[OpenAFS] [Fwd: kfw-3.1-beta-2 is available]

Jeffrey Altman jaltman@secure-endpoints.com
Fri, 20 Oct 2006 07:27:55 -0500


This is a cryptographically signed message in MIME format.

--------------ms070500090102020108000300
Content-Type: multipart/mixed;
 boundary="------------050002090504040504020003"

This is a multi-part message in MIME format.
--------------050002090504040504020003
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

MIT has announced the release of MIT Kerberos for Windows 3.1 Beta 2.
The final release will follow in a few weeks.

>From the perspective of OpenAFS for Windows users, KFW 3.1 is important
because it is the Network Identity Manager and the OpenAFS plug-in are
feature complete.  As of OpenAFS for Windows 1.5.9, the OpenAFS plug-in
is integrated as part of the OpenAFS installation.  The plug-in provided
as part of OpenAFS 1.5.9 requires the KFW 3.1 Beta 2 or later release of
Network Identity Manager.

I wish to publicly thank Asanka Herath for all of the hard work and long
nights that he has spent working on the design of the Khimaira
framework, Network Identity Manager and the credential management
modules for Kerberos 5, Kerberos 4, and OpenAFS.  I truly believe that
Network Identity Manager is going to significantly simplify the lives
end users who must obtain and manage a variety of credentials derived
from a common identity.

Jeffrey Altman
Secure Endpoints Inc.

--------------050002090504040504020003
Content-Type: message/rfc822;
 name="kfw-3.1-beta-2 is available"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="kfw-3.1-beta-2 is available"

Return-Path: <krbdev-bounces@MIT.EDU>
Received: from bockwurst.cc.columbia.edu ([unix socket])
	 by bockwurst.cc.columbia.edu (Cyrus v2.3-alpha) with LMTPA;
	 Thu, 19 Oct 2006 17:55:26 -0400
X-Sieve: CMU Sieve 2.3
Received: from feta.cc.columbia.edu (feta.cc.columbia.edu [128.59.28.164])
	by bockwurst.cc.columbia.edu (8.13.1/8.13.1) with ESMTP id k9JLtQoU021918
	for <jaltman@bockwurst.cc.columbia.edu>; Thu, 19 Oct 2006 17:55:26 -0400
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90])
	by feta.cc.columbia.edu (8.13.7/8.13.6) with ESMTP id k9JLtIsE024640
	for <jaltman@columbia.edu>; Thu, 19 Oct 2006 17:55:21 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
	by pch.mit.edu (8.13.6/8.12.8) with ESMTP id k9JLr7Hd029826;
	Thu, 19 Oct 2006 17:53:07 -0400
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU
	[18.7.7.76])
	by pch.mit.edu (8.13.6/8.12.8) with ESMTP id k9JLqleg029628
	for <krbdev@PCH.mit.edu>; Thu, 19 Oct 2006 17:53:01 -0400
Received: from mit.edu (W92-130-BARRACUDA-1.MIT.EDU [18.7.21.220])
	by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id
	k9JLnf3T025594
	for <krbdev@mit.edu>; Thu, 19 Oct 2006 17:49:42 -0400 (EDT)
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90])
	by mit.edu (Spam Firewall) with ESMTP
	id 4444960C55B; Thu, 19 Oct 2006 17:49:36 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
	by pch.mit.edu (8.13.6/8.12.8) with ESMTP id k9JLnVjB028787;
	Thu, 19 Oct 2006 17:49:31 -0400
Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU
	[18.7.7.80])
	by pch.mit.edu (8.13.6/8.12.8) with ESMTP id k9JLmJHE028474
	for <kerberos-announce@PCH.mit.edu>; Thu, 19 Oct 2006 17:48:19 -0400
Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103])
	by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id
	k9JLmJD4000469
	for <kerberos-announce@mit.edu>; Thu, 19 Oct 2006 17:48:19 -0400 (EDT)
Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU
	[18.18.1.96]) (authenticated bits=56)
	(User authenticated as tlyu@ATHENA.MIT.EDU)
	by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id k9JLmATu016199
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
	for <kerberos-announce@MIT.EDU>; Thu, 19 Oct 2006 17:48:10 -0400 (EDT)
Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9)
	id k9JLmAru020922; Thu, 19 Oct 2006 17:48:10 -0400 (EDT)
To: kerberos-announce@MIT.EDU
Subject: kfw-3.1-beta-2 is available
From: Tom Yu <tlyu@MIT.EDU>
Date: Thu, 19 Oct 2006 17:48:01 -0400
Message-ID: <ldvr6x4kmem.fsf@cathode-dark-space.mit.edu>
MIME-Version: 1.0
X-Spam-Score: 0.001 () UNPARSEABLE_RELAY
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.48 on 128.59.28.164
X-Scanned-By: MIMEDefang 2.42
X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id
	k9JLmJHE028474
X-Mailman-Approved-At: Thu, 19 Oct 2006 17:49:30 -0400
X-BeenThere: kerberos-announce@mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
X-BeenThere: krbdev@mit.edu
Reply-To: kerberos@MIT.EDU
List-Id: Kerberos Developers Mailing List <krbdev.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/listinfo/krbdev>,
	<mailto:krbdev-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/krbdev>
List-Post: <mailto:krbdev@mit.edu>
List-Help: <mailto:krbdev-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/krbdev>,
	<mailto:krbdev-request@mit.edu?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: krbdev-bounces@MIT.EDU
Errors-To: krbdev-bounces@MIT.EDU

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The MIT Kerberos Development Team is proud to announce the second *BETA*
release of the next revision of our Kerberos for Windows product,
Version 3.1.

Please send bug reports and feedback to kfw-bugs@mit.edu.

What's New:
===========

Version 3.1 fixes bugs and adds minor functionality:

*  Improvements to the Network Identity Manager

    1. A serious memory leak has been fixed

    2. Principal names containing numbers are no longer considered 
       invalid
    
    3. Locales other than en_US are now supported
    
    4. Arbitrary sort ordering of credentials
    
    5. Support for FILE: ccaches
    
    6. Credential properties may be selected by the user for display
    
    7. User selected font support
    
    8. Tool Tip support added to the Toolbar
    
    9. Identities can be added without obtaining credentials
    
   10. Kerberos 5 Realm editor has been added

* The MSLSA: ccache is disabled in WOW64 environments prior to Microsoft 
  Windows Vista Beta 2 (Windows XP 64, 2003 64, etc.)

* The installers are built using the latest toolkit versions NSIS (2.18)
  and WIX (2.0.4220.0)


Version 3.0 provided several often requested new features:

* thread-safe Kerberos 5 libraries (provided by Kerberos 5 release
   1.4.4)

* a replacement for the Leash Credential Manager called the Network
   Identity Manager

    - a visually enticing application that takes advantage of all of the
      modern XP style User Interface enhancements

    - supports the management of multiple Kerberos 5 identities in a
      variety of credential cache types including CCAPI and FILE.

    - credentials can be organized by credential cache location or by
      identity

    - a single identity can be marked as the default for use by
      applications that request the current default credential cache

    - Network Identity Manager is built upon the Khimaira Identity
      Management Framework introduced this past summer at the AFS &
      Kerberos Best Practices Conference at CMU.

    - Credential Managers for Kerberos 5 and Kerberos 4 are provided. 
      Credential Managers for other credential types including AFS
      and KX.509/KCA are available.  Contact Secure Endpoints Inc.
      for details.  <https://www.secure-endpoints.com>

    - The Khimaira framework is a pluggable engine into which custom
      Identity Managers and Credential Managers can be added.
      Organizations interested in building plug-ins for the Network
      Identity Manager may contact Jeffrey Altman at 
      jaltman@secure-endpoints.com

* a Kerberos specific WinLogon Network Provider that will use the
   username and password combined with the MIT Kerberos default realm in
   an effort to obtain credentials at session logon


Important changes since the 2.6.5 release:
==========================================

* This release requires 32-bit editions of Microsoft Windows 2000 or
   higher. Support for Microsoft Windows 95, 98, 98 Second Edition, ME,
   and NT 4.0 has been discontinued.  Users of discontinued platforms
   should continue to use MIT Kerberos for Windows 2.6.5.

* Version 3.0 does not include any internal support for AFS.   The
   aklog.exe utility now ships as a part of OpenAFS for Windows.
   <http://www.openafs.org/windows.html>  The Secure Endpoints Inc. AFS 
   credential manager for the Network Identity Manager has been incorporated 
   into OpenAFS for Windows 1.5.9 and above. 


Downloads
=========

Binaries and source code can be downloaded from the MIT Kerberos web site:
   http://web.mit.edu/kerberos/


Acknowledgments
===============

The MIT Kerberos team would like to thank Secure Endpoints Inc. 
<https://www.secure-endpoints.com> for its support during the development 
of this release.



Important notice regarding Kerberos 4 support
=============================================

In the past few years, several developments have shown the inadequacy
of the security of version 4 of the Kerberos protocol.  These
developments have led the MIT Kerberos Team to begin the process of
ending support for version 4 of the Kerberos protocol.  The plan
involves the eventual removal of Kerberos 4 support from the MIT
implementation of Kerberos.

The Data Encryption Standard (DES) has reached the end of its useful
life.  DES is the only encryption algorithm supported by Kerberos 4,
and the increasingly obvious inadequacy of DES motivates the
retirement of the Kerberos 4 protocol.  The National Institute of
Standards and Technology (NIST), which had previously certified DES as
a US government encryption standard, has officially announced[1] the
withdrawal of the Federal Information Processing Standards (FIPS) for
DES.

NIST's action reflects the long-held opinion of the cryptographic
community that DES has too small a key space to be secure.  Breaking
DES encryption by an exhaustive search of its key space is within the
means of some individuals, many companies, and all major governments.
Consequently, DES cannot be considered secure for any long-term keys,
particularly the ticket-granting key that is central to Kerberos.

Serious protocol flaws[2] have been found in Kerberos 4.  These flaws
permit attacks which require far less effort than an exhaustive search
of the DES key space.  These flaws make Kerberos 4 cross-realm
authentication an unacceptable security risk and raise serious
questions about the security of the entire Kerberos 4 protocol.

The known insecurity of DES, combined with the recently discovered
protocol flaws, make it extremely inadvisable to rely on the security
of version 4 of the Kerberos protocol.  These factors motivate the MIT
Kerberos Team to remove support for Kerberos version 4 from the MIT
implementation of Kerberos.

The process of ending Kerberos 4 support began with release 1.3 of MIT
Kerberos 5. In release 1.3, the default run-time configuration of the 
KDC disables support for version 4 of the Kerberos protocol. Release 1.4
of MIT Kerberos continues to include Kerberos 4 support (also disabled
in the KDC with the default run-time configuration), but we intend to 
completely remove Kerberos 4 support from some future release of MIT 
Kerberos.

The MIT Kerberos Team has ended active development of Kerberos 4,
except for the eventual removal of all Kerberos 4 functionality.  We
will continue to provide critical security fixes for Kerberos 4, but
routine bug fixes and feature enhancements are at an end.

We recommend that any sites which have not already done so begin a
migration to Kerberos 5.  Kerberos 5 provides significant advantages
over Kerberos 4, including support for strong encryption,
extensibility, improved cross-vendor interoperability, and ongoing
development and enhancement.

If you have questions or issues regarding migration to Kerberos 5, we
recommend discussing them on the kerberos@mit.edu mailing list.

                               References

[1] National Institute of Standards and Technology.  Announcing
     Approval of the Withdrawal of Federal Information Processing
     Standard (FIPS) 43-3, Data Encryption Standard (DES); FIPS 74,
     Guidelines for Implementing and Using the NBS Data Encryption
     Standard; and FIPS 81, DES Modes of Operation.  Federal Register
     05-9945, 70 FR 28907-28908, 19 May 2005.  DOCID:fr19my05-45

[2] Tom Yu, Sam Hartman, and Ken Raeburn. The Perils of
     Unauthenticated Encryption: Kerberos Version 4. In Proceedings of
     the Network and Distributed Systems Security Symposium. The
     Internet Society, February 2004.
     http://web.mit.edu/tlyu/papers/krb4peril-ndss04.pdf

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (SunOS)

iQCVAwUBRTfymabDgE/zdoE9AQJk+gQAl59c3ILPvaKlBg4KWWAR6IJNbghzEuec
mbtG15DFWue94/z7h5wskQvMVGh4lyuHOmVk53K+8cZvnERTA/MizYiUk119mvAn
d4ERzBVW92JW60txxQNZhJQZiOaJRquPA2L8rjfaQ8jG9f7YokU7HFAu45MGpd3M
kpcXNTZjCO8=
=rc1B
-----END PGP SIGNATURE-----

_______________________________________________
kerberos-announce mailing list
kerberos-announce@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos-announce
_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev

--------------050002090504040504020003--

--------------ms070500090102020108000300
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJeTCC
AxcwggKAoAMCAQICEBW00lKwoWJXt8wbmTl1M0kwDQYJKoZIhvcNAQEEBQAwYjELMAkGA1UE
BhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMT
I1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA2MDUyNzIyMDMzMloX
DTA3MDUyNzIyMDMzMlowczEPMA0GA1UEBBMGQWx0bWFuMRUwEwYDVQQqEwxKZWZmcmV5IEVy
aWMxHDAaBgNVBAMTE0plZmZyZXkgRXJpYyBBbHRtYW4xKzApBgkqhkiG9w0BCQEWHGphbHRt
YW5Ac2VjdXJlLWVuZHBvaW50cy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC19SD7DncCP/+wfQlLzAAcxf1nJ/7UQgh4o/nxzvuY55XwHdLQjqWuFUnM5vecfyZKwq0o
fGCucDfcQbSIrkhHD9z4TZ8vDaYWVY9Foz8Rp8G0PNdbRFoFtfJbaeVBX5hG3aQXIc/T1b9U
8uN3kLyqXAFIGWKO8DJVGTKKtOiPVOp1U+9CwujyYmUSKF+suutKABhhK1ZGHsTnFczLZ2g0
ma0H7PiFJ2kLfOf///07E1fbr4IRb+cd87kpWLcjtEZ0rbBr9HlOy9dkeEii/qFoo1ahfKCD
A9bNErMiOXA3dudaNNzXlN/70slq5fboBXbepamJGrsnXYcCsS9+LtCTAgMBAAGjOTA3MCcG
A1UdEQQgMB6BHGphbHRtYW5Ac2VjdXJlLWVuZHBvaW50cy5jb20wDAYDVR0TAQH/BAIwADAN
BgkqhkiG9w0BAQQFAAOBgQDBzWhkrW+ol3iyT1rV8ZBQB0+z/6dFH3djQfNf7jDXNoXx4Vbo
pA7BAR4ihAPibv7j7ZaxmyMxWiDACRGS934uvUS0K6L6q14hTWMostJgFsAEDArrmbrES03v
L3EVETiGFqTB2sLp5MLc6+z+72pLXRuDPL3lO2GOQuBbILswRzCCAxcwggKAoAMCAQICEBW0
0lKwoWJXt8wbmTl1M0kwDQYJKoZIhvcNAQEEBQAwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoT
HFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25h
bCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA2MDUyNzIyMDMzMloXDTA3MDUyNzIyMDMzMlow
czEPMA0GA1UEBBMGQWx0bWFuMRUwEwYDVQQqEwxKZWZmcmV5IEVyaWMxHDAaBgNVBAMTE0pl
ZmZyZXkgRXJpYyBBbHRtYW4xKzApBgkqhkiG9w0BCQEWHGphbHRtYW5Ac2VjdXJlLWVuZHBv
aW50cy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC19SD7DncCP/+wfQlL
zAAcxf1nJ/7UQgh4o/nxzvuY55XwHdLQjqWuFUnM5vecfyZKwq0ofGCucDfcQbSIrkhHD9z4
TZ8vDaYWVY9Foz8Rp8G0PNdbRFoFtfJbaeVBX5hG3aQXIc/T1b9U8uN3kLyqXAFIGWKO8DJV
GTKKtOiPVOp1U+9CwujyYmUSKF+suutKABhhK1ZGHsTnFczLZ2g0ma0H7PiFJ2kLfOf///07
E1fbr4IRb+cd87kpWLcjtEZ0rbBr9HlOy9dkeEii/qFoo1ahfKCDA9bNErMiOXA3dudaNNzX
lN/70slq5fboBXbepamJGrsnXYcCsS9+LtCTAgMBAAGjOTA3MCcGA1UdEQQgMB6BHGphbHRt
YW5Ac2VjdXJlLWVuZHBvaW50cy5jb20wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOB
gQDBzWhkrW+ol3iyT1rV8ZBQB0+z/6dFH3djQfNf7jDXNoXx4VbopA7BAR4ihAPibv7j7Zax
myMxWiDACRGS934uvUS0K6L6q14hTWMostJgFsAEDArrmbrES03vL3EVETiGFqTB2sLp5MLc
6+z+72pLXRuDPL3lO2GOQuBbILswRzCCAz8wggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAw
gdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUg
VG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRp
b24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp
bCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0w
MzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxU
aGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwg
RnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV
+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfAr
hVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/
p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8
MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWls
Q0EuY3JsMAsGA1UdDwQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxh
YmVsMi0xMzgwDQYJKoZIhvcNAQEFBQADgYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/
TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amc
OY6MIE9lX5Xa9/eH1sYITq726jTlEBpbNU1341YheILcIRk13iSx0x1G/11fZU8xggNkMIID
YAIBATB2MGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5
KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIQ
FbTSUrChYle3zBuZOXUzSTAJBgUrDgMCGgUAoIIBwzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN
AQcBMBwGCSqGSIb3DQEJBTEPFw0wNjEwMjAxMjI3NTVaMCMGCSqGSIb3DQEJBDEWBBQcJG07
VrwJz/oQL61xmnbfP0m7TDBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3
DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCBhQYJKwYB
BAGCNxAEMXgwdjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcg
KFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3Vpbmcg
Q0ECEBW00lKwoWJXt8wbmTl1M0kwgYcGCyqGSIb3DQEJEAILMXigdjBiMQswCQYDVQQGEwJa
QTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhh
d3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECEBW00lKwoWJXt8wbmTl1M0kwDQYJ
KoZIhvcNAQEBBQAEggEAEm2XkTlIDYw83SJk9ht2EtU98QN5DM84AhUQqArBuFWpJNIdEh+k
bt3s1qwDO3O4sr1bFOf4+Y7ENpKySd+5PmoSvDQqUe6v2X2qminvJKBe5MQbyX5SmzWy4w7v
HBWtE0FPtfYOBCh54Cg4hgw9+19JU1HoMEd4BGR6fjnBr5OfRHQqrHzDOcHNAhy0SbxmzisT
33KKGoYy/YVaahrAZsFEmNwuEvwsSZrc+XcAfyLYacDEGDtSIPJQivX1Zhs6eRPhac+Veqyo
nxlzeZ0dkLNJSJcRxEuoVg5bnk3rKpD7L1EoDBs32kKIeLykqWNuNlPeyye/JWmEHxZJPjbc
bAAAAAAAAA==
--------------ms070500090102020108000300--