Date: Thu, 28 Mar 2024 20:09:48 +0000 (UTC)
Message-ID: <846898189.24647.1711656588106@ae5f4610bf64>
Subject: Exported From Confluence
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_Part_24646_1470659165.1711656588106"
------=_Part_24646_1470659165.1711656588106
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Content-Location: file:///C:/exported.html
Security is an important consideration for many distributed applications=
, both within corporate intranets as well as over untrusted networks, such =
as the Internet. The ability to protect sensitive information, ensure its i=
ntegrity, and verify the identities of the communicating parties is essenti=
al for developing secure applications. With those goals in mind, Ice includ=
es the IceSSL plug-in that provides these capabilities using the S=
ecure Socket Layer (SSL) protocol.
Although security is an optional component of Ice, it is not an aftertho=
ught. The IceSSL plug-in integrates easily into existing Ice applications, =
in most cases requiring nothing more than configuration changes. Naturally,=
some additional effort is required to create the necessary security infras=
tructure for an application, but in many enterprises this work will have al=
ready been done.
On this page:
Overview of SSL
The Secure Socket Layer (SSL) protocol is the de facto standard for secu=
re network communication. Its support for authentication, non-repudiation, =
data integrity, and strong encryption makes it the logical choice for secur=
ing Ice applications.
SSL is the protocol [1] that enables Web brows=
ers to conduct secure transactions and therefore is one of the most commonl=
y used protocols for secure network communication. You do not need to know =
the technical details of the SSL protocol in order to use IceSSL successful=
ly (and those details are outside the scope of this text). However, it woul=
d be helpful to have a high-level understanding of how the protocol works a=
nd the infrastructure required to support it.
SSL provides a secure environment for communication (without sacrificing=
too much performance) by combining a number of cryptographic techniques:=
p>
- public key encryption
- symmetric (shared key) encryption
- message authentication codes
- digital certificates
When a client establishes an SSL connection to a server, a handshake=
is performed. During a typical handshake, digital certificates that i=
dentify the communicating parties are validated, and symmetric keys are exc=
hanged for encrypting the session traffic. Public key encryption, which is =
too slow to be used for the bulk of a session's data transfer, is used heav=
ily during the handshaking phase. Once the handshake is complete, SSL uses =
message authentication codes to ensure data integrity, allowing the client =
and server to communicate at will with reasonable assurance that their mess=
ages are secure.
Public Key Infrastructure
Security requires trust, and public key cryptography by itself does noth=
ing to establish trust. SSL addresses the issue of trust using Public Key I=
nfrastructure (PKI) [2], which binds public keys =
to identities using certificates. A certificate issuer creates a c=
ertificate for an entity, called the subject. The subject is often=
a person, but it may also be a computer or a specific application. The sub=
ject's identity is represented by a distinguished name, which incl=
udes information such as the subject's name, organization and location. A c=
ertificate alone is not sufficient to establish the subject's identity, how=
ever, as anyone can create a certificate for a particular distinguished nam=
e.
In order to authenticate a certificate, we need a third-party to guarant=
ee that the certificate belongs to the subject described by the distinguish=
ed name. This third party, called a Certificate Authority (CA), expresses t=
his guarantee by using its own private key to sign the subject's certificat=
e. Combining the CA's certificate with the subject's certificate forms a certificate chain that provides SSL with most of the information it =
needs to authenticate the remote peer. In many cases, the chain contains on=
ly the aforementioned two certificates, but it is also possible for the cha=
in to be longer when the root CA issues a certificate that the sub=
ject may use to sign other certificates. Regardless of the length of the ch=
ain, this scheme can only work if we trust that the root CA has sufficientl=
y verified the identity of the subject before issuing the certificate.
An implementation of the SSL protocol also needs to know which root CAs =
we trust. An application supplies that information as a list of certificate=
s representing the trusted root CAs. With that list in hand, the SSL implem=
entation authenticates a peer by obtaining the peer's certificate chain and=
examining it carefully for validity. If we view the chain as a hierarchy w=
ith the root CA certificate at the top and the peer's certificate at the bo=
ttom, we can describe SSL's validation activities as follows:
- The root CA certificate must be self-signed and be present among the ap=
plication's trusted CA certificates.
- All other certificates in the chain must be signed by the one immediate=
ly preceding it.
- The certificates must not be expired or revoked.
These tests certify that the chain is valid, but applications often requ=
ire the chain to undergo more intensive scrutiny to determine whether the c=
hain is trustworthy.
Commercial CAs exist to supply organizations with a reliable source of c=
ertificates, but in many cases a private CA is completely sufficient. You c=
an create and manage your CA using freely-available tools, and in fact Ice =
includes a co=
llection of utilities that simplify this process.
Depending on your implementation language, it may also possible to avoid=
the use of certificates altogether; encryption is still used to obscure th=
e session traffic, but the benefits of authentication are sacrificed in fav=
or of reduced complexity and administration.
Requirements
Integrating IceSSL into your application often requires no changes to yo=
ur source code, but does involve the following administrative tasks:
- creating a public key infrastructure (if necessary)
- configuring the IceSSL plug-in
- modifying your application's configuration to install the IceSSL plug-i=
n and use secure connections
The remainder of this discussion concentrates on plug-in configuration a=
nd programming.
Topics
References
- Viega, J=
., et al. 2002. Network Security with OpenSSL. Sebastopol=
, CA: O'Reilly.
- Housley,=
R., and T. Polk. 2001. Planning for PKI: Best Practices Guide for=
Deploying Public Key Infrastructure. Hoboken, NJ: Wiley.
------=_Part_24646_1470659165.1711656588106
Content-Type: application/octet-stream
Content-Transfer-Encoding: base64
Content-Location: file:///C:/868ad18823e1a25f0c31a0906a1cc907
iVBORw0KGgoAAAANSUhEUgAAAEQAAAAoCAIAAADIR8vEAAAACXBIWXMAAAsTAAALEwEAmpwYAAAK
T2lDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVNnVFPpFj333vRCS4iAlEtvUhUIIFJCi4AU
kSYqIQkQSoghodkVUcERRUUEG8igiAOOjoCMFVEsDIoK2AfkIaKOg6OIisr74Xuja9a89+bN/rXX
Pues852zzwfACAyWSDNRNYAMqUIeEeCDx8TG4eQuQIEKJHAAEAizZCFz/SMBAPh+PDwrIsAHvgAB
eNMLCADATZvAMByH/w/qQplcAYCEAcB0kThLCIAUAEB6jkKmAEBGAYCdmCZTAKAEAGDLY2LjAFAt
AGAnf+bTAICd+Jl7AQBblCEVAaCRACATZYhEAGg7AKzPVopFAFgwABRmS8Q5ANgtADBJV2ZIALC3
AMDOEAuyAAgMADBRiIUpAAR7AGDIIyN4AISZABRG8lc88SuuEOcqAAB4mbI8uSQ5RYFbCC1xB1dX
Lh4ozkkXKxQ2YQJhmkAuwnmZGTKBNA/g88wAAKCRFRHgg/P9eM4Ors7ONo62Dl8t6r8G/yJiYuP+
5c+rcEAAAOF0ftH+LC+zGoA7BoBt/qIl7gRoXgugdfeLZrIPQLUAoOnaV/Nw+H48PEWhkLnZ2eXk
5NhKxEJbYcpXff5nwl/AV/1s+X48/Pf14L7iJIEyXYFHBPjgwsz0TKUcz5IJhGLc5o9H/LcL//wd
0yLESWK5WCoU41EScY5EmozzMqUiiUKSKcUl0v9k4t8s+wM+3zUAsGo+AXuRLahdYwP2SycQWHTA
4vcAAPK7b8HUKAgDgGiD4c93/+8//UegJQCAZkmScQAAXkQkLlTKsz/HCAAARKCBKrBBG/TBGCzA
BhzBBdzBC/xgNoRCJMTCQhBCCmSAHHJgKayCQiiGzbAdKmAv1EAdNMBRaIaTcA4uwlW4Dj1wD/ph
CJ7BKLyBCQRByAgTYSHaiAFiilgjjggXmYX4IcFIBBKLJCDJiBRRIkuRNUgxUopUIFVIHfI9cgI5
h1xGupE7yAAygvyGvEcxlIGyUT3UDLVDuag3GoRGogvQZHQxmo8WoJvQcrQaPYw2oefQq2gP2o8+
Q8cwwOgYBzPEbDAuxsNCsTgsCZNjy7EirAyrxhqwVqwDu4n1Y8+xdwQSgUXACTYEd0IgYR5BSFhM
WE7YSKggHCQ0EdoJNwkDhFHCJyKTqEu0JroR+cQYYjIxh1hILCPWEo8TLxB7iEPENyQSiUMyJ7mQ
AkmxpFTSEtJG0m5SI+ksqZs0SBojk8naZGuyBzmULCAryIXkneTD5DPkG+Qh8lsKnWJAcaT4U+Io
UspqShnlEOU05QZlmDJBVaOaUt2ooVQRNY9aQq2htlKvUYeoEzR1mjnNgxZJS6WtopXTGmgXaPdp
r+h0uhHdlR5Ol9BX0svpR+iX6AP0dwwNhhWDx4hnKBmbGAcYZxl3GK+YTKYZ04sZx1QwNzHrmOeZ
D5lvVVgqtip8FZHKCpVKlSaVGyovVKmqpqreqgtV81XLVI+pXlN9rkZVM1PjqQnUlqtVqp1Q61Mb
U2epO6iHqmeob1Q/pH5Z/YkGWcNMw09DpFGgsV/jvMYgC2MZs3gsIWsNq4Z1gTXEJrHN2Xx2KruY
/R27iz2qqaE5QzNKM1ezUvOUZj8H45hx+Jx0TgnnKKeX836K3hTvKeIpG6Y0TLkxZVxrqpaXllir
SKtRq0frvTau7aedpr1Fu1n7gQ5Bx0onXCdHZ4/OBZ3nU9lT3acKpxZNPTr1ri6qa6UbobtEd79u
p+6Ynr5egJ5Mb6feeb3n+hx9L/1U/W36p/VHDFgGswwkBtsMzhg8xTVxbzwdL8fb8VFDXcNAQ6Vh
lWGX4YSRudE8o9VGjUYPjGnGXOMk423GbcajJgYmISZLTepN7ppSTbmmKaY7TDtMx83MzaLN1pk1
mz0x1zLnm+eb15vft2BaeFostqi2uGVJsuRaplnutrxuhVo5WaVYVVpds0atna0l1rutu6cRp7lO
k06rntZnw7Dxtsm2qbcZsOXYBtuutm22fWFnYhdnt8Wuw+6TvZN9un2N/T0HDYfZDqsdWh1+c7Ry
FDpWOt6azpzuP33F9JbpL2dYzxDP2DPjthPLKcRpnVOb00dnF2e5c4PziIuJS4LLLpc+Lpsbxt3I
veRKdPVxXeF60vWdm7Obwu2o26/uNu5p7ofcn8w0nymeWTNz0MPIQ+BR5dE/C5+VMGvfrH5PQ0+B
Z7XnIy9jL5FXrdewt6V3qvdh7xc+9j5yn+M+4zw33jLeWV/MN8C3yLfLT8Nvnl+F30N/I/9k/3r/
0QCngCUBZwOJgUGBWwL7+Hp8Ib+OPzrbZfay2e1BjKC5QRVBj4KtguXBrSFoyOyQrSH355jOkc5p
DoVQfujW0Adh5mGLw34MJ4WHhVeGP45wiFga0TGXNXfR3ENz30T6RJZE3ptnMU85ry1KNSo+qi5q
PNo3ujS6P8YuZlnM1VidWElsSxw5LiquNm5svt/87fOH4p3iC+N7F5gvyF1weaHOwvSFpxapLhIs
OpZATIhOOJTwQRAqqBaMJfITdyWOCnnCHcJnIi/RNtGI2ENcKh5O8kgqTXqS7JG8NXkkxTOlLOW5
hCepkLxMDUzdmzqeFpp2IG0yPTq9MYOSkZBxQqohTZO2Z+pn5mZ2y6xlhbL+xW6Lty8elQfJa7OQ
rAVZLQq2QqboVFoo1yoHsmdlV2a/zYnKOZarnivN7cyzytuQN5zvn//tEsIS4ZK2pYZLVy0dWOa9
rGo5sjxxedsK4xUFK4ZWBqw8uIq2Km3VT6vtV5eufr0mek1rgV7ByoLBtQFr6wtVCuWFfevc1+1d
T1gvWd+1YfqGnRs+FYmKrhTbF5cVf9go3HjlG4dvyr+Z3JS0qavEuWTPZtJm6ebeLZ5bDpaql+aX
Dm4N2dq0Dd9WtO319kXbL5fNKNu7g7ZDuaO/PLi8ZafJzs07P1SkVPRU+lQ27tLdtWHX+G7R7ht7
vPY07NXbW7z3/T7JvttVAVVN1WbVZftJ+7P3P66Jqun4lvttXa1ObXHtxwPSA/0HIw6217nU1R3S
PVRSj9Yr60cOxx++/p3vdy0NNg1VjZzG4iNwRHnk6fcJ3/ceDTradox7rOEH0x92HWcdL2pCmvKa
RptTmvtbYlu6T8w+0dbq3nr8R9sfD5w0PFl5SvNUyWna6YLTk2fyz4ydlZ19fi753GDborZ752PO
32oPb++6EHTh0kX/i+c7vDvOXPK4dPKy2+UTV7hXmq86X23qdOo8/pPTT8e7nLuarrlca7nuer21
e2b36RueN87d9L158Rb/1tWeOT3dvfN6b/fF9/XfFt1+cif9zsu72Xcn7q28T7xf9EDtQdlD3YfV
P1v+3Njv3H9qwHeg89HcR/cGhYPP/pH1jw9DBY+Zj8uGDYbrnjg+OTniP3L96fynQ89kzyaeF/6i
/suuFxYvfvjV69fO0ZjRoZfyl5O/bXyl/erA6xmv28bCxh6+yXgzMV70VvvtwXfcdx3vo98PT+R8
IH8o/2j5sfVT0Kf7kxmTk/8EA5jz/GMzLdsAAAAgY0hSTQAAeiUAAICDAAD5/wAAgOkAAHUwAADq
YAAAOpgAABdvkl/FRgAABDtJREFUeNrcmU1s21QcwP9xPeJiwG6rJWmFUqcjk4IwtaVpUGnSkgOH
8CHiY7WhfKAxwYWWA4cdWMcBcUsrwTjRJEhll4l0cKiQkJxIkzLtEm9BZGqrOatQvrRSGxrqTG7L
4UWRx9oNsbiJ+z9ZT3+/59977/9p2+7uLgAAQEnRzv+4mpHVB9utkR6XwX783AnXl28w7REbglm4
XY/8sKLvWAPDKEfJIzfPjzM00YJZuF0/e3UZLCt2HKt+epImcEzR9PcXV8HK0tR33ln4DQCwb25W
mvoOWFyu3/uzpGjYd1Ld7JUivDM96TN7lcXiH9id+1umrjETcCcEL92Pmw3z8+qGiWvQBB4PjkV4
x8HctOrmA9w8EjHGci7yIC3HFBjORYoxliZwI5vfQ+2prGzpUrXRozAR3hkPeowkLbwou6d+pqQG
5gu9CDMTcF8MuLvloHGLmruJMF0x90cF68gsDG1naHvX84DOwEjVBn9Z6pRT6jIMKocC84XF4vph
gAEARdOFK8XZXNny3qwt00t3b1UbCcH78Lk1U/naPkfa7OkMIJmvSZVNYxJQUrQZcc1K16zrLgEz
b+qDdwmYqbMfsEvAD2CN6aW7qHti7ZMxXrnDA3MYbKbngqaxRFE0fXpJTu4T/h4vu5+fuiSumRpt
/qsDCCQKABDmnAnBm5HV/2EDgUShtNHsiWuWkdWMrKakGgAwA/YI7xRjbDw4JsZYVCqLMVaMsRHe
CQDtcfScEI4DwMWAG7UBaAKfCbjFGJue9KER1DNA5RCaCqklhONGtY7B+D2U30OFOScASJUGQ9v9
DMUNk6l8PcI7E4JXqjSkSiMheEO+oVvVhp+hOBdJE/jUxIii6QDgZyhU84gx9uOJkaysAoAYZUO+
Ibof9zMU6q2hmQEgIXhDvsGsrDIDRHrS96+mwlNdM9SOUDQ9ml5BHwcAwvdFRdPRRnLDJFIIc45o
egVRoXRmzhA0ORfJuUjhShFlBvmP+DDnmLtR3ivgbqOHuVy5vWJnYGyfXd8zwLczX7TTWVktKU1F
05P5+ru+oVGakKoNo4Gh7W+/qGj6fs3OaHo5W3KeZqgw76SJPv6y9ESkDrjmrKwytL2kNKVq47SH
ook+ALh2Z51zkSHf4NzDuUxGVhVNjwfH/B5qamLEz1DXiuvKlo68S8g3FOadSHPjwuth3pGSaql8
jSZwZuAJZbnruWfwVxzP/lr/+2lgZnPlUZpABUwyX0/m6wCwWFxXNJ0m8EcTzcB8If7mmBhlFU2/
JK6hzG02V56aGPF7KKmyiUwrml6JB1tqs7lyRlYf/xmvvfi87Yvs2oVf7h2CiCl/cgL78OSwHbd8
HnBq9AWGJjCawL8NvWRpEjuO/XTm5ZYDOPOq4+u3j+GYzYokR8kjNz4YR1HIZvx1/t7V5dzvf21b
5J8zRfSdHXd89dax9sg/AwDTwNUVxy2nJwAAAABJRU5ErkJggg==
------=_Part_24646_1470659165.1711656588106
Content-Type: application/octet-stream
Content-Transfer-Encoding: base64
Content-Location: file:///C:/ba1e324cffbe8af222c8735a06137193
iVBORw0KGgoAAAANSUhEUgAAAEQAAAAoCAIAAADIR8vEAAAACXBIWXMAAAsTAAALEwEAmpwYAAAK
T2lDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVNnVFPpFj333vRCS4iAlEtvUhUIIFJCi4AU
kSYqIQkQSoghodkVUcERRUUEG8igiAOOjoCMFVEsDIoK2AfkIaKOg6OIisr74Xuja9a89+bN/rXX
Pues852zzwfACAyWSDNRNYAMqUIeEeCDx8TG4eQuQIEKJHAAEAizZCFz/SMBAPh+PDwrIsAHvgAB
eNMLCADATZvAMByH/w/qQplcAYCEAcB0kThLCIAUAEB6jkKmAEBGAYCdmCZTAKAEAGDLY2LjAFAt
AGAnf+bTAICd+Jl7AQBblCEVAaCRACATZYhEAGg7AKzPVopFAFgwABRmS8Q5ANgtADBJV2ZIALC3
AMDOEAuyAAgMADBRiIUpAAR7AGDIIyN4AISZABRG8lc88SuuEOcqAAB4mbI8uSQ5RYFbCC1xB1dX
Lh4ozkkXKxQ2YQJhmkAuwnmZGTKBNA/g88wAAKCRFRHgg/P9eM4Ors7ONo62Dl8t6r8G/yJiYuP+
5c+rcEAAAOF0ftH+LC+zGoA7BoBt/qIl7gRoXgugdfeLZrIPQLUAoOnaV/Nw+H48PEWhkLnZ2eXk
5NhKxEJbYcpXff5nwl/AV/1s+X48/Pf14L7iJIEyXYFHBPjgwsz0TKUcz5IJhGLc5o9H/LcL//wd
0yLESWK5WCoU41EScY5EmozzMqUiiUKSKcUl0v9k4t8s+wM+3zUAsGo+AXuRLahdYwP2SycQWHTA
4vcAAPK7b8HUKAgDgGiD4c93/+8//UegJQCAZkmScQAAXkQkLlTKsz/HCAAARKCBKrBBG/TBGCzA
BhzBBdzBC/xgNoRCJMTCQhBCCmSAHHJgKayCQiiGzbAdKmAv1EAdNMBRaIaTcA4uwlW4Dj1wD/ph
CJ7BKLyBCQRByAgTYSHaiAFiilgjjggXmYX4IcFIBBKLJCDJiBRRIkuRNUgxUopUIFVIHfI9cgI5
h1xGupE7yAAygvyGvEcxlIGyUT3UDLVDuag3GoRGogvQZHQxmo8WoJvQcrQaPYw2oefQq2gP2o8+
Q8cwwOgYBzPEbDAuxsNCsTgsCZNjy7EirAyrxhqwVqwDu4n1Y8+xdwQSgUXACTYEd0IgYR5BSFhM
WE7YSKggHCQ0EdoJNwkDhFHCJyKTqEu0JroR+cQYYjIxh1hILCPWEo8TLxB7iEPENyQSiUMyJ7mQ
AkmxpFTSEtJG0m5SI+ksqZs0SBojk8naZGuyBzmULCAryIXkneTD5DPkG+Qh8lsKnWJAcaT4U+Io
UspqShnlEOU05QZlmDJBVaOaUt2ooVQRNY9aQq2htlKvUYeoEzR1mjnNgxZJS6WtopXTGmgXaPdp
r+h0uhHdlR5Ol9BX0svpR+iX6AP0dwwNhhWDx4hnKBmbGAcYZxl3GK+YTKYZ04sZx1QwNzHrmOeZ
D5lvVVgqtip8FZHKCpVKlSaVGyovVKmqpqreqgtV81XLVI+pXlN9rkZVM1PjqQnUlqtVqp1Q61Mb
U2epO6iHqmeob1Q/pH5Z/YkGWcNMw09DpFGgsV/jvMYgC2MZs3gsIWsNq4Z1gTXEJrHN2Xx2KruY
/R27iz2qqaE5QzNKM1ezUvOUZj8H45hx+Jx0TgnnKKeX836K3hTvKeIpG6Y0TLkxZVxrqpaXllir
SKtRq0frvTau7aedpr1Fu1n7gQ5Bx0onXCdHZ4/OBZ3nU9lT3acKpxZNPTr1ri6qa6UbobtEd79u
p+6Ynr5egJ5Mb6feeb3n+hx9L/1U/W36p/VHDFgGswwkBtsMzhg8xTVxbzwdL8fb8VFDXcNAQ6Vh
lWGX4YSRudE8o9VGjUYPjGnGXOMk423GbcajJgYmISZLTepN7ppSTbmmKaY7TDtMx83MzaLN1pk1
mz0x1zLnm+eb15vft2BaeFostqi2uGVJsuRaplnutrxuhVo5WaVYVVpds0atna0l1rutu6cRp7lO
k06rntZnw7Dxtsm2qbcZsOXYBtuutm22fWFnYhdnt8Wuw+6TvZN9un2N/T0HDYfZDqsdWh1+c7Ry
FDpWOt6azpzuP33F9JbpL2dYzxDP2DPjthPLKcRpnVOb00dnF2e5c4PziIuJS4LLLpc+Lpsbxt3I
veRKdPVxXeF60vWdm7Obwu2o26/uNu5p7ofcn8w0nymeWTNz0MPIQ+BR5dE/C5+VMGvfrH5PQ0+B
Z7XnIy9jL5FXrdewt6V3qvdh7xc+9j5yn+M+4zw33jLeWV/MN8C3yLfLT8Nvnl+F30N/I/9k/3r/
0QCngCUBZwOJgUGBWwL7+Hp8Ib+OPzrbZfay2e1BjKC5QRVBj4KtguXBrSFoyOyQrSH355jOkc5p
DoVQfujW0Adh5mGLw34MJ4WHhVeGP45wiFga0TGXNXfR3ENz30T6RJZE3ptnMU85ry1KNSo+qi5q
PNo3ujS6P8YuZlnM1VidWElsSxw5LiquNm5svt/87fOH4p3iC+N7F5gvyF1weaHOwvSFpxapLhIs
OpZATIhOOJTwQRAqqBaMJfITdyWOCnnCHcJnIi/RNtGI2ENcKh5O8kgqTXqS7JG8NXkkxTOlLOW5
hCepkLxMDUzdmzqeFpp2IG0yPTq9MYOSkZBxQqohTZO2Z+pn5mZ2y6xlhbL+xW6Lty8elQfJa7OQ
rAVZLQq2QqboVFoo1yoHsmdlV2a/zYnKOZarnivN7cyzytuQN5zvn//tEsIS4ZK2pYZLVy0dWOa9
rGo5sjxxedsK4xUFK4ZWBqw8uIq2Km3VT6vtV5eufr0mek1rgV7ByoLBtQFr6wtVCuWFfevc1+1d
T1gvWd+1YfqGnRs+FYmKrhTbF5cVf9go3HjlG4dvyr+Z3JS0qavEuWTPZtJm6ebeLZ5bDpaql+aX
Dm4N2dq0Dd9WtO319kXbL5fNKNu7g7ZDuaO/PLi8ZafJzs07P1SkVPRU+lQ27tLdtWHX+G7R7ht7
vPY07NXbW7z3/T7JvttVAVVN1WbVZftJ+7P3P66Jqun4lvttXa1ObXHtxwPSA/0HIw6217nU1R3S
PVRSj9Yr60cOxx++/p3vdy0NNg1VjZzG4iNwRHnk6fcJ3/ceDTradox7rOEH0x92HWcdL2pCmvKa
RptTmvtbYlu6T8w+0dbq3nr8R9sfD5w0PFl5SvNUyWna6YLTk2fyz4ydlZ19fi753GDborZ752PO
32oPb++6EHTh0kX/i+c7vDvOXPK4dPKy2+UTV7hXmq86X23qdOo8/pPTT8e7nLuarrlca7nuer21
e2b36RueN87d9L158Rb/1tWeOT3dvfN6b/fF9/XfFt1+cif9zsu72Xcn7q28T7xf9EDtQdlD3YfV
P1v+3Njv3H9qwHeg89HcR/cGhYPP/pH1jw9DBY+Zj8uGDYbrnjg+OTniP3L96fynQ89kzyaeF/6i
/suuFxYvfvjV69fO0ZjRoZfyl5O/bXyl/erA6xmv28bCxh6+yXgzMV70VvvtwXfcdx3vo98PT+R8
IH8o/2j5sfVT0Kf7kxmTk/8EA5jz/GMzLdsAAAAgY0hSTQAAeiUAAICDAAD5/wAAgOkAAHUwAADq
YAAAOpgAABdvkl/FRgAAAwRJREFUeNrsWT1o20AUPguBr2jwhYCienDkQAweTCXIkECh8ZhOUcYu
tjJ2SZ2xS+IOXZ0sHWN3Sbc6nTxKntzNDoEaErAOQ1Mn4OY0mJypgjsoMU5LS0j0W/ptktAdH/fe
9773LjIajcANKs2z3cZpqzcAYYAkcBtL8bw8M34TsckQaikf2rphgrBBErjqi7SI4DUZQq3s3lFY
DuR3IMgamwsIsgwAoKh1w8vEDiu1egIAYAi1dhqnIOQ4aPcxocxBu+/2Ts2XsiRw7vP5zmAy9CBH
tfXMcjLm6i6HvQHjWY5qamZSRh0HJpTxMrLLynxZSbm3PuvUQneMorzMi1NRZb9NqBVcMpqauStt
MaatZ9SPx47XA0/DzG1J8IeMS5LgGxk3JMFnMgAA6TGHIBssAbgfKs1ztXocODW7Bwq1jrO20B8y
ts913BY6Rqaodf/0aSubuO07hsr+FzeaDsfIbN+NTKs3yO4duVH+vQ4zZ9PdTzKOp7s/ZFxKd3/I
yO9amFAPNvLCAXjDJBB25j8ZN8mM3jy9eL1ojxXtx+3bhfKvveeMU42AYyeDIFtaSd7jx5zM52Q+
WGqGyXA1Pb2cjE0OrJeTsY3FOHrE1g1zp3G6mp7OyXxR6+KLYXltvvVtcNgb2CO10spcodYJysm8
b57p2CytzI3fiAjag4G6YW4sxbeyiYN2X0SwrKS2sglJ4IpaFxNK6BWhV4dOWDUnBaCodSWBe7UU
Hw9iAADiFHyWjBF6lZd5Qi21eiyiaF7m1eoJoZZumJhQTGileRasoqkbZqV5/otH/tTuAwDq4Dr2
yKU1tgVBl+bJRkDHJgAgBlkdm08EbhZBAEB5LYXJsNUblJXUuFtGkH34MFpEkHF2pI0J3b1xk7ph
FrVuXuY1NYMesbuNr9vZhCRwhVqnUOuIKGonWN0wJYErPZ974NazKBq5uPwx9fbzP1Axjc0FBkF2
nLLhxWp6WkSQsTtBD+5P3AOCbFmZvxYABFkP7k9cgj3ptbUkEuqr85w8M5kjPwcAbrtQm13WPpcA
AAAASUVORK5CYII=
------=_Part_24646_1470659165.1711656588106--