From owner-freebsd-hubs@FreeBSD.ORG Thu Jun 26 04:11:30 2003 Return-Path: Delivered-To: freebsd-hubs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6AE6337B401 for ; Thu, 26 Jun 2003 04:11:30 -0700 (PDT) Received: from mailout.informatik.tu-muenchen.de (mailout.informatik.tu-muenchen.de [131.159.0.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 259B143FFD for ; Thu, 26 Jun 2003 04:11:29 -0700 (PDT) (envelope-from langd@informatik.tu-muenchen.de) Date: Thu, 26 Jun 2003 13:11:27 +0200 From: Daniel Lang To: Ken Smith Message-ID: <20030626111127.GB10018@atrbg11.informatik.tu-muenchen.de> References: <3EF9A5FD.22140.3F8EC95E@localhost> <3EF9F650.2909.40C896BC@localhost> <20030625233455.GA22339@electra.cse.Buffalo.EDU> <20030625234433.GB22339@electra.cse.Buffalo.EDU> <20030626010219.GE68238@isnic.is> <20030626013823.GA24444@electra.cse.Buffalo.EDU> Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="0ntfKIWw70PvrIHh" Content-Disposition: inline In-Reply-To: <20030626013823.GA24444@electra.cse.Buffalo.EDU> X-Geek: GCS/CC d-- s: a- C++$ UBS++++$ P+++$ L- E-(---) W+++(--) N++ o K w--- O? M? V? PS+(++) PE--(+) Y+ PGP+ t++ 5+++ X R+(-) tv+ b+ DI++ D++ G++ e+++ h---(-) r++>+++ y+ User-Agent: Mutt/1.5.1i X-Virus-Scanned: by amavisd-new at informatik.tu-muenchen.de cc: freebsd-hubs@freebsd.org Subject: DNS Stuff Proposal X-BeenThere: freebsd-hubs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Distributions Hubs: mail sup ftp List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jun 2003 11:11:30 -0000 --0ntfKIWw70PvrIHh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, lots of stuff to read, I may have overlooked the details, but anyway I want to suggest something. My suggestion will also be a lot to read (much more than I intended, but still I ask you, to take a look at it). Foreword: I agree with Oli, that the present system does not work so bad. I also agree with Ken, that there are things, that could be improved, notably in the cases, where no delegation exists, yet. Further, I guess everyone agrees, that the system should not be too complex. So here's my proposal: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D In general things remain mostly, as they are and work well. Responsibilities and Delegation ------------------------------- 1. Case: Where delegation exists, the admins maintaining the the delegation are responsible for anything under their domain. All complaints and problems concerning services within this domain, should be handled withing this domain. By means that the maintainers of this domain decide. Example: uk.freebsd.org is delegated to some people, including Joe. They are responsible for any request that concerns UK. The contact address is . =20 This is conform with the present system as documented in the hubs article. 2. Case: No delegation exists, but is requested: a) The requesting admin of the new site is willing to take responsibility and have the zone delegated, assuming all required responsibilties. In this case, the request is passed to some Mirror/DNS coordinator, i.e. the person Ken called "Chris". "Chris" evaluates the request and the requesting party, granting or denying the request. The contact address for this request should be something obvious and easy. It could be ,=20 or if you want to avoid to hassle this team, put something up front: (beeing "Chris"). If granted, the new site gets the delegation, and becomes case 1. Example: Admins in Croatia offer a new site and are willing and able to take zone responsiblity. "Chris" approves and delegates the zone hr.freebsd.org once to the Croatian folks. The future contact for Croatia is . b) The requesting admin is NOT willing to take responsiblity OR, the delegation request was denied by "Chris". "Chris" then decides the following: i) the site is still worth adding, but delegation cannot be put into the hands of the requesting party. =3D> The delegation still takes place and the zone is created, BUT it is maintained by .=20 So, the zone is created and delegated, but to the people themselves. The contact address for this new zone will be=20 . This makes it transparent, if the zone can be transferred to some admins in that country, if they are available. Of course, the folks, would have to be willing to carry and maintain the zone. It avoids confusion, because the general rule, that as documented in the hubs article, does still apply. This is a fallback solution, and I don't expect too many cases like that. Example: Crotian admins want to have an official ftp mirror,=20 but are not willing or not able to assume responsibilty for the zone, but "Chris" thinks it's still worth. The zone hr.freebsd.org is created but maintained by the dnsadm-team, still the contact address will be , which will reach some member(s) from the team. They will add an entry for the requested server. =20 ii) "Chris" decides, it's not worth the trouble, and the request is finally rejected. (No example). 3. Delegation exists, but the current maintainers of the zone are unable to continue their contribution. a) Within the existing zone, there are other maintainers, that can take over. They can apply to "Chris" for the job, or the current maintainers can suggest them to "Chris". If "Chris" approves, the delegation is transferred to the new admins. Example: Joe can no longer maintain uk.freebsd.org, but Brian is willing and able. Joe suggest Brian (or Brian suggest himself). "Chris" talks to Brian, and thinks thats a good solution. transfer the delegation from Joe's nameserver to Brian's. remains valid, but reaches now Brian instead of Joe. =20 b) No one can take over the zone maintenance. GOTO 2.b) :-)) It's really the same here as in 2.b) now. Either the site is dropped, or the delegation goes back to but with the (uk as an example here) contact address remaining valid. Extra Goodies that have been provided by Joe, may be dropped most likely, but that's inevitable. 4. Delegation exists, but the admins are unresponsive, there are problems, and site admins within the zone are unhappy with how current handles their requests. In this case, "Chris" needs to decide, if this becomes case 3. or remains case 1. So far how to handle and delegate requests. This proposal should solve most issues brought up by Ken, while still maintaining best current practice (where it works) and beeing transparent enough to avoid confusion. Drawbacks: * Some person or team must be willing to assume the role of "Chris", which is a very responsible role. * The team may need to take care of additional zones (but only in some cases), still this will result in more work, than just right now. Authorisation and Authentication -------------------------------- This issue has been addressed above only indirectly. Of course "Chris" evaluates and approves or denies=20 requests, so he/she has to power of authorization. But to simplify things, the following could be established.=20 For each delegation an OpenPGP conform key-pair should be created, that is used to sign any further requests to "Chris" or . A signed request can much quicker be decided. "Chris" will have to build a directory with at least the following content: , , Example(!): uk.freebsd.org: FreeBSD UK Admins Joseph Karthauser Brian Somers Approved public key: ....... Fingerprint : ....... [..] ---------- Additionally "Chris" can also maintain a list of responsible people for individual sites, but it may not necessarily be maintained that accurate. Like , , Example(!): ftp7.de.freebsd.org, Oliver Fromme , PGP key .... [..] -------- Of course the sites in a zone, that is not really delegated, but maintained by the team, should at least be accurate in the site-maintainer's list. So much for authorization and keeping track of current admins. Discussion media ---------------- The default channel to handle any requests, questions or problems with FreeBSD sites, should be the list, "Chris" should be subscribed to this list. Additionally, local zone administrators can set up local lists to handle and discuss requests, problems, etc within a zone. Example: ------------------ Ok, thanks for reading this so far. A soon as some proposal (like this) has been approved by you hub admins and the FreeBSD folks, we can put it (or the parts, that have passed) in another article to be published. That makes it easier for us all to implement anything, that we agree upon. Best regards, Daniel --=20 IRCnet: Mr-Spock - Cool people don't move, they just hang around. - =20 Daniel Lang * dl@leo.org * ++49 89 289 18532 * http://www.leo.org/~dl/ --0ntfKIWw70PvrIHh Content-Type: application/x-pkcs7-signature Content-Disposition: attachment; filename="smime.p7s" Content-Transfer-Encoding: base64 MIIXgAYJKoZIhvcNAQcCoIIXcTCCF20CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC FUAwggbMMIIFtKADAgECAgIVezANBgkqhkiG9w0BAQUFADCBpjELMAkGA1UEBhMCREUxETAP BgNVBAcTCE11ZW5jaGVuMSkwJwYDVQQKEyBUZWNobmlzY2hlIFVuaXZlcnNpdGFldCBNdWVu Y2hlbjEiMCAGA1UECxMZRmFrdWx0YWV0IGZ1ZXIgSW5mb3JtYXRpazEYMBYGA1UEAxMPUkJH LUJlbnV0emVyLUNBMRswGQYJKoZIhvcNAQkBFgxjYUBpbi50dW0uZGUwHhcNMDMwNTIwMTIz MTQyWhcNMDQwNTIxMDAwMDAwWjCBqzELMAkGA1UEBhMCREUxETAPBgNVBAcTCE11ZW5jaGVu MSkwJwYDVQQKEyBUZWNobmlzY2hlIFVuaXZlcnNpdGFldCBNdWVuY2hlbjEiMCAGA1UECxMZ RmFrdWx0YWV0IGZ1ZXIgSW5mb3JtYXRpazEUMBIGA1UEAxMLRGFuaWVsIExhbmcxJDAiBgkq hkiG9w0BCQEWFWRhbmllbC5sYW5nQGluLnR1bS5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw gYkCgYEAk55VXazdhYUuEJAHmO439gJwKVfvcdF64VyP8tzhYwiIx/9FOsQj8r8Gw2g0MDCa X2mCNiSKz32sUI33SQFhBhwxoF6bpq7d6pfeJ7UL+2T/bkRVF/Y7zPuMMK/wMbiEwyfvdjxk 8XsVtpj500LjW7QYdAHlijHRAY2nFk4f8bcCAwEAAaOCA38wggN7MAwGA1UdEwEB/wQCMAAw HQYDVR0OBBYEFPMLcu3eegcL6m8ObwlveYDdoYOpMIHKBgNVHSMEgcIwgb+AFK81Ou8wbY/H n0tx1dgCig9IKGPUoYGjpIGgMIGdMQswCQYDVQQGEwJERTERMA8GA1UEBxMITXVlbmNoZW4x KTAnBgNVBAoTIFRlY2huaXNjaGUgVW5pdmVyc2l0YWV0IE11ZW5jaGVuMSIwIAYDVQQLExlG YWt1bHRhZXQgZnVlciBJbmZvcm1hdGlrMQ8wDQYDVQQDEwZSQkctQ0ExGzAZBgkqhkiG9w0B CQEWDGNhQGluLnR1bS5kZYIBAjAOBgNVHQ8BAf8EBAMCBLAwHQYDVR0lBBYwFAYIKwYBBQUH AwIGCCsGAQUFBwMEMIGxBgNVHREEgakwgaaBD2xhbmdkQGluLnR1bS5kZYEVZGFuaWVsLmxh bmdAaW4udHVtLmRlgR9sYW5nZEBpbmZvcm1hdGlrLnR1LW11ZW5jaGVuLmRlgSVkYW5pZWwu bGFuZ0BpbmZvcm1hdGlrLnR1LW11ZW5jaGVuLmRlgRBsYW5nZEBjcy50dW0uZWR1gRZkYW5p ZWwubGFuZ0Bjcy50dW0uZWR1gQpkbEBsZW8ub3JnMAkGA1UdEgQCMAAwOAYDVR0fBDEwLzAt oCugKYYnaHR0cDovL2NhLmluLnR1bS5kZS9jcmxzL3VzZXJjYV9jcmwuY3JsMBEGCWCGSAGG +EIBAQQEAwIFoDCBnwYJYIZIAYb4QgENBIGRFoGORGllc2VzIFplcnRpZmlrYXQgd3VyZGUg YXVzZ2VzdGVsbHQgZnVlciBEYW5pZWwgTGFuZyB2b24gZGVyIFJCRy1CZW51dHplci1DQSwg RmFrdWx0YWV0IGZ1ZXIgSW5mb3JtYXRpayBkZXIgVGVjaG5pc2NoZW4gVW5pdmVyc2l0YWV0 IE11ZW5jaGVuLjA2BglghkgBhvhCAQMEKRYnaHR0cDovL2NhLmluLnR1bS5kZS9jZ2ktYmlu L3VzZXJjYS1yZXY/MDIGCWCGSAGG+EIBBAQlFiNodHRwOi8vY2EuaW4udHVtLmRlL2NnaS1i aW4vY2EtcmV2PzA2BglghkgBhvhCAQgEKRYnaHR0cDovL2NhLmluLnR1bS5kZS9wb2xpY2ll cy9yYmdjYS5odG1sMA0GCSqGSIb3DQEBBQUAA4IBAQAGrfB5rH9D6jl6Tx+hwXpv0a/TuV39 vIQWMCA1hi0V4pI+bMyGTW1k/Ve5C58wRZv7CSTnxTGoqZmqnV37GGQlZBmvsDE+u3FKL/T7 Tk/rlVajExCXGHwjgHp2FfCaVMawKSUrI60aDcUgLUtT2DKpEfKfr/MC7CDtCaYy6TW93cHc uv2oM+1PN+CIcR5PaqEySmeYoXBMXd6sktjyNUWLxsNhtFMVnOiwF3SZYbRbRobuEWM3o+W7 nijECUIKz8rvK3f/c8v9HlVitMbeaTs4J1nZUR9lsvGLik6vsfIgbmuP6MMkrKFYwq5XTR1x JtMcmvnqcWytpYFDVPGuGaj1MIIHKDCCBRCgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnTEL MAkGA1UEBhMCREUxETAPBgNVBAcTCE11ZW5jaGVuMSkwJwYDVQQKEyBUZWNobmlzY2hlIFVu aXZlcnNpdGFldCBNdWVuY2hlbjEiMCAGA1UECxMZRmFrdWx0YWV0IGZ1ZXIgSW5mb3JtYXRp azEPMA0GA1UEAxMGUkJHLUNBMRswGQYJKoZIhvcNAQkBFgxjYUBpbi50dW0uZGUwHhcNMDIx MDA5MTY0MTAzWhcNMDQwNTIxMDAwMDAwWjCBpDELMAkGA1UEBhMCREUxETAPBgNVBAcTCE11 ZW5jaGVuMSkwJwYDVQQKEyBUZWNobmlzY2hlIFVuaXZlcnNpdGFldCBNdWVuY2hlbjEiMCAG A1UECxMZRmFrdWx0YWV0IGZ1ZXIgSW5mb3JtYXRpazEWMBQGA1UEAxMNUkJHLVNlcnZlci1D QTEbMBkGCSqGSIb3DQEJARYMY2FAaW4udHVtLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAzAHBIFy4tKTvbMMg037hc9t2jR5MVpEUIPvrSWC4xpbr6Hw7abQW/lRfFpV8 enf9tSgfcl8kvGjAAD8AYeuDash6TQSUjBdZCe7V297oZ0dsuurZBkM5BwvLWF8vMiY+SD/+ XTqhnU6B/E9C+R5VXjXsXV2u9hDtKVC5hqVgnxRM5rT/LsUhcchgAXk2WuI8r9Llb+voPWwM FmHk2jxUwhvxZfGo15HDrvJUgzYsL36SmeYMI9Eo70uGmAQRPVVq2zn/3AC4z8X1cBd3ItnH YPbx0iUH5kEGq2KH5iCndwNq9oaFhKj+Y34wEv5BYl6sb5C9EBvtGyebNwuvmtC3tQIDAQAB o4ICaDCCAmQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUH9QPe0VQVF1D2v8Su/itK/4O QMwwgcoGA1UdIwSBwjCBv4AU2WV+TUF/hD+1KtZ7E519yuW0XRqhgaOkgaAwgZ0xCzAJBgNV BAYTAkRFMREwDwYDVQQHEwhNdWVuY2hlbjEpMCcGA1UEChMgVGVjaG5pc2NoZSBVbml2ZXJz aXRhZXQgTXVlbmNoZW4xIjAgBgNVBAsTGUZha3VsdGFldCBmdWVyIEluZm9ybWF0aWsxDzAN BgNVBAMTBlJCRy1DQTEbMBkGCSqGSIb3DQEJARYMY2FAaW4udHVtLmRlggEAMA4GA1UdDwEB /wQEAwIBBjATBgNVHSUEDDAKBggrBgEFBQcDATA0BgNVHR8ELTArMCmgJ6AlhiNodHRwOi8v Y2EuaW4udHVtLmRlL2NybHMvY2FfY3JsLmNybDARBglghkgBhvhCAQEEBAMCAgQwgYQGCWCG SAGG+EIBDQR3FnVaZXJ0aWZpa2F0IGZ1ZXIgUkJHLVNlcnZlci1DQSBhdXNnZXN0ZWxsdCB2 b24gUkJHLUNBLCBGYWt1bHRhZXQgZnVlciBJbmZvcm1hdGlrIGRlciBUZWNobmlzY2hlbiBV bml2ZXJzaXRhZXQgTXVlbmNoZW4wMgYJYIZIAYb4QgEEBCUWI2h0dHA6Ly9jYS5pbi50dW0u ZGUvY2dpLWJpbi9jYS1yZXY/MDwGCWCGSAGG+EIBCAQvFi1odHRwOi8vY2EuaW4udHVtLmRl L3BvbGljaWVzL3NlcnZlcmNhcG9sLmh0bWwwDQYJKoZIhvcNAQEFBQADggIBAMzKnULQb6Kd hPNmKKmPSJJUOtbHxGH7Qi8paskt7dzDja/X7wz3524LGN2f05c1uAfyAP9Ar0nFthWy0qeM ueOtrOcSCj8AYwYN5H4drMC8GglQwlkD0M/nhPJ5xtAj8JzNYHzG1DK5tVgoJnF+t4KmTpI6 QJ6Dh3XDoZXubWd0jkHxQIzOKhs9PPjEzydmerC7B3Zt8vh7457Sk6wwZFhXc+nkeIIplnlD sBioOSyF7hZOwx4I2Auxss1zsyUQHCX88sOuZC0kYB7yRd1TMRti8josznux8k13sZBezFMP S2yCuKRBEk5Nt57OyGbIF4O7Mhn01mTnol2BDpTKJek45bIpRvSLl/xRPpjnzxLO1rXtXgCs GtkmXj+Zwo5fnL6OvZIiFgMV4ASsFclZexceHxDjpia1IHSFB/4I5fAys8Bw03idI+rfsla1 mW0AJuw260QgoBz+b+LKGosJdNosMfOJmNl0vW3Kq6NfYpZLkG0YJF9Xo6vsATFk9kNq56ye ila80uE2wDO/BGAcBMWQ4uwfrWqVPoW5X/oHcPISApnCBeZ+LyWvnTkgxCUeyqyxNOvaA/j7 jUoBb9l+GWup8EGND16mR/wYWAxYLgis1pn5QmSTbbKSWKcqDo6HBo1Zx9XRf76CZc7RJRp9 EXqYrkmlL9eg7qcnnS1rJbqxMIIHQDCCBSigAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBnTEL MAkGA1UEBhMCREUxETAPBgNVBAcTCE11ZW5jaGVuMSkwJwYDVQQKEyBUZWNobmlzY2hlIFVu aXZlcnNpdGFldCBNdWVuY2hlbjEiMCAGA1UECxMZRmFrdWx0YWV0IGZ1ZXIgSW5mb3JtYXRp azEPMA0GA1UEAxMGUkJHLUNBMRswGQYJKoZIhvcNAQkBFgxjYUBpbi50dW0uZGUwHhcNMDIx MDA5MTcwMzUyWhcNMDQwNTIxMDAwMDAwWjCBpjELMAkGA1UEBhMCREUxETAPBgNVBAcTCE11 ZW5jaGVuMSkwJwYDVQQKEyBUZWNobmlzY2hlIFVuaXZlcnNpdGFldCBNdWVuY2hlbjEiMCAG A1UECxMZRmFrdWx0YWV0IGZ1ZXIgSW5mb3JtYXRpazEYMBYGA1UEAxMPUkJHLUJlbnV0emVy LUNBMRswGQYJKoZIhvcNAQkBFgxjYUBpbi50dW0uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQCtYQ5ycRY6fyrlvJgpeQCNhPxQduU59Kpv6xWId9sHL8NyI7nlmlWzMroD ddIqeg7QvvtPS+xorbQJ9rxh94lXZtwlGPYg4LC/1PHGnDt+8RGiq8GLbHyeJZoQnEGSovyn uR4wZ9qnApFRsXcUZ5W/CSSwjKnQeN39oFj8EC4xtmUuudV65sxGuGToRVoSnjeULJKYBNnC RxVx2MU5exKGQAuvgaVd7Ozb7ziZyWxhVCNrUQOGrSKDgyKLguWTNnD7sSOiOpie3IX8H2DV DvbcKcmMQr8ojwWutNDPadOth+J6qd/modqxB1VbH8wu0lezbhPM5dh7yUFCEqZoXXh9AgMB AAGjggJ+MIICejAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSvNTrvMG2Px59LcdXYAooP SChj1DCBygYDVR0jBIHCMIG/gBTZZX5NQX+EP7Uq1nsTnX3K5bRdGqGBo6SBoDCBnTELMAkG A1UEBhMCREUxETAPBgNVBAcTCE11ZW5jaGVuMSkwJwYDVQQKEyBUZWNobmlzY2hlIFVuaXZl cnNpdGFldCBNdWVuY2hlbjEiMCAGA1UECxMZRmFrdWx0YWV0IGZ1ZXIgSW5mb3JtYXRpazEP MA0GA1UEAxMGUkJHLUNBMRswGQYJKoZIhvcNAQkBFgxjYUBpbi50dW0uZGWCAQAwDgYDVR0P AQH/BAQDAgEGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDA0BgNVHR8ELTArMCmg J6AlhiNodHRwOi8vY2EuaW4udHVtLmRlL2NybHMvY2FfY3JsLmNybDAJBgNVHRIEAjAAMBEG CWCGSAGG+EIBAQQEAwIBBjCBhwYJYIZIAYb4QgENBHoWeFplcnRpZmlrYXQgZnVlciBSQkct QmVudXR6ZXItQ0EsIGF1c2dlc3RlbGx0IHZvbiBSQkctQ0EsIEZha3VsdGFldCBmdWVyIElu Zm9ybWF0aWsgZGVyIFRlY2huaXNjaGVuIFVuaXZlcnNpdGFldCBNdWVuY2hlbjAyBglghkgB hvhCAQQEJRYjaHR0cDovL2NhLmluLnR1bS5kZS9jZ2ktYmluL2NhLXJldj8wOgYJYIZIAYb4 QgEIBC0WK2h0dHA6Ly9jYS5pbi50dW0uZGUvcG9saWNpZXMvdXNlcmNhcG9sLmh0bWwwDQYJ KoZIhvcNAQEFBQADggIBAJapnE3b+p2nrryUkfTEl5iKTl7o8hLrB4FbLZsdBs16pIb0fIIq yGR0wlv0Qq5OLHm1hQzGkfhqEb2O+oBQJgaykxAB+6rKKOJdL12LSQrYXbDV8t/isyurwkFi fmcWDxVF4reDcz8F61KrVz46k2KtdY39CcuW+x1xQZRgier+jdBLLsbkM21XkufUrwnnO5Vr j0cD48XmcsVuWF0EkGo49jPHk8LG2cMyhQR/ZT4f1kegi9WmoV4NjKJnEU2QaTfbLUb2i509 RYf31oDnhq6oO1wCcRvVeDfyx5aj0y68sL1ySNmTQEELOmOFPqmVqa9BAR4wzuTXJi9UvOwF tQMsKq9AX4cFegDl4D4E5QQ7JladBMvJ0VALdGSGlGHARQGvO8SvapsOTVPC5n+UD6jwhTw0 pCPSypzIIrpT9vjxD7bDvudOfKguVRuX8poWID7yXcB0ApHdoNIMrGJx1Tc6SN6rGKWYre+W y/AsqMNNmR+YrJn/UOs6lKX9TtaHOFbxNPwo7RgdRg/srESEtIQ5IKkPA0Vt9Eh5H3VWBhrU b1gmvyNTwJFRqYmFhr7jFFdgnX3Jsbw81jl1z4jLdeeslLxs8vmnwQvWRz3BEPo+g0mrIuYt QjSdgGF8xHgyeRxfa8o3P/rncBysyNYe/AdWd6UGPmompEBZuFzSN+G8MYICCDCCAgQCAQEw ga0wgaYxCzAJBgNVBAYTAkRFMREwDwYDVQQHEwhNdWVuY2hlbjEpMCcGA1UEChMgVGVjaG5p c2NoZSBVbml2ZXJzaXRhZXQgTXVlbmNoZW4xIjAgBgNVBAsTGUZha3VsdGFldCBmdWVyIElu Zm9ybWF0aWsxGDAWBgNVBAMTD1JCRy1CZW51dHplci1DQTEbMBkGCSqGSIb3DQEJARYMY2FA aW4udHVtLmRlAgIVezAJBgUrDgMCGgUAoIGxMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEw HAYJKoZIhvcNAQkFMQ8XDTAzMDYyNjExMTEyN1owIwYJKoZIhvcNAQkEMRYEFNXjJL6OU1gw Ffudk+shbS8KBmW2MFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwIC AgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMA0GCSqGSIb3DQEB AQUABIGASgXEQCzL/c6XuQ2gPu2g9gaYkt7DP+Fv10NLQG1H/18w9A7lh+6KTVzul4XJqIQ6 dR9ugQdm4wq1edPYtMpjw8IQBjopYgdn1ubmEKuiiXBVAfEs0wrKtsWhoxYvW3AwnMjhUTXO Z8Ax5Vqby302u6mcf/DqFL6USiS5kYMAyi4= --0ntfKIWw70PvrIHh--