<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">On 4/21/2017 2:45 PM, Dusan Stojicevic
      wrote:<br>
    </div>
    <blockquote cite="mid:02af01d2bae8$8bdf1e40$a39d5ac0$@dukes.in.rs"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
      <meta name="Generator" content="Microsoft Word 15 (filtered
        medium)">
      <!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
      <style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Verdana;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman",serif;
        color:black;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0cm;
        mso-margin-bottom-alt:auto;
        margin-left:0cm;
        font-size:12.0pt;
        font-family:"Times New Roman",serif;
        color:black;}
p.msonormal0, li.msonormal0, div.msonormal0
        {mso-style-name:msonormal;
        mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0cm;
        mso-margin-bottom-alt:auto;
        margin-left:0cm;
        font-size:12.0pt;
        font-family:"Times New Roman",serif;
        color:black;}
span.EmailStyle19
        {mso-style-type:personal;
        font-family:"Calibri",sans-serif;
        color:#1F497D;}
span.EmailStyle21
        {mso-style-type:personal;
        font-family:"Calibri",sans-serif;
        color:#1F497D;}
span.EmailStyle22
        {mso-style-type:personal-compose;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
      <div class="WordSection1">
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">Hi
            Asmus,<o:p></o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">If
            I understood correctly, it’s a good approach, but it’s
            definitely not the one for average user.</span></p>
      </div>
    </blockquote>
    <br>
    The average user will rely on the browser putting some kind of "OK"
    sign next to the URL.<br>
    <br>
    That's why I wrote that the lock symbol for https should be of some
    other color than green to alert the user that something might not be
    right when a site has a certificate but no information on ownership
    of that certificate.<br>
    <br>
    Also, unsecured connections should be flagged positively as such,
    not passively by the absence of some symbol.<br>
    <br>
    <blockquote cite="mid:02af01d2bae8$8bdf1e40$a39d5ac0$@dukes.in.rs"
      type="cite">
      <div class="WordSection1">
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p></o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">First
            of all, average user have a problem to see the difference
            between http and https. Average owner of domain name usually
            don’t know what SSL is.</span></p>
      </div>
    </blockquote>
    <br>
    For this approach, you don't need to know what the browser bases its
    feedback on, only that it is consistent, can be relied upon and if
    you don't click unless the site shows the proper check mark (and the
    name, in clear text of the correct organization, e.g. Apple (US)).<br>
    <br>
    Those things users can understand.<br>
    <br>
    A./<br>
    <blockquote cite="mid:02af01d2bae8$8bdf1e40$a39d5ac0$@dukes.in.rs"
      type="cite">
      <div class="WordSection1">
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p></o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">I
            agree with you that this suggestion is better than make IDNs
            second-class URLs, but in my opinion, it’s not for average
            user.<o:p></o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">And
            in this case, you just assume that “fake websites” must have
            certificate? <o:p></o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">And
            yes, I admit, I don’t know how to solve this… <o:p></o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">Cheers,<o:p></o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">Dusan<o:p></o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p> </o:p></span></p>
        <div>
          <div style="border:none;border-top:solid #E1E1E1
            1.0pt;padding:3.0pt 0cm 0cm 0cm">
            <p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:windowtext">From:</span></b><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:windowtext">
                <a class="moz-txt-link-abbreviated" href="mailto:ua-discuss-bounces@icann.org">ua-discuss-bounces@icann.org</a>
                [<a class="moz-txt-link-freetext" href="mailto:ua-discuss-bounces@icann.org">mailto:ua-discuss-bounces@icann.org</a>] <b>On Behalf Of </b>Asmus
                Freytag<br>
                <b>Sent:</b> Friday, April 21, 2017 7:05 PM<br>
                <b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:ua-discuss@icann.org">ua-discuss@icann.org</a><br>
                <b>Subject:</b> Re: [UA-discuss] Re : And now about
                phishing...<o:p></o:p></span></p>
          </div>
        </div>
        <p class="MsoNormal"><o:p> </o:p></p>
        <div>
          <p class="MsoNormal">On 4/21/2017 2:50 AM, Dusan Stojicevic
            wrote:<o:p></o:p></p>
        </div>
        <blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">More
              on Mozilla&gt;</span><o:p></o:p></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><a
                moz-do-not-send="true"
                href="https://wiki.mozilla.org/IDN_Display_Algorithm">https://wiki.mozilla.org/IDN_Display_Algorithm</a></span><o:p></o:p></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"> </span><o:p></o:p></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">FWIW,
              I think that this is a problem on which UASG must react
              somehow.</span><o:p></o:p></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">@Asmus:
              this phishing issue is not new. We were speaking about it
              2 years ago. And yes, it’s starting to create a big
              problem.</span><o:p></o:p></p>
        </blockquote>
        <p class="MsoNormal"><br>
          All,<br>
          <br>
          confusables spoofing is *not* limited to cross-script
          homoglyphs, although the Latin/Cyrillic case is particularly
          egregious.<br>
          <br>
          This kind of defense shown below works even for non-homoglyph
          attacks, such as "gooogle" or similar typos that may be hard
          to spot with perfect reliability. More can be done in that
          direction, without making IDNs second-class URLs.<br>
          <br>
          For the cross script case, the registries could do a lot more,
          and we are definitely going to do more in the root.<br>
          <br>
          On my system I get this, when I connect to "apple.com":<br>
          <br>
          <img id="_x0000_i1025"
            src="cid:part2.3B587C4C.BB323F42@ix.netcom.com" height="59"
            border="0" width="326"><br>
          <br>
          and this, for the "fake" (<a moz-do-not-send="true"
            href="https://www.%D0%B0%D1%80%D1%80%D3%8F%D0%B5.com/">https://www.аррӏе.com/</a>)<br>
          <br>
          <img id="_x0000_i1026"
            src="cid:part4.DE4DB1CF.600829BF@ix.netcom.com" height="49"
            border="0" width="239"><br>
          <br>
          Arguably, the lock should change color if there's no owner
          information<br>
          present, to give a better warning than just the absence of an
          identification.<br>
          <br>
          <img id="_x0000_i1027"
            src="cid:part5.7427EC4D.5FB61B63@ix.netcom.com" height="421"
            border="0" width="395"><br>
          <br>
          <img id="_x0000_i1028"
            src="cid:part6.2BC70AAA.B375DD2D@ix.netcom.com" height="421"
            border="0" width="395"><br>
          <br>
          A./<br>
          <br>
          @Dusan: I know that this phishing issue is not new, I've known
          about that one for way longer than just two years (and for
          longer than I've been active in the IDN area).<br>
          <br>
          <o:p></o:p></p>
        <blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"> </span><o:p></o:p></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">Cheers,<br>
              Dusan</span><o:p></o:p></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"> </span><o:p></o:p></p>
          <div>
            <div style="border:none;border-top:solid #E1E1E1
              1.0pt;padding:3.0pt 0cm 0cm 0cm">
              <p class="MsoNormal"><b><span
                    style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">From:</span></b><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif"> <a
                    moz-do-not-send="true"
                    href="mailto:ua-discuss-bounces@icann.org">ua-discuss-bounces@icann.org</a>
                  [<a moz-do-not-send="true"
                    href="mailto:ua-discuss-bounces@icann.org">mailto:ua-discuss-bounces@icann.org</a>]
                  <b>On Behalf Of </b>Vittorio Bertola<br>
                  <b>Sent:</b> Friday, April 21, 2017 11:04 AM<br>
                  <b>To:</b> <a moz-do-not-send="true"
                    href="mailto:ua-discuss@icann.org">ua-discuss@icann.org</a>;
                  Asmus Freytag <a moz-do-not-send="true"
                    href="mailto:asmusf@ix.netcom.com">&lt;asmusf@ix.netcom.com&gt;</a><br>
                  <b>Subject:</b> Re: [UA-discuss] Re : And now about
                  phishing...</span><o:p></o:p></p>
            </div>
          </div>
          <p class="MsoNormal"> <o:p></o:p></p>
          <p> <o:p></o:p></p>
          <blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
            <p class="MsoNormal" style="margin-bottom:12.0pt">Il 21
              aprile 2017 alle 0.52 Asmus Freytag &lt;<a
                moz-do-not-send="true"
                href="mailto:asmusf@ix.netcom.com">asmusf@ix.netcom.com</a>&gt;
              ha scritto:<br>
              <br>
              If you think about it, the following recommendation at the
              end is anathema to "Universal acceptance":<o:p></o:p></p>
            <blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
              <p class="MsoNormal" style="margin-bottom:12.0pt">"Zheng
                is encouraging Firefox users to limit their exposure to
                the bug by going to the browser’s <a
                  moz-do-not-send="true" href="about:config">about:config</a>
                settings and setting network.IDN_show_punycode to true.
                By doing this Firefox will always display IDN domains in
                its Punycode form, something that should make it easier
                to identify malicious domains, the researcher claims."<o:p></o:p></p>
            </blockquote>
            <p class="MsoNormal">If you do that, you implicitly assume
              that only the "non-IDN" links are "real", in other words,
              you assume an English-only environment. (When stuff is
              displayed as punicode, you usually can't tell what domain
              it is, except you can guess for some European ones with
              very few special characters, but you can't be sure unless
              the Unicode form is at least also displayed, which I think
              is not what that config change means).<o:p></o:p></p>
          </blockquote>
          <p>Hello,<o:p></o:p></p>
          <p>excuse me if I jump into a discussion having just joined
            the list, but this issue is really troubling me for at least
            two reasons.<o:p></o:p></p>
          <p>First, many news sources are now filling up with calls and
            guides for disabling IDNs in browsers altogether, which is a
            death call for universal acceptance. It all started with
            this horrible post by Wordfence's CEO, basically equating
            IDNs to an instrument conceived for phishing:<o:p></o:p></p>
          <p><a moz-do-not-send="true"
href="https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/">https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/</a><o:p></o:p></p>
          <p>It would be really good if anyone knew him and could have a
            chat with him, maybe even convince him to help spreading a
            better view of the issue.<o:p></o:p></p>
          <p>Secondly, browser makers are now reacting in opposite ways:<o:p></o:p></p>
          <p>1) Microsoft's browser (AFAIK) will enable or disable the
            display of Unicode in the URL bar depending on the operating
            system's language;<o:p></o:p></p>
          <p>2) Google's browser, with a newly released patch, will not
            display Unicode IDNs in ASCII TLDs if the IDNs are
            whole-script confusables ( <a moz-do-not-send="true"
              href="https://codereview.chromium.org/2683793010">https://codereview.chromium.org/2683793010</a>
            );<o:p></o:p></p>
          <p>3) Mozilla's browser will explicitly always display Unicode
            IDNs regardless of whether this may be used for phishing ( <a
              moz-do-not-send="true"
              href="https://wiki.mozilla.org/IDN_Display_Algorithm_FAQ">https://wiki.mozilla.org/IDN_Display_Algorithm_FAQ
            </a>and <a moz-do-not-send="true"
              href="https://bugzilla.mozilla.org/show_bug.cgi?id=1332714">https://bugzilla.mozilla.org/show_bug.cgi?id=1332714</a>
            ). However, multiple online sources are now advising people
            to use a Firefox configuration option that allows to disable
            the display of IDNs altogether.<o:p></o:p></p>
          <p>(Don't know about Apple, Opera and others.)<o:p></o:p></p>
          <p>As you see, this is going to hamper the usability of IDNs
            in URLs and, even worse, make it entirely unpredictable,
            depending on the user's browser choice.<o:p></o:p></p>
          <p>The only real solution to this is that all registries treat
            whole script confusables as variants, so that they cannot be
            registered to anyone different than the owner of the
            equivalent ASCII domain. Unicode TR-39 allows to do this
            programmatically. However, I just checked the proposed draft
            IDN guidelines that are currently undergoing public
            consultation at ICANN:<o:p></o:p></p>
          <p><a moz-do-not-send="true"
href="https://www.icann.org/en/system/files/files/draft-idn-guidelines-03mar17-en.pdf">https://www.icann.org/en/system/files/files/draft-idn-guidelines-03mar17-en.pdf</a><o:p></o:p></p>
          <p>At point 16, they say that the registry "may" do this, but
            that should really be a "must". If this does not happen,
            there will be more of these situations and the risk that all
            the Western world will then disable IDNs in URLs for good is
            quite significant. <o:p></o:p></p>
          <p>I think that this group could do several useful things:<o:p></o:p></p>
          <p>a) promote a better public understanding of the issue,
            countering the trend that "IDN URLs are for phishing";<o:p></o:p></p>
          <p>b) encourage browser makers to elaborate a common approach;<o:p></o:p></p>
          <p>c) push for ICANN and the registries to free the Internet
            from whole-script confusables.<o:p></o:p></p>
          <p>Regards,<o:p></o:p></p>
          <div>
            <p style="margin-bottom:12.0pt">-- <br>
              <br>
              <strong>Vittorio Bertola</strong><br>
              Research &amp; Innovation Engineer <o:p></o:p></p>
            <table class="MsoNormalTable"
              style="width:100.0%;border-collapse:collapse" border="0"
              cellpadding="0" cellspacing="0" width="100%">
              <tbody>
                <tr>
                  <td style="width:90.0pt;padding:1.5pt 1.5pt 1.5pt
                    1.5pt" width="120">
                    <p class="MsoNormal"><span
                        style="font-size:8.0pt;font-family:&quot;Verdana&quot;,sans-serif">Cell:</span><o:p></o:p></p>
                  </td>
                  <td style="padding:1.5pt 1.5pt 1.5pt 1.5pt">
                    <p class="MsoNormal"><span
                        style="font-size:8.0pt;font-family:&quot;Verdana&quot;,sans-serif">+39
                        348 7015022</span><o:p></o:p></p>
                  </td>
                </tr>
                <tr>
                  <td style="width:90.0pt;padding:1.5pt 1.5pt 1.5pt
                    1.5pt" width="120">
                    <p class="MsoNormal"><span
                        style="font-size:8.0pt;font-family:&quot;Verdana&quot;,sans-serif">Skype:</span><o:p></o:p></p>
                  </td>
                  <td style="padding:1.5pt 1.5pt 1.5pt 1.5pt">
                    <p class="MsoNormal"><span
                        style="font-size:8.0pt;font-family:&quot;Verdana&quot;,sans-serif"><a
                          moz-do-not-send="true"
                          href="mailto:in-skype-ox@bertola.eu">in-skype-ox@bertola.eu</a></span><o:p></o:p></p>
                  </td>
                </tr>
                <tr>
                  <td style="width:75.0pt;padding:1.5pt 1.5pt 1.5pt
                    1.5pt" width="100">
                    <p class="MsoNormal"><span
                        style="font-size:8.0pt;font-family:&quot;Verdana&quot;,sans-serif">Email:</span><o:p></o:p></p>
                  </td>
                  <td style="padding:1.5pt 1.5pt 1.5pt 1.5pt">
                    <p class="MsoNormal"><span
                        style="font-size:8.0pt;font-family:&quot;Verdana&quot;,sans-serif"><a
                          moz-do-not-send="true"
                          href="mailto:vittorio.bertola@open-xchange.com">vittorio.bertola@open-xchange.com</a></span><o:p></o:p></p>
                  </td>
                </tr>
              </tbody>
            </table>
            <p class="MsoNormal"> <o:p></o:p></p>
            <table class="MsoNormalTable"
              style="width:100.0%;border-collapse:collapse" border="0"
              cellpadding="0" cellspacing="0" width="100%">
              <tbody>
                <tr>
                  <td colspan="2" style="padding:1.5pt 1.5pt 1.5pt
                    1.5pt">
                    <p class="MsoNormal"><span
                        style="font-size:8.0pt;font-family:&quot;Verdana&quot;,sans-serif"> </span><o:p></o:p></p>
                  </td>
                </tr>
                <tr>
                  <td colspan="2" style="padding:1.5pt 1.5pt 1.5pt
                    1.5pt">
                    <p class="MsoNormal"><span
                        style="font-size:8.0pt;font-family:&quot;Verdana&quot;,sans-serif">Twitter:
                        <a moz-do-not-send="true"
                          href="http://twitter.com/openexchange">@openexchange</a>
                        - Facebook: <a moz-do-not-send="true"
                          href="https://www.facebook.com/OpenXchange">OpenXchange</a>
                        - Web: <a moz-do-not-send="true"
                          href="http://www.open-xchange.com">www.open-xchange.com</a></span><o:p></o:p></p>
                  </td>
                </tr>
                <tr>
                  <td style="width:150.0pt;border:solid black
                    1.0pt;border-left:none;padding:1.5pt 1.5pt 1.5pt
                    1.5pt" width="200">
                    <p class="MsoNormal" style="text-align:center"
                      align="center"><img
                        id="_x0035_be0f06900124bc5ac3f7591a0d1911f"
                        src="cid:part23.A769ABC1.B60619CF@ix.netcom.com"
                        height="40" border="0" width="190"><o:p></o:p></p>
                  </td>
                  <td style="border-top:solid black
                    1.0pt;border-left:none;border-bottom:solid black
                    1.0pt;border-right:none;padding:1.5pt 1.5pt 1.5pt
                    1.5pt">
                    <p class="MsoNormal"><span
                        style="font-size:8.0pt;font-family:&quot;Verdana&quot;,sans-serif">Open-Xchange
                        AG, Rollnerstr. 14, 90408 Nuremberg, District
                        Court Nuremberg HRB 24738<br>
                        Managing Board: Rafael Laguna de la Vera,
                        Carsten Dirks, Uwe Reumuth <br>
                        Chairman of the Board: Richard Seibt<br>
                        <br>
                        European Office: <br>
                        Open-Xchange GmbH, Olper Huette 5f, D-57462
                        Olpe, Germany, District Court Siegen, HRB 8718 <br>
                        Managing Directors: Frank Hoberg, Martin Kauss<br>
                        <br>
                        US Office: <br>
                        Open-Xchange. Inc., 530 Lytton Avenue, Palo
                        Alto, CA 94301, USA </span><o:p></o:p></p>
                  </td>
                </tr>
                <tr>
                  <td colspan="2" style="padding:1.5pt 1.5pt 1.5pt
                    1.5pt">
                    <p class="MsoNormal"><span
                        style="font-size:8.0pt;font-family:&quot;Verdana&quot;,sans-serif"> </span><o:p></o:p></p>
                  </td>
                </tr>
                <tr>
                  <td colspan="2" style="padding:1.5pt 1.5pt 1.5pt
                    1.5pt">
                    <p class="MsoNormal"><span
style="font-size:8.0pt;font-family:&quot;Verdana&quot;,sans-serif;color:#CCCCCC">Confidentiality
                        Warning: This message and any attachments are
                        intended only for the use of the intended
                        recipient(s), are confidential, and may be
                        privileged. If you are not the intended
                        recipient, you are hereby notified that any
                        review, retransmission, conversion to hard copy,
                        copying, circulation or other use of this
                        message and any attachments is strictly
                        prohibited. If you are not the intended
                        recipient, please notify the sender immediately
                        by return e-mail, and delete this message and
                        any attachments from your system.</span><o:p></o:p></p>
                  </td>
                </tr>
              </tbody>
            </table>
            <p class="MsoNormal"> <o:p></o:p></p>
          </div>
          <div id="DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2">
            <p class="MsoNormal"><o:p> </o:p></p>
            <table class="MsoNormalTable"
              style="border:none;border-top:solid #D3D4DE 1.0pt"
              border="1" cellpadding="0">
              <tbody>
                <tr>
                  <td style="width:41.25pt;border:none;padding:9.75pt
                    .75pt .75pt .75pt" width="55">
                    <p class="MsoNormal"><a moz-do-not-send="true"
href="https://www.avast.com/sig-email?utm_medium=email&amp;utm_source=link&amp;utm_campaign=sig-email&amp;utm_content=emailclient&amp;utm_term=icon"
                        target="_blank"><span
                          style="text-decoration:none"><img
                            moz-do-not-send="true" id="_x0000_i1030"
src="https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif"
                            height="29" border="0" width="46"></span></a><o:p></o:p></p>
                  </td>
                  <td style="width:352.5pt;border:none;padding:9.0pt
                    .75pt .75pt .75pt" width="470">
                    <p class="MsoNormal" style="line-height:13.5pt"><span
style="font-size:10.0pt;font-family:&quot;Arial&quot;,sans-serif;color:#41424E">Virus-free.
                        <a moz-do-not-send="true"
href="https://www.avast.com/sig-email?utm_medium=email&amp;utm_source=link&amp;utm_campaign=sig-email&amp;utm_content=emailclient&amp;utm_term=link"
                          target="_blank"><span style="color:#4453EA">www.avast.com</span></a>
                        <o:p></o:p></span></p>
                  </td>
                </tr>
              </tbody>
            </table>
          </div>
        </blockquote>
        <p><o:p> </o:p></p>
      </div>
    </blockquote>
    <p><br>
    </p>
  </body>
</html>