Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 270F7BBC for ; Tue, 14 Jul 2015 17:29:04 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-oi0-f45.google.com (mail-oi0-f45.google.com [209.85.218.45]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id D8E2E26C for ; Tue, 14 Jul 2015 17:29:02 +0000 (UTC) Received: by oige126 with SMTP id e126so11357356oig.0 for ; Tue, 14 Jul 2015 10:29:02 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=ipH/pd5buwpdiZqaxEEZx2tzM+ZREm6llDRGEKrrgHo=; b=cYh8VEavVjTo/l8VZG6YLL+yTPlvY0gCFF+uBqAvfQx418Fe+Jj6Yz8BjgcF1ObWTN MfcdOi1h7J50bTnDfQvd3N0Ix4jlZZRlUECJod55+7AecJTfqwG3su0AkX/Ek9zIuiHQ nmHF4YCpByS+NmsmjcZBItyQPuysF7N7xUAIfDGpBbVVvaxdMjxpQFjgR8rgdFcSlmg5 aTuam/NAv8JGzns2GcM80cRUkIa/uiS1YbwsTC30JErl2kVoK8+SKlrJxowtlecWxk2g Md99keZf+P4Ls7nSLg0iEaiEiduT7G9qhOx/0lbPIaKrFaxz+mJ2RMgUK93Z36XZsPYy zY4w== X-Gm-Message-State: ALoCoQk13O6Zb6vzwSZbbxbEjF7sw/dHVjRpr/INowM/hSokLQ7fs6IRNcRtOpZzLbcD1XqICVWu MIME-Version: 1.0 X-Received: by 10.182.176.36 with SMTP id cf4mr9790824obc.40.1436894942119; Tue, 14 Jul 2015 10:29:02 -0700 (PDT) Received: by 10.202.221.66 with HTTP; Tue, 14 Jul 2015 10:29:02 -0700 (PDT) Date: Tue, 14 Jul 2015 10:29:02 -0700 Message-ID: From: Justin Newton To: bitcoin-dev@lists.linuxfoundation.org Content-Type: multipart/related; boundary=e89a8ff1ca289c4128051ad92cc3 X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,HTML_MESSAGE, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [bitcoin-dev] Proposal: extend bip70 with OpenAlias X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jul 2015 17:29:04 -0000 --e89a8ff1ca289c4128051ad92cc3 Content-Type: multipart/alternative; boundary=e89a8ff1ca289c4125051ad92cc2 --e89a8ff1ca289c4125051ad92cc2 Content-Type: text/plain; charset=UTF-8 [Sorry to break list threading, I joined the list to respond here, and don't have the original message to respond to] [Copying message 9412 from thomasv@electrum.org] Mike Hearn wrote: >* Hi Thomas, *> >* FYI there is a company called Netki is also working on a kind of DNSSEC *>* integration with BIP70, *>* there's a thread here about their efforts: *>* https://groups.google.com/forum/#!searchin/bitcoinj/dnssec/bitcoinj/QFAH1F2dEwE/36oWDwREEV4J * Hi Mike, Thanks! I believe it is better to keep the current discussion on bitcoin-dev, though. >* If you would like to work on this, perhaps it's worth teaming up with them? *>* Obviously they plan to have an open spec and open source implementation. *> I would love to work with Netki. However, it's not clear to me what they are selling. OpenAlias is an open standard, not a company. In contrast, Netki have very long Terms of Service, that do not help understand what part of their solution is open-source, and what is the product. They surely know about OpenAlias, it would be nice to hear what they think about it. [FROM JUSTIN] Hi there. You are correct that we are a company providing a service, however, that service is also based on an open standard which we are proposing. I'll be honest that we haven't done the greatest job in promoting the standard so far. More coming soon on that front. Any of the Open Source Wallet Name resolvers that we have created do lookups against the standard record formats, and not directly against our servers in any way. Information on the record formats as well as links to the lookup API server and some early libraries can be found here: https://www.netki.com/#/developers and here: https://github.com/netkicorp To break it down briefly, we have an open lookup standard based on both the namecoin blockchain as well as traditional DNSSEC. (You can choose your own adventure of using namecoin based names or traditional ICANN names). We DO provide a service where we will register or host names on your behalf. However if you follow the format and host them yourself, everything will work just fine, and our open source lookup server and libraries will provide those results exactly the same as if the names were hosted with us. To that end, we have had conversations with several companies in the space who intend to host their own names, and we intend to work with them on the effort to ensure our documentation is sufficient to ensure they can successfully do so. In terms of comparisons to OpenAlias, I think there are a lot of similarities, but a few differences. First the similarities: 1> We both use DNSSEC. 2> We both have the option of storing the address directly in the DNS record. Differences: 1> We do not use DNSCrypt. I understand why you chose to, but we were concerned about broad interoperability and easy broad distribution of hosting, so decided not to use it. We have other ways of achieving privacy, using HD Wallets and Payment Requests. 2> We have the option of storing a URL rather than just a wallet address in the TXT record. This allows a second level lookup against the URL to get back a unique HD Wallet address or Payment Request each time, further protecting user privacy and security. Using Wallet Names with Payment Requests allows for the user experience of typing in an easy to remember name and getting back the "green lock" and who the validated recipient is. This also provides an auto audit of the end to end DNS SEC process, in the case the path were somehow compromised, the signature on the payment request can provide an additional check. 3> We use a 2 tier lookup format. The first lookup returns a list of currencies or payment types supported by the Wallet Name. The second lookup goes to a record specific to that currency type to get the address to go to. We believe this to be a more scalable solution in a world where someone can have both multiple digital currency types, but then also multiple types of colored coins, and wants a simple way to share a single name for all of those different addresses. This allows the wallet to do the work behind the scene of choosing the currency it wants to send, and automatically getting back the right address to send to, without the user having to do anything different. 4> We mandate DNSSEC while you make it optional. We did this because we believe giving the user the option of NOT using DNSSEC is like letting them order a car with no brakes. We weren't sure how we would explain to them why their money was gone when they really didn't understand the risks they were taking up front. We had a lot of discussion about it before coming to the decision we did, and I can see why you went the other way, although I do believe we made the right choice. Additionally, we just released another open source API server to help with the "other half" of the lookup problem. Its in its infancy, and we are certainly taking feedback on it at this time. It is called Addressimo and will serve unique HD Wallet addresses or Payment Requests for every lookup, thus allowing a user to have a private, secure way to share a Wallet Name that can be used to send them any digital currency. I'd love to talk here or offline about merging standards going forward. As an FYI, Verisign has also delivered a standard to the IETF using DNSSEC to pass payment information here: https://tools.ietf.org/html/draft-wiley-paymentassoc-00 We have started discussions with them about merging standards as well. They actually have a really nice way in their standard to encode email addresses that more or less ensures that there won't be name space collision in the case that there is already a record "joe.user.com" and you want to create one for "joe@user.com" that we are looking at adding to what we are doing in the next update to our record formats. In any case, I'd much rather we had one effort going forward than multiples, so let's talk! [/FROM JUSTIN] Justin W. Newton Founder/CEO NetKi, Inc. justin@netki.com +1.818.261.4248 --e89a8ff1ca289c4125051ad92cc2 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
[Sorry to break list threading, I joined the list to respo= nd here, and don't have the original message to respond to]

[Copying message 9412 from = thomasv@electrum.org]

Mike Hearn wrote:

> Hi Thomas,
>=20
> FYI there is a company called Netki is also working on a kind o=
f DNSSEC
> integration with BIP70,=20
> there's a thread here about their efforts:
> https://groups.google.com/forum/#=
!searchin/bitcoinj/dnssec/bitcoinj/QFAH1F2dEwE/36oWDwREEV4J

Hi Mike,

Thanks! I believe it is better to keep the current discussion on
bitcoin-dev, though.

> If you would like to work on this, perhaps it's worth teaming u=
p with them?
> Obviously they plan to have an open spec and open source implem=
entation.
>=20

I would love to work with Netki. However, it's not clear to me what the=
y
are selling. OpenAlias is an open standard, not a company. In contrast,
Netki have very long Terms of Service, that do not help understand what
part of their solution is open-source, and what is the product. They
surely know about OpenAlias, it would be nice to hear what they think
about it.

[FROM JUSTIN=
]

Hi there.  You are correct =
that we are a company providing a service, however, that service is also ba=
sed on an open standard which we are proposing.  I'll be honest that we=
 haven't done the greatest job in promoting the standard so far.  More =
coming soon on that front.  Any of the Open Source Wallet Name resolvers th=
at we have created do lookups against the standard record formats, and not =
directly against our servers in any way.  Information on the record formats=
 as well as links to the lookup API server and some early libraries can be =
found here:  https://www.net=
ki.com/#/developers and here:  https://github.com/netkicorp

To break it down briefly, we have an open lookup standard based on bot=
h the namecoin blockchain as well as traditional DNSSEC.  (You can choose y=
our own adventure of using namecoin based names or traditional ICANN names)=
.  We DO provide a service where we will register or host names on your beh=
alf. However if you follow the format and host them yourself, everything wi=
ll work just fine, and our open source lookup server and libraries will pro=
vide those results exactly the same as if the names were hosted with us.  T=
o that end, we have had conversations with several companies in the space w=
ho intend to host their own names, and we intend to work with them on the e=
ffort to ensure our documentation is sufficient to ensure they can successf=
ully do so.  
In =
terms of comparisons to OpenAlias, I think there are a lot of similarities,=
 but a few differences.  First the similarities:

1> We both use DNSSEC.
2> We both have the option of storing the a=
ddress directly in the DNS record.

Differences:
1> We do not use DNSCrypt.  I understand why you chose to, but we were=
 concerned about broad interoperability and easy broad distribution of host=
ing, so decided not to use it.  We have other ways of achieving privacy, us=
ing HD Wallets and Payment Requests.

2> We have the option of storing a URL rather than just a wallet=
 address in the TXT record.  This allows a second level lookup against the =
URL to get back a unique HD Wallet address or Payment Request each time, fu=
rther protecting user privacy and security.  Using Wallet Names with Paymen=
t Requests allows for the user experience of typing in an easy to remember =
name and getting back the "green lock" and who the validated reci=
pient is.  This also provides an auto audit of the end to end DNS SEC proce=
ss, in the case the path were somehow compromised, the signature on the pay=
ment request can provide an additional check.

3> We use a 2 tier lookup format.  The first lookup ret=
urns a list of currencies or payment types supported by the Wallet Name.  T=
he second lookup goes to a record specific to that currency type to get the=
 address to go to.  We believe this to be a more scalable solution in a wor=
ld where someone can have both multiple digital currency types, but then al=
so multiple types of colored coins, and wants a simple way to share a singl=
e name for all of those different addresses.  This allows the wallet to do =
the work behind the scene of choosing the currency it wants to send, and au=
tomatically getting back the right address to send to, without the user hav=
ing to do anything different.  
4> We mandate DNSSEC while you make it optional.  We did =
this because we believe giving the user the option of NOT using DNSSEC is l=
ike letting them order a car with no brakes.  We weren't sure how we wo=
uld explain to them why their money was gone when they really didn't un=
derstand the risks they were taking up front. We had a lot of discussion ab=
out it before coming to the decision we did, and I can see why you went the other way, although I do beli=
eve we made the right choice.

Additionally, we just released another open source API server to he=
lp with the "other half" of the lookup problem.  Its in its infan=
cy, and we are certainly taking feedback on it at this time.  It is called =
Addressimo <https://=
github.com/netkicorp/addressimo> and will serve unique HD Wallet add=
resses or Payment Requests for every lookup, thus allowing a user to have a=
 private, secure way to share a Wallet Name that can be used to send them a=
ny digital currency. 
I'd love to talk here or offline about merging standards going for=
ward.  As an FYI, Verisign has also delivered a standard to the IETF using =
DNSSEC to pass payment information here:  https://tools.ietf.org/html/draft-wiley-=
paymentassoc-00  We have started discussions with them about merging st=
andards as well. =C2=A0

They =
actually have a really nice way in their standard to encode email addresses=
 that more or less ensures that there won't be name space collision in =
the case that there is already a record "joe.user.com" and you want to create one for "joe@user.com" that we are looking at adding to=
 what we are doing in the next update to our record formats.

In any case, I'd much rather we had one=
 effort going forward than multiples, so let's talk!
[/FROM JUSTIN]


=

<= /font>
Justin W. Newton<= /div>
<= font face=3D"Futura" color=3D"#0795b1">Founder/CEO
NetKi, Inc.



--e89a8ff1ca289c4125051ad92cc2-- --e89a8ff1ca289c4128051ad92cc3 Content-Type: image/tiff; name="PastedGraphic-1.tiff" Content-Disposition: inline; filename="PastedGraphic-1.tiff" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: ec6bb066f4bb7681_0.1.1 TU0AKgAAHcqAACBQOCQWDQeEQmFQuGQ2EgEIhMMB4klY3OR0uNtv1frZRAB/P5+w6SSWTSeUSmVS uWS2XS+YTGZTOaTWbTecTmdTueT2fT+gUGhTICgYDgUumhAhYgEYpC9xuJwLxuOJ4gIjkQfPpAnI oP5rtJj0OyWWzWe0Wm1Wu2W23W+4XG5XOgAG7AMeEMpgY7oVSgACUUltZlq58vqILxxv8gv4OAFh AIYjQfP5qtBiPpDHcrv92utzXTRaPSaXTafUanVavWa20AIPiMVgZAI9YgEMhwRwQPNlor8zkUjE FfrJar9eOJ/Y18uljAIqk0dQh+K5So99qBJnoAPp9PjXeHxePyeXzef0en1T4AgwHBECnE/JwBjs hFKEAKBl93ORkBIGAZhw4rjuS5aCH6BB1lWAYjCWKqEn4fbvEWPwvn6YRdFSAB/w69cPxBEMRRHE kSxNE6BAGAYCAIKYujmAoxDcRCShYZhhFSLIpCqK6CQI5DlCCgh/n8epxgCIwbAeAAFAWByGH+dB ym+fRBDmKJ/G8bRoxRLsvS/MEwzFMcwLsAIBBkHAigOPZFFXJknJKBJ8HueQ2AeBB5ggC4MA3Hzj SBA6Dn6fRwFIAYqCsLiUn6ZBhFmfZHD+MJ/nkeJ2zJTNNU3TlO09T6WtwDYRAMPhFlYAQRhQGKWh 4ZhglIJIpUUhEfwNISEACf59H+F4LG8AIPBCFCWn2T5KD0fhWlERgAH5CVQIOAgZCQPKgn+eJ1I2 bpnFYtQCgOBgCBaII2pqfpvGeVp/ngdJtJqAIDgUCIBhWHw0U3dF1XZdyU3jed63vaKTn8cRqFsf x2HJLiUAIFggDWAADARJ6aH6bBjE8f57HkdKhAEAgDAIGAiDmnp+m2ZZTn+eZ2nBf15Xpe18PIBA EgWAw0jsSQBiOJ4xJiCp0HGbA2hiF4RAGAqi1rQFboYfp7nCWIBiuKonpke57HozQ7isfpmGMXEO Q9Ti7ASNRLn8sp7k2OEnn2fB5rKAIFAeDIEDARLQpofRcEwKV0GgV94AeCoSAQLZBm3Te/cBwXCJ QAPDcRxXGYGkp9mAUgyn4axiE4lIEC8Q5xPaCIOpqfJVEKGWEnGZ6ggKIAuE2AgVB4Micn+d5zms fBTkEFiBbKk/J8PxPFtXM+QZ8MQCjgPpNpyKBtmgWYaiGI4moZW0gpKfwMH2XYBBsHYipqfxwG4a kqyuf5zHGblM7PtO1rIfZlloQB+f0QLdG7N4b03wmbjnAjecG4V5DlnGt/gPAlyTlHkuXcwQ5zTn HPOgdE6R0wDHUOqdY64djsCegCAoB0GIBwrB7GcT0fAog9AfH+PQdw4lQwSgYaUAQKAWg4AMH8Rw sCIATAuTkEI1Rmi6DIEkJQRiSveUEQ4fw+h1jLAEFQJYNWTi7FmKEfQlhFLmHuPVuaKH6tqLSPcT QbQFLOH2PcoLdW7t5b2TWAzkIFOVeUpqO8CHIvGhxHuCpDYLudc+6ElDo3SundSTR1brXXuxJyAJ pQCAwiKHQvEBYEicj8GYLUQY+xlCzD8TF48eoKFuACBICgGQDB5EOKcAQLQZg/J6AQuwAAxDzHSM 8D4KgWqsJJFBXBJx+gDHOKcAYSwnhZKCPsSghw1D8FsK0TRICRIhjO/cs4+xiCqDgPwaQvhIxxgD HSAhMo+wQJnKeCcDXHx+X9IGVMgyFSFgzIgk8ioOwfkdCGSJOQCg7CqI8AgLwhhwd2PceY6h8ChD un4kI/JTT0W+UYAoXg0iCAIFUL4diygvGUMAUwVgqBXC0SmYhKUOj4Y8EIF4BQAgNAfJwoClR4Ds K4V4yw0Binqm2Wqicao2EgH6PsnscoBR1b7A6PBNJ3Q5UzOuP5JqoyCntPdzchoNSJg5IyEEkIRy SnaBEDIKgEBZD+NUno+RViGBmP4dY4oW1QotHEu4PAiBUL4IQUhgGmFkAWPQeQ7A2gYAiP4BsrAL Uqac98lg/R8DeUOFYLCiy0U9MyIYPAWDPDqHKeKoJbB9C9FAhcbIyCPk8qVOiO1Tp5V2gXVhMdVJ 52znrVkg8+JDwbkXB6RpM5HwihITEATIJ+VKJyP0bIyRR2lE+F4nNV7ck3AECAEgLTaG2ACn0EJb QfjOGGKYIwUAqUpJZSsloAgAkhBQA0aQAgSAoBgW0fgrxTCQWMJJax3jwGntGWwfg+h7NtbehybJ OLWwDtfPGdhMrqTwgfVUkuEbdVagxb2r1v5/XCoBWMmIBQbBOEGAQGgSg+E6H9gMe4nA4gQjdHDB Vdyb0ZDYIwAgWgxMmLgBccY3RoBtByDgFzzD9XpsfFEl1khyC2AGFYKQSi5D0sIPkOgYggPqG5WQ umAS3D6FuJgKI/RvjQFhdOc+DKm4OwoTDC1U7YYPwrjTC9u6tz5t9P24JMrh0BJZm8nQ+haiUCWP 0cLB6k50JqAoSosR/j9GkMgVYAQbA4BsAEDYHQPt0IGFQb41RcAwB+EIJBMb1EzH6BMe+Tgdg/yk WgjguxagCAMAwEI/BeiwEePwYwu59ZdAC2iNBcB/0MocKAOwGWyTcwhmmpkBc45tJfoCOwuxO0pq Pf8uY/h0jfGSP8eo8Z0kmXAAsAYHQUxOJ7JUAwRQximJzKIWYfx/juHKNMntcnYMsZdnmsE/6xXF ckmd5I3AAgOApd8nA/hzDaGCPkWAjggRx0UTTRmjkhj4Y4P1LYsplhQCsxIAwBiegkGkMoWoYQmB NCWTXU5MopjtGgAIKYRwXAAeZvka41BoAAG+OEdQAwTgu3UQIfQpRKOd17r8ueXi4j5FiI8IY/hy jZF8vDZ24yYW2tlKgnI9xLBpyO8XOuFdgv2JyPgUAdwNMbHiOc01ybgVhuJlwkq01qgFBwFAQ0Lh OhzAmP8fI9R3cUtwTni4/yGbcHINgfw9h4DZAGEQJLWCaAFomGQfI7xrAcBOCrm5NOXrnH+ONQ4T wp2YJmuwd47h/C+F0LgAgLgchY5wmchHR+k6818aTp2xB6DvHHC+GLxPFZu6zg3CceZ3k47B2L43 ZXjdn2GTftXbO3dwNL3LDufMP8CIa6cDkihxk9c0KUM7nhhzXLJtTi2jfjzGN8LoAAHgOgTAECwF 4MyWgyGUF+FICmCosuJy9GJoQ6H08KB8BSH2iGiKpY8UH8FoFclkA6BMCEpmT2JK906U96NG9+Lm HyFaESBy24G+GQlM+SzW+W66+aJu+e7G/i+kIdBAJk+u7aHs7e7iq+7m4A7q/C4ICyEAGuACT2BM d2XaG0eAEABS2Wbo4qJm8SJiIA/GixVMAh8QyIAQoFQsAIdD4hDgc83g6TaHgyBwUDQcEIjH5BIZ EAF+slqv144n8QZHLZdIH6+G+pwGViuWZfD38xWCuwC+n8EAEHhINZzI30pUoZX4xl2nKPUalUwC AQSaku/qnW65LX87XK0nyqUGL67IACCgeGQQYES5rPSFwmCk/W80FfcZEAQeFRICC2g23epc90sa QFDn+/8Jjcdj8haKtWK1kYi+FAdw0/3s8XPltBEQQXkO4gCDAiHdA+VUhRk/nY42fLgILCAawKPi wlNDIHwpD4I3+8nY3t7VL7f8Dg+OCkqscZln+83i6n64WwvAGTimWgBVYiQ2exFOQieU5xx4hJZP KZX6oiAgCAH8JQUzQEJxWM4g/2+bptH+aRomsAYWBqKDQKSpamqe+DIKqq6swe3p8lQQQWH8dxzG qvS0rWtq3wUua6ruvLLL4vzAME9TDMQxTowpGUZq5CLKPUzDNM4z0aMa0bStO1LVta17YtmtAFAc DC2kUz8KH4ZxcEOfZkFgPUepfFLlRY5rnxi+B/HIb5nn+AZ+nWDYNgyB42B+H4byw9iUJUlken8f Byl2AQliKHJ+lyWhYAIFYbisAACAIAz1QWpinKhLCuxtCdIMafx0G6Yx8lcRYdw8tS2LcuDLH1Ei 7Lw0EtRW5jexcxIAMXSlY1k77J0m3scs2zsnVmqUftM1DVMs1jXNg2SPqqA4rD0/AKA6GL1H+fJ6 ncfBPjqC76H8fleWO5NVPU5zoSw8AACyeRuk+DgXBmG4HBAEgVRlOT3TrB75PmFAAHOVhvn8fZ/n wFgbCrLFGQbR9uSzWrKsifx0m+ZIAgcCgQqsBqGssfBSj6Eh/nidZuxrT8Q1EyNSLpU0TsjVLlxa w9XVhhOZPVSWGNDXEd13maW19INgsjYci2Mh4BhSHQxAMIIvE7GR8lYRAbH8dRwGXnaI5ZLje3DL 8ZBwdZuFgQo0jGKB9n2fR9FmVxWlUCociEJwCAWBgHNBec6PUDYAHcYwhBmEh+BQHIdh8apqGobB TnOegRUPRMZYNR2rJHmrQH6bpmlWfprmOT4DCYNhbcscJplqfRakqJmRRBUMR5RE1UW9lrjnuTA1 AK+h/n7yaI5j3iqYXHDM1zHnfpDntgSHYkjACBAFgmBAxEadkZH6bZllOfRdk673jIfrFVtDrcZA VV59EoGIOHCD4RhIEqQnScpynGYJjfsDwhCUK+uLPu73mOAeAEfA4wbgWH8MYH4VQrhXJcI8SolR SDtBUDcLjkClKNQc94iDlTLOXcyPoXQnAsJMHOxZjBkR8ChDuBsf49R4slSyyN1qo1SuwRQ7JrMG kKO1dutlbcOnKPBOOzhXUQCIPISEsJIhsByDQAOFMOwxgBAXBCDhMA/B9D3E4HICIAIsD2iA+BcC XkZBMHcNsUgcQzBkgqVsZoxxijCHIPcfYAALAvBqD4rj/l6lSAMAIf4+gXAFHUKoJAWQrhOASAwj hUR3jwHgPIRovxkDxAABBZqi4LsHiMrRCTNjHweFWPoXImwrADA8CwJLn3QuWGyMkUY+heifC8VF D6oERQ0deqeG6KnZydRa7Z3A/ltTAMlJ94SOoizAiQz8yDQQAgQAuCYAwRgyCocgLYSwTx+jgGkL KY0YkuriOOBcfA8hwidCiEICYCQFtzMeLgWArxVgFBMwIBQFwNAfJdHwlx8yHAkAAOkWYRwkg+BK BkEYJl8mOFCKAT4qRtgfBbAw47kYMxhiEZGUUpJTK0AE9ERg6wAgHAWBI0A+BPBzAowAeo7Z/wyl yyaGsvGVw4fDMY0EPJhzFp1BujbN3hs5mNM00A+xjiuDsAUHIUhFIyH8OcbgxB8ivEYD2n5DpxNa jIccMw/R0CrgWFdgjtB6j1HoLUWYshYAbCCEpQyiFFEPn8SBbA8Rng+BSBcdIMAhhFCQeofysBAi gFOMYfoIATA6QVJtyURoOUccxKOUqhmiAiBgFEAwSA0CuNAQIXokB9jFFWHGmLrKZmQZOiWmyEKc VZNDTyH1sKtVBpTUOZcnajW0I/SoOgFWAD0epVmrb4qumRBQO8cYwhKhlC5HpWI4BtjaGwMwao1x sgbB6EQJ8fAFgCH2OwGoDx7C6CIFkLQWAAgCvYlgXouxdjBF+AQCIP7GoMsfRqZEHbJ0ess9+9b0 RGjtpKAojxlh7ibDeA0AA+x8j0JDLdkjrrWMqtdL6HNvDG2ymJD+2FkahTKeLbo0iv4k28H2MQVQ cB+DSF8JHDR37Xzjf4Wde4ABBgXACMIHAPAe3QZmMcYAvhdjHGwOEeA4x2DwH2EkK4UgiANAkBSE 7MhDCVEuKwewKgahUMfRhhEOsQShv7ZUkIA7MWas5Z4yw+xlCyD6PwZgthCYRplDDL9NcLGPuLjE vWHKfYftsxm3GI4jW7t4XYZ4rlSCZCnjHPplnxmOB4OsbYrBAhpDJl534mRViuF2LIaI2R3AGHcP YfoXQzBdCIBkDoG8qsJG1rMboohvjrAyAAAxGi9Zgk7mMx1HczYRwC9LAhGsDmRHuJkNoCQAD9H2 PiDed8KMpdjhinOfiz6Aw9cTQcKNCs6iBogyC0Vp0lpO00WAjQfj+HMNsYWH8Z1cnIWcBg/x9j0E qDYEg6wOAfBACFhIwxnjQGwI0WwwBsjzBODGbg2RpC/AEPwCpLB8XCBAP8dQugwBwDWFgAoBQCKu V4JMS4lxSDpBQDWNpZ9fWQ2+YTYVHyW5oszZuztRxhipDcPwaYvxJ7TtRngx1q9rS9S3tnbRXNuW 82BuDEW4odbkMePkWYkQjAGB6buaM0z4YOHoPelYFNnj8HzOHedxt6ldCiPAbgpA2BkDHy1SA6h3 jxHoHcS4nBYDisxXFx5Dx+8Q4lxSPpEABDuHKNDfgEx0BNC0FWwKsR5j0HoPYRItxgmfAoBcEZXO X36RvfyD+wyWlVpDsbAuyVKxYHuJoN4DD6bQwlDOmku89mO0j0srfTbadPMhETQ248Ss+eUDK4I6 0fjjeqNcYwnh9C/FEGPtG2Ix9rKiBoew8BtidCuEcDuuwEAIeqrAQQmBOCsGIAQCBRgIgWn4S3wf EeJ8VKiAgdA2BZhRCiEQEoFgGYGKhpGgU4UwUoVwaoDIE4KT0CxyjLMTmIvTma/4l7mzNTnJUYXg T4LofobQZIUj2q1LPL3Da7pJHATgOICAf5bQfR7wfgfYe7bT4Ax74TqSDTqgxxoJYoZ4AgGAIoOY AoHQKYRhpqJZIyMLtI0DSYqYNoAYdwWAKD/hBJCgU4W4XQYgUIaobxfwEAFLIAqT+bwr+wrkFgCY dwbQVQMINoMoJwCICYCRuo45mIQITwUYYIfgEQFK+wo70MCC/ayT0rmgo71DATY7AwyCL7BIOABy EzCaXTCsEpb52hl5GD3iDUGYx0Gqor4p5KJR5ZY0QgLIQAa7roExaBaRahaxbDDp4z3YyEJYl4Fi 5QX4SK5zw4ywaQbYbocYQYVIWAZAdwFAGisoxsML+sW4uIerJIEwBAeoYwLoNoM4K69igAywYoYY YYZAW4fgBKK0PkBzMMS8CIuMCYrgAYEYGYKoAwI4MoVRBQW4S4KBhwcAZURz28SDpESRVkShV7Gs SxmcTAxsTSZkTjE6Z8IxoarQ1ADj5ZGQfgaAXYRofYYwVoOkVsJLSS44kTkY+YRIDoBIZIGAGoGp OAxzsIe4fQOwSQTAVQbADYFAJx5pJKVz+jww9QAYdocIYwIAGQEQfgIQJoJUL4x4RASgSwVIegFY GyiwpEcDX8cYs8cori9gAgBIMgSCSxRJ8oxwf4e4eYdSqoRgHwBALQQIbDaqGym760SZF8fsf8Vs qAwkgbEhIETpoEhBI4j8HsH8IMIZGQfAUwP4FAf4iobJq0Vwx8WAkIIAdYbQVIPoNIMspgrpGIRg UIUoWYXQeoAIEofwC0l56rwkY5LABYdAawVgLALgKIGoEQFAEz+Is4cM2QcoTYawcLBgBEmYkEPs cUP4yEqQs4AYEwGwLYAwIgMQUhyyycc8dMtC1rPkjDZUfh30t8w8uIvUubQ8gqZzqsvAvbAILAP4 aoAICIDEAY0If4ei5QfAUYPbgUFZ3ZbkxAx0xQh4B5fweQTQHwFgeoCgDADDXIrYWwYYYwZ4SoYo ZwdYfAEgFoIxWUY0mxWTsADIewcIWAMQOANQKwBQBYBKuYqYSwTATAUgcwE4GjugiE3h70gIrs4D GwAUqsq8rIA0raTro0tLC8E0thmEf06pXlFk7DcMTcusg07sT8vIvbahChKhKxKBKRhM+Yxs+ohw K4eYbwUgMwMIMNFAlobocgcwdQPwT4UwXgdAFIGp7pmdCEMZnYeQdQbQF4CoAYawKoMoMAKEaowo fAfIfQQwWAXAbwf4C80Ah9FUuE3zMkQMCgvU4U4k405CY1G8573U6IyBVsStH061RDQjqNIbE07k HM7wo42o243I3cv4UQPQD89IdwcRWVKIwkWADql4awToLYJwEwAZRAAgkIfaYgAAPASASoUwaACI D4IgAABoB7WJndNcZByYAodIbYXYJIIYGoCQG4IAHo/gloVgVQVIWIaACoEYJ9FMpzmFTcYrMsQQ xsqkq0rBQ9GiIFST3IxtWDP86dHtTJWNIAuM7L4lIlUAxsHUI4qRZALAPoaQAQCQDQFhaAiobUwA QChs6hGVe4uMWAOgBIeYWoJIJYJgJYkIS4VQVoXQV4c4eQCYfoDYEVbiTtZy2ABwdIaoU4Lq5wIQ DQDwDhbAh5GIQQTQTwXQfYEoFwI1Qx39foqdFwx9Rs4s485KHVekSKX62NfNfZndpIrtf7qc7b48 HZ1aXDog3ofYYQU4NQfgagYIS5cdSsxJLwGIdob4XARgM4MDyYhzgjgwRgWwX4bIegE4GVcrDVmD GMVAD4fodIXAMIOLj7kLkYZIZAZAZoWYe4AgGdo53lrIqNpYx9d1GVeNGpydqUfNqindq1q5mVzQ rdrcG9rsTxoVJArlUg3A3Q3hChapa8rsr9i1toxwCAS4WQfoRgEYBwaICYDoDwEYPIS4T4WQcQEY GDwFD7P1wkf7xLxYG4EoCYdQJgLIKoIwRQSdYYdgaIZYX6TldD0cQCyldg0FptR9qB3l0ctVHQ3p hxiBV4f0+KDVJgPLdzeCn91Qqd1h70HFgdURDykthFhVhlhw49+4ZIfIVoRQHNTA3ti4s4JwQIRY Uwe4rQAgYoAoCAGwAD982FH16t1AA4dIbIWoH4HwGICYXAVQUYTYfIYoXYT0p9dLmVddRY0FdwMw SQeoAFGF6ZhN+dHMfV1AqOJOHd9TEJ4kG2At10u9I7PlJRB57R7h6x7Bml3oxoCAKgMAP4ewBwCQ D2Jg3we+IgfAfwBeNRq4xYfoAQaAYQTwe4b4bAZGJ5W03+HxGQAgFQHgMgAoIALgTZq2J1SkteOI nORb0WPy29TsglgNr1goyOQWQmQ2REv4TqLhaL7dqbDI44ARd4FoAwP4RwV4AIDIDjz9fYfwaAZQ X4AYBoDNZ86ofgkoSAfQWIUYPLBofTaSnWAQl9zmUoAYAoBIMwSLCGI2JDPWUbpWRwkOSEP2KGSe KVTz4119r40JZBZRZhZywQcgbAXofIWQSFZF0mUhCgqoAIAYHgIgKgAwO4Qk5IAgAuI7DWWWWmW2 XE6ofwboayqgTwRgLEwgsEGU64reZA+GTWQuQ+RJbma5D2MGatQuaWYuhos+Ah42AwwlgkhOcABJ i4BAMIRYdKbISoJqboaYWk6GRpXmfYA4AoLwNIQQAgKoL4OzGOf2WuW+XKYE9I4gfITIQ0eQbwa4 YtTOYwl2h4+AAWZWZmZ2IrwJSmiwuODGR2rVQ+bNTmbeStT+S+kg9WiOTmimB71wToOalDB2Imre jFV7KYDIAwPIQ4U4AQFoGcPaTuoGgGoaDQfQVB2wfgYoXITRbN/dfep7+WQBWOtGiZWWrxSOuejO ytzOjtrVIWsebuK12BGmcJZYARZpZ447RTRgXDR2i+maIAAQFAFoHGVIRwWE8gCdnh3mwGoSIAfg ZAXwUIfYVYTQNpgEr2jLAGHkCWyBWOqeZeZuZ+rBGezIrermOO6lTWsDqGsUumsmb2TBGcRulOlZ CgfLdbdrd7eO6uy9pEqgI4J4MQAoOAPutRmW3egJnYfwcqbwfITYRAKYf4daqW5CIO5Ucm5hWeyW TpHu7Fg29mrujacOzYrmj53+kIvWkd2JHvBW+o0LsDsSljsrs8QfB7Q6dwAwNMlQAe94MRWW++wR B4fLi4fIToRQKwfoaxKMftfXAhq45PDzB4zgeQdF1OqZiQCbgRHvIQz+uA0O5wALKWE/Hoj/JbBp aTeQvxaAeYdocC2aYHKACYEGItGA0E9K5XEVH4qoB4CmWBB/IXIjsAqXJ/KNq+VtlgAwPgRYVgAQ EYFG05B/F5LAfYWQUYPQfYXiqzZ7aHKfRnRvR3R/SHSPSWji9YGQHAIoA4PYRQVYAFDkOJhuWeoO /A3ofoaYZYWYfQUYSIMKFvLfSfV/WHWPWXWfWnWoroAdXQAgKILgOIAoMgN6p4x3QMrgdph+o4Q4 KO/Qb4aPW3ZvZ3Z/aHaPaWao04BwCIAoOIPwTgAYHYIUBgrfYYrYfiLAfIUQSAL4foZwYgVPHfaf d3d/eHePeXeZyYAR9gFYAwQAR4WOVuV4l3cIl4fgXwWQR4fXQhK5s+Ynenhfhnhvh3h/iG6oqueQ IYKeewQoUpQ+fYiHgHjgbgaoYQfOg4LJjxDfiPk/lHlPlXlfhemoAoLoNAQIAgKwMAO/F46Y6uo+ pIf2PQY/lnn/oHoPoXofWG24DHmYMIPQf4aoaYaqTiYmxnonqXqfqnqveIgIAA8BAAADAAAAAQD6 AAABAQADAAAAAQA+AAABAgADAAAABAAAHoQBAwADAAAAAQAFAAABBgADAAAAAQACAAABEQAEAAAA AQAAAAgBEgADAAAAAQABAAABFQADAAAAAQAEAAABFgADAAAAAQA+AAABFwAEAAAAAQAAHcIBHAAD AAAAAQABAAABPQADAAAAAQACAAABUgADAAAAAQABAAABUwADAAAABAAAHoyHcwAHAAAMSAAAHpQA AAAAAAgACAAIAAgAAQABAAEAAQAADEhMaW5vAhAAAG1udHJSR0IgWFlaIAfOAAIACQAGADEAAGFj c3BNU0ZUAAAAAElFQyBzUkdCAAAAAAAAAAAAAAAAAAD21gABAAAAANMtSFAgIAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEWNwcnQAAAFQAAAAM2Rlc2MAAAGE AAAAbHd0cHQAAAHwAAAAFGJrcHQAAAIEAAAAFHJYWVoAAAIYAAAAFGdYWVoAAAIsAAAAFGJYWVoA AAJAAAAAFGRtbmQAAAJUAAAAcGRtZGQAAALEAAAAiHZ1ZWQAAANMAAAAhnZpZXcAAAPUAAAAJGx1 bWkAAAP4AAAAFG1lYXMAAAQMAAAAJHRlY2gAAAQwAAAADHJUUkMAAAQ8AAAIDGdUUkMAAAQ8AAAI DGJUUkMAAAQ8AAAIDHRleHQAAAAAQ29weXJpZ2h0IChjKSAxOTk4IEhld2xldHQtUGFja2FyZCBD b21wYW55AABkZXNjAAAAAAAAABJzUkdCIElFQzYxOTY2LTIuMQAAAAAAAAAAAAAAEnNSR0IgSUVD NjE5NjYtMi4xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AABYWVogAAAAAAAA81EAAQAAAAEWzFhZWiAAAAAAAAAAAAAAAAAAAAAAWFlaIAAAAAAAAG+iAAA4 9QAAA5BYWVogAAAAAAAAYpkAALeFAAAY2lhZWiAAAAAAAAAkoAAAD4QAALbPZGVzYwAAAAAAAAAW SUVDIGh0dHA6Ly93d3cuaWVjLmNoAAAAAAAAAAAAAAAWSUVDIGh0dHA6Ly93d3cuaWVjLmNoAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRlc2MAAAAAAAAALklF QyA2MTk2Ni0yLjEgRGVmYXVsdCBSR0IgY29sb3VyIHNwYWNlIC0gc1JHQgAAAAAAAAAAAAAALklF QyA2MTk2Ni0yLjEgRGVmYXVsdCBSR0IgY29sb3VyIHNwYWNlIC0gc1JHQgAAAAAAAAAAAAAAAAAA AAAAAAAAAABkZXNjAAAAAAAAACxSZWZlcmVuY2UgVmlld2luZyBDb25kaXRpb24gaW4gSUVDNjE5 NjYtMi4xAAAAAAAAAAAAAAAsUmVmZXJlbmNlIFZpZXdpbmcgQ29uZGl0aW9uIGluIElFQzYxOTY2 LTIuMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdmlldwAAAAAAE6T+ABRfLgAQzxQAA+3MAAQT CwADXJ4AAAABWFlaIAAAAAAATAlWAFAAAABXH+dtZWFzAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAA AAACjwAAAAJzaWcgAAAAAENSVCBjdXJ2AAAAAAAABAAAAAAFAAoADwAUABkAHgAjACgALQAyADcA OwBAAEUASgBPAFQAWQBeAGMAaABtAHIAdwB8AIEAhgCLAJAAlQCaAJ8ApACpAK4AsgC3ALwAwQDG AMsA0ADVANsA4ADlAOsA8AD2APsBAQEHAQ0BEwEZAR8BJQErATIBOAE+AUUBTAFSAVkBYAFnAW4B dQF8AYMBiwGSAZoBoQGpAbEBuQHBAckB0QHZAeEB6QHyAfoCAwIMAhQCHQImAi8COAJBAksCVAJd AmcCcQJ6AoQCjgKYAqICrAK2AsECywLVAuAC6wL1AwADCwMWAyEDLQM4A0MDTwNaA2YDcgN+A4oD lgOiA64DugPHA9MD4APsA/kEBgQTBCAELQQ7BEgEVQRjBHEEfgSMBJoEqAS2BMQE0wThBPAE/gUN BRwFKwU6BUkFWAVnBXcFhgWWBaYFtQXFBdUF5QX2BgYGFgYnBjcGSAZZBmoGewaMBp0GrwbABtEG 4wb1BwcHGQcrBz0HTwdhB3QHhgeZB6wHvwfSB+UH+AgLCB8IMghGCFoIbgiCCJYIqgi+CNII5wj7 CRAJJQk6CU8JZAl5CY8JpAm6Cc8J5Qn7ChEKJwo9ClQKagqBCpgKrgrFCtwK8wsLCyILOQtRC2kL gAuYC7ALyAvhC/kMEgwqDEMMXAx1DI4MpwzADNkM8w0NDSYNQA1aDXQNjg2pDcMN3g34DhMOLg5J DmQOfw6bDrYO0g7uDwkPJQ9BD14Peg+WD7MPzw/sEAkQJhBDEGEQfhCbELkQ1xD1ERMRMRFPEW0R jBGqEckR6BIHEiYSRRJkEoQSoxLDEuMTAxMjE0MTYxODE6QTxRPlFAYUJxRJFGoUixStFM4U8BUS FTQVVhV4FZsVvRXgFgMWJhZJFmwWjxayFtYW+hcdF0EXZReJF64X0hf3GBsYQBhlGIoYrxjVGPoZ IBlFGWsZkRm3Gd0aBBoqGlEadxqeGsUa7BsUGzsbYxuKG7Ib2hwCHCocUhx7HKMczBz1HR4dRx1w HZkdwx3sHhYeQB5qHpQevh7pHxMfPh9pH5Qfvx/qIBUgQSBsIJggxCDwIRwhSCF1IaEhziH7Iici VSKCIq8i3SMKIzgjZiOUI8Ij8CQfJE0kfCSrJNolCSU4JWgllyXHJfcmJyZXJocmtyboJxgnSSd6 J6sn3CgNKD8ocSiiKNQpBik4KWspnSnQKgIqNSpoKpsqzysCKzYraSudK9EsBSw5LG4soizXLQwt QS12Last4S4WLkwugi63Lu4vJC9aL5Evxy/+MDUwbDCkMNsxEjFKMYIxujHyMioyYzKbMtQzDTNG M38zuDPxNCs0ZTSeNNg1EzVNNYc1wjX9Njc2cjauNuk3JDdgN5w31zgUOFA4jDjIOQU5Qjl/Obw5 +To2OnQ6sjrvOy07azuqO+g8JzxlPKQ84z0iPWE9oT3gPiA+YD6gPuA/IT9hP6I/4kAjQGRApkDn QSlBakGsQe5CMEJyQrVC90M6Q31DwEQDREdEikTORRJFVUWaRd5GIkZnRqtG8Ec1R3tHwEgFSEtI kUjXSR1JY0mpSfBKN0p9SsRLDEtTS5pL4kwqTHJMuk0CTUpNk03cTiVObk63TwBPSU+TT91QJ1Bx ULtRBlFQUZtR5lIxUnxSx1MTU19TqlP2VEJUj1TbVShVdVXCVg9WXFapVvdXRFeSV+BYL1h9WMtZ GllpWbhaB1pWWqZa9VtFW5Vb5Vw1XIZc1l0nXXhdyV4aXmxevV8PX2Ffs2AFYFdgqmD8YU9homH1 YklinGLwY0Njl2PrZEBklGTpZT1lkmXnZj1mkmboZz1nk2fpaD9olmjsaUNpmmnxakhqn2r3a09r p2v/bFdsr20IbWBtuW4SbmtuxG8eb3hv0XArcIZw4HE6cZVx8HJLcqZzAXNdc7h0FHRwdMx1KHWF deF2Pnabdvh3VnezeBF4bnjMeSp5iXnnekZ6pXsEe2N7wnwhfIF84X1BfaF+AX5ifsJ/I3+Ef+WA R4CogQqBa4HNgjCCkoL0g1eDuoQdhICE44VHhauGDoZyhteHO4efiASIaYjOiTOJmYn+imSKyosw i5aL/IxjjMqNMY2Yjf+OZo7OjzaPnpAGkG6Q1pE/kaiSEZJ6kuOTTZO2lCCUipT0lV+VyZY0lp+X Cpd1l+CYTJi4mSSZkJn8mmia1ZtCm6+cHJyJnPedZJ3SnkCerp8dn4uf+qBpoNihR6G2oiailqMG o3aj5qRWpMelOKWpphqmi6b9p26n4KhSqMSpN6mpqhyqj6sCq3Wr6axcrNCtRK24ri2uoa8Wr4uw ALB1sOqxYLHWskuywrM4s660JbSctRO1irYBtnm28Ldot+C4WbjRuUq5wro7urW7LrunvCG8m70V vY++Cr6Evv+/er/1wHDA7MFnwePCX8Lbw1jD1MRRxM7FS8XIxkbGw8dBx7/IPci8yTrJuco4yrfL Nsu2zDXMtc01zbXONs62zzfPuNA50LrRPNG+0j/SwdNE08bUSdTL1U7V0dZV1tjXXNfg2GTY6Nls 2fHadtr724DcBdyK3RDdlt4c3qLfKd+v4DbgveFE4cziU+Lb42Pj6+Rz5PzlhOYN5pbnH+ep6DLo vOlG6dDqW+rl63Dr++yG7RHtnO4o7rTvQO/M8Fjw5fFy8f/yjPMZ86f0NPTC9VD13vZt9vv3ivgZ +Kj5OPnH+lf65/t3/Af8mP0p/br+S/7c/23//w== --e89a8ff1ca289c4128051ad92cc3--