17199 2012-05-25 23:15:43 +0000 Provide examples for and get feedback on Key Release 2014-01-07 20:48:28 +0000 1 1 1 Unclassified HTML WG Encrypted Media Extensions unspecified All All RESOLVED FIXED P2 normal FPWD 16612 16613 17750 23955 24226 1 ddorwin adrianba adrianba eric.sun hsivonen mike public-html-media public-html-wg-issue-tracking watsonm public-html-bugzilla oldest_to_newest 68170 0 ddorwin 2012-05-25 23:15:43 +0000 The Key Release section [1] has gone through less iteration than the rest of the proposal, and there are no examples showing how it is used. We should add example(s) and explicitly solicit feedback on this area of the proposal. How might a more object-oriented (bug 16613) or encapsulated (bug 16612) approach to the main functionality affect Key Release? [1] http://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-media/encrypted-media.html#key-release 68176 1 ddorwin 2012-05-25 23:31:27 +0000 Note that bug 16613 specifically deals with representing sessions, which are important for Key Release as objects. That might significantly affect this section. 68986 2 eric.sun 2012-06-12 14:45:29 +0000 prefer 16612' OO encapsulation into medielemt's attribute object sytle. It is simple to maintain mediaelement without much work modify mediaelement on in .h,.cpp and .idl. It is similar with Modules style recently in webkit.org. 72329 3 ddorwin 2012-08-17 04:14:17 +0000 Key Release will need to be re-examined in light of the session object-based API. For now, the details of Key Release have been removed. 72536 4 watsonm 2012-08-22 16:39:30 +0000 Here is an outline proposal for the key release API in the new object-oriented context: If key release is supported, then (i) when the MediaKeySession.close() method is called, the session enters a "key release pending" state and a keymessage event is fired on the MediaKeySession, containing the key release object (ii) when the application receives the key release acknowledgement from the server the session is updated with this message using the addKey() method (or update(), if we rename it as per bug 18531 [1]). The MediaKeySession enters a "key release complete" state (iii) a new method is added to MediaKeys: MediaKeySession? retrieveClosedSession() which will retrieve a MediaKeySession object in the key release pending state. Subsequent calls to this method will retrieve further sessions in the 'key release pending state' until none are left (we could consider returning a list of MediaKeySession objects). A keymessage event is fired on each MediaKeySession retrieved with this method containing the key release object. [1] https://www.w3.org/Bugs/Public/show_bug.cgi?id=18531 72909 5 adrianba 2012-08-28 20:17:28 +0000 Assign to David to review Mark's proposal against the original mailing list thread. 73179 6 ddorwin 2012-09-04 14:20:41 +0000 Comments on Comment 4: * (i) and (ii): Do we need to define official states or are those non-normative? * (i) and (ii): I don't think the key release is "pending" or "complete" (it is the ack is pending or complete). Would "provided" and "ACKed" be better names? * (iii): I would prefer to avoid adding more methods, especially since not all implementations will support key release. I propose a solution below. The active key session stuff in (i) and (ii) seems fine. For stored sessions, I propose reusing CreateKeySession() - To get stored key release proofs, pass "keyrelease" as the "type" parameter to createSession().^ The new session object is populated with the relevant information (keySystem, sessionId), and a keymessage with the key release proof is fired at it. The application could make the same call repeatedly until an exception occurs, which indicates that there are no such sessions.^^ A simple example to obtain a single proof is shown below. var mediaKeys = new MediaKeys("com.example.somesystem"); try { var releasedSession = mediaKeys.createSession("keyrelease"); releasedSession.onkeymessage="handleKeyRelease(event)"; } It should probably be made clear that this is an optional recommendation for how to support key release use cases (similar to the recommendations for heartbeat). The details of proof storage, etc. are implementation-dependent, but stored sessions must only ever be provided to the same origin. ^ This requires minor modification of step 1 of the current CreateKeySession() algorithm because the second parameter is not present. ^^ An alternative to this call-until-exception flow would be to expose a list of MediaKeySessions from MediaKeys (potentially useful for other scenarios?) then have createSession("keyreleases") populate that list. The application would need to immediately iterate through the list and add a handler to each object. 73181 7 watsonm 2012-09-04 14:45:04 +0000 (In reply to comment #6) > Comments on Comment 4: > * (i) and (ii): Do we need to define official states or are those > non-normative? The reason for mentioning states was just to make it clear that there is a state where the system will keep trying to send the key release message for a session, until it receives the key release acknowledgement. Since it's really up to the CDM how long it tries to do this (i.e. how long it persists the key release state), we might not need to make it normative. > * (i) and (ii): I don't think the key release is "pending" or "complete" (it > is the ack is pending or complete). Would "provided" and "ACKed" be better > names? Yes. > * (iii): I would prefer to avoid adding more methods, especially since not all > implementations will support key release. I propose a solution below. > > The active key session stuff in (i) and (ii) seems fine. For stored sessions, I > propose reusing CreateKeySession() - To get stored key release proofs, pass > "keyrelease" as the "type" parameter to createSession().^ The new session > object is populated with the relevant information (keySystem, sessionId), and a > keymessage with the key release proof is fired at it. The application could > make the same call repeatedly until an exception occurs, which indicates that > there are no such sessions.^^ A simple example to obtain a single proof is > shown below. > var mediaKeys = new MediaKeys("com.example.somesystem"); > try { > var releasedSession = mediaKeys.createSession("keyrelease"); > releasedSession.onkeymessage="handleKeyRelease(event)"; > } > > It should probably be made clear that this is an optional recommendation for > how to support key release use cases (similar to the recommendations for > heartbeat). The details of proof storage, etc. are implementation-dependent, > but stored sessions must only ever be provided to the same origin. Sounds good to me. > > > ^ This requires minor modification of step 1 of the current CreateKeySession() > algorithm because the second parameter is not present. > ^^ An alternative to this call-until-exception flow would be to expose a list > of MediaKeySessions from MediaKeys (potentially useful for other scenarios?) > then have createSession("keyreleases") populate that list. The application > would need to immediately iterate through the list and add a handler to each > object. I'd like to understand this better. 76332 8 watsonm 2012-10-15 19:33:14 +0000 Text proposal based on the above discussion: (add to 4.1) The following sections apply only in the case that both UA and Key System support secure proof of key release. 4.2 Persistent storage of key release messages The CDM must provide an origin-specific persistent store of proof of key release messages, each associated with a sessionId. 4.3 Providing a key release message Whenever a key is deleted due to execution of a method on MediaKeySession, the following steps shall be run: 1. Construct a proof of key release message, containing proof that the keys and licenses associated with the session were deleted and the time at which they were deleted. 2. Store the proof of key release message, together with the associated sessionId, in the persistent store. 3. Queue a task to fire a simple event named keymessage at the MediaKeySession object containing the message constructed at step one. Note: the following methods of MediaKeySession may cause keys to be deleted: close(), update(). If a MediaKeySession object is destroyed whilst keys are still present, for example due to closure of the window or navigation of the document, the following steps SHALL be run: 1. Construct a proof of key release message, containing proof that the keys and licenses associated with the session were deleted and the time at which they were deleted. 2. Store the proof of key release message in persistent store. Furthermore, the following step SHOULD be run: 3. Fire a simple event named keymessage at the MediaKeySession object containing the message constructed at step one. 4.4 Acknowledging receipt of a key release message Proof of receipt of the secure proof of key release by the server shall be provided within KeySystem-specific messages using the update() method of MediaKeySession. The following steps are added to step 2, substep 4 of the update() procedure: 3. For each acknowledgement of receipt of a secure proof of key release in key: 1. Remove the proof of key release message associated with sessionId from persistent store 4.5 Retrieving stored key release messages Step 2 of the procedure for the createSession() method of MediaKeys is modified by the introduction of a new step 1a as follows: 1a. If type is equal to the special string "keyrelease", then the 'retrieve a session with released key(s)' procedure shall be executed and the following steps aborted. When the 'retrieve a session with released key(s)' procedure is to be executed the following steps are run: 1. Let sessionId be the sessionId associated with the oldest proof of key release message in the persistent store for which no MediaKeySession object exists. If no such sessionId exists, thow a NOT_FOUND_ERR exeception and abort the procedure. 2. Create a new MediaKeySession object 1. Let the keySystem attribute be keySystem 2. Let the sessionId attribute be sessionId 3. Add the new object to an internal list of session objects 4. Schedule a task to generate a key release message, providing initData and the new object The user agent will asynchronously execute the following steps in the task: 1. Let cdm be the cdm loaded in the MediaKeys constructor 2. Let defaultURL be null 3. Use cdm to generate a key release message and follow the steps for the first matching condition from the following list: - If a key release message is sucessfully retrieved 1. Let keyrelease be the key release message generated by the CDM using initData, if provided 2. If initData was not null and contains a default URL for keySystem, let defaultURL be that URL - Otherwise 1. Create a new MediaKeyError object with the following attributes code = the appropriate MediaKeyError code systemCode = a Key System-specific value, if provided, and 0 otherwise 2. Set the MediaKeySession object's error attribute to the error object created in the previous step 3. queue a task to fire a simple event named keyerror at the MediaKeySession object 4. Abort the task 4. queue a task to fire a simple event named keymessage at the new object The event if of type MediaKeyMessageEvent and has: message = keyrelease destinationURL = defaultURL 5. Return the new object to the caller. 81251 9 watsonm 2013-01-11 17:06:47 +0000 I have updated the proposed changes (see attachement: encrypted-media-key-release.html) - update for new object-oriented model - sending a message immediately on key deletion is now SHOULD strength, reflecting the difficulty of doing this on browser close etc. - clarify that a CDM implementation based on frequent updates to persistent store (rather than guaranteed update on close) is acceptable - clarify responsibilities between CDM and UA - make assignment of sessionId to MediaKeySession in the key release retrieval case asyncronous (see bug 20622) 81252 10 1313 watsonm 2013-01-11 17:07:42 +0000 Created attachment 1313 Proposal for key release text 81377 11 ddorwin 2013-01-15 02:40:11 +0000 After discussion, the plan is to try to reuse as much of the base algorithms as possible. Mark would also like a consistent way to retrieve saved key sessions and a FAQ answer. I propose the following tasks for resolution for this bug: * Generalize createSession() algorithm so proposed 4.5.1 is covered by it. There are a few statements that assume generation of licenses. * Figure out where to document how to request old sessions, if supported. * Add a FAQ entry about how key release could be supported, similar to the entry for heartbeat. * Remove section 4. 81378 12 1314 ddorwin 2013-01-15 02:42:09 +0000 Created attachment 1314 Proposed changes to createSession() per Comment 11. 83132 13 1313 hsivonen 2013-02-14 07:28:44 +0000 Comment on attachment 1313 Proposal for key release text What happens if the CDM crashes before it has released a certain key? 83203 14 watsonm 2013-02-15 16:41:12 +0000 (In reply to comment #13) > Comment on attachment 1313 [details] > Proposal for key release text > > What happens if the CDM crashes before it has released a certain key? The CDM implementation needs to handle non-graceful shutdown. One implementation would be for the CDM to regularly write to secure persistent store a list of the current sessions with known keys. At any subsequent time (e.g. after restarting after a crash), this persisted list can be compared with the actual current sessions with known keys. Any differences are sessions for which the keys are no longer known and require to have key release message sent and acked. So these session records would then be added to a different list of unacknowledged released sessions. Of course you have some rare corner cases where crashes happen during the update of the persistent store itself. 84554 15 hsivonen 2013-03-18 10:38:13 +0000 (In reply to comment #14) > (In reply to comment #13) > > Comment on attachment 1313 [details] > > Proposal for key release text > > > > What happens if the CDM crashes before it has released a certain key? > > The CDM implementation needs to handle non-graceful shutdown. One > implementation would be for the CDM to regularly write to secure persistent > store a list of the current sessions with known keys. At any subsequent time > (e.g. after restarting after a crash), this persisted list can be compared > with the actual current sessions with known keys. Any differences are > sessions for which the keys are no longer known and require to have key > release message sent and acked. So these session records would then be added > to a different list of unacknowledged released sessions. > > Of course you have some rare corner cases where crashes happen during the > update of the persistent store itself. What assurance/benefit does this complication provide over the CDM promising to honor key expiry times communicated by the server when in the streaming case the expiry times could be short? If the server doesn't trust the CDM to honor expiry times, why would it trust key release attestations? 84565 16 watsonm 2013-03-18 15:27:29 +0000 (In reply to comment #15) > (In reply to comment #14) > > (In reply to comment #13) > > > Comment on attachment 1313 [details] > > > Proposal for key release text > > > > > > What happens if the CDM crashes before it has released a certain key? > > > > The CDM implementation needs to handle non-graceful shutdown. One > > implementation would be for the CDM to regularly write to secure persistent > > store a list of the current sessions with known keys. At any subsequent time > > (e.g. after restarting after a crash), this persisted list can be compared > > with the actual current sessions with known keys. Any differences are > > sessions for which the keys are no longer known and require to have key > > release message sent and acked. So these session records would then be added > > to a different list of unacknowledged released sessions. > > > > Of course you have some rare corner cases where crashes happen during the > > update of the persistent store itself. > > What assurance/benefit does this complication provide over the CDM promising > to honor key expiry times communicated by the server when in the streaming > case the expiry times could be short? If the server doesn't trust the CDM to > honor expiry times, why would it trust key release attestations? Good question. We can compare with a solution where keys have short expiry times and require repeated renewal in order for streaming to continue. The difference is that expiring keys require frequent license server interaction for streaming to continue, whereas the approach with key release messages requires license server interaction only at stream start and end. Consequently, to achieve a given service availability, license server availability needs to be orders of magnitude higher with the expiring license approach compared to the key release approach. 90804 17 watsonm 2013-07-16 16:58:03 +0000 Here is an update on this topic, as promised on the call today: Originally, the secure proof of key release feature required key release messages to be generated immediately the key was released. Feedback from browser implementors indicated this was difficult in a variety of shutdown/page close scenarios. As a result we revised the proposal so that key release on close is not required. Before FPWD, there was a discussion as to whether secure proof of key release required any normative specification. That is, whether it could be implemented with the existing primitives in a similar way to, for example, heartbeat. This question is unresolved. Until recently, the only aspect of secure proof of key release that I believed required normative specification was the mechanism to recover persisted unacknowledged sessions when a page re-loads. For example, a special type value for use in createSession that would recover a persisted session for which the secure proof of key release was unacknowledged. This type value would need to be specified in order to have an interoperable solution. With the introduction of the CDM state machine, I think it is clearer that normative specification is required. Specifically, there is a need for a state where the key release message has been sent but not acknowledged and a state where the key release has been acknowledged. For example PENDING-CLOSE and CLOSED. It's possible that the existing PENDING state could be used for PENDING-CLOSE. 97761 18 adrianba 2013-12-17 23:33:00 +0000 I believe the current spec (with the updates from bug 17750) supports secure key release implicitly in the same way that we agreed heartbeat can be supported. I think this means that we do not need any specific text in the spec describing this scenario. I propose that the correct way to resolve bug 17199 is to remove section 5 (Key Release). 97764 19 watsonm 2013-12-18 00:04:21 +0000 It depends on the resolution of bug 23955, but I expect you are right that the only change necessary will be to remove that section. 98085 20 adrianba 2014-01-07 15:52:21 +0000 I removed section 5 as discussed. https://dvcs.w3.org/hg/html-media/rev/422db29bacd5 98100 21 watsonm 2014-01-07 19:31:49 +0000 I reviewed the various changes and there is one item missing, which is the possibility for the session to transition to PENDING on the way to CLOSED during the Session Close algorithm. I raised Bug 24226 for this. 98105 22 adrianba 2014-01-07 20:48:28 +0000 (In reply to Mark Watson from comment #21) > I reviewed the various changes and there is one item missing, which is the > possibility for the session to transition to PENDING on the way to CLOSED > during the Session Close algorithm. > > I raised Bug 24226 for this. I don't believe this is missing - see the comments in bug 24226. 1313 2013-01-11 17:07:42 +0000 2013-01-11 17:07:42 +0000 Proposal for key release text encrypted-media-key-release.html text/html 12685 watsonm PCFET0NUWVBFIGh0bWwgU1lTVEVNICJhYm91dDpsZWdhY3ktY29tcGF0Ij4KPGh0bWw+CiAgPGhl YWQ+CjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0idGV4dC9odG1sOyBj aGFyc2V0PXV0Zi04Ij4KICAgIDx0aXRsZT5FbmNyeXB0ZWQgTWVkaWEgRXh0ZW5zaW9uczwvdGl0 bGU+CiAgICA8bGluayByZWw9InN0eWxlc2hlZXQiIGhyZWY9InZpZGVvLXdvcmtpbmctZHJhZnQu Y3NzIj4KICAgIDxsaW5rIHJlbD0ic3R5bGVzaGVldCIgaHJlZj0ibWFpbi5jc3MiPgogICAgPGxp bmsgdHlwZT0idGV4dC9jc3MiIHJlbD0ic3R5bGVzaGVldCIgaHJlZj0iaHR0cDovL3d3dy53My5v cmcvU3R5bGVTaGVldHMvVFIvdzNjLWVkLmNzcyI+CiAgICA8c3R5bGUgdHlwZT0idGV4dC9jc3Mi PgogICAgICBkaXYubm9ubm9ybWF0aXZlIHsgY29sb3I6IGdyZWVuOyBtYXJnaW46IDJlbSAwIDJl bSAwZW07IHBhZGRpbmc6IDAuNWVtIDFlbTsgYm9yZGVyOiBub25lOyBiYWNrZ3JvdW5kOiAjRERG RkREOyB9CiAgICAgIC5ub25ub3JtYXRpdmU6YmVmb3JlIHsgZGlzcGxheTogdGFibGU7IG1hcmdp bjogLTFlbSAtMC41ZW0gLTAuNWVtIGF1dG87IHdpZHRoOiBhdXRvOyBjb250ZW50OiAnVGhpcyBz ZWN0aW9uIGlzIG5vbi1ub3JtYXRpdmUuJzsgY29sb3I6IGJsYWNrOyBmb250LXN0eWxlOiBpdGFs aWM7IGJvcmRlcjogc29saWQgMnB4OyBiYWNrZ3JvdW5kOiB3aGl0ZTsgcGFkZGluZzogMCAwLjI1 ZW07IH0KCiAgICAgIAogICAgICAubm9uLW5vcm1hdGl2ZSB7IGZvbnQtc3R5bGU6IGl0YWxpYzsg Y29sb3I6IERhcmtTbGF0ZUdyZXk7IH0KICAgICAgLm5vbi1ub3JtYXRpdmUgZW0geyBmb250LXN0 eWxlOiBub3JtYWw7fQogICAgICAubm9uLW5vcm1hdGl2ZSB2YXIgeyBmb250LXN0eWxlOiBub3Jt YWw7fQogICAgICBib2R5IHsKICAgICAgICBiYWNrZ3JvdW5kLWltYWdlOiB1cmwoaHR0cDovL3d3 dy53My5vcmcvU3R5bGVTaGVldHMvVFIvbG9nby11bm9mZmljaWFsKTsKICAgICAgfQogICAgPC9z dHlsZT4KICA8L2hlYWQ+CiAgPGJvZHk+CiAgICA8ZGl2IGNsYXNzPSJoZWFkIj4KICAgICAgPHA+ PGEgaHJlZj0iaHR0cDovL3d3dy53My5vcmcvIj48aW1nIHNyYz0iaHR0cDovL3d3dy53My5vcmcv SWNvbnMvdzNjX2hvbWUiIGFsdD0iVzNDIiB3aWR0aD0iNzIiIGhlaWdodD0iNDgiPjwvYT48L3A+ CiAgICAgIDxoMT5FbmNyeXB0ZWQgTWVkaWEgRXh0ZW5zaW9uczwvaDE+CiAgICAgIDxoMj5Qcm9w b3NhbCBmb3IgU2VjdXJlIFByb29mIG9mIEtleSBSZWxlYXNlPC9oMj4KICAgICAgPGgyPjxmb250 IGNvbG9yPSJyZWQiPldvcmsgaW4gcHJvZ3Jlc3MuPC9mb250PjwvaDI+CiAgICAgIDxkbD4KCiAg ICAgICAgPGR0PkF1dGhvcjo8L2R0PgogICAgICAgIDxkZD5NYXJrIFdhdHNvbiwgTmV0ZmxpeCwg SW5jLjwvZGQ+CiAgPGR0PkJ1Zzo8L2R0PgogIDxkZD48YSBocmVmPSJodHRwczovL3d3dy53My5v cmcvQnVncy9QdWJsaWMvc2hvd19idWcuY2dpP2lkPTE3MTk5Ij4xNzE5OTwvYT48L2RkPgogIDxk dD5EaXNjdXNzaW9uIGxpc3Q6PC9kdD4KICA8ZGQ+PGEgaHJlZj0iaHR0cDovL2xpc3RzLnczLm9y Zy9BcmNoaXZlcy9QdWJsaWMvcHVibGljLWh0bWwtbWVkaWEvIj5wdWJsaWMtaHRtbC1tZWRpYUB3 My5vcmc8L2E+PC9kZD4KICAgICAgPC9kbD4KICAgIDwvZGl2PgoKICAgIDxoMiBpZD0ia2V5LXJl bGVhc2UiPjQuIEtleSBSZWxlYXNlPC9oMj4KICAgIDxoMz40LjEuIEludHJvZHVjdGlvbjwvaDM+ CiAgICA8cD48aT5UaGlzIHNlY3Rpb24gaXMgbm9uLW5vcm1hdGl2ZS48L2k+PC9wPgogICAgPHA+ VGhlIGFib3ZlIHNlY3Rpb25zIHByb3ZpZGUgZm9yIGRlbGl2ZXJ5IG9mIGtleS9saWNlbnNlIGlu Zm9ybWF0aW9uIHRvIGEgPGEgaHJlZj0iI2NkbSI+Q29udGVudCBEZWNyeXB0aW9uIE1vZHVsZTwv YT4uCiAgICBUaGlzIHNlY3Rpb24gcHJvdmlkZXMgZm9yIG1hbmFnZW1lbnQgb2YgdGhlIGVudGly ZSBrZXkvbGljZW5zZSBsaWZlY3ljbGUsIHRoYXQgaXMsIHNlY3VyZSBwcm9vZiBvZiBrZXkgcmVs ZWFzZS4KICAgIFVzZSBjYXNlcyBmb3Igc3VjaCBwcm9vZiBpbmNsdWRlIGFueSBzZXJ2aWNlIHdo ZXJlIGlzIGl0IG5lY2Vzc2FyeSBmb3IgdGhlIHNlcnZpY2UgdG8ga25vdywgcmVsaWFibHksIHdo aWNoIGdyYW50ZWQga2V5cy9saWNlbmNlcyBhcmUgc3RpbGwgYXZhaWxhYmxlIGZvciB1c2UgYnkg dGhlIHVzZXIgYW5kIHdoaWNoIGhhdmUgYmVlbiBkZWxldGVkLgogICAgRXhhbXBsZXMgaW5jbHVk ZSBhIHNlcnZpY2Ugd2l0aCByZXN0cmljdGlvbnMgb24gdGhlIG51bWJlciBvZiBjb25jdXJyZW50 IHN0cmVhbXMgYXZhaWxhYmxlIHRvIGEgdXNlciBvciBhIHNlcnZpY2Ugd2hlcmUgY29udGVudCBp cyBhdmFpbGFibGUgb24gYSByZW50YWwgYmFzaXMsIGZvciB1c2Ugb2ZmbGluZS4KICAgIDwvcD4K ICAgIAogICAgPHA+U2VjdXJlIHByb29mIG9mIGtleSByZWxlYXNlIG11c3QgbmVjZXNzYXJpbHkg aW52b2x2ZSB0aGUgQ0RNIGR1ZSB0byB0aGUgcmVsYXRpdmUgZWFzZSB3aXRoIHdoaWNoIHNjcmlw dHMgbWF5IGJlIG1vZGlmaWVkLgogICAgVGhlIENETSBtdXN0IHByb3ZpZGUgYSBtZXNzYWdlIGFz c2VydGluZywgaW4gYSBDRE0tc3BlY2lmaWMgZm9ybSwgdGhhdCBhIHNwZWNpZmljIGtleSBvciBs aWNlbnNlIGhhcyBiZWVuIGRlc3Ryb3llZC4KICAgIFN1Y2ggbWVzc2FnZXMgbXVzdCBiZSBjYWNo ZWQgaW4gdGhlIENETSB1bnRpbCBhY2tub3dsZWRnZW1lbnQgb2YgdGhlaXIgZGVsaXZlcnkgdG8g dGhlIHNlcnZpY2UgaGFzIGJlZW4gcmVjZWl2ZWQuCiAgICBUaGlzIGFja25vd2xlZGdlbWVudCBt dXN0IGFsc28gYmUgaW4gdGhlIGZvcm0gb2YgYSBDRE0tc3BlY2lmaWMgbWVzc2FnZS4KICAgIDwv cD4KICAgIAogICAgPHA+VGhlIG1lY2hhbmlzbSBmb3Igc2VjdXJlIHByb29mIG9mIGtleSByZWxl YXNlIG9wZXJhdGVzIG91dHNpZGUgdGhlIHNjb3BlIG9mIGFueSA8YSBocmVmPSIjbWVkaWEtZWxl bWVudCI+bWVkaWEgZWxlbWVudDwvYT4uCiAgICBUaGlzIGlzIGJlY2F1c2UgcHJvb2Ytb2YtcmVs ZWFzZSBtZXNzYWdlcyBtYXkgYmUgY2FjaGVkIGluIENETXMgYWZ0ZXIgdGhlIGFzc29jaWF0ZWQg bWVkaWEgZWxlbWVudHMgaGF2ZSBiZWVuIGRlc3Ryb3llZC4KICAgIFByb29mLW9mLWtleS1yZWxl YXNlIG1lc3NhZ2VzIGFyZSBzdWJqZWN0IHRvIHRoZSBzYW1lIG9yaWdpbiBwb2xpY3k6IHRoZXkg c2hhbGwgb25seSBiZSBkZWxpdmVyZWQgdG8gc2NyaXB0cyB3aXRoIHRoZSBzYW1lIG9yaWdpbiBh cyB0aGUgc2NyaXB0IHdoaWNoIGNyZWF0ZWQgdGhlIG1lZGlhIGVsZW1lbnQgdGhhdCBwcm92aWRl ZCB0aGUga2V5L2xpY2Vuc2UuCiAgICA8L3A+CiAgICAKICAgIAogICAgVGhlIGZvbGxvd2luZyBz ZWN0aW9ucyBhcHBseSBvbmx5IGluIHRoZSBjYXNlIHRoYXQgYm90aCBVQSBhbmQgS2V5IFN5c3Rl bSBzdXBwb3J0IHNlY3VyZSBwcm9vZiBvZiBrZXkgcmVsZWFzZS4KCiAgICA8aDM+NC4yIFBlcnNp c3RlbnQgc3RvcmFnZSBvZiBrZXkgcmVsZWFzZSBtZXNzYWdlczwvaDM+CgogICAgPHA+VGhlIENE TSBzaG91bGQgbWFpbnRhaW4gYW4gb3JpZ2luLXNwZWNpZmljIHBlcnNpc3RlbnQgc3RvcmUgY29u dGFpbmluZyBpbmZvcm1hdGlvbiBhYm91dCBzZXNzaW9ucyBmb3Igd2hpY2gga2V5cyB3aGljaCBo YXZlIGJlZW4gZGVsZXRlZCwgZWFjaCBhc3NvY2lhdGVkIHdpdGggYSA8Y29kZT5zZXNzaW9uSWQ8 L2NvZGU+LjwvcD4KICAgIDxwIGNsYXNzPSJub24tbm9ybWF0aXZlIj5TdWNoIGEgc3RvcmUgY291 bGQsIGZvciBleGFtcGxlLCBjb25zaXN0cyBvZiBhIGZyZXF1ZW50bHkgdXBkYXRlZCBsaXN0IG9m IHNlc3Npb25zIDxlbT53aXRoPC9lbT4ga2V5cy4gQnkgY29tcGFyaW5nIHRoaXMgbGlzdCB3aXRo IHRoZSBDRE0ncyBsaXN0IG9mIGFjdHVhbGx5IHByZXNlbnQga2V5cywgdGhlIENETSBjYW4gZGV0 ZXJtaW5lIHRoZSBzZXQgb2Yga2V5cyB0aGF0IGhhdmUgYmVlbiBkZWxldGVkIHNpbmNlIHRoZSBs YXN0IHVwZGF0ZSBvZiB0aGUgc3RvcmUuPC9wPgoKICAgIDxoMz40LjMgUHJvdmlkaW5nIGEga2V5 IHJlbGVhc2UgbWVzc2FnZTwvaDM+CgogICAgPHA+V2hlbmV2ZXIgYSBrZXkgaXMgZGVsZXRlZCwg dGhlIGZvbGxvd2luZyBzdGVwcyBzaGFsbCBiZSBydW46CiAgICAgIDxvbD4KICAgICAgICAgIDxs aT48cD5VcGRhdGUgdGhlIHBlcnNpc3RlbnQgc3RvcmUgdG8gaW5kaWNhdGUgdGhhdCB0aGUga2V5 IGFzc29jaWF0ZWQgd2l0aCB0aGUgPGNvZGU+c2Vzc2lvbklkPC9jb2RlPiBoYXMgYmVlbiBkZWxl dGVkIGFuZCB0aGUgdGltZSBhdCB3aGljaCB0aGlzIG9jY3VycmVkLjwvcD48L2xpPgogICAgICAg ICAgPGxpPjxwPkNvbnN0cnVjdCBhIHByb29mIG9mIGtleSByZWxlYXNlIG1lc3NhZ2UsIGNvbnRh aW5pbmcgcHJvb2YgdGhhdCB0aGUga2V5cyBhbmQgbGljZW5zZXMgYXNzb2NpYXRlZCB3aXRoIHRo ZSBzZXNzaW9uIHdlcmUgZGVsZXRlZCBhbmQgdGhlIHRpbWUgYXQgd2hpY2ggdGhleSB3ZXJlIGRl bGV0ZWQuPC9wPjwvbGk+CiAgICAgICAgICBGdXJ0aGVybW9yZSwgdGhlIGZvbGxvd2luZyBzdGVw IFNIT1VMRCBiZSBydW46CiAgICAgICAgICA8bGk+CjxwPjxhIGhyZWY9Imh0dHA6Ly9kZXYudzMu b3JnL2h0bWw1L3NwZWMvd2ViYXBwYXBpcy5odG1sI3F1ZXVlLWEtdGFzayI+cXVldWUgYSB0YXNr PC9hPiB0byA8YSBocmVmPSJodHRwOi8vZGV2LnczLm9yZy9odG1sNS9zcGVjL3dlYmFwcGFwaXMu aHRtbCNmaXJlLWEtc2ltcGxlLWV2ZW50Ij5maXJlIGEgc2ltcGxlIGV2ZW50PC9hPiBldmVudCBu YW1lZCA8Y29kZT48YSBocmVmPSIjZG9tLWtleW1lc3NhZ2UiPmtleW1lc3NhZ2U8L2E+PC9jb2Rl PiBhdCB0aGUgPGNvZGU+PGEgaHJlZj0iI2RvbS1tZWRpYWtleXNlc3Npb24iPk1lZGlhS2V5U2Vz c2lvbjwvYT48L2NvZGU+IG9iamVjdCBjb250YWluaW5nIHRoZSBtZXNzYWdlIGNvbnN0cnVjdGVk IGF0IHN0ZXAgb25lLjwvcD4KICAgICAgICAgIDxwIGNsYXNzPSJub24tbm9ybWF0aXZlIj5JdCBp cyBleHBlY3RlZCB0aGF0IGluIHNldmVyYWwgc2NuZWFyaW9zLCBzdWNoIGFzIGtleSBkZWxldGlv biBkdWUgdG8gYnJvd3NlciBzaHV0ZG93biwgaXQgbWF5IG5vdCBiZSBwb3NzaWJsZSB0byBmaXJl IHRoZSBrZXltZXNzYWdlIGV2ZW50LjwvcD4KPC9saT4KICAgICAgPC9vbD4KICAgIDwvcD4KICAg IAogICAgPGgzPjQuNCBBY2tub3dsZWRnaW5nIHJlY2VpcHQgb2YgYSBrZXkgcmVsZWFzZSBtZXNz YWdlPC9oMz4KCiAgICA8cD5Qcm9vZiBvZiByZWNlaXB0IG9mIHRoZSBzZWN1cmUgcHJvb2Ygb2Yg a2V5IHJlbGVhc2UgYnkgdGhlIHNlcnZlciBzaGFsbCBiZSBwcm92aWRlZCB3aXRoaW4gS2V5U3lz dGVtLXNwZWNpZmljIG1lc3NhZ2VzIHVzaW5nIHRoZSA8Y29kZT48YSBocmVmPSIjZG9tLXVwZGF0 ZSI+dXBkYXRlPC9hPjwvY29kZT4gbWV0aG9kIG9mIDxjb2RlPjxhIGhyZWY9IiNkb20tbWVkaWFr ZXlzZXNzaW9uIj5NZWRpYUtleVNlc3Npb248L2E+PC9jb2RlPi4gVGhlIGZvbGxvd2luZyBzdGVw cyBhcmUgYWRkZWQgdG8gc3RlcCAyLCBzdWJzdGVwIDQgb2YgdGhlIDxjb2RlPjxhIGhyZWY9IiNk b20tdXBkYXRlIj51cGRhdGU8L2E+PC9jb2RlPiBwcm9jZWR1cmU6CiAgICAgIDxvbD4KICAgICAg ICA8bGkgdmFsdWU9IjJhIj4KICAgICAgICAgIDxwPkZvciBlYWNoIGFja25vd2xlZGdlbWVudCBv ZiByZWNlaXB0IG9mIGEgc2VjdXJlIHByb29mIG9mIGtleSByZWxlYXNlIGluIDxjb2RlPjxhIGhy ZWY9IiNkb20ta2V5Ij5rZXk8L2E+PC9jb2RlPjoKICAgICAgICAgICAgPG9sPgogICAgICAgICAg ICAgIDxsaT48cD5SZW1vdmUgdGhlIGluZm9ybWF0aW9uIGFzc29jaWF0ZWQgd2l0aCA8Y29kZT5z ZXNzaW9uSWQ8L2NvZGU+IGZyb20gdGhlIHBlcnNpc3RlbnQgc3RvcmUuPC9wPjwvbGk+CiAgICAg ICAgICAgIDwvb2w+CiAgICAgICAgICA8L3A+CiAgICAgICAgPC9saT4KICAgICAgPC9vbD4KICAg IDwvcD4KCiAgICA8aDM+NC41IFJldHJpZXZpbmcgc3RvcmVkIGtleSByZWxlYXNlIG1lc3NhZ2Vz PC9oMz4KICAgIDxwPlN0ZXAgMiBvZiB0aGUgcHJvY2VkdXJlIGZvciB0aGUgPGNvZGU+PGEgaHJl Zj0iI2RvbS1jcmVhdGVzZXNzaW9uIj5jcmVhdGVTZXNzaW9uPC9hPjwvY29kZT4gbWV0aG9kIG9m IDxjb2RlPjxhIGhyZWY9IiNkb20tbWVkaWFrZXlzIj5NZWRpYUtleXM8L2E+PC9jb2RlPiBpcyBt b2RpZmllZCBieSB0aGUgaW50cm9kdWN0aW9uIG9mIGEgbmV3IHN0ZXAgYWZ0ZXIgc3RlcCAxIGFz IGZvbGxvd3M6CiAgICAgIDxvbD4KICAgICAgICA8bGkgdmFsdWU9IjFhIj4KICAgICAgICAgIDxw PklmIDxjb2RlPjxhIGhyZWY9IiNkb20tdHlwZSI+dHlwZTwvYT48L2NvZGU+IGlzIGVxdWFsIHRv IHRoZSBzcGVjaWFsIHN0cmluZyAia2V5cmVsZWFzZSIsIHRoZW4gdGhlIDxhIGhyZWY9InVhLXJl dHJpZXZlLXJlbGVhc2Utc2Vzc2lvbiI+cmV0cmlldmUgYSBNZWRpYUtleVNlc3Npb24gd2l0aCBy ZWxlYXNlZCBrZXkocyk8L2E+IHByb2NlZHVyZSBzaGFsbCBiZSBleGVjdXRlZCBhbmQgdGhlIGZv bGxvd2luZyBzdGVwcyBhYm9ydGVkLjwvcD4KICAgICAgICA8L2xpPgogICAgICA8L29sPgogICAg PC9wPgogICAgPGg0IGlkPSJ1YS1yZXRyaWV2ZS1yZWxlYXNlLXNlc3Npb24iPjQuNS4xIFJldHJp ZXZpbmcgYSBNZWRpYUtleVNlc3Npb24gd2l0aCByZWxlYXNlZCBrZXlzPC9oND4KICAgIDxwPldo ZW4gdGhlICdyZXRyaWV2ZSBhIE1lZGlhS2V5U2Vzc2lvbiB3aXRoIHJlbGVhc2VkIGtleShzKScg cHJvY2VkdXJlIGlzIHRvIGJlIGV4ZWN1dGVkIHRoZSBmb2xsb3dpbmcgc3RlcHMgYXJlIHJ1bjoK ICAgICAgPG9sPgogICAgICAgIDxsaT4KICAgICAgICAgIDxwPkNyZWF0ZSBhIG5ldyA8Y29kZT48 YSBocmVmPSIjZG9tLW1lZGlha2V5c2Vzc2lvbiI+TWVkaWFLZXlTZXNzaW9uPC9hPjwvY29kZT4g b2JqZWN0CiAgICAgICAgICAgIDxvbD4KICAgICAgICAgICAgICA8bGk+PHA+TGV0IHRoZSA8Y29k ZT48YSBocmVmPSIjZG9tLWtleXN5c3RlbSI+a2V5U3lzdGVtPC9hPjwvY29kZT4gYXR0cmlidXRl IGJlIDx2YXIgdGl0bGU9InRydWUiPmtleVN5c3RlbTwvdmFyPjwvcD48L2xpPgogICAgICAgICAg ICAgIDxsaT48cD5MZXQgdGhlIDxjb2RlPjxhIGhyZWY9IiNkb20tc2Vzc2lvbmlkIj5zZXNzaW9u SWQ8L2E+PC9jb2RlPiBhdHRyaWJ1dGUgYmUgPHZhciB0aXRsZT0idHJ1ZSI+bnVsbDwvdmFyPjwv cD48L2xpPgogICAgICAgICAgICA8L29sPgogICAgICAgICAgPC9wPgogICAgICAgIDwvbGk+CiAg ICAgICAgPGxpPjxwPkFkZCB0aGUgbmV3IG9iamVjdCB0byBhbiBpbnRlcm5hbCBsaXN0IG9mIHNl c3Npb24gb2JqZWN0czwvcD48L2xpPgogICAgICAgIDxsaT4KICAgICAgICAgIDxwPlNjaGVkdWxl IGEgdGFzayB0byBnZW5lcmF0ZSBhIGtleSByZWxlYXNlIG1lc3NhZ2UsIHByb3ZpZGluZyB0aGUg bmV3IDxjb2RlPjxhIGhyZWY9IiNkb20tbWVkaWFrZXlzZXNzaW9uIj5NZWRpYUtleVNlc3Npb248 L2E+PC9jb2RlPiBvYmplY3Q8L3A+CiAgICAgICAgICA8cD5UaGUgdXNlciBhZ2VudCB3aWxsIGFz eW5jaHJvbm91c2x5IGV4ZWN1dGUgdGhlIGZvbGxvd2luZyBzdGVwcyBpbiB0aGUgdGFzazoKICAg ICAgICAgICAgPG9sPgogICAgICAgICAgICAgIDxsaT48cD5MZXQgPHZhciB0aXRsZT0idHJ1ZSI+ Y2RtPC92YXI+IGJlIHRoZSBjZG0gbG9hZGVkIGluIHRoZSBNZWRpYUtleXMgY29uc3RydWN0b3I8 L3A+PC9saT4KICAgICAgICAgICAgICA8bGk+PHA+TGV0IDx2YXIgdGl0bGU9InRydWUiPmRlZmF1 bHRVUkw8L3Zhcj4gYmUgPGNvZGU+bnVsbDwvY29kZT48L3A+PC9saT4KICAgICAgICAgICAgICAK ICAgICAgICAgICAgICA8bGk+CiAgICAgICAgICAgICAgICA8cD5Vc2UgPHZhciB0aXRsZT0idHJ1 ZSI+Y2RtPC92YXI+IHRvIDxhIGhyZWY9ImNkbS1yZXRyaWV2ZS1rZXktcmVsZWFzZSI+cmV0cmll dmUgYSBrZXkgcmVsZWFzZSBtZXNzYWdlPC9hPiBhbmQgZm9sbG93IHRoZSBzdGVwcyBmb3IgdGhl IGZpcnN0IG1hdGNoaW5nIGNvbmRpdGlvbiBmcm9tIHRoZSBmb2xsb3dpbmcgbGlzdDoKICAgICAg ICAgICAgICAgICAgPGRsIGNsYXNzPSJzd2l0Y2giPgogICAgICAgICAgICAgICAgICAgIDxkdD5J ZiBhIGtleSByZWxlYXNlIG1lc3NhZ2UgaXMgc3VjZXNzZnVsbHkgZ2VuZXJhdGVkPC9kdD4KICAg ICAgICAgICAgICAgICAgICA8ZGQ+CiAgICAgICAgICAgICAgICAgICAgICA8b2w+CiAgICAgICAg ICAgICAgICAgICAgICAgIDxsaT48cD5TZXQgdGhlIDxjb2RlPjxhIGhyZWY9IiNkb20tbWVkaWFr ZXlzZXNzaW9uIj5NZWRpYUtleVNlc3Npb248L2E+PC9jb2RlPiBvYmplY3QncyA8Y29kZT48YSBo cmVmPSIjZG9tLXNlc3Npb25pZCI+c2Vzc2lvbklkPC9hPjwvY29kZT4gYXR0cmlidXRlIHRvIHRo ZSA8dmFyIHRpdGxlPSJ0cnVlIj5zZXNzaW9uSWQ8L3Zhcj4gcmV0dXJuZWQgYnkgdGhlIENETS48 L3A+PC9saT4KICAgICAgICAgICAgICAgICAgICAgICAgPGxpPjxwPkxldCA8dmFyIHRpdGxlPSJ0 cnVlIj5rZXlyZWxlYXNlPC92YXI+IGJlIHRoZSBwcm9vZiBvZiBrZXkgcmVsZWFzZSBtZXNzYWdl IGdlbmVyYXRlZCBieSB0aGUgQ0RNLjwvcD48L2xpPgogICAgICAgICAgICAgICAgICAgICAgICA8 bGk+PHA+TGV0IDx2YXIgdGl0bGU9InRydWUiPmRlZmF1bHRVUkw8L3Zhcj4gYmUgdGhlIFVSTCBy ZXR1cm5lZCBieSB0aGUgQ0RNLCBvciBudWxsIGlmIG5vIFVSTCB3YXMgcmV0dXJuZWQ8L3A+PC9s aT4KICAgICAgICAgICAgICAgICAgICAgIDwvb2w+CiAgICAgICAgICAgICAgICAgICAgPC9kZD4K ICAgICAgICAgICAgICAgICAgICA8ZHQ+T3RoZXJ3aXNlPC9kdD4KICAgICAgICAgICAgICAgICAg ICA8ZGQ+CiAgICAgICAgICAgICAgICAgICAgICA8b2w+CiAgICAgICAgICAgICAgICAgICAgICAg IDxsaT4KICAgICAgICAgICAgICAgICAgICAgICAgICA8cD5DcmVhdGUgYSBuZXcgPGNvZGU+PGEg aHJlZj0iI2RvbS1tZWRpYWtleWVycm9yIj5NZWRpYUtleUVycm9yPC9hPjwvY29kZT4gb2JqZWN0 IHdpdGggdGhlIGZvbGxvd2luZyBhdHRyaWJ1dGVzCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICA8dWwgc3R5bGU9Imxpc3Qtc3R5bGUtdHlwZTpub25lIj4KICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgPGxpPjxwPjxjb2RlPjxhIGhyZWY9IiNkb20tY29kZSI+Y29kZTwvYT48L2NvZGU+ ID0gdGhlIDxjb2RlPjxhIGhyZWY9IiNkb20tbWVkaWFrZXllcnJvciI+TWVkaWFLZXlFcnJvcjwv YT48L2NvZGU+IGNvZGUgcmV0dXJuZWQgYnkgdGhlIENETTwvcD48L2xpPgogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICA8bGk+PHA+PGNvZGU+PGEgaHJlZj0iI2RvbS1zeXN0ZW1jb2RlIj5z eXN0ZW1Db2RlPC9hPjwvY29kZT4gPSBhIEtleSBTeXN0ZW0tc3BlY2lmaWMgdmFsdWUsIGlmIHBy b3ZpZGVkIGJ5IHRoZSBDRE0sIGFuZCAwIG90aGVyd2lzZTwvcD48L2xpPgogICAgICAgICAgICAg ICAgICAgICAgICAgICAgPC91bD4KICAgICAgICAgICAgICAgICAgICAgICAgICA8L3A+CiAgICAg ICAgICAgICAgICAgICAgICAgIDwvbGk+CiAgICAgICAgICAgICAgICAgICAgICAgIDxsaT48cD5T ZXQgdGhlIDxjb2RlPjxhIGhyZWY9IiNkb20tbWVkaWFrZXlzZXNzaW9uIj5NZWRpYUtleVNlc3Np b248L2E+PC9jb2RlPiBvYmplY3QncyA8Y29kZT48YSBocmVmPSIjZG9tLWVycm9yIj5lcnJvcjwv YT48L2NvZGU+IGF0dHJpYnV0ZSB0byB0aGUgPGNvZGU+PGEgaHJlZj0iI2RvbS1tZWRpYWtleWVy cm9yIj5NZWRpYUtleUVycm9yPC9hPjwvY29kZT4gb2JqZWN0IGNyZWF0ZWQgaW4gdGhlIHByZXZp b3VzIHN0ZXA8L3A+PC9saT4KICAgICAgICAgICAgICAgICAgICAgICAgPGxpPjxwPjxhIGhyZWY9 Imh0dHA6Ly9kZXYudzMub3JnL2h0bWw1L3NwZWMvd2ViYXBwYXBpcy5odG1sI3F1ZXVlLWEtdGFz ayI+cXVldWUgYSB0YXNrPC9hPiB0byA8YSBocmVmPSJodHRwOi8vZGV2LnczLm9yZy9odG1sNS9z cGVjL3dlYmFwcGFwaXMuaHRtbCNmaXJlLWEtc2ltcGxlLWV2ZW50Ij5maXJlIGEgc2ltcGxlIGV2 ZW50PC9hPiBuYW1lZCA8Y29kZT5rZXllcnJvcjwvY29kZT4gYXQgdGhlIDxjb2RlPjxhIGhyZWY9 IiNkb20tbWVkaWFrZXlzZXNzaW9uIj5NZWRpYUtleVNlc3Npb248L2E+PC9jb2RlPiBvYmplY3Q8 L3A+PC9saT4KICAgICAgICAgICAgICAgICAgICAgICAgPGxpPjxwPkFib3J0IHRoZSBjdXJyZW50 IHRhc2s8L3A+PC9saT4KICAgICAgICAgICAgICAgICAgICAgIDwvb2w+CiAgICAgICAgICAgICAg ICAgICAgPC9kZD4KICAgICAgICAgICAgICAgICAgPC9kbD4KICAgICAgICAgICAgICAgIDwvcD4K ICAgICAgICAgICAgICA8L2xpPgogICAgICAgICAgICAgIAogICAgICAgICAgICAgIDxsaT4KICAg ICAgICAgICAgICAgIDxwPjxhIGhyZWY9Imh0dHA6Ly9kZXYudzMub3JnL2h0bWw1L3NwZWMvd2Vi YXBwYXBpcy5odG1sI3F1ZXVlLWEtdGFzayI+cXVldWUgYSB0YXNrPC9hPiB0byA8YSBocmVmPSJo dHRwOi8vZGV2LnczLm9yZy9odG1sNS9zcGVjL3dlYmFwcGFwaXMuaHRtbCNmaXJlLWEtc2ltcGxl LWV2ZW50Ij5maXJlIGEgc2ltcGxlIGV2ZW50PC9hPiBuYW1lZCA8Y29kZT5rZXltZXNzYWdlPC9j b2RlPiBhdCB0aGUgbmV3IG9iamVjdDwvcD4KICAgICAgICAgICAgICAgIDxwPlRoZSBldmVudCBp cyBvZiB0eXBlIDxjb2RlPjxhIGhyZWY9IiNkb20tbWVkaWFrZXltZXNzYWdlZXZlbnQiPk1lZGlh S2V5TWVzc2FnZUV2ZW50PC9hPjwvY29kZT4gYW5kIGhhczoKICAgICAgICAgICAgICAgICAgPHVs IHN0eWxlPSJsaXN0LXN0eWxlLXR5cGU6bm9uZSI+CiAgICAgICAgICAgICAgICAgICAgPGxpPjxw Pjxjb2RlPjxhIGhyZWY9IiNkb20tbWVzc2FnZSI+bWVzc2FnZTwvYT48L2NvZGU+ID0gPHZhciB0 aXRsZT0idHJ1ZSI+a2V5cmVsZWFzZTwvdmFyPjwvcD48L2xpPgogICAgICAgICAgICAgICAgICAg IDxsaT48cD48Y29kZT48YSBocmVmPSIjZG9tLWRlc3RpbmF0aW9udXJsIj5kZXN0aW5hdGlvblVS TDwvYT48L2NvZGU+ID0gPHZhciB0aXRsZT0idHJ1ZSI+ZGVmYXVsdFVSTDwvdmFyPjwvcD48L2xp PgogICAgICAgICAgICAgICAgICA8L3VsPgogICAgICAgICAgICAgICAgPC9wPgogICAgICAgICAg ICAgIDwvbGk+CiAgICAgICAgICAgIDwvb2w+CiAgICAgICAgICA8L3A+CiAgICAgICAgPC9saT4K ICAgICAgICA8bGk+PHA+UmV0dXJuIHRoZSBuZXcgb2JqZWN0IHRvIHRoZSBjYWxsZXI8L3A+PC9s aT4KICAgICAgPC9vbD4KICAgIDwvcD4KICAgIAogICAgPGg0IGlkPSJjZG0tcmV0cmlldmUta2V5 LXJlbGVhc2UiPjQuNS4yIENETSByZXRyaWV2aW5nIGEga2V5IHJlbGVhc2UgbWVzc2FnZTwvaDQ+ CgogICAgPHA+V2hlbiBhIENETSBpcyByZXF1aXJlZCB0byA8ZW0+cmV0cmlldmUgYSBrZXkgcmVs ZWFzZSBtZXNzYWdlPC9lbT4gaXQgc2hhbGwgcGVyZm9ybSB0aGUgZm9sbG93aW5nIHN0ZXBzOgog ICAgICA8b2w+CiAgICAgICAgPGxpPgogICAgICAgICAgPHA+SWYgdGhlIHBlcnNpc3RlbnQgc3Rv cmUgaXMgZW1wdHksIG9yIGlmIGFsbCA8Y29kZT5zZXNzaW9uSWQ8L2NvZGU+IHZhbHVlcyBpbiB0 aGUgcGVyc2lzdGVudCBzdG9yZSBhbHJlYWR5IGhhdmUgPGNvZGU+PGEgaHJlZj0iI2RvbS1tZWRp YWtleXNlc3Npb24iPk1lZGlhS2V5U2Vzc2lvbjwvYT48L2NvZGU+IG9iamVjdHMgYXNzb2NpYXRl ZCwKICAgICAgICAgICAgIHRoZW4gcmV0dXJuIGFuIGVycm9yIGluZGljYXRpb24gd2l0aCBjb2Rl IDxjb2RlPjxhIGhyZWY9IiNkb20tbWVkaWFfa2V5ZXJyX25vdF9mb3VuZCI+TUVESUFfS0VZRVJS X05PVF9GT1VORDwvYT48L2NvZGU+IGFuZCBhYm9ydCB0aGUgZm9sbG93aW5nIHN0ZXBzLjwvcD4K ICAgICAgICA8L2xpPgogICAgICAgIDxsaT48cD5MZXQgPHZhciB0aXRsZT0idHJ1ZSI+c2Vzc2lv bklkPC92YXI+IGJlIHRoZSBvbGRlc3QgPGNvZGU+c2Vzc2lvbklkPC9jb2RlPiBpbiB0aGUgcGVy c2lzdGVudCBzdG9yZSBmb3Igd2hpY2ggbm8gPGNvZGU+PGEgaHJlZj0iI2RvbS1tZWRpYWtleXNl c3Npb24iPk1lZGlhS2V5U2Vzc2lvbjwvYT48L2NvZGU+IG9iamVjdCBleGlzdHMuPC9wPjwvbGk+ CiAgICAgICAgPGxpPjxwPkdlbmVyYXRlIGEgcHJvb2Ygb2Yga2V5IHJlbGVhc2UgbWVzc2FnZSwg PHZhciB0aXRsZT0idHJ1ZSI+a2V5cmVsZWFzZTwvdmFyPiwgZm9yIDx2YXIgdGl0bGU9InRydWUi PnNlc3Npb25JZDwvdmFyPi48L3A+PC9saT4KICAgICAgICA8bGk+PHA+SWYgdGhlIHBlcnNpc3Rl bnQgc3RvcmUgY29udGFpbnMgYSBVUkwgYXNzb2NpYXRlZCB3aXRoIDx2YXIgdGl0bGU9InRydWUi PnNlc3Npb25JZDwvdmFyPiBsZXQgPHZhciB0aXRsZT0idHJ1ZSI+ZGVmYXVsdFVybDwvdmFyPiBi ZSB0aGF0IFVSTC48L3A+PC9saT4KICAgICAgICA8bGk+PHA+UmV0dXJuIDx2YXIgdGl0bGU9InRy dWUiPnNlc3Npb25JZDwvdmFyPiwgPHZhciB0aXRsZT0idHJ1ZSI+a2V5cmVsZWFzZTwvdmFyPiBh bmQgPHZhciB0aXRsZT0idHJ1ZSI+ZGVmYXVsdFVybDwvdmFyPi48L3A+PC9saT4KICAgICAgPC9v bD4KICAgIDwvcD4KCiAgPC9ib2R5Pgo8L2h0bWw+Cg== 1314 2013-01-15 02:42:09 +0000 2013-01-15 02:42:09 +0000 Proposed changes to createSession() per Comment 11. createSession.diff text/plain 9290 ddorwin ZGlmZiAtciBmZGYwZDI3MmQ3NGEgZW5jcnlwdGVkLW1lZGlhL2VuY3J5cHRlZC1tZWRpYS5odG1s Ci0tLSBhL2VuY3J5cHRlZC1tZWRpYS9lbmNyeXB0ZWQtbWVkaWEuaHRtbAlNb24gSmFuIDE0IDE3 OjQ2OjU3IDIwMTMgLTA4MDAKKysrIGIvZW5jcnlwdGVkLW1lZGlhL2VuY3J5cHRlZC1tZWRpYS5o dG1sCU1vbiBKYW4gMTQgMTg6NDA6MTggMjAxMyAtMDgwMApAQCAtMzI0LDcgKzMyNCw3IEBACiAg ICAgPG9sPgogICAgICAgPGxpPjxwPklmIDx2YXIgdGl0bGU9InRydWUiPnR5cGU8L3Zhcj4gaXMg bnVsbCBvciBhbiBlbXB0eSBzdHJpbmcgYW5kIDx2YXIgdGl0bGU9InRydWUiPmluaXREYXRhPC92 YXI+IGlzIDxlbT5ub3Q8L2VtPiBudWxsIG9yIGFuIGVtcHR5IHN0cmluZywgdGhyb3cgYW4gPGNv ZGU+PGEgaHJlZj0iaHR0cDovL2R2Y3MudzMub3JnL2hnL2RvbWNvcmUvcmF3LWZpbGUvdGlwL092 ZXJ2aWV3Lmh0bWwjZG9tLWRvbWV4Y2VwdGlvbi1pbnZhbGlkX2FjY2Vzc19lcnIiPklOVkFMSURf QUNDRVNTX0VSUjwvYT48L2NvZGU+IGV4Y2VwdGlvbiBhbmQgYWJvcnQgdGhlc2Ugc3RlcHMuPC9w PjwvbGk+CiAgICAgICAKLSAgICAgIDxsaT48cD5JZiA8dmFyIHRpdGxlPSJ0cnVlIj50eXBlPC92 YXI+IGNvbnRhaW5zIGEgTUlNRSB0eXBlIHRoYXQgaXMgbm90IHN1cHBvcnRlZCBvciBpcyBub3Qg c3VwcG9ydGVkIGJ5IHRoZSA8Y29kZT48YSBocmVmPSIjZG9tLWtleXN5c3RlbSI+a2V5U3lzdGVt PC9hPjwvY29kZT4sIHRocm93IGEgPGNvZGU+PGEgaHJlZj0iaHR0cDovL2R2Y3MudzMub3JnL2hn L2RvbWNvcmUvcmF3LWZpbGUvdGlwL092ZXJ2aWV3Lmh0bWwjZG9tLWRvbWV4Y2VwdGlvbi1ub3Rf c3VwcG9ydGVkX2VyciI+Tk9UX1NVUFBPUlRFRF9FUlI8L2E+PC9jb2RlPiBleGNlcHRpb24gYW5k IGFib3J0IHRoZXNlIHN0ZXBzLjwvcD48L2xpPgorICAgICAgPGxpPjxwPklmIDx2YXIgdGl0bGU9 InRydWUiPnR5cGU8L3Zhcj4gaXMgbm90IHN1cHBvcnRlZCBieSB0aGUgdXNlciBhZ2VudCBhbmQg PGNvZGU+PGEgaHJlZj0iI2RvbS1rZXlzeXN0ZW0iPmtleVN5c3RlbTwvYT48L2NvZGU+IG5vciwg dGhyb3cgYSA8Y29kZT48YSBocmVmPSJodHRwOi8vZHZjcy53My5vcmcvaGcvZG9tY29yZS9yYXct ZmlsZS90aXAvT3ZlcnZpZXcuaHRtbCNkb20tZG9tZXhjZXB0aW9uLW5vdF9zdXBwb3J0ZWRfZXJy Ij5OT1RfU1VQUE9SVEVEX0VSUjwvYT48L2NvZGU+IGV4Y2VwdGlvbiBhbmQgYWJvcnQgdGhlc2Ug c3RlcHMuIDxzcGFuIGNsYXNzPSJub24tbm9ybWF0aXZlIj5JbiBtb3N0IGNhc2VzLCB0aGlzIG1l YW5zIDx2YXIgdGl0bGU9InRydWUiPnR5cGU8L3Zhcj4gaXMgbm90IGEgc3VwcG9ydGVkIG1lZGlh IHR5cGUuPC9zcGFuPjwvcD48L2xpPgogCiAgICAgICA8bGk+PHA+TGV0IDx2YXIgdGl0bGU9InRy dWUiPmNkbTwvdmFyPiBiZSB0aGUgPHZhciB0aXRsZT0idHJ1ZSI+Y2RtPC92YXI+IGxvYWRlZCBp biB0aGUgPGEgaHJlZj0iI2RvbS1tZWRpYS1rZXlzLWNvbnN0cnVjdG9yIj48Y29kZT5NZWRpYUtl eXM8L2NvZGU+IGNvbnN0cnVjdG9yPC9hPi48L3A+PC9saT4KIApAQCAtMzM4LDE5ICszMzgsMjAg QEAKICAgICAgIDxsaT48cD5BZGQgdGhlIG5ldyBvYmplY3QgdG8gYW4gaW50ZXJuYWwgbGlzdCBv ZiBzZXNzaW9uIG9iamVjdHMuPC9wPjwvbGk+CiAKICAgICAgIDxsaT4KLTxwPlNjaGVkdWxlIGEg dGFzayB0byBnZW5lcmF0ZSBhIGtleSByZXF1ZXN0LCBwcm92aWRpbmcgPHZhciB0aXRsZT0idHJ1 ZSI+dHlwZTwvdmFyPiwgPHZhciB0aXRsZT0idHJ1ZSI+aW5pdERhdGE8L3Zhcj4sIGFuZCB0aGUg bmV3IG9iamVjdC48L3A+Cis8cD5TY2hlZHVsZSBhIHRhc2sgdG8gY29tcGxldGUgaW5pdGlhbGl6 aW9uIG9mIHRoZSBzZXNzaW9uLCBwcm92aWRpbmcgPHZhciB0aXRsZT0idHJ1ZSI+dHlwZTwvdmFy PiwgPHZhciB0aXRsZT0idHJ1ZSI+aW5pdERhdGE8L3Zhcj4sIGFuZCB0aGUgbmV3IG9iamVjdC4g PHNwYW4gY2xhc3M9Im5vbi1ub3JtYXRpdmUiPkluIG1vc3QgY2FzZXMsIHRoaXMgcmVzdWx0cyBp biBnZW5lcmF0aW9uIG9mIGEga2V5IHJlcXVlc3QuPC9zcGFuPjwvcD4KICAgICAgICAgPHA+VGhl IHVzZXIgYWdlbnQgd2lsbCBhc3luY2hyb25vdXNseSBleGVjdXRlIHRoZSBmb2xsb3dpbmcgc3Rl cHMgaW4gdGhlIHRhc2s6PC9wPgogICAgICAgICA8b2w+CiAgICAgICAgICAgPGxpPjxwPkxldCA8 dmFyIHRpdGxlPSJ0cnVlIj5kZWZhdWx0VVJMPC92YXI+IGJlIG51bGwuPC9wPjwvbGk+CiAgICAg ICAgICAgPGxpPgotPHA+VXNlIDx2YXIgdGl0bGU9InRydWUiPmNkbTwvdmFyPiB0byBnZW5lcmF0 ZSBhIGtleSByZXF1ZXN0IGFuZCBmb2xsb3cgdGhlIHN0ZXBzIGZvciB0aGUgZmlyc3QgbWF0Y2hp bmcgY29uZGl0aW9uIGZyb20gdGhlIGZvbGxvd2luZyBsaXN0OjwvcD4KKzxwPlVzZSA8dmFyIHRp dGxlPSJ0cnVlIj5jZG08L3Zhcj4gdG8gY29tcGxldGUgaW5pdGlhbGl6aW9uIGFuZCBmb2xsb3cg dGhlIHN0ZXBzIGZvciB0aGUgZmlyc3QgbWF0Y2hpbmcgY29uZGl0aW9uIGZyb20gdGhlIGZvbGxv d2luZyBsaXN0OjwvcD4KICAgICAgICAgICAgIDxkbCBjbGFzcz0ic3dpdGNoIj4KLSAgICAgICAg ICAgICAgPGR0PklmIGEgcmVxdWVzdCBpcyBzdWNjZXNzZnVsbHkgZ2VuZXJhdGVkPC9kdD4KKyAg ICAgICAgICAgICAgPGR0PklmIHRoZSBzZXNzaW9uIGlzIHN1Y2Nlc2Z1bGx5IGluaXRpYWxpemVk PC9kdD4KICAgICAgICAgICAgICAgPGRkPgogICAgICAgICAgICAgICA8b2w+CiAgICAgICAgICAg ICAgICAgPGxpPgotPHA+TGV0IDx2YXIgdGl0bGU9InRydWUiPmtleSByZXF1ZXN0PC92YXI+IGJl IGEga2V5IHJlcXVlc3QgZ2VuZXJhdGVkIGJ5IHRoZSA8YSBocmVmPSIjY2RtIj5DRE08L2E+IHVz aW5nIDx2YXIgdGl0bGU9InRydWUiPmluaXREYXRhPC92YXI+LCBpZiBwcm92aWRlZC48L3A+Cis8 cD5MZXQgPHZhciB0aXRsZT0idHJ1ZSI+cmVzcG9uc2U8L3Zhcj4gYmUgYSBtZXNzYWdlIHJlbGF0 ZWQgdG8gc3VjY2Vzc2Z1bCBpbml0aWFsaXphdGlvbi48L3A+CiAgICAgICAgICAgICAgICAgICA8 cD5Ob3RlOiA8dmFyIHRpdGxlPSJ0cnVlIj5jZG08L3Zhcj4gbXVzdCBub3QgdXNlIGFueSBkYXRh LCBpbmNsdWRpbmcgPGEgaHJlZj0iaHR0cDovL3d3dy53My5vcmcvVFIvaHRtbDUvdmlkZW8uaHRt bCNtZWRpYS1kYXRhIj5tZWRpYSBkYXRhPC9hPiwgbm90IHByb3ZpZGVkIHZpYSA8dmFyIHRpdGxl PSJ0cnVlIj5pbml0RGF0YTwvdmFyPi48L3A+CisgICAgICAgICAgICAgICAgICA8cCBjbGFzcz0i bm9uLW5vcm1hdGl2ZSI+SW4gbW9zdCBjYXNlcywgdGhpcyBpcyBhIGtleSByZXF1ZXN0IGdlbmVy YXRlZCBieSB0aGUgPGEgaHJlZj0iI2NkbSI+Q0RNPC9hPiB1c2luZyA8dmFyIHRpdGxlPSJ0cnVl Ij50eXBlPC92YXI+IGFuZCA8dmFyIHRpdGxlPSJ0cnVlIj5pbml0RGF0YTwvdmFyPiwgaWYgcHJv dmlkZWQuPC9wPgogICAgICAgICAgICAgICAgICAgPHAgY2xhc3M9Im5vbi1ub3JtYXRpdmUiPjx2 YXIgdGl0bGU9InRydWUiPnR5cGU8L3Zhcj4gbWF5IGJlIHVzZWQgdG8gZGV0ZXJtaW5lIGhvdyB0 byBpbnRlcnByZXQgPHZhciB0aXRsZT0idHJ1ZSI+aW5pdERhdGE8L3Zhcj4uPC9wPgogICAgICAg ICAgICAgICAgIDwvbGk+CiAgICAgICAgICAgICAgICAgPGxpPjxwPklmIDx2YXIgdGl0bGU9InRy dWUiPmluaXREYXRhPC92YXI+IGlzIG5vdCBudWxsIGFuZCBjb250YWlucyBhIGRlZmF1bHQgVVJM IGZvciA8dmFyIHRpdGxlPSJ0cnVlIj5rZXlTeXN0ZW08L3Zhcj4sIGxldCA8dmFyIHRpdGxlPSJ0 cnVlIj5kZWZhdWx0VVJMPC92YXI+IGJlIHRoYXQgVVJMLjwvcD48L2xpPiAKQEAgLTM3NSw3ICsz NzYsNyBAQAogPHA+PGEgaHJlZj0iaHR0cDovL3d3dy53My5vcmcvVFIvaHRtbDUvd2ViYXBwYXBp cy5odG1sI3F1ZXVlLWEtdGFzayI+cXVldWUgYSB0YXNrPC9hPiB0byA8YSBocmVmPSJodHRwOi8v d3d3LnczLm9yZy9UUi9odG1sNS93ZWJhcHBhcGlzLmh0bWwjZmlyZS1hLXNpbXBsZS1ldmVudCI+ ZmlyZSBhIHNpbXBsZSBldmVudDwvYT4gbmFtZWQgPGNvZGU+PGEgaHJlZj0iI2RvbS1rZXltZXNz YWdlIj5rZXltZXNzYWdlPC9hPjwvY29kZT4gYXQgdGhlIG5ldyBvYmplY3Q8L3A+CiAgICAgICAg ICAgICA8cD5UaGUgZXZlbnQgaXMgb2YgdHlwZSA8Y29kZT48YSBocmVmPSIjZG9tLW1lZGlha2V5 bWVzc2FnZWV2ZW50Ij5NZWRpYUtleU1lc3NhZ2VFdmVudDwvYT48L2NvZGU+IGFuZCBoYXM6PC9w PgogICAgICAgICAgICAgPHVsIHN0eWxlPSJsaXN0LXN0eWxlLXR5cGU6bm9uZSI+PGxpPgotICAg ICAgICAgICAgICA8Y29kZT48YSBocmVmPSIjZG9tLW1lc3NhZ2UiPm1lc3NhZ2U8L2E+PC9jb2Rl PiA9IDx2YXIgdGl0bGU9InRydWUiPmtleSByZXF1ZXN0PC92YXI+PGJyPgorICAgICAgICAgICAg ICA8Y29kZT48YSBocmVmPSIjZG9tLW1lc3NhZ2UiPm1lc3NhZ2U8L2E+PC9jb2RlPiA9IDx2YXIg dGl0bGU9InRydWUiPnJlc3BvbnNlPC92YXI+PGJyPgogICAgICAgICAgICAgICA8Y29kZT48YSBo cmVmPSIjZG9tLWRlc3RpbmF0aW9udXJsIj5kZXN0aW5hdGlvblVSTDwvYT48L2NvZGU+ID0gPHZh ciB0aXRsZT0idHJ1ZSI+ZGVmYXVsdFVSTDwvdmFyPgogICAgICAgICAgICAgPC9saT48L3VsPgog ICAgICAgICAgICAgPHAgY2xhc3M9Im5vbi1ub3JtYXRpdmUiPk5vdGU6IDxjb2RlPjxhIGhyZWY9 IiNkb20tbWVzc2FnZSI+bWVzc2FnZTwvYT48L2NvZGU+IG1heSBiZSBhIHJlcXVlc3QgZm9yIG11 bHRpcGxlIGtleXMsIGRlcGVuZGluZyBvbiB0aGUgPHZhciB0aXRsZT0idHJ1ZSI+PGEgaHJlZj0i I2tleS1zeXN0ZW0iPmtleVN5c3RlbTwvYT48L3Zhcj4gYW5kL29yIDx2YXIgdGl0bGU9InRydWUi PmluaXREYXRhPC92YXI+LiBUaGlzIGlzIHRyYW5zcGFyZW50IHRvIHRoZSBhcHBsaWNhdGlvbi48 L3A+CmRpZmYgLXIgZmRmMGQyNzJkNzRhIGVuY3J5cHRlZC1tZWRpYS9lbmNyeXB0ZWQtbWVkaWEu eG1sCi0tLSBhL2VuY3J5cHRlZC1tZWRpYS9lbmNyeXB0ZWQtbWVkaWEueG1sCU1vbiBKYW4gMTQg MTc6NDY6NTcgMjAxMyAtMDgwMAorKysgYi9lbmNyeXB0ZWQtbWVkaWEvZW5jcnlwdGVkLW1lZGlh LnhtbAlNb24gSmFuIDE0IDE4OjQwOjE4IDIwMTMgLTA4MDAKQEAgLTMxNyw3ICszMTcsNyBAQAog ICAgIDxvbD4KICAgICAgIDxsaT48cD5JZiA8dmFyIHRpdGxlPSJ0cnVlIj50eXBlPC92YXI+IGlz IG51bGwgb3IgYW4gZW1wdHkgc3RyaW5nIGFuZCA8dmFyIHRpdGxlPSJ0cnVlIj5pbml0RGF0YTwv dmFyPiBpcyA8ZW0+bm90PC9lbT4gbnVsbCBvciBhbiBlbXB0eSBzdHJpbmcsIHRocm93IGFuIDxp bnZhbGlkLWFjY2Vzcy1lcnIvPiBleGNlcHRpb24gYW5kIGFib3J0IHRoZXNlIHN0ZXBzLjwvcD48 L2xpPgogICAgICAgCi0gICAgICA8bGk+PHA+SWYgPHZhciB0aXRsZT0idHJ1ZSI+dHlwZTwvdmFy PiBjb250YWlucyBhIE1JTUUgdHlwZSB0aGF0IGlzIG5vdCBzdXBwb3J0ZWQgb3IgaXMgbm90IHN1 cHBvcnRlZCBieSB0aGUgPGNvZGVyZWY+a2V5U3lzdGVtPC9jb2RlcmVmPiwgdGhyb3cgYSA8bm90 LXN1cHBvcnRlZC1lcnIvPiBleGNlcHRpb24gYW5kIGFib3J0IHRoZXNlIHN0ZXBzLjwvcD48L2xp PgorICAgICAgPGxpPjxwPklmIDx2YXIgdGl0bGU9InRydWUiPnR5cGU8L3Zhcj4gaXMgbm90IHN1 cHBvcnRlZCBieSB0aGUgdXNlciBhZ2VudCBhbmQgPGNvZGVyZWY+a2V5U3lzdGVtPC9jb2RlcmVm PiBub3IsIHRocm93IGEgPG5vdC1zdXBwb3J0ZWQtZXJyLz4gZXhjZXB0aW9uIGFuZCBhYm9ydCB0 aGVzZSBzdGVwcy4gPHNwYW4gY2xhc3M9Im5vbi1ub3JtYXRpdmUiPkluIG1vc3QgY2FzZXMsIHRo aXMgbWVhbnMgPHZhciB0aXRsZT0idHJ1ZSI+dHlwZTwvdmFyPiBpcyBub3QgYSBzdXBwb3J0ZWQg bWVkaWEgdHlwZS48L3NwYW4+PC9wPjwvbGk+CiAKICAgICAgIDxsaT48cD5MZXQgPHZhciB0aXRs ZT0idHJ1ZSI+Y2RtPC92YXI+IGJlIHRoZSA8dmFyIHRpdGxlPSJ0cnVlIj5jZG08L3Zhcj4gbG9h ZGVkIGluIHRoZSA8YSBocmVmPSIjZG9tLW1lZGlhLWtleXMtY29uc3RydWN0b3IiPjxjb2RlPk1l ZGlhS2V5czwvY29kZT4gY29uc3RydWN0b3I8L2E+LjwvcD48L2xpPgogCkBAIC0zMzAsMTcgKzMz MCwxOCBAQAogICAgICAgCiAgICAgICA8bGk+PHA+QWRkIHRoZSBuZXcgb2JqZWN0IHRvIGFuIGlu dGVybmFsIGxpc3Qgb2Ygc2Vzc2lvbiBvYmplY3RzLjwvcD48L2xpPgogCi0gICAgICA8bGk+PHA+ U2NoZWR1bGUgYSB0YXNrIHRvIGdlbmVyYXRlIGEga2V5IHJlcXVlc3QsIHByb3ZpZGluZyA8dmFy IHRpdGxlPSJ0cnVlIj50eXBlPC92YXI+LCA8dmFyIHRpdGxlPSJ0cnVlIj5pbml0RGF0YTwvdmFy PiwgYW5kIHRoZSBuZXcgb2JqZWN0LjwvcD4KKyAgICAgIDxsaT48cD5TY2hlZHVsZSBhIHRhc2sg dG8gY29tcGxldGUgaW5pdGlhbGl6aW9uIG9mIHRoZSBzZXNzaW9uLCBwcm92aWRpbmcgPHZhciB0 aXRsZT0idHJ1ZSI+dHlwZTwvdmFyPiwgPHZhciB0aXRsZT0idHJ1ZSI+aW5pdERhdGE8L3Zhcj4s IGFuZCB0aGUgbmV3IG9iamVjdC4gPHNwYW4gY2xhc3M9Im5vbi1ub3JtYXRpdmUiPkluIG1vc3Qg Y2FzZXMsIHRoaXMgcmVzdWx0cyBpbiBnZW5lcmF0aW9uIG9mIGEga2V5IHJlcXVlc3QuPC9zcGFu PjwvcD4KICAgICAgICAgPHA+VGhlIHVzZXIgYWdlbnQgd2lsbCBhc3luY2hyb25vdXNseSBleGVj dXRlIHRoZSBmb2xsb3dpbmcgc3RlcHMgaW4gdGhlIHRhc2s6PC9wPgogICAgICAgICA8b2w+CiAg ICAgICAgICAgPGxpPjxwPkxldCA8dmFyIHRpdGxlPSJ0cnVlIj5kZWZhdWx0VVJMPC92YXI+IGJl IG51bGwuPC9wPjwvbGk+Ci0gICAgICAgICAgPGxpPjxwPlVzZSA8dmFyIHRpdGxlPSJ0cnVlIj5j ZG08L3Zhcj4gdG8gZ2VuZXJhdGUgYSBrZXkgcmVxdWVzdCBhbmQgZm9sbG93IHRoZSBzdGVwcyBm b3IgdGhlIGZpcnN0IG1hdGNoaW5nIGNvbmRpdGlvbiBmcm9tIHRoZSBmb2xsb3dpbmcgbGlzdDo8 L3A+CisgICAgICAgICAgPGxpPjxwPlVzZSA8dmFyIHRpdGxlPSJ0cnVlIj5jZG08L3Zhcj4gdG8g Y29tcGxldGUgaW5pdGlhbGl6aW9uIGFuZCBmb2xsb3cgdGhlIHN0ZXBzIGZvciB0aGUgZmlyc3Qg bWF0Y2hpbmcgY29uZGl0aW9uIGZyb20gdGhlIGZvbGxvd2luZyBsaXN0OjwvcD4KICAgICAgICAg ICAgIDxkbCBjbGFzcz0ic3dpdGNoIj4KLSAgICAgICAgICAgICAgPGR0PklmIGEgcmVxdWVzdCBp cyBzdWNjZXNzZnVsbHkgZ2VuZXJhdGVkPC9kdD4KKyAgICAgICAgICAgICAgPGR0PklmIHRoZSBz ZXNzaW9uIGlzIHN1Y2Nlc2Z1bGx5IGluaXRpYWxpemVkPC9kdD4KICAgICAgICAgICAgICAgPGRk PgogICAgICAgICAgICAgICA8b2w+Ci0gICAgICAgICAgICAgICAgPGxpPjxwPkxldCA8dmFyIHRp dGxlPSJ0cnVlIj5rZXkgcmVxdWVzdDwvdmFyPiBiZSBhIGtleSByZXF1ZXN0IGdlbmVyYXRlZCBi eSB0aGUgPGEgaHJlZj0iI2NkbSI+Q0RNPC9hPiB1c2luZyA8dmFyIHRpdGxlPSJ0cnVlIj5pbml0 RGF0YTwvdmFyPiwgaWYgcHJvdmlkZWQuPC9wPgorICAgICAgICAgICAgICAgIDxsaT48cD5MZXQg PHZhciB0aXRsZT0idHJ1ZSI+cmVzcG9uc2U8L3Zhcj4gYmUgYSBtZXNzYWdlIHJlbGF0ZWQgdG8g c3VjY2Vzc2Z1bCBpbml0aWFsaXphdGlvbi48L3A+CiAgICAgICAgICAgICAgICAgICA8cD5Ob3Rl OiA8dmFyIHRpdGxlPSJ0cnVlIj5jZG08L3Zhcj4gbXVzdCBub3QgdXNlIGFueSBkYXRhLCBpbmNs dWRpbmcgPHZpZGVvYW5jaG9yIG5hbWU9Im1lZGlhLWRhdGEiPm1lZGlhIGRhdGE8L3ZpZGVvYW5j aG9yPiwgbm90IHByb3ZpZGVkIHZpYSA8dmFyIHRpdGxlPSJ0cnVlIj5pbml0RGF0YTwvdmFyPi48 L3A+CisgICAgICAgICAgICAgICAgICA8cCBjbGFzcz0ibm9uLW5vcm1hdGl2ZSI+SW4gbW9zdCBj YXNlcywgdGhpcyBpcyBhIGtleSByZXF1ZXN0IGdlbmVyYXRlZCBieSB0aGUgPGEgaHJlZj0iI2Nk bSI+Q0RNPC9hPiB1c2luZyA8dmFyIHRpdGxlPSJ0cnVlIj50eXBlPC92YXI+IGFuZCA8dmFyIHRp dGxlPSJ0cnVlIj5pbml0RGF0YTwvdmFyPiwgaWYgcHJvdmlkZWQuPC9wPgogICAgICAgICAgICAg ICAgICAgPHAgY2xhc3M9Im5vbi1ub3JtYXRpdmUiPjx2YXIgdGl0bGU9InRydWUiPnR5cGU8L3Zh cj4gbWF5IGJlIHVzZWQgdG8gZGV0ZXJtaW5lIGhvdyB0byBpbnRlcnByZXQgPHZhciB0aXRsZT0i dHJ1ZSI+aW5pdERhdGE8L3Zhcj4uPC9wPgogICAgICAgICAgICAgICAgIDwvbGk+CiAgICAgICAg ICAgICAgICAgPGxpPjxwPklmIDx2YXIgdGl0bGU9InRydWUiPmluaXREYXRhPC92YXI+IGlzIG5v dCBudWxsIGFuZCBjb250YWlucyBhIGRlZmF1bHQgVVJMIGZvciA8dmFyIHRpdGxlPSJ0cnVlIj5r ZXlTeXN0ZW08L3Zhcj4sIGxldCA8dmFyIHRpdGxlPSJ0cnVlIj5kZWZhdWx0VVJMPC92YXI+IGJl IHRoYXQgVVJMLjwvcD48L2xpPiAKQEAgLTM2Myw3ICszNjQsNyBAQAogICAgICAgICAgIDxsaT48 cD48cXVldWUtYS10YXNrLz4gdG8gPGZpcmUtYS1zaW1wbGUtZXZlbnQvPiBuYW1lZCA8Y29kZXJl Zj5rZXltZXNzYWdlPC9jb2RlcmVmPiBhdCB0aGUgbmV3IG9iamVjdDwvcD4KICAgICAgICAgICAg IDxwPlRoZSBldmVudCBpcyBvZiB0eXBlIDxjb2RlcmVmPk1lZGlhS2V5TWVzc2FnZUV2ZW50PC9j b2RlcmVmPiBhbmQgaGFzOjwvcD4KICAgICAgICAgICAgIDx1bCBzdHlsZT0ibGlzdC1zdHlsZS10 eXBlOm5vbmUiPjxsaT4KLSAgICAgICAgICAgICAgPGNvZGVyZWY+bWVzc2FnZTwvY29kZXJlZj4g PSA8dmFyIHRpdGxlPSJ0cnVlIj5rZXkgcmVxdWVzdDwvdmFyPjxicj48L2JyPgorICAgICAgICAg ICAgICA8Y29kZXJlZj5tZXNzYWdlPC9jb2RlcmVmPiA9IDx2YXIgdGl0bGU9InRydWUiPnJlc3Bv bnNlPC92YXI+PGJyPjwvYnI+CiAgICAgICAgICAgICAgIDxjb2RlcmVmPmRlc3RpbmF0aW9uVVJM PC9jb2RlcmVmPiA9IDx2YXIgdGl0bGU9InRydWUiPmRlZmF1bHRVUkw8L3Zhcj4KICAgICAgICAg ICAgIDwvbGk+PC91bD4KICAgICAgICAgICAgIDxwIGNsYXNzPSJub24tbm9ybWF0aXZlIj5Ob3Rl OiA8Y29kZXJlZj5tZXNzYWdlPC9jb2RlcmVmPiBtYXkgYmUgYSByZXF1ZXN0IGZvciBtdWx0aXBs ZSBrZXlzLCBkZXBlbmRpbmcgb24gdGhlIDx2YXIgdGl0bGU9InRydWUiPjxhIGhyZWY9IiNrZXkt c3lzdGVtIj5rZXlTeXN0ZW08L2E+PC92YXI+IGFuZC9vciA8dmFyIHRpdGxlPSJ0cnVlIj5pbml0 RGF0YTwvdmFyPi4gVGhpcyBpcyB0cmFuc3BhcmVudCB0byB0aGUgYXBwbGljYXRpb24uPC9wPgo=