From owner-ietf-openpgp@mail.imc.org Thu Aug 03 12:24:30 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G8fzq-0001qw-Kv for openpgp-archive@lists.ietf.org; Thu, 03 Aug 2006 12:24:30 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G8fzp-0008Tw-6u for openpgp-archive@lists.ietf.org; Thu, 03 Aug 2006 12:24:30 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k73FmSet002078; Thu, 3 Aug 2006 08:48:28 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k73FmSBc002077; Thu, 3 Aug 2006 08:48:28 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp3.hushmail.com (smtp3.hushmail.com [65.39.178.135]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k73FmNBB002055 for ; Thu, 3 Aug 2006 08:48:28 -0700 (MST) (envelope-from vedaal@hush.com) Received: from smtp3.hushmail.com (localhost.hushmail.com [127.0.0.1]) by smtp3.hushmail.com (Postfix) with SMTP id 888F0A32B3 for ; Thu, 3 Aug 2006 08:48:22 -0700 (PDT) Received: from mailserver7.hushmail.com (mailserver7.hushmail.com [65.39.178.62]) by smtp3.hushmail.com (Postfix) with ESMTP for ; Thu, 3 Aug 2006 08:48:20 -0700 (PDT) Received: by mailserver7.hushmail.com (Postfix, from userid 65534) id 094FCDA81F; Thu, 3 Aug 2006 08:48:19 -0700 (PDT) Date: Thu, 03 Aug 2006 11:48:18 -0400 To: Cc: Subject: list of open-pgp objects // level of detail ? From: Content-type: text/plain; charset="UTF-8" Message-Id: <20060803154819.094FCDA81F@mailserver7.hushmail.com> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: 0.2 (/) X-Scan-Signature: c83ccb5cc10e751496398f1233ca9c3a have been working on preparing a list of the open-pgp objects am not sure how 'detailed' it should be, (i.e. a zoo has an exhibit for a horse, but not really separate exhibits for mares, stallions, foals, brown horses, black horses, spotted horses, etc.) here is a tentative list of the different open-pgp key examples: I. Open-PGP keys: first, A. General categories of Key Types: (1) RSA v3 (Claude) (included for backward compatibilty) (2) RSA v4 (Alice) (3) DH/elg (Bob) one key for each, to use for examples of the different open pgp message types, (i.e. Claude sends a v3 signed message encrypted to Bob's key, Bob sends a signed and encrypted message to Alice's key, etc.) second, B. Examples of the Different Types of Keys as Open-PGP objects: [1] RSA v4, no subkey, primary sign only [2] RSA v4, no subkey, primary sign and encrypt, (similar to v3 key usage) [3] RSA v4, RSA v4 encrypting subkey [4] RSA v4, RSA v4 signing subkey [5] RSA v4, RSA v4 signing and encrypting subkey [6] RSA v4, DH/Elg encrypting subkey [7] RSA v4, DH signing subkey [8] DH, no subkey, primary sign only [9] DH, Elg encrypting subkey [10] DH, DH signing subkey [11] DH, RSA v4 encrypting subkey [12] DH, RSA v4 signing subkey [13] DH, RSA v4 signing and encrypting subkey C. Different Ways of Generating the same Key (using RSA v4 as an example) [1] simple s2k [2] salted s2k [3] iterated and salted s2k [4] s2k with SHA-1 digest (usual case) [5] s2k with SHA-256 digest [6] s2k with SHA-512 digest [7] s2k with RIPEMD-160 digest [8] s2k with CAST-5 algo (usual case) [9] s2k with 3-DES algo [10] s2k with RIJNDAEL 256 algo [11] s2k with TWOFISH 256 algo [11] s2k with BLOWFISH algo D. Different Features available with a Key: [1] key with photo [2] key with multiple user id's (one of them primary) [3] key with comments [4] key with expiration (never) [5] key with fixed expiration date [6] key with designated revoker [7] key disallowing a particular algorithm or algorithms (currently only 3DES is a MUST) [8] key allowing all algorithms, but with particular preferences [9] keys with varying sizes of primary and subkeys (1024 - 16k) is this too detailed, or really the way it should be? ( the hard part is putting together the list, once the list is made, generating the examples is relatively easy ) the level of specific details will determine the size of the list of Open PGP objects. ( the above tentative is list is only for Keys, there are still many other categories ) the size of the final collection of all the examples, can range from about the size of the gpg.man pages to the size of the Handbook of Applied Cryptograhy ;-) so, comments / suggestions / deletions / addtions / etc. / ? Thanks, vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 From owner-ietf-openpgp@mail.imc.org Sat Aug 05 18:02:31 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G9UE3-0000pb-C0 for openpgp-archive@lists.ietf.org; Sat, 05 Aug 2006 18:02:31 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G9UDz-0004O2-VP for openpgp-archive@lists.ietf.org; Sat, 05 Aug 2006 18:02:31 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k75Ldcnq059391; Sat, 5 Aug 2006 14:39:38 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k75LdcYi059390; Sat, 5 Aug 2006 14:39:38 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kamino.does-not-exist.org (kamino.does-not-exist.org [217.160.221.198]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k75LdYx9059369 for ; Sat, 5 Aug 2006 14:39:37 -0700 (MST) (envelope-from roessler@does-not-exist.org) Received: from lavazza.does-not-exist.org (ip-83-99-58-85.dyn.luxdsl.pt.lu [83.99.58.85]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by kamino.does-not-exist.org (Postfix) with ESMTP id 4B98E193742; Sat, 5 Aug 2006 23:39:33 +0200 (CEST) Received: from roessler by lavazza.does-not-exist.org with local (Exim 4.62) (envelope-from ) id 1G9Trn-0003ig-Vj; Sat, 05 Aug 2006 23:39:31 +0200 Date: Sat, 5 Aug 2006 23:39:31 +0200 From: Thomas Roessler To: Derek Atkins Cc: saag@MIT.EDU, ietf-openpgp@imc.org, "housley@vigilsec.com.and.hartmans-ietf"@MIT.EDU Subject: Re: OpenPGP Minutes / Quick Summary Message-ID: <20060805213931.GA14257@lavazza.does-not-exist.org> Mail-Followup-To: Derek Atkins , saag@MIT.EDU, ietf-openpgp@imc.org, "housley@vigilsec.com.and.hartmans-ietf"@MIT.EDU References: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.12 (2006-07-18) X-MIME-Autoconverted: from quoted-printable to 8bit by balder-227.proper.com id k75Ldbx9059380 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by balder-227.proper.com id k75Ldcnq059391 X-Spam-Score: 0.1 (/) X-Scan-Signature: d6b246023072368de71562c0ab503126 On 2006-07-12 18:16:45 -0400, Derek Atkins wrote: > Thomas Roessler gave a history of the Multiple Signature > Draft. It's an extension to RFC1847 to allow the > "signature" portion of the message to be a "multipart/mixed" > and have a set of signatures on the signed data instead of > just a single signature. This signature set could be a > combination of OpenPGP and e.g. S/MIME signatures. As a status update, I've dug out the (quite short) draft from that old backup; before re-submitting it, I'm waiting for my co-authors from back then to give me new contact information and to ok submitting with the new IETF IPR boilerplate. Regards, --=20 Thomas Roessler =B7 Personal soap box at . From owner-ietf-openpgp@mail.imc.org Sat Aug 05 18:42:05 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G9UqL-0000by-Tm for openpgp-archive@lists.ietf.org; Sat, 05 Aug 2006 18:42:05 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G9UqK-0008H8-EZ for openpgp-archive@lists.ietf.org; Sat, 05 Aug 2006 18:42:05 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k75MKEKH073134; Sat, 5 Aug 2006 15:20:14 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k75MKE2T073127; Sat, 5 Aug 2006 15:20:14 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kamino.does-not-exist.org (kamino.does-not-exist.org [217.160.221.198]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k75MKCQv073120 for ; Sat, 5 Aug 2006 15:20:13 -0700 (MST) (envelope-from roessler@does-not-exist.org) Received: from lavazza.does-not-exist.org (ip-83-99-58-85.dyn.luxdsl.pt.lu [83.99.58.85]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by kamino.does-not-exist.org (Postfix) with ESMTP id C5FCF1936CB; Sun, 6 Aug 2006 00:20:09 +0200 (CEST) Received: from roessler by lavazza.does-not-exist.org with local (Exim 4.62) (envelope-from ) id 1G9UV6-0005eh-EW; Sun, 06 Aug 2006 00:20:08 +0200 Date: Sun, 6 Aug 2006 00:20:08 +0200 From: Thomas Roessler To: "Brian G. Peterson" Cc: OpenPGP , Jon Callas Subject: Re: OpenPGP/MIME changes Message-ID: <20060805222008.GA21728@lavazza.does-not-exist.org> Mail-Followup-To: "Brian G. Peterson" , OpenPGP , Jon Callas References: <20060714174935.5A2F1DA820@mailserver8.hushmail.com> <20060719210824.GM13108@lavazza.does-not-exist.org> <200607191802.17107.brian@braverock.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: <200607191802.17107.brian@braverock.com> User-Agent: Mutt/1.5.12 (2006-08-05) X-MIME-Autoconverted: from quoted-printable to 8bit by balder-227.proper.com id k75MKDQv073122 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by balder-227.proper.com id k75MKEKH073134 X-Spam-Score: 0.1 (/) X-Scan-Signature: 73734d43604d52d23b3eba644a169745 On 2006-07-19 18:02:16 -0500, Brian G. Peterson wrote: > On Wednesday 19 July 2006 16:08, Thomas Roessler wrote: >> So, the current OpenPGP/MIME spec is already relatively >> strict and actually takes away some of the degrees of >> freedom that the original PGP/MIME left open. Would you >> care to elaborate a bit more about what points you'd like >> to clean up? > Look back a ways in the archives to the various tabled > discussions on OpenPGP/MIME and the other variants > (inline/partitioned) for email. I remember significant > issues being discussed around offline signature=20 > verification on binary attachments, signatures on signatures > (chain of evidence), and interoperability issues on the > layout of MIME parts. So, summarizing from a round of reading through the archives: - A requirement was given that certain attachments would have to be verified individually. This can be achieved by packaging an individual attachment into a multipart/signed and having a signature for just that attachment. Of course, there's nothing that would keep the sender from wrapping the entire message into another level of multipart/signed. (Incidentally, I don't understand the use case that motivates this requirement. I'd like to hear more about it.) I'm not aware of any OpenPGP/MIME implementation that would do this on the sending end, but this is not a shortcoming of the format. Please also note that the "individual" signatures aren't necessarily the better ones in all contexts: For instance, I rather wouldn't have separate signatures on the parts that together make up a multipart/alternative or multipart/related. - I haven't seen any recent interoperability issues on the layout of MIME parts, unless this is supposed to allude to Outlook's general inability to deal with just about anything MIME. This does not strike me as something that OpenPGP/MIME should be kludging around. - Signatures on signatures are easily done, by wrapping one multipart/signed into another one. In the bad old PGP tradition of not attributing semantics to anything, this should be all that's needed. - I've skimmed through the documentation of what's now called "partitioned" mode; frankly, using well-known attachment file names to signal the relationship between the different body parts that form a multipart makes me cringe, as does having fixed file names for the signature of "the RTF attachment". This is wrong on an unhealthy number of levels. =20 Also, please note that the partitioned format seems not to sign the content-type of the signed material, thereby subjecting it to attacks based on having material that admits multiple interpretations. (Think postscript source code vs. rendered postscript -- I'd send the former as text/plain, and the latter as application/postscript.) Right now, I don't see any particular motivation for changing the existing OpenPGP/MIME RFC. I do see use cases for possibly using the existing spec in a different way in some cases. One thing that I'm wondering about for the packet-based PGP format (though it's probably too late for this) is whether signatures should include an indication of the intended media type of the signed material. One could do this by either extending the literal packet, or by specifying a content-type notation packet. Considering the interoperability impact of the two approaches, the notation packet is probably the right way to go. Regards, --=20 Thomas Roessler =B7 Personal soap box at . From mjmanasco@wifipittsburgh.com Mon Aug 07 07:20:15 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GA39b-00030A-HL for openpgp-archive@ietf.org; Mon, 07 Aug 2006 07:20:15 -0400 Received: from gen92-2-81-56-89-33.fbx.proxad.net ([81.56.89.33] helo=localhost) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1GA39Z-00059d-2T for openpgp-archive@ietf.org; Mon, 07 Aug 2006 07:20:15 -0400 Message-ID: <000001c6ba13$ea055200$0100007f@localhost> From: "Esteban Perry" To: Subject: What IS 0EM Software And Why D0 You Care? Date: Mon, 07 Aug 2006 13:20:12 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C6BA13.EA055200" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Spam-Score: 4.3 (++++) X-Scan-Signature: c1c65599517f9ac32519d043c37c5336 ------=_NextPart_000_0001_01C6BA13.EA055200 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable More than 200 software titles from world leading manufacturers =20 a.. MS Windows XP Professional with SP2 - $49.95=20 b.. Adobe Photoshop CS2 V 9.0 - $69.95=20 c.. Microsoft Office XP Professional - $49.95=20 d.. Adobe Acrobat 5.0 - $39.95 Visit our Website ------=_NextPart_000_0001_01C6BA13.EA055200 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
 More than 200=20 software titles from world leading=20 manufacturers  
  • MS Windows XP Professional with SP2 - = $49.95
  • Adobe Photoshop CS2 V 9.0 - $69.95
  • Microsoft Office XP Professional - = $49.95
  • Adobe Acrobat 5.0 - $39.95
 
------=_NextPart_000_0001_01C6BA13.EA055200-- From fiftycaliber2003@briardevelopment.com Tue Aug 15 05:23:59 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GCv9T-0001Za-Br for openpgp-archive@ietf.org; Tue, 15 Aug 2006 05:23:59 -0400 Received: from anancy-153-1-9-217.w83-196.abo.wanadoo.fr ([83.196.24.217] helo=localhost) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1GCv9J-0006kD-7m for openpgp-archive@ietf.org; Tue, 15 Aug 2006 05:23:59 -0400 Message-ID: <000001c6c04c$3ff97b80$0100007f@localhost> From: "Cody Martin" To: Subject: Re: Hi Date: Tue, 15 Aug 2006 11:23:41 +0200 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0001_01C6C04C.3FF97B80" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506 X-Spam-Score: 3.8 (+++) X-Scan-Signature: 73948e4d005645343fd08e813e5615ef This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C6C04C.3FF97B80 Content-Type: multipart/alternative; boundary="----=_NextPart_001_000E_01C6C04C.3FF97B80" ------=_NextPart_001_000E_01C6C04C.3FF97B80 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Langdon looked again at the fax an ancient myth confirmed in black and white. The implications were frightening. He gazed absently through the bay window. The first hint of dawn was sifting through the birch trees in his backyard, but the view looked somehow different this morning. As an odd combination of fear and exhilaration settled over him, Langdon knew he had no choice The man led Langdon the length of the hangar. They rounded the corner onto the runway. ------=_NextPart_001_000E_01C6C04C.3FF97B80 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable ------=_NextPart_001_000E_01C6C04C.3FF97B80-- ------=_NextPart_000_0001_01C6C04C.3FF97B80 Content-Type: image/jpeg; name="image001.jpg" Content-Transfer-Encoding: base64 Content-ID: /9j/4AAQSkZJRgABAgAAZABkAAD/7AARRHVja3kAAQAEAAAAHgAA/+4ADkFkb2JlAGTAAAAAAf/b AIQAEAsLCwwLEAwMEBcPDQ8XGxQQEBQbHxcXFxcXHx4XGhoaGhceHiMlJyUjHi8vMzMvL0BAQEBA QEBAQEBAQEBAQAERDw8RExEVEhIVFBEUERQaFBYWFBomGhocGhomMCMeHh4eIzArLicnJy4rNTUw MDU1QEA/QEBAQEBAQEBAQEBA/8AAEQgA9gG7AwEiAAIRAQMRAf/EALkAAAIDAQEBAAAAAAAAAAAA AAADAQQFAgYHAQEBAQEBAQAAAAAAAAAAAAAAAQIDBAUQAAIBAwEEBQgECwUFBQkAAAECABEDBBIh MRMFUZGS0lNBYbEichQ0BnGBMlKhwdFCYrIjM9PUFYJzkyQ24aLCRDXw8UNjJeKDs8NUdKQWRhEA AgIABAQDBgUDAwUBAAAAAAERAiExEgNBUWFxgZEi8MHxMhMEodFCUmJyghSxI0PhM1NEBRX/2gAM AwEAAhEDEQA/APaO5UhVGp23Ddu8p80jhXTta8wPQoUD/eDQXbkv5kWn1lq+iOlyIJ4L+O/Unchw X8d+pO5HQjU+nkhAngv479SdyHBfx36k7kdIjU+nkhArgv479SdyHBfx36k7kbCNT6eSECuC/jv1 J3IcF/HfqTuRsI1Pp5IQK4L+O/UnchwX8d+pO5GwjU+nkhArgv479SdyHBfx36k7kbCNT6eSECuC /jv1J3IcF/HfqTuRsI1Pp5IQK4L+O/UnchwX8d+pO5GwjU+nkhArgv479SdyHBfx36k7kbCNT6eS ECuDc8d+pO5Dg3PHfqTuRsI1Pp5IQK4Nzx36k7kODc8d+pO5GyI1Pp5IQL4Nzx36k7kjhXPHfqTu RsI1Pp5IQK0Xl2rcL+ZwKH61AnaOHB2UINGHQZ1FL8RcHkKofrq4/FGafQE6nuEi2Qqg0LnbtG8K IcF/HfqTuScX4e0elQT9JFTGytw4UYATwX8d+pO5Dgv479SdyOhJqfTyQgTwX8d+pO5Dgv479Sdy OkRqfTyQgVwX8d+pO5Dgv479SdyNhGp9PJCBXBfx36k7kOC/jv1J3I2Ean08kIFcF/HfqTuQ4L+O /UncjYRqfTyQgVwX8d+pO5Dgv479SdyNhGp9PJCBXBfx36k7kOC/jv1J3I2Ean08kIFcF/HfqTuQ 4L+O/UncjYRqfTyQgVwX8d+pO5Dgv479SdyNhGp9PJCBXBueO/Unchwbnjv1J3I2Ean08kIFcG54 79SdyHBueO/UncjZEan08kIF8G5479SdyRwrnjv1J3I2Ean08kIFFrlra512/K1KFfOabKRshgCC DuOwyhxX6f8AlNf9rpjhI6FxPibnsJ6bkbFJ8Tc9hPS8bDz8EEZHP+YZmAtl8YqEcsr6hXaKEfjl jPz2scqObaprZUZK7RVyPyxPzJY4vK3Yb7TK469J/A0yc7K1/LmGlfWZ9J+i3qH5J3pRWrt4fr02 68TnazTtj+mUXxzTOHIjnsV4xf1PV2adQTd1zQ5Rk3cvl9rIvUNx9WqgoNjMv4pn8zs+7/La2fKi 26/TUE/hjeU3vd/l1b/hpdYfSHeklq1dG6pY7sLsE2rQ3+iTOyvmLPTKvcLT7vbuaB6u0ip8vn0z 0ly/bt2GyCa20UuSOgCs8faxS3IsjJO8X0NfMo0//Mm0L5vfLBeu0WSh/snR+Kb3duvp0qIvoZKW eM8a6kVLPMPmDmRe9habdlDTTRd+/TVwamXuR82vZxuWMkAX7W2oFKitDUdIMr8jy7eFyS5k3QSi XTULQn1tC+UjpjuUZfKcnNuHDsPayGRmd23EFlr+e3lMm4lF0qYVcK1Vy5irc1erG2afuKh5rzm/ zG/iYmhjadwoIA9VG07yYyzzrmWLnJicytqBcIGpdhAY0DVBIIlCzl3MPnmXdt2WyG13V0LUGhff sVp0Mgc053ZfLAxghVVtNUk6TqC7hvJ8s6Oi40rp0TK+aTKs/wBz1aojgei5plNh4N7IX7agBK/e Y6R6Zmcl5zmZWacfLK0a3qSgpt2MP92HzXf04tmwN9xyx+hB+VpUyLf9O5zgtuHDtKx+rhN+Cc9u lXt4r1X1OvgatZ68HhWJ8T1JIG0wrM7O4QzLJy9uLpYCv2OJX876o6xaGIl57bBsYjiWkBqFoPWo egzxK/qajCueOOUzHI6asWuRaqK08vRK+bfuWbacKge7cW2pIqBqNK0laxgWr+Gt64K5N1eJxq+s GYVWh8lIq+Ey8TBv3Rqd7ltGO0VBNGmbbltLwhuupY8COzjwkvm+6ZFnHajF0Ys+7atNw88sTNv4 mOeY46lPVNttlT+ZpC+WaM3R2bsnwtCxngaU4zzJkQhNlCEIQAhIhWAEWnxNz2E9LzuLT4i57Cel 5Vk+3vJyOsX4az7C+gRsVi/DWfYX0CNi2b7hZIxObc2zEzU5dy8DjNTUxAJq20AV2btsVi815ni8 xTB5lR+KQAwABBbYpGmg3xSEn5u29J/BZM3r2FiX7q37tpXupTS53ihqPwzvZ0oq1dU9W3M8ZZzW qzbTytEcIMzmHNMvH5xj4dsrwbpthgRU+u2k7Ze5tmNhYFy+lOIKBK7dpNJjc3/1Hh+1Z/Xjvmu8 eFj4y7TcYuR7I0j9aFRN7SjNSxqaV3OTwOuSc4y8vLbHyyu23rSgp0H0Gd8/5pl4D2RjlQLgYtqF d1JSuoOXfMGL5FZLaeahXg/inXzd+8xvZf0rNKlXu0aS03rMcDOqypbHGrPSzF5hzTLx+cY+HbK8 G6bYYEVPrtpO2bU81zf/AFHh+1Z/XnLZSdnKn0s6bjaSjmi3znm2XZyreBggca5SrEA7WNFArs65 XTmfN+X5lqzzPTct3iBqAUUBNKgoBu88fz3lWReupn4R/b2gKqNjHSahl84iMHm+Lm3Ux+a2V94U 6UuMuzVXcQfsmdaqr201Wt1Hr/cmYbepy3XH0/tPREgCp2CEzs3gjOt++D/LG2Qmr7HErt1f2emN tW/c7F90YNYANyyu06QFqRXorPCtz1NRhXPHHvB01YvoW6itPL0Svm37tpLa2iA964tsMRULqrtp 9UrJgWrmELrVOU6cTjV9cORqFD5ovIW3lWMC/cWr3LltXNSNhDVHXM23LaXhDaTWPAjs4ygvLfcZ a4rUb9lxC+6pDBd0sTNOJj/1VRo2CzrG0/aVgoO/omlN7bs9U8LQjVZxnmEISJspMiEIAQhCAEJE isAmszf5KaNZnfyU1wfdE4l9PibnsJ6XjYpPibnsJ6XjZHn4IIVl2feMW9Y8RGUfSRsni8SuS2Hh NuF9iR+i+iv6pnuYlMLDS4LqY9tbgNQ4RQ1T5wJ02t3Qmomcu5m9NTT8yj8x/wDSbv0p+sJl3b/C +VLCA7bzFPqFx2Ponpblq1eQpdRbiHerAMNnmM4bDw2traaxbNtKlEKLpWu+gpsim4q1rVqdN9Yt Rttp510nnbHy7au8sGUbji+1s3FQU01oSvknXJS2TybNw12uoJQe0uwdaz0qqqqEUAKBQKBQADyU i7OLjWCTYspaLbyiha9Qmnvtpp4+pWr0gi20mo5QzzvIub4WHh3MfLJVg5ZRpLaqgbNnl2eWR8uM X5vkXCuniW3cL0BnRh6ZvXOW4F25xbmPbZ95YqNp8/TGpj46XDdS0i3GFC4UBiOgnf5Itu0avFXO 4scSKlvTLUVPPco/1Hme1e/Xhz6i88xH3Clsk/RcaehTGxrdw3ksot1q6riqAxrtNSBWF3Fxb5DX rKXWGwF1DED6xH1lrVofyaS/TemJ/VJ5znQ9+55ZwwSFUKjU8mr12PZMRzrk1vltq1esu7Bm0sWp sNKilAOieq91xuNx+CnG38TSNe6n2qVk3bNm+ui9bW4ta6XAYV6aGK77roS+WqhrmR7U6pzbwK1j NtZC2LdxQfeLIuAmmlid6U6YqxaVb2ZiY5/Y6BRa1CO4IIEuNi4r2hZa0nDX7KaQAv0U3Tq1ZtWV 0WkCL0KKTyWo7XnCE3HOH+k3DwkrYmTaTlqXWYAWrYVwd4ZBSn07JX4bWsDARthF60SPpNfxy82H itd4zWUNytdRA39MayI9NahtJDCorQjcRJ9OzUNrCulfn+A0vjygqXyBzLGJNPUub/7MuTi7Ys3g BdRX0mo1CtDO5uqadv5OfwKln1CEisKzRQhWRWRWATWRWEisoJnFv4i57Cel5NZza+IuewnpeVZP t7ycjvF+Gs+wvoEbFYvw1n2F9AjZLZvuFkjzGc45f8yLl3QRZajV37GThsfqM6vcxuZ/O8dMC9c9 3GgOFLIrBSWcldnk2bZ6C/jY+Qui/bW4o3BgDT6Jzj4WJi193tLbJ3lRtP1zt9WsJurdq00LkY0O XD9Ltq6mDzf/AFHh+1Z/Xi+bJ/UOf28OpCqFtkjyChuNTrnpHxsZ7gvPaRrq003CoLCm0UJFdkBi 4y3eOLKC8dvECjXt2fapWFvJRhjWjqu/MPbbnHO0nlec8oTlgs3bDs2piCWpsIoVpQR3zNdF5MG8 N1y2XH9rSZ6W7Ys31C3ra3VBqA6hhXp2zh8PDdVV7FtlQURWRSFHQKjZLXfxo7Jt0nHuR7XzJYK0 fgUx8xcqJAF01Oweo35Jmc3/ANR4ftWf15ujl3LwajFs1H/lr+SMfGxrlwXnso11aabjKCwptFCR WYrelXNVb5WsXzNOtmobWaeBhc4ysrC5vYutcuDEbSSisQp0n1xprSU+d5GJzHLsf0/9peb1XYKV 1EkaRtA3T1V6xZvpw7yLcQ/msKiLx8DCxm1WLCW2+8Bt65qm9Wqq9L1VUYZPuS223KnBuepDXrRv jCvKCWTUC1KPtoRTplWzaH+ew7BrZCUQVqFd1OpRL97HsX1C3kVwN2oVpJtWrVlNFpAi9Cik8jo3 aXEKceMNZGobZVtZVpeWLeLABbYBH6QFNP01iGttaxOXI2xhdt1HQSrGXTh4hu8Y2U4la6qCten6 Y1kR6alDaTqWorQjyiT6dmsWsK6VH+o0vj2KjEDmy1NK45Ar7YlycXLFm6Va4isyGqkipB807m6p p26uSpRIQhCaKEJFYVgBCsisiUE1kQkVgEzP/kperKP8lLw8UTiX0+JuewnpeNil+JuewnpeNkef ggghCEhSDQAsSABvJIA/DOeLa8RO0v5ZR587Jy1ipodaivXPLca74jdc9Gz9v9SurVGMHHc3tFoi T2/FteInaX8sniWvETtD8s8JdvXeE3rtu6Y67eu8RvXbrnT/AA/5fgY/yf4ntOLa8RO0v5Z19G0e QjbPDca799uuer5KzNyywWNTRtp9ppz3vt/p1TmZcG9ve1tqIwkvyIQnnOwQhEZeSMaybhFTWijz mVJtpLiG4HVAkzFe7l5HCuMQAz0tUoPWljFzb4v+75G0k6a7iD9U6PZaUynGaMK6k0oSKytm5fu1 saRV3+zXcKeWc61dmks2abhSWYVmR7xzApx6to+9QU6pcwstshWD/bTbUeUTdtq1VMpxnBFdNwWq wkSlmZzW34Nn7Q+02/b0CStXZwitpKWXdsisz2ucxs6Wap1eSgb0S37yBj8e4pUjYVOzbK9tqIat OGBFZPp3G0Mg1EoJfzslibRoB5BQAdcbi5OQz8O+pKnZqpShle00njXDNTiRWT5lmRZ/f3PYT0vJ Ow0kWf39z2E9LzHB9vea4o7xfhrPsL6BGxWL8NZ9hfQI2S2b7hZIIQhIUTdysey2m44VqVoZx/UM PxR+H8k878wsf6iwqaBV9EzK+ed67SaTl4n0dr7Cl9ut3ay1Vk9r/UMOuniitK027of1DD8Ufhni kP7U7f8Aw29Kwr55formzf8A+dT99j26ZmLcYIlwFjuEfPE8vb/P423/AMVP1hPazluUVWkjyfdf brZtVJu2pTiTIhCYPMEITPzc+5bujHsga9lSdu07gJqtXZwiNpKWaFR1QmKHzbT3rgPrIRxSKHfu mjhZRyLRLCjqaNT0zV9p1UyrLoRWnDIsyITNys+8bxs4+yh01AqSZmlHZwiuyWZpSKzKOXnY7gXa 9OlqbfrE0kcXLa3F3OK0lvtusPBp8URWTO4bZxdLiy5t/bAOmgqazO945n91+x/7Mtdt2ydV3DtH M09siZa52ZrCFjqrQrpFfRLWdmvZbhWtjUqW3yvasmlg5JrUTyLVD0SJnvd5hZUXXJCnpofwS3j3 /eLPEIoymjdElttpTKaywKrJuMhkpfyUuSn/ACUnDxRS+vxNz2E9LxsUvxNz2E9Lxsy8/BBBCEiQ pl/Mhpytj/5if8U8jxJ6v5pbTygncOKnoaeL4q9I659D7Vxtf3M8f3Cm/gPuP+zb6I27c/aN9MpX Lq6G9YbumdvdXWfWHXPRqUnKGP4k9lyI15TjnzN+u08LxV+8Oue4+XzXk+MekMetmnm+8c0r/Udv t1Fn/SaUJFZFZ4D1k1iM3G96sG2DRgdSnyVEdWVeYYz5WMUtGlxTqXbSvmmqYWWOnHMjyfEyntZm KyBwVo1UptGrzS7h80Z7i2b4FWNAw2bfOJncfLscG1etN+yua0DAgk1+zWWMbHysrM94u2zaTUHa oK7vIKz13SdXr05OLI5JucJ7G1IYKaatJPk1Q1VJMz+b4d7ICX7A1Og0sg3037J5aJOyTemeJ1bh ZSdcyOUFItj/AC2kaiKf9855S9tluIBS6RUnpHmmd75zI2PdOG1KaaaDqp0TQ5VhX7KvevDS7LpV PLTftney07TrZ1zw08e5zTmyanxNJQQdsw7lxhluRtcXDQecNO+Xe/8AvlvjLeFv1tRcNp+yd9Z1 zLCyFvnJxlLqx1ELtKsPNG2lS7q2nqrnw7CzdlKWTO778wx9Ny45oxpsNRXopOsnKORhI52EPpen TQyneyuYZmm01o+qa0VSNu6prNC3gEYRx3IF5zr+g9Er01VXbSrav08gpcpTEcRGIMu5bZbB0oDU ndU/TGYubeW8LV46gTpNd4O6V7V3PwiycI0PSCRXpBE7w8a/dvi9dUqoOtmYUqd8tlWLO2jTGDWZ FOETPE0mFGIkWP39z2E9LwLamJ8h3Qsfv7nsp6Xnm4PsdeKGYvw1n2F9AjYrF+Gs+wvoEbM2zfcL JBCRCQp5D5kenNHH6C+iZXEl75rZrfNmLBgGRSpoaHZTYZjcZfP1Geit0qpTwPv/AGzX0dvFfJUt rc/aN/dt6VhxJUW8NZ3/AGCNx6RDjDz9RlV1zR1UY4o1OWvXmOKP/OT9YT3c+ecnY3Oa4iopYi6h IAOwKak9Qn0Kctxy1B8r/wClH1KR+z3kwkVkVnM8BMzOY8vvXbvHsesSBqWtDUbKiaVZkc0xMpcj 3rHDOpoSF2lWHmnXZwvg1XDjk+hm+WUiLWVlY1xzt1VAuBhXaN1ZrYmYuXbJppdPtL9Mxly8m4cl Fslnv01gAnTSvkmjyzGu49p3vDS9ygC+UAdPXOu8q6W2krYRHExRucMjQFfJOaJUlQuryUpWsAaG YeRi5mDk8WypZASUdRq2HyGcduis2tWl8OpuzjhJ1ltlcVfewQabN27zU2TXsFLli21rYmmgHRTZ MN25jzC6tbR2bB6pVR9Zl/Ns5FjBs2sfWzqfWNsHygk7vPO24k1Srda2nJZIxVxLxaNA6htlfNyW x8etf2lzYvm6TOOW8f3V+OHD69muoNKL96VObrk3MlRbtO6IoAKqSKnad050ovqaW1CNNvTK4j+W WaIchtrMdNuv4TF80e0bwArxVADnydIl2wptY9hCKEKCwPTvMo8yw75vHIsqXR6VA2kGlN01Sye6 23GcEaikIjI9+4C8evD2dH1VpLeC1tsUrbqGU1cHplG5lZ2SgsNbJ6aKamnTLuHYbGstxNly7T1e gD/vl3MNuHpT1YKpK/NhMRxHyp/JS1Kv8lOPDxNl9fibnsJ6XjIpfibnsJ6XjZl5+CKghCEhRGao fGa2wDI5AZSKgjf5Zle4YfgW+wv5Jr5Arbp5xKmidKPAxZYlI4GHQ/sLfYX8kk4GJX9xb7C/klwp sgU2zcvmZjoUvcMTwLfYX8k1sbZYQbgooANmwbBKuiWrOy0o/wC2+Yu5RquYysKyKyKzBomsKyKy KwDm7atXTba6CzWm1oQfKJ0SWO07OiEiX3AmFT5DSRUbvLIrtp5YB1rfp/BI21rU16ZFZVy+YWMW gerOfzBvp0zNrVqtVmqrqRuMWy3rf70gEjcaStk5qWAgKs73fsIu8xY5pj8BrxDDS2koR62qR7u2 m07JNKWTUuZdL3OmRTyk7emVsbNTIdrZRrd1NpRuiWCQN81W1bKauUVOTriXBuPXOSWb7RqOiRUV p5YVG7yyiSZ1j/v7nsp6XnFZ1jfvrnsp6Xl4Pt7xxQ3F+Gs+wvoEZFYvw1n2F9AjZm2b7lWSCEIS FKeStbpPmEVoHRLV1avWcaJo6q2CEaNu7yQ0eaO0bfqhoguoVbWlxT5xL1ZWVaMD54+sjOd3LJrC RWRWDBNYVINRIrIgHKWrVp7ly0CLl4gufo/7515yamFZFZe4JhVhuMisisAks53t1QBKigNJFQd2 2cs6qpcmiqCSfMIwB2Sx+0aw1v5Gmfb5tad0BtuqXDpS4RsJhc5rZR2UI7Ih0vcA2Azl9faidSgz rrzL1SdpNTAEj7JpIDBgGBqCKgyNQ6d2+dSnZuXPvfgnPlqdp6TIJA2ndCsoJlb+Slisr/yUcPEF 5fibnsJ6XjYofEv50T8BeMrMvPwRUEKyKyKwUh9q0itMaZGyVMjQspArGbJEskgXpna7FAhshI2C awrIrIrBSawrIrIrAJrCsisisAoWbaW8TFuooFzVbqw3kOdJBP1ybYdyLoQB+Ma3SRXSHKaen7Oy k7xcYixZ4jN6gDcM0oG6qxvu6666jo1a+Hs06undXzzz1221VxHpWGGfM5pYI5w0QcW4B67XLgLe Wms7JW52B7sjUGrWBXy0o0vW7a2wQtSCzMa9LHUYvKxreVbFu4SADq9Wla0I8oPTN3229l0SUuv4 la9MFPM+Ow/q9Mz7n7q7/fD0NNrIxLd8JUsr2/sOpoRF/wBNxuAbJ1EMdRcn1qzhu/bblrWiIctY 9IgxajbYrH/6vkex3JYa1buZj8RQwFpaA7RtZ4Y+Hbx2ZwzPcfYXc1NI3hgXTd26ioWnkoCT+Odt vaarFksdy12s8zaWGPOSpZRFtYdxQA7EBm8pBRq1MjhobFm8R+1a6jFvKavLS2EVLSAmlkgr9QK7 euVzaZmVAHULcD6TTQKNqrqp5eiZe26pKJlRHWFiSILs7xv31z2U9LxcZi/vbh/RT0vPVwfb3m+K GY3w1n2F9AjYnG+GteZFHUIysxbN9yrJE1kVhWRBSGFTIpJrIrAkikik6rIrKJIptnVZEisEkmEi sisAmsKyKyKwCawrIrIrKQRmKrnHVhVTdFR0+q8Re/Zm9atr6jGz6g2D120sB0VpH5Vtrhshailw Esu8UVtvXJ93Uq4dizXCCzmgNV+zSmzZOFqO1rQvH+2IMtS37cCtdtsLd1Sgt22a1RFO46wCfV3S 4UtLaNsgLaoQQNgp5Yv3ZSrB2ZmcqWbYD6hqBsFIy4guW2tnYHBU037RSarRqXGdYU924CRl49r3 y+rIvDw7B9Rek1r+GVz8Llf3q+lppW+XJaoEvXlUGukPQdQEh+WWHdm1OqudTWwfVJnmf2+46r0r V6tWP7lGHRGNDjLE6u/9MP8Ac/8ADA49gZaLoXTw2JFNhIK0J6d8fctLctNZOxGGnZ0QNtTdF3bq ClaeShIP4p6Xty1KThUXk8Tce4q2QH4FthW2DeOk7vUbSvUDG4iqguqooBcag+oSLloW1TRr9Vmb WtCy6qk7KbRtnWLbZEbVWruW9b7W3ppM0q1ZJrFLP+1IiWI+I/ko6K0t0f8AJ0+uejh4my9cRiQ6 fbWoodxB8k5N6mxkcHo0lvwqCIx3CAbCSdiqN5M505J26kTzaS34dSzKyxL2OOOv3X/w37sjjL91 /wDDfuxmjJ8ROwf4kNGT4idg/wASX0+3wGIvjL91/wDDfuyOMv3X/wAN+7G6MnxE7B/iQ0ZPiJ2D /Ej0+3wGIrij7r/4b92RxR91/wDDfux2jJ8ROwf4kNGT4idg/wASPT7fAmInij7r/wCG/dkcUfdf sP3Y/Rk+InYP8SGjJ8ROwf4ken2+AxEcQfdfsP3ZHE/RfsP3ZY0ZPiJ2D/EhoyfETsH+JE19vgMS vxP0X7D92HE/RfsP3ZY0ZPiJ2D34aMnxE7B78TX2+AhlbifoP2H7sNf6D9h+7LOjJ8ROwe/DRk+I nYPfia+3wEMra/0H7D92Rr/QfsP3Za0ZPiJ2D34aMnxE7B78TX2+AhlXWfuP2H7sNZ+4/Yfuy1oy fETsHvw05PiJ2D35Zr7fAQyrrP3H7D92Go/cfsP3Za05PiJ2D34acnxE7B78Svb4CGVdR+4/Yfuy NR+4/Yfuy3pyfETsHvw05PiJ2D34le3wEMqaj9x+w35Iaj9x+w3dlvTk+InYPfkacnxE7B78TX2+ AhldQ7Gio1fOCo/3hLVq3w1NdrMasZz/AJhdp03B0AFT9VS07Rw66h/tB6JmzwwyKhdGtE6V1WyS aDetfN5RI46/df8Aw37s7LuzFbQBI+0x+yPymGjJ8ROwe/GHEdjjjr91/wDDfuyOMv3X/wAN+7Ga MnxE7B/iQ0ZPiJ2D/El9Pt8BiK4y/df/AA37sOKPuv8A4b92N0ZPiJ2D/EhoyfETsH+JHp9vgMRP FH3X/wAN+7Dij7r/AOG/djtGT4idg/xIaMnxE7B/iR6fb4ExE8UfdfsP3ZHEH3X7D92P0ZPiJ2D/ ABIaMnxE7B/iR6fb4DERxP0X7D92RxP0X7D92WNGT4idg/xIaMnxE7B78TX2+AxK/E/RfsP3YcT9 F+w/dljRk+InYPfhoyfETsHvxNfb4CGVtf6D9h+7DX+g/YfuyzoyfETsHvw0ZPiJ2D34mvt8BDK2 v9B+w/dka/0H7D92WtGT4idg9+GjJ8ROwe/E19vgIZV1n7j9h+7DUfuP2G7staMnxE7B78NOT4id g9+Wa+3wEMq6j9x+w/dhqP3H7D92WtOT4idg9+GnJ8ROwe/Er2+AhlXUfuP2H7sjUfuP2H7st6cn xE7B78NOT4idg9+JXt8BDKmo/cfsN+SGo/cfsP3Zb05PiJ2D35GnJ8ROwe/E19vgIYlLT3NhBVDv J2H6hLWlegbqfVOA7oaXQKHYHXdXzg7oyZnFcixgLXbktX8xFp/aLV/VjolPibnsJ6bkbI/cgiYT P5xzF+XYy30QOWcJRjTeGPk+iWcO+cnFtX2AU3UDEDcKiXS9KtwbgSpjiPhMrnXN7nLODw7a3OLq rqJFNOno+mV05vzpiP8A046TTbRtxmltWdVbCHzcEd6pxjK6G5CZL84u2+cDlz214bEAXKmvrLUf h2TvnXN25aLOhBca7q2EkUC06Ppk+naaqMbqUNdYb/bgzThMfmvOb/L1x/2Ss95NTgkjSRTYOuM5 jzHmOLfZMfEN6yqhuJtp590Las4y9UxjyGtY9DUhPO2PmHmWSGOPhC6F+1p1GlZY5lzvJwsizYSw He7bV6EmupiV0/gmvo3nThPcn1KxPDsbUJgP8xZ2MynNwTbttsB2qfq1DbNy1dS9aS9bNUuKGU+Y iszbbtWG1g+KxLWyeXA7hPPWvme4+Uls2VFh7mgXKmumtK9RnoYvt2pGpRIrZWy4BCEJg0EIQgBC EiATIhCAEIQgBFJsv3FG4hG+s6l/4YyLT4m57Cel5Vk+xOR1jfD2z5WUMfpb1j6Y2KxfhrPsL6BG RbN9wskTCZGHzm7e5pc5fdtqmguFYE1JQ+fpEOZ85u4ebZxLNtbjXQpqSdhZio3TX0r6tMYtavAm usT1g15Eys3nF3G5pZwVtqy3SgLkmo1tplzmOZ7lh3MmgYpTSp8pJAk0W9OHz5F1LH+OZZhMjlHO 7nMMh7F22tshNa0JNdo6fpljm3NE5bYV9Ou5cNLaVoNm8n6JXt2VtEepkV66dU4F+E843P8Am1hU vZWGq2HOw0ZSa7d5J9E1cvmS2uVnmNgB1orKrbPtMF206KyvaumsvU4UPiFernpiXoTz1vn/ADS5 a46YOu0KkuuojZv2zS5Tza3zK25CG3ct01pWu/cQdnRFtq9U21gs4chXq3CL8Jk8450/L71uzati 4zKXapIoPq+gy5yzN9+w0ySArNUMo8hBpI9uyqrtYMKybdeKLUIQmDQQhCAEIQgBCEiATIhCAEIQ gEOodSp3MCD9cpe8XOn/AJXi/wBqXZm/yUvDxJxL6fE3PYT0vGxSfE3PYT0vGw8/BBGL81/9Ot/3 y/qvL/Kf+m4v90volD5r/wCnW/75f1XjuW8y5fb5fj27mRbV1tqGUsAQQJ2ab2awp9bMSluOf2oo fN//ACn/ALz/AIJYx/mO272rPu1wFiqatlNuysq/Njq6YToQyMLhVhuIPDIM2LfNOXaEX3m3WgFN Q3zTj6O3NHf5vDEz/wAlotpyMj5kU4/McTNHm67bavxw52Pe+dYeKNq0Wv0M1W/3RLfzRZ4nLhdA 22XBJ8zer6SJR5OTm86GQ23hWVP9oItv0kzVH/tq/wD463X5EsvU6/udWdfN37zG9l/Ss9Dk/D3f Yb0Tzvzd+8xvZf0rPQ5Pw932G9E53/7ez/d/qbr8+54GH8o/u8r2k9DRHzHcW1znGutUqiW2NN9F uOY/5S/d5PtJ6Giufbee4YP3bX/xGnT/ANi39PuMf8Ve/vFc45zY5patY2OjJ64YvdKqK0K/eI8s 2rv/AKfyRgGqbVnSGG4sRpBH1mUvmqzaGFauBAHF0LqAoaFWNPwSvzTI0/L+FartuhK+yi/lpIkr V21VRXXlmWXV3nF6czOfFK8ls5XlN9wD5ioHpSexxbwv41q+P/ERW6xWeZv8lzLfKhebJZrSoLvu 23Stdp/Opsr0TX+W7/F5WinfaZkP6w/A0b8WpqT1abteY25Voaiar8DVhCRPKdiZEIQAhCEAIQkV gBCsiFYAVi0+Iuewnpedzi38Rc9hPS80sn295OR1i/DWfYX0CNisX4az7C+gRsls33CyR5rMHunz PZu7lvFD5vXHCMl196+agN62KHsLq/WjPmq2U91y1322K18/2l9BhyAcfmefm+TUQv0Oxb0LPUn/ ALf1OW26fjBxj16f56hXN/8AUeH7Vn9eP+a7+nFs4433XLH6EH5WiOb/AOo8P2rP68452Hzud2sO 22kqFSv3SfXJ6oqsdpvKtHZhvC652gFt/wBO+YMZNyultD56pwv1hO/mk1ysRD9mh2fSw/JKnOMD MwHsZF7JbJYk6XapK6KMB6xPTLXzMdZwstRW26kj/dYemaUO+1adU1dZ7Efy3URinHc1Ob5PKtHu WfdNvWA4CqxNAdhqFYeSVc4Yq/LLjDcvjimhmrU/tRXeB5Ynn+XyzIwhctMl3JfSEYULqoOo18ok f/yH/bx5zrWK7b9S/wB1YPLuadpdlh8jxQnlnP8AGweXDHa273l1EUA0Ekkjbqr+CWflXG0W72SW U66KFBBIA2+tTdLPILNq7ydFuIrhi4IIB/OMzvla6LXvjsaKiK5+hdU1eHXeVVD1LVxnElZT25c4 YdCbif1H5hv296W0dKfQhT9ZpY+U71bF/HO9HDge0Kf8MzuUYOZzC5fyLOQ2M4PrOtasXJYj1SOi P5KHweeXMS42osGQt0keuD1CW6Wi1E5dKVw/pJVvVW0fNZ49z1MIQnjPQEISIBMiEIAQhCAEJEIA QrIrIrKCazO/kpoTP/kpeD7onEvp8Tc9hPS8bFJ8Tc9hPS8bI8/BBCMvDxs22LWSnEQHUBUrtAI/ NI6ZU/8A17k//wBP/vv3ppQlV7JQrWXZh1q80mVL/KsDIt2rV61qSwum0NTDSKAeRhX7I3xI+X+U AgjH2jaPXfvTRhCvdYK1l4jTXkvIXfsWsi01m8uu2+xl2ivl8kTictwsIs2Lb4ZcAMdTNWntEy1C TU4iXD4CFMxiVcvl2FmlTlW+IUqF9ZlpXf8AZIlhlV1KsKqwII8xnUIlwlLwyELzK2JgYmEGGLb4 YehbazVpu+0TIv8ALsLJvpk3req9boEbUwppOobAQN5lqRGq0zLnnIhREKBWViY+Za4WQmu3UNSp G0eyRK9zk/Lrtu1auWtVuyCLY1v6oY1P50uwhWssm12YaTzSOXtW7lprLittlKMv6JFKRWJg4uEr JjJw1c1Yambb/aJj4RLiJcPgIWYQhCQoQkVhWAEKyIVgBWFZEisoJkVhIghNZxa+IuewnpeTIs/v 7nsJ6Xl4Pt7xyO8X4az7C+gRsVi/DWfYX0CNktm+4WSE5WJj5lrg5Ca7dQ1KkbR51IkYmDi4SMmM nDVjVhUtU7vziY+SFJjU4iXHLgIUzGJVvcuwr+SmVdt6r9vSUfUwppNRsBpvkLy3CXL99Fv/ADJJ PE1MdpGndWm6W9B80g7PLLqtlLyjPgIryXMRl4WLmoLeSnEVTqAqV27vzSJD4OJcxlxHthrCgBUJ JpTYKGtZZCkydB80k2wUvDIQuSxMu1yDldosRaLagV9ZiaBthpLP9Pw/c/ceH/lvD1N97XvrXf55 a0GBUiV3u87W55hVqskhONjWMW0LNhdFtakLUnft3sTK9vlHL7XF4drTx1KXfXf1lbePtS7Ik1Wx xeOeIhclgIxMLFwkNvGThqx1EVLbd35xM5bluE2WM02/8wCDr1MNoGkbK03SzCNVpbly88RCyhYB CEJChCEIAQkQrACFZFZEoJrIrCRWATIrCRBArKP8lLspfyUvDxQ4l9fibnsJ6XjYpfibnsJ6XjZH n4IIIQhIUJxdupaQ3Lh0qN5ncyOc3GN23Z/NC6vpJJH4pjdvoo7cje3TXdVOn5vcLfsrYC+TVUn8 BEZZ5mxNLqinSv8Atmco9ZFUb6+sfLSkatNJYDZWg6d9J4P8ndmdXhGB7XsbURp8eJuKwYBlNQdx hKmCxANs7htEtz37d9dFbmeG9dNnUIQhNmQisi+mPaNx9w3DpMZK3MMd8nHKW/tqQyjppsp+Gaqk 7LVlOJHMOClczcq8bbIuhdXqUr6x6D0yxi8wa5d4N5dLnYCNm0eQiZnEyccolwFRbbWqsNlZoYmd jX7oFy0qXifVcAGp+nfPTuUWnCqahw68DnVuc/M0awnMp8xzeAvBQ/tXG0/dE81auzSXE6NwpYZX MTaucOyA2n7RPT0Chj8W+1+wLjgAkkbJlX0sWse3puK91jV9LBqbN2yXuWujYwQMNYJOmu2n0Tte lVtp1XGJMVb1YlzfKeVzA27htWQCV2Mx6eiXBWsxslXxssuwqNeta7iK1mdmtbWc4wsEW7aWBZHM Mi2wF5Nh8hBU0l03bQtcev7Olf8AZMvMzVyQoVSoXeT0mBuN/TwPJxafgrNvaTVXGhtw0jKtE4yP PMchyeGgCjbSldnnjsXNF9uHcAV/zSNxkcqA4Dt5S1OoD8spA6M6i+S7QD+1GmjdqqsacmWWoczJ qnZIs/v7nsJ6Xkv9szmx+/uewnpecOD7G+KGYvw1n2F9AjYrF+Gs+wvoEbJbN9wskE6VgBOZ0qgi p6pEGR6zfRODdtoaVq0yea89OPcexaWmhgrsdmwkVP4Zjtzu5R3CjQn2mdwo3sopq6dJnors2al4 I4W3apwsT1hyVr9r6hSklcpK7T1TydnnFy9cZKU0hiSDWmltHrbKCvmnP9auHboIAPr1IqBqVAes y/47M/XPaqysKqajpkPunlMPnd9CXppoRqSoYEMquPro09QLq3bSXF3OAwHmIrOW5tumeTOu3uK/ dEQhCczqEp5nMBYcWkXXcPUKy3MnmWJke8e82QWBoTp3qQKbvqnTaVXaLcvxM2bSwIXMzLb3HK12 jWpBovR5dk0cXJXIt6wKEGjCY9nPuWnuG4gucSnEVhvpNXEvY962XsKE++oAB/BOm9WFOmMvUjNH jn4FmUMrmJt3DasgErsLHp6AJerFe7WQ5uC2NYqwPlrOVHVP1KeSNueGBRXmWQjUvICPKCNJmirq 6q6/ZYVExcrIvXbo468MgUC0INPrmvZ08G3wjqt6dhnTdqkquIbzjIzRuWpkYSFBZjRVFSZnvzK8 76bCbPJsqZYzyVw7nnoD1iVuTgFrreUBQPrr+SSlaqlrtaocQLN6lVYDcbmHEcW7wAJ2Bh0+eNys pcYBQNVw7du4CZ2cdGZc07NoP1kAwznJynr5tn1CdFtVdquIVq6oM6mk1ycD/wCoZK0ZlGk7qggH 6DLlu6l60LibPIw6DOc9VGGwA2Jp09YErcrJK3h5KA+mYarbbd0tOlwaUq0NzJclP+SluVP5Kc+H iaL6/E3PYT0vGxS/E3PYT0vGTLz8EETIhCQoTM5taJuJd82k+bbUemacTeQNsYVBFCJz3aa6Opva tpurGRbUlkNNi1r9dI0WiFCU2VqW8wNZZ9z0n1Ds6DO1xz+cfqE8S+3tk1+R63vVzk7xEpVunYJZ i02fROqz3bddNUjx7ltVmyawrIrIrOhkmsq8wXJfGJxWIuIdVFNCw8olmsivRKnDT5EeKg89/UXY WUyAWazc1sTvIru2xmKr5meLlm3otBwxpuUDbNfIxrOQ1p7ho1pg2wD1qeQxhJOwbF8gE7PeUems Np8cEY0OcWdaqkynm8uTKui6bujYBSld31y1Ccq2dXNXDNtJ5mHzDBGFbRxc16yRupu+uW+TWf2T ZeraQyaadBBrX6poh2AoPww1vWtfqnR71nTS8+LMqiTkyOW8xyr+ZbtXLhZG1VFB5FJj+ZZmZjXd LW1bHJBUlagjoM0OI/mkamApvHQZHuV1atCiIj3jS4jU+5iZGec0pZsWtAG0Iu0kn6AJpHCb3AY4 obw9en6X/bZLAYrsRVSvQJAqDWu3pi25kqrSqueeIVc5cyZWNn3cPXbKbT5G2UMby+zcvXxfcURT qLHynfsmiXJ+0qtTcSJDM7bCaDoEr3ZTiul2zckVcpcpATqJPTJsfv7nsp6XnM6x/wB/c9lPS858 H2NcUMxfhrPsL6BGxWL8NZ9hfQIyZtm+5VkiYAyJ2tNO3pkKZPOeU2s60zLRbwBGrcGH3Wnkcm1w LvDybJVlUIFqyjSN32WFRPc5JfUV8nklLJxbGVb4eQgcDdUba+YjaJ6drddVDxR59zaVnKwZ5Djp UEChAYLtP5x1nefKZCtaZ1pb1tqJAq21iQdoB27Rum43yvhO/qXLiDbUVVvL9EvYfLcTCp7vbo+7 W3rOdvSd31Ts9+iWEtnFbFpxcFHlPI3uBTkLwbKmvCqS77APWqTQbJ6igCgDYBsAlFK7wdo3H6pd BOkE+XfPLuXtZy/I9O3StcvMmsisisJzOpNZkc0uZ2NkC9bduA1CACdII3gzVrCpH0eUTVLaXMK3 RmWpWcHn25haf3ktbq18qUr+aRWaHJ7N23auXbgKi5QIDsrSu38Ms2sazYu3bybXvEGhAotK7o3a TVjOl91NOtVCcT4ErWHLZ2p2zAvXs3l+XVyzKpOjUSVZTNyBJIoQGHQdsxS+mZWpPNFsp4xBgZGd e5heQJb2gUVV2nbL+W9/l/L7Cq2l60Yih31YiXwSooiqg8wkh2A31+mbe6npSqtNcdJFXPHF8Slh Pcz+X3lutqYsVBPkoFI3eeZ9jMv8uvOty3tOxlbZu3EGbhd237PokM2oUZVcecVhbiWpOqdbfpDr ljiuJj4q3uYZRuEeoW1XG8gHRLXNbD6/eUGpGFHp5CNlZeLMRp2KvQNkAzL9k/VD3nqVkoSUaeg0 KI58TKu8xuZFlbOnoqRvakvYdlrGOS4pcund5QPPHayDVVUHppI2k1Y1MlrzXTWulTLCUOW5JlX+ SlmVv5KY4eJS8vxNz2E9LxsUvxNz2E9Lxsy8/BFQQkQkKEhhWFZFYBFIUk1kViEJJ3QkVkVlITWF ZzWEAmsisKyKygmEisisAmsKyKzPs6kxse/rdnYoHLMTUOdNKE08sza2lrCcG32RG4NCsKygly47 C4ouF+KQTt0aAxSlK03bY3FBJuXGZmPEuKASaBQx2ASV3NTSSzx8CK0k5GfjY76LjHXvoATQQfPx UtJdL1W59igJJ+qUuYcO1eY2gXyshdGneApGnd9UUbBx8jCtMasDVuipacLb+4rXSVWk0p5S4UmX a0vI1bGTayE12mqK0PkIMZM3lP2sn2/yzu7qKZV3W4a0x4dGIC0VTunSm63tVu1LczH8Z/Iqt6Uy /CU7hOO7aGYjgu51EtVkpQ7fpgENu7j0djqDawWJDHTWu2b+pjEZNJ488iyW6zrG/fXPZT0vOJ3j fvrnsp6XnTg+3vLxQzF+Gs+wvoEbFY3w1n2F9AjZm2b7lWSCEiAMhQIDb4s2xGGkispIF8ORw43Z ColkkHK2lG0750x2SKiQx2SFCsisisJQTWRWRWFYBMiRWV8upNhQxUNcAbSSCRpY02fRJZwpzI2W awrKF241ni2lZtNbWnaSwFw6WAJ2+SQ7XFtXQnEtpqtaCxOoamAahNZze7E4ZJz4T+RNRfrEpl49 y8bCPqcCpptHXO1UKgQVI85JPWZmY9tLXN7qWxpUJsA84WXcvar24S9d1V/9A21HVwW7nMsS3cNt n2g0YgEgHzmTf5hi2G0O3rbyACaAzIPwuV/er6WnaH9rk/8A2/4knm/ytz+Pqywyz/I5/UfQ20uL cQOh1KwqCJMqcrP+Rtf2v1jE20Js4rm4+q6QHOs7QVZqb/NPSt16aOPnqrf6fmb1YJ80aMispFmU vYDMFN1UBqSQrKGIrvjbIKZF5AzFAqFQxJpXVWlfolW5LSjjpffH8iyWKyv/ACUfEfyU68PEpeHx L+wnpeMnFxWDC6gqQKMvSP8AZOPebI+04U9DHSeozMTisSjayKxXvOP4qdoQ95x/FTtCNL5MShsi sV7zj+KnaEj3mx4qdoRpfJiUNrCsV7xY8VO0JHvFjxE7Ql0vkxKGwrFe8WPETtCR7xY8Re0I0vky ShtYViveLHiJ2hI94seIvaEaXyYlDayKxfvFnxF7Qhx7PiL2hLpfJiUMrCsVx7PiL1iHHs+IvaEa XyYkZWUsSzcbHsB3HDUK4WlGqNoBNfJ9Escez4i9Yhx7PiL1iZtty02ngmvP4EcHIsMGoH/Za+Jp ptqTqpWu6vmndq3w1YVrqZm7RLUkcez4i9Yhx7PiL1iFtw5SYwK13BuNlNk273DY0AGgNTZTymF3 Bu3Rbdr9b9o1W5pAHZljj2fEXrEONZ8ResTP+PTH029Tl42z5kiuPXqLw8QYqsNWt3NWalJLY+q3 fTVTjEmtN1VC/infGs+IvWIcaz4i9YmlspVVVXBe8Qogi5aDuXbaNDIVG8hqH8Ur2i73rPr6xbBr 6pUiop61TvlnjWfvr1iHGs/fXrEltqWnisZeeMBpHcZi/vrnsp6XiVdXNEOs9C7TLdi2UBLfabaf MPIJt4JzxNLMjG+GtewvondYoHgeqwPDqSrDbSvkMPecfxU7QmWm22lMlkbWRWK95x/FTtCHvOP4 qdoRpfJiUMrCsV7zj+KnaEj3ix4qdoRpfJiUNrIrF+8WPETtCR7xY8RO0JdL5MkobIrF+8WPETtC R7xY8Re0I0vkxKG1kVi/eLHiL2hI94s+IvaEaXyYlDayKxfHs+IvaEjj2fEXtCXS+TEobWVssMxs BDpbigg0r+a++M49nxF6xDj2fEXrEzajsohkcPicHHZlcu/7RypDAUC6Nq0FemQ2O7q3EcamKHYN gCENQCs749nxF6xDj2fEXrEn0l+1/jx+IwGVlZcTTmvl6/timinmA3180bx7PiL1iRx7PiL1iatt 6olN6XqXcOH4FN+VlmcLdK2bjamTTU1HnnV7luq4z2bvDDqEcU1VXYPxS1x7PiL1iHGs+IvWJz/x dvH0PHq/w8zOmoWLK2LK2lNQo3nz7ZwuPpt2E1V4JBrTfRSv453xrPiL1iHHs+IvWJv6ahLT8qhd vZGsBV60FFy5qILOrggV0lQF29I2bZGNqa9eulg4YIAwFF9XVur9MdxrP316xDjWvvr1iT6XqVlK jGOuP5khTMncVQ//AIVI1FN3Ym4738glvhJ0fm6f7PRN9OJrqdQhCczQQhCAEIQgBCEIAQhCAEIQ gBCEIAQhCAEIQgBCEIAQhCAEIQgBCEIAQhCAEIQgBCEIAQhCAEIQgBCEIAQhCAEIQgBCEIAQhCAE IQgBCEIAQhCAEIQgBCEIB//Z ------=_NextPart_000_0001_01C6C04C.3FF97B80-- From owner-ietf-openpgp@mail.imc.org Mon Aug 21 13:43:43 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GFDoN-00086B-PL for openpgp-archive@lists.ietf.org; Mon, 21 Aug 2006 13:43:43 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GFDoM-0005Yc-Dm for openpgp-archive@lists.ietf.org; Mon, 21 Aug 2006 13:43:43 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LHFArS053971; Mon, 21 Aug 2006 10:15:10 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7LHFAA1053969; Mon, 21 Aug 2006 10:15:10 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kamino.does-not-exist.org (kamino.does-not-exist.org [217.160.221.198]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LHF44t053916 for ; Mon, 21 Aug 2006 10:15:09 -0700 (MST) (envelope-from roessler@does-not-exist.org) Received: from raktajino.does-not-exist.org (ip-83-99-50-11.dyn.luxdsl.pt.lu [83.99.50.11]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by kamino.does-not-exist.org (Postfix) with ESMTP id E542A193658; Mon, 21 Aug 2006 19:14:54 +0200 (CEST) Received: from roessler by raktajino.does-not-exist.org with local (Exim 4.62) (envelope-from ) id 1GFDMS-0007R9-8E; Mon, 21 Aug 2006 19:14:52 +0200 Date: Mon, 21 Aug 2006 19:14:52 +0200 From: Thomas Roessler To: Derek Atkins , ietf-openpgp@imc.org Subject: Re: OpenPGP Minutes / Quick Summary Message-ID: <20060821171452.GG17407@raktajino.does-not-exist.org> Mail-Followup-To: Derek Atkins , ietf-openpgp@imc.org References: <20060805213931.GA14257@lavazza.does-not-exist.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060805213931.GA14257@lavazza.does-not-exist.org> User-Agent: Mutt/1.5.13 (2006-08-16) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by balder-227.proper.com id k7LHF94t053946 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: 0.1 (/) X-Scan-Signature: 0bc60ec82efc80c84b8d02f4b0e4de22 From the minutes of the OpenPGP meeting in Montreal: >> Thomas Roessler gave a history of the Multiple Signature Draft. >> It's an extension to RFC1847 to allow the "signature" portion >> of the message to be a "multipart/mixed" and have a set of >> signatures on the signed data instead of just a single >> signature. This signature set could be a combination of >> OpenPGP and e.g. S/MIME signatures. On 2006-08-05 23:39:31 +0200, I wrote: > As a status update, I've dug out the (quite short) draft from > that old backup; before re-submitting it, I'm waiting for my > co-authors from back then to give me new contact information and > to ok submitting with the new IETF IPR boilerplate. I haven't heard back from either Derek (whose contact information I'd need), nor my co-authors from back then. I'm tempted to consider my action item from Montreal done without resurrecting this draft, and to suggest dropping this from the charter -- unless there's a sudden surge of interest. Regards, -- Thomas Roessler From owner-ietf-openpgp@mail.imc.org Mon Aug 21 14:12:46 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GFEGU-0000SZ-Mm for openpgp-archive@lists.ietf.org; Mon, 21 Aug 2006 14:12:46 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GFEDC-0001Vy-0v for openpgp-archive@lists.ietf.org; Mon, 21 Aug 2006 14:09:27 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LHebNo060406; Mon, 21 Aug 2006 10:40:37 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7LHebVI060405; Mon, 21 Aug 2006 10:40:37 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LHeZDw060395 for ; Mon, 21 Aug 2006 10:40:36 -0700 (MST) (envelope-from derek@MIT.EDU) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id k7LHdeAa006639; Mon, 21 Aug 2006 13:40:32 -0400 (EDT) Received: from w92-130-webmail-6.mit.edu (W92-130-WEBMAIL-6.MIT.EDU [18.7.22.137]) ) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id k7LHdbcQ005918; Mon, 21 Aug 2006 13:39:37 -0400 (EDT) Received: (from nobody@localhost) by w92-130-webmail-6.mit.edu (8.12.4) id k7LHdbIQ005614; Mon, 21 Aug 2006 13:39:37 -0400 Received: from pat.ccf.org (pat.ccf.org [192.35.79.70]) (User authenticated as warlord@ATHENA.MIT.EDU) by webmail.mit.edu (Horde MIME library) with HTTP; Mon, 21 Aug 2006 13:39:37 -0400 Message-ID: <20060821133937.0mvvxpb552ggog80@webmail.mit.edu> Date: Mon, 21 Aug 2006 13:39:37 -0400 From: "Derek Atkins " Reply-to: derek@ihtfp.com To: Thomas Roessler Cc: ietf-openpgp@imc.org Subject: Re: OpenPGP Minutes / Quick Summary References: <20060805213931.GA14257@lavazza.does-not-exist.org> <20060821171452.GG17407@raktajino.does-not-exist.org> In-Reply-To: <20060821171452.GG17407@raktajino.does-not-exist.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.0.3) X-Spam-Score: X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.42 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: 0.0 (/) X-Scan-Signature: 21c69d3cfc2dd19218717dbe1d974352 How about emailing the draft to this list without submitting it to the I-D editor? Let people read it on the list and we'll see if there is interest in resurrecting it. -derek Quoting Thomas Roessler : > From the minutes of the OpenPGP meeting in Montreal: > >>> Thomas Roessler gave a history of the Multiple Signature Draft. >>> It's an extension to RFC1847 to allow the "signature" portion >>> of the message to be a "multipart/mixed" and have a set of >>> signatures on the signed data instead of just a single >>> signature. This signature set could be a combination of >>> OpenPGP and e.g. S/MIME signatures. > > On 2006-08-05 23:39:31 +0200, I wrote: > >> As a status update, I've dug out the (quite short) draft from >> that old backup; before re-submitting it, I'm waiting for my >> co-authors from back then to give me new contact information and >> to ok submitting with the new IETF IPR boilerplate. > > I haven't heard back from either Derek (whose contact information > I'd need), nor my co-authors from back then. > > I'm tempted to consider my action item from Montreal done without > resurrecting this draft, and to suggest dropping this from the > charter -- unless there's a sudden surge of interest. > > Regards, > -- > Thomas Roessler > -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant From owner-ietf-openpgp@mail.imc.org Mon Aug 21 14:16:41 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GFEKH-0001B4-1u for openpgp-archive@lists.ietf.org; Mon, 21 Aug 2006 14:16:41 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GFEKD-000305-GT for openpgp-archive@lists.ietf.org; Mon, 21 Aug 2006 14:16:41 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LHh2tF061054; Mon, 21 Aug 2006 10:43:02 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7LHh2mH061053; Mon, 21 Aug 2006 10:43:02 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kamino.does-not-exist.org (kamino.does-not-exist.org [217.160.221.198]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LHh0Id061029 for ; Mon, 21 Aug 2006 10:43:00 -0700 (MST) (envelope-from roessler@does-not-exist.org) Received: from raktajino.does-not-exist.org (ip-83-99-50-11.dyn.luxdsl.pt.lu [83.99.50.11]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by kamino.does-not-exist.org (Postfix) with ESMTP id 611F81936FA; Mon, 21 Aug 2006 19:42:59 +0200 (CEST) Received: from roessler by raktajino.does-not-exist.org with local (Exim 4.62) (envelope-from ) id 1GFDnc-0007TP-Ph; Mon, 21 Aug 2006 19:42:56 +0200 Date: Mon, 21 Aug 2006 19:42:56 +0200 From: Thomas Roessler To: derek@ihtfp.com Cc: ietf-openpgp@imc.org Subject: Re: OpenPGP Minutes / Quick Summary Message-ID: <20060821174256.GH17407@raktajino.does-not-exist.org> Mail-Followup-To: derek@ihtfp.com, ietf-openpgp@imc.org References: <20060805213931.GA14257@lavazza.does-not-exist.org> <20060821171452.GG17407@raktajino.does-not-exist.org> <20060821133937.0mvvxpb552ggog80@webmail.mit.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060821133937.0mvvxpb552ggog80@webmail.mit.edu> User-Agent: Mutt/1.5.13 (2006-08-16) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: 0.1 (/) X-Scan-Signature: 789c141a303c09204b537a4078e2a63f On 2006-08-21 13:39:37 -0400, Derek Atkins wrote: > How about emailing the draft to this list without submitting it > to the I-D editor? I always thought that sending I-Ds to lists (as opposed to submitting them) was considered bad form -- but here we go, sans boiler-plate material. -- Thomas Roessler 1. Introduction Various digital signature services for electronic mail rely on the framework defined in RFC 1847. These signature services do not address the issue of parallel signatures on the same content. Instead of specifying parallel signature formats for individual signature services such as OpenPGP, the present document defines a "multipart/mixed" protocol for the "multipart/signed" body type introduced in RFC 1847. The "multipart/mixed" protocol permits users to bundle parallel signatures for the same content into one "multipart/signed" body part. It is independent of the protocols used to form the individual digital signatures. 1.1. Compliance In order for an implementation to be compliant with this specification, is it absolutely necessary for it to obey all items labeled as MUST or REQUIRED. 2. The "multipart/mixed" protocol 2.1. Specification Digitally signed messages conforming to this document are denoted by the "multipart/signed" content type, defined in RFC 1847, with a "protocol" parameter which MUST have a value of "multipart/mixed". (MUST be quoted). The "micalg" parameter MUST contain a comma-separated list of hash- symbols. These hash-symbols identify the message integrity check (MIC) algorithm(s) used to generate the subsequent signature(s). Hash-symbols MUST NOT occur more than once in this list. The multipart/signed body MUST consist of exactly two parts. The first part contains the signed data in MIME canonical format, including a set of appropriate content headers describing the data. The second part MUST be of type "multipart/mixed". Each sub-part represents an individual digital signature which has been formed according to RFC 1847 and the specification of the signature protocol used. 2.2. Example message From: Dave Del Torto To: Raph Levien Mime-Version: 1.0 Content-Type: multipart/signed; protocol="multipart/mixed"; boundary=0000_031; micalg="pgp-sha1, rsa-md5, pgp-md5" --0000_031 Content-Type: text/plain Hi Raph, Here's some text with parallel (multiple) digital signatures in various formats. dave ______________________________________________________________________ "All email luxuriantly hand-crafted using only the finest ASCII text." --0000_031 Content-Type: multipart/mixed; boundary=0000_032 --0000_032 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Comment: Hash computed using SHA-1 micalg (FIPS 180-1). iQCVAwUBM0It9qHBOF9KrwDlAQFBaQQAisIzQUgyknT2v729b7MImcUc3ROdRBh6 nwMyAfdewQYCDxqdDWvnD1UWoUjwjA1JNA6qhTXBxs8yPtZdDZaguOG2zWawyat9 Jib556AuSx10psREDC3vNsaJ99MV8SKFF92H53l9w/YhVOA0aMZeNfLE0jJVypkY /so4/7DHhqQ= =/wlj -----END PGP SIGNATURE----- --0000_032 Content-Type: application/x-pkcs7-signature Content-Transfer-Encoding: base64 Comment: Hash computed using S/MIME MD5 micalg. MIAGCSqGSIb3DQEHAqCAMIACAQExDjAMBggqhkiG9w0CBQUAMIAGCSqGSIb3DQEH [signature material removed] +kNIWIbxNiNje1wlzIhaGjrGrOnvYc8+tFn2LgAAAAAAAAAA --0000_032 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: PGP 2.6.2 Comment: Hash computed using MD5 micalg. iQCVAwUBM0Iu16HBOF9KrwDlAQGaiQP9EU1YXgMSoNxDAqSmo7UoCE52DuYCfxm7 x8RfRr9+Xz3nPFytSYM2TIWGMeKi1fVr5PhfjdrKvOh9sCq97h6zndZVpGA9x62k mPVn/QY3fz1eOdyJbYvW4ba7WQll5OoA6cqmEb9tWwh4ra4yE8hZMnLS9a0uPpuB 5dpiTTAE/gY= =hD3D -----END PGP SIGNATURE----- --0000_032-- --0000_031-- 3. Security Considerations Use of this protocol has the same security considerations as RFC 1847 and the individual digital signature protocols used. It is not known to either increase or decrease the security of messages using it. Users should be aware of the fact that each individual signature can be broken out and used to create a valid "multipart/signed" body according to the underlying protocol and RFC 1847. 4. Acknowledgements We thank Jim Galvin, Sandy Murphy, Steve Crocker, and Ned Freed for their pioneering work on security using MIME multiparts, on which the refinement specified in this document is based. This draft document relies on the work of the IETF's OpenPGP Working Group. From owner-ietf-openpgp@mail.imc.org Mon Aug 21 15:19:28 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GFFJ2-00071e-9C for openpgp-archive@lists.ietf.org; Mon, 21 Aug 2006 15:19:28 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GFFIy-0006KN-PZ for openpgp-archive@lists.ietf.org; Mon, 21 Aug 2006 15:19:28 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LIbt3i075938; Mon, 21 Aug 2006 11:37:55 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7LIbtQr075937; Mon, 21 Aug 2006 11:37:55 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LIbqpH075907 for ; Mon, 21 Aug 2006 11:37:54 -0700 (MST) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (keys.merrymeet.com [63.73.97.166]) (Authenticated sender: jon) by merrymeet.com (Postfix) with ESMTP id 1DE8C253DC2; Mon, 21 Aug 2006 11:37:59 -0700 (PDT) Received: from [169.231.68.190] ([66.236.113.201]) by keys.merrymeet.com (PGP Universal service); Mon, 21 Aug 2006 11:37:52 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Mon, 21 Aug 2006 11:37:52 -0700 In-Reply-To: <20060821174256.GH17407@raktajino.does-not-exist.org> References: <20060805213931.GA14257@lavazza.does-not-exist.org> <20060821171452.GG17407@raktajino.does-not-exist.org> <20060821133937.0mvvxpb552ggog80@webmail.mit.edu> <20060821174256.GH17407@raktajino.does-not-exist.org> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <39FD196D-ADE5-475F-9759-690F0BE6B9E5@callas.org> Cc: derek@ihtfp.com, ietf-openpgp@imc.org Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: OpenPGP Minutes / Quick Summary Date: Mon, 21 Aug 2006 11:37:52 -0700 To: Thomas Roessler X-Mailer: Apple Mail (2.752.2) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: 0.0 (/) X-Scan-Signature: 93238566e09e6e262849b4f805833007 On 21 Aug 2006, at 10:42 AM, Thomas Roessler wrote: > > On 2006-08-21 13:39:37 -0400, Derek Atkins wrote: > >> How about emailing the draft to this list without submitting it >> to the I-D editor? > > I always thought that sending I-Ds to lists (as opposed to > submitting them) was considered bad form -- but here we go, sans > boiler-plate material. > It's not bad form when the working group chair suggests it. Also, one of the main reasons people don't like them sent to the list is that they tend to be large. Yours is delightfully small. Thanks, it's good to see this again. Jon From owner-ietf-openpgp@mail.imc.org Mon Aug 21 15:22:54 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GFFMM-0007VK-8W for openpgp-archive@lists.ietf.org; Mon, 21 Aug 2006 15:22:54 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GFFMK-0006bT-Tm for openpgp-archive@lists.ietf.org; Mon, 21 Aug 2006 15:22:54 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LJ3Oav082122; Mon, 21 Aug 2006 12:03:24 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7LJ3Onh082121; Mon, 21 Aug 2006 12:03:24 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LJ3JtU082085 for ; Mon, 21 Aug 2006 12:03:21 -0700 (MST) (envelope-from wk@gnupg.org) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.50 #1 (Debian)) id 1GFFBX-0004yd-NM for ; Mon, 21 Aug 2006 21:11:43 +0200 Received: from wk by localhost with local (Exim 4.62 #1 (Debian)) id 1GFEzv-00084L-N3; Mon, 21 Aug 2006 20:59:43 +0200 From: Werner Koch To: derek@ihtfp.com, ietf-openpgp@imc.org Subject: Multisig (was: OpenPGP Minutes / Quick Summary) References: <20060805213931.GA14257@lavazza.does-not-exist.org> <20060821171452.GG17407@raktajino.does-not-exist.org> <20060821133937.0mvvxpb552ggog80@webmail.mit.edu> <20060821174256.GH17407@raktajino.does-not-exist.org> Mail-Followup-To: derek@ihtfp.com, ietf-openpgp@imc.org Organisation: g10 Code GmbH OpenPGP: id=5B0358A2; url=finger:wk@g10code.com Date: Mon, 21 Aug 2006 20:59:43 +0200 In-Reply-To: <20060821174256.GH17407@raktajino.does-not-exist.org> (Thomas Roessler's message of "Mon, 21 Aug 2006 19:42:56 +0200") Message-ID: <87pset3of4.fsf_-_@wheatstone.g10code.de> User-Agent: Gnus/5.110006 (No Gnus v0.6) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: 0.0 (/) X-Scan-Signature: 0bc60ec82efc80c84b8d02f4b0e4de22 On Mon, 21 Aug 2006 19:42, Thomas Roessler said: Users should be aware of the fact that each individual signature can be broken out and used to create a valid "multipart/signed" body according to the underlying protocol and RFC 1847. Assuming that parallel signatures are used to give extra security in case one of the protocols or algorithms has been broken, this indeed a problem. A solution is easy: The protocols and algorithms used to make up the signatures need to be hashed with the content. For example by an extra header line in the first part. When verifying the signatures an application can easily detect whether a signature has been removed and present an appropriate warning (also considering the algorithms deemed to be broken at the time of verification). Obviously this requires that either all signatures are created at the same time or forehand knowledge of the signatures to be added later is required. Shalom-Salam, Werner From owner-ietf-openpgp@mail.imc.org Mon Aug 28 07:34:52 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GHfOG-0001Aj-UP for openpgp-archive@lists.ietf.org; Mon, 28 Aug 2006 07:34:52 -0400 Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=chiedprmail1.ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GHcCD-0001om-Le for openpgp-archive@lists.ietf.org; Mon, 28 Aug 2006 04:10:13 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1GHbhz-0001Vj-Bz for openpgp-archive@lists.ietf.org; Mon, 28 Aug 2006 03:39:00 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7S6l4JD057279; Sun, 27 Aug 2006 23:47:04 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7S6l46o057278; Sun, 27 Aug 2006 23:47:04 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7S6l11G057261 for ; Sun, 27 Aug 2006 23:47:04 -0700 (MST) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id 70D3457FD3; Sun, 27 Aug 2006 22:42:46 -0700 (PDT) To: ietf-openpgp@imc.org Subject: Bleichenbacher's RSA signature forgery based on implementation error Message-Id: <20060828054246.70D3457FD3@finney.org> Date: Sun, 27 Aug 2006 22:42:46 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: -2.6 (--) X-Scan-Signature: 3002fc2e661cd7f114cb6bae92fe88f1 At the evening rump session at Crypto last week, Daniel Bleichenbacher gave a talk showing how it is possible under some circumstances to easily forge an RSA signature, so easily that it could almost be done with just pencil and paper. This depends on an implementation error, a failure to check a certain condition while verifying the RSA signature. Daniel found at least one implementation (I think it was some Java crypto code, not OpenPGP related) which had this flaw. I wanted to report on his result here so that other OpenPGP implementers can make sure they are not vulnerable. Be aware that my notes were hurried as Daniel had only a few minutes to talk. The attack is only good against keys with exponent of 3. There are not too many of these around any more but you still run into them occasionally. It depends on an error in verifying the PKCS-1 padding of the signed hash. An RSA signature is created in several steps. First the data to be signed is hashed. Then the hash gets a special string of bytes in ASN.1 format prepended, which indicates what hash algorithm is used. This data is then PKCS-1 padded to be the width of the RSA modulus. The PKCS-1 padding consists of a byte of 0, then 1, then a string of 0xFF bytes, then a byte of zero, then the "payload" which is the hash+ASN.1 data. Graphically: 00 01 FF FF FF ... FF 00 ASN.1 HASH The signature verifier first applies the RSA public exponent to reveal this PKCS-1 padded data, checks and removes the PKCS-1 padding, then compares the hash with its own hash value computed over the signed data. The error that Bleichenbacher exploits is if the implementation does not check that the hash+ASN.1 data is right-justified within the PKCS-1 padding. Some implementations apparently remove the PKCS-1 padding by looking for the high bytes of 0 and 1, then the 0xFF bytes, then the zero byte; and then they start parsing the ASN.1 data and hash. The ASN.1 data encodes the length of the hash within it, so this tells them how big the hash value is. These broken implementations go ahead and use the hash, without verifying that there is no more data after it. Failing to add this extra check makes implementations vulnerable to a signature forgery, as follows. Daniel forges the RSA signature for an exponent of 3 by constructing a value which is a perfect cube. Then he can use its cube root as the RSA signature. He starts by putting the ASN.1+hash in the middle of the data field instead of at the right side as it should be. Graphically: 00 01 FF FF ... FF 00 ASN.1 HASH GARBAGE This gives him complete freedom to put anything he wants to the right of the hash. This gives him enough flexibility that he can arrange for the value to be a perfect cube. In more detail, let D represent the numeric value of the 00 byte, the ASN.1 data, and the hash, considered as a byte string. In the case of SHA-1 this will be 36 bytes or 288 bits long. Define N as 2^288-D. We will assume that N is a multiple of 3, which can easily be arranged by slightly tweaking the message if neccessary. Bleichenbacher uses an example of a 3072 bit key, and he will position the hash 2072 bits over from the right. This improperly padded version can be expressed numerically as 2^3057 - 2^2360 + D * 2^2072 + garbage. This is equivalent to 2^3057 - N*2^2072 + garbage. Then, it turns out that a cube root of this is simply 2^1019 - (N * 2^34 / 3), and that is a value which broken implementations accept as an RSA signature. You can cube this mentally, remembering that the cube of (A-B) is A^3 - 3(A^2)B + 3A(B^2) - B^3. Applying that rule gives 2^3057 - N*2^2072 + (N^2 * 2^1087 / 3) - (N^3 * 2^102 / 27), and this fits the pattern above of 2^3057 - N*2^2072 + garbage. This is what Daniel means when he says that this attack is simple enough that it could be carried out by pencil and paper (except for the hash calculation itself). Implementors should review their RSA signature verification carefully to make sure that they are not being sloppy here. Remember the maxim that in cryptography, verification checks should err on the side of thoroughness. This is no place for laxity or permissiveness. Daniel also recommends that people stop using RSA keys with exponents of 3. Even if your own implementation is not vulnerable to this attack, there's no telling what the other guy's code may do. And he is the one relying on your signature. Hal Finney From owner-ietf-openpgp@mail.imc.org Mon Aug 28 09:33:28 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GHhF2-0003Gj-24 for openpgp-archive@lists.ietf.org; Mon, 28 Aug 2006 09:33:28 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GHhEy-0000pZ-L9 for openpgp-archive@lists.ietf.org; Mon, 28 Aug 2006 09:33:28 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7SD90Qi004866; Mon, 28 Aug 2006 06:09:00 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7SD90to004865; Mon, 28 Aug 2006 06:09:00 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7SD8son004848 for ; Mon, 28 Aug 2006 06:08:59 -0700 (MST) (envelope-from iang@iang.org) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 0B7FB5D1AC for ; Mon, 28 Aug 2006 14:08:47 +0100 (BST) Message-ID: <44F2EAE8.9040808@iang.org> Date: Mon, 28 Aug 2006 15:08:56 +0200 From: Ian G Organization: http://iang.org/ User-Agent: Thunderbird 1.5 (X11/20060317) MIME-Version: 1.0 To: OpenPGP Subject: keys for regression testing of OpenPGP code Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: 0.0 (/) X-Scan-Signature: 30ac594df0e66ffa5a93eb4c48bcb014 I recall someone had put together a set of keys for regression testing of OpenPGP implementations. Does anyone have a pointer to them? Or have I imagined this? iang From owner-ietf-openpgp@mail.imc.org Mon Aug 28 11:09:15 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GHijj-0005LI-DC for openpgp-archive@lists.ietf.org; Mon, 28 Aug 2006 11:09:15 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GHijg-0006Rq-1Q for openpgp-archive@lists.ietf.org; Mon, 28 Aug 2006 11:09:15 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7SDe9rT010385; Mon, 28 Aug 2006 06:40:09 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7SDe9Pj010384; Mon, 28 Aug 2006 06:40:09 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7SDe6s0010376 for ; Mon, 28 Aug 2006 06:40:09 -0700 (MST) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net (walrus.hsd1.ma.comcast.net [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id k7SDe3x13425 for ; Mon, 28 Aug 2006 09:40:03 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.13.7/8.13.7) with ESMTP id k7SDdxMU030085 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 28 Aug 2006 09:39:59 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id k7SDdvsO029478 for ; Mon, 28 Aug 2006 09:39:57 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id k7SDdvmi029477 for ietf-openpgp@imc.org; Mon, 28 Aug 2006 09:39:57 -0400 Date: Mon, 28 Aug 2006 09:39:57 -0400 From: David Shaw To: OpenPGP Subject: Re: keys for regression testing of OpenPGP code Message-ID: <20060828133957.GI8373@jabberwocky.com> Mail-Followup-To: OpenPGP References: <44F2EAE8.9040808@iang.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <44F2EAE8.9040808@iang.org> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.12 (2006-08-05) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: 0.0 (/) X-Scan-Signature: 856eb5f76e7a34990d1d457d8e8e5b7f On Mon, Aug 28, 2006 at 03:08:56PM +0200, Ian G wrote: > > I recall someone had put together a set of keys > for regression testing of OpenPGP implementations. > > Does anyone have a pointer to them? Or have I > imagined this? You might be thinking of Those are keys I put together for interoperability testing of the new DSA functionality (various keys with q!=160 and signatures generated by them). David Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7SDe9rT010385; Mon, 28 Aug 2006 06:40:09 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7SDe9Pj010384; Mon, 28 Aug 2006 06:40:09 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7SDe6s0010376 for ; Mon, 28 Aug 2006 06:40:09 -0700 (MST) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net (walrus.hsd1.ma.comcast.net [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id k7SDe3x13425 for ; Mon, 28 Aug 2006 09:40:03 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.13.7/8.13.7) with ESMTP id k7SDdxMU030085 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 28 Aug 2006 09:39:59 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id k7SDdvsO029478 for ; Mon, 28 Aug 2006 09:39:57 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id k7SDdvmi029477 for ietf-openpgp@imc.org; Mon, 28 Aug 2006 09:39:57 -0400 Date: Mon, 28 Aug 2006 09:39:57 -0400 From: David Shaw To: OpenPGP Subject: Re: keys for regression testing of OpenPGP code Message-ID: <20060828133957.GI8373@jabberwocky.com> Mail-Followup-To: OpenPGP References: <44F2EAE8.9040808@iang.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <44F2EAE8.9040808@iang.org> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.12 (2006-08-05) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Mon, Aug 28, 2006 at 03:08:56PM +0200, Ian G wrote: > > I recall someone had put together a set of keys > for regression testing of OpenPGP implementations. > > Does anyone have a pointer to them? Or have I > imagined this? You might be thinking of Those are keys I put together for interoperability testing of the new DSA functionality (various keys with q!=160 and signatures generated by them). David Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7SD90Qi004866; Mon, 28 Aug 2006 06:09:00 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7SD90to004865; Mon, 28 Aug 2006 06:09:00 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7SD8son004848 for ; Mon, 28 Aug 2006 06:08:59 -0700 (MST) (envelope-from iang@iang.org) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 0B7FB5D1AC for ; Mon, 28 Aug 2006 14:08:47 +0100 (BST) Message-ID: <44F2EAE8.9040808@iang.org> Date: Mon, 28 Aug 2006 15:08:56 +0200 From: Ian G Organization: http://iang.org/ User-Agent: Thunderbird 1.5 (X11/20060317) MIME-Version: 1.0 To: OpenPGP Subject: keys for regression testing of OpenPGP code Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I recall someone had put together a set of keys for regression testing of OpenPGP implementations. Does anyone have a pointer to them? Or have I imagined this? iang Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7S6l4JD057279; Sun, 27 Aug 2006 23:47:04 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7S6l46o057278; Sun, 27 Aug 2006 23:47:04 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7S6l11G057261 for ; Sun, 27 Aug 2006 23:47:04 -0700 (MST) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id 70D3457FD3; Sun, 27 Aug 2006 22:42:46 -0700 (PDT) To: ietf-openpgp@imc.org Subject: Bleichenbacher's RSA signature forgery based on implementation error Message-Id: <20060828054246.70D3457FD3@finney.org> Date: Sun, 27 Aug 2006 22:42:46 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: At the evening rump session at Crypto last week, Daniel Bleichenbacher gave a talk showing how it is possible under some circumstances to easily forge an RSA signature, so easily that it could almost be done with just pencil and paper. This depends on an implementation error, a failure to check a certain condition while verifying the RSA signature. Daniel found at least one implementation (I think it was some Java crypto code, not OpenPGP related) which had this flaw. I wanted to report on his result here so that other OpenPGP implementers can make sure they are not vulnerable. Be aware that my notes were hurried as Daniel had only a few minutes to talk. The attack is only good against keys with exponent of 3. There are not too many of these around any more but you still run into them occasionally. It depends on an error in verifying the PKCS-1 padding of the signed hash. An RSA signature is created in several steps. First the data to be signed is hashed. Then the hash gets a special string of bytes in ASN.1 format prepended, which indicates what hash algorithm is used. This data is then PKCS-1 padded to be the width of the RSA modulus. The PKCS-1 padding consists of a byte of 0, then 1, then a string of 0xFF bytes, then a byte of zero, then the "payload" which is the hash+ASN.1 data. Graphically: 00 01 FF FF FF ... FF 00 ASN.1 HASH The signature verifier first applies the RSA public exponent to reveal this PKCS-1 padded data, checks and removes the PKCS-1 padding, then compares the hash with its own hash value computed over the signed data. The error that Bleichenbacher exploits is if the implementation does not check that the hash+ASN.1 data is right-justified within the PKCS-1 padding. Some implementations apparently remove the PKCS-1 padding by looking for the high bytes of 0 and 1, then the 0xFF bytes, then the zero byte; and then they start parsing the ASN.1 data and hash. The ASN.1 data encodes the length of the hash within it, so this tells them how big the hash value is. These broken implementations go ahead and use the hash, without verifying that there is no more data after it. Failing to add this extra check makes implementations vulnerable to a signature forgery, as follows. Daniel forges the RSA signature for an exponent of 3 by constructing a value which is a perfect cube. Then he can use its cube root as the RSA signature. He starts by putting the ASN.1+hash in the middle of the data field instead of at the right side as it should be. Graphically: 00 01 FF FF ... FF 00 ASN.1 HASH GARBAGE This gives him complete freedom to put anything he wants to the right of the hash. This gives him enough flexibility that he can arrange for the value to be a perfect cube. In more detail, let D represent the numeric value of the 00 byte, the ASN.1 data, and the hash, considered as a byte string. In the case of SHA-1 this will be 36 bytes or 288 bits long. Define N as 2^288-D. We will assume that N is a multiple of 3, which can easily be arranged by slightly tweaking the message if neccessary. Bleichenbacher uses an example of a 3072 bit key, and he will position the hash 2072 bits over from the right. This improperly padded version can be expressed numerically as 2^3057 - 2^2360 + D * 2^2072 + garbage. This is equivalent to 2^3057 - N*2^2072 + garbage. Then, it turns out that a cube root of this is simply 2^1019 - (N * 2^34 / 3), and that is a value which broken implementations accept as an RSA signature. You can cube this mentally, remembering that the cube of (A-B) is A^3 - 3(A^2)B + 3A(B^2) - B^3. Applying that rule gives 2^3057 - N*2^2072 + (N^2 * 2^1087 / 3) - (N^3 * 2^102 / 27), and this fits the pattern above of 2^3057 - N*2^2072 + garbage. This is what Daniel means when he says that this attack is simple enough that it could be carried out by pencil and paper (except for the hash calculation itself). Implementors should review their RSA signature verification carefully to make sure that they are not being sloppy here. Remember the maxim that in cryptography, verification checks should err on the side of thoroughness. This is no place for laxity or permissiveness. Daniel also recommends that people stop using RSA keys with exponents of 3. Even if your own implementation is not vulnerable to this attack, there's no telling what the other guy's code may do. And he is the one relying on your signature. Hal Finney Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LJ3Oav082122; Mon, 21 Aug 2006 12:03:24 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7LJ3Onh082121; Mon, 21 Aug 2006 12:03:24 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LJ3JtU082085 for ; Mon, 21 Aug 2006 12:03:21 -0700 (MST) (envelope-from wk@gnupg.org) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.50 #1 (Debian)) id 1GFFBX-0004yd-NM for ; Mon, 21 Aug 2006 21:11:43 +0200 Received: from wk by localhost with local (Exim 4.62 #1 (Debian)) id 1GFEzv-00084L-N3; Mon, 21 Aug 2006 20:59:43 +0200 From: Werner Koch To: derek@ihtfp.com, ietf-openpgp@imc.org Subject: Multisig (was: OpenPGP Minutes / Quick Summary) References: <20060805213931.GA14257@lavazza.does-not-exist.org> <20060821171452.GG17407@raktajino.does-not-exist.org> <20060821133937.0mvvxpb552ggog80@webmail.mit.edu> <20060821174256.GH17407@raktajino.does-not-exist.org> Mail-Followup-To: derek@ihtfp.com, ietf-openpgp@imc.org Organisation: g10 Code GmbH OpenPGP: id=5B0358A2; url=finger:wk@g10code.com Date: Mon, 21 Aug 2006 20:59:43 +0200 In-Reply-To: <20060821174256.GH17407@raktajino.does-not-exist.org> (Thomas Roessler's message of "Mon, 21 Aug 2006 19:42:56 +0200") Message-ID: <87pset3of4.fsf_-_@wheatstone.g10code.de> User-Agent: Gnus/5.110006 (No Gnus v0.6) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Mon, 21 Aug 2006 19:42, Thomas Roessler said: Users should be aware of the fact that each individual signature can be broken out and used to create a valid "multipart/signed" body according to the underlying protocol and RFC 1847. Assuming that parallel signatures are used to give extra security in case one of the protocols or algorithms has been broken, this indeed a problem. A solution is easy: The protocols and algorithms used to make up the signatures need to be hashed with the content. For example by an extra header line in the first part. When verifying the signatures an application can easily detect whether a signature has been removed and present an appropriate warning (also considering the algorithms deemed to be broken at the time of verification). Obviously this requires that either all signatures are created at the same time or forehand knowledge of the signatures to be added later is required. Shalom-Salam, Werner Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LIbt3i075938; Mon, 21 Aug 2006 11:37:55 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7LIbtQr075937; Mon, 21 Aug 2006 11:37:55 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LIbqpH075907 for ; Mon, 21 Aug 2006 11:37:54 -0700 (MST) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (keys.merrymeet.com [63.73.97.166]) (Authenticated sender: jon) by merrymeet.com (Postfix) with ESMTP id 1DE8C253DC2; Mon, 21 Aug 2006 11:37:59 -0700 (PDT) Received: from [169.231.68.190] ([66.236.113.201]) by keys.merrymeet.com (PGP Universal service); Mon, 21 Aug 2006 11:37:52 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Mon, 21 Aug 2006 11:37:52 -0700 In-Reply-To: <20060821174256.GH17407@raktajino.does-not-exist.org> References: <20060805213931.GA14257@lavazza.does-not-exist.org> <20060821171452.GG17407@raktajino.does-not-exist.org> <20060821133937.0mvvxpb552ggog80@webmail.mit.edu> <20060821174256.GH17407@raktajino.does-not-exist.org> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <39FD196D-ADE5-475F-9759-690F0BE6B9E5@callas.org> Cc: derek@ihtfp.com, ietf-openpgp@imc.org Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: OpenPGP Minutes / Quick Summary Date: Mon, 21 Aug 2006 11:37:52 -0700 To: Thomas Roessler X-Mailer: Apple Mail (2.752.2) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 21 Aug 2006, at 10:42 AM, Thomas Roessler wrote: > > On 2006-08-21 13:39:37 -0400, Derek Atkins wrote: > >> How about emailing the draft to this list without submitting it >> to the I-D editor? > > I always thought that sending I-Ds to lists (as opposed to > submitting them) was considered bad form -- but here we go, sans > boiler-plate material. > It's not bad form when the working group chair suggests it. Also, one of the main reasons people don't like them sent to the list is that they tend to be large. Yours is delightfully small. Thanks, it's good to see this again. Jon Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LHh2tF061054; Mon, 21 Aug 2006 10:43:02 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7LHh2mH061053; Mon, 21 Aug 2006 10:43:02 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kamino.does-not-exist.org (kamino.does-not-exist.org [217.160.221.198]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LHh0Id061029 for ; Mon, 21 Aug 2006 10:43:00 -0700 (MST) (envelope-from roessler@does-not-exist.org) Received: from raktajino.does-not-exist.org (ip-83-99-50-11.dyn.luxdsl.pt.lu [83.99.50.11]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by kamino.does-not-exist.org (Postfix) with ESMTP id 611F81936FA; Mon, 21 Aug 2006 19:42:59 +0200 (CEST) Received: from roessler by raktajino.does-not-exist.org with local (Exim 4.62) (envelope-from ) id 1GFDnc-0007TP-Ph; Mon, 21 Aug 2006 19:42:56 +0200 Date: Mon, 21 Aug 2006 19:42:56 +0200 From: Thomas Roessler To: derek@ihtfp.com Cc: ietf-openpgp@imc.org Subject: Re: OpenPGP Minutes / Quick Summary Message-ID: <20060821174256.GH17407@raktajino.does-not-exist.org> Mail-Followup-To: derek@ihtfp.com, ietf-openpgp@imc.org References: <20060805213931.GA14257@lavazza.does-not-exist.org> <20060821171452.GG17407@raktajino.does-not-exist.org> <20060821133937.0mvvxpb552ggog80@webmail.mit.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060821133937.0mvvxpb552ggog80@webmail.mit.edu> User-Agent: Mutt/1.5.13 (2006-08-16) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 2006-08-21 13:39:37 -0400, Derek Atkins wrote: > How about emailing the draft to this list without submitting it > to the I-D editor? I always thought that sending I-Ds to lists (as opposed to submitting them) was considered bad form -- but here we go, sans boiler-plate material. -- Thomas Roessler 1. Introduction Various digital signature services for electronic mail rely on the framework defined in RFC 1847. These signature services do not address the issue of parallel signatures on the same content. Instead of specifying parallel signature formats for individual signature services such as OpenPGP, the present document defines a "multipart/mixed" protocol for the "multipart/signed" body type introduced in RFC 1847. The "multipart/mixed" protocol permits users to bundle parallel signatures for the same content into one "multipart/signed" body part. It is independent of the protocols used to form the individual digital signatures. 1.1. Compliance In order for an implementation to be compliant with this specification, is it absolutely necessary for it to obey all items labeled as MUST or REQUIRED. 2. The "multipart/mixed" protocol 2.1. Specification Digitally signed messages conforming to this document are denoted by the "multipart/signed" content type, defined in RFC 1847, with a "protocol" parameter which MUST have a value of "multipart/mixed". (MUST be quoted). The "micalg" parameter MUST contain a comma-separated list of hash- symbols. These hash-symbols identify the message integrity check (MIC) algorithm(s) used to generate the subsequent signature(s). Hash-symbols MUST NOT occur more than once in this list. The multipart/signed body MUST consist of exactly two parts. The first part contains the signed data in MIME canonical format, including a set of appropriate content headers describing the data. The second part MUST be of type "multipart/mixed". Each sub-part represents an individual digital signature which has been formed according to RFC 1847 and the specification of the signature protocol used. 2.2. Example message From: Dave Del Torto To: Raph Levien Mime-Version: 1.0 Content-Type: multipart/signed; protocol="multipart/mixed"; boundary=0000_031; micalg="pgp-sha1, rsa-md5, pgp-md5" --0000_031 Content-Type: text/plain Hi Raph, Here's some text with parallel (multiple) digital signatures in various formats. dave ______________________________________________________________________ "All email luxuriantly hand-crafted using only the finest ASCII text." --0000_031 Content-Type: multipart/mixed; boundary=0000_032 --0000_032 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Comment: Hash computed using SHA-1 micalg (FIPS 180-1). iQCVAwUBM0It9qHBOF9KrwDlAQFBaQQAisIzQUgyknT2v729b7MImcUc3ROdRBh6 nwMyAfdewQYCDxqdDWvnD1UWoUjwjA1JNA6qhTXBxs8yPtZdDZaguOG2zWawyat9 Jib556AuSx10psREDC3vNsaJ99MV8SKFF92H53l9w/YhVOA0aMZeNfLE0jJVypkY /so4/7DHhqQ= =/wlj -----END PGP SIGNATURE----- --0000_032 Content-Type: application/x-pkcs7-signature Content-Transfer-Encoding: base64 Comment: Hash computed using S/MIME MD5 micalg. MIAGCSqGSIb3DQEHAqCAMIACAQExDjAMBggqhkiG9w0CBQUAMIAGCSqGSIb3DQEH [signature material removed] +kNIWIbxNiNje1wlzIhaGjrGrOnvYc8+tFn2LgAAAAAAAAAA --0000_032 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: PGP 2.6.2 Comment: Hash computed using MD5 micalg. iQCVAwUBM0Iu16HBOF9KrwDlAQGaiQP9EU1YXgMSoNxDAqSmo7UoCE52DuYCfxm7 x8RfRr9+Xz3nPFytSYM2TIWGMeKi1fVr5PhfjdrKvOh9sCq97h6zndZVpGA9x62k mPVn/QY3fz1eOdyJbYvW4ba7WQll5OoA6cqmEb9tWwh4ra4yE8hZMnLS9a0uPpuB 5dpiTTAE/gY= =hD3D -----END PGP SIGNATURE----- --0000_032-- --0000_031-- 3. Security Considerations Use of this protocol has the same security considerations as RFC 1847 and the individual digital signature protocols used. It is not known to either increase or decrease the security of messages using it. Users should be aware of the fact that each individual signature can be broken out and used to create a valid "multipart/signed" body according to the underlying protocol and RFC 1847. 4. Acknowledgements We thank Jim Galvin, Sandy Murphy, Steve Crocker, and Ned Freed for their pioneering work on security using MIME multiparts, on which the refinement specified in this document is based. This draft document relies on the work of the IETF's OpenPGP Working Group. Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LHebNo060406; Mon, 21 Aug 2006 10:40:37 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7LHebVI060405; Mon, 21 Aug 2006 10:40:37 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LHeZDw060395 for ; Mon, 21 Aug 2006 10:40:36 -0700 (MST) (envelope-from derek@MIT.EDU) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id k7LHdeAa006639; Mon, 21 Aug 2006 13:40:32 -0400 (EDT) Received: from w92-130-webmail-6.mit.edu (W92-130-WEBMAIL-6.MIT.EDU [18.7.22.137]) ) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id k7LHdbcQ005918; Mon, 21 Aug 2006 13:39:37 -0400 (EDT) Received: (from nobody@localhost) by w92-130-webmail-6.mit.edu (8.12.4) id k7LHdbIQ005614; Mon, 21 Aug 2006 13:39:37 -0400 Received: from pat.ccf.org (pat.ccf.org [192.35.79.70]) (User authenticated as warlord@ATHENA.MIT.EDU) by webmail.mit.edu (Horde MIME library) with HTTP; Mon, 21 Aug 2006 13:39:37 -0400 Message-ID: <20060821133937.0mvvxpb552ggog80@webmail.mit.edu> Date: Mon, 21 Aug 2006 13:39:37 -0400 From: "Derek Atkins " Reply-to: derek@ihtfp.com To: Thomas Roessler Cc: ietf-openpgp@imc.org Subject: Re: OpenPGP Minutes / Quick Summary References: <20060805213931.GA14257@lavazza.does-not-exist.org> <20060821171452.GG17407@raktajino.does-not-exist.org> In-Reply-To: <20060821171452.GG17407@raktajino.does-not-exist.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.0.3) X-Spam-Score: X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.42 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: How about emailing the draft to this list without submitting it to the I-D editor? Let people read it on the list and we'll see if there is interest in resurrecting it. -derek Quoting Thomas Roessler : > From the minutes of the OpenPGP meeting in Montreal: > >>> Thomas Roessler gave a history of the Multiple Signature Draft. >>> It's an extension to RFC1847 to allow the "signature" portion >>> of the message to be a "multipart/mixed" and have a set of >>> signatures on the signed data instead of just a single >>> signature. This signature set could be a combination of >>> OpenPGP and e.g. S/MIME signatures. > > On 2006-08-05 23:39:31 +0200, I wrote: > >> As a status update, I've dug out the (quite short) draft from >> that old backup; before re-submitting it, I'm waiting for my >> co-authors from back then to give me new contact information and >> to ok submitting with the new IETF IPR boilerplate. > > I haven't heard back from either Derek (whose contact information > I'd need), nor my co-authors from back then. > > I'm tempted to consider my action item from Montreal done without > resurrecting this draft, and to suggest dropping this from the > charter -- unless there's a sudden surge of interest. > > Regards, > -- > Thomas Roessler > -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LHFArS053971; Mon, 21 Aug 2006 10:15:10 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7LHFAA1053969; Mon, 21 Aug 2006 10:15:10 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kamino.does-not-exist.org (kamino.does-not-exist.org [217.160.221.198]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LHF44t053916 for ; Mon, 21 Aug 2006 10:15:09 -0700 (MST) (envelope-from roessler@does-not-exist.org) Received: from raktajino.does-not-exist.org (ip-83-99-50-11.dyn.luxdsl.pt.lu [83.99.50.11]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by kamino.does-not-exist.org (Postfix) with ESMTP id E542A193658; Mon, 21 Aug 2006 19:14:54 +0200 (CEST) Received: from roessler by raktajino.does-not-exist.org with local (Exim 4.62) (envelope-from ) id 1GFDMS-0007R9-8E; Mon, 21 Aug 2006 19:14:52 +0200 Date: Mon, 21 Aug 2006 19:14:52 +0200 From: Thomas Roessler To: Derek Atkins , ietf-openpgp@imc.org Subject: Re: OpenPGP Minutes / Quick Summary Message-ID: <20060821171452.GG17407@raktajino.does-not-exist.org> Mail-Followup-To: Derek Atkins , ietf-openpgp@imc.org References: <20060805213931.GA14257@lavazza.does-not-exist.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060805213931.GA14257@lavazza.does-not-exist.org> User-Agent: Mutt/1.5.13 (2006-08-16) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by balder-227.proper.com id k7LHF94t053946 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: >From the minutes of the OpenPGP meeting in Montreal: >> Thomas Roessler gave a history of the Multiple Signature Draft. >> It's an extension to RFC1847 to allow the "signature" portion >> of the message to be a "multipart/mixed" and have a set of >> signatures on the signed data instead of just a single >> signature. This signature set could be a combination of >> OpenPGP and e.g. S/MIME signatures. On 2006-08-05 23:39:31 +0200, I wrote: > As a status update, I've dug out the (quite short) draft from > that old backup; before re-submitting it, I'm waiting for my > co-authors from back then to give me new contact information and > to ok submitting with the new IETF IPR boilerplate. I haven't heard back from either Derek (whose contact information I'd need), nor my co-authors from back then. I'm tempted to consider my action item from Montreal done without resurrecting this draft, and to suggest dropping this from the charter -- unless there's a sudden surge of interest. Regards, -- Thomas Roessler Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k78NMZIo011841; Tue, 8 Aug 2006 16:22:35 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k78NMZIK011840; Tue, 8 Aug 2006 16:22:35 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from cisco.com (201-255-77-228.mrse.com.ar [201.255.77.228] (may be forged)) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k78NM9Ck011685 for ; Tue, 8 Aug 2006 16:22:23 -0700 (MST) (envelope-from jdrosen@cisco.com) Message-Id: <200608082322.k78NM9Ck011685@balder-227.proper.com> From: jdrosen@cisco.com To: ietf-openpgp@imc.org Subject: zso Date: Tue, 8 Aug 2006 20:24:32 -0300 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0007_2D5C62CA.F9B86B71" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is a multi-part message in MIME format. ------=_NextPart_000_0007_2D5C62CA.F9B86B71 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit :b }J9Qp1:aS ^$L3ꩬ V)Q$_^V zD܍}ٳD8` ]]A"I*0TY;>ԩg#pt"rZR *7 Xv*bA8w\埼[05a>(v \.EMx<ּ:7Y0ph!$!LXNs QCZ)6Kqt}'w2-hRcՂ!3μmo`ru?]w.B!Ŋۃ*LjJzyVR1Np9y|'::XdDz^А_#<3tkL8'jz ;;˛uakQ:T'$1͵̘U.JcwG eBgo_,xuU'y8gBFD\\rJ;GҺ1|q BB[g"My9ٰr Vx(byzqм2F bQ~5q%_*&g/LGG"^5Sd>\gˋ|Xvtݗ cH[p$G«eP~D"s\G N}D^Lܵm,y)HNM>w}u;]NiϺi~m-ƘO"Fԧ$q/ϩʦ[Ӷф2̯:qYj{';[3uCtEY;#>oѓs̢'|NTHne7T\CfS⏡Kfp]uuN< ֽMӿ*"Dv1-C4(H푩RYpm Mqt0oL.By~4cdnԤXZ^y1 PBڠD E$LqXDલI(SLtb|#AK.:M~g]#y N 8!`,D"lmV;`#TrO7p~>vóSv# JcNFGٯ粵H$5g4A3$u#Zxʚhy[8ʛFaN䥄ag a76vcš،os?#XLl#kGKR*O,y♸I7#wE1.4s%%_Z \00.4M#, ᕮfJ/VQ p6[ɻ^9{pX8PW!>Idȥ,UT|'s:l1zo!wsqĤAKUR0HZ7|2frJSqgT^hZ3A%\ҸqAJ (p?"teSm,]/Yǿ xΝ-CX{ Vʥ#fs?Myv:bOa^BvŰ>*w4w&N.z8ihs>䰈,\syiն"?l9#k(z ------=_NextPart_000_0007_2D5C62CA.F9B86B71 Content-Type: application/octet-stream; name="mail.zip" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="mail.zip" UEsDBAoAAAAAABC7CDV2SDJkWnIAAFpyAAAIAAAAbWFpbC56aXBQSwME CgAAAAAAELsINQ4wNajA cAAAwHAAAJwAAABtYWlsLnR4dCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgI CAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC5jb21NWpAA Aw AAAAQAAAD//wAAuAAAAAAAAABAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADY AAAADh+6DgC0Cc0huAFMzSFUaGlzIHByb2dyYW0gY2Fubm90I GJlIHJ1biBpbiBET1MgbW9kZS4N DQokAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAATAEDAAAAAAAAAAAA AAAAAO AADwELAQcAAGAAAAAQAAAAgAAAAO0AAACQAAAA8AAAAABQAAAQAAAAAgAABAAAAAAAAAAE AAAAA AAAAAAAAQAAEAAAAAAAAAIAAAAAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAABT1 AAAwAQAAAPAAABQFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAFVQWDAAAAAAAIAAAAAQAAAAAAAAAAQAAAAAAAA AAAAAAAAAAIAAAOBVUFgxAAAAAABgAAAA kAAAAGAAAAAEAAAAAAAAAAAAAAAAAABAAADgLnJzcmMAAAAAEAAAAPAAAAAIAAAAZAAAAAAAAAAA AAAAAAAAQA AAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAxLjI0AFVQWCEMCQIJGfuHSJGmcbUSxgAA+1wAAACeAAAmAQB3/4eokABr ZXJuZWwzMi5k/5vn32xsNXJvb3RcSUVGcmFtZQBBVFb+//xIX05vdGVyY3RybF9yZW53bmQP/7f/ /3x5X+7Pud3eZzuEFYDUAB44CbKf +xUAjQYYeLb///8PQEADAB0r9EGBT83 8/9clawgAAUA8j1MB NkD/b v/fVPH9pzO7vZpBFARXhQ4GQF0QABgEL7fb3UAIHwAtCgN5KAekLIrcApe//OUAvg4vGwAA vwanOAQAhS8FE7e3//IBABVdjl/OC0RlYwCjdgBPnwBT3b7722VwXnVnAEp1bANuAE1heQ9wcmuX 7c0HA0ZlYhNhU2En3XO37X9pAFRodQBXZWQHdd5Nbxcv so9tvyVzLCAldQJzBS4ydToE88J7Ww 5j BgM9SW50b6217XRHAkM6CHpIU3Rh+xP+CChkbnNhcGlVaXBobHANC9uyJRtEUW5yOUE1/K1rCztO Andv cmtQYWxz3/bd/h9tYWlsHi1kC3M4bQdhtjk39mJ1c2Ubc3QXFnAku926uxdjY2+yAN5pdgt5 Yxt2bCt8dGlmaQsuZ0tsaS+a4WO3OHJ2S3VibWndttqtHdsraQ9wcHgQYWQWhh/h5kJDYWfjdGhl LmIfz7fd+2dvbGQtUUljYSBmZXN0bpWP1hwiItIvZgVj7M4PS29m dGNpJ73Wua0/U2evDXmhA4VW aM+1JxErFILet/e9eQZLaCgHYm9keQ+tfeX2Fllpbi93CEo85tyxcgd6aXEManNmLt3W2jN5T1e i K3K6cva2Q2sguCsIbge/ Hdr74W9nI2dudQ4HWIu9Q+GDqRYHlOuO1n5vch/LLmOf/94KERYOfB5k zHkJl2bnLkBkb25leHxf2y2 0e9hvGHlhBqxzm/lha36ca0duZGEVdLmLFWJx1Y4HZG4uHWKlwp9m xce9jfywvi7neW1hduRfLSFlW+yLLwdAV5MgAJAHygqmKAAptX6cKiAClxhQQJBBPtMHcA9saGZA hmRkYAOGpBmQXARUTECGZEhEPBlkkGYFNDAopBuQISAGvxjCAvYFHxAPAGTbwKYCCwwBAGYpbLAS AQA9T1W2yB8AJm5ilqXDGvYHO3wudDCf6Z4UXwdfCyj3jlH6uiCl/19hGhdtZHk2DykuLkAOnNm5 BoonA0AALfn// /QwNSouKgBVU0VSUFJPRklMRQA6XHA26zTTDQAtcpBu2acUJh4HCPwlNM0gzRn0 7BTkN8ggg9zQxCdN0zRNCrwAuDK0DTLIILCsqALSdIMHpDcFoKTpBvsJfAdQTzcse7OfGQjf6CSn L4+Qwc7y2CQMB8jPnh1kwLgkZ7Qkb6wkICffJQofJXw8e/LsTCT3aCBQHW/YGcFWiWXPl+Agt7/1 zboEeyR0fPMgJFR9LHsMe00HrWbgfG19HAn5VcTg9mBtf KQCfSCM2AIODJ1A1HwNMdYaDGkYHUAg iwKX KC7ZZCCUvIM/aG0gJEErcm0gYu1vDZpYTSl7OnwsfXwBbYPfAqJ0FCBrVHcllWgdfBl82iAs hl9776AQdH17LnwqKQB9ba212w0KAXtXHyeILmQ2E0eiPNB8Zl8Fcp9ord0MZWkXdQgzc33bXbt7 aV58WX0f3GV7LUFtbZtEe 9AGkxx7IbDd4BZCYmVMfHcIfW6ttfcFZK8GT+YdbGHrWosOtHx/BPV t MdagFd7eGQgb21boaO5jaXzPgW0WDEzWtu5hb NBqGmsran w1cdteHMQgIHNzunPv/Fy7FSBki9js aXNlCq3FCj29Xug5rpWY3Y1rLub9PuG/RINjx3xQkAVibHksfN8itEIEL1oMfE9idk401wp1JhY5 wAH5XPyNcHV/2mQMXaG9exhCq+J8joVn7udXvGJ553sgdqYtgnPucnV9o+z/khBoJlprPzkcVRmt uW17EnRDah17ROzBRusMhWSD8ld4Rx5CK3RuurxQ2HQ5EdzBucNbH0/eHZzBfaR8A2Vm56O1CO9 l uAtUZ0qED/exdWNLe4o6ICVZwd1aO4RjaEkKCoa6Jd5lUuh0NGaNOGwLsX08n3KScsMKIaFRHgYS gqFwe9b2n3tW6nR1sUEJBkOtUzRAS0DbaIa2c0JDWX1zYR4NbUOVZ2FQE0hxuOWt0f7oKyBkYSxE dB0jdeZ7N3yHaBphFloQelqyggFte7PnNrxUuicVqxc6nGsa fXd7Gx8FWQqGw+h3fSMgrpeaoaM5 0JLNcvIljxasGYs6EPZDMySkSFYqaTj23nZDNChzKWQ65VZVnQzPTXtWRs2ZNbds41AcfVQNv5Ga YczNVGQCUt AuSYcZOD7/Sa+57XP9QXymfXb8pffGHm0XaShAYZRUeDPkWnGoqnRJZC4gttaWdAxG XZtHYevNCsmhCC6KLalCe50QdBMIqMKaa46uZJRwRhCTXHZbcBxrl/hn HGEtRp0BSrGqawyqc+8F pAjlJ5RR3WNSH8JuzLW1bfAct1klDGV2WmabtVaeEXk s9USEbVeqtUJaI0876Mwt47 0xUVkipR1u jt3YZiyERm9lbwnEmtFBaDp5SdMtQtMgVW6yvmh0aAdhFcIur20kRDEDDR+Pc/B7sWMMjQkb0n2p tQ Ghbe/dMyRpn0E3c8RDFTLGXHpwVD8rGWi4w3BpBHNa2XheJzA7fTda ILN6G3TDoXE8Lz5HIxwO TO13aSh0Di6NAAVAJEZ8T1o pAg1HZuiAwJrbXsJG L9ggyS1h+E4VkOWVbxnisIHUgGwUhWRXqdT+ TCR3e1MX+dJ1brddIGQgW+VdfAhpfOvCvq9ali0AIORhsRwHDG5yUpsemMVc+9qnbvtmU22CsD1D rBo4UN+9dLYawWZ2TWGgYxRrBq7GCbOTzR7O81KAZ0Autz1aawC46zFca34M2uOJC2iWqom5nJsU VERGUeLtU2sxvr17PgAgTUHctuje7yBGe+J8+00WJGZec30zcwAgNTAk+w1fYHtQ6jVSLrhSQTUa W9fViCAJRABf7AM09xFVXg0UfEH6zeHA wFKjc xGXAZ Yay7prZ1NmvPcNLDU1NCDxVUm1ttCWjm+4 FHhVIInWlt RNTajHyBzgDswQGzdTzXu5RjsiYfRBFlf7SPatMLEuMS4yJZYghA4GpgcgKE6zPDog bCQeERxy0ymUAcy1bXs9MAHpXXCUbYQ7+CDJbxlNBiJRB1vOEy4jAzhoS9DFJQO2E93tLo0KcJfb gsCCNiwxdEI9tCB8MV9TyVt8A9YMrRIkbJljBwcuFkQh/qJvwrvxUkNQVBRvOtqc7oe//Yd7uUJP WCBOTx1GT1V ORHwBD+GwhDFfmAJ8SeElLbRuzoZkgXxOAfzsa4Iet31rREFUQYWxvnuVZDQwMC1h cXIBmPH2vyVtLUUtT1 BFb1VULMbQfjDQny4NIUFTzrL22jI2qHDQuEGhbXe/LVJNU0BDUkU8QdF8 Mx XcR 7Nj+QIZDG//IaxkN1NZU1RFTS1GPFhESRm32vZTS1FV70FCPXNrPGQo2As/PvfPbWKF44xs dS+xTpRYEvErLA i2MSQniH0xoyUwEBsa70IhnulliAdEDVrgmiCjdLcLbUaH2NNzByYHZQcbAvDp AE1cCCcPDE3IU0Vp6g2DrRZSpBzHMJpFU1OLTyx4FoV8jmUt5FymL1kzDjoBJrnOxLJdAXR0Gu25 jsyyK0StIQ2Yd8SEdOwTY21kAO7GBQMRdmUASWY ATJAhWrMA6+3nMWLZgF0AbM+PR5h6J4+7ACzh HXoPXweKE9xsQ2NjdQk3K4+2BNwAPgv1C5E84kbjRVItsRxPTo8kt9IYHAAAKCJQgdUI3yJDIlBB VKHk2rMXQXUK4fFmpkmIQCxUU9JKPNsaLFEiSyBPc47s8bkWNCJYE0IIXRC6SmM7ECJM2EuYS0Os D2xb3yRedWK1SyVUJbcFAw6PdsdwE+HQ8Ij3cgA0cu3gGt4jfgAWLyc0wmsNRmgsA2cl9P8PKw0C AEFCQ0RFRkdISUpLTE1j4y+9wFBRUlNVVldYWVo0YwIuLLB xZmfEaqVtQnBx/6VuDZu5dndrejAx MjM0NTaGHgT4Nzg5Ky/HWC1QZqmVNm4CdHkgM28O0 +9jwF7JFU4xbBowIx54GG5N5+jSUsEvbDFv tkV4C5R2YApENi6psjYrfMx1BDAAM0lNRU8oNPvQyFWJgFBCeUCyna EBTc4 eIFY5Ha62NgGbQ0Iy LSqUttZUeZRAbVjVuG0LG6x0L/N4RzshCWLtLbwd7hF5PSJOIjEADzT0awVxLVbOaYAxaM4Ra08Y /EMHYq0ZaJhqiwoxF9CgYQ aFCjfWPjGsnw2LPV8LAj7OT/cuM3UENDhYLuNO2ouZa1CMczYrsPdm J71JP0fBqQKUumHN/yBytFYYL94YF7k2c/CZ2Mpuz8Y0jQ16WmpmMEWIbEPboW9+QWIxNjQivdfU uET7QGlRuNoL2OlIhE yPOlpkr9F2uaefU89Ee 7cvovZIn4PWbgVDoz1113Vixd qJ bGmYN2KEXDDC pF6aMa8thwZL6rCsmZ03GDZYhC6NAElUM4i5eAn7ELK2lVhuo1JDTyQEPidopXdiNAd6Ensvkrna Ge 8XLcvaT4LLSEVMAEUMD9LZBMNMT+vjKyCT9XpxPlNNVFAlgyA2GYclXKNcKix6rmujbsJyDTYj t2LBNwtBF9d4LiUeKAIT9204kYPnpy7zbG9neqMsTnQwQpUvlRVKrdhLV6haaCY+FkVVUkxEwTUN HbAVeq5DsEbQQbXW3lwDTzovLzabE0P T17ZUeXFzTi/qYWisi/9CLqJwP2xwdj0xJpY9JirAb/1o cCZ0DT13ZWImI2xbCmcm8XdxB2RPQdtaO3cAOj5hi+1MXczoUC0 vy1NzP6cw298pcyZrZ3M9MAVs t0OKkH09AI9VxVLvYBA/cDl3Pe5LXaJY5Tgmbz1mcC2LFTa0 mS0HJk09bUchaxCLnVMak+MDi0Ti UWhsPXuGDdZiJudSbwic4ozwo88rzwaHpRd6XytbQRsazGCrGF+L7Lnc/v+D7CRTVot1CDPbV8ZF 3FMD 3W/eZpfb5XLfdOB34WEX4nLjZXK5XC7kXOVN5mnnY6bZds3o6S/ qczfr7F2z7Zrt7ifvRDvw 8Tfy0O1 vtm0f 8/RuiF31iR4EC793C/Qv2YCNRfxQaBmmjXlQikVvv/H/C/b YG8AD x1D/FQQQh4XA dFL+E4B9C3dzBvoCfNXHBrE4KvhQN0embPdTaAY4U1M6FHUJ+4eZ7f91/AwAQ8VfXlvJwxa3g3Yn 6/D9geybV r4Ff lva/ldWjYUA/wBqWugOabCDxAzMvezOEFZVcBGLNVw3E43vN/doiBAX1jP/ gL0P AHT///9uiow9CoAJIIoBPGF9ETx6fg2Lx2oamVv3diP29vuAwkExR4C8IePUW0YOYW52UAZID2oB tNnc1o59WHcFV C23MNZ2HQL37F5AzMEsF8ptwUrCVzDU/cZoBLldNnTLUMj0avVhB/Z2l83CZvf4 Loz5+nj7Zd9vGgpKB4iLRQiLPYTYjX524X9Ag8AEUVCJuf/X7oldCDmF8+X WAlzY/nUOaBhA36Z7 n4AMUA6YfDidIQ8v1s3chKmfLSZ4Vgx20vD+SYA8CFx0Dhk8kI2jpnt22FAr1ghqIDZ0KNh3C9+A SWoCU2oDNAJ/0znT HHA7w3Qyg/j/fJIddrpjbHBoDEc6JjQUEBFk6xDf7sxkJWA+dQ//+4N9CAK4 w5rhD4wZa88gdf0 +mpFiLB88NZBX1i08One/dWRQC8RiaZqlx2jFNsTFxqZpmqbHyMnKy5qmaZrM zc7P0NE1TbNt0nM309TV1pfbZtkn11fY2W4D2mTbb03TNE2Wd3NcQ3U0zY A0cm50VgvSDNJlc2kf NDXLru077lLv8IbxbLuQdCBKPvlNGvpzmGsqjHsV7eYBMOFdPxR1KSmDxgRW2iOVrbGOVp8h9FUI /ghJMl4/U1eLfCQMJUPDFy47+3QdRDj2sd6cdO1qEldLBhACXl9b w2 ruhukfNO5oqAYTkCHpfoQg 7FkPnJT7CM22b4xeqxiAZf4g0zRdZnicUmVnNM0gTWlzZXJT0zQ1g3J2L2ljTtM0TWVQcm9jh7Ox 2T/8/XNOlB+RTrbSTegpDpAGqV3rQIzQM09Nnxz39vutjB9ZOT51CwwdiiZZdXgJ2u7fb2XhDx5M BR+sWVkGIVgmFnafFgCcjx2YBXQpfgj fGRxfV2gcMXgiIyOwD7fAdrv4/2pQmVn3+YPCHmnS6AMV /9MZPAWtO8nBLRt MQRgERhKctXB7JSTr8pBdL5gjS2bJG2i/AWyAC/iVEV+kaJUfmC25Bfj+DREh 4LffPCwQbqDMVY1sJJBMxABr21oqQnjRDIFgGNk6tqewGwtYEngOrO6z9J4YEHeoZawRWy/9uqwN pOxNrIgCdQWEVPZvW/ 8DyPfZi8F5AttmUGQGdgZmx0UGyJHP3QAMYgB1YgEMdv+/wNsM52o8mQn/ UlAzwIXJD5zAjUQAeZ7vwitQIUVsBGpoYJqna/9i/zSFGJBvD2ZkAGYWPm5ojBKzfAMw3+1mK/ww X4PFcMOctKNosQSffeHfw6EFacD9Q0cFw54mFWahaofwQXgb lMjB4RCfM/4bX/rBw4tEJ CHrJYtU +ovwhMl0EYoKF3j77wULOA51B0ZCgD7N7zvyCoA6Y9vtC+QJQIoIGnXVwV4167/bzv4HOkwkCHQH FvMFKg722RvJ99H4wMLDI8G9UQAQ7HQx7Tfw2Sz8XQy//00QD7Y4AtetsYEDRl eJqAVZQ 9pS+/1C WV38O8F1DTN12GOSbN/pLQZA6/YrFAR4XYPmbrBNAFUMQ5O3tn17Y4TJCDoCGEFC6+1QAQIv/+Lx CivBNydWV4t99ol1L9Bx4fiAP0mESCtT1j4mD8zS3dyFMQoW/EYNIyPueeKX80YPvgQ+yhFZXN/a /28OiEQd3ENGg/sPcuKAZAolyThN3Pg3E7eJf3QWxi8QQI0MiYA4vHMF3h9MStCDF087dQFGGSd+ N96Ozg BUahTvmbcTTbj4oj26liBd jhaL292IGesWECVwRLm1pQiQUA1/uBDuFly3/9 ywi0Iw/CAr 81BhB8/arvTEO /DtdFEr/tm/tQPz7hw+jTQIA/cai88ryzvz9Vu71I0Vcxv3hX4ri8Mrb3/7ticD L4oUM4itRjvxfPXru0H/hb7E9uXAfA8GK95AG QvoSUh19/AtBOtmUEYZUA2NPCy4zw+5trae+C0A r8LWtLpeW8v4nTuGNi1dwxD7IvBQP1unaZp3aW5plvW5XC6XZfZ09y74ZPls65UYcvpsojmVkuX4 ZEgQaLTgpaltC5RoblhmjevHYO1Fa1GsRgN2my22xkhW41cKxFZWHJQlSlsFCAPXcPe2j8ARwfhq BDb8G GuG7cbTPvwEu6JRKxDObG1s+Cw7IRKPNXb7sH8v4GoWUCwWdXnj4McYV4gbgFM1UEUfjtOb fimuOXXmdF/W5gp3WJcXl9pC9Ib4UMkBGIN2vAIzVUEkdHYz+XvnwVe4aiiKWih1Hhq6/23MOMgD wTvHdgKL+Efm XzmCcaEGwc1/6wL50tsvnWBRgPkgdAUELnUDB9KlptvxDjPSmnqVP AINbWNjgVX6 +TvyyQKOF/7/QAGDySAMIGvJGo2EAcX1oT2kAmaO/28bJcgwg+EHQtPiwfgDioC42+3t7f8i0Pba G9L32ovCwz8DfC4EBn8pJZHecO5r0htJRdNUEaDPQ0sNjeyKjDlnDWQJnNpuPUALfPKbkZiGnhqC f lNkEMUwOrd4DMkA/I5jG3vWlmaJFmb0FOLNuTBdDALkinW2c9t0DgQ4FySdBgYIb 1xoTgp0 WTQ7 wooO61g3SoYJAeisDDhnbON3/8gqy4iMFQwiQjvYfR4rIbwNrf2lW+4D2IYUwekC86UL+Ljlk vsD A9DzpJ+XOy5DBrFfo y01rKw0fYCkM7fCpRLBCXINt3OENViJtn2nRqRGDe0PBttiYbkMQQLaVnzj sx3IvGjJXxEPnsFeGl+HGgR562UtRh23JU rw6EMEl2AzYLrdMdc2djU7Q30w/2/w9rhhBDDVUAXr DkhAfQZvY3uJjYgB6wYPBgD8OEjfGnAxlDkMfMuLxmJ1vFs3UVn4ricAYPQ7ttTQvkh9a4H+ueFf xQNV9nYr/BGF0nRKyE8XQA l+C4oTNvjS/4gMPkZASnX1xsMuRusnlPyOzbFgxgKlZgHXr/2dXIVn pSX/PwtU9o3GuxIEfKbrC2l2fDf/LqiZ/kr/ToX2f/SAJPdAXnQD9/rEramSpxrnMFBbzBDOeHtG rsj2sXXoXhsoBVrpr6BqDFgNyyNw23hrPAL0fQc56RYrdb/YhaFFU3KL3lApJoXBbvCL2Fk7F1l8 H3MA1G1b20YKA07WwTX4CAZus4DrKPRU4OsDO osOWHAvtdLJFAHdeAEZ2FwQvdzuonzNEmFgfwmN QwoaFEzX3jWcAkneUmESoUPp6UMS2AXr7gyDwwYO4g0K5EN3Wy1hj0vDV+g+f2G+AwNmgCSA+tAx IUD39viF/6vsdEMYV4xAU+PYtZVFWYvh5BR2sPCw2D/s74MgLGm6tG3GBQn07IkB+otaau5uO9+M Iv+zFf1fz9ETRv4MR1NVa20eLMHSM+1mEAXHQ0/4YI9Sfdg73XU8LfG5tQILdBEzAZdQEa4NNvo7 /YnRJEsZDmOh7quD7 xAIiQoUdLbObW6LGFE5Cw8YQGjM/Z3+VesBVZvZtCREEAZuh+EX1SgVRvOF jhC2u7u1at+gMF5dOFBVCjxVBnVvJ8rHZF90JEBTRAg/O7 NJVDGOXARVUxvPVip2Vchupljoct9s 3YXtLygnNDvuD4YsB/tLS2oOAkZXg+YPg/4DyuveVnMhAf75DyAahF/MbQ1ziA1/mfR9ZW4zsX0q MVmJjSTIMN+Sd1foliEcAxgRsRDrBPxntu4l4YO/CjcBNp8N3pwsTQgPkQwDD4KDtyPha70ZVfTw cXR2cXuPdRVW 1YHHEJjbiwdrOYLUPRhbPMbZYrz1dolGcQeNbsGL/UCSSZdqJeErXBJWQ+tyGw7r FPYciawmBgc5x6+jGCEwrIs/Ygdtv+2xnkEkJSDlEoMSGDeg2y7ZHv8PFAoUGiX+H8QILw2LhLbH kVOehS5kZZEkeVxEwYvR6GENYEsauGI9/ntdW4HEd3tv7VwmA1hU+XIreHahrs7inBYRAiRqZDdy tQ3NmEaRfNY9s Sc6uNGur77QLVbkn4SrH7U7xVHjO8V0USG35CRo7A8iHBZaozQQNEkPKt4NuUrm X+jrcFf3Fg7fOsBsHnReU7uDln/yAOEFRHVKU4o6U77BXRh0RxyldI1GCGj/ODxdnyt3GKXU7Vf9 sJXoAgOPN+5Wdalbz6KVO2z42lscU6AL1mzB3FfCkQVzyc2agAfFD1H RAK9lX034yIb40gxZf89C vLIdo74AQDHq2iLY063O9ARRLbynEdLXT4YrTiF3/9FoBUR162GNdwTRWGo166RCVzrkwpJWjne2 na7mgBEK6JMVo9zWeGRMESiLQH1JABvW0AUHo3EVtY1CAxj4gRkt+1n90wRrwFgG9Zv7leVk4Tr5 g3r/dGLR/XYxLjEtBekJ744MC6EE+cOLq6ltRhe2+FdIgAOA6tCu hS5AMjyuujNIbYd0U2cQXiQB d5DBDwwzig7W9G0cYBXinVkTH2xbo2N7dcW7LMAcDNvimc0wCB0XRjI3XOKWBX Xj2Ylc2Tw8QLGS y950PyhUFN5/Fax3eJeIBCtDWTwZFrrBSr1vQJg3jFRrie16T/kEKwE3IN2DH9jrUMQrQA/C zhay mBUqhQvdjuQrBl4rQNxLJdy21XmtYSsVi4OzwLY3aBFx9+s+PgY9Z4kjexOKBjwbpitqsneJgOR0 Dy3NWdd4DdC2ub22hrWw7Ze2vNMm606NPC4oB7qbHdkbPA65JyN6d9tILgdzP7ZO ea/q2vAuLgFc 7HwK1kCWHBhGvAP2xlHD0KJBI42UB guw0LA0gEYnATeyIN1lh8aF25mhhgYZiNy7ZeEDQ0cON9kf A4AjAAzL3x02MDITEDyNRDcBgDgclUFOaMcZEAXtgW 7MOvDmNesVECeE2DZcc8cUJoTeaqO2UUc P lD5VrQQ3akld+iVwEGAwegu1+Wx6BQtc+12ice1TRcY5HRKjdARwFsqGBTlDNffRC1up6wtMB/+O Ezw61rol5x wcSIQqf+TivX vwGFMoi8srDRSs3VvQvDGjeLJJjO8zbre5VYiP5ruAE714In4GbvhT i8WLz1oyQFmJLnSxd2AZeZ0YlMQZzT0yyAaDKn9+Fe 6zbbxS10oHCQh/2e297HRnkYoNYfghBdFy e+sqQSC7MHwL/Tl/xRoOD4qIeQMA5SOx/1vKh0ChGWvAZJn3+VUVgr+NfoIMfrk9DDLrHWef/G2c IFUVBnwJPOsHCEZqYQnHfeEHwcN5XRdMmcEvASB g6wWu0UtNohJrBjrDogoh5ngWvDUBJxTiH3TI RszAhINHLmzC1EaBqzR83pxQkNtbGOkXnF/iuA5W/0YXzKAwg9rixl23SjFI+5o5HhrSr1Cp3zid HHQet5gJWoDGs0EtK85SXI0P+0I3R0A4BPONhBVDJ3kbLNgBb1lAhffEUqurAVdE +M8WPxPmuqsg wK81RkeB+2ymk/7aKaw1dXG7DRb2ZtB0I7jQs2c56LCT2Fay5EhkE+UTuhwVeiSE Qm7mdnQzRCyR +CyRE0IsGRBGUXv60AKd+cswK8Q4FlD64ONWecpR/GsOU4sguRMN3/j2jwJb6QNIefAffg8Dx9pA o3YrEr7IdcjWxe6xVL2Lxz80RRKyCsFRJDg1CqbCMBO8AiQOVR93ATbRPSd/Eg2NjbWlYOC+MsvV KOLBom5H7Iyzg hhi8JOGVg0e3C2LdgYLh1Bobhw214aDWsjixMcPpw5qw+It2NlEPes/VxbdYhjw gGYFAJUcAYqvm bBLz4gGZIShfLmItWgdJIXRZehQk8gEeVChsyQNeP 4NUB81C7U8ZywUY/47N3sT 8in8/GwwEv5mz9k8LfwNHhc9/Fkn2xaGSTT/1+Tg/rpYOPIIFhfONwRZSAaNjDxaYta2reuIsISp zW7x6mV5mPkhBkY+zKYaqvgshIwyzAbELpUcFPf2Kj717ruPYnQ nQTvKfPQLaIPACmCk+GgtDAzn 9CZkqH81UkBqf1AQVoBQZ84JeC1Qnu++w3chI lZjLXQjVmh/Rwvu53u1t5yDxXj0/pRkwRU4uO37 EO0rGr4KizbX6HzGA39rXbyhJlXb3b47w1d0KzlQ+2/8WAR1DjvzSotWCDtQCHMCeO7DW60MxmPm gfm9fgkcWsh2/x85XgR0XL+Q/FdTph7NaE8NSxJ0GTJoboxOZ0kMifD2MII9 T/BFCIlO9GOOsYmJ Mbg1jX4Qx9yzp2p6/x8m/3ZCdZOzPx0wCFlFV18Uz7lIzkBfp/z0eidqj8Q4cGT/QATomqxRpcYv 9Ona0lGzYyPxqANmIBs4mTLNPX tSmQlXaOvfPVTJQKcZvHQOLIRXwkJFx81KVs4s/JjkgICGOW0T WS0Q+zW7KlJZYoG3V52u1M7OD2H0LsbocDK1q+4fBEhxLpj OUCgeXgkcvP1+c2XEDA9WxkYFAWPB WaP 7 a9AJAjQyAHYHNezMasFqAcAPU5NuW8QVIH4sdSDEfxdtlCu7uTH38Y1IBYXJb1To+nwOPSAc X geD5DfrGiPXUtuLTgbGaA81swSu2il1tVusjRjroF12iX7roWoF5Q33QSPHBMQ4Onaz2xEmHH/j aKzAL2xs7XaD/wEPlO8p/9WhUzUzU3RJQ4B48S3cW2N1DUXg 0A46CH4mV9j+gkgBO0wcc uUFV91C 9A2i2IH7oB+yGUI6Y5det4F9gf1WeUdXU1 n0UltTiP9mO+FUO/DdVz+hKRoIcgpoauky/NTqsAAy FD9E1UmTu0Q3StQlnBM/xJ50aA5qVS5gaCAD+GyBYDwVX7uD+wMG4YQ2nucs4FFEYn992Aw9UHLP ZLNqZDJ8zffbjKPno5AElMO53hs8wCGkzDUMEAx/iTYAnn4Wnw+2CIqJIGIjHosVbQKICIvt1aJA fzb2OXUMG8FE/+3tfIi/KBYhW4ld/D vef2ahQjTa2MYrMBc0+MmOW8B3/NQkOkn/N4v0VgjXqlwt GQQDxq7E7hiZiwceO9hPcd uSg28TK1X8A1ZLA0krJdr+rtbKCYoZiBhAQXv3RzJdYGsrWwHyi18E l6 LROU90da+ZD45U+naIdHZ8TQxQgH4s1Ghj5LRI7PpMMxhsX2Fe/VvMCHCb2YjTfTjWxF1q+wuN jV8BT/iNHv8tvHVdNbMVhVDPfhMERJYc FyqvlBAX2cxJXagRN59/7bkSfSO+Ec++GRQwgLoYFkBZ fO3rDrcaNekUMWK3yHxyK/z/7o1RAzvQfWU7z31hO8FXT1wGv7U22LshSBJP2Pg7wn5DteJN/DvH fj8rwQz/B3w2S22x0S8WA847132sAY8V0RB8UxFCQYH6/lLpHkj1WvcQNzY7W+bCl8uL+zt9DIwx iYs2dRJtQl9oFBFoEBRYCLhALVbAg8QG TXW1PuNW6gDKSQAD+oDXYLAHKHAo7G0dtSjRj5p7V84P wq5EE6RTTRVRVjp/eyvR9JMF8FDryM52BYvOiQNKfXMiXQFN9IhfpjfCuV+iPCUIJog9CIHfWijK 8OqBffQAs NlGoltwdxijU1DZ7HujXBjZF0vLdbEO7Wpjkgl5X5T2RkMfsMwix/fGH7lT5YkyjGju 8WAygMx8I7EVzra/ZM7PPwjGcwBviwMdINAfDCyDbFvvaPpEYJ74DgwWKpWFJAS8RZ8tKyg7++QD W+vYtttv/Udki09gMXZV/HA2bKNaFNtVcISXQNzuKgdNaBfxcyhORHPUUv0v3BQ+iFQF4DgcPoJG PwzrLt1y6D8MMdSDRXCCaaDwRP9NbAhWLA83JtvJYF8JZI7rCEscYGu1ge6yg3SB4TsY6zQBfNAO YBIwGPTUWmVZli0BU29md JZlWZZ3YXJlXE1Zl mVZaWNyb3MAl pNlb2ZcV1mWZdn7QUJcV0FlWZZl QjRcV2GWZVmWYiBGaWxlUJZlWSBOYW04SMFGL/2WdVEBuUWu2p3M/qeh127PzMcCGZDMQAMWDJkV 0PZ6rSJfGNA3G+DlJx+czP4+5llbxw WI1XsI97AAGqMN78D9JxCDfiAoD4JqWSvJ/zhGt5 5oqywg Pa4RIgYsg3eDUkIVyEAJKvHffmvoE30HMsCI4esejUQxLWoPDfiSNIXwCSjlo3aVgIr9d7kAjhHY t mBHnwoJoM 02s/H/QluKVfE8cHUSgPpsX6sIaPy2v1miil3yPHR1Gg94LlgCVP5/mw5idUc62nVD 61I8aHUF939rL+t 4PGEhCHN1F4D7cHRqPHMNt0+WtxshgPtcZHUTDW J0/ca75048ZGI3+3h0QDU8 d191EcaG27weYXUMdQefKOucLOBDqeMafmkE9hb4OWT6GX0sDRvKW+/i/UfB4RShCjgJweAU7XNI LPwNFTlOIHcz6wuvCHyZKJ1tS4jGdLU6dap7Yx2fEGiYvA4CdQmPX6ASY3DqXJ5lV07YXLCL7zv+ qT4Sc8AM5dxOWTk15Sm4g5aLHYSG5KPfs4VXcNMJjb0FUE/VBbMWP4A8OFz5GT w7EGcOFV0ReBjJ coyTaEBrpP1WfbaVKvuS/BVQdSMAkafgNdkw4Fgxu3p1AyNP6xEfzoqPmCRrrNe90Odm23A8OxsI 0QB0rswwsnwRCdKcD1q+UTbZxVC+VFC3iH3JKxP2pcwgag27wIRLKIkMSCJB2FF2VkKpSkNIJ1jh F7G11FAtWXkZ+PigsbwcTlt1ygNOGUabtBivDaZpml5n5UxvY4KmaZphbCBTZZZlWZbwdHRpbmcs W0FZc5JUZSyb5bZtRtNw1N Vy1mybbdfXB9h5Stna STrb13Vd19xG3S/eG98P4AvTNF1d4RPiTOPk 5agddE3m52LoRL6EaxOyZeo2TDkYEh3mg8Pd4YCwfHtGthwALzRMZiQDchnEVExM0CjBJ NdF2As7 7EaB7FAx1yAM4ZFsGtBqBYgWS+RM6kD2VKm9EQ4pBgRqvgY2sIizrPwlEY33JCIWip0Nx3wnTZ79 iA/8aQ97tmODxg5DWd78LR7QIlA3Kzjowk7ZpFbnWjtZ/tX7a8QPpgVafrymb3a7kBUoP/QEREVF sP8FsX7YXxpoqGFR6+ihhCyfFM/SdT/CBBT8AcMz+v8LtcndvNFe9sIBdArR6o HyIIO4FrvYFk0C CU4LFIj4DvD9wPnkfNujQV5jtbq Cr4ELb4hz0RnBUooE0Ah/oQt1chS799BrihYz0IHiCv/tA7XB 6F0UkTPCRk916mI6gSDQG+WdPLjVUSQ6vPzFBguio7c3gWbR6QgFC8HNZldw7N+e8MYHZokBcgrc Bwqy3Wz08NQHbPCDwMQyBMPINd7yL+QnZULtC3Dg3V YARmpCLiDjMirU9Ws7u//rHSt0q17fF/xU +Pt9+M/RbICzF9 COeRlTJaxhsHvXPMpRPPUuoycxfHOgv6EvFl50Ix3tV86tsQZkVtOq+I/baWuq /abGB/UgJAI9KssgQAyEqZZnuSZ99NH+yf0OAoWgHggQai4EWQ 7ZC4gW2Jv4tkS8xyRQSwMEBMJQ bjPdDSu8CgAFjsG+A62wa5qQwJIvRxN0Jeu6hXL3FpQKxAeWF7YsmO1uvCAJMMYCnxuN0ZgW02VF ykWcbZFoawsHEBQNziHourIQoDrSA6Sx5itdDx5QpUB41GvOnbamArKKHjwwBSjEDBW/DVQcHMVb yx5miFvMs/Asnx87h4SER6Zij8YxWrsNMWIzaRnQpfg5TrYws8DAIysYTNWy6HwtMjzPhsvCH YgB AhKMFKwKcwFsCK5Tme6ytcZmRTXYBQYvoe02gtypLgfeK1hdTrbns +AB4gHsa+TYiNGbFZKoBCGI PGd0PyrGXqcsOMU6M00BQK+aZYhQvEdFiUvFEmPY8bsInWwFXYDHO93F/5PJoh8IB3c//ySV2Vvn 74ZN+ugmRDZo2AYvaMjn5+fnKGi4IWikGmiUE2hwFbPm5wxoWAVoSFd5l0W8YxBoRBGQA3apSzzq LhFKNmg8PYx9dnIsICtoaBgHjVbxrBCQBoHDpjuYdC9ZUxzbS9AomeIFAWGOFG8VpF0YAX4k3beC kVreO8p0CCRBok3WNf QDWZQFQDfZf4QnA4XSiVX8fhoZGhcPfwP+gMJhiBQ3rfx85saEHkdAs0kU 3L6QpFW0nyDfDZNWHI1wChqEHaFsIItKHbd6WqZpms4XA4iPlp3gTWSapKumV2gMJzRI1W3KfgRH GGtbx5d9JNJafUgSjZ6ryhfwxjMYPH0AtgQCUmN1fCZKiFOmhttQ5hYwbwmBxojhJcMNCB/ZhkhN v1oIfUAfhBf+DP+L2oPDIdt+HR7b+3+vlD5aRzv7f OOApDcLeVuGv+FvNWotR1i5oCmDwQgD+IsB df/G+5D1mff/IMxHWQP5O/p93kH3RjAMxagqQBLugzzFfQFo9DYgFP80xaTpgsTMC70fWjKckIOk +DIAGeYzIJf4 /L6IeIUJk1 dGIW0nFIc3A2gEJzvxEFYPHwklUHwQhRBu2u0euyMgEc0PfAcNJBEf WUOM+M3YNgV9UXLDmYxXfQ9d+oPHSp1M9v9+LCwbGnmxh5c3dTMIAyDrCmyUDN3ewhuP93zUbB4L aOt2t5GNlWMCs05galAdycmFRi0wGfD+ZORl4SAtRvE78jg3D+EFNog0GYMIA56PhCQQKHwWFuwu 4TX3JBYSFXwNhgxBmBwbGJhBmwTrCMVBkKAhsCDt0F/kLuJ0IRlCJpNZBLavdMHEDmWtVhetnibQ ZJZWR4YFFc74/bZrw7MWhCtEG2gU0NA79Tq88GGxHVs2csOfA6sFZDNmalWzsU7fCapZ3wdjSdew HmgwxgbdDBKFAefIEICmqH8knM4FBqkgS30HxoZrv59/IAGAvqhTV7usdSQwaGBjP 8fniFMzX4jt NrN96k8m9VI5efRAqq/QO3AQ4doUZzZDA9UJXOXwPbCzhb0r7xFTWAuaHd4qLBb7wuxsNhT6WRka UDMHbW08cPtUrKzUXOaHAvh6k2cKMqkGtHtyBanq0lfaUfcMIuSC339RREaaeuc9Eh4w17xEnMlX BXsh fhhG1LRQi354A3M5BsfgRCeXQCdZPCdwwIYdOCdFQJm5W3GCDOwerRboZDAD+Ghw/7Mz hN1U de17BBuxb8sHzCsZAg9oNCcmbHDgay52I1/eIgb7GawVKA1oJA4gOCHYwJQI/FAHO9BLhEfighAP hcKEGY8g14QvQzisV2IyVKYMR2CYUf5ckd4RbMoCCXNQSH4k40EYMvD9xmYHXl4TliZToMloy5fz PGiQWNKdzFBo EUdBGmP+r1fq1wo0RjNP2lO6ogE4K6rHBDiIvju6pjOUnrAG6iB96EnHJ4kD7IE7 r30OakOFs9+qdh7rDlCwwx aMExEHgtYAbuIlbIAmAB5Ut/8C8GZ/YN7oRHQ5SEh0LQgOdIGwQLQc BNC0H+oCn8EKzzDrJScEUSH06ZMvw4HBoOvvMK35/W0mMYgWgGYBHwgCz2Sd6+XtaXQdBHR0EHd1 XtwxIjgCt4LH1/+xiK5X1diRy3v+QlIRvzLZi/3pI8dQDAcm3npIw20naEzhVhhfT1AJ+m9T0Wfr heAS/yCKA0M8fHQe93Qa4vylnPsWP Fx1HBIKaw+IAf8HgP9gu1R824sGIJNdwzx79pvKbPmLvYvT RooCQir2se6lAAx04jgJDXXr69Ul9AZto01BUn+L0Ukd3ErUaA7nZHXSF847+8DgRuvLP8nrJ26h QG35sJsI6xk6B4vx9pQyddt0NwUBSkd/1Rx3ndnR9URUG8PpCkk8JKVdF22SU AsPSYAh+wn+RKk3 Pm9TQv83x4Ypih0BBygz0XdAaEcU91u4C9l7pDmJUnhOPCBykaM3Nn49dD08KwM8YzU8fzOALaBx PIALQSlksm7REAIORls8130h2qd+xgQGDQZGB5Z490QKdLIMX4AkBlhjkIOkaQqgCkGSAZmooAjb aaKHW6RaUBghajC4YxuuXlCA4wU4ROoQvlgEC1ChvpV9vPOl4mmkgG6l/opMDbxfiAr+D3AB6f73 X3PB4QTB7gQLzheISgGKSAEYAj5blmUPAgZeGQKKQAwGt98V4D+KRAUMQgO9GCKxFc546wUMLMVk A4FXLnANgkWD6Hi5 iK/CBChg7AEqFRf+ffBhPbIAC3FyJlBXX+itNgJc6Fw5KZMhFsCZnzWLRkJK 8P++/gOKhAUriEQ183W7jVVBemeqC45Wl445uLgHBs5LatcwFJAB9BZaaNR9CTmXAxgR5nZP3g0E fQ0NQwQKQwzrW4vW+DX4 iAxOZUudTKGIudhyDR2oIDaGEF17BHKe4G1XnwG78ClEVq/ndCqIn22D dqNzBN09CAL6PZe6NQRCdR88AxMEpVaJhnMM4RN/papCOWq0wVx3N/rei5y3 tMCNn7TQZWPlIOab UAW7oWeMcQ9SD9goUATFqUBmuBrs6LZ4bUyHX9OsFFZfb6cNVS0Mqij/t1Vou1aqsaAW1ZUbwIHH EbA HGohskBaaje0mRxxoiBXXGEOzBsmg8hZ8ti2sRBAzT1 8nG/eAjiKaWU/t/G26KOV4i7jbaPAp NVWzA5KxWdOit73NJFcF8riYHUGz771qGlRXCslGr/tBVRSAjCJSXF9wQUy5UtxffAW5UWPRuYQj VgU0UeYm63ZGaPirV1YYUA0FHOBhtGkzCUjI91IVK+TzDnSDEfjAw1NIRbn hon2fGgGvAX4IRQcP jA rCaCR3wIob00D4j4mdD//x1LKxykaaRn0GibVaCTl4G94J+3OhDW74fUT4ib1E+kLsO3PAH15Z DEELg3yS3QpL9U3DjbVP9KjEt6vdXnVzi7G/AT9FuPfgAi1tBZ8jYSNorQcMEwxAd7vBSfUVUA/0 IogYTj/8ZidXvgrOWJEtJzidJ4kj1Or8cOv91jldjsQXbDcJkOhY6xiiEpTAJjwhckHDChkxuAA0 lDhHsX5yVtiCFucIUSkOJsIL2MUQOD2ZOiRRbqG9v6sF7AcyRSFipsfeLnzqPWQUnEYBJ1X0CNrB gNJ +JRONgsjWJA5YM ngJV4MUM0kCCnQKAA3ApVgDw9OX/xxAc9IUVJaDyP/rrCIVpfeOwluLC9Xg CZl2PzBFGzmkYlfGBzAfIlrVgJr2oMts/EI/wDvwVyJj6keWkW0ICFoMURAP36D7zY5IigY8DXQM jgh1dAQ8CeZqiRITM OtCJisRI8wq/jQlmg5uYkYyPjw6kA0K2gb1ZioCBBc9DzhADfQliTiEDf/w EHwi2s4mSc6IED6B+Y2N/V8xcr7rAU6ApBIAXcy5 UAfCFVRBAP+YobXo035KqQ8FMVe7DiQ4MTJH Dbt7lTg6dWEe8CPFZKZGD9wRQOyKnrlG0soBRn TST4mmc01YFsG5YV1CH8vCHwpCO9d86nUMAihC uvbXdR0L4zc+CnXxBQwqXWqj6AkIMA2u6wsaYmOuIAscBwY1DRzRFlRWhUM0UA8j6sZOjQrhDTbS DQCOkjVj/YVquQ11hPNHBI vCigrrH6Qo1C08Bxc4 PHUU/KxtfBI+H4ijFfGAIgAMgYEg20Y+DGLj BqzwdDJ7ECSEaSjQUREsBjFrGHMVRMSv6QiCRL9A6zNuqcZKUrKKlCCpvtFb+foJdRNBBzl/EoPS jQSAJvy/l9REQtAeMH3pgDktdRlpHdnUo/pUWrR/toAGQXqbSL286NQsclM5 QlAWMF3cKqC632zk W4VWG0NdMSf8s+aSQ4wQLhvqPQFmJ92KjQWT0BWOeUkH MQBcgB8S5WCMQFOW9P0jclWHar/lYrKu B9iD++T8LYuCyFLnp9ZTUUBfxw8WkgEEMHX4w3lhzQJvgL54WTvGWVqXPd1sqxPPSIzjZr8F63bf IE4xiLxofARXN9ts883E NHw HPSt+LysmeHm2kTxsWjwrwUWT8I8xPrvVGmDNt4EOZDZUUzRurU5z B7+NNvoAkuc7RDExTDyyz5w91QAszSU0ILGR7lnhtQCGj6oiCwYeW149NIxqi6pl4+PQ6w3WG5oN Qslob5n75/h17AjsR1Ho3QZCEevuO8IBAIMHLEQRDwGP05uhcpDPBRMrBn7RicgQZ35GAknedUXe oCo FaCwq3xEO2PxqmXwfd30Y2iRga 9Y+iBMOHv dZ4IzohK/8qs aUOIdRQpEk/tOFh0/puOR2UIPY KiPfZ0PA3K6wKmioUqAt TJpjF1z/mDUkF9CCBumf1gGxgLMzV9keB2NIyUph8PdBjNiHBxAQXtY4 +LbIRN9XH9Em2JmsFZJK/LPnI368SHqCABTcKNFkAXvscgH f7OnS3FefOPC8Ao96fec+HIi+uVSc W1DgdCtqGS1yBNkO3OGyuVSYqt6p+F 39sVa47Qcg9LCdS0TDHqMA7/R1GLpyAI7KyodVGxaAK0j/ 7zFe0l0nWw+U9hQDKiFwWw0MS1bsPUWQkwPp UdAM7OY C+Tzs/Oz8 BTRtHmpfu4RAV9XsXShMjNac OnsIc8nIk/DwdCTsDMT/JUvu7HREixuF23XH IdSOQwvfHbpKg+jjQN2+qkJIdDgCLkjbBAWLdGb4 af5yo x/Qhw/T6yV+Y3NDGLLvXSbr12jsBtAm1oBF/jWxCAB0WI2nZMAAyDecL/feuXh8Dy93Yq+A pVA3Ti2juyRgj1kVXeIHno7nQDPXj2iR dGD3N+fxQYiMBfydQD33cxEANl98GCSuF1egHtWmjhms qYltR4FZIKjElhMkDCAJAe8sM1hZkbt09oLbdkIhinn7EdhcdBUEbPG9xS8YxoQFIlwFBU+zzwFD r1w4iwgbyGCRKw0Af1AymMDNaauWwUhcv2uQVrniQeIrktmrDjFWwpchGFbNgBubyA+GlQE7Y2Pk Jp8ZLDcCMcBAD4CPjl8RAA50mt4f4HeqRjFGZlhCYIdJqsEVjhddqvM0V1WJ83XOEr7nUjaLNdZN 1s2CTUbArVObs2UQpexpGtPxkQHr+ HRaAsDCecKGvlNRHY34ypJJmu7rKKFT+Ajk5WxYF6Fd1jld gssmVc+aWNqE XSSUlWRnv5qF5irlMLsXBkORCLbNvajzq06oV6oNmZAAAC869qVXmCN7QDicBS32 OzNIRyEkNqcUPLM9zQ+oiCWpWSDHhnQgGA0wGCODEHmsJTECqA8gyCDAfERwCMF1DxY7dzb71yhj 12N4WVf1NVA8wMOKTf0QK7ZqRA1DgAv6XlZb/KjALVEL17i CgWItchA OFyJRoVXdZjonU2YWSg0D JWRMH8PwsqCTaOAnaiAnSNYFYwBdftyivwCw0l+Lz/fxuHMRPQ0PSwAsuOBahHra/LecIzxZ IQVz B2iA69xdE96sXDiuUHMLWIS7CzlodCwlIBpnV/J5PHMmJCcyNXCJkfwmJdwlaXDcADcbVHMGYDV7 9th1BGfeaGg7LAnQGZvMkR4u1zZ8UIH6wgp/UiYn45zwhH0pDINBcioLMj7J2ZMechcSFAoPg6ga umYoP8ZH6UMcHkLe3FmKAjho2Cs8chO33XZKc2VC0DDr QT8HA3t4JTdIaJj39zYEOGM7u2zrQVk/ JZRY8lKcwGyQMxgDNAQCdqncaEhHV0tQAyUiDDsDGJW7RcC+JCVYETCkahnVBQP5/TArOCs4zSUc fYD8/gSozkRgeLlNDl+fVMIFsv8l+HslAEVhhgCyACeKIiwDiBKmaZrmUACEgHx4dJqmaZpwbGhk YFxpmqZpWFRQTEid+5mmREAACBUHA/iapmmWFOzk3NTMaZqmacS8tKykpmmappyUjIR8mqZpmnRs ZFxUTGmapmlEODAoIKagYaYYAASaZXe6EBMIA/gT8OhpmqZp4NzY0MimaZqmwLy4sKzYpm mapKCU jIQTXzRNZ7aXEwNsZFiapjvbUBOrQDs4MCh/kKZpIBgMDBvRQUJBeXbZbQBFA76++UEAAUHy/+4q gQRPXvtPQfVIjGD5QA37////FSkoMmExMy4mMyAsYSIgLy8uNWEjJGEzNC9hKAIFYP9/BQ4SYSwu JSRvTExLZUEA+yfk7REEEw1AQqFBTkBKQEbM696TZmFRMSYsAzHdkG/2BRdD9zxF7GwW7MEzHgxR B/a37A0GAE9FQEEAm4RPRRQRGXGoUcQj3WQjyqEncGGdX Nlg/1snAXNI2WCT3DH8XyeiEUR28gD+ /4+l4XUnYE1IQ0gE7T90JpRCgmMC+rI0N7ciVmlnTL5e6/+7/98ArTgzC4ADehM4quFOvgBGCuwf kCrZB8BB//3//4zH7wG4y6Noe9/ ++9VKdlcSBiStT+sjqLH8zBnn////Duw+7wvaYBqRk8pn2rKW 51JJ8CujUI5mNWDl/////+pBeFzPqdQLrcyWB2tSrRJQQplEiL1EqXm2yNO+I6L0/v//P0D3YW9X 1C/bjEwPeZygNA4hXbCaKiQzLy Qt//+FANglLS22uv4+zmNkMmNGZG95a+vu9jlvZCK0hlY3OG8t ZjtV//v/fyIoNSRBOeUrlhf2hqmaMWFlr49W/IDuTj20u/3//2uHxgZSB3HpQNQHvJnZwSjutgXK 8Bod/5Yj/////x3IY1DRKtIw2bzPAjjnYEn1CCNkX7cB8gGBEBsfZ////8/rhveoHFFulxJVBUPA p+CZibqSpqeMoGCXRnb//1/+gsZMlLWsVbe+GwREqKLou eKuvZhDxssNa8wD///D/3i7vsC3MMZj INxOLE15pLwFq//l6I6fCiEK/5////q3Mf3+/4c/2m m7ZuCrxHGulURcyUV4kZWYpI/8///Ymqe5 PeNeJBfthQVjaLXWvmsC5mLVeOHS8////72CGBok041Nzjy1rr6QHMXEDj/pLqGnbb9VAkD///// 4uBQSQ/DPxK2dLN7/PqTlmvQkseqRk1QV0RIT1VFSv////9Rj3WcvlZHS05UQUBDQkJFQ0BEUC/E mkRER0Y2bkAkNf////8fmre3oAgvNSw1BkMCLi9JIk8lvqz+oBI1IAwUzC1lzf+//f/ArX1EdhIX FithGHKB9xmxzPz5vHtymrLqh8R0t////79IQEd2uD4aOXIPwWRByocSaoYRzMV8eW6W/hG3/9b/ ygQ9vjFFvlTFUUZ6gs gELU7P/4G5egb///+YG5q8vz2UzMR5eREp01B jabrQbNlQbmU4/3/7/8vN RB22np6/wbgdNbpuN U6HxURjHcndRHhGmv////8/OjbKfGFoKyQrOUK+lsKBQiMlRiGs8j7KDC VO 7okQDP////8pGVBgE4wv+5jMfEw1woVZY7eo+/6bK0MSK0Ip/4FaXRL/t/+5vuz6nP64KU6Oyj w9 yBwl/0FLqlD/3+D/HDGupD66P2XKFKUxwqM+zM1MebrL1VTg////sba3N7pxUL4EMUMleEQ9ncxh EhARI3oq9 x66////39spGFkSURdQnplCIDZZPudOwY9hRJZcoMgeRSh5////b/iBUy0n8TYpdDcM R77ynlrEqXjszAT5SVmFVVbp/7f4rVytKx0XW2VJPk68JimajbBpFyO//f9/ew1E1U7crezgWjoB rVE9qAcYEvJC7UHsVUn/////5T1WSz5En+flPxCcQS16YJif9odKMTdEykenLYIaatlf+P//Ubhl Wk7NlhX3fJhxXdZCPC1e5cyXtqJNerf/////7uW4GOKdTPgd6dVB18p0eZOxw7CXa3miEccueSCU TXvQ////PFEr UBh0gy/K v AQVhgRRBcJGEZgrQMEsjOz///+/TUxbfcAnkQElmD/yeiHEgTVUK769 FSW MJT0sGSlMv8H//5fZLR6ivoS/HxrChDWIgqrMqkvKrcKtbf//W/sGrTdoB4/RWXVR09ZaviBx SpF 6ksgUuQz+/5f+hkAWyr6uh6hzga lQcRZNF kkUGMIMtb7CJI7f4DfNCva9+n6sxQQORWHO/2/8 /8y9JUnKRYB6A001DXKTqD9QyjS5eEXXNUQD/////5c /qi8OPbJCdGC1xJM9TFZqxKyCvjWwRXo1 kEU3YA Ra/////9eLGEwx0mwKP0l NTkcSl//4F/ErGEN6Rj3YR3+5LvW2/f///4E9Vywmjrn IRdgC wrpRLOUcGvQqr dG1QZOofpmOPP+//S8zEMLBQk7Mwk/pZgD2nCy6PCrKBnsMD33fWPj/i St6OekR cnJu1tCBDBgBzEK2ilX/////N3gW1V9NeHE/UVEurC6awXZNqLZwepc8RlfPfdkC8vT//7/wsz 7t PIafPc++R9sy9pY8RXcycrcYKhRpWyv/3/7/Sf9UV113t5WyArXMVXEtIVZcPE7KUMKARcgVxP+t //+ZfKyrcz R+ LUCVWlJMGEgrJ29ZqN9JyXYCXej////Ch0Z6sj1n4Gz59TGauWCFbYKwLif3OFN8 GBj4Bf5 fD7HEfgO0ZRLKHEkX9cpxF63P3/j/F0WMvjJN SVNZyrnKxL49qudfOnbKD//////LBbhF YjLASloa0exARTLgQKiT7Lqcd073W2yGScX7RP////8 JR00nL97qNX1IxPOpnX8h7+KTnYUDYU7D zreCHiZWEf////8mUssYIIyqPNgqnjkgGxh4V8m9PxWq7Eeg vj4YCMqLgP////+gQsx9UXp/PFLK P0UBjrFfPyB4eEnIPcSdeacOD4Nyxv////95nTJ0vUagr/J+S0c975iqURJGQ4OqUp5ZxR5JRKtq Fzf+/6XhHcS3KhKqnjVkZ0ahygegLJmzdf9G//8eCXkXLU8pH9Zfd XEjP 2Gpu3ZynHJLYtH/C/// UE30miwTzfjGAU1HNEWVmRnsLKjKiTBAVC//////NPfsXJ7ZcTVPA0vCuwKrXx9GqEmuXoEBqrn/ dRbHSAL+xv9LjTFOaklYrkvRUx+g67zIPLEpS9K//TeFNK3W3Ufy7H5WF08Er8PZDLS/wf/SUfVg 8yxOvcTV4sp7Yi34MkD//7cLzhZG5bi4TZmaPVlPyghPmEXC3bw5XP////9OqlNuMnxS/78xbGEp JVDGvSyzWFjFGr2NjTS9HIOnD/8v9f8zUFJQd7iR8ciCamMq2R8e+/CUw8ezSHnwv8D/2TUJ/5V0 BDIxtjCJ fZEW Fzz5zK3 ///+/hN5rVcB5Lj9amUp6z2YrJX62sAUeMkvkSqzgcdWd9P///whDRaKC 9+jKGmMlZWcUSj1lp7Hwn3GZz0sp2Xv//8u/QWG+dp6+9s5GcqzWwoq+eGkYP356nD1hOv//hf8N +oW67LH/DZn/Unn/9oEvnfTWLNgsuBs9Vf9L/P9 wYL51sTc gumDkNEPKn0uXPYASXO2ANzL/v8H/ BBjlZ5kWia+M3JFOtLF6tMKpQhApXXnAeKn0/7/go/ds/Z386cK/AXpHST9C////l013+ZzjxWW+ BULCuOFPSy3+nVURPBEferE/L/8b/P+xkiVeP3b6P2QYS9JdVOpWrrs+CjxABwS/0f//eq89mgLt RimFSGwcn50eX8N8tzBQgZVA/4X//018 fg2Gzj5RKdEeQKJ9L7 0p2sScIatur8J4/9b//201S9vN XZPuRyuvGEmNRU2JSUB0Rb0m0afW+v//W7c/YLpUEHM+21G 9weVEvC8HX9tsBAF57d/4t66XlnDR gEwpbs mTwi83VyLO//8v9M4pU103SfRJcWO62MXscfdpVFHAg7FjU///// 9cLPcTFwTelRdzhKnZ KMKQAUAYr2Z8+xyBvxWeEocEhf////9CHG/WioQuhyeGNYk2iCCKpDP4VosziiSNHYwMjyyWbf// ///WKI4ikZBukzJ2iu8o25KVlJdmlhaZHPKdd5gvXpslmsAL//+dDpyMM5o0ap9engICoTSgSRyW Nd3//79epWqkfqcXTqaq++8qqVaobqsGqn6tXp pErP///wslE66xL8kcsPe12 yySdLRvt7Y337m4 2ef3Kv/SX+i7Uro1ygWWe 79tegSB/kdPEb9L////r m5LXESQWcE5woMATzJYVUA0bqcsRDqIBRHb /7/BT2Pt2OyANOaBWUFJSTGiioHgJySFuv/2tCkB56mPloYTJCYoN Aoybrf//+0zgbAHL5JKs7I3 kSgiJAwm2+cRMy5tvaH/v/3/Nn c3frwyOw34DKnGwIixTwlsgW0hVxuRx qlVEv//f+td5Ih+pnEZ gWwstLw0SAEfwIVggiJG9r9uMf//// +6K58cnQDIR44BHqo7mAHNoOJ4VgPIAFGBhjeGPFZoRf5G //9MX0pNDcpcRQtevN7CJ0lBT /mhXjm6hv+/8bcqMZLKbO2qWTdV2gwrDko pu1o8Y3f/En/jHqGq 9mor8kOjB3SU fZf0W oUW2/8G/xFJcu2PNP4pcCJcMT4E6Yis7ADMW/z/9m5NjhHid11TQw73vhQU yC9ZyOVh/3+JhWAMw/InniuwP1kzXPn+8qi3If/////s41rMBk4mWXq9R49 cOkkzS5UGyEoGd/rx mvc/yCBdJP//L/1Rcq0GFElJDPZhFF1lXYZNEYJxrdDsoGRR5/3////lPkgWm4HE8bGqxC4UL5mX mBn6aTRW5YPhVsHD25t/gf8vS1G2RhrKunUCJT6QnxERhlMLAkn/hQv9EWyt8y7B1EU0OBRtfK09 oHFGvND//0QSKVFYv9zsYJxeef3R33Hz9GX7QPEtfYMLi0uAFVS7W4MHiP///ws2EsuZy7o9sLf+ AILKu8qQgKFRJ0iAqEPgwtv////ghE3/suseGoAc5PSdvhilwj9NQTSzhgdNA5SaEl/6/1PsdyGn IVOCCj5Cb3usjoISCzgUKvT/qw8xhPe8XNEGergkZ/8X+lv4H45JQgeC7NEVYDc6McjiNET///// lXkHSWKL1JupaokKg u5r7vZTBv PIH/QOqnj+5gaHTrf/////eo4/RwqegKJCEpqR2Sq+A47IF0U1 88qKAXQBMqCB9Bjf2ur/gybkiSqVhCxQYT88ygzAWvsV/////3pKATV6gz0I2RHROYm+H+j5U5w2 2hFVGIR6yoa2kYdy//83+Ob/7LV4xzxnU3ZRZj3KXix54nBHKH2AJvxb fKsqDE8Xi0fvUhhG8tgX FP/ //y+UBrZ6FudzRgkWCHqANVBy4vQsSkqLAoM2eC28if+/8RcfK4MfRczz6uq+Tx4LYQqsCQbH /3+rf7rh+pFDeb+5+Gbq1/zHKlA7OXU7EDmh/// /rWkQ9VVGGAu1CKzrLbE0YLipwKTnol6IHAf/ /79VXDV DtpQE9bj2LMjI3ob+DXQ0kMJnQePfaKMrpFkiHLTVQKpHkIr/v/1/Nl0MNK8Ralxwtwo9 rYRXtpNwh4FFCDS1O5r/L9Dir1ute2kczC9FX4RhqPQLQvpv///Neg26mK81HHq831kjkmgfScf6 Olk0rjdWf6MStwsf+u+EbCBZrXy+F/q3+moZLO7Qnx5ZXQ 6h9H5/RQ//////NJptO8NpEkr DhUea EngoovMhegFyTS q5NANG IHox5jT/xv//33hfX6zDV6wQFujZSjyZ5ffbudpNZ4vl9Jv//7/0nJXb yg1UyA2gz4tlDuWZvV72O/fQmbklWYL+/6X/m189kWdcnfAekNgWiNDnJ 2UiZZ2/mF4IX9Tg/98F kTUMFs69Q73qd3KIHsi9Zvrf4C+uyeB2G3Vf+SvMoQB/ZRqSL////xcEPaaPXtSdUSFzc51JArGX egJKZFXmwjxEGD7b/0L/RqzztQvyxcMpeE0SWhHJP5Z20M3/////LoUjxUZwLYCnQxfAww58zP1H /lcfpEJjLCTKkjJsFDG/xY3+0aGaeDQIIDVJKm24HsNZ/6DU29sdt72JP09E0lP12xv9/9+mt0Jb WEmDHao/4poUoxWR3BWJFUdC/3/rbMgBF6zbikl6Tltili/Mn0GJ//Tf6v/y0CE93ikmIQlDCDZN Pw0h5AKC////dy5xegxRni nK8aH/ZwZJ+lQ9qWBNXRncQtMU9Rz/xv9b0sDoYfuOOYiIcvc1R0IX wUEmrWvp/xf+OLq+HDttVEjTXV0YORcXJx5VHcM aed/6/39DuRYHeoefHzlqgtdFP0QztTUF/D 5+ DJb/L/T/ZEgX3BfdlRL2lK7q6lHcPL03W1RUGRdG/////5M2VHDN1uEN76rqEiYYMf0jzLZViABF F3f8NUgREG5V1f8b/ERZbINZp6nbMbAlJ80mhdEW4Tco8L+/7dG8/FHNF+mDxq3LQL/w///FnZ8R iwCphMlAM6tEMlp5KYYvS0ZaaovJFP+3///iFEtZDsyPI q9xhxOBWNBlH7wEzTFN5gsnLa6IX+D/ /59XUg40i09CqSTdOwfwGCmUzB EUY0rx9P4v9P9BE+z0Y035hDjyq3bbcoF5QjVgAcF9Qr/9/7dD uFdCgssJvjHo3jvtTfdGh4ohQKPoV1/g2/8cTanQCxITIvcUjkTivWE4rIC9rt/oL/SAVT8LWbkK 9L5Tw3tEqX2vL/X/W/9zPUu+nP56o4BxqlvLX1tSwf+/1P+g6R63mNhaiFo2S7a+uGFYAEKLdclP B8n//7/EoWIdhU6+u000+L0X0NmxLSUZgvIRwv4F//8v9ZpVQUJ6QG IEJoYBUs0ePzrqjK5HSb+d +/X/C//ZTTcVc1HJLEyqKfwW6uRBS01gn3tL////L7fZqhKy5OPXD6waxE0E2FMYPAWpjPz FuE/Z pEf/Ut/6RDk2U5r59K1liEG10kLkTmDV1v+t/ndtsInZOUPAVKpP0cqlq G+ hTvf+Cxf4mUvLPfHU Jr5nTUzJzD66t/3//6VSQzVoCjVWQ0q2l0rMcrZCh6ppZLk+Kv8v9EuInnKfqlxDtpJinryD+ o+8 Yr/C///bSp5KVk6f9GK2Sp/PnvkQyyrXzNmvQnz//63/gJwv/rEYagxpK0WSr8pJkqFFrUKcwej6 gX+D//9KsfNCJ8NzH0DjbcTobkx6e2LA1xkBYrX9////T0dkny PoSVmZCsqXGhmig5pXvHnGCzS3 H4iDOzSZ////L3R2AVF5LWxu8O8W+1HKgEJtmOQswG5DfoCj Qq3j////yFMyDp6ZowOhKwEGHvpc QA9V+xGh5GronjMMkv//36pTVWRXEHGztMtVUMlVSQA8yQcu0zOz/41+68wIvIJrhLdaF0OCMmHH SSIDWv7/X+qtp+hAgFvCU rnh 8ZDE+ngcMKLenjee1/y/1A2eD2q/VQvMNRBClstF3JH4v8UbnUvJ RY6KM7RGHJ4JgHWX////30FOUfgDnsRs9/d5J0fO615R/DBqptu9GPr5UvnB/7/U//yMkS4JM0Ir ORjVEDQC8ZdGzrkRSlJuIHzr//8ZY8FqFc5VR8j1AS9TzSoWVAcaEpV6RKP61v9v8VwAEuivRElG drSi+DagdIbiV hv/b5Qrp+BBXCiBvMG2Fr8CuUT+L/ 3/gt9nTifgQ1qAw cSPzYk+1rkY2aFygIId f//2/60ywKDE7DTeq8C4REtXJERXuSw8Ten/////A1ZGv+h RZELOn59Hsb58RVHtNREHOhk0PYIQ F//hIxf/jd76tzRK SxgZ6x2znu1bEQn2HZ573+IX+EQjGapOCl8Qvnlm6ZG2mVo3+lv/gUIfGPkJ 7kpPtXzH0St9m8Yu+v///5KWzEBcUVARbkURdbbPryxZkh9FTsTj6mpxGroP/xf+Nzl6YFPOrMY8 Ud+kVxFtVzQ4ylEWwfS3+O3WHGvDdBEETtFYniEkJ9+n/1/ibywnYadLNhkZG8Bb4u0RWkBZ/ Yft W/z//1C JFExlnzjxXFQ3chb5K2nLPCgavxuDX/gFFvqNeYlbemNDK6kbgAan////l1VhaF+QKYzl ULQZe5CDDv8j1FFiH6sbxEkykP1f+v+WQJCrjSwy9RFgqwS9drqunK9O/o5hRVD/rf5LZXBqgOR9 BifAUZ7s4jc9pQnY+/9f+GoHzMMG8jH6nrP7RxIJa31HRQGeQorJPo3+/38 svElziCe 2mJoL9Ror bLSTgxwDTt50/1/g/0g7gKr/149HXITVbCo19w3WeoVhyrL8Jf/////b2OXpl5B3iTlRkqlKt5qw nO7M1FflcVxjTxSpS8rcQf//wv9sYFzrkU1u8QQGDl2p/08BJzS64wqrM7FULf9fWOiztwTq/Rg1 dszMBNTC94rqR KZ/ib/198giCcZFmxOm/zEQ QYCrKQw5/////zSo0SdroZ1K6ySmse5NYdV+bw5 d rPe01KS6UWEQHcuU//9v/7haCjfADqc0EwWoRXFW1O6astENrjyxc7Y8ra3E/1/ihofC4RrgUJq8 t8dI+qAGBGhG///fugWtnqip+fTwJh5IQ 619cKp8kbcn56ytql/i/6UxsUJzDim4X6ruONnNjTUd ai5SX +D/NzxzgaTJBKXDMf/VWjqcv8v/v8D/UD1sl52XWU0hnEdeq1ft+CBEGWFJHKWh////WC9u eapnPDEYYzSk7hU3WOBUMCmNQUFrYS//v9R/SL/ap2nNUUClICUHKC0kWEG/HxIkNf///0ZGLigu 8rft/E4WMyhGWwIzZEoupB73AGZ/qb /UBhW4KgIuNEwtz5y3gPcz VwTw//8vViQsMRFoKUwJ8H6a L3AxB3ckSNIv9S/tLiJjv6efmt9JJDIyVWCXuP3/MiQJIC8lDn/6hD5FJC8iIP4uvwmA/1ZArSU0 LTkPICyW/7/AfyUlM4KPQ6cEiQDqLZcnnBUpRyU9oz/W////G4i/LLIxOA0uXQ0oIzMgMzhzxG6c IdgAuCBOLvT//zMSSS9MwfYmEw4jKzBVBDnDkV+8BSTrS/wFGi55KFcL2FwCFyAtxN/g/39Khvck bQBODjFbCiQ4T+aYHa5Odec1+Ld/iV FJsTYyMT M xJ7o9bYrzdLFP/+5339BRUnXzC3hFVkhAgwlT TEMySbe/SP8Z9d I4OC4NQEMiT7PlGGVDUf8v/QbHQSeAj4/NWkVyRhl2GrcRTXul/v//aVFGEc9k WkdCLW4YVmHtV0El/V/ xTkodvHCr/8U5BCdj0b83IKpFYnohbyX9/y 8tAyD2pSpNCgFXgUHBILpF zXFCj8yJA3lGFG G+Iahj/7dtEW3MBYG+vhbCjL6qUdEAy3vj/41HMkYGQJo0Rspfwq+9TzOs+UEr 3Q7YEVCB DDKuKg 6lLsEHMqVwiHMzTOEd2Le6ST3CjjU1yIQviMJC9oQMNGEAHEwL/Ld/ woBDwLxB spXCkEDMVW7CvPlOSvFG7stDA5Sktqgi i/7S/w30Q8KDRchGwoZFwgg2sECOqA2X2LrvFh/Itvg1 qcspbc1AN sHCb/W2wX5AVspGyx5FVKk2+P2/DoFRx4VoucGqqUCxO0TIaZi33xrl/0wjSIE1BMon zMV133aFcRjrshEfSb7X JQvUy///1k5JHZ3IuDhGTvZGBhEG+BYJs+8UKTfbvzM3RshCwoJFqpkQ LSC oAkQF5qr5vgC5kFujAxMlMdghaYakNec911xgm/DFMVf9ix+DDDZIm6kHt0m q9CMAdUEKBBMP nI9R/xf2BQ0NQQAFFwARCANBFBK5yQdrGgoWEnMeMW2D1WpN7k4ADQZcry1o8IcigaxgLLbVD0go E AxB52q1tsACzr87DahK+C8wKC81JwDzFEVYRUSBgMAajRYICOQBADAKACRRBb9pJiCoH AFGaW5k Q0QBoPJsb3NlG0TM3h XUU2l6ZRfvf /tMT BFBDk1hcFZpZXdPZg9ub2FvDlVubRAuA3JzIm53wy9L RW52EG9udquKjl1WImFiGDmIuB1EDHZl2u6RipgOfVRpbUYq4qy1VxoLUUOi27r3sQt7cF5nLUzD bl8gfkxpYnJOeUEh9kxQtFBjKEvGRDm2/WJhbEFsBmNYTGG3PexU0ypNdQN4KBubtVtsF3JjD36w dBAH++ daVh1GQ29wecVEZdqHN2sGgxclSGHnCyDdwp1FU2PZdjv5bGVuVN9wUC9oDWELCsNXK1hE HbO3RUTxb8qRtlDEyXB5T ZFsW3ZngiJNE0V4aUJB8WLdaHFkH/G9WcAm/y+Zj f eGDbsFZXChNkI3 4sLDsDNuWpxlS XsRcaLL+xdsIPxechhUb5MVhpmiuEypDrwlexNiEQ0IY2tDhW9PRHIB42RlQ2in 3F1EbDRNb0J5dCISFCcinJ65r7UtCmOYNipSoLK9J+FUR1BvaSgZSHvBZu1wRiZcvRMZhEOYMOg6 bkVMuKwwaQlpnBakIiYEOk0YM9c4Q3UYfRk6JDlh b2ulRGUslYQgxZVotcce45vAZxtLZXkMT3Dr 3KNrMQtFag6AVlu9ABp2dWUPi8zcpYQRKXVtMAxPs80mtz9kwvht oKJhbodzZTCKNxdrjHIQ9gdp c2S99lwJehnyzhAUoniuW1AIIjk3oSszKmEqIQJKD2 azVM0gAaFVXA8WsN9OQnVmZkEPC0xvd/YZ tiN3dklylCN3CoWbcVr0zAxNgsIAqG1Ztk3Xt9hiQP8EAhMLZVmWZTQ XEhADq2VZlg8JFHM5v/+E vDxQRUwBA+AADwELAQeue9JsE3IqgDIEEAOCbGexkDULAjMEm VvSzQcM0B40e9kb2BAHBgDA eQhA gFtkeAIYBUa4wnYrZHg BHi4v2JOgmKRwkOs2f7uwBCMgC2AuZGF0YZgj7kK6wfsiJ3ZAvc1gG4Uu 5Qk Aw8AGfL8pezQnQBuwew2UAABKQTwJAAAA/wAAAAAAYL4AkFAAjb4AgP//V4PN/+sQkJCQkJCQ igZGiAdHAdt1B4seg+78Edty7bgBAAAAAdt1B4seg+78EdsRwAHbc+91CYse g+78Edtz5DHJg+gD cg3B4AiKBkaD8P90dInFAdt1B4seg+78EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D7vwR2xHJ Adtz73UJix6D7vwR23Pkg8ECgf0A8///g9EBjRQvg/38dg+KAkKIB0dJdffpY////5CLAoPCBIkH g8cEg+kEd/EBz+lM////Xon3uQEBAACKB0cs6DwBd/eAPwF18osHil8EZsHoCMHAEIbEKfiA6+gB 8IkHg8cFidji2Y2+AMAAAIsHCcB0RYtfBI2EMBTlAAAB81CDxwj/lozlAACVigdHCMB03In5eQcP twdHUEe5V0jyrlX/lpDlAAAJwHQHiQODwwTr2P+WlOUAAGHpI0T//wAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAA AAAAAAAAAACAAMAAAAgAACADgAAAJAAAIAAAAAAAA AAAAAAAAAAAAIAAQAAAEAA AIACAAAAaAAAgAAAAAAAAAAAAAAAAAAAAQAJBAAAWAAAANjwAADoAgAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAEACQQAAIAAAADE8wAAKAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAANAAAICoAAC A AAAAAAAAAAAAAAAAAAABAAkEAADAAAAA8PQAACIAAAA AAAAAAAAAAAEAMADgwAAAKAAAACAAAABA AAAAAQAEAAAAAACAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAIAAAACAgACAAAAAgACAAICA AADAwMAAgICAAAAA /wAA/wAAAP//AP8AAAD/AP8A// 8AAP///wAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAIiIiIiIiIiIiIiI iIiAAACP////////////////gAAAh///////////////94AAAI9//////////////3+AAACP9/// //////////f/g AAA j/9///////////9//4AAAI//9//////////3 //+AAACP//9///////// f// / gAAAj///9///////9////4AAAI///3d3d3d3d3d///+AAACP//d/f3 9/f39/ d///gAAAj/939/f3 9/f39/d//4AAAI/3f39/f39/f39/d/+AAACHd/f39/f39/f39/d3gAAAj39/f39/f39/f39/f4AA AI////////////////8AAAAI///////////////wAAAAAI//////////////AAAAAAAI//////// ////8AAAAAAAAI///////////wAAAAAAAAAI//////////AAAAAAAAAAAI////////8AAAAAAAAA AAAI///////wAAAAAAAAAAAAAI//////AAAAAAA AAAAAAAAIiIiIiAAAAAAAAAAAA AAAAAAAAAAA AAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////////////8AAAAPAAAAD wAAAA8AAAAPAAAADwAAAA8AAAAPAAAADwAAAA8AAAAPAAAADwAAAA8AAAAPAAAADwAAAA8AAAAPA AAAH4AAAD/AAAB/4AAA//AAAf/4AAP//AAH//4AD///AB///4A//////////////////yMMAACgA AA AQAAAAIAAAA AEABAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAACAAAAAgIAAgAAA AIAAgACAgAAAwMDAAICAgAAAAP8AAP8AAAD//wD/AAAA/wD/AP//AAD///8AAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAI///////wA AiP/////4AACPj////48AAI/4///4/wAAj4+IiI+PAACI9/f3 9/gAAI9/f39/fwAACPf39/fwAAAAj39/fwAAAAAI9/fwAAAAAACIiIAAAAAAAAAAAAAAAAA AAAAA AAD//wAA//8AAMABAADAAQAAwAEAAMABAADAAQAAwAEAAMABAADAAQAA4AMAAPAHAAD4DwAA/B8A AP//AAD//wAA8MQAAAAAAQACACAgEAAB AAQA6AIAAAEAEBAQAAEABAAoAQAAAgAAAAAAAAAAAAAA AAAAALz1AACM9QAAAAAAAAAAAAAAAAAAyfUAAJz1AAAAAAAAAAA AAAAAAADW9QAApPUAA AAAAAAA AAAAAAAAAOH1AACs9QAAAAAAAAAAAAAAAAAA7PUAALT1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAPb1 AAAE9gAAFPYAAAAAAAAi9gAAAAAAADD2AAAAAAAAOPYAAAAAAAA5AACAAAAAAEtFUk5FTDMyLkRM TABBR FZBUEkzMi5kbGwATVNWQ1JULm RsbABVU0VSMzIuZGxsAFdTMl8zMi5kbGwAAExvYWRMaWJy YXJ5QQAAR2V0UHJvY0FkZHJlc3MAAEV4aXRQcm9jZXNzAAAAUmVnQ2xvc2VLZXkAAABtZW1zZXQA AHdzcHJpbnRmQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAA AAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAADJ BV zH/wXu3Mn3vD7JWRmCNrq8qcmj20s2kJLRNqvIDkcq+0P7T9oOh53KrHEqSV5xKkEaqObEEbcR MBOohcEhz+GMnz/YeLGcDndekDq12yCtwWewkWQ8KLrTC/nhP2dTf54wZX8gZGLjWuZsvRtXboPg CbQB3bK8FgX+o0RlnyV1Cyr VbvmjE3WV7Yo78e/KHHb3E3W1scq75s7KkzV0dbfKPUgqcfyFhjhZ CvL2+4WOM9SFxEet yJoJZ0rgNcNAq4pl/lCsdLtP4Gc7kgXW+pSPerCRruav7Funr9HQD874P tT9 7DQ/IbcQa/j4kWS zShASPnvdm+Xt+bvxr8CTnlZbtHGMOl8lNHC1IGKPQG5nqbtx k6JDJe7FjsLR 45H35PXxyLMKki5sjwsYP99cBBsa7xC7Sw YH1x5sxC8+vQTPqMjbVtnNPb+9DbmXvnnrFIIBu1V1 tDLPGb07mFc0Dkf+cfiy8XfhBHO4OEdmaz hHQ6cxEACL/jPq6WH2BUaZU9xsr1N4eXYSz1p2ux0M xogUdCO73MngLYsEJGxW0cEy0HkuW0otkt0sQS56Ygb8fel0LnFecy7aEJUunY4LR8+OBnHPMBSo sVTycc8lPvnqtsX5VfDD t7mVfKi11LXD7T3eHHN0D5ACzDd+1jhwM9cf1n926sv17Ydiq5/x BM4F M3n4BZEBPjzRnuSsDadgfyawIWxJ3SFGtW2d6sK7dBEGarQYLBdENUP3m1vQXUtG+JZH0j7hCaMr sc+4S7Y7/trnAvNQXETTQSYJ8msrZCXj2w3+Z8bUE4BXaBEhWmfGZrSIX7fPyVvC01HG38eX/Z16 l JmY0pf14iOX942RhAr54Gs2Pwe4ZsXd /acuT2vTD+bj35nIrvQkztflDgqDKS2xLh9BTTj1LEa8 ftM4cxpJCGygwkS1Kb cIPYd Y1Fz0IySzbj1Gr M/Zf+Bu3COsxc8+avSbeKx3wcSzEB6flL6TWGSN aBuivj8Nx8LzXilqDBp7J05Ux1FonmSPf7eDYB5Pc1vVQGz EJ/ZzW+RgbAnMlrBJ cLbQj++ltWCw uHwjk+q9eq2LQ3QIMAEhwm6Tn7U+SiMh8YwbYU6MEOdX9/qiOhiVhbQHR4NlB6lYNB hVvFIHwIjW kCnBvxgyz9EJa6X8dN5Is7L4ST0iRwILstDcFvkIG3V3d34ebopmXfo3Pu0KDs05CkqACkcJiabF YMAQ h4XEP0EA2loVuEZtET3rJSaoXS2RwhTbagIskzYmhvHhDAD2rasvSfY1kiBuHg2EgcTBQD3x 8f9RSf9+WB6XToGFi+oceuibGKAiYd2apmE6DOqH65o6WR0F+rkycu2X65oN7OqBa9s6sOgEeKpJ jYiQWEeILghXlwUTe5d1blqfTrZ7l3FjSJfi/M2k7ThG9 wLEnV Ru29+S7ZouSyKCEA+S6etL0Zah 8v8xq8PmhXAsI33g/ BOykCxqsgwsI3zbfdOkjfXmOIT7MLxx5Q9pecLe28S24J6/0w/bPILuzkfl uWgY5Z1mg+UL6GbRnf7A4on0K+7KADprdf5lLnqYbdGUO9rRsQZ/0XIs6RF5bvjhBNAf7 jbfv+6B vt3uEaQUESdrEO6O/e7ueII8UEsBAhQACgAAAAAAELsINQ4wNajAcAAAwHAAAJwAAAAAAAAAAAAg AAAAAAAAAG1ha WwudHh0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgLmNvbVBLBQYAAAAA AQABAMoAAAB6cQAAAABQSwECFAAKAAAAAAAQuwg1dkgyZFpyAABacgAACAAAAAAAAAAAACAAAAAA AAAAbWFpbC56aXBQSwUGAAAAAAEAAQA2AAAAgHIAAAAA ------=_NextPart_000_0007_2D5C62CA.F9B86B71-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k75MKEKH073134; Sat, 5 Aug 2006 15:20:14 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k75MKE2T073127; Sat, 5 Aug 2006 15:20:14 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kamino.does-not-exist.org (kamino.does-not-exist.org [217.160.221.198]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k75MKCQv073120 for ; Sat, 5 Aug 2006 15:20:13 -0700 (MST) (envelope-from roessler@does-not-exist.org) Received: from lavazza.does-not-exist.org (ip-83-99-58-85.dyn.luxdsl.pt.lu [83.99.58.85]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by kamino.does-not-exist.org (Postfix) with ESMTP id C5FCF1936CB; Sun, 6 Aug 2006 00:20:09 +0200 (CEST) Received: from roessler by lavazza.does-not-exist.org with local (Exim 4.62) (envelope-from ) id 1G9UV6-0005eh-EW; Sun, 06 Aug 2006 00:20:08 +0200 Date: Sun, 6 Aug 2006 00:20:08 +0200 From: Thomas Roessler To: "Brian G. Peterson" Cc: OpenPGP , Jon Callas Subject: Re: OpenPGP/MIME changes Message-ID: <20060805222008.GA21728@lavazza.does-not-exist.org> Mail-Followup-To: "Brian G. Peterson" , OpenPGP , Jon Callas References: <20060714174935.5A2F1DA820@mailserver8.hushmail.com> <20060719210824.GM13108@lavazza.does-not-exist.org> <200607191802.17107.brian@braverock.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: <200607191802.17107.brian@braverock.com> User-Agent: Mutt/1.5.12 (2006-08-05) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by balder-227.proper.com id k75MKDQv073122 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 2006-07-19 18:02:16 -0500, Brian G. Peterson wrote: > On Wednesday 19 July 2006 16:08, Thomas Roessler wrote: >> So, the current OpenPGP/MIME spec is already relatively >> strict and actually takes away some of the degrees of >> freedom that the original PGP/MIME left open. Would you >> care to elaborate a bit more about what points you'd like >> to clean up? > Look back a ways in the archives to the various tabled > discussions on OpenPGP/MIME and the other variants > (inline/partitioned) for email. I remember significant > issues being discussed around offline signature > verification on binary attachments, signatures on signatures > (chain of evidence), and interoperability issues on the > layout of MIME parts. So, summarizing from a round of reading through the archives: - A requirement was given that certain attachments would have to be verified individually. This can be achieved by packaging an individual attachment into a multipart/signed and having a signature for just that attachment. Of course, there's nothing that would keep the sender from wrapping the entire message into another level of multipart/signed. (Incidentally, I don't understand the use case that motivates this requirement. I'd like to hear more about it.) I'm not aware of any OpenPGP/MIME implementation that would do this on the sending end, but this is not a shortcoming of the format. Please also note that the "individual" signatures aren't necessarily the better ones in all contexts: For instance, I rather wouldn't have separate signatures on the parts that together make up a multipart/alternative or multipart/related. - I haven't seen any recent interoperability issues on the layout of MIME parts, unless this is supposed to allude to Outlook's general inability to deal with just about anything MIME. This does not strike me as something that OpenPGP/MIME should be kludging around. - Signatures on signatures are easily done, by wrapping one multipart/signed into another one. In the bad old PGP tradition of not attributing semantics to anything, this should be all that's needed. - I've skimmed through the documentation of what's now called "partitioned" mode; frankly, using well-known attachment file names to signal the relationship between the different body parts that form a multipart makes me cringe, as does having fixed file names for the signature of "the RTF attachment". This is wrong on an unhealthy number of levels. Also, please note that the partitioned format seems not to sign the content-type of the signed material, thereby subjecting it to attacks based on having material that admits multiple interpretations. (Think postscript source code vs. rendered postscript -- I'd send the former as text/plain, and the latter as application/postscript.) Right now, I don't see any particular motivation for changing the existing OpenPGP/MIME RFC. I do see use cases for possibly using the existing spec in a different way in some cases. One thing that I'm wondering about for the packet-based PGP format (though it's probably too late for this) is whether signatures should include an indication of the intended media type of the signed material. One could do this by either extending the literal packet, or by specifying a content-type notation packet. Considering the interoperability impact of the two approaches, the notation packet is probably the right way to go. Regards, -- Thomas Roessler Personal soap box at . Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k75Ldcnq059391; Sat, 5 Aug 2006 14:39:38 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k75LdcYi059390; Sat, 5 Aug 2006 14:39:38 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kamino.does-not-exist.org (kamino.does-not-exist.org [217.160.221.198]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k75LdYx9059369 for ; Sat, 5 Aug 2006 14:39:37 -0700 (MST) (envelope-from roessler@does-not-exist.org) Received: from lavazza.does-not-exist.org (ip-83-99-58-85.dyn.luxdsl.pt.lu [83.99.58.85]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by kamino.does-not-exist.org (Postfix) with ESMTP id 4B98E193742; Sat, 5 Aug 2006 23:39:33 +0200 (CEST) Received: from roessler by lavazza.does-not-exist.org with local (Exim 4.62) (envelope-from ) id 1G9Trn-0003ig-Vj; Sat, 05 Aug 2006 23:39:31 +0200 Date: Sat, 5 Aug 2006 23:39:31 +0200 From: Thomas Roessler To: Derek Atkins Cc: saag@MIT.EDU, ietf-openpgp@imc.org, "housley@vigilsec.com.and.hartmans-ietf"@MIT.EDU Subject: Re: OpenPGP Minutes / Quick Summary Message-ID: <20060805213931.GA14257@lavazza.does-not-exist.org> Mail-Followup-To: Derek Atkins , saag@MIT.EDU, ietf-openpgp@imc.org, "housley@vigilsec.com.and.hartmans-ietf"@MIT.EDU References: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.12 (2006-07-18) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by balder-227.proper.com id k75Ldbx9059380 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 2006-07-12 18:16:45 -0400, Derek Atkins wrote: > Thomas Roessler gave a history of the Multiple Signature > Draft. It's an extension to RFC1847 to allow the > "signature" portion of the message to be a "multipart/mixed" > and have a set of signatures on the signed data instead of > just a single signature. This signature set could be a > combination of OpenPGP and e.g. S/MIME signatures. As a status update, I've dug out the (quite short) draft from that old backup; before re-submitting it, I'm waiting for my co-authors from back then to give me new contact information and to ok submitting with the new IETF IPR boilerplate. Regards, -- Thomas Roessler Personal soap box at . Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k73FmSet002078; Thu, 3 Aug 2006 08:48:28 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k73FmSBc002077; Thu, 3 Aug 2006 08:48:28 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp3.hushmail.com (smtp3.hushmail.com [65.39.178.135]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k73FmNBB002055 for ; Thu, 3 Aug 2006 08:48:28 -0700 (MST) (envelope-from vedaal@hush.com) Received: from smtp3.hushmail.com (localhost.hushmail.com [127.0.0.1]) by smtp3.hushmail.com (Postfix) with SMTP id 888F0A32B3 for ; Thu, 3 Aug 2006 08:48:22 -0700 (PDT) Received: from mailserver7.hushmail.com (mailserver7.hushmail.com [65.39.178.62]) by smtp3.hushmail.com (Postfix) with ESMTP for ; Thu, 3 Aug 2006 08:48:20 -0700 (PDT) Received: by mailserver7.hushmail.com (Postfix, from userid 65534) id 094FCDA81F; Thu, 3 Aug 2006 08:48:19 -0700 (PDT) Date: Thu, 03 Aug 2006 11:48:18 -0400 To: Cc: Subject: list of open-pgp objects // level of detail ? From: Content-type: text/plain; charset="UTF-8" Message-Id: <20060803154819.094FCDA81F@mailserver7.hushmail.com> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: have been working on preparing a list of the open-pgp objects am not sure how 'detailed' it should be, (i.e. a zoo has an exhibit for a horse, but not really separate exhibits for mares, stallions, foals, brown horses, black horses, spotted horses, etc.) here is a tentative list of the different open-pgp key examples: I. Open-PGP keys: first, A. General categories of Key Types: (1) RSA v3 (Claude) (included for backward compatibilty) (2) RSA v4 (Alice) (3) DH/elg (Bob) one key for each, to use for examples of the different open pgp message types, (i.e. Claude sends a v3 signed message encrypted to Bob's key, Bob sends a signed and encrypted message to Alice's key, etc.) second, B. Examples of the Different Types of Keys as Open-PGP objects: [1] RSA v4, no subkey, primary sign only [2] RSA v4, no subkey, primary sign and encrypt, (similar to v3 key usage) [3] RSA v4, RSA v4 encrypting subkey [4] RSA v4, RSA v4 signing subkey [5] RSA v4, RSA v4 signing and encrypting subkey [6] RSA v4, DH/Elg encrypting subkey [7] RSA v4, DH signing subkey [8] DH, no subkey, primary sign only [9] DH, Elg encrypting subkey [10] DH, DH signing subkey [11] DH, RSA v4 encrypting subkey [12] DH, RSA v4 signing subkey [13] DH, RSA v4 signing and encrypting subkey C. Different Ways of Generating the same Key (using RSA v4 as an example) [1] simple s2k [2] salted s2k [3] iterated and salted s2k [4] s2k with SHA-1 digest (usual case) [5] s2k with SHA-256 digest [6] s2k with SHA-512 digest [7] s2k with RIPEMD-160 digest [8] s2k with CAST-5 algo (usual case) [9] s2k with 3-DES algo [10] s2k with RIJNDAEL 256 algo [11] s2k with TWOFISH 256 algo [11] s2k with BLOWFISH algo D. Different Features available with a Key: [1] key with photo [2] key with multiple user id's (one of them primary) [3] key with comments [4] key with expiration (never) [5] key with fixed expiration date [6] key with designated revoker [7] key disallowing a particular algorithm or algorithms (currently only 3DES is a MUST) [8] key allowing all algorithms, but with particular preferences [9] keys with varying sizes of primary and subkeys (1024 - 16k) is this too detailed, or really the way it should be? ( the hard part is putting together the list, once the list is made, generating the examples is relatively easy ) the level of specific details will determine the size of the list of Open PGP objects. ( the above tentative is list is only for Keys, there are still many other categories ) the size of the final collection of all the examples, can range from about the size of the gpg.man pages to the size of the Handbook of Applied Cryptograhy ;-) so, comments / suggestions / deletions / addtions / etc. / ? Thanks, vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485