KDQpbaHR0cHM6Ly9kb29kbGUuY29tL2dyYXBoaWNzL21haWxzMC9sb2dvLnBuZz90bWFp bD1wb2xsX2ludml0ZWNvbnRhY3RfcGFydGljaXBhbnRfaW52aXRhdGlvbiZ0bGluaz1vcGVuZWRd PGh0dHBzOi8vZG9vZGxlLmNvbS8/dG1haWw9cG9sbF9pbnZpdGVjb250YWN0X3BhcnRpY2lwYW50 X2ludml0YXRpb24mdGxpbms9bG9nbz4NCg0KDQoNCkhpIHRoZXJlLA0KDQoNCg0KDQoNCkRhbiBS b21hc2NhbnUgKGRyb21hc2NhQGF2YXlhLmNvbTxtYWlsdG86ZHJvbWFzY2FAYXZheWEuY29tPikg aW52aXRlcyB5b3UgdG8gcGFydGljaXBhdGUgaW4gdGhlIERvb2RsZSBwb2xsICJTQUNNIFdHIElu dGVyaW0gTWVldGluZyAjMyIuDQoNCg0KRGFuIFJvbWFzY2FudSBzYXlzOg0KVmlydHVhbCAoY29u ZmVyZW5jZSBjYWxsKSBJbnRlcmltIE1lZXRpbmcgb2YgdGhlIFNBQ00gV0cNCmR1cmF0aW9uIC0g MiBob3Vycw0KVGltZSBab25lIEVEVA0KDQoNCg0KUGFydGljaXBhdGUgbm93PGh0dHBzOi8vZG9v ZGxlLmNvbS84eWVpZXFicWVmeWc0aWl2P3RtYWlsPXBvbGxfaW52aXRlY29udGFjdF9wYXJ0aWNp cGFudF9pbnZpdGF0aW9uJnRsaW5rPXBvbGxidG4+DQoNCg0KDQoNCltodHRwOi8vZG9vZGxlLmNv bS9ncmFwaGljcy9tYWlsczAvaW5mby5wbmddDQoNCldoYXQgaXMgRG9vZGxlPyBEb29kbGUgaXMg YSB3ZWIgc2VydmljZSB0aGF0IGhlbHBzIERhbiBSb21hc2NhbnUgdG8gZmluZCBhIHN1aXRhYmxl IGRhdGUgZm9yIG1lZXRpbmcgd2l0aCBhIGdyb3VwIG9mIHBlb3BsZS4gTGVhcm4gbW9yZSBhYm91 dCBob3cgRG9vZGxlIHdvcmtzLjxodHRwczovL2Rvb2RsZS5jb20vbWFpbi5odG1sP3RsaW5rPWNo ZWNrT3V0TGluayZ0bWFpbD1wb2xsX2ludml0ZWNvbnRhY3RfcGFydGljaXBhbnRfaW52aXRhdGlv bj4NCg0KDQoNCllvdSBoYXZlIHJlY2VpdmVkIHRoaXMgZS1tYWlsIGJlY2F1c2UgIkRhbiBSb21h c2NhbnUiIGhhcyBpbnZpdGVkIHlvdSB0byBwYXJ0aWNpcGF0ZSBpbiB0aGUgRG9vZGxlIHBvbGwg IlNBQ00gV0cgSW50ZXJpbSBNZWV0aW5nICMzLiINCg0KDQoNCkRvb2RsZSBBRywgV2VyZHN0cmFz c2UgMjEsIDgwMjEgWsO8cmljaA0KDQoNCg0KDQo= --_000_9904FB1B0159DA42B0B887B7FA8119CA2E465698AZFFEXMB04globa_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTQgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPCEtLVtp ZiAhbXNvXT48c3R5bGU+dlw6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kb1w6KiB7 YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kd1w6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0 I1ZNTCk7fQ0KLnNoYXBlIHtiZWhhdmlvcjp1cmwoI2RlZmF1bHQjVk1MKTt9DQo8L3N0eWxlPjwh W2VuZGlmXS0tPjxzdHlsZT48IS0tDQovKiBGb250IERlZmluaXRpb25zICovDQpAZm9udC1mYWNl DQoJe2ZvbnQtZmFtaWx5OkNvdXJpZXI7DQoJcGFub3NlLTE6MiA3IDQgOSAyIDIgNSAyIDQgNDt9 DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OkNvdXJpZXI7DQoJcGFub3NlLTE6MiA3IDQgOSAy IDIgNSAyIDQgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3Nl LTE6MiAxNSA1IDIgMiAyIDQgMyAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpUYWhv bWE7DQoJcGFub3NlLTE6MiAxMSA2IDQgMyA1IDQgNCAyIDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlv bnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWwsIGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2lu OjBjbTsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjEyLjBwdDsNCglmb250 LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIiwic2VyaWYiO30NCmE6bGluaywgc3Bhbi5Nc29IeXBl cmxpbmsNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNv cmF0aW9uOnVuZGVybGluZTt9DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQN Cgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRp b246dW5kZXJsaW5lO30NCnNwYW4uRW1haWxTdHlsZTE3DQoJe21zby1zdHlsZS10eXBlOnBlcnNv bmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7DQoJY29sb3I6 IzFGNDk3RDt9DQouTXNvQ2hwRGVmYXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsN Cglmb250LXNpemU6MTAuMHB0O30NCkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXplOjYxMi4wcHQg NzkyLjBwdDsNCgltYXJnaW46NzIuMHB0IDkwLjBwdCA3Mi4wcHQgOTAuMHB0O30NCmRpdi5Xb3Jk U2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLS0+PC9zdHlsZT48IS0tW2lmIGd0ZSBt c28gOV0+PHhtbD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpleHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYi IC8+DQo8L3htbD48IVtlbmRpZl0tLT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBl bGF5b3V0IHY6ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPg0K PC9vOnNoYXBlbGF5b3V0PjwveG1sPjwhW2VuZGlmXS0tPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0i RU4tVVMiIGxpbms9ImJsdWUiIHZsaW5rPSJwdXJwbGUiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rp b24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0 O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztj b2xvcjojMUY0OTdEIj5UaGFua3MgdG8gYWxsIHdobyBoYXZlIGV4cHJlc3NlZCB0aGVpciBwcmVm ZXJlbmNlcyBmb3IgdGhlIHRpbWluZyBvZiB0aGUgbmV4dCBTQUNNIHZpcnR1YWwgaW50ZXJpbSBt ZWV0aW5nLg0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90 OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+ PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6 MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZx dW90Oztjb2xvcjojMUY0OTdEIj5XZSBhcmUgc3RpbGwgbWlzc2luZyBpbnB1dCBmcm9tIG1hbnkg Y29udHJpYnV0b3JzLCBpbmNsdWRpbmcgYSBmZXcgb2YgdGhlIG1vc3QgYWN0aXZlIHBhcnRpY2lw YW50cyBpbiBTQUNNLiBJIHdpbGwgbGVhdmUgdGhlIHBvbGwgb3BlbiBmb3IgYSBmZXcgbW9yZSBk YXlzLA0KIGJ1dCBwbGVhc2UgcGFydGljaXBhdGUgaW4gdGhlIHBvbGwsIHNvIHRoYXQgd2UgY2Fu IHJlYWNoIGEgZGVjaXNpb24gdGhhdCBpcyBhY2NlcHRhYmxlIGZvciBtb3N0IG9mIHlvdS4NCjxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJm b250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fu cy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250 LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6 IzFGNDk3RCI+VGhhbmtzIGFuZCBSZWdhcmRzLDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5 OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdE Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7 LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+RGFuPG86cD48L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4w cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7 O2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90 O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj48bzpw PiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXIt bGVmdDpzb2xpZCBibHVlIDEuNXB0O3BhZGRpbmc6MGNtIDBjbSAwY20gNC4wcHQiPg0KPGRpdj4N CjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci10b3A6c29saWQgI0I1QzRERiAxLjBwdDtw YWRkaW5nOjMuMHB0IDBjbSAwY20gMGNtIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFu IHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1RhaG9tYSZxdW90Oywm cXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij5Gcm9tOjwvc3Bhbj48L2I+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VGFob21hJnF1b3Q7LCZxdW90O3NhbnMtc2Vy aWYmcXVvdDsiPiBzYWNtIFttYWlsdG86c2FjbS1ib3VuY2VzQGlldGYub3JnXQ0KPGI+T24gQmVo YWxmIE9mIDwvYj5EYW4gUm9tYXNjYW51ICh2aWEgRG9vZGxlKTxicj4NCjxiPlNlbnQ6PC9iPiBU aHVyc2RheSwgTWFyY2ggMjAsIDIwMTQgMTI6MjkgUE08YnI+DQo8Yj5Ubzo8L2I+IHNhY21AaWV0 Zi5vcmc8YnI+DQo8Yj5TdWJqZWN0OjwvYj4gW3NhY21dIFNBQ00gV0cgSW50ZXJpbSBNZWV0aW5n ICMzPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIiBzdHlsZT0iYmFja2dyb3VuZDp3aGl0ZSI+RGFuIFJvbWFzY2FudSBpbnZpdGVzIHlv dSB0byBwYXJ0aWNpcGF0ZSBpbiB0aGUgRG9vZGxlIHBvbGwgJnF1b3Q7U0FDTSBXRyBJbnRlcmlt IE1lZXRpbmcgIzMuJnF1b3Q7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXYgYWxpZ249ImNl bnRlciI+DQo8dGFibGUgY2xhc3M9Ik1zb05vcm1hbFRhYmxlIiBib3JkZXI9IjAiIGNlbGxzcGFj aW5nPSIwIiBjZWxscGFkZGluZz0iMCIgd2lkdGg9IjEwMCUiIHN0eWxlPSJ3aWR0aDoxMDAuMCU7 YmFja2dyb3VuZDp3aGl0ZTtoZWlnaHQ6MTAwJSFpbXBvcnRhbnQ7d2lkdGg6MTAwJSFpbXBvcnRh bnQiPg0KPHRib2R5Pg0KPHRyPg0KPHRkIHZhbGlnbj0idG9wIiBzdHlsZT0icGFkZGluZzowY20g MGNtIDBjbSAwY20iPg0KPGRpdiBhbGlnbj0iY2VudGVyIj4NCjx0YWJsZSBjbGFzcz0iTXNvTm9y bWFsVGFibGUiIGJvcmRlcj0iMCIgY2VsbHNwYWNpbmc9IjAiIGNlbGxwYWRkaW5nPSIwIiB3aWR0 aD0iNDgwIiBzdHlsZT0id2lkdGg6MzYwLjBwdDtiYWNrZ3JvdW5kOndoaXRlIj4NCjx0Ym9keT4N Cjx0ciBzdHlsZT0iaGVpZ2h0OjIxLjBwdCI+DQo8dGQgY29sc3Bhbj0iNCIgc3R5bGU9InBhZGRp bmc6MGNtIDBjbSAwY20gMGNtO2hlaWdodDoyMS4wcHQiPjwvdGQ+DQo8L3RyPg0KPHRyPg0KPHRk IHN0eWxlPSJwYWRkaW5nOjBjbSAwY20gMGNtIDBjbSI+DQo8dGFibGUgY2xhc3M9Ik1zb05vcm1h bFRhYmxlIiBib3JkZXI9IjAiIGNlbGxzcGFjaW5nPSIwIiBjZWxscGFkZGluZz0iMCIgd2lkdGg9 IjQ4MCIgc3R5bGU9IndpZHRoOjM2MC4wcHQ7YmFja2dyb3VuZDp3aGl0ZSIgaWQ9InRlbXBsYXRl SGVhZGVyIj4NCjx0Ym9keT4NCjx0ciBzdHlsZT0iaGVpZ2h0OjIxLjBwdCI+DQo8dGQgY29sc3Bh bj0iNCIgc3R5bGU9InBhZGRpbmc6MGNtIDBjbSAwY20gMGNtO2hlaWdodDoyMS4wcHQiPjwvdGQ+ DQo8L3RyPg0KPHRyIHN0eWxlPSJoZWlnaHQ6MTkuNXB0Ij4NCjx0ZCB3aWR0aD0iMTUiIHZhbGln bj0iYm90dG9tIiBzdHlsZT0id2lkdGg6MTEuMjVwdDtwYWRkaW5nOjBjbSAwY20gMGNtIDBjbTto ZWlnaHQ6MTkuNXB0Ij4NCjwvdGQ+DQo8dGQgd2lkdGg9IjEyMCIgdmFsaWduPSJib3R0b20iIHN0 eWxlPSJ3aWR0aDo5MC4wcHQ7cGFkZGluZzowY20gMGNtIDBjbSAwY207aGVpZ2h0OjE5LjVwdCI+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48YSBocmVmPSJodHRwczovL2Rvb2RsZS5jb20vP3RtYWls PXBvbGxfaW52aXRlY29udGFjdF9wYXJ0aWNpcGFudF9pbnZpdGF0aW9uJmFtcDt0bGluaz1sb2dv Ij48c3BhbiBzdHlsZT0idGV4dC1kZWNvcmF0aW9uOm5vbmUiPjxpbWcgYm9yZGVyPSIwIiBoZWln aHQ9IjI2IiBpZD0iX3gwMDAwX2kxMDI1IiBzcmM9Imh0dHBzOi8vZG9vZGxlLmNvbS9ncmFwaGlj cy9tYWlsczAvbG9nby5wbmc/dG1haWw9cG9sbF9pbnZpdGVjb250YWN0X3BhcnRpY2lwYW50X2lu dml0YXRpb24mYW1wO3RsaW5rPW9wZW5lZCI+PC9zcGFuPjwvYT48bzpwPjwvbzpwPjwvcD4NCjwv dGQ+DQo8dGQgd2lkdGg9IjMzMCIgdmFsaWduPSJib3R0b20iIHN0eWxlPSJ3aWR0aDoyNDcuNXB0 O3BhZGRpbmc6MGNtIDBjbSAwY20gMGNtO2hlaWdodDoxOS41cHQiPg0KPC90ZD4NCjx0ZCB3aWR0 aD0iMTUiIHZhbGlnbj0iYm90dG9tIiBzdHlsZT0id2lkdGg6MTEuMjVwdDtwYWRkaW5nOjBjbSAw Y20gMGNtIDBjbTtoZWlnaHQ6MTkuNXB0Ij4NCjwvdGQ+DQo8L3RyPg0KPHRyIHN0eWxlPSJoZWln aHQ6OS4wcHQiPg0KPHRkIGNvbHNwYW49IjQiIHN0eWxlPSJwYWRkaW5nOjBjbSAwY20gMGNtIDBj bTtoZWlnaHQ6OS4wcHQiPjwvdGQ+DQo8L3RyPg0KPC90Ym9keT4NCjwvdGFibGU+DQo8L3RkPg0K PHRkIHN0eWxlPSJwYWRkaW5nOjBjbSAwY20gMGNtIDBjbSI+PC90ZD4NCjx0ZCBzdHlsZT0icGFk ZGluZzowY20gMGNtIDBjbSAwY20iPjwvdGQ+DQo8dGQgc3R5bGU9InBhZGRpbmc6MGNtIDBjbSAw Y20gMGNtIj48L3RkPg0KPC90cj4NCjx0cj4NCjx0ZCB2YWxpZ249InRvcCIgc3R5bGU9ImJvcmRl cjpub25lO2JvcmRlci10b3A6c29saWQgI0UwRTdGMCAxLjBwdDtiYWNrZ3JvdW5kOiNGNUY5RkQ7 cGFkZGluZzowY20gMGNtIDBjbSAwY20iPg0KPHRhYmxlIGNsYXNzPSJNc29Ob3JtYWxUYWJsZSIg Ym9yZGVyPSIwIiBjZWxsc3BhY2luZz0iMCIgY2VsbHBhZGRpbmc9IjAiIHdpZHRoPSIxMDAlIiBz dHlsZT0id2lkdGg6MTAwLjAlIj4NCjx0Ym9keT4NCjx0cj4NCjx0ZCB2YWxpZ249InRvcCIgc3R5 bGU9InBhZGRpbmc6MTUuMHB0IDExLjI1cHQgMGNtIDExLjI1cHQiPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9ImxpbmUtaGVpZ2h0OjE4Ljc1cHQiPjxzcGFuIHN0eWxlPSJmb250LWZhbWls eTomcXVvdDtBcmlhbCZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMyMjIyMjIi PkhpIHRoZXJlLA0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPC90ZD4NCjwvdHI+DQo8L3Rib2R5 Pg0KPC90YWJsZT4NCjwvdGQ+DQo8dGQgc3R5bGU9InBhZGRpbmc6MGNtIDBjbSAwY20gMGNtIj48 L3RkPg0KPHRkIHN0eWxlPSJwYWRkaW5nOjBjbSAwY20gMGNtIDBjbSI+PC90ZD4NCjx0ZCBzdHls ZT0icGFkZGluZzowY20gMGNtIDBjbSAwY20iPjwvdGQ+DQo8L3RyPg0KPHRyPg0KPHRkIHZhbGln bj0idG9wIiBzdHlsZT0iYmFja2dyb3VuZDojRjVGOUZEO3BhZGRpbmc6MGNtIDBjbSAwY20gMGNt Ij4NCjx0YWJsZSBjbGFzcz0iTXNvTm9ybWFsVGFibGUiIGJvcmRlcj0iMCIgY2VsbHNwYWNpbmc9 IjAiIGNlbGxwYWRkaW5nPSIwIiB3aWR0aD0iMTAwJSIgc3R5bGU9IndpZHRoOjEwMC4wJSI+DQo8 dGJvZHk+DQo8dHI+DQo8dGQgdmFsaWduPSJ0b3AiIHN0eWxlPSJwYWRkaW5nOjBjbSAxMS4yNXB0 IDBjbSAxMS4yNXB0Ij4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJsaW5lLWhlaWdodDox My41cHQiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OywmcXVvdDtz YW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiM1NzU3NTciPiZuYnNwOw0KPG86cD48L286cD48L3NwYW4+ PC9wPg0KPC90ZD4NCjwvdHI+DQo8L3Rib2R5Pg0KPC90YWJsZT4NCjwvdGQ+DQo8dGQgc3R5bGU9 InBhZGRpbmc6MGNtIDBjbSAwY20gMGNtIj48L3RkPg0KPHRkIHN0eWxlPSJwYWRkaW5nOjBjbSAw Y20gMGNtIDBjbSI+PC90ZD4NCjx0ZCBzdHlsZT0icGFkZGluZzowY20gMGNtIDBjbSAwY20iPjwv dGQ+DQo8L3RyPg0KPHRyPg0KPHRkIHZhbGlnbj0idG9wIiBzdHlsZT0iYmFja2dyb3VuZDojRjVG OUZEO3BhZGRpbmc6MGNtIDExLjI1cHQgMTUuMHB0IDExLjI1cHQiPg0KPHRhYmxlIGNsYXNzPSJN c29Ob3JtYWxUYWJsZSIgYm9yZGVyPSIwIiBjZWxsc3BhY2luZz0iMCIgY2VsbHBhZGRpbmc9IjAi IHdpZHRoPSIxMDAlIiBzdHlsZT0id2lkdGg6MTAwLjAlIj4NCjx0Ym9keT4NCjx0cj4NCjx0ZCB2 YWxpZ249InRvcCIgc3R5bGU9InBhZGRpbmc6MGNtIDBjbSAwY20gMGNtIj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiIHN0eWxlPSJsaW5lLWhlaWdodDoxOC43NXB0Ij48c3BhbiBzdHlsZT0iZm9udC1m YW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojNTc1 NzU3Ij5EYW4gUm9tYXNjYW51ICg8YSBocmVmPSJtYWlsdG86ZHJvbWFzY2FAYXZheWEuY29tIj5k cm9tYXNjYUBhdmF5YS5jb208L2E+KSBpbnZpdGVzIHlvdSB0byBwYXJ0aWNpcGF0ZSBpbiB0aGUg RG9vZGxlIHBvbGwNCjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwm cXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMjIyMjIyIj4mcXVvdDtTQUNNIFdH IEludGVyaW0gTWVldGluZyAjMyZxdW90Ozwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6 JnF1b3Q7QXJpYWwmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojNTc1NzU3Ij4u DQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L3RkPg0KPC90cj4NCjwvdGJvZHk+DQo8L3RhYmxl Pg0KPC90ZD4NCjx0ZCBzdHlsZT0icGFkZGluZzowY20gMGNtIDBjbSAwY20iPjwvdGQ+DQo8dGQg c3R5bGU9InBhZGRpbmc6MGNtIDBjbSAwY20gMGNtIj48L3RkPg0KPHRkIHN0eWxlPSJwYWRkaW5n OjBjbSAwY20gMGNtIDBjbSI+PC90ZD4NCjwvdHI+DQo8dHI+DQo8dGQgdmFsaWduPSJ0b3AiIHN0 eWxlPSJiYWNrZ3JvdW5kOiNGNUY5RkQ7cGFkZGluZzowY20gMTEuMjVwdCAxMy41cHQgMTEuMjVw dCI+DQo8dGFibGUgY2xhc3M9Ik1zb05vcm1hbFRhYmxlIiBib3JkZXI9IjAiIGNlbGxzcGFjaW5n PSIwIiBjZWxscGFkZGluZz0iMCIgd2lkdGg9IjEwMCUiIHN0eWxlPSJ3aWR0aDoxMDAuMCUiPg0K PHRib2R5Pg0KPHRyPg0KPHRkIHZhbGlnbj0idG9wIiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVy LWxlZnQ6c29saWQgI0QwRTNGQiAyLjI1cHQ7cGFkZGluZzo2LjBwdCAwY20gNi4wcHQgMTAuNXB0 Ij4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJsaW5lLWhlaWdodDoxNi41cHQiPjxzcGFu IHN0eWxlPSJmb250LXNpemU6MTEuNXB0O2ZvbnQtZmFtaWx5OkNvdXJpZXI7Y29sb3I6IzIyMjIy MiI+RGFuIFJvbWFzY2FudSBzYXlzOg0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9ImxpbmUtaGVpZ2h0OjE2LjVwdCI+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMS41cHQ7Zm9udC1mYW1pbHk6Q291cmllcjtjb2xvcjojNTc1NzU3Ij5WaXJ0dWFsIChj b25mZXJlbmNlIGNhbGwpIEludGVyaW0gTWVldGluZyBvZiB0aGUgU0FDTSBXRzxicj4NCmR1cmF0 aW9uIC0gMiBob3Vyczxicj4NClRpbWUgWm9uZSBFRFQgPG86cD48L286cD48L3NwYW4+PC9wPg0K PC90ZD4NCjwvdHI+DQo8L3Rib2R5Pg0KPC90YWJsZT4NCjwvdGQ+DQo8dGQgc3R5bGU9InBhZGRp bmc6MGNtIDBjbSAwY20gMGNtIj48L3RkPg0KPHRkIHN0eWxlPSJwYWRkaW5nOjBjbSAwY20gMGNt IDBjbSI+PC90ZD4NCjx0ZCBzdHlsZT0icGFkZGluZzowY20gMGNtIDBjbSAwY20iPjwvdGQ+DQo8 L3RyPg0KPHRyPg0KPHRkIHN0eWxlPSJiYWNrZ3JvdW5kOiNERkVDRkM7cGFkZGluZzowY20gMGNt IDBjbSAwY20iPg0KPHRhYmxlIGNsYXNzPSJNc29Ob3JtYWxUYWJsZSIgYm9yZGVyPSIwIiBjZWxs c3BhY2luZz0iMCIgY2VsbHBhZGRpbmc9IjAiIHdpZHRoPSIxMDAlIiBzdHlsZT0id2lkdGg6MTAw LjAlIj4NCjx0Ym9keT4NCjx0ciBzdHlsZT0iaGVpZ2h0OjcuNXB0Ij4NCjx0ZCB3aWR0aD0iMTUi IGNvbHNwYW49IjMiIHZhbGlnbj0idG9wIiBzdHlsZT0id2lkdGg6MTEuMjVwdDtwYWRkaW5nOjBj bSAwY20gMGNtIDBjbTtoZWlnaHQ6Ny41cHQiPg0KPC90ZD4NCjwvdHI+DQo8dHI+DQo8dGQgc3R5 bGU9InBhZGRpbmc6MGNtIDBjbSAwY20gMGNtO2JveC1zaGFkb3c6IDBweCAwcHggMnB4IDAgcmdi KDAsIDAsIDAuMjgpO2JvcmRlci1yYWRpdXM6IDNweCI+DQo8dGFibGUgY2xhc3M9Ik1zb05vcm1h bFRhYmxlIiBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBzdHlsZT0iYm9yZGVyLXNwYWNpbmc6 IDE0cHggMHB4Ij4NCjx0Ym9keT4NCjx0cj4NCjx0ZCBzdHlsZT0iYmFja2dyb3VuZDojMDA2NkRE O3BhZGRpbmc6My4wcHQgNS4yNXB0IDMuMHB0IDUuMjVwdCI+DQo8cCBjbGFzcz0iTXNvTm9ybWFs IiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OjBjbTttYXJnaW4tcmlnaHQ6Mi4yNXB0O21hcmdp bi1ib3R0b206MGNtO21hcmdpbi1sZWZ0OjEzLjVwdDttYXJnaW4tYm90dG9tOi4wMDAxcHQ7bGlu ZS1oZWlnaHQ6MTMuNXB0Ij4NCjxiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQt ZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxhIGhyZWY9 Imh0dHBzOi8vZG9vZGxlLmNvbS84eWVpZXFicWVmeWc0aWl2P3RtYWlsPXBvbGxfaW52aXRlY29u dGFjdF9wYXJ0aWNpcGFudF9pbnZpdGF0aW9uJmFtcDt0bGluaz1wb2xsYnRuIj48c3BhbiBzdHls ZT0iY29sb3I6d2hpdGU7dGV4dC1kZWNvcmF0aW9uOm5vbmUiPlBhcnRpY2lwYXRlJm5ic3A7bm93 PC9zcGFuPjwvYT4NCjxvOnA+PC9vOnA+PC9zcGFuPjwvYj48L3A+DQo8L3RkPg0KPC90cj4NCjwv dGJvZHk+DQo8L3RhYmxlPg0KPC90ZD4NCjx0ZCBzdHlsZT0icGFkZGluZzowY20gMGNtIDBjbSAw Y20iPjwvdGQ+DQo8dGQgc3R5bGU9InBhZGRpbmc6MGNtIDBjbSAwY20gMGNtIj48L3RkPg0KPC90 cj4NCjx0ciBzdHlsZT0iaGVpZ2h0OjcuNXB0Ij4NCjx0ZCB3aWR0aD0iMTUiIGNvbHNwYW49IjMi IHZhbGlnbj0idG9wIiBzdHlsZT0id2lkdGg6MTEuMjVwdDtwYWRkaW5nOjBjbSAwY20gMGNtIDBj bTtoZWlnaHQ6Ny41cHQiPg0KPC90ZD4NCjwvdHI+DQo8L3Rib2R5Pg0KPC90YWJsZT4NCjwvdGQ+ DQo8dGQgc3R5bGU9InBhZGRpbmc6MGNtIDBjbSAwY20gMGNtIj48L3RkPg0KPHRkIHN0eWxlPSJw YWRkaW5nOjBjbSAwY20gMGNtIDBjbSI+PC90ZD4NCjx0ZCBzdHlsZT0icGFkZGluZzowY20gMGNt IDBjbSAwY20iPjwvdGQ+DQo8L3RyPg0KPHRyPg0KPHRkIHZhbGlnbj0idG9wIiBzdHlsZT0iYm9y ZGVyOnNvbGlkICNERkVDRkMgMS4wcHQ7cGFkZGluZzoxMS4yNXB0IDExLjI1cHQgMTEuMjVwdCAx MS4yNXB0Ij4NCjx0YWJsZSBjbGFzcz0iTXNvTm9ybWFsVGFibGUiIGJvcmRlcj0iMCIgY2VsbHNw YWNpbmc9IjAiIGNlbGxwYWRkaW5nPSIwIiB3aWR0aD0iMTAwJSIgc3R5bGU9IndpZHRoOjEwMC4w JSI+DQo8dGJvZHk+DQo8dHI+DQo8dGQgd2lkdGg9IjM1IiB2YWxpZ249InRvcCIgc3R5bGU9Indp ZHRoOjI2LjI1cHQ7cGFkZGluZzowY20gMGNtIDBjbSAwY20iPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PGltZyBib3JkZXI9IjAiIGlkPSJfeDAwMDBfaTEwMjYiIHNyYz0iaHR0cDovL2Rvb2RsZS5j b20vZ3JhcGhpY3MvbWFpbHMwL2luZm8ucG5nIj48bzpwPjwvbzpwPjwvcD4NCjwvdGQ+DQo8dGQg dmFsaWduPSJ0b3AiIHN0eWxlPSJwYWRkaW5nOjBjbSAwY20gMGNtIDBjbSI+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImxpbmUtaGVpZ2h0OjE2LjVwdCI+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZTo5LjBwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OywmcXVvdDtzYW5z LXNlcmlmJnF1b3Q7O2NvbG9yOiMyMjIyMjIiPldoYXQgaXMgRG9vZGxlPzwvc3Bhbj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjkuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LCZxdW90 O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzU3NTc1NyI+IERvb2RsZSBpcyBhIHdlYiBzZXJ2aWNl IHRoYXQgaGVscHMNCiBEYW4gUm9tYXNjYW51IHRvIGZpbmQgYSBzdWl0YWJsZSBkYXRlIGZvciBt ZWV0aW5nIHdpdGggYSBncm91cCBvZiBwZW9wbGUuIDxhIGhyZWY9Imh0dHBzOi8vZG9vZGxlLmNv bS9tYWluLmh0bWw/dGxpbms9Y2hlY2tPdXRMaW5rJmFtcDt0bWFpbD1wb2xsX2ludml0ZWNvbnRh Y3RfcGFydGljaXBhbnRfaW52aXRhdGlvbiI+DQpMZWFybiBtb3JlIGFib3V0IGhvdyBEb29kbGUg d29ya3MuPC9hPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC90ZD4NCjwvdHI+DQo8 L3Rib2R5Pg0KPC90YWJsZT4NCjwvdGQ+DQo8dGQgc3R5bGU9InBhZGRpbmc6MGNtIDBjbSAwY20g MGNtIj48L3RkPg0KPHRkIHN0eWxlPSJwYWRkaW5nOjBjbSAwY20gMGNtIDBjbSI+PC90ZD4NCjx0 ZCBzdHlsZT0icGFkZGluZzowY20gMGNtIDBjbSAwY20iPjwvdGQ+DQo8L3RyPg0KPHRyPg0KPHRk IHZhbGlnbj0idG9wIiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLXRvcDpzb2xpZCAjRjVGOUZE IDEuMHB0O3BhZGRpbmc6MGNtIDBjbSAwY20gMGNtIj4NCjxkaXYgYWxpZ249ImNlbnRlciI+DQo8 dGFibGUgY2xhc3M9Ik1zb05vcm1hbFRhYmxlIiBib3JkZXI9IjAiIGNlbGxzcGFjaW5nPSIwIiBj ZWxscGFkZGluZz0iMCI+DQo8dGJvZHk+DQo8dHIgc3R5bGU9ImhlaWdodDoxOC4wcHQiPg0KPHRk IHN0eWxlPSJwYWRkaW5nOjBjbSAwY20gMGNtIDBjbTtoZWlnaHQ6MTguMHB0Ij48L3RkPg0KPC90 cj4NCjx0cj4NCjx0ZCB2YWxpZ249InRvcCIgc3R5bGU9InBhZGRpbmc6MGNtIDExLjI1cHQgNi43 NXB0IDExLjI1cHQiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImxpbmUtaGVpZ2h0OjEy LjBwdCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTo5LjBwdDtmb250LWZhbWlseTomcXVvdDtBcmlh bCZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiM5OTk5OTkiPllvdSBoYXZlIHJl Y2VpdmVkIHRoaXMgZS1tYWlsIGJlY2F1c2UgJnF1b3Q7RGFuIFJvbWFzY2FudSZxdW90OyBoYXMg aW52aXRlZCB5b3UgdG8gcGFydGljaXBhdGUgaW4gdGhlIERvb2RsZSBwb2xsICZxdW90O1NBQ00g V0cgSW50ZXJpbSBNZWV0aW5nICMzLiZxdW90Ow0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPC90 ZD4NCjwvdHI+DQo8dHIgc3R5bGU9ImhlaWdodDo5LjBwdCI+DQo8dGQgc3R5bGU9InBhZGRpbmc6 MGNtIDBjbSAwY20gMGNtO2hlaWdodDo5LjBwdCI+PC90ZD4NCjwvdHI+DQo8L3Rib2R5Pg0KPC90 YWJsZT4NCjwvZGl2Pg0KPC90ZD4NCjx0ZCBzdHlsZT0icGFkZGluZzowY20gMGNtIDBjbSAwY20i PjwvdGQ+DQo8dGQgc3R5bGU9InBhZGRpbmc6MGNtIDBjbSAwY20gMGNtIj48L3RkPg0KPHRkIHN0 eWxlPSJwYWRkaW5nOjBjbSAwY20gMGNtIDBjbSI+PC90ZD4NCjwvdHI+DQo8dHI+DQo8dGQgdmFs aWduPSJ0b3AiIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItdG9wOnNvbGlkICNEREREREQgMS4w cHQ7cGFkZGluZzowY20gMGNtIDBjbSAwY20iPg0KPHRhYmxlIGNsYXNzPSJNc29Ob3JtYWxUYWJs ZSIgYm9yZGVyPSIwIiBjZWxsc3BhY2luZz0iMCIgY2VsbHBhZGRpbmc9IjAiIHdpZHRoPSIxMDAl IiBzdHlsZT0id2lkdGg6MTAwLjAlIj4NCjx0Ym9keT4NCjx0cj4NCjx0ZCB2YWxpZ249InRvcCIg c3R5bGU9InBhZGRpbmc6OS4wcHQgMTEuMjVwdCAxNS4wcHQgMTEuMjVwdCI+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIiBzdHlsZT0ibGluZS1oZWlnaHQ6MTIuNzVwdCI+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZTo5LjBwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OywmcXVvdDtzYW5zLXNlcmlm JnF1b3Q7O2NvbG9yOiM5OTk5OTkiPkRvb2RsZSBBRywgV2VyZHN0cmFzc2UgMjEsIDgwMjEgWsO8 cmljaA0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPC90ZD4NCjwvdHI+DQo8L3Rib2R5Pg0KPC90 YWJsZT4NCjwvdGQ+DQo8dGQgc3R5bGU9InBhZGRpbmc6MGNtIDBjbSAwY20gMGNtIj48L3RkPg0K PHRkIHN0eWxlPSJwYWRkaW5nOjBjbSAwY20gMGNtIDBjbSI+PC90ZD4NCjx0ZCBzdHlsZT0icGFk ZGluZzowY20gMGNtIDBjbSAwY20iPjwvdGQ+DQo8L3RyPg0KPC90Ym9keT4NCjwvdGFibGU+DQo8 L2Rpdj4NCjwvdGQ+DQo8L3RyPg0KPC90Ym9keT4NCjwvdGFibGU+DQo8L2Rpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2 Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_9904FB1B0159DA42B0B887B7FA8119CA2E465698AZFFEXMB04globa_-- --_004_9904FB1B0159DA42B0B887B7FA8119CA2E465698AZFFEXMB04globa_ Content-Type: text/plain; name="ATT00001.txt" Content-Description: ATT00001.txt Content-Disposition: attachment; filename="ATT00001.txt"; size=127; creation-date="Thu, 20 Mar 2014 10:29:04 GMT"; modification-date="Thu, 20 Mar 2014 10:29:04 GMT" Content-ID: <7F0E839E1239EA40B1610CC9E6DEEF1C@avaya.com> Content-Transfer-Encoding: base64 X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCnNhY20gbWFp bGluZyBsaXN0DQpzYWNtQGlldGYub3JnDQpodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xp c3RpbmZvL3NhY20NCg== --_004_9904FB1B0159DA42B0B887B7FA8119CA2E465698AZFFEXMB04globa_-- From nobody Tue Mar 25 06:50:50 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1F501A0142 for ; Tue, 25 Mar 2014 06:50:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WoReVanb2kmm for ; Tue, 25 Mar 2014 06:50:41 -0700 (PDT) Received: from mail-ob0-f178.google.com (mail-ob0-f178.google.com [209.85.214.178]) by ietfa.amsl.com (Postfix) with ESMTP id 7D3111A013A for ; Tue, 25 Mar 2014 06:50:41 -0700 (PDT) Received: by mail-ob0-f178.google.com with SMTP id wp18so557465obc.37 for ; Tue, 25 Mar 2014 06:50:40 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=xp/sBfevzQNX+Vea++NVTgfByU+oFBaN0E8u7BzYRX0=; b=EaEJOZHpNt+azMhJZItH4w/YcZHRNcVCSR1yhe19ewRgL5UoV5s7+UbKHX3qE4PjBe HPkIUgfor7wox0do2r77lk3TWNI6/HUNFqg8pXvoSbSdExeWfYK6ZGxvtufhBIzvlJ0b D0aDgSswfOuBnJzU8uRnol22r6ct89gTvnaFvFk7ks+D1uoQa8XTWwIcWjF6WdolDW5j OIRn0qNt6X2qaz86mxNubWoblIQ9CJ8kCcN2155JE7nJqcdMS2xFEvbXauw7cYRnQ79o 9Nhe8Afi2x6G8fJQ2UHAp4quIBCEAVF7PrhB9lJErk1Rkeb7d861Yb9zRQjSBh2jAsth QJ/Q== X-Gm-Message-State: ALoCoQl9R4aBc5nmbFCe+IHAczeuUX7pGgCxDaMR+/liIbBb1erLby8UluTA31FzqbiK+Jvn8T/u X-Received: by 10.182.16.131 with SMTP id g3mr2106948obd.46.1395755440223; Tue, 25 Mar 2014 06:50:40 -0700 (PDT) Received: from ?IPv6:2602:306:3406:4f00:84c8:5988:8587:c2b2? ([2602:306:3406:4f00:84c8:5988:8587:c2b2]) by mx.google.com with ESMTPSA id tz6sm30467912obc.10.2014.03.25.06.50.38 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 25 Mar 2014 06:50:38 -0700 (PDT) Content-Type: multipart/signed; boundary="Apple-Mail=_53FDAB25-95ED-4433-89EE-B2912F5DC82D"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\)) From: Adam Montville In-Reply-To: <007c01cf44b6$e9d327e0$bd7977a0$@com> Date: Tue, 25 Mar 2014 08:50:39 -0500 Message-Id: <7426347E-6ED2-4697-956C-5C805E3BC427@stoicsecurity.com> References: <007c01cf44b6$e9d327e0$bd7977a0$@com> To: Minpeng Qi X-Mailer: Apple Mail (2.1874) Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/hzWUX5zjonNSBYSQMVmxpwW8wEU Cc: sacm@ietf.org Subject: Re: [sacm] New Version Notification for draft-zhuang-sacm-telereq-01.txt X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Mar 2014 13:50:47 -0000 --Apple-Mail=_53FDAB25-95ED-4433-89EE-B2912F5DC82D Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Minpeng, Thank you for your updated submission, which does make your observations = a bit clearer than they were before. In particular, I'd like to discuss = the following paragraph from your draft, which I believe describes what = you're looking for: =20 "For example, a device needs to ensure the secure communications with = others, so a main requirement is defined as "using the safe channel to = transmit data". The manufacturers could use TLS and IPsec to achieve the = goals when they build up their devices. So some alternative detailed = definitions should be attached after the main requirements: When the = device uses TLS based mechanism to meet such requirement, the = certificates should be used as the credential in TLS handshake. When the = device uses IPsec instead, the pre-shared key should be used as the = credential in IKEv2." -- from draft-zhuang-sacm-telereq-01.txt. =46rom my perspective, you're talking about taking into account abstract = security controls as they would be described in a Control Framework. In = the example you provided, the framework control is "using the safe = channel to transmit data." There are many ways to meet the needs of = such a framework control, and you have provided two: 1) use a TLS-based = mechanism, and 2) use IPsec-based mechanism. Each of these mechanisms = should be addressed by SACM, but I do not believe that mapping these = mechanisms to a more abstract security control is within the scope of = our charter. During our BoF in Atlanta (IETF 85) we presented a slide deck describing = where SACM would be focused (see slide three of = http://www.ietf.org/proceedings/85/slides/slides-85-sacm-2.pdf). The = diagram we presented had a four-layer model with Operational Risk = Management at the top, followed by Information Risk Management, Control = Frameworks, and Controls respectively. The use case you've put forward = ("using the safe channel to transmit data") would be most appropriately = placed at the Control Framework level, whereas use of TLS and/or IPsec = would be placed at the Control level. =20 While SACM must ensure that the models it uses can be leveraged by the = Control Framework level (i.e. a particular Control can be positively = associated with a Control Framework requirement), I don't believe SACM = must account for such association mechanisms. Regards, Adam On Mar 20, 2014, at 10:37 PM, Minpeng Qi = wrote: > Hi all, > We have updated our telecommunication requirement draft in order to = make it more clear.=20 > The main update wording is about problem statement section. We removed = remediation and gave more detailed description for the other. > All your comments are welcome and valuable. >=20 > BRs, > Minpeng >=20 > -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6----- > =E5=8F=91=E4=BB=B6=E4=BA=BA: internet-drafts@ietf.org = [mailto:internet-drafts@ietf.org]=20 > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2014=E5=B9=B43=E6=9C=8821=E6=97=A5= 19:29 > =E6=94=B6=E4=BB=B6=E4=BA=BA: Judy Zhu; Xiaojun Zhuang; Judy Zhu; = Minpeng Qi; Xiaojun Zhuang; Minpeng Qi > =E4=B8=BB=E9=A2=98: New Version Notification for = draft-zhuang-sacm-telereq-01.txt >=20 >=20 > A new version of I-D, draft-zhuang-sacm-telereq-01.txt > has been successfully submitted by Minpeng Qi and posted to the > IETF repository. >=20 > Name: draft-zhuang-sacm-telereq > Revision: 01 > Title: Telecommunication Requirement > Document date: 2014-03-20 > Group: Individual Submission > Pages: 7 > URL: = http://www.ietf.org/internet-drafts/draft-zhuang-sacm-telereq-01.txt > Status: = https://datatracker.ietf.org/doc/draft-zhuang-sacm-telereq/ > Htmlized: = http://tools.ietf.org/html/draft-zhuang-sacm-telereq-01 > Diff: = http://www.ietf.org/rfcdiff?url2=3Ddraft-zhuang-sacm-telereq-01 >=20 > Abstract: > This memo documents describes an additional use case based on > telecommunication scenario which is also fit for common enterprise = scenario >=20 >=20 >=20 >=20 > Please note that it may take a couple of minutes from the time of = submission > until the htmlized version and diff are available at tools.ietf.org. >=20 > The IETF Secretariat >=20 >=20 >=20 >=20 > _______________________________________________ > sacm mailing list > sacm@ietf.org > https://www.ietf.org/mailman/listinfo/sacm --Apple-Mail=_53FDAB25-95ED-4433-89EE-B2912F5DC82D Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJTMYmvAAoJELhc5c4zaVWHV1kIAK4l/hjXba3ZaHTCu1JR/bCT UaTXZ8/SnvOc5IKjgcCqLJbXRPUw6dhFjQP5CkCybHCYOqt82z5YHSbQWIcWB4Ij 3WjX/N66Z/IX7dMpRF5aBj1azycBeK2wPVb6DM75gLl0CEaod4jCueSVa5zH5KDg 0l/fh2hozLULv8DoFAjGcxAvp+PhwnzFdwF+05aYzM2G0a6YfwJx0sinKtJ3Gu7a Fr5nBb2aB4LquOP5sQB8drl94q0f8hhCGs8qnnF1tvmU3wMUNT1kL0B8vDqjrZ3K N9niIHB6QwDI4jjm2ZtexO0lrXhy1KE4EkaTGulWH+er58ZRBTOtkdY/DbVyYrw= =vaUe -----END PGP SIGNATURE----- --Apple-Mail=_53FDAB25-95ED-4433-89EE-B2912F5DC82D-- From nobody Tue Mar 25 06:58:03 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F7C61A014D for ; Tue, 25 Mar 2014 06:58:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hHvwiZnv3-TR for ; Tue, 25 Mar 2014 06:57:59 -0700 (PDT) Received: from mail-oa0-f44.google.com (mail-oa0-f44.google.com [209.85.219.44]) by ietfa.amsl.com (Postfix) with ESMTP id 6E9F71A014B for ; Tue, 25 Mar 2014 06:57:59 -0700 (PDT) Received: by mail-oa0-f44.google.com with SMTP id n16so597727oag.3 for ; Tue, 25 Mar 2014 06:57:58 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:content-type:subject:message-id:date:to :mime-version; bh=jivmJOJ4DUsvTvdG8taHXiatRzcM2/twSVLjM7WKRsY=; b=YLHl1vVA2Wn/zf4cZTlSllZQj0Z7VwII4T4H9/vK7ot3eimUt2hNy8y1yRJerYMYuI HBuJPScjuYfVGQmmxENdzaawWryXCDwxlyEw9E4fyAKhYEliSX57PFF6vALi6oBL3W0e 0Lvt4nejHvBdLew5ab/uCnPgLjOl8smLFjYuFJSI+zOVkkf8N4ELd3C8fzrds4UffENF RLWKGQ8Meapl86bYiUh/IKsY3KS5haepkN5gLziT5bQF/ThzclVT6/1VLv9QhHYnVWXQ UPIlj1vjkncAplKrIHdMvzd5EWEnflAENtis6EpbWUYp/jrJ6Ggskc0R7tcjzypXbgQW dgug== X-Gm-Message-State: ALoCoQkHlOId2rhovGri6+rvkbypS/9mQPbHZcYzYA0sJh/nnLLjOEosWDF3PFLgjTJeH16p1IdV X-Received: by 10.60.37.99 with SMTP id x3mr38796973oej.2.1395755878303; Tue, 25 Mar 2014 06:57:58 -0700 (PDT) Received: from ?IPv6:2602:306:3406:4f00:84c8:5988:8587:c2b2? ([2602:306:3406:4f00:84c8:5988:8587:c2b2]) by mx.google.com with ESMTPSA id u4sm83848537oev.1.2014.03.25.06.57.56 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 25 Mar 2014 06:57:57 -0700 (PDT) From: Adam Montville Content-Type: multipart/signed; boundary="Apple-Mail=_45496620-4DDA-421D-B1F9-C4D12243D2DE"; protocol="application/pgp-signature"; micalg=pgp-sha1 Message-Id: <770E5E10-0BB8-4F13-BA83-FDF4F4B0428C@stoicsecurity.com> Date: Tue, 25 Mar 2014 08:57:57 -0500 To: sacm@ietf.org Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\)) X-Mailer: Apple Mail (2.1874) Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/9HpHa6LNBXCK1S3ZAgB2_z2mMus Subject: [sacm] Any Objections To Merging Architecture and Requirements in One I-D? X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Mar 2014 13:58:01 -0000 --Apple-Mail=_45496620-4DDA-421D-B1F9-C4D12243D2DE Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii All: During the SACM session in London we were feeling as though we wanted to = merge the Requirements and Architecture documents. =20 Are there any objections to taking this approach? Regards, Dan and Adam --Apple-Mail=_45496620-4DDA-421D-B1F9-C4D12243D2DE Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJTMYtlAAoJELhc5c4zaVWHw40IAK63Tw8AfSbYW7JcKpnuT1xw z6MM+jGJ7CEAQixJwFqH7KkqgnlG+Anx+idxKO7aG1Sr+YZLQdzw82aGlZU7u+mE VHMZs5yQO9WTQ4Sz0xzeRxdE65T6CS6p0NPg/tN/9kam1nItS7CTkK9zWQ+l3KBV EHjt5S6h+xVgMygUQY+G1Sji4TUEIPPj0sMmwoC2FiUwcBiUbmNOSkxoJv6FI3K6 dMXIXNVFwARWQNX1dqgLd2sG5UWZhToUjYawkwdYgYCarJnuTrXhCq4zamBvYRfU TkG3nRdZ8xw6J7qsINOjeUXkIwqGhGb4yz0ZXJFwZ+Az0vJ5z+YqH0mNIT7yZ9k= =eyfq -----END PGP SIGNATURE----- --Apple-Mail=_45496620-4DDA-421D-B1F9-C4D12243D2DE-- From nobody Tue Mar 25 07:14:42 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AAAF1A0152 for ; Tue, 25 Mar 2014 07:14:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nboUFdgiTzaZ for ; Tue, 25 Mar 2014 07:14:37 -0700 (PDT) Received: from mail-ob0-f176.google.com (mail-ob0-f176.google.com [209.85.214.176]) by ietfa.amsl.com (Postfix) with ESMTP id A517E1A015B for ; Tue, 25 Mar 2014 07:14:37 -0700 (PDT) Received: by mail-ob0-f176.google.com with SMTP id wp18so602626obc.7 for ; Tue, 25 Mar 2014 07:14:36 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=B0USgt4W2rJS4wA/sGt2IL/xvIwfk77sTIpc2jvltlM=; b=QZkq6nTQ7BDdoY1zwsBIVxfXqtvOaK5vdgGRp5YjpnhDBFPB6ylsMOCEC+VL+PMFe0 GS8/mZuT3ZHmuvo5zBi06YwhO8140g1BzBncXLMcgy/ZpURidQQ25Ghml8cuijG7cWV2 M+NlYce4H1wdWUs4RGS/wLz8Y47XX5in5v7euM6BzLxHQNNmhBtP0iK/b0ELzTxB5pa3 cb8GgcL5CNsMHTXBXBI391ym83kHyAMPrvkcgc/0V86+6homEgxPz//ZNz4ufr54WIe4 3B8XOc5O+vGfPASxDv+KMf3UUg5LgF7SvZDtM61OGYa/y+6St2zrtaLZeozXJLOtZ48n MWRg== X-Gm-Message-State: ALoCoQlo4vfb3nAFkHywbkr282x2tZRxFMxFBL2muQzEJ39oEIrbcW2QuGzj/7ZmLdfoPi6qqEdW X-Received: by 10.182.153.226 with SMTP id vj2mr32337422obb.26.1395756876509; Tue, 25 Mar 2014 07:14:36 -0700 (PDT) Received: from [192.168.1.69] (99-64-100-240.lightspeed.austtx.sbcglobal.net. [99.64.100.240]) by mx.google.com with ESMTPSA id pr4sm30173268oeb.8.2014.03.25.07.14.34 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 25 Mar 2014 07:14:35 -0700 (PDT) Content-Type: multipart/signed; boundary="Apple-Mail=_1DBD75F1-CF44-4C3F-B21B-76978B39B182"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\)) From: Adam Montville In-Reply-To: <01fb01cf44f8$0cffc2a0$26ff47e0$@comcast.net> Date: Tue, 25 Mar 2014 09:14:32 -0500 Message-Id: References: <20140321111021.2860.30355.idtracker@ietfa.amsl.com> <01fb01cf44f8$0cffc2a0$26ff47e0$@comcast.net> To: David Harrington X-Mailer: Apple Mail (2.1874) Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/CxOjiTBlaBqA7XtVvNuzAyIwyKk Cc: sacm@ietf.org Subject: Re: [sacm] I-D Action: draft-ietf-sacm-terminology-03.txt X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Mar 2014 14:14:40 -0000 --Apple-Mail=_1DBD75F1-CF44-4C3F-B21B-76978B39B182 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Good catch. On Mar 21, 2014, at 6:23 AM, ietfdbh wrote: > Hi, > > In the "newly defined terms" section, it states these are not explicitly > defined in the IETF. > Actually, by putting them in this draft, assuming it gets published as an > RFC, they become explicitly defined by the IETF. > > David Harrington > ietfdbh@comcast.net > +1-603-828-1401 >> -----Original Message----- >> From: I-D-Announce [mailto:i-d-announce-bounces@ietf.org] On Behalf Of >> internet-drafts@ietf.org >> Sent: Friday, March 21, 2014 7:10 AM >> To: i-d-announce@ietf.org >> Cc: sacm@ietf.org >> Subject: I-D Action: draft-ietf-sacm-terminology-03.txt >> >> >> A New Internet-Draft is available from the on-line Internet-Drafts > directories. >> This draft is a work item of the Security Automation and Continuous >> Monitoring Working Group of the IETF. >> >> Title : Terminology for Security Assessment >> Authors : David Waltermire >> Adam W. Montville >> David Harrington >> Nancy Cam-Winget >> Filename : draft-ietf-sacm-terminology-03.txt >> Pages : 10 >> Date : 2014-03-20 >> >> Abstract: >> This memo documents terminology used in the documents produced by >> SACM (Security Automation and Continuous Monitoring). >> >> >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-ietf-sacm-terminology/ >> >> There's also a htmlized version available at: >> http://tools.ietf.org/html/draft-ietf-sacm-terminology-03 >> >> A diff from the previous version is available at: >> http://www.ietf.org/rfcdiff?url2=draft-ietf-sacm-terminology-03 >> >> >> Please note that it may take a couple of minutes from the time of > submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >> >> _______________________________________________ >> I-D-Announce mailing list >> I-D-Announce@ietf.org >> https://www.ietf.org/mailman/listinfo/i-d-announce >> Internet-Draft directories: http://www.ietf.org/shadow.html >> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > _______________________________________________ > sacm mailing list > sacm@ietf.org > https://www.ietf.org/mailman/listinfo/sacm --Apple-Mail=_1DBD75F1-CF44-4C3F-B21B-76978B39B182 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJTMY9LAAoJELhc5c4zaVWH6c4H/0Xqnur7U8jlN8Vl4qfB8jmO hBUCPvIIt2KTc6xFCEz2oWQiryZomsjSSJr5ZTOksH/WAsjv5d4r9IiWQ2/4C+5i UFEQLMVs9KZ/w3z4LsggAnB3yhnLR4xdywD5FVDvtNXBTLQ4qIqwGHI/tDqd205O TW/d2CHBo1J5nlkD+Xe3S4T7tS+gcE8XK30E6NmyGgN0dreVQfY1OPl6H2ibmQ1+ 60E3Dg5jr1z7+tKlWxMyFKfxgvlaKJEoZyHWKqj2EdmkNyKa+NWKwkT21ZEIY7at HEUigubXVdFKhwL6dwt3WP5c/KY4gLiW5ClrhGMvEiIMMqWNDOwTh6hhlrKjimc= =BWbe -----END PGP SIGNATURE----- --Apple-Mail=_1DBD75F1-CF44-4C3F-B21B-76978B39B182-- From nobody Tue Mar 25 13:12:35 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48C311A0200 for ; Tue, 25 Mar 2014 13:12:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.511 X-Spam-Level: X-Spam-Status: No, score=-9.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wk4O4I60WY_l for ; Tue, 25 Mar 2014 13:12:12 -0700 (PDT) Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) by ietfa.amsl.com (Postfix) with ESMTP id 17F641A01F8 for ; Tue, 25 Mar 2014 13:12:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2859; q=dns/txt; s=iport; t=1395778331; x=1396987931; h=from:to:cc:subject:date:message-id:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=C1Nra/bzDrL7G/2nR9QIpaJ/a5W0PTuVW7tO1KGVP2g=; b=KBV4YyU2Crx7dsgtH+5w5+POsCcSEfN6g8V2pdVLXqqPLwzetAJYIHnC cWnwG2SBXUoEAfoKENYJAIgh3RTBbmOb0Z2+LJeVIViCzGspDSqDGekh8 yNuORE43IH0qmvtzP0DoUmAUFAQn43C/1srOPndDEgbP69zm9DkBvH9Om g=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoFALjhMVOtJXG+/2dsb2JhbABWA4MGO1EGuzeHNYEdFnSCJQEBAQQBAQE3NAsMBgEIEQQBAQEeCS4LFAkIAgQBDQUJh1wDEQgFyEAIhyAXjl4QAgUGC4QnBJhNgTKLOYVHgy6CKw X-IronPort-AV: E=Sophos;i="4.97,730,1389744000"; d="scan'208";a="30318197" Received: from rcdn-core2-3.cisco.com ([173.37.113.190]) by alln-iport-8.cisco.com with ESMTP; 25 Mar 2014 20:12:10 +0000 Received: from xhc-aln-x08.cisco.com (xhc-aln-x08.cisco.com [173.36.12.82]) by rcdn-core2-3.cisco.com (8.14.5/8.14.5) with ESMTP id s2PKCAHF024673 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 25 Mar 2014 20:12:10 GMT Received: from xmb-aln-x02.cisco.com ([169.254.5.176]) by xhc-aln-x08.cisco.com ([173.36.12.82]) with mapi id 14.03.0123.003; Tue, 25 Mar 2014 15:12:09 -0500 From: "Nancy Cam-Winget (ncamwing)" To: Adam Montville , David Harrington Thread-Topic: [sacm] I-D Action: draft-ietf-sacm-terminology-03.txt Thread-Index: AQHPSGaA2YJvZLYaXkajm0Hs4Aud0w== Date: Tue, 25 Mar 2014 20:12:09 +0000 Message-ID: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.3.2.130206 x-originating-ip: [10.150.24.230] Content-Type: text/plain; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/vxKIFOJUS0XTmGA_UkPA7Sr6sec Cc: "sacm@ietf.org" Subject: Re: [sacm] I-D Action: draft-ietf-sacm-terminology-03.txt X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Mar 2014 20:12:15 -0000 Yes, but I am presuming all of these terms will get merged into 1 section when they get merged into one of the other documents as stated in in the 2nd paragraph of the Introduction. Nancy. On 3/25/14 7:14 AM, "Adam Montville" wrote: >Good catch. > >On Mar 21, 2014, at 6:23 AM, ietfdbh wrote: > >> Hi, >>=20 >> In the "newly defined terms" section, it states these are not explicitly >> defined in the IETF. >> Actually, by putting them in this draft, assuming it gets published as >>an >> RFC, they become explicitly defined by the IETF. >>=20 >> David Harrington >> ietfdbh@comcast.net >> +1-603-828-1401 >>> -----Original Message----- >>> From: I-D-Announce [mailto:i-d-announce-bounces@ietf.org] On Behalf Of >>> internet-drafts@ietf.org >>> Sent: Friday, March 21, 2014 7:10 AM >>> To: i-d-announce@ietf.org >>> Cc: sacm@ietf.org >>> Subject: I-D Action: draft-ietf-sacm-terminology-03.txt >>>=20 >>>=20 >>> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >>> This draft is a work item of the Security Automation and Continuous >>> Monitoring Working Group of the IETF. >>>=20 >>> Title : Terminology for Security Assessment >>> Authors : David Waltermire >>> Adam W. Montville >>> David Harrington >>> Nancy Cam-Winget >>> Filename : draft-ietf-sacm-terminology-03.txt >>> Pages : 10 >>> Date : 2014-03-20 >>>=20 >>> Abstract: >>> This memo documents terminology used in the documents produced by >>> SACM (Security Automation and Continuous Monitoring). >>>=20 >>>=20 >>> The IETF datatracker status page for this draft is: >>> https://datatracker.ietf.org/doc/draft-ietf-sacm-terminology/ >>>=20 >>> There's also a htmlized version available at: >>> http://tools.ietf.org/html/draft-ietf-sacm-terminology-03 >>>=20 >>> A diff from the previous version is available at: >>> http://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-sacm-terminology-03 >>>=20 >>>=20 >>> Please note that it may take a couple of minutes from the time of >> submission >>> until the htmlized version and diff are available at tools.ietf.org. >>>=20 >>> Internet-Drafts are also available by anonymous FTP at: >>> ftp://ftp.ietf.org/internet-drafts/ >>>=20 >>> _______________________________________________ >>> I-D-Announce mailing list >>> I-D-Announce@ietf.org >>> https://www.ietf.org/mailman/listinfo/i-d-announce >>> Internet-Draft directories: http://www.ietf.org/shadow.html >>> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt >>=20 >> _______________________________________________ >> sacm mailing list >> sacm@ietf.org >> https://www.ietf.org/mailman/listinfo/sacm > From nobody Fri Mar 28 03:44:37 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2C141A04A7 for ; Fri, 28 Mar 2014 03:44:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 2.155 X-Spam-Level: ** X-Spam-Status: No, score=2.155 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_06_12=1.543, MIME_8BIT_HEADER=0.3, RELAY_IS_221=2.222, T_RP_MATCHES_RCVD=-0.01] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3gpTHyuqNxFm for ; Fri, 28 Mar 2014 03:44:32 -0700 (PDT) Received: from cmccmta.chinamobile.com (cmccmta.chinamobile.com [221.176.64.232]) by ietfa.amsl.com (Postfix) with SMTP id C443A1A030E for ; Fri, 28 Mar 2014 03:44:31 -0700 (PDT) Received: from spf.mail.chinamobile.com (unknown[172.16.20.11]) by rmmx-oa_allagent02-12002 (RichMail) with SMTP id 2ee25335527af31-c6f31; Fri, 28 Mar 2014 18:44:11 +0800 (CST) X-RM-TRANSID: 2ee25335527af31-c6f31 Received: from RonpuzzlePC (unknown[10.2.51.41]) by rmsmtp-oa_rmapp01-12001 (RichMail) with SMTP id 2ee153355278a49-1b970; Fri, 28 Mar 2014 18:44:11 +0800 (CST) X-RM-TRANSID: 2ee153355278a49-1b970 From: "Minpeng Qi" To: "'Adam Montville'" References: <007c01cf44b6$e9d327e0$bd7977a0$@com> <7426347E-6ED2-4697-956C-5C805E3BC427@stoicsecurity.com> In-Reply-To: <7426347E-6ED2-4697-956C-5C805E3BC427@stoicsecurity.com> Date: Fri, 28 Mar 2014 10:44:19 +0800 Message-ID: <007601cf4a2f$9e65e530$db31af90$@com> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: Ac9IMTLOlyRha0YCTjCCyGYNpfELRQB9lABg Content-Language: zh-cn Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/fIr8-6ipu5zFoTWM69YqxdOE6gA Cc: sacm@ietf.org Subject: [sacm] =?utf-8?b?562U5aSNOiAgTmV3IFZlcnNpb24gTm90aWZpY2F0aW9uIGZv?= =?utf-8?q?r_draft-zhuang-sacm-telereq-01=2Etxt?= X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Mar 2014 10:44:35 -0000 Dear Adam, Thanks for your comment and sorry to reply late. Our intention is to describe that a security policy guidance could be = divided as two parts. The first part is more general and the second is = more specific and have different options. The example is just used to = describe such intention.=20 Now Let me try to make another example under the condition that you = consider the use of TLS could be place at the control level: We can make such description "using TLS, the certificate should be used = as the credential in TLS handshake" as a general description, the = alternative detailed definition can be recognized as "if RSA is used in = certificate, the length of the key should be 1024 bits" and "if ECC is = used in certificate, the length of the key should be 160 bits". What is your opinion on this example? Is it can solve your concern or = will you still consider that the general description is a control = framework now? BRs, Minpeng -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6----- =E5=8F=91=E4=BB=B6=E4=BA=BA: Adam Montville = [mailto:adam@stoicsecurity.com]=20 =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2014=E5=B9=B43=E6=9C=8825=E6=97=A5 = 21:51 =E6=94=B6=E4=BB=B6=E4=BA=BA: Minpeng Qi =E6=8A=84=E9=80=81: sacm@ietf.org =E4=B8=BB=E9=A2=98: Re: [sacm] New Version Notification for = draft-zhuang-sacm-telereq-01.txt Minpeng, Thank you for your updated submission, which does make your observations = a bit clearer than they were before. In particular, I'd like to discuss = the following paragraph from your draft, which I believe describes what = you're looking for: =20 "For example, a device needs to ensure the secure communications with = others, so a main requirement is defined as "using the safe channel to = transmit data". The manufacturers could use TLS and IPsec to achieve the = goals when they build up their devices. So some alternative detailed = definitions should be attached after the main requirements: When the = device uses TLS based mechanism to meet such requirement, the = certificates should be used as the credential in TLS handshake. When the = device uses IPsec instead, the pre-shared key should be used as the = credential in IKEv2." -- from draft-zhuang-sacm-telereq-01.txt. >From my perspective, you're talking about taking into account abstract = security controls as they would be described in a Control Framework. In = the example you provided, the framework control is "using the safe = channel to transmit data." There are many ways to meet the needs of = such a framework control, and you have provided two: 1) use a TLS-based = mechanism, and 2) use IPsec-based mechanism. Each of these mechanisms = should be addressed by SACM, but I do not believe that mapping these = mechanisms to a more abstract security control is within the scope of = our charter. During our BoF in Atlanta (IETF 85) we presented a slide deck describing = where SACM would be focused (see slide three of = http://www.ietf.org/proceedings/85/slides/slides-85-sacm-2.pdf). The = diagram we presented had a four-layer model with Operational Risk = Management at the top, followed by Information Risk Management, Control = Frameworks, and Controls respectively. The use case you've put forward = ("using the safe channel to transmit data") would be most appropriately = placed at the Control Framework level, whereas use of TLS and/or IPsec = would be placed at the Control level. =20 While SACM must ensure that the models it uses can be leveraged by the = Control Framework level (i.e. a particular Control can be positively = associated with a Control Framework requirement), I don't believe SACM = must account for such association mechanisms. Regards, Adam On Mar 20, 2014, at 10:37 PM, Minpeng Qi = wrote: > Hi all, > We have updated our telecommunication requirement draft in order to = make it more clear.=20 > The main update wording is about problem statement section. We removed = remediation and gave more detailed description for the other. > All your comments are welcome and valuable. >=20 > BRs, > Minpeng >=20 > -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6----- > =E5=8F=91=E4=BB=B6=E4=BA=BA: internet-drafts@ietf.org = [mailto:internet-drafts@ietf.org] > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: = 2014=E5=B9=B43=E6=9C=8821=E6=97=A5 19:29 > =E6=94=B6=E4=BB=B6=E4=BA=BA: Judy Zhu; Xiaojun Zhuang; Judy Zhu; = Minpeng Qi; Xiaojun Zhuang;=20 > Minpeng Qi > =E4=B8=BB=E9=A2=98: New Version Notification for = draft-zhuang-sacm-telereq-01.txt >=20 >=20 > A new version of I-D, draft-zhuang-sacm-telereq-01.txt has been=20 > successfully submitted by Minpeng Qi and posted to the IETF=20 > repository. >=20 > Name: draft-zhuang-sacm-telereq > Revision: 01 > Title: Telecommunication Requirement > Document date: 2014-03-20 > Group: Individual Submission > Pages: 7 > URL: = http://www.ietf.org/internet-drafts/draft-zhuang-sacm-telereq-01.txt > Status: = https://datatracker.ietf.org/doc/draft-zhuang-sacm-telereq/ > Htmlized: = http://tools.ietf.org/html/draft-zhuang-sacm-telereq-01 > Diff: = http://www.ietf.org/rfcdiff?url2=3Ddraft-zhuang-sacm-telereq-01 >=20 > Abstract: > This memo documents describes an additional use case based on > telecommunication scenario which is also fit for common enterprise=20 > scenario >=20 >=20 >=20 >=20 > Please note that it may take a couple of minutes from the time of=20 > submission until the htmlized version and diff are available at = tools.ietf.org. >=20 > The IETF Secretariat >=20 >=20 >=20 >=20 > _______________________________________________ > sacm mailing list > sacm@ietf.org > https://www.ietf.org/mailman/listinfo/sacm From nobody Mon Mar 31 08:58:44 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 844F21A088C for ; Mon, 31 Mar 2014 08:58:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.909 X-Spam-Level: X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZMeFwojz6_02 for ; Mon, 31 Mar 2014 08:58:29 -0700 (PDT) Received: from p-us1-iereast-outbound.us1.avaya.com (p-us1-iereast-outbound.us1.avaya.com [135.11.29.13]) by ietfa.amsl.com (Postfix) with ESMTP id AB01E1A088A for ; Mon, 31 Mar 2014 08:58:29 -0700 (PDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AmIFAJWPOVOHCzIm/2dsb2JhbABZgkIjITtXwxeBIBZ0gicBAQMSGzsjAQwJFVYmAQQbGodXAZ8mhFasXheOToNcgRQEn0OLQIMwgis X-IronPort-AV: E=Sophos; i="4.97,766,1389762000"; d="scan'208,217"; a="55993509" Received: from unknown (HELO p-us1-erheast-smtpauth.us1.avaya.com) ([135.11.50.38]) by p-us1-iereast-outbound.us1.avaya.com with ESMTP; 31 Mar 2014 11:58:26 -0400 Received: from unknown (HELO AZ-FFEXHC02.global.avaya.com) ([135.64.58.12]) by p-us1-erheast-out.us1.avaya.com with ESMTP/TLS/AES128-SHA; 31 Mar 2014 11:44:07 -0400 Received: from AZ-FFEXMB04.global.avaya.com ([fe80::6db7:b0af:8480:c126]) by AZ-FFEXHC02.global.avaya.com ([135.64.58.12]) with mapi id 14.03.0174.001; Mon, 31 Mar 2014 17:58:24 +0200 From: "Romascanu, Dan (Dan)" To: "sacm@ietf.org" Thread-Topic: Date for the next virtual interim meeting Thread-Index: Ac9M+gtlS4FrkvLqRj2pEzL/XyVNeA== Date: Mon, 31 Mar 2014 15:58:23 +0000 Message-ID: <9904FB1B0159DA42B0B887B7FA8119CA2E46CA1D@AZ-FFEXMB04.global.avaya.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [135.64.58.46] Content-Type: multipart/alternative; boundary="_000_9904FB1B0159DA42B0B887B7FA8119CA2E46CA1DAZFFEXMB04globa_" MIME-Version: 1.0 Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/VJEP_cL0CeEKZMEWQkVPualEyEw Subject: [sacm] Date for the next virtual interim meeting X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Mar 2014 15:58:36 -0000 --_000_9904FB1B0159DA42B0B887B7FA8119CA2E46CA1DAZFFEXMB04globa_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, Doodle has spoken. The date selected by the larger number of potential part= icipants who expressed their preferences for the next virtual interim meeti= ng of the SACM WG is Wednesday April 30, 10AM to noon EDT. I will ask the s= ecretariat to book us a Webex conference bridge and send the announcement w= hen ready. Regards, Dan --_000_9904FB1B0159DA42B0B887B7FA8119CA2E46CA1DAZFFEXMB04globa_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi,

 

Doodle has spoken. The date selected by the larger n= umber of potential participants who expressed their preferences for the nex= t virtual interim meeting of the SACM WG is Wednesday April 30, 10AM to noo= n EDT. I will ask the secretariat to book us a Webex conference bridge and send the announcement when ready.=

 

Regards,

 

Dan

--_000_9904FB1B0159DA42B0B887B7FA8119CA2E46CA1DAZFFEXMB04globa_-- From nobody Mon Mar 31 10:01:30 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DD3C1A6F0B for ; Mon, 31 Mar 2014 10:01:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P1UbB8dzYhrR for ; Mon, 31 Mar 2014 10:01:28 -0700 (PDT) Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com [209.85.214.182]) by ietfa.amsl.com (Postfix) with ESMTP id E6FF01A089A for ; Mon, 31 Mar 2014 10:01:27 -0700 (PDT) Received: by mail-ob0-f182.google.com with SMTP id uz6so9449755obc.41 for ; Mon, 31 Mar 2014 10:01:24 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=Tyl56vCFdtKcqFBCdIt5xVaLYGVx18WCaxt5JnrYFV8=; b=cGSckUM4Lg8hiGNEJskfAx1wGjXvE1NFyddspBWD3btLbzzd686U4zd95T8TxomD08 SLO39Rgkz6it1AdUVigNCPsoLcKJ4rcE7VB0P0vUNvWRMNsTTXgeGwF6+EiwO6/TWPKI W9+tBpIj0w43RStyQBQ5PiOinD9LaV9CNuV91wnY6rwz1z8PrWYe5GucTkfjzEXe00Gm os1Ht0/zSbhkMKjjxtEk6rquoSHbKICYYPpEkYlKvXCyfXEGmROmpgrEx4n4v5DR4fM6 O1F11AVAyB0Kp/fn90ETPXWsJG8dtQTIFdHQP4yGleusHKZc0YIgf5NDiRf/BD4xP1C4 rqBg== X-Gm-Message-State: ALoCoQm040hvHVulUmk17OKVaAjhBZ0V6m3TBxaik8dZtKNavFFx2da9JfhTIb6RLWyNEksvLTZ4 X-Received: by 10.60.173.99 with SMTP id bj3mr3265584oec.55.1396285284595; Mon, 31 Mar 2014 10:01:24 -0700 (PDT) Received: from [192.168.1.55] (99-64-100-240.lightspeed.austtx.sbcglobal.net. [99.64.100.240]) by mx.google.com with ESMTPSA id l5sm25152577obh.15.2014.03.31.10.01.23 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 31 Mar 2014 10:01:23 -0700 (PDT) Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\)) From: Adam Montville In-Reply-To: <007601cf4a2f$9e65e530$db31af90$@com> Date: Mon, 31 Mar 2014 12:01:21 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: <8220449C-174A-4418-9EA0-ABFD8AD16FBC@stoicsecurity.com> References: <007c01cf44b6$e9d327e0$bd7977a0$@com> <7426347E-6ED2-4697-956C-5C805E3BC427@stoicsecurity.com> <007601cf4a2f$9e65e530$db31af90$@com> To: Minpeng Qi X-Mailer: Apple Mail (2.1874) Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/BigyLjhx071NFxwVw-tZLM_KHaQ Cc: sacm@ietf.org Subject: Re: [sacm] New Version Notification for draft-zhuang-sacm-telereq-01.txt X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Mar 2014 17:01:29 -0000 On Mar 27, 2014, at 9:44 PM, Minpeng Qi = wrote: > Dear Adam, >=20 > Thanks for your comment and sorry to reply late. >=20 > Our intention is to describe that a security policy guidance could be = divided as two parts. The first part is more general and the second is = more specific and have different options. The example is just used to = describe such intention.=20 >=20 > Now Let me try to make another example under the condition that you = consider the use of TLS could be place at the control level: > We can make such description "using TLS, the certificate should be = used as the credential in TLS handshake" as a general description, the = alternative detailed definition can be recognized as "if RSA is used in = certificate, the length of the key should be 1024 bits" and "if ECC is = used in certificate, the length of the key should be 160 bits". >=20 > What is your opinion on this example? Is it can solve your concern or = will you still consider that the general description is a control = framework now? >=20 Hi Minpeng,=20 No worries, thanks for driving the discussion further! =46rom my perspective this has less to do with whether things should be = =93divided" and more to do with how much expressivity we have available = to us. It seems that what we want is to do something like this: (TLS_configuration_check) AND (for all certificates (RSA/1024 OR = ECC/160) ) There are probably other ways to do this, but I still don=92t see that = there needs to be a division. The enterprise/operational standard is to = use RSA/1024 or ECC/160 on TLS authentication certificates. As long as = we can tie these all together, we=92re in good shape. The difference is = in the granularity of the expression we need to assess more than it is a = division between the general and the specific. Different organizations = will operate at different levels of maturity, so some may only have = (TLS_configuration) as an assessment, where others may have the more = complete assessment above. So, what I think you=92re looking for is specificity of expression and = extensibility inherent in the model we use. We should be able to move = from the very general TLS_configuration_check to a very specific = assessment that would include TLS_configuration_check AND specific = certificates with specific properties in specific locations and with = specific permissions, etc.=20 From nobody Mon Mar 31 10:56:32 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 500F91A6F54 for ; Mon, 31 Mar 2014 10:56:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.511 X-Spam-Level: X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hJ5VZllG-uie for ; Mon, 31 Mar 2014 10:56:27 -0700 (PDT) Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) by ietfa.amsl.com (Postfix) with ESMTP id 6B8811A6F58 for ; Mon, 31 Mar 2014 10:56:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5308; q=dns/txt; s=iport; t=1396288582; x=1397498182; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=6uHFvL5X0zYDK/9qcGMsIyhUfsMDXMPlGqagm/3+gqE=; b=id5PmS8o4G3uiuK0DcIzVkY3zcIIS3Bc1VP9cS0utyGlolzng9QmYmds IS8Q0XbKjzIz0DtH+Xx40Klrpwf6C7NNkVVn/skrMexo9VikK+4qsDJgc cuB7OUiig95aivrr+N7DtFpT/gRwvleNmxrXLNmVcuYdrSZNazgq9h5vy k=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AkcFALarOVOtJA2I/2dsb2JhbABZgwY7V7tnhzWBIBZ0giUBAQEEAQEBNxQgFwYBGQQBAQsCEgkuCgEUAwEFCQEEEwgVBIdYDZ8tsQwTBI4dEQEfPoMegRQEqwODMIFyOQ X-IronPort-AV: E=Sophos;i="4.97,766,1389744000"; d="scan'208";a="313919677" Received: from alln-core-3.cisco.com ([173.36.13.136]) by rcdn-iport-1.cisco.com with ESMTP; 31 Mar 2014 17:56:22 +0000 Received: from xhc-rcd-x13.cisco.com (xhc-rcd-x13.cisco.com [173.37.183.87]) by alln-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id s2VHuL89025532 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for ; Mon, 31 Mar 2014 17:56:21 GMT Received: from xmb-aln-x14.cisco.com ([169.254.8.231]) by xhc-rcd-x13.cisco.com ([173.37.183.87]) with mapi id 14.03.0123.003; Mon, 31 Mar 2014 12:56:21 -0500 From: "Brian Ford (brford)" To: "sacm@ietf.org" Thread-Topic: Regarding SACM Terminology (was: sacm Digest, Vol 25, Issue 17) Thread-Index: Ac9NCoNbOjHpGYUdQWejWp+ThwFv3Q== Date: Mon, 31 Mar 2014 17:56:20 +0000 Message-ID: <415940494F62004799ECBF931B49B9370AA896DB@xmb-aln-x14.cisco.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.98.35.132] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/p4dss-lF9MQqbsLyEtOnF7sM4Zc Subject: [sacm] Regarding SACM Terminology (was: sacm Digest, Vol 25, Issue 17) X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Mar 2014 17:56:30 -0000 SACM Team; I have observations and questions regarding the definitions used to describ= e posture or posture attributes in Terminology for Security Assessment (dr= aft-ietf-sacm-terminology-03) and whether these definitions fit well into t= he security automation and continuous monitoring operations. This message = is regarding some of the 'Pre-defined Terms'. Regarding 'Posture': "Posture - Defined in [RFC5209] as "configuration and/or status of hardware= or software on an endpoint as it pertains to an organization's security p= olicy." This term is used within the scope of this document to represent th= e state information that is collected from an endpoint (e.g. software/hardw= are inventory, configuration settings)." Is posture the configuration of a device or what the security policy of an = organization that use the device suggests that the device configuration sho= uld be ("as it pertains to the organization's security policy")? Reading R= FC 5209 one could come to the conclusion that an endpoint's posture is eith= er right or wrong, or acceptable or unacceptable given an organizational se= curity policy at the time of assessment. Regarding 'Posture Attribute': Posture Attributes -"Defined in [RFC5209] as "attributes describing the con= figuration or status (posture) of a feature of the endpoint. For example, = a Posture Attribute might describe the version of the operating system inst= alled on the system." Within this document this term represents a specific= assertion about endpoint state (e.g. configuration setting, installed soft= ware, hardware). The phrase "features of the endpoint" refers to installed= software or software components." Using the word 'attribute' I think that posture attributes should be variab= les that were derived by examining an endpoint. In the STIX language I thi= nk of 'observables'. On a computer running the Windows operating system an= observable might be a specific registry variable setting or the physical a= ddress of the Ethernet adapter connected to Network 3. I would suggest tha= t posture attribute capture a variable setting without interpretation. RFC 5209 defines 5 different types of attributes (assertion, posture, reque= st, result, and remediation) based on different usage scenarios. Regarding 'Misconfiguration': misconfiguration -" A misconfiguration is a configuration setting that viol= ates organizational security policies, introduces a possible security weakn= ess in a system, or permits or causes unintended behavior that may impact t= he security posture of a system. (from NIST IR 7670) The misalignment= of a unit of endpoint configuration posture relative to organizational exp= ectations that is subject to exploitation or misuse." I don't see how this 'misconfiguration' can be part of 'posture', or an att= ribute or an observable of a system. A misconfiguration is something that = is the result of some analysis performed by a program or an analyst and has= to reference a specific policy that the configuration violates. Is a misc= onfiguration a diff between what the policy should be and what it was disco= vered to be? Regarding 'remediation': "A remediation is defined as a security-related set of actions that results= in a change to a computer's state and may consist of changes motivated by = the need to enforce organizational security policies, address discovered vu= lnerabilities, or correct misconfigurations. (from NIST IR 7670)." I'm concerned that this definition of remediation is too broad. From what = is written it would seem that remediation spans 'actions' that could includ= e adding or removing hardware or software to or changing the configuration = of a 'computer'. I associate remediation with addressing vulnerabilities a= nd correcting misconfigurations. I don't view a remediation as being the w= ord I'd use to describe changes made to enforce organizational policies. D= o you have to remediate all the computers that are your network if a decisi= on is made to change software providers? Clearly that could be an automati= on issue but is it a security automation issue? I'd suggest that a remediation should be a specific action or set of action= s that changes configuration to acceptable within organization' policy. In general I think we all see the linkage between SACM and NEA. I think th= ere needs to be more review and discussion about the linkage between SACM a= nd MILE and other security operations and incident response initiatives suc= h as STIX and OpenIOC. Liberty, Brian -----Original Message----- From: sacm [mailto:sacm-bounces@ietf.org] On Behalf Of sacm-request@ietf.or= g Sent: Sunday, March 23, 2014 3:01 PM To: sacm@ietf.org Subject: sacm Digest, Vol 25, Issue 17 Send sacm mailing list submissions to sacm@ietf.org To subscribe or unsubscribe via the World Wide Web, visit https://www.ietf.org/mailman/listinfo/sacm or, via email, send a message with subject or body 'help' to sacm-request@ietf.org You can reach the person managing the list at sacm-owner@ietf.org When replying, please edit your Subject line so it is more specific than "R= e: Contents of sacm digest..." From nobody Mon Mar 31 12:37:38 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 242751A6FCA for ; Mon, 31 Mar 2014 12:37:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0g7PWnnlIbvb for ; Mon, 31 Mar 2014 12:37:31 -0700 (PDT) Received: from mail-ob0-f173.google.com (mail-ob0-f173.google.com [209.85.214.173]) by ietfa.amsl.com (Postfix) with ESMTP id D73711A6FCC for ; Mon, 31 Mar 2014 12:37:30 -0700 (PDT) Received: by mail-ob0-f173.google.com with SMTP id gq1so9742996obb.18 for ; Mon, 31 Mar 2014 12:37:27 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=p73/DlVpnt1+1jEmvsYvAn9gWD61GG4gkKbwxE1bs+s=; b=Il2aeZVgUai3r4S54xP/44LbtN+jU/ANAluYjfSMtGax2YzxnCRY+zeDVwINTJ99YV xY9j/htzX1rFF3GCoV+XjS5yWZRA3DGAdHryxGCLzfqfRy5pq0jz4lelA96MNk3Re4/V JrM/19gjejs/ZIEovC9axgJe34hXPCON+XmBvP4n5+PmTnOA5mHf3bb2ruwSRSP+UTAb WM7xEZrQJ8nHocuG/HsYqcdLWH41G/zKkKxSDe85+nnykPLUL4itatQ/jus2g/KVgCKY vT250Lwc/v1oT9FHfZgoBruVDDyqXwQNAshGkLXNPRdAGY9BqCDt7pYeL1uzHP1vJxap xMIA== X-Gm-Message-State: ALoCoQm/t9ur+2ZxBF5+GDobEp+/etpgXK6EPgD2UVmh+/2GDXxM+svSX+yXhVXkgPX+IjvYKXx0 X-Received: by 10.60.48.106 with SMTP id k10mr14851445oen.20.1396294647450; Mon, 31 Mar 2014 12:37:27 -0700 (PDT) Received: from [192.168.1.55] (99-64-100-240.lightspeed.austtx.sbcglobal.net. [99.64.100.240]) by mx.google.com with ESMTPSA id u4sm65215552oev.1.2014.03.31.12.37.25 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 31 Mar 2014 12:37:26 -0700 (PDT) Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\)) From: Adam Montville In-Reply-To: <415940494F62004799ECBF931B49B9370AA896DB@xmb-aln-x14.cisco.com> Date: Mon, 31 Mar 2014 14:37:24 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: <68CA60D5-7B94-4760-8157-CE79E4944C06@stoicsecurity.com> References: <415940494F62004799ECBF931B49B9370AA896DB@xmb-aln-x14.cisco.com> To: "Brian Ford (brford)" X-Mailer: Apple Mail (2.1874) Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/sZGxUDCZ9EHXMQv7Cx1UqI52IzY Cc: "sacm@ietf.org" Subject: Re: [sacm] Regarding SACM Terminology (was: sacm Digest, Vol 25, Issue 17) X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Mar 2014 19:37:35 -0000 Hi Brian, thanks for your questions. I=92ll provide some responses = inline. Others may also provide their perspectives, but hopefully I do = well enough. On Mar 31, 2014, at 12:56 PM, Brian Ford (brford) = wrote: > SACM Team; >=20 > I have observations and questions regarding the definitions used to = describe posture or posture attributes in Terminology for Security = Assessment (draft-ietf-sacm-terminology-03) and whether these = definitions fit well into the security automation and continuous = monitoring operations. This message is regarding some of the = 'Pre-defined Terms'. >=20 > Regarding 'Posture': >=20 > "Posture - Defined in [RFC5209] as "configuration and/or status of = hardware or software on an endpoint as it pertains to an organization's = security policy." This term is used within the scope of this document to = represent the state information that is collected from an endpoint (e.g. = software/hardware inventory, configuration settings)." >=20 > Is posture the configuration of a device or what the security policy = of an organization that use the device suggests that the device = configuration should be ("as it pertains to the organization's security = policy")? Reading RFC 5209 one could come to the conclusion that an = endpoint's posture is either right or wrong, or acceptable or = unacceptable given an organizational security policy at the time of = assessment. Posture is being used as a noun and can reference the actual state of = the subject - in this case the endpoint. Posture should not be = construed as the configuration state of an endpoint as it should be, but = rather as it is. =20 Policy is a tricky term that has many meanings and, most important, very = specific meanings in other areas of the IETF. If you dig back into = SACM=92s BoF history you=92ll find a presentation that shows a = four-layered model with a vertical column adjacent to and straddling = each layer. The four layers are, from top to bottom: Operational Risk = Management, IT Risk Management, Control Frameworks, and Controls. The = vertical column is labeled =93Policy, Process, and Procedure=94 (or = something similar). This depiction can be viewed as a contextual = guideline for SACM. Then, when we use the term =93policy=94 we are = often using it to refer to that set of organizational mandates that are = derived from the four risk management layers. This distinction is = important in the SACM context. >=20 > Regarding 'Posture Attribute': >=20 > Posture Attributes -"Defined in [RFC5209] as "attributes describing = the configuration or status (posture) of a feature of the endpoint. For = example, a Posture Attribute might describe the version of the operating = system installed on the system." Within this document this term = represents a specific assertion about endpoint state (e.g. configuration = setting, installed software, hardware). The phrase "features of the = endpoint" refers to installed software or software components." >=20 > Using the word 'attribute' I think that posture attributes should be = variables that were derived by examining an endpoint. In the STIX = language I think of 'observables'. On a computer running the Windows = operating system an observable might be a specific registry variable = setting or the physical address of the Ethernet adapter connected to = Network 3. I would suggest that posture attribute capture a variable = setting without interpretation. >=20 > RFC 5209 defines 5 different types of attributes (assertion, posture, = request, result, and remediation) based on different usage scenarios. >=20 Generically, an attribute is simply a characteristic - it=92s some thing = that is regarded as a quality or feature of another thing. In the STIX = language, an observable can be considered an attribute of the thing on = which the observable was observed. To me, these terms (observable and = attribute) can be considered synonymous. =20 > Regarding 'Misconfiguration': >=20 > misconfiguration -" A misconfiguration is a configuration setting that = violates organizational security policies, introduces a possible = security weakness in a system, or permits or causes unintended behavior = that may impact the security posture of a system. (from NIST IR = 7670) The misalignment of a unit of endpoint configuration posture = relative to organizational expectations that is subject to exploitation = or misuse." >=20 > I don't see how this 'misconfiguration' can be part of 'posture', or = an attribute or an observable of a system. A misconfiguration is = something that is the result of some analysis performed by a program or = an analyst and has to reference a specific policy that the configuration = violates. Is a misconfiguration a diff between what the policy should = be and what it was discovered to be? >=20 Generally, the endpoint attributes we look at are posture attributes and = these are =93configuration items=94 (to load another term on the pile). = A misconfiguration is simply an attribute set to an = organizationally-impermissible value (i.e. set against policy - see = comment above regarding policy in the SACM context). =20 > Regarding 'remediation': >=20 > "A remediation is defined as a security-related set of actions that = results in a change to a computer's state and may consist of changes = motivated by the need to enforce organizational security policies, = address discovered vulnerabilities, or correct misconfigurations. (from = NIST IR 7670)." >=20 > I'm concerned that this definition of remediation is too broad. =46rom = what is written it would seem that remediation spans 'actions' that = could include adding or removing hardware or software to or changing the = configuration of a 'computer'. I associate remediation with addressing = vulnerabilities and correcting misconfigurations. I don't view a = remediation as being the word I'd use to describe changes made to = enforce organizational policies. Do you have to remediate all the = computers that are your network if a decision is made to change software = providers? Clearly that could be an automation issue but is it a = security automation issue? >=20 > I'd suggest that a remediation should be a specific action or set of = actions that changes configuration to acceptable within organization' = policy. This might be a good suggestion. We could get into a semantic = discussion about whether a mitigation is a form of remediation, but for = SACM=92s immediate purposes remediation is out of scope. This will be = important later in life. For what it=92s worth, I think the term = =93remediation=94 probably has origins in the IT audit domain where we = talk about =93findings=94 and such. An auditor would probably provide a = list of findings and each finding would need to be =93remediated=94 in a = general sense, which is just another way of saying that the finding = needs to be addressed in some way. But, as I said before, remediation = is out of scope for our present charter. >=20 > In general I think we all see the linkage between SACM and NEA. I = think there needs to be more review and discussion about the linkage = between SACM and MILE and other security operations and incident = response initiatives such as STIX and OpenIOC. The links between SACM and MILE and STIX and OpenIOC and NEA and others = are very important. Each provides at least one part of a =93whole=94 = set of automated information security tools. Ideally, each should = inform the others - you raise a great point. In an ideal world, we=92d = all have a common vocabulary from which we operate, but that=92s not the = case. =20 What sort of review/discussion would you envision taking place and to = what end? >=20 > Liberty, >=20 > Brian >=20 >=20 >=20 > -----Original Message----- > From: sacm [mailto:sacm-bounces@ietf.org] On Behalf Of = sacm-request@ietf.org > Sent: Sunday, March 23, 2014 3:01 PM > To: sacm@ietf.org > Subject: sacm Digest, Vol 25, Issue 17 >=20 > Send sacm mailing list submissions to > sacm@ietf.org >=20 > To subscribe or unsubscribe via the World Wide Web, visit > https://www.ietf.org/mailman/listinfo/sacm > or, via email, send a message with subject or body 'help' to > sacm-request@ietf.org >=20 > You can reach the person managing the list at > sacm-owner@ietf.org >=20 > When replying, please edit your Subject line so it is more specific = than "Re: Contents of sacm digest..." >=20 > _______________________________________________ > sacm mailing list > sacm@ietf.org > https://www.ietf.org/mailman/listinfo/sacm From nobody Mon Mar 31 13:45:47 2014 Return-Path: X-Original-To: sacm@ietfa.amsl.com Delivered-To: sacm@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF2331A700C; Mon, 31 Mar 2014 13:45:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8ZvZCQ4kd_CL; Mon, 31 Mar 2014 13:45:39 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DA211A7000; Mon, 31 Mar 2014 13:45:39 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: IESG Secretary To: IETF Announcement List X-Test-IDTracker: no X-IETF-IDTracker: 5.2.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20140331204539.19922.43086.idtracker@ietfa.amsl.com> Date: Mon, 31 Mar 2014 13:45:39 -0700 Archived-At: http://mailarchive.ietf.org/arch/msg/sacm/FGFPOih5lCdR8aN4OL9RIfM2GF4 Cc: sacm@ietf.org Subject: [sacm] SACM WG Virtual Interim Meeting, April 30, 2014 X-BeenThere: sacm@ietf.org X-Mailman-Version: 2.1.15 Reply-To: ietf@ietf.org List-Id: SACM WG mail list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Mar 2014 20:45:42 -0000 The SACM Working Group will hold a virtual interim meeting on Wednesday, April 30, 2014, between 10AM and noon EDT. WebEx details for the meeting can be found below. Topic: SACM WG Date: Wednesday, April 30, 2014 Time: 7:00 pm, Pacific Daylight Time (San Francisco, GMT-07:00) Meeting Number: 969 866 327 Meeting Password: 1234 ------------------------------------------------------- To join the online meeting (Now from mobile devices!) ------------------------------------------------------- 1. Go to https://workgreen.webex.com/workgreen/j.php?MTID=mefb6ecfbfe7834e409a347ecf35e5734 2. If requested, enter your name and email address. 3. If a password is required, enter the meeting password: 1234 4. Click "Join". To view in other time zones or languages, please click the link: https://workgreen.webex.com/workgreen/j.php?MTID=md8793d35fedeba140fb465b22da28504 ------------------------------------------------------- To join the audio conference only ------------------------------------------------------- To receive a call back, provide your phone number when you join the meeting, or call the number below and enter the access code. Call-in toll-free number (US/Canada): 1-877-668-4490 Call-in toll number (US/Canada): 1-408-792-6300 Global call-in numbers: https://workgreen.webex.com/workgreen/globalcallin.php?serviceType=MC&ED=271434047&tollFree=1 Toll-free dialing restrictions: http://www.webex.com/pdf/tollfree_restrictions.pdf Access code:969 866 327 ------------------------------------------------------- For assistance ------------------------------------------------------- 1. Go to https://workgreen.webex.com/workgreen/mc 2. On the left navigation bar, click "Support". You can contact me at: cmorgan@amsl.com 1-510-492-4085 To add this meeting to your calendar program (for example Microsoft Outlook), click this link: https://workgreen.webex.com/workgreen/j.php?MTID=m2dbb5ee559e18161f1233ac7bd5d6d10 The playback of UCF (Universal Communications Format) rich media files requires appropriate players. To view this type of rich media files in the meeting, please check whether you have the players installed on your computer by going to https://workgreen.webex.com/workgreen/systemdiagnosis.php. Sign up for a free trial of WebEx http://www.webex.com/go/mcemfreetrial http://www.webex.com CCP:+14087926300x969866327# IMPORTANT NOTICE: This WebEx service includes a feature that allows audio and any documents and other materials exchanged or viewed during the session to be recorded. By joining this session, you automatically consent to such recordings. If you do not consent to the recording, discuss your concerns with the meeting host prior to the start of the recording or do not join the session. Please note that any such recordings may be subject to discovery in the event of litigation.