-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1,SHA256,SHA512 1. Document description This document establishes the certification policy for Nicolas Le Gland using OpenPGP key B6D1 1647 DBD5 9522 670E B91F B415 6B97 0000 0000, a file format described in RFC 4880 (http://tools.ietf.org/html/rfc4880), as of 2014-05-03. Contact me by mail at my "Nicolas Le Gland" address. pub 4096R/00000000 2012-05-03 fingerprint B6D11647DBD59522670EB91FB4156B9700000000 uid Nicolas Le Gland Import my key in text format from http://www.nicolas.legland.fr/public.asc Or the more compact binary format http://www.nicolas.legland.fr/public.gpg Check additional information from http://www.nicolas.legland.fr/public.txt 2. Document validity This document applies to all user identity certification signatures whose signing policy attribute points here through a URL matching the /http:\/\/www\.nicolas\.legland\.fr\/pgp\/sha512\/[0-9a-f]{128}\.asc/ Perl-Compatible Regular Expression. In this expression, "[0-9a-f]{128}" is a template representing the specific hexadecimal notation of the 512 bits SHA-2 message digest of this document, a cryptographic hash function published by the NIST and described in http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf There are three steps to downloading then verifying the integrity and authenticity of this document. For example: 1. wget "http://www.nicolas.legland.fr/pgp/sha512/[..].asc" 2. cat [...].asc | unix2dos | sha512sum | sed s/[^0-9a-f]//g 3. gpg --keyserver-options auto-key-retrieve --verify [...].asc The first step downloads this document from its canonical URL. The second step verifies that the document has not changed since the time the signature has been made. The third step verifies that the document itself is authentic and has been signed by my key. If there are any doubts pertaining to the authenticity of a user identity certification, please do not hesitate to get in touch with me. 3. Document terminology In this document, Nicolas Le Gland will be referred as me. I am a French citizen, born on 1982-05-03 in Paris, France. My key will refer to the aforementioned RSA 4096 bits OpenPGP key with fingerprint B6D1 1647 DBD5 9522 670E B91F B415 6B97 0000 0000, created on 2012-05-03. For the signature of documents like this policy, my key has a sub-key with fingerprint B006 67DF 2173 F7A3 C57A 49C2 9CE2 8CFA 3475 6122, created on 2014-05-03, for OpenPGP applications using the DSA signature algorithm. For the signature of documents like this policy, my key has a sub-key with fingerprint 405D C611 A7D8 21CC E65F 5FE3 DCC0 8AFC 2D66 7BAC, created on 2014-05-03, for OpenPGP applications using the RSA signature algorithm. I am the sole person capable and authorized to make data signatures using either of my sub-keys. A person who is in control of an OpenPGP key with one or more user identities, that have one or more signatures made with my key attached, will be henceforth referred to as the certified. That key of that person shall be known as their key. A key may have any number of user identities attached to it, each of which will be referred to as a user identity. The single signature, or set of signatures, made by my key on a single user identity of their key shall be called a user identity certification. I am the sole person capable and authorized to make user identity certifications using my key as the certifier. 4. Certification rationale According to this policy, a user identity certification issued by my key represents my assessment that: 1. The certified claimed the control of their key by providing its full fingerprint, which I verified when issuing the certification. 2. I established the identity of the certified through a provided proof-of-identity, and that information matched those of the user identities certified. In the case of user identities with email addresses, it is certified that: 3. The certified was able to receive my certification at the specified address at the time the certification signature was transmitted, shortly after it was made. Certification on user identities that do not contain an email address will be included with certification to an address on another user identity that I also certified. In particular, I never upload certifications to a key-server directly. In the case of user identities with comments that establish an affiliation to a project, a company or an institution, the following is also certified: 4. I had no doubt at the time of the certification that the certified was affiliated with the identified project, company or institution. I will not issue a certification if the comment on the user identity is not deemed reasonable, or if the affiliation is ambiguous. In the case of photographic user attributes, the following is also certified: 5. I was able to recognize the certified in the photographic user attribute. I will not issue a certification on a photographic attribute outside of a face-to-face meeting or a key-signing event. However, the certified photographic user attribute does not need to be identical to the photography on the presented proof-of-identity. In the case of a key without any encryption capabilities, I would only issue certification on user identities that do not contain an email address, which I would only provide back to the signed on a mutually agreed media, in a subsequent face-to-face meeting with them. 5. Certification requirement In a face-to-face meeting or at a key-signing event, the certifier must claim their ownership of the key they want certified. This certification policy requires that: 1. The claim should be a printed piece of paper presented by the certified, in person, with the full fingerprint of their key and all the user identities they want certified. 2. The claimed key should be downloadable from public key-servers, or a specific personal URL should be provided. I will not sign a user identity that was not present in this claim, even if it could be found online. The certified must also prove their identity to me by way of a government-issued document like a national identity card, a driver's licence, a passport or any similar document. This certification policy requires that: 1. The format of the document is known to me. 2. The document was valid and did not have any obvious signs of tampering. 3. The document featured a matching photographic picture of the certified. Outside of a face-to-face meeting or a key-signing event, I would rely on a third-party user identity assessment mechanism in place of the government one, for example using a small bank transfer and delegating identity check to them. 1. The certified should send me a 1 Euro personal payment to my PayPal account using my nicolas@legland.fr email address as the recipient. In the subject field, the certified should let me know they want to have their key certified. In the message field, there should be all the information which would otherwise have been printed on a piece of paper for a face-to-face meeting or a key-signing event, like the full fingerprint of their key and all the user identities they want certified. 2. Send me a signed and encrypted email to my nicolas@legland.fr address with the same subject and message body. 3. After receiving the transfer confirmation and email, I will refund the initial payment, minus potential PayPal fees, and proceed to the certification. 6. Certification matching When matching user identity claims by a certified with their proof-of-identity, certification signatures issued by my key require that: 1. I only certify names that I can find in at least one proof-of-identity. 2. I may certify user identities with less information than featured on the proof-of-identity document, but I will not certify names with more. The data of the documents does not have to be used completely. Not all given names have to be used in user identities and part of names may be abbreviated under certain circumstances. Family name must not be abbreviated. 3. I will certify Unicode user identities and transliterations to ASCII. Transliteration only works from Unicode to ASCII and I will not certify user identities with accentuated characters not found on any document. If transliteration is used, it has to be used on the whole name and result must be 7 bits ASCII, otherwise technical reasons would not be deemed plausible. 4. I will not certify manual translation of names. If a translated name is contained in a proof-of-identity document, this translation will nevertheless be preferred to manual transliteration. Then, I will handwrite a note on paper claims received from the certified, and store them a sealed envelope to avoid fraud before the certification process takes place. 7. Certification process Before generating the user identity certification signatures, I gather the keys for both the certified and me in a temporary keyring, and sign the valid user identities that do not contain an email address. 1. Their key is downloaded to an empty keyring by querying a list of public key-servers for the full fingerprint provided by the certified, and updated from each and every specific URL available. 2. My certification key is imported to the temporary keyring. 3. A custom version of this policy is generated, stating the conditions of the certification, and signed with my data-signing sub-key. 4. I generate a certification with the custom version of this policy for each valid user identity that do not contain an email address. 5. I generate a certification for each photographic user attribute I was was able to recognise the certified in, and recalled the meeting. This way, I make sure the certified can subsequently receive my certifications on their user identities that do not contain an email address. The temporary keyring is then included with each certification on user identities that contain an email address. 6. I reset the current keyring to the temporary state that help all certifications on user identities that do not contain an email address. 7. I generate a certification with the custom version of this policy for the next valid user identity that contains an email address claimed by the certified. 8. I export their key with all the previous certifications and attach it in an encrypted email to this address, signed with my key. From there, I repeat steps 6 to 8 until there does not remain any further valid user identity, present in the initial claim, that contains an email address. This way, I make sure the certified was able to receive my certification at the specified address at the time the signature was transmitted, shortly after it was made, and was able to decrypt it with their claimed key. 8. Certification level The OpenPGP standard RFC 4880 (http://tools.ietf.org/html/rfc4880) specifies four signature types for denoting certification of a user identity and keys. These levels of certification are intentionally vague, but I'll attempt to align myself with what is typical for PGP and GPG users. 0x10 Generic certification The issuer of this certification does not make any particular assertion as to how well the certifier has checked that the owner of the key is in fact the person described by the user identity. PGP "key signatures" are this type of certification. GPG represents this type as "I will not answer". I will no longer sign a key with generic certification. 0x11 Persona certification The issuer of this certification has not done any verification of the claim that the owner of this key is the user identity specified. GPG represents this type as "I have not checked at all". I will not sign a key with persona certification. 0x12 Casual certification The issuer of this certification has done some casual verification of the claim of identity. GPG represents this type as "I have done casual checking". I will use this certification level under this certification policy. 0x13 Positive certification The issuer of this certification has done substantial verification of the claim of identity. GPG represents this type as "I have done very careful checking". I restrict the use of this certification level to user identities of my own other keys, where I am both the certifier and the certified. 9. Notes I am willing to issue user identity certifications at a key-signing event, or in a face-to-face meeting, with government-issued proof-of-identity documents. Even though I would gladly consider using other identity verification schemes, I reserve the right not to sign your key at my sole discretion. My certification policy is inspired by those of: - Aaron Toponce http://aarontoponce.org/my-pgp-key-signing-policy.txt.asc - Joerg Jaspert http://gpg.ganneff.de/policy.txt_v1.3 - Justin Miller http://www.devjustinian.com/p/my-pgp-key.html - Martin Krafft http://martin-krafft.net/gpg/cert-policy/55c9882d999bbcc4/200907121833 - Pascal Mainini http://mainini.ch/crypto/keysigning-policy-current.txt.asc My certification identity matching is based on the CAcert usage: - Assurance policy http://www.cacert.org/policy/AssurancePolicy.php#2.1 - Practice on names http://wiki.cacert.org/PracticeOnNames If there are any doubts pertaining to the conditions or authenticity of any user identity certification, questions or remarks concerning this document, my key or my user identities, please do not hesitate to contact me by email at "Nicolas Le Gland" . -----BEGIN PGP SIGNATURE----- Comment: http://tools.ietf.org/html/rfc4880#section-6 iQKgBAEBAgCKBQJTZNxMMBSAAAAAABUAEnBrYS1hZGRyZXNzQGdudXBnLm9yZ25pY29sYXNAbGVn bGFuZC5mclIYaHR0cDovL3d3dy5uaWNvbGFzLmxlZ2xhbmQuZnIvcGdwL3Y0L2I2ZDExNjQ3ZGJk NTk1MjI2NzBlYjkxZmI0MTU2Yjk3MDAwMDAwMDAuYXNjAAoJEJoFcJaxuMUF12QP+wY4n6ig5tyr yMEDgi3GHshUNOiX+q4W4F/iVdczZEyZ1KrQix1T6ZTpx3hJ0TXJrMnIJICZalw+J0B1CnYapV4y TY6BA2dCFyXlJyjQqGZI007+E2d72OPN71EMT8ivcH04BD3M1+fbBUr8+tNHh+C36crrwc9GJ54a HuLjmRNGvh6h397ubWhs39WmOBiWa7CXBZ0wDOkw6DXl/M5QkN2zRH6WlN88Wgv8bJYHnvdDJ7Tp zXTFrrbcosSEDcwm06NDjKj7H4n5Uc1VqatCrx8LwHhn7RgOP1x2YMMIMXq9tJeP34gVss8HLmjZ sNztuM3n/bsuBy4GDPPA3OSA09Dx6INstIeDkr8wMWj7xyNj7N+Z8N8/rKfHJScz/HZm6A7onAsN Bhj9XYmmIN67p1sl6SjqIPCxKPiaPmJhx7PNfeu2/3NamSoqzjq7GBZJaEqg/KYoHirHndD3hdzc FiEC1h3zZZS4OfVz8+N0l1vsuvB3eAzYszRy6LJRqhPTVtMpObGOxFMbi541r0FdI4Xezpc3kEw2 2g0E18uO0hP8HjgGF8Rkrevv+Urd/kkUJVcxQQm2s4osqB8A/vloiGhEeFkja9Xm1xjtOcLQRPQi WJVZbat7g6VcCrx0ZEZ0CYkUm1ugD4APFkcULz/godJ9vrxnp3rpzRllRDesZWd4iQKgBAEBAgCK BQJTZNxNMBSAAAAAABUAEnBrYS1hZGRyZXNzQGdudXBnLm9yZ25pY29sYXNAbGVnbGFuZC5mclIY aHR0cDovL3d3dy5uaWNvbGFzLmxlZ2xhbmQuZnIvcGdwL3Y0L2I2ZDExNjQ3ZGJkNTk1MjI2NzBl YjkxZmI0MTU2Yjk3MDAwMDAwMDAuYXNjAAoJEM1PNdFEpyKoMrIP/i/qIgv2mqU5MjbgVxprjnDC az6UPKOfEZljObkhPVWgcv3dS9St7yy0Wta9XEySaNyuBpPBM2Qkmyt6gqURLmEwxae4E6sQMxwY Gm6oHAiRNSktCQWxsOsPwm42Nx29SyjPxdMcsPplJWFL1A2KWs7UAjUxWssNEhaqn+0t5VP1jGF/ 7v9Jp8tCx1zwUEcDInXLvPqLkNhvWV3p9KqJF7wMH1FmneTmM0H57w+2g9sahMq9TXA/B/GThN5T wYjIE2+/l8mkcAk+GMCDleXhOIiqYEfPk+SSsPuUcXkBGT65kiC2ijt4xKJBx7qA5FpbnZGUAtg6 oA07tKXRCieHbxqh4T3S/dpHiXQdFvM9vxmGXlLqMszouPM+YTVAhPOyVXZOeX51aZRdQC/bwtai Bn5FNIMemKdi67//HDEEi5o6aud0dBjWm2IhlPGzOchMOKT2xwfi4wVdWo1Ga+D1J42weDNLb+br AZ5MIOWQldL5AULSre1MJxCobzSzQ+FufqKSmehM+9PQUQ+shSmWwa0JTr8feUWlGFxLlTbzTXCT tpmOBrmNEB4hU1gCIn7rH6t+ElsTtMxSn1YdYxhHHmLVdDMhedAAMEnbfWGUMf8TTmUzro/JLNn8 tQUswxCBQnQtNf/s4RlrDrKepSEJpgQghyclIAbB6oM4DCo7YsrkiQKgBAEBAgCKBQJTZNxNMBSA AAAAABUAEnBrYS1hZGRyZXNzQGdudXBnLm9yZ25pY29sYXNAbGVnbGFuZC5mclIYaHR0cDovL3d3 dy5uaWNvbGFzLmxlZ2xhbmQuZnIvcGdwL3Y0L2I2ZDExNjQ3ZGJkNTk1MjI2NzBlYjkxZmI0MTU2 Yjk3MDAwMDAwMDAuYXNjAAoJENzAivwtZnusMrIP/ij/mmAPKqfuGPnKioYN7rIFzxLoDlHNHBiL Et9WgA3mkfwafsvxKehn8gOTKCkFfzR4PdmNTrXdEEqducuzXHxDFeiYOP2QYulR9B0/uc7AfyjF n0VpWq4rzzUFX4JniEH9JPkJiveQeyfcGQZeucdasymI5LF3vWEDG7guBZHXnQXM2vUnnhd/HmjA AYrKgamPTs7LsUvsHLYqHR+2GGudoh3h+3zlhxYY85/eDjxJM8mX01E9BkUGnIXJJW+Fl+HIrhE9 aueZktobcM7oSgO9ZIkzTjAmVSaqewcF1hahfjnV2rqBUI7ZbFo+dgxCyB6Y5tOc13XQ1rbfMC3c WkYLHTE32Vorm7CnswHEQX9FX9wsZLjCcDtDMvHR84a7axMOdk93aSXTMxhQXQxL/mdPJxpEbxD3 YIM/eVFxbc3yM6UNPf2X8moC9a8bEM/FkO/k/pNYGc81V/W8HScHL1b/DmG9qbtYNAIQ8B/27Kul xa0bD3WF7UE9azyZqR6a3gdnoIz+Bgq5XzGqu/FGJBMiCoM7c+alylgZw0+hCMxBLHwN3wqEKW9y Zig80XmDUlH7IYEV3Q7W+fJu9/GLjWxXQxckfYBhQfMN7fSr0i4zxJyO0T4WtBbmnVzCNOV+DKC9 +a6yBTj9SwnwfFYeAVl5wO7wyx5wUKXjCordP0aWiQKgBAEBCACKBQJTZNx7MBSAAAAAABUAEnBr YS1hZGRyZXNzQGdudXBnLm9yZ25pY29sYXNAbGVnbGFuZC5mclIYaHR0cDovL3d3dy5uaWNvbGFz LmxlZ2xhbmQuZnIvcGdwL3Y0L2I2ZDExNjQ3ZGJkNTk1MjI2NzBlYjkxZmI0MTU2Yjk3MDAwMDAw MDAuYXNjAAoJEJoFcJaxuMUFw+8P/j0/YxpofsrxxDgD2zTELcmN3Td6G8j5Qw+7/oTn4DOGNas5 fz2SOaOAo+ifMNCsTJINbgMJ7ntZcM95ziq4hpErpnKffGReDCm3ukmvw9RKvwCdl+W1RFFyjhl8 JGK8fx+nhP2bKeQrB2T/fwlz+eHCeMYEY/wsaf9uFnIcMSJ0jIndr9C9ydzAzf9phdFadaEq7SpM ppDeBvnPCADaanZsLZsgxMr/AKCv7YBN/yy4LgpVSISvtJK8mEn+kCZ9JaW7R5E9TvfehMVAIA4H 8PQh+EQBeNZXAQJTHkf5hNtTsaenDEMSLNv4Lia5bZFH5hxKjZah9NLrpdueiUVIKXiIzHI6CmKR W/RYeHmf+i4/OJCcLMqHjlVs8Fkqayta5kczzYdiRg2KkT7PWodZMuhUstQxPwAymjI5Q/lVohbo MEh6mccnbzc6tPwujV3P5ttV+xnQPjl2OXT10r8eGAP1+cY9wtljvqkaw3ZGpAOKSViuuYFYbe4G p21ook4DmYUssIO72wbT4XtkJZq5e+eGr9AE9O0hfKI0iNIosLw/Yl9UXQtxKxLfTW3HLhxQ7Wic TxxNVVK+EWCXmtSxhYqgZoood+LP99pbhmJjP6LVJjUdcQbWiqZeS4R87Z9KnKFWoljYbvPnlmfT KIa2YNu6h7wpSjhvCVWPb0Uxfnn9iOIEAREIAIoFAlNk3HswFIAAAAAAFQAScGthLWFkZHJlc3NA Z251cGcub3Jnbmljb2xhc0BsZWdsYW5kLmZyUhhodHRwOi8vd3d3Lm5pY29sYXMubGVnbGFuZC5m ci9wZ3AvdjQvYjZkMTE2NDdkYmQ1OTUyMjY3MGViOTFmYjQxNTZiOTcwMDAwMDAwMC5hc2MACgkQ lLOQP7oKDxOGqQD/fJhdyLakaTbrjIPYyNUSsstScjJSsCqt5+Idlph/JVwA/14DhKKqmARwII/j S3sFwjeewxAQ8RQHSZ+lz126Sx+XiQKgBAEBCACKBQJTZNx8MBSAAAAAABUAEnBrYS1hZGRyZXNz QGdudXBnLm9yZ25pY29sYXNAbGVnbGFuZC5mclIYaHR0cDovL3d3dy5uaWNvbGFzLmxlZ2xhbmQu ZnIvcGdwL3Y0L2I2ZDExNjQ3ZGJkNTk1MjI2NzBlYjkxZmI0MTU2Yjk3MDAwMDAwMDAuYXNjAAoJ EM1PNdFEpyKojUYP/iVr0cxg+cGsqNj9gWgu1O7ke6G9ZSiJM3JkCdfu3J5De2rY5uD8QOh4ZdUO haxVfpCDuXZjBOkgfGYFlgayliPKU07YLeB+ayxvqnmtz06cVLM0IzjPUkaLxZv2gA+KEtB/atgc YSplttY+euyghT1iiBUWkWe5JnIc1PpFJIZwe3xlIFpP2BnM0zzIOF945ddXlW1LDW/2q6CEwE+u qBwZFSM9fJqDctSMmXOoBp1L5pUUBBixLY+X+R7HUlsDEkG3KiOwth9uT/7WGu7w91hYPQMQqWLp l0YdZB4cULP/H2Ntq9lo3gIIWD/6cB8t92h/PWriEAIpNQPYogl7OOZkXuEY3FqbhwYcMchyvShk sFjUtY7eM3l0FbnoNunimZG4rcqwHbpMamsQ+ygfUVVKIwI8nbbTHr+kg9DZrwDnbM0jdTfSd8Rv HGsG58x+Icd/iP1iR3OSLGZPDuQnOr+BoehIki8VMBDv4C4TYVJ02WpQ9lKN6NrTcGrJhkr79ifI z8Bq+WucvRwguucAF7L1P0j67SclxozprFCDMu084BH8+/+cIoS7D8OZeqYnalqgO1N9z/1TvFsc 5dxv9e3k4yH2EZM7cPKjqSujl3Od/YQruqRuGirQvHIl82+ZOC5tFW52IJUCj6DP3TwQ/mr/myrU ratDtkIYgKtG334FiOIEAREIAIoFAlNk3HwwFIAAAAAAFQAScGthLWFkZHJlc3NAZ251cGcub3Jn bmljb2xhc0BsZWdsYW5kLmZyUhhodHRwOi8vd3d3Lm5pY29sYXMubGVnbGFuZC5mci9wZ3AvdjQv YjZkMTE2NDdkYmQ1OTUyMjY3MGViOTFmYjQxNTZiOTcwMDAwMDAwMC5hc2MACgkQnOKM+jR1YSJi SwEAqKZs9aocCvTZCV2M4yFN1G1BN9Q+MN0GyQT7Zu+qk2oBAKnT7B3pog625KxvZFFITxj2yx4s SdGiAGesR+lojYnniQKgBAEBCACKBQJTZNx8MBSAAAAAABUAEnBrYS1hZGRyZXNzQGdudXBnLm9y Z25pY29sYXNAbGVnbGFuZC5mclIYaHR0cDovL3d3dy5uaWNvbGFzLmxlZ2xhbmQuZnIvcGdwL3Y0 L2I2ZDExNjQ3ZGJkNTk1MjI2NzBlYjkxZmI0MTU2Yjk3MDAwMDAwMDAuYXNjAAoJENzAivwtZnus jUYP/ijRtvivlmTO5QrHThni1jCO2a9E0YQ1z7Y8GApY7PkWUMHKE1O8YZqVCFrAu0SyS+Zmd7+0 XE88iTti2gWlEiyN03q/PJhXX05UF24WNhBD8rF7Lzq6u12aJJPogl/dycelvhbObMIdADmOM/g6 VgwQnDBS+77+bM9sjyNacGWkmD6ZfsOqLcJ6Z2XKwqCuXRZ3U8jQ6yu0ei0BtxT3JG+zdrBoM9XD QKbDzh2o9m7X80DjnoEYWhtuz3FFED+KxuBhgrxpZWb7x4iWQVRr1xUhQr/QgEYXg3mu2G3WLin2 Xxkw5G4R8OeAgLt2UBHon/fRmz136BXW1DPjaLh2aggmZ96joQi1RgMEjuSDrmht5ZPQQhkBH8iq BeVn8e91K7kFOlqf7AIdvVqo/Ifa7aii3FbCFoZZGeviFDXAL97wD3QLvSjsocV3lpe13rzN3OEI CIdgJvmPxfM+HdY1FKC77z1LUcvzhvIGUJtiCCRuB0n6d8YjgixgqbNK+KDCGqnYytGbU913mntc wvsDYN6Vf+HW/0/a/3GGxtFXKrrqIPrnhxfaLB2Tp0EM6CTecVqFBY90qR2QCyxd5Md6rpTLh/Ii 5RHnCrWJ8mkJVww6IKUtudohLfUOGZlme0j6dw3X7GHNGFOorfFtM1hhmxFbxCR15pEGbfnEEAXG uwIriQKgBAEBCgCKBQJTZNy7MBSAAAAAABUAEnBrYS1hZGRyZXNzQGdudXBnLm9yZ25pY29sYXNA bGVnbGFuZC5mclIYaHR0cDovL3d3dy5uaWNvbGFzLmxlZ2xhbmQuZnIvcGdwL3Y0L2I2ZDExNjQ3 ZGJkNTk1MjI2NzBlYjkxZmI0MTU2Yjk3MDAwMDAwMDAuYXNjAAoJEJoFcJaxuMUFy9EQAIOL4bdk wqI28ZpCqbti5RSUKVlqSAfEy1tw8clBVjU7Sl7B0VO89AG4vgNo4gTwGDINrtxppL3z40ACxbCF 8/ryzkzggITO8Zht3Q5TFyWqwPzWBt4TE6wIc6D2oh5/sg+OudQy3al8hzHh0cKNxQz5D9aR8qAI 3GQuDvK9V9YB0h0zHn2c3cBdCHpTj05PQoeysRk8E+HAtM0NmVbKhf2TfnpIW3vJYvzPhQQxmKTd qkC1FdkQUpswtfa9ruDDIT2zJ4R+P+2sBBf5evDFBozgCmG7ODWWdoRqBS1yTSirMi732Hk+LkEs famz7Xb7dLjd20vC3YT2yOzSJPZ1hffgVl4oguOsmU/kwJJ/IuPWGzkHTH5Vgb4PeL+kpYL/cBj5 ClWFOFWd9AbdVFlh+gSt3+bWJB7wcsQje3tJyhMsSEIHZBgtxH+LSX5FamqHyBAfywhPdVVbsStE bLghIEWnj+5uPN5fVc8IoNIryeGOqQxp4855+3zgOC8XS7oi7dLBeed/0PPEPqEAy6UzaMqjlJ0F 0r7c5RDq2Dldm8tYdF7gxXNRgwscTuE3zg/lZRml4hABdGSnpOA1evB2YBVK6oCFCAUSn7QMjZKI 7QT33m3JzhYmK03WHnYP6hpx/glkqB8Wa332D3PY2duCP0//hN0aHUlcUIZz+TFOX3Q4iOIEAREK AIoFAlNk3LwwFIAAAAAAFQAScGthLWFkZHJlc3NAZ251cGcub3Jnbmljb2xhc0BsZWdsYW5kLmZy UhhodHRwOi8vd3d3Lm5pY29sYXMubGVnbGFuZC5mci9wZ3AvdjQvYjZkMTE2NDdkYmQ1OTUyMjY3 MGViOTFmYjQxNTZiOTcwMDAwMDAwMC5hc2MACgkQlLOQP7oKDxOosQD/cgiBHB60zLWxO0wKHqLR AdGPp/8EzhqTSY5j2k0AnSQA/izkxDR7uIGv48GMGGf3LLzvZ4ltM/74mKKkdlQ8S27QiQKgBAEB CgCKBQJTZNy8MBSAAAAAABUAEnBrYS1hZGRyZXNzQGdudXBnLm9yZ25pY29sYXNAbGVnbGFuZC5m clIYaHR0cDovL3d3dy5uaWNvbGFzLmxlZ2xhbmQuZnIvcGdwL3Y0L2I2ZDExNjQ3ZGJkNTk1MjI2 NzBlYjkxZmI0MTU2Yjk3MDAwMDAwMDAuYXNjAAoJEM1PNdFEpyKoT4sP/R9NaytiUpzva0pwj08x aUmS7WuLgqs0PStAOPW78otVPadZe39ICZpL7lIQouJj0i+cAGiqSwSwq/Y/6zlwQOc8e+Cx7Jq2 7Q+uMN6g5/OCqqURte58Y58rKzqp4JEXV19+kYSfEjsbEq2jM5HwL7aWSkkQ4IQMA+uuJ9Sa1Nea 5VxohMp23Bjxyq6kXMN6hWn+rwb9I0TI5kBcbA1aoSRthJ3G41m2GRuuP+l5PkgodwrpJEQ9JMk7 eaT4VnExTkUB0qXmkH0ZjexD5+DaD+BbOZN3+Z/6rpGVyqGQ3j2hvEiwqWhc6xlkds1lvKqJR7KP cOcakoq4TpLOydz6Z1jge48HsvwxzM9zlAwsCMYxf7/8a+jUFSc42Xg86R/5C4yKd7sVFda8Mf/u hrIMtilHHKd8iKLjrkUVb+JxWlgIqDmmok+5zq41psnR3b5q+DUuRt9Acf2jV7syAKD+YiQYw0Wj xf8m1Q4EjLRsUSMziXnRLXOK+2KPLBmarKLeGbp6OaVnSUI89b2feVb9IizTLXXHNLhq1w2kRp0j OZswMhCKHlU3veiVyi5FeyZmNzMxYLLWd9BkpljM7lPrzZGNZDgSUFHQVuC5mlR4mJr0DV3LJFwu tU1CMEDvRguzDrs7AQjr/0+quPY0cU9tUUQTJKhQTSe1j7rPg6uZTVTwiOIEAREKAIoFAlNk3Lww FIAAAAAAFQAScGthLWFkZHJlc3NAZ251cGcub3Jnbmljb2xhc0BsZWdsYW5kLmZyUhhodHRwOi8v d3d3Lm5pY29sYXMubGVnbGFuZC5mci9wZ3AvdjQvYjZkMTE2NDdkYmQ1OTUyMjY3MGViOTFmYjQx NTZiOTcwMDAwMDAwMC5hc2MACgkQnOKM+jR1YSKosQD/WMqjSTwCV6CUdd+yrcbycvThahlK6Dvg VUg3R9U0L8UA/0pbs3oF0rJjw1qBtN4uw0ut+uD1tCY++omK6tRu22tGiQKgBAEBCgCKBQJTZNy8 MBSAAAAAABUAEnBrYS1hZGRyZXNzQGdudXBnLm9yZ25pY29sYXNAbGVnbGFuZC5mclIYaHR0cDov L3d3dy5uaWNvbGFzLmxlZ2xhbmQuZnIvcGdwL3Y0L2I2ZDExNjQ3ZGJkNTk1MjI2NzBlYjkxZmI0 MTU2Yjk3MDAwMDAwMDAuYXNjAAoJENzAivwtZnusT4sP/0JdXR+tNrhj5ndl5cKQtket06thNz8Q 3q/Oe6ahB7Aafre1vbRhtRj1YgNaIJVYmKyzP/etk3ZMAjrPlcVfrAjuG47tJDHloZ+Bz5kOQnIz zPBhIGpfeyHzv+lpl8H0VAYYTVTv2DY7X3NJyWsNf/Y3dJhO9Oj4PXeKsy/+Z3XqwPujTmukr//l KDzOcb6BY93WnZT6iIHYUhWZ14zoE5vVECT3MxB0XQTGY1H+nQPY/5eGF/BpWjkeoZ3vHOSwgkAv dB8sDJJMx6v2nOJweFQhRtdydZgrALFEYqsGkcSAzqUeWKNxaQcbQA6sO2o0fDioxN/JbvEvRwO3 qHTr6RxVLFMh6t5LPNtNnw5FxEN/d44nsJt0qWvctv9fLRJ08hWGn3q1vv66kRyfEZQpnVspDgSb cdbe4EcLkhLlimIK7ng1lJigVjSKB5IRNj/IhSOgnQfkzY608rGPY++7pi2KRQGzilzmhOV4gr7d skV1oUPsTphL6p+Ld+l8VeBjo025KfpIGHi+M0JSbsAPKBe4iowRJ4fxw80T4yw3/Ci2uFDBhsx2 Qm0cmShsu+DfF+SCH1Gmm/wkZ78OSBxRUXCESG6KqY6rgyAGoi6ju5nXTEXESN5xSIljbV3B0OGN KWuGIabvt3gO7XHXELy5vs/sMVYEd1zT2fwTu8JLkhg5 =kJer -----END PGP SIGNATURE-----