<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
Hi Corey, <br>
<br>
Thanks for providing additional information about these issues.
Unfortunately I was away for both of the two meetings you mentioned
but I did look through those minutes and didn't consider them
conclusive on the two issues at hand.<br>
<br>
<div class="moz-cite-prefix">On 13/9/2022 8:58 μ.μ., Corey Bonnell
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:DM6PR14MB2186EDC3DCA0EF9EFECD939192479@DM6PR14MB2186.namprd14.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin-top:0in;
margin-right:0in;
margin-bottom:8.0pt;
margin-left:0in;
line-height:105%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
font-size:10.0pt;
font-family:"Courier New";}span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}div.WordSection1
{page:WordSection1;}ol
{margin-bottom:0in;}ul
{margin-bottom:0in;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Hi Dimitris,<o:p></o:p></p>
<p class="MsoNormal">The requirements for CRL and OCSP were
discussed in the June 22<sup>nd</sup> meeting. The minutes are
available here: <a
href="https://lists.cabforum.org/pipermail/smcwg-public/2022-August/000393.html"
moz-do-not-send="true" class="moz-txt-link-freetext">https://lists.cabforum.org/pipermail/smcwg-public/2022-August/000393.html</a><o:p></o:p></p>
<p class="MsoNormal">The conclusion from that meeting was that
mail clients currently support different revocation
mechanisms. Given the lack of consistency across Application
Software Suppliers, it was agreed to reflect existing Root
Program requirements in the SMBRs. Given that MSFT Root Policy
explicitly mandates OCSP for end-entity certificates, this
requirement was reflected in the SMBRs.</p>
</div>
</blockquote>
<br>
This is not my reading of those minutes. Here is a copy from a
portion of those minutes:<br>
<br>
<blockquote type="cite">
<pre>The WG continued to discuss comments that had been made in favor of making either CRL or OCSP optional. Martijn proposed a PR attempting to blend those changes. Stephen noted that the Microsoft policy required OCSP. Clint noted that Apple's requirement required CRL support (reported in CCDAB but not necessarily in a CDP in the leaf). Ben Wilson noted that Thunderbird preferred OCSP over CRL. However he also noted the possible privacy concerns that some may have regarding OCSP being used to mine information about users opening encrypted emails. Corey Bonnell pointed out that the same privacy issues could befall CRL as well in the case of sharded CRLs.
Stephen stated that he felt the draft S/MIME BR must make OCSP and CRL mandatory unless there was an explicit allowance on the point by the overarching root store requirements. He suggested revocation information of nonTLS certificates may be a useful topic at the next CABF F2F. Stefan Selbitschka noted the privacy issues relating to revocation are equally a concern that should be placed upon the mail user agents. Stephen noted that he would adopt some of the improvements however found in Martijn's PR.</pre>
</blockquote>
<br>
<br>
It is clearly stated that Microsoft Trusted Root Program Policy
mandates OCSP for end-entity certificates but, as already explained
in my previous message, this is most likely a copy-over from the TLS
BRs and already overridden by the Code Signing BRs. Also, <a
moz-do-not-send="true"
href="https://www.apple.com/certificateauthority/ca_program.html">Apple</a>,
<a moz-do-not-send="true"
href="https://support.google.com/a/answer/7300887">Gmail </a>and
<a moz-do-not-send="true"
href="https://github.com/mozilla/pkipolicy/blob/master/rootstore/policy.md">Mozilla
</a>Root Programs do not require OCSP for S/MIME Certificates. <br>
<br>
Setting up reliable OCSP infrastructure that is not used by the
majority of mail clients is a huge burden for CAs. I don't object to
doing an in-depth analysis with the collaboration of Certificate
Consumers, and determine whether OCSP should be required or not in
the next version of the SMBRs. However, until this analysis is
performed, mandating OCSP for S/MIME Certificates seems premature.<br>
<br>
As Stephen mentioned on that call, we should defer and discuss this
particular issue at the upcoming F2F meeting.<br>
<br>
<blockquote type="cite"
cite="mid:DM6PR14MB2186EDC3DCA0EF9EFECD939192479@DM6PR14MB2186.namprd14.prod.outlook.com">
<div class="WordSection1">
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal">Additionally, there was discussion on the
inclusion of the countryName (and other geographic location
attributes) on August 3<sup>rd</sup>: <a
href="https://lists.cabforum.org/pipermail/smcwg-public/2022-August/000433.html"
moz-do-not-send="true" class="moz-txt-link-freetext">https://lists.cabforum.org/pipermail/smcwg-public/2022-August/000433.html</a>.
The changes made to fix the issue that Martijn raised as well
as the proposal to make the geographic location attributes
optional were presented and no objections were raised at that
time.<o:p></o:p></p>
</div>
</blockquote>
<br>
Similarly, I didn't ready anything in the quoted minutes about the
countryName for those cases. <br>
<br>
<blockquote type="cite">
<pre>The WG returned to the topic of the use of geographic attributes in the Subject DN. Stephen noted that conflicting text on the use of the L and ST attributes that had been copied from the TLS BR has now been removed. He noted that the attributes are not allowed in Mailbox-validated profiles, and that the WG had previously agreed to allow significant flexibility in the Legacy generation profiles. As it stands, the SBR stipulates MAY for the attributes in the Organization-, Sponsored-, and Individual-validated profiles.</pre>
</blockquote>
<br>
<br>
The discussion was mainly around the localityName and the
stateOrProvinceName, especially in cases where the countryName is
sufficient for disambiguating the organization. The countryName
attribute is included in every ETSI-issued identity Certificate used
for S/MIME and is extremely easy to validate, as explained in my
previous message. Please consider at least requiring the countryName
for the Strict and Multipurpose profiles.<br>
<br>
<br>
Thanks,<br>
Dimitris.<br>
<br>
<br>
<br>
<blockquote type="cite"
cite="mid:DM6PR14MB2186EDC3DCA0EF9EFECD939192479@DM6PR14MB2186.namprd14.prod.outlook.com">
<div class="WordSection1">
<p class="MsoNormal">Thanks,<o:p></o:p></p>
<p class="MsoNormal">Corey<o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"
style="margin-bottom:0in;line-height:normal"><b>From:</b>
Smcwg-public <a class="moz-txt-link-rfc2396E" href="mailto:smcwg-public-bounces@cabforum.org"><smcwg-public-bounces@cabforum.org></a> <b>On
Behalf Of </b>Dimitris Zacharopoulos (HARICA) via
Smcwg-public<br>
<b>Sent:</b> Tuesday, September 13, 2022 12:10 PM<br>
<b>To:</b> Stephen Davidson
<a class="moz-txt-link-rfc2396E" href="mailto:Stephen.Davidson@digicert.com"><Stephen.Davidson@digicert.com></a>; SMIME Certificate
Working Group <a class="moz-txt-link-rfc2396E" href="mailto:smcwg-public@cabforum.org"><smcwg-public@cabforum.org></a><br>
<b>Subject:</b> Re: [Smcwg-public] Ballot SMC01: Final
Guideline for “S/MIME Baseline Requirements”<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><o:p> </o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:0in">On 13/9/2022
7:01 μ.μ., Stephen Davidson wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Hi Dimitris:<o:p></o:p></p>
<p class="MsoNormal">Thank you for the feedback. Both these
points were addressed in our earlier discussions regarding
the draft.<o:p></o:p></p>
<p class="MsoNormal">On the issue of OCSP support, you may
recall that there were varying proposals for varying the
requirements for both CRL and OCSP but the fact remains that
different root distribution programs have pre-existing
requirements for both of them. Thus, the decision was made
to retain the existing text. I have suggested that
revocation services would be a useful focus subject for a
future CABF F2F as this topic seems to come up in different
WG, and any changes must have the support of all the root
programs.<o:p></o:p></p>
<p class="MsoNormal">Similarly, on the issue of C in the
Subject DN, this was previously discussed several times and
the decision was made to stick the current text where the CA
MAY use the attribute but is not required to.<o:p></o:p></p>
<p class="MsoNormal">Best regards, Stephen<o:p></o:p></p>
</blockquote>
<p class="MsoNormal"
style="margin-bottom:0in;line-height:normal"><br>
I did a quick search in previous minutes and I couldn't find
consensus for both those topics. If you can point me to these
previous discussions and minutes that demonstrate consensus
among the group, it would be very helpful. <br>
<br>
For the OCSP topic, you mention that "different root
distribution programs have pre-existing requirements". Which
program, other than Microsoft, requires OCSP for S/MIME
Certificates?<br>
<br>
As things stand, HARICA will be forced to vote "No" to this
ballot.<br>
<br>
<br>
Dimitris.<br>
<br>
<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"
style="margin-bottom:0in;line-height:normal"><b>From:</b>
Smcwg-public <a
href="mailto:smcwg-public-bounces@cabforum.org"
moz-do-not-send="true"><smcwg-public-bounces@cabforum.org></a>
<b>On Behalf Of </b>Dimitris Zacharopoulos (HARICA) via
Smcwg-public<br>
<b>Sent:</b> Tuesday, September 13, 2022 7:25 AM<br>
<b>To:</b> <a href="mailto:smcwg-public@cabforum.org"
moz-do-not-send="true" class="moz-txt-link-freetext">smcwg-public@cabforum.org</a><br>
<b>Subject:</b> Re: [Smcwg-public] Ballot SMC01: Final
Guideline for “S/MIME Baseline Requirements”<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal"><br>
After a more detailed review by the HARICA team, we
noticed some areas of concern that we hope will be
considered for update by the authors and endorsers of this
ballot.<o:p></o:p></p>
<ol type="1" start="1">
<li class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l2
level1 lfo3">7.1.2.3 c<o:p></o:p></li>
</ol>
<ol type="1" start="1">
<ol type="1" start="1">
<li class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l2
level2 lfo3">authorityInformationAccess (<b>SHALL </b>be
present) -> authorityInformationAccess (<b>SHOULD </b>be
present) [Rationale: OCSP is not currently required
for S/MIME Certificates by all Certificate Consumers.
Only Microsoft Root Program requires it and perhaps
this is due to a copy-over from the TLS BRs without
performing a technical analysis specifically on S/MIME
or clientAuth or codeSigning Certificates. The CSCWG
already removed the requirement for OCSP in Subscriber
Certificates in the CSBRs].<o:p></o:p></li>
<li class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l2
level2 lfo3">The authorityInformationAccess extension
<b>SHALL </b>contain at least one accessMethod value
of type id-ad-ocsp that specifies the URI of the
Issuing CA’s OCSP responder. -> The
authorityInformationAccess extension <b>MAY </b>contain
at least one accessMethod value of type id-ad-ocsp
that specifies the URI of the Issuing CA’s OCSP
responder. [Rationale: same as above]<o:p></o:p></li>
</ol>
</ol>
<ol type="1" start="2">
<li class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l2
level1 lfo3">7.1.4.2.4 Subject DN attributes for
organization-validated profile and 7.1.4.2.5 Subject DN
attributes for sponsor-validated profile<br>
subject:countryName <b>MAY </b>->
subject:countryName <b>SHALL </b>[Rationale:
Organization Names must contain a Country Name to
indicate where this Organization is located. This
applies to the organization-validated and the
sponsor-validated profile. It is also referenced in
Appendix A - Registration Schemes]<o:p></o:p></li>
</ol>
<p class="MsoNormal" style="margin-bottom:0in"><br>
Thank you,<br>
Dimitris.<br>
<br>
<br>
On 8/9/2022 10:03 π.μ., Stephen Davidson via Smcwg-public
wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p style="margin:0in;background:white"><strong><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in">Ballot SMC01: Final
Guideline for “S/MIME Baseline Requirements” </span></strong><o:p></o:p></p>
<p style="margin:0in;background:white"><strong><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in"> </span></strong><o:p></o:p></p>
<p style="margin:0in;background:white"><strong><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in">Purpose of Ballot:</span></strong><o:p></o:p></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;line-height:105%;font-family:"Arial",sans-serif;color:#333333">The
S/MIME Certificate Working Group was chartered to
discuss, adopt, and maintain policies, frameworks, and
standards for the issuance and management of
Publicly-Trusted S/MIME Certificates. This ballot
adopts a new “S/MIME Baseline Requirements” that
includes requirements for verification of control over
email addresses, identity validation for natural persons
and legal entities, key management and certificate
lifecycle, certificate profiles for S/MIME Certificates
and Issuing CA Certificates, as well as CA operational
and audit practices.</span><o:p></o:p></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"> </span><o:p></o:p></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">An
S/MIME Certificate for the purposes of this document can
be identified by the existence of an Extended Key Usage
(EKU) for id-kp-emailProtection (OID: 1.3.6.1.5.5.7.3.4)
and the inclusion of a rfc822Name or an otherName of
type id-on-SmtpUTF8Mailbox in the subjectAltName
extension in the Certificate.</span><o:p></o:p></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"> </span><o:p></o:p></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;background:white">The
following motion has been proposed by Stephen Davidson
of DigiCert and endorsed by Martijn Katerbarg of Sectigo
and Ben Wilson of Mozilla.</span><o:p></o:p></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"> </span><o:p></o:p></p>
<p style="margin:0in;background:white"><strong><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in">Charter Voting
References</span></strong><o:p></o:p></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"> </span><o:p></o:p></p>
<p style="margin:0in;background:white"><span
style="color:black"><a
href="https://github.com/cabforum/servercert/blob/e6ad111f4477010cbff409cd939c5ac1c7c85ccc/docs/SMCWG-charter.md#51-voting-structure"
moz-do-not-send="true"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif">Section
5.1 (“Voting Structure”)</span></a></span><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">
of the SMCWG Charter says:</span><o:p></o:p></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"> </span><o:p></o:p></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">In
order for a ballot to be adopted by the SMCWG,
two-thirds or more of the votes cast by the Certificate
Issuers must be in favor of the ballot and more than 50%
of the votes cast by the Certificate Consumers must be
in favor of the ballot. At least one member of each
class must vote in favor of a ballot for it to be
adopted. Quorum is the average number of Member
organizations (cumulative, regardless of Class) that
have participated in the previous three (3) SMCWG
Meetings or Teleconferences (not counting subcommittee
meetings thereof).</span><o:p></o:p></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"> </span><o:p></o:p></p>
<p style="margin:0in;background:white"><strong><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in">— MOTION BEGINS —</span></strong><b><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in"><br>
</span></b><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><br>
This ballot adopts the “Baseline Requirements for the
Issuance and Management of Publicly-Trusted S/MIME
Certificates” (“S/MIME Baseline Requirements”) as
Version 1.0.0.</span><o:p></o:p></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"> </span><o:p></o:p></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">The
proposed S/MIME Baseline Requirements may be found at </span><span
style="color:black"><a
href="https://github.com/cabforum/smime/compare/7b3ab3c55dd92052a8dc0d4f85a2ac26269c222e...28c0b904fe54f1c5f6c71d18c4786a3e02c76f52"
moz-do-not-send="true"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif">https://github.com/cabforum/smime/compare/7b3ab3c55dd92052a8dc0d4f85a2ac26269c222e...28c0b904fe54f1c5f6c71d18c4786a3e02c76f52</span></a></span><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">
or the attached document.</span><o:p></o:p></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">The
SMCWG Chair or Vice-Chair is permitted to update the
Relevant Dates and Version Number of the S/MIME Baseline
Requirements to reflect final dates.</span><o:p></o:p></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"> </span><o:p></o:p></p>
<p style="margin:0in;background:white"><strong><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in">— MOTION ENDS —</span></strong><b><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in"><br>
</span></b><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><br>
This ballot proposes a Final Guideline. The procedure
for approval of this ballot is as follows:</span><o:p></o:p></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"> </span><o:p></o:p></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">Discussion
(7+ days)</span><span style="color:black"><br>
</span><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">Start
Time: 8 September 2022 17:00 UTC</span><span
style="color:black"><br>
</span><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">End
Time: 15 September 2022 17:00 UTC</span><o:p></o:p></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"> </span><o:p></o:p></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">Vote
for approval (7 days)</span><span style="color:black"><br>
</span><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">Start
Time: 15 September 2022 17:00 UTC</span><span
style="color:black"><br>
</span><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">End
Time: 22 September 2022 17:00 UTC</span><o:p></o:p></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"> </span><o:p></o:p></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">IPR
Review (60 days)</span><o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:0in;line-height:normal"><br>
<br>
<br>
<o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Smcwg-public mailing list<o:p></o:p></pre>
<pre><a href="mailto:Smcwg-public@cabforum.org" moz-do-not-send="true" class="moz-txt-link-freetext">Smcwg-public@cabforum.org</a><o:p></o:p></pre>
<pre><a href="https://lists.cabforum.org/mailman/listinfo/smcwg-public" moz-do-not-send="true" class="moz-txt-link-freetext">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"
style="margin-bottom:0in;line-height:normal"> <o:p></o:p></p>
</blockquote>
<p class="MsoNormal"
style="margin-bottom:0in;line-height:normal"><o:p> </o:p></p>
</div>
</blockquote>
<br>
</body>
</html>