d environments, electronic mail is the most heavily lication. Users expect to be able to, and do, send e-mail to others who are connected directly or indirectly to the Internet, regardless of host operating system OF communications suite. With the explo- sively growing reliance on e-mail, there grows a demand for authentication and confidentiality services. Two schemes stand out as approaches that enjoy wide- spread use: Pretty Good Privacy (PGP) and S/MIME. Both are examined in this chapter. The chapter closes with a discussion of DomainKeys Identified Mail. PRs eb ace eee PGP is a remarkable phenomenon. Largely the effort of a single person, Phil Zimmermann, PGP provides a confidentiality and authentication service that can be used for electronic mail and file storage applications. In essence, Zimmermann has done the following: In virtually all distribute used network-based app! I. Selected the best available cryptographic algorithms as building blocks. 2. Integrated these algorithms into a general-purpose application that is inde- pendent of operating system and processor and that is based on a small set of easy-to-use commands.ennai nl ing te ue cde ey sst'ae te ule oar and commerea see if a (Viderypt, now Network atible lowcost ‘commercial version of PD 1oW widel n explosively ands n GP has grown exp 'y used A number of reasons can wth Sor this £10 se een a io aly 6 atoms, “avers wer wo mts po ne aa Senor ae iecteg eoritms that have survived extensive pubic review and are. Die Hele fr pub havea . ee «yption: and SHA“1 for hash coding con. ge includes RSA, DSS, ang Eh coding IDEA, and DES tor get whas a wide range Securely with others world etworks, other netwo Upanta doped by nor conto yy, ‘organization. For those any govern ‘with an instinctive ditrug makes PGP attractive, IMental or st * of “the establishment” thig (REC 3156; MIME Secur tandards PGP is now on an Internet sta ObenPGP), Nevertheless, Py endeavor. indards track ( 'GP still has a ty with aura of an antiesablishne’t sy eein with an overall ook at the Set PSE Nea eS eciae how cryptographic keys are ‘“reated and stored, Then, we address the vital issue of ublic-key managemene Notation Mos of the notation used in this chapter has been ning Pfr, but afew terms are new tis perhaps best tosummatize those. at the be, ig.” tol ‘ing symbols are used. K, = session Key used in symmetric encryption scheme PRs = private Key of user A, used in Public-key encryption. scheme EE! Publickey of une on Public key encryption seh EP = public key eneryption RE = public-key Accryption c symmetric encryption Symmetric decryption hash function concatenation ‘(GmPression using ZIP algorithm ~ conversion to radix 64 ASCH format! i—_ 224 TRONIC MAM. Sr¢ The PGP documentation often uses tl with a public key in a public-key encryption practice risks confusion with a secret ke use the term private key instead, e term secret key scheme. As was used for symmetric torefertog ™entione arliee tha SMEFYDLOn Hees The actual operation of PGR as opposed tothe management of key services: authentication, confidentiality, compr ession, and e-may ont four (Table 7.1), We examine each of these in turn ‘mall compatibiy Figure 7.1 lsat th digital signature seg OP-This the dig gat scheme dase in Chapters ey Fgnte4$,The sequences follows stated 1. The sender creates a message. 2, SHA-Lis used o generate 160-it hash code ofthe message, ‘3. The hash code is encrypted with RSA usin result is prepended to the message. 4. The receiver uses RSA with the sender's hash code is the sender’ private key, andthe Public key to decrypt and recover the '. The receiver generates a new hash code for the with the decrypted hash code. Ifthe two match, t authentic. ‘message and compares it the message is accepted as ‘The combination of SHA-1 and RSA, Provides an effective digital signature scheme. Because of the strength of RSA, col the recipient is assured that only the ni Soeur gece ice aT Desipn ae ve Ge ee ‘signature Me DSS or RSA with the sender's private key and See Rose = See js | onenene SoS ae oa ee ee os cele ee Sone —— — oe a ‘transmission using ZIP. = SS ie ee wa “toan ASCII string using radix 64 comers "he America Standard Coe or infomation Interchange (ASC i described in Appspase fh ching Pile Ly cn ener the sent “ena of SHA the reen is atred tht no one ee 6 could gen ot mesg hal mates the hash code and, hens te eel Soiree message " Otging ‘Ns a alternative, signatures canbe generated sing Dssisa., ; Aina seotressoraly re ound tached tee they sign this isnot always the ease: Detached gnats supported i thy signature et swore and transmitted separately rom the pee as sefulin several contents A User may wish opus covmpestiaurry. Another basi se is provided by encrypting messages -d locally as, Alternatively, IDEA or 3DES may be weed ‘The Obit cipheFFeedBack (cr) ot sued 2 ny alvay one met ais the problem of ay dition ta POP umpc keys ued onl onc That anew keys genertcoase esse nunbe foreach esa Thus although is ietenedtsin i dae 8 sein ey i is ealiy a one-time Ke. Beenie tabe sed oa an session key ishound tothe message and teanenitea ig encrypted with the recsiver' publ To protect the key iis ie key. Figure 7.1 illustrates the sequence cies can be described as follows. vice provided by PGP is confi Fidentia {o be transmitted or to be stored loca tt 1. ‘The sender generates a message and ‘session key for this message only. 2 ‘The message is encrypted using CAST:128 (or IDEA or 3DES) with thes sion key, ‘@random 128-bit number tobe usedas ‘The session key is encrypted with RSA using the recipient's publickey andis Drepended to the message,” 4. The receiver uses RSA with its rivate key to decrypt and recover the session key 5. The session key is used to decrypt the message, vides an i an altrmative tothe use of RSA for key encryption, PGP provi lained in Chapter 3, Dill ‘option referred to as Diffie-Hellman. As was explained ‘ {ellman isa Key exchange algorithm. In fact, PGP uses a variant of bite Hella that does previde eneryption/decryption, known as ElGamal, ou Several observations may be made. First, to reduce encryption ine hom bination of symmeti and publciey eneryption i sed in preference (PY using RSA or F1Gamal to encrypt the menage drt: CAST-28 and th ot symmetric algorithms are substantially faster than RSA or ElGamal— WV ron tayo fue Jo no aM) SxdNON9p Angaiog apey on 8 aW) 36 wofsian fue osnesaq 2IQeradosoiN an 240 J UaKy ‘Bessa om ssaidwosa, wotssdwod 307%, 6q parearpa TL 2un14 uw worse orssoudi ardwiosap x 109 Up Jo qu; jaoed ayy ST 2. og sy og EE 2iojoq ng anak STEN 2 rou gr astro v : SINHA 305 504 g osn 241 sop K228 function and signature after compression woul conse ‘mentations to the same version of the compress a nal By on algorithm, "OP: 2 Message enryption is applied afer comprewion to suenenee Security, Because the compressed message hes fee les redum ‘original plaintext, cryptanalysis is more diffealy ndaey ae ‘The compression algorithm usd is ZIP, which is described " in Append, 6 ‘all Conny When PGP is used, atleast pat of the by en d (with {NE sender's private key). ICthe confidentiay Be cites, FREE signature i present) ae ened oh one ae Fw Per OF HTT resulting block conse of steam of neal However, many electronic mail ystems only permit th Son 6 se of Backs ee ASCILtext.To accommodate this restriction, PGP provides te ae saat the Faw bit binary stream to a stream of printable har erg “Tie scheme wed for is es Boas Convefsion ach roy tes of binary data. is mapped nto (Ou, ASCH hares THe Se appeais a CRC to detect transmission errr See Appendix 7a fn The use of radix GF expands a messaQe By 3335) Fortunatcy te sess sndsintue prion oft messes Smper andi ae “sage hs been compres In fac the compresion sould be mora compensate forthe ras expanson For example HELDM tpt ss Compression ratio of about 2.0 sing ZIP I we ignore the rela eee and key components, the typical overall lfc of compression anders. Ste of length X would be 1.33 = 05 xX = 065 x X'Thus thee kasha compgession of about one-third. One noteworthy aspect ofthe radix64 algorithm is that it bind comeste input stream to radix-64 format regardless of content even i the npet eng be ASCII text Thus fa message is signed but not encrypted andthe comenes applied tothe entire block, the output ee tothe cstal oben hich provides a certain level of confidentiality{as an option, PGP can be cn. tured t0 convert t.radix-64 format only the signature portion of signed slaet messages. This enables the human recipient to read the message without wing PO PGP would still have to be used to verify the signature Figure 72 shows the relationship among the four service so far discised.02 ‘transmission (if it is required), a signature is generated using a hash coe oe ‘uncompressed plaintext, Then the plaintext (plis signature if preseat is sm pres, Now fconenaliy is segnsed he Hock Commenadoiamererse Pressed signature plus plaintext is encrypted and prepended with the pubic encrypted symmetric eneryption Key. Finally, the entire block is converted radix-64 format, i On reception the incoming block first converted back from aif to binary Then, if the message encrypted the rexpient recovers the sess aid decrypts the message, The resulting block then decompresed If he mes is signed, the recipient recovers the transmitted hash code and compares i ‘own calculation ofthe hash codeCryptographic Keys and Key Rings HGP makes sf four yp of keys on-ti eon pee eos and psp Fastin kas er ep “rie em oreo wee ea \ACA means of generating ung i me 2(We would ike to allow a user to Teason shat the user may wah to chars When this happens ay messages inte pint poe ohvolete key. Furthermore, ries will know only we eta) Ure aches them, In adtion tothe need chang PM ey rey ih to have mip key pis at gen ine ene Buin fcrcsmdent rn een co a iat eerPed with anyone Key The apa af at rn eas Mane ee eRttespondence between users and their publ Eon, ‘means is needed for identifying particular. ‘keys. 75 Th ane Esch PGP entity must maintain a file of sown public ‘Well as a file of public keys, of correspondents, ge ae Plc key privy vate het key pet Pi ‘We examine each of these requirements in turn, CAST 28 and IDEA we fh key DES ues Tan discussion, we assume CAST-128, - Sto hid vd pes anor cine an smti of be gales mutoaitarc cesta a eee ce single messages Ko ours Ae have cued nent megs aol Miho pede ce aly th session key itself is enfrypted with the recipient's public key. Hence, ol He ‘esipient will be able to recover the session key and therefore recover the mesti a brow weer hve sea resitement that my vem wer may eV ciprivate Key pairs. n. doesy One simple solution would be (o transmit the pu weston key? Ome A then verity that this indeed one of i SARC. ced. This scheme would work, but it is unnece -ssarily waste. f y be hundeeds of decimal digits in length seiko cc fie key tats Ae ser pinata of eacr 1 and CAS wap the sth Me and pros MRSA public key m “lution would be to a todo iO. This solution, however raises a management Se ye must be assigned and stored so that both sender ia lic key. This seems unnecessarily mid Be nw jad Preikd map from Key ID to pI ‘Src8O™ om doped by PGP is to assign a ey 1D to each public Key that ig ‘The sol ability, unique within a user ID The key 1D ass at very high Pre T ts Teast significant 64 bits. That i, the key ID of public key rani key Sm ris alien ER tha the probably of pithy paps (PU mod 2 IDsisveF¥ 2 co required for the PGP digital signature. Because a sender aan a aot private keys to encrypt the message digest, the se one of ow which public key is intended for use. Accordingly, the rupiet us Mn ea of& message ineides the G&-bit key ID of the sii enc key, When the message is received, the recipient verifies that sane pv public Key that kaows for that sender and then posses vei th ne concept of key ID has been introduced, we can take a more detain bok at the format ofa transmitted message, which is shown in Figure 73 A mssage consis. of thtse componens the message component, a signature Nemo ompaeacpiad), ae "The message component includes the actual data to be stored aswéllasafilename and a timestamp that specifies the time of creation. “The signature component includes the following. ransmitted, \ + Timestamp: The time at which the signature was made. 5 * Message digest: The 160-bit SHA-1 digest encrypted with the sender's private signature key. The digest is calculated over the signature timestamp concate- nated with the data portion of the message component. The inclusion of the signature timestamp in the digest insures against replay types of attacks The exclusion of the filename and timestamp portions of the message component ensures that detached signatures are exactly the same as attached signatures Fefixed to the message. Detached signatures are calculated on a separate file ‘that has none of the message component header fields. Leading two octets of message digest: Enables the recipient to determine if the ‘omeet public key was used to decrypt the message digest for authentication by a 2 SSee Siete mi zfs ct poeeee ies 24 Jom» ns tar fer. LPC.) ~ encypion With wer pubic key EWP, 9) = enerypion with ers priate hey Elk) = gncypion with session key Rot = Rade comersion functon Figure 7 General Format PGP Message (from A to B) comparing this plaintext copy of the first two octets with the fist wo sts the decrypted digest, These octets also serve as a 16-bit frame check sequens= for the message. «+ Key ID of sender's public key: Identifies the public key that should bss decrypt the message digest and, hence, identifies the private Key that w to encrypt the message digest. ‘The message component and optional signature component may Pe SOF pressed using ZIP and may be encrypted using avession Key ie ‘The session key component includes the session Key ant tecipient’s public key that was used by the sender to encrypt the session Ke “The entire block is usually encoded with radix-64 encoding,a stent eyo pense amon mesa, Song Soy ed ypeo ques aurea 1u29}Hp & ater20sse 01 as0oy9 ous 1asn 94 s9A28OH (hounepsauqes-# dL 229801 *—— & (eg, Stallings, WStallings, WiliamStalin 5) Ff ets th more than once. ma, epateko ingen indeed y ter User Do see the need for both means of indexing, Tae Aihough is atnded tha the pr at-key ring be gu an cyl net tested nd owt thee pant an ong cuts ne fn mak the alo a possible. Accordingly, the private key itself is not stones im the kaya et foe STEFPIE! wing CAST:128 (or IDEA or sR) The prt Ret follows St f Deseret apie wed for neyptig wg, ey 2 When the system generates a new publiciprivate ey Pair using po Seseritee Uae a yO from the passphrase andthe passphrase s dean ca 3 The system encrypts the private key using CAST128 with the tnchacode asthe ey The hash codes then chee thei private key sstoredin the privatekey se fubsequently, when 9 user accesses the private-key Ting to retrieve vate key, he or she must su ‘GP will retrieve 1 Private key gencrate the hash code of the passphrase snd decrypt the en Private key using CAST:128 wit the hash code, “Tis i very compact and effective scheme. As in any system based on pas the eee of his system depends on the security aha ASSWOEE.To sed peescmPtation to writ it down, the user should ase n Passphrase thats not exh guessed but that is easly remembered, Figure 7.4 also s structure is used to sto the moment, tet fields. icture of a public-key ring. This day Users that are known to this were inthe figure and describe theflloing * Timestamp: The date/time * Key ID: The least i * Public Key: The pul * GAT ID: Identities the owner of this key Multiple user IDs may be associ with a single public when this entry was generated lgnificant 64 bits of the public key for ths entry. iblic key for this entry. ey, soa ftblickey rng can be indexed by either User 1D or Key ID:ve wl ‘he need for both means of indexing incr mand raeppestion to show how these Key rings are wedinmest tran and rece y (eve lquore compression and ay, Yeon the ae TPT er mesg anion FS ‘and assume that the message isto be both Signed and encrypted. The set ‘entity performs the following steps, eT rr a -_ a —-afrssou tp sidtoap pute Koy woHsss a4 S19RODDH HAIN ADs ‘Kay meaud pondinnsam ot s9x0001 oF asexydssed ou 30} 4960 oy sidwond geyq ‘aj uw se sesso amp Jo wauodutos fo PIN CH Koy, cx Bun Bua Koy-aeatad 24h way Koy areas, SumoHO4 aMp suUO}sad KinuD ADg FuIAts90% 945 suo9 st aS 2M Jo UaLIWOD Koy UOISS9S 24], > xoput ue Batsn Huu Koy-oqGnd ayp oH, Kay aygnd sauoidioas 9 “sBessout 9yp sidAaoua pur Koy (vamp pa a aveatad pardsouaun aqi ranonax oy aseaydssed ay) 0 s08n ayn sdwiord god “4 “Ponouas st Suu ay uo oy ayeausd say o4p ;puewH0D 249 ut papuord rou sem pEsn™xoX y] -Naput te se PTISsn~znok Susn Zu Aoy-syeauad oy wor Koy ayoatsd s.iopuas yp sana. cs -aBessou ay 1dutoo oi 4987) 01 Y 4987, wos} WonesDUaH a8ESSOWY dO236 cHarrrt E nc Mi Passphese ——e Private sng Palicey (Pei (or) te oo = Py : 4 Jeroe +69" jms Sense LSI Figure 76 conversion) PGP Message Reception (fom User A to User B;no compression radia 2 Authenticating the message: *- PGP retrieves the sender's public key from the public-key ring wing ek ID ficld in the signature key component ofthe message as an inde " PGP recovers the transmitted message digest. © PGP computes the message digest for the received message and compu! to the transmitted message digest to authenticate, Public-Key Management ‘As-can be seen from the discussion so far, PGP contains clever, efficient itis ing set of funetions and formats to provide an effective confidentiality and ash Service. To complete the system, one final area needs to be addres! of publ Hic-key management. The PGP documentation captures the importane this are This whole business of single most difficult ps is the “Achilles heel” ‘Ware complexity ist Protecting public keys from tampering eos roblem in practical public key applications ‘of public key cryptography, and a fot of ot ied up in solving this one problem.a JS9NPONUT UE 8 18 0) 1 O4M attosue feu "Paea st Koy sry eyR ASK pu & {doo © 2484 0 aN nom Keane Wr pu ge 99 pouits v Fuato991 pue oweU 1980 & FuIprAo.d ‘qu0% re Ipraoud ‘Guoyne wowine 91 Aq pauls pu pareain s sonny Kox-ongnd mone Fuysyn329 pos v wos) Ky augnd sq ior “pio uno 0 pawsod og p09 Sopp ula Xa pou WeY pudioad puw Kay o1qnd as1ej B a4e19 ED as}9 aUD ou amieuais aq parea.s aaey prno> ¢_juo asneaag ‘are euss ‘yorew swuudsaiuy oma otp 3] “suoyd ayy 1990 ur ye umn prnoo-y oy 49 Jo ,amadoR 24) wos} worshs sty oyut A> 241 peo} UIA Pino V LV Sddoy ® uo (aq) 524 yqnd 494 a201$ pyno> ¢ | wos) A>y 240 128 AI 1p2sn 24 pinoo rey) soyseosdde wos axe Bu 2soddng soy anjqnd 1 103 ayqissod sue soy 29 ue> ony adaooe sdessaw paydcroua {uw spuosas | WOH) iY 1eM) Os ouNpeUBIS 5,64 3840) pur 01 Soa 824 9111) q POs ) uaysKs preg ui SIMI 9 Aq pouno ox Sy wy asoddng238) The basie structure is as follows. E key certificate, as described in the p with the entry ring, 1, When A inserts a new public key on the — avalue to the trust flag that is associated the owneris A-and therefore Sable 72 Contents of Trust Flag Byte Pach entry in th preceding subsection, Assocs) fing, etry isa key legitimacy field that indicates the extent fe this isa valid public key for this user; the hi igher the lew binding of this user ID to this key. This field is comp 7er0 or more signatures thatthe ey sign this certificate. In turn, each si field that indicates the de lie Keys. The key legitimacy field is deri fields in the entry. Finally, each entry Jar owner,and an owner trust f public key is trusted To-sign other publi assigned by the user. We can think of the owner trust field from another entry. The three fields ment structure referred to as a trust these three uses is shovn in Tal key ring of user A. We can de ignature has asso “Bree to which this PGP user, ved from the defines a public k ield is included that indi «din the previous pa {ag byte. The content of this trust neon ble 7.2. Suppose that we ih scribe the operation oft Public {0 which pete of trust uted by PGp Ate g Tig owner ha ec ated with alee rss the sign ae collection of Ke Socata i fic the depen. B Tevel of tt : see aFaph are each « fore © are dealing with he trust procesing ne 28 flon, ublc keyring. Pop with the owner of thispangee ubIICKEY albo appears in hee then a vale of ultimate trust if automz r chs ly assigned tothe mang (@) Trast Assigned to Pabli-Key Owner (appears after key packet; user defined) (©) Trust Assigned to Public Key/User ID Pair (appears after User ID packets computed by PGP) (0) Trust Assigned Sgmae (appears afer sinatra, cached copy of OWNERTRUST {or this signator) ‘OWNERTRUST Feld undefined trast, unknown wer ~asualy not rusted to sign other keys ~vsualy rusted to sign tbe keys always trusted spn stherkeye this Key is presenti secret keyring (chimat a) KEYLEGIT ed unknown or undefined trast key ownership not rsted marginal trast key ownership complete stn key ownership Sierra andi ot eee at otros ton tat rte tsi eure thsky iret ints (ier BUCKSTOP bt set if this ey appear in secret key ing “WARNONLY bit “set i user wants only tbe vara when Key abi Bly ‘alidted is wed Tor encryption ‘CONTIG HE ignaturceatso 2 Sousa pac othe a tested cy ing ometee = s # « new public key is entered, one oF more signat sy be a w te publikey fing to sez he autor ofthis signature At a i dey owners If so the OWNERTRUST value for ths 0008 te dt the SIGTRUST fed for this signature. If not an unknown oor value i assigned. sae tue ofthe Key legitimacy fickd is calculated Gn the basis O€ the signature Are a eS ita tr Gacy ICAL eas he See Hae faa ~~ tras er himate, then the key legitimacy value is et to comolete. Otherwise, va of abet ne a oti as tee aa roe ree tatage alvaye trusted and 1Y. to signatures that aie gem Bil where 2 aad Ydse wer congue parameters When tie Gm irght ofthe introduers of a KeyfUserID consbiaaton' reaches {ike Bad of consdered to be trustworthy and the key legitimacy value set ¥o ene istic Thus in the absence of ultimste trust af least ¥ signatures that are Siways trusted, signatures that are usualy trusted, or some combination needed (periodical, PP process thi pubiskey rc o achieve come eco is wa top dono proves For each OWNERTRUST Bel Bb ag dig forall signaturs authored Oy that obser and updates he seg a equal he OWNERTRUST fel Tis proce sara wis Key forphieioee ee fc tna Then all KEYLECIT feos ae computed on thease teed Figue 7.7 provides an exanipleof the way in whic sia ra ad key legitimacy are related.? The figure shows the structure of a public-key ring. The user tas aquired a numberof public Keys some diel for hes open aeons tra rd par och sd Ee} Se The noe abeled "You" eters othe entry nthe public keyring eoespond: ing to this user. This key i leptimate andthe OWNERTRUST cee wales ‘as Each other node inthe Keyring hasan OWNERTRUST tales of andl us some other vale is asgnedby the wer-tn is example i er ace fg that i always truss the following users to sign other ese DE: taeae Partly ts wers A and B tosign athe kag So the shading, or lack thereof, of the nodes in Figure 7:7 indicates the level of {rst assigned by this user-The tee structure indicates which Keys ave Weer sane i 7 signe Wy user whose key aS SEL, The sighed ke ignatory WEFey SENET a er Wis igh key tothe signatory. Irthe Key fs SIRE By DreSeitin this KEV ring Te arrow joins the s yO IUEST ‘ndicatng that the signatori unknown fo this use. “Pst provided tothe suthor by Phil Zimmermann aN240 f 2 unknown signatory @-® O @ = Bey’ owner is rsed by you w sign keys oon © = kyon paty ne by on sie = late coe ba Figure77 PGP rust Model Example Is signed by Several points are illustrated in Figure 7.7 1. Note that all keys whose owners are fully or partly trusted by thie ne been signed by this use, with the exception of node L.Sucha wr spe not always necessary, asthe presence of node L indicates, butin pace users are likly to sign the keys for most owners tha they ts. Sse ple, even though E's key is already signed by trusted introduce th we those to sign E's key directly. 2. We assume that two partially trusted signatures ae suficientes Hence, the key for user His deemed legitimate by PGP becaseits se and B, both of whom are partially trusted 3. A key may be determined to be legitimate because it is signed by on fl) trused or two partially trusted signatories butts user may note sel ‘ther keys For example, N's key legitimate becaseits signed by Ewha user trusts, but N isnot trusted to sign other keys besause swt assigned N that trust value Therefore although R's key siened by SPOS bot consider R's key legitimate. This situation makes perfect sens send a private message to some individual, it is not neces OH indvial in any respect. It only necessary tha ou ae SH ‘onret public key for hat individ aan 4. Figure 7.7 also shows an example ofa detached “orphan POS Le unknown signatures Such a key may have been al ; ae eeBUI a “Koy ayeauid usjo}s B Jo asn snotorpeu ay) ueY) yeory) AyeyY $59] YoU e swu99s 71 ‘quoJoL0y pur ‘Koy o1]Qnd oy Jo asn a4 OUMO ayeUN!B9] ay SP [Jam se yuouoddo ay} Auap P]Nom siyy “OAeMOH{ ‘a}OIYIVIOO & YoNS onsst os[e wep JUNO UE Jo Koy ayeAtud oY pastuoIdutOD sey OYA JUdOddo UE yey) 10N -s8us foy-ougnd new) aepdn 01 sjuapuodsaxso9 jenuoiod aygeua 0} ajqissod se Ayyomb se pur Ajapim se aqeorjy199 sty} ayeUIUassip 0} }dwane Ua) P|NOYS 1OUMO oyy AdY¥ o1[Qnd B sayxOAaI Jey) 9}eOIJIII99 B USIS 0} pasn oq ysnui Koy ayeAtd Surpuodsais0s oy) JU} BON “Ady d1IQnd sty} JO asn ay} 2YOAE 0} St aqeaHI29 styj Jo asodind ay) yey) 1OykoIpUT Ue sapNyoUT yng ayeoyH09 ainyeUss [eu -10U P Se WLIO} OUTRS Mp Sey a1ROIITIIIO SI], “JOUMO aU) Aq pous ‘ayeoyI20 WOES -oA2i Koy B ONSst 0} 19UMO OY} 103 St Koy OTIQNd e SULYOAAd 10} UONUAALOD OUI, -esesydssed sno{ pue 3uuz Aoy-oyeatid sno wosy fay ayeausd ayy yyoq paurego Ped juauoddo ayy yey) 10 Ay ayeatad paydAsououn nok jo Adoo e poureiqo pey MOYewOS: juauoddo ue yey) exnbas pjnom astwosduios v yey) AON “poliad papuarxe Ue 10} Kay aures ay Jo asn ay} ploae 0} Ajduns 10 payadsns st astwiosdwioo asneseq 191) Pe ey augnd quoiino 19y 40 sty 0yOAeI 0} YsiM Kew Jasn-Y Say 1d OND -sornjeuais pwopuedap ou i i1e 30 wonouny e st (soy soyyo Buruas ut asn 10) Koy smqy UL IST Jo JoAa| UA SPAN “Soy yeu pur CL 980 IeyA YALA parelsosse somyeulfis ax uo spuadop Ao eV ALI sejnonied v yo ZuIpUtg Uy, ‘Cy 19Sn YOR Mojaq soAMeUaIS Jo JaquiNu v yA! ae = Zune1osse sq 198n Jo 1oquinU v sey fox aYQnd y-99N v Jo yoos aup Se AONE Jo ui ued om OF “a[durexa 10} ‘uossad owes a4p 10} SaSSOIppe [PEU-2 TUSOEP AN -ipur'souseu ajdijnut opun aanyeudis eis poonposnu uoaq sey 10 soueu posun uosiad v osnesaq aq pinos siuy “But Koy-o1qnd ay) uo Kay ayqnd asus © ws “posse aq Kew sq s9sn a[diyinus yey) pouonuou sem y1 syed syuod eu V souuoyeuis 5,403 a4) Jo auo Ayqny 191.9 Oy Buy see WU ADA BUNS Aq 30 11 BuwuBis Kq ayeusn to} Koy ou axe[9ap ysnut x9sM OWL FOAS IAP B Wosy oueD 11 asnvoag Aiduns ayeusNyBo| s1 Koy stu yey dUIMsse OULD A. WT ANIW/s / 7