From 29755e66f6642c5cf038ecd7528c86b3c7796ac7 Mon Sep 17 00:00:00 2001 From: Juan Leni Date: Wed, 24 Apr 2019 17:00:33 +0200 Subject: [PATCH] Merge PR #3659: KMS Documentation/Tutorial. How to run a Validator with a Ledger device --- docs/cosmos-hub/validators/kms/kms.md | 34 ++++++ docs/cosmos-hub/validators/kms/kms_ledger.md | 113 ++++++++++++++++++ docs/cosmos-hub/validators/kms/ledger_1.jpg | Bin 0 -> 23307 bytes docs/cosmos-hub/validators/kms/ledger_2.jpg | Bin 0 -> 24150 bytes docs/cosmos-hub/validators/security.md | 6 +- docs/cosmos-hub/validators/validator-setup.md | 2 + 6 files changed, 153 insertions(+), 2 deletions(-) create mode 100644 docs/cosmos-hub/validators/kms/kms.md create mode 100644 docs/cosmos-hub/validators/kms/kms_ledger.md create mode 100644 docs/cosmos-hub/validators/kms/ledger_1.jpg create mode 100644 docs/cosmos-hub/validators/kms/ledger_2.jpg diff --git a/docs/cosmos-hub/validators/kms/kms.md b/docs/cosmos-hub/validators/kms/kms.md new file mode 100644 index 000000000000..9abeaa7e015f --- /dev/null +++ b/docs/cosmos-hub/validators/kms/kms.md @@ -0,0 +1,34 @@ +# KMS - Key Management System + +[Tendermint KMS](https://github.com/tendermint/kms) is a key management service that allows separating key management from Tendermint nodes. In addition it provides other advantages such as: + +- Improved security and risk management policies +- Unified API and support for various HSM (hardware security modules) +- Double signing protection (software or hardware based) + +It is recommended that the KMS service runs in a separate physical hosts. + +## Building + +Detailed build instructions can be found [here](https://github.com/tendermint/kms#installation). + +::: tip +When compiling the KMS, ensure you have enabled the applicable features: +::: + +| Backend | Recommended Command line | +|-----------------------|---------------------------------------| +| YubiHSM | ```cargo build --features yubihsm``` | +| Ledger+Tendermint App | ```cargo build --features ledgertm``` | + +## Configuration + +A KMS can be configured in various ways: + +### Using a YubiHSM + + Detailed information on how to setup a KMS with YubiHSM2 can be found [here](https://github.com/tendermint/kms/blob/master/README.yubihsm.md) + +### Using a Ledger device running the Tendermint app + + Detailed information on how to setup a KMS with Ledger Tendermint App can be found [here](kms_ledger.md) diff --git a/docs/cosmos-hub/validators/kms/kms_ledger.md b/docs/cosmos-hub/validators/kms/kms_ledger.md new file mode 100644 index 000000000000..8241d2d1e9c1 --- /dev/null +++ b/docs/cosmos-hub/validators/kms/kms_ledger.md @@ -0,0 +1,113 @@ +# Setting up Tendermint KMS + Ledger + +::: danger Warning +The following instructions are a brief walkthrough and not a comprehensive guideline. You should consider and [research more about the security implications](./security.md) of activating an external KMS. +::: + +::: danger Warning +KMS and Ledger Tendermint app are currently work in progress. Details may vary. Use with care under your own risk. +::: + +## Tendermint Validator app (for Ledger devices) + +You should be able to find the Tendermint app in Ledger Live. + +*Note: at the moment, you might need to enable `developer mode` in Ledger Live settings* + +## KMS configuration + +In this section, we will configure a KMS to use a Ledger device running the Tendermint Validator App. + +### Config file + +You can find other configuration examples [here](https://github.com/tendermint/kms/blob/master/tmkms.toml.example) + +- Create a `~/.tmkms/tmkms.toml` file with the following content (use an adequate `chain_id`) + +```toml +# Example KMS configuration file +[[validator]] +addr = "tcp://localhost:26658" # or "unix:///path/to/socket" +chain_id = "gaia-11001" +reconnect = true # true is the default +secret_key = "~/.tmkms/secret_connection.key" + +[[providers.ledgertm]] +chain_ids = ["gaia-11001"] +``` + +- Edit `addr` to point to your `gaiad` instance. +- Adjust `chain-id` to match your `.gaiad/config/config.toml` settings. +- `provider.ledgertm` has not additional parameters at the moment, however, it is important that you keep that header to enable the feature. + +*Plug your Ledger device and open the Tendermint validator app.* + +### Generate secret key + +Now you need to generate secret_key: + +```bash +tmkms keygen ~/.tmkms/secret_connection.key +``` + +### Retrieve validator key + +The last step is to retrieve the validator key that you will use in `gaiad`. + +Start the KMS: + +```bash +tmkms start -c ~/.tmkms/tmkms.toml +``` + +The output should look similar to: + +```text +07:28:24 [INFO] tmkms 0.3.0 starting up... +07:28:24 [INFO] [keyring:ledgertm:ledgertm] added validator key cosmosvalconspub1zcjduepqy53m39prgp9dz3nz96kaav3el5e0th8ltwcf8cpavqdvpxgr5slsd6wz6f +07:28:24 [INFO] KMS node ID: 1BC12314E2E1C29015B66017A397F170C6ECDE4A +``` + +The KMS may complain that it cannot connect to gaiad. That is fine, we will fix it in the next section. + +This output indicates the validator key linked to this particular device is: `cosmosvalconspub1zcjduepqy53m39prgp9dz3nz96kaav3el5e0th8ltwcf8cpavqdvpxgr5slsd6wz6f` + +Take note of the validator pubkey that appears in your screen. *We will use it in the next section.* + +## Gaia configuration + +You need to enable KMS access by editing `.gaiad/config/config.toml`. In this file, modify `priv_validator_laddr` to create a listening address/port or a unix socket in `gaiad`. + +For example: + +```toml +... +# TCP or UNIX socket address for Tendermint to listen on for +# connections from an external PrivValidator process +priv_validator_laddr = "tcp://127.0.0.1:26658" +... +``` + +Let's assume that you have set up your validator account and called it `kmsval`. You can tell gaiad the key that we've got in the previous section. + +```bash +gaiad gentx --name kmsval --pubkey {.ValidatorKey} +``` + +Now start `gaiad`. You should see that the KMS connects and receives a signature request. + +Once the ledger receives the first message, it will ask for confirmation that the values are adequate. + +![](ledger_1.jpg) + +Click the right button, if the height and round are correct. + +After that, you will see that the KMS will start forwarding all signature requests to the ledger: + +![](ledger_2.jpg) + +::: danger Warning +The word TEST in the second picture, second line appears because they were taken on a pre-release version. + +Once the app as been released in Ledger's app store, this word should NOT appear. +::: diff --git a/docs/cosmos-hub/validators/kms/ledger_1.jpg b/docs/cosmos-hub/validators/kms/ledger_1.jpg new file mode 100644 index 0000000000000000000000000000000000000000..100175e1a7f96cd56b472d794dfbc92a9fbd3d73 GIT binary patch literal 23307 zcmbTdbzB@z6F#_D2p%8=cMA~QJwT9!0KuIE*Tvo4b+O>V-Q9z`y9I~f4vXI=@AsAa z<9DCC8@6Yj>8`G+r@FhQXQp{sc-eqw7k4o;1^{Gb0rUU>;57gR1_J;KMTpQ81M}uD zehtORFjxRM=n)3`2Y?{}ApFGuKn@Jye{d4DE)tV0iK18oizsT-wa^C#lZguJH^8M^%Oh|EF1s~13-pe2kIZ#2r%q_^e2Gf z{*#{phW`&P03-ZIrV@}EVLtqT`!@z8=EDBhhFrM+!3h6g0stWQ z)&Jy^{k;}B)E;)I*?+z8mni@fdV>6aXqEqCTPZ;+;r~&S3{8fBmzS5>f9L$kg&O|v zA}GLtCIqNE{xrp(?!*G+_=nbCDKZ!U>c26x>M9aC@v zP(S`Dg%$sk4-YjFnhE`F{9`Q4U#njI&4)s`dnnO=WZ>Zd#DD9eKr0gcsSaR5G6r?eSN^pJDt5kp6T0_t1l${v+{kV{!k<;QM?0Z!7%~1iUN*0sycuf3`n+*gqRQ z+@C!HJUkryD}-0C{w74E*RK$f5MRA|jq(}^`OgMLs3^#&e@^~Y4Hf|o4gneQ72@CG z|4+M@p8(9)fJB%Na4?tvSWFl=OqiD*m~1E!gukZ!W&Fon=*Waec!dZx0R$jq@Syi1#ltw&OUxG^rC)Oh+YL$&EWd2ahxA zQk|K4wLJ}dhojHSG0>&IV`_+cpe>|j{(IW2y z34SgUlgF|p`1S&L)9==G!xZJ@e>Yq!WOD&WdXwZ>R&8wfqpw&EE>`*b|S zHLA51L~vc^uS;D5=%$Q#0WevhvA z*hq}U>0Sv3(inMPOHfX~ZObh)NKv}2<-+dr!l@29=r{}S`I4Ce%mbMGrYFjsEjQkw zv;10no*C%CFtA-eb#<5K5cX+YZsi(>RlX>*aQGB&iLY*Uw+bPa=XSS0{2ybwq;YB}6gd$b<%5rMag( zZxTOh?eH7&FvR7neVjiMwC}_%V`Ifs5W8?qH6yQYoi(A(IFd&h8Wy>*Q!-uzBEUq?~*t>=ybBgEytjAbXVGk^dJKU91 z!+fa{^2_9Gj?XdDx82}h4oUF{P?%x=mNKa&)7Z<+(Y9?v)TJ zUA>6@c3RcMs8GWN@pE+$F~OOP^OT{~IBDpihNxreZDQbT0g!rtvAqhOt7~a&GH7QP z7`!SpYsI}XhG~X*kU>5R(r3}o1y+kco$!plpN_oY*sHD^q4OdW&ndbr>u%D;Sx8G+ zUL34J8Ty$~% zNOslM2mz;UAD1P1hXw6kM#(PC5fST;3nIgaIE;BYjJ%S{)-LSbs@1Xfo-nS+M$UT5 zmrG6b!VXKEifX1ut=#zdYEkIq^a?P4r!xtH}=(Z zyJ$BjI^#84ZPQV#^mKnBL14j+T;`8rAmOQF(ELg4!u@PvW0rCpkS3y~0_(%GRT3fUKF_{b1i+)95diyzPLUdv!D|f zM6i2Q#EF1g%SSMH&;Of0bWa95dh^;qqfuh6@*URkMax-dZ!kl8cK3 z30k;_C9HlQtfS;QVC7{hu;L>)n50NJF z#`f2u_53o5fwo8|5li7iBZ2-bIagJ3j)UW58j0IwoAf+oCx;HpYMGL0!CD93z+PTZ z6|}>6T&nrLk_$mjj(@kAn_cdAN6tdq$V1`)jn|=K5R<^B$l-jn{aTtC>&Z( zQ({69>7!k4+#=a6=W5DU7267id_3;QDXse`U4Qb5^24 z`_hEIRnBNV{=IfHy%N3rl-c3ytFe{X!){=5d{jyScY>Xw(D-^9#c9#VXrC)IMw;eS zHpzFNd<#_Y_we92)ts8*&AAz+7=J*_+))#6>wg=4ZC1Di2?fR3Ssne_V-#?s!oAe; zHp2;db+N#LoRM*r8yA(InnQj1ZSqvVtq#bf4`&Yyf)h%2Ep@|@wQx_=+C)3zwp&Z* z1;l`)1_!=&bCfC{JYW3oX+8hdV&qDF69~IJN`Ygn5V2b~*{^6W$6mvlVvTJsXVfv1 zE_Zro6#GU0+K@R{dQ2zB6$u*ne#i~0N?K=|EApy;BU#)HPabkwh}x29jsKocPAtLm zc0@N%YaCTOf5M88lF)Zwd@ye3H3z^-tcH7tkJ&AlDmK2MsfZ*Vo|@0OlW6`!`aotE zA0w$tpMRbAZ3m)u*DInLIGGdZl#GN9QR0TR9$(psLg#ilCXl5WNB7h3Zw97_)ZhUYUY%q{+I>W zkl9_M_Y0k~99rr$#{L2ZJ7acUb=65W?^j)%zqr4fkqllEKk7LXJTz62k?7W1D9P41 zn7oVT%G~x_dk>9VGYY(P{Ml1x+H)ZIaN`-K6RM#LoR2u^*OaO!BKbg5;!|esY6Hw< zdtWV4dA%G$?Q_iq9pgSOstnj+9|TMAH@hXUwmB}E-2k>gj23U%CRo&vb&>Up)>@Yjc zIH%GUgkuFm{Sk3G<+4P)i9h`d7|4!pO=QkBPF=nK?$)OIhA@P(QIH`iW;H*`Lj9aH zjGYd=dVGxc4GCynU_L3%Di}q9M`ggi<`Q(Gh<9g`7UL~6JF^_YDM>H4gS~OL-3|u5 z8`{UrWIEY~^+vB7+3_3;x@N|BrLD~(rr+_akI(&5fo|VGh1vqc8nt$~YSW~%ZzAZ2 z)v)dGx}d1buT4fK)i4%rwomFzHZVNY!vCzs)@xE3;hm@1Cb330SUr77hOqKjj8@1)i~05vr#DT&h=hC2t3-D5iAPfTVU~6!r_Eh zXTTf?)sf64T~Z1gs8xAQ-{?bz*0r@gSmz|vBIkM~H_}w)>VzT$6XbfLADBJ98Bi=g z(sg`^j2PySiHq1uEV`L_h+ddI(wg!%!HB{V1(9~0nxNZP6@>5hf88uSP|F)q%u`@g zuvd6WYNs0t=ieVYj?_+s$sMBYV2Z;Q4J*)MgzDJeT4CI!*i_p37A$#DOs%o4A`ukSc#*)(<4`{9K>1$N2p zr+@TXAWua7_8JqX6V@jURb&h0OlMU$$Sr%u$?jDG{>IFGNcZl-fKXQ)lb$?Qzz_ z$KE`xv+<3JS0AYxg^F+4JVLxzCGY3Pmq(o*HNa6VD-XjPnU91PF97%?2*`v8>k+>B z9DdR_wc^d8lH8c5lw!#pjB*j@O|o{?k()}xBPRbdlC_2DhpeZ_R*E<1`6F?6aVZtX zWfmQ+x?{KtdjdeHD)<+Gp8_P+UfXMENu|oG%*ghG`eRDLVqIJ-(QLpiW>nrWe6@mx&fXs9?KAs6ujOG}Xyyg5K5Y%5?VVkgEr9IxC03EP zylxMzg2Weih%U*TKvk$wel>dme5Jg&?0o@XG1pmHTOAv$xL!yID_Tq@%s8;|hOc4k zYSTQpOQyYkzF=OvCo!Mm@=KAxy$LEPUh4(97f4YujwlKY7)mui{*<|xBfh*t7h z7TGy+$tG|Avojfvzx2v)TFQa7Ge=Z*nCOn`9a6>lhoZOirgXQje8+4bR9QoaP< zEJR0wof=@^c~m$dP~55a8bu~YOL%hiCl*&~ z%G&ymZiS%|^3!d~hR2PmhI7q7!h|W0V&jD!UI!2H-QoyLwQsdBiInD*igMOPL~Muz z*!F)dBM4F0G!e(FHA^6)LyF>g?AN6?;w0uv=?pj6B)>_c1n=>7BBtGp>Ww;?18G{@ z&Bzz5sL(~oJozV%8osF|>GF$yS3{g89ltEHQ-wvC*X8-eQy&qbc?;JxEMu>Kad>{o}&WQfkfo5eeu)-9r~^X#7{!^LYL;Z}pFWGi-YpCEax z18dVI=jEL@$tpWOybEJL0`>W@;8+mrx0F{>DkGL#mVLgXO5roa*a*vC_R0nsY9G{4 zzFq%|jeV^^kS9wrMO8wD zB!wMCVP<%1IK8qB&Z%s_JHgygIZny(kbJLP-n{aI)=F~a_pPD@@9{G6@-gF+6Ci2w zZl$oZ0Cq~5EG4Z&xGIC=hfL!jiSEp_S3G3)VrC3AN{6HnTGB^slm5*5hHxs2lF-^{ z)O~Q)tfO~LkP0GvUv7pGWy~wL?R7_o_rsX{N3l#+=r_Wa!X_At7VAkz>Fanxq#n3u zp!Q7I_YXP`KP*c2`3E@~SB^aS(0yQf-OdUK%qOXv&cg4a!gj=(_H^f<))Qx;27 zf9)$Nyia7jI)kvWZ$l^;sbHs;tm zntqeDy|`ABzAWadn8b7AK%emaV*XTeu5s#w^$i}cHwy!*2~U3k>0TRAisp`XkPauc zF$4Zj+9ImV^B2JNoD~x#{b=4}%c3&C#?Djn>r{eI1yfR$kjvstIZpFl-2PI+&teAy zhD0z6anm=K{a13yr&+#yFn*&lfIzVJz1b36=!;kp5&7zNE=f~Y9 zKk)Zn0JBo4Pm&VCAN;=^^{U~&07w$*xPK(a74GMY|5^l~8j!pIp4=v75>|$Qb_e!L zZN3r=_<~XfQ5c-lxQ_N%{#x>#(LBV_WnZwmro}E!$hPv$G?04PW^+$J_`ARf7^#t_ zYgNOSx=S7fKJdCU+(biqvmRN_#xkaL%;)z}?I^&p%o^0*pCaK{?+w5oiz0>1?~p<7 z54^>^0bU3$a5t6^`8*E_h;?qig6bm58`2VnBuFo5=U?`?I3% zYpPZcT#NB#bmp(DQTH#*n~$$-#0cIQ+b`Ie(<;8rab?TFmtCUmS*!i}NQCf!^@wzi zu;%wD=vw45tx>I?^v(;%NBhGE;lQ1NNcl(PCa=crr-A*IDP^Vx?oE}r;DWT^$B;RA6$=`%b2r)x+r+YQ2d)tm9H%}Vc ztJ00aM2?1}IA@Ozm2_|NF^i-Ny4*e~cJd)%2BGn1*9oUEL@y1mN0>^R<5rh@>7;14 zMrRSJC59Vhu%?-K1v%~=Tc1TLS+bf>0o<6rcVAG2?YerA6C=^s3JF4QPXS)z zUVz3RW-PI?f)txPjx#Cfy`Ut+!RXbNr^Hm)%+;D-CQdu+xgZk9jd9}81aa&{ZwUSTQOPT0 zZ3}jgwk3$_@_1a5)b>Hun6DB*s5r?gJQ zjauJ<-l|0Jpl0Esd^sP@avtrLc~o(VbtselD2 z?>70AP!4`XB$$@B?tg|+l!tuS^IfbW{n_RwKCa|W5W{+e?mBRu?|zKmcrV)RN1Znqt?a>@_=oTcZzxxXS(IRuEf-U~0D_aA zC!8^>{BKm73?}Lx|-6F`J63ay!5tPLoYy{6q zY|Kg2MEM7VsuXwJGnX@O>SxrRaBq~G5G3BFqRf#-y>)Z{QoX|eAa--@{-)zN{K0Sp zHTXuoacKqB%=tUX+EB#-o?&S&$*&6QpS~{u^UP)aGgxTLrUJ+L7}tagZ}YBE84hUq zA}!r3I@9GfAi-zW!1J~6tNCfi!3w71Ivuj*TK!*AxiBAp^;Rmxq-}vESO+7lNOJ$A1I2X`a7K>2(7ijqcC44R z3qR$z)3^lRxI^H!{BxjDbR|w5($RCHxCwIF5z%1G^1d^%N+wU1Q}=P%A_0ky-Q`up zs?awwsUOcg`a$|1On#YN4z8d2or#$kyfWbPiFoJjfLI_n20YZMwOP_NVR|5;F7l9s z1a6|_a20I{DsHUo?X}yFSB~Q>;)$5XaFjX-p+K6>TRP{2&%mZ6?`H_Q7-CUUlRwAY zeP69Xb>-O$o16-m>jU+gdWCp*(n6=l72d>NurA|+5KzS@D{2Z^gD$nyRJqw~U5x|` zsM8+EEugw9XpBj%)4N>)MO54;o_o zZ3|Yji@@*TAAedY;@J!hxo3Th6^vd$Nh`#AlNm?#@gfw{Vn>K8yKDF$OJyIC&db#xdB*<4a@ z5(BbF;A59vi_;!u7Cgbdv@5#2VsQ=vt;%px+%YrvbmG#lz0vOQDo47mocwqK`IP6A zHtf}*d%LAuozk_S7eF`NBTh)FjJ3ZmP8794op(*l<@I99y*wmnX2$ue`wM__Ey|gW zYRcQ!Y5v9#B5AI2bsFG>6X8F`vGW4hG~d|h#rwVVu*g1|$vFE0fLm&%gGRfWmh+_U zXmrRW^j_R8k8+@RxMq=}!|MRid!W#)E=tIaFOKmTTV?32h%sy=GSbA^&KVpoX^|be z0aC4r^+jXNC#c}c?KdsWwPg*D?6_04?aZb#cb`J2tV2DNliUQ?d>`4fExuTMS>#NA zPR9%S7jMMBW?|Q#ck0QPhV&HZ@hvH(t~}vvUc4EEe8K?wWHzBSy3-n2_j;k< zE|J_hqFf!;&SFlRHNkG$E=`ROq|2sOU*S-CT$WMK-!bPw5guQWExR=C44O7O%$rN9 zZZABXe@4nWH<6jzJ4bI=Pk%N3xvEXZQ(}{s(a_y)D)-Y{AQBb7j|30zxb$8@yv?=d zd2TT+9YfwAwI|_fiDfi5P9J>~Nu8-;LecMKo9cuaMKj>=rkNmzdy?Y|075HNV^V$g`Mqwfuq8FGuI2Q|@$7>6#S*;Hk8 z___BC__U35uM;$x&OkJ2%7!_Ht1Gp@HrFO+)%M-d`A4kNzNO5NIvw0jg8E?hcaa5} z@~#3$Z&?#3O+XP@{`5OOmJvP}Zo4i-Q3(W&^yRwFR7o_=zei0NH_A0Jmk;c$VvydEfPpx`!1v6rAU z^=3nB^bXI2hw3;xNG)ztwaQ_3J2l?2t!LSMerc(UaTkQnSt8GpC%@R+rJ(3hz3X+$ zOuyg3{pobuKnFTfI3De}!%97PyeJ?d-`f1n%N;*;*n{+_OGP!Z;zMo`Rp@PSf(2bT zI;t*qL{%6Ci9jUcqtvvfb!DY%PSH-$A;}Kf-?C1*sn1Q*^mnM1wDKlto9mM-hMqZ} zM>RV-g>jez>pZQx6{6hVmmfJ2zYk?RS&zZ0CO1Mvg#T73;7}eRjJnP+v9~mupQdP5 zHof*$!YjO6V;51VtGPCDZ2UxCKJKV>vQK;?paC=~4RdYUS@2u}{eqbrU8HP!EeSmH zzHvE^?nCpENAlonsB4_Tnv(f`oR`6)Ym*iq!F@l7VT4b6#?#k5d&&;T@EQBY{Lg6EMTmSKLG5h^<_Yp> ziCH4JYcAyzl`VV#YFp>Q0>4@TO}jVGuuc4X2?v9d1|tTI;g*JrD;?bj5>hnd#YE4j z5*3A=ZgEbhgp~@zIN5_TR|hre6E%f92A%qPYm61$UaVfSbDjGk+!(n9Uc&D;eeNbd z`r&qXQovD!XjBd1kK@=Fbdub?oetoJ6?=QY-I9pHPkoHhD`>>uY-iQT$mGzRDRL_S4ymo84a|zGo6TJ+4HC_b7BX=pWzGiS9Q4trb40mW9qdi=``|yvk7C4ktk-1L zdcFXTCLdn8O!uYW42zfOF4Dy1ven~h>of+i+#-)iw&`hJfTQhZX6d0bMy(fs6)90c zHz}f7<|_|cn=h*jf{#Dbr+n7v1(dv7 z#3j?+?S&iV38mxHUl&jNe~~_A3E^pYeDae4(H|$5)qwTuNCL}JI zQZAZN+mTG5kITKY@|0&PL9GhbfLX~(NP=g}2ryW_n-4iqKQdOWaNg07;ZE^Vrox=& zDgUe@Q6#M^sY_zUKpOLvPyomEeEO!~JaA^IF$j-S1Stss2B7%H9qYpO2`~{b&0C$G z3z|EmD{n78@UC}2D7}xoA8?_APvDXDK^4LdoHKz0S1fCEI~RRD(Ar|K#dO6nK!!cz zDai`2&_Wxf&CTf9G*b#J>#*-joDs<8MS|agzkGI^!%kvnC&U!D2^E@PjbUT|f?~JW zB4fy2T*XwTw4m_`K>v9{e4drbez%9X$ zQu8bH;1H-ig4f4v)=Q-Q8T8<}r3(h$Y`=qfS6JB^>0b4yWFkYSiY15=u3T+lVTB)( z$9O=`4o|Reg?wtF3e}Qld1=SU6YqJ&@lzS3r7OuBZ3m*1MH^r;HMa~ryQIX-8!8EC zic;yuhoOq=lO$%(oI4Ys3+kSYVpPp+Xj?fwr)||-PF&mdVEkOd8et&K9!%kl5^m0X zw|SB`US8JVn4>CyZ~eW>WG_Pw%~LE)DEmzkJ(E~rSFXc0Nl^7~i=)+Ow=<06EL{I~ zbS)1?`B%xBYa+7_8y*c0uC1maaaP^80yTZE;|gCH!Z#qB_T1q&iLFILb1#5Q=c(I6 z@7T?8>N370S&ib79X0S1pPk3)#Nm}ZvZb3#dF7>?NPUW*wJKYsP3aaAh@WW$%qGMD^$ZvEGv9 z?`mf_BMrXRXcaMXXWLJ4b^m@!-qC!iOED?r{GsX_0$F4u)uoO)Dw9%F_fQ^vjbHwH zQ+oDv0U>R1eU;m)*2KQ6r+8q3wHe_ccips-GuWf1`@!$-p_vBmTAVoEE z^St77j7&?3$CNTo22q8sJFo0G(}g&Ed2PJeMh(_`yS+yTIvBcC+>D+_wYVg?nFQ6!GO?onU;-VLrG2>6 z{iv7Xw6cB55cM4pv00p<6`Y5zMkljACu{oSE;|7{DV&*nsOJLr>QJ;yI^#;qd}vs` zv8BLMTPMA=h03*}$2%Ptls6~a?%+v)#JtYMr9JbalbAZ!J(0igZI!na0s{6O+k?D|>ELv5_u~W+2*;GIsGx zfw670Cf;R%1dnC=jr*MQErB~5E6)ceJ@LsN5ouu(xEJGTH$_pj2 z7C-hA-Iw#(xmJw11Zgj53n#HX$`2Oc5beErSlG_E-VV%u+G0ra(TaF_JznOKSshr* z_d%pKsWSpAhwOL|F5>dpTY8czAr_c;MTNOK@DmA1EC8{>QgtR_w@uDNB0l*E2O8G+ ztQk)`zKsX6FG}GHZ=lzGROznNxE%ocFkCdxmmW)7~W;h6?L$GfW93wihUgO?v%WGSmoYY zsBck(Rfqp5_pvA9_2Xe3gS2jGS3rE0gU8e7h4(Nbf-w2t3EU{;dQ+(EYdv<}ror{| z?CU@@)OX52=q=q|6z6im-{w-#t2k^q@>a1-kZF-I@}idedgSg*Dm%E+PIWRjZ$1r$D$O+8?*2 ztS^9*Db5@(`wR9?FRq&Db}EbJ)$4%E{z6Fc$BNgAQfpCct`%uLO7;fd)@!-d!bVJmW}jTYJM*Yfd~+ zZy!#$dVc$Q2eE>AUI2pTV;0dtE{G?@&w2xD+9aNW=2}$>Zixs9ZL>9fmn;Co_)fsX zRqpm;>CU@|Q#!>BCn-?}D_7!{DK^S;Y2S@OqZK?$vf}8bemg-6s>=&C0jk=Ly^2sl; z>djEW+3MBWxE7^16ZC=W1D7pANjTvU@y87wo623qS7wza>fnZSDBv>|#yR7{4TmPw zEPvNU!?`SXyJ-{5wQcCgjZOWIuF=t16tErc`>3kt-!I@){(e47F(-f~EpeY?=?-77 zYT>hLe16{Vk={m@=7!|!&Dsd7vEodalV;pwjEzy+8_hO|j{6qKTA{5aK*Tz0Jg+A) z#fb@QPcPrv0;cSn${`#Vu-{M_G9MQVVpNP!oE-!<$*kJeM1p0sew`Y6SY8~dXnzK$ zH4*9_Hqh7RFcgd|TPG!yE0->JNOGk<$Vf7WdEgYeU~gowWq209wrs39cRGFv zqUk1~bLDnpg7g4<{5&OWN*dCv+<_*5%@~&-ZB!7Bm!V;p=n!f^X60;*Pl%fq10xWp z!|U{_UM(QaVrKU?kD-NuX8Ctg$z@xuP&8SN812sr(*&M8c(9$tYJ@>+T1Ne}*3$gk z9{L*GGh?K^`dP`N@GP#v1c<6-t~4?y)H3TM3Xmc;;R~K&rh=A$G0s$h))Eu2Hv6QE z<_36ec^{a*R|KS4I*132EUi*II^8rkC6{?HL4tE26yuvr1sfnyG?XumE|!iO zWO}F+H^iE3J;Ug^O`GLgo{H`|B=vCo!>pVMd@9&h`%WG$xi=t38G|_Y z?+F8Jm2mBLl7|X>px>SeNWT@^+CzwknQSxM^eYn>N=VA^f2%gON8UFGKI_j&BR@L5*BDj6hHB1O6P` z+nJg;08;DT#@=k$IqKJ!$qD2iG)RoDgk zSQ+;94aW-r|M_PI@dPLwB@^}6s#ybzkkDr-9qAW9wb<=x%T!zQc@3`(csD<~ly%p( z&nscHX~sqJ@omM8h5S;>4eNP-XJPiLYmsR+F=vonlES8xx|`QI?j>h}MQ(00`pUWO zN%YRzGqTc|)!`;?HyYvATI!dz0egp~k zd8OVj1vyR>EUA*mxw_aEEvGez%AoBu`i(w0MC}(qtoE1iI049zDhV5BtU zJ8h7pbW4NyJ*lKzY6dao?ZY#2w2|#PbUjGsYXP{u@9S05%%sDLy!@a^Aly@zFu^=> znoXsARR%XO*Mo3pSa2hAWGSot8;ke-Y*nw_5pMu!1)nsiAMTpi{#0>_BdWK`Mqgyc zPe|XD--4@jhz?0Fb}^SKhCL2%FH_{W_Z?Qly_a^TX_BWL|%?* zV7r-+`T~PNXopD3%RLj0yw*puh{l!cd8X<3x?T(ZNOe{E`Modi@12OL7nwjvmpc8I^;jDec7Vr!|i373P%z41(Oay~UWkYmP-PT-5i;2)Jpm7|m8Hfze=PFYLfs#{i4+b{|7HaSIE zIV9-t6(V!N2G&%!oxkNPC5ZEPw?`>0G6v~PMy&>5#Lf%$StPM!rOX$|;q0rVrDShz zo#mGv*yqkQoMgu4B+``AsL(1%jAbi;TjI4fgPB{HyA(XfVIa8Y++8mK^bWH%443G> z_V-i0KDD8wU#9h6F&HII^ksDw@=x1fy+K+jwd;?&YAS!HK9XHW!0IvDLUZkuuv&iO zbn94GR&{lq)={H%M1%^%Lw~r zxJq1e&G-y80f7Pa(;D(l7qYa3@F1drw?$MLukkq70*0$xEHCWR6#Wu__Ny92g;a?R z&9=_XGBrZMfp#kn_Sy_-RCx$;Y^r9=#wEIPsynveA`)HI9rsnLKk{;m28m+)K z!L1RW*`v&R>R8ZP!hdgT6HJ5^4)U~t!1yF%A&R2^C zng8X+u}5fSYNm?Sqq(_fN|`Xmu*FlJhrcry5$CKUS4Xuz<%uD1zLQtI@E+*z`2*(z%=VcuJ$7vzTk%~&^kgQ4jQdy?*H=jR zP`G9-#PR*sv;fGsWxUR~CNLT$xs#c>yLdKA!8mck&~Roj7$eqN8ntSsHc2lzSz^grhhXn|r}(s5B;K7y(1%ty25q?^if4QIbm6BQc`Gh9XA%LNYLTiQ;b zW~>g(ac)R+$EIy=A9*gG8LV@MKMJp#dhnlRu9JqfD(UGlh`E-Sx_!;W*7=5ylV+oB z1cb}~c&w`?+Pu05ub1H8!fD)jD(p4w=Qp^mqs3bru}_4@kJWk6`%eSTgd9!o%t zPW@7NS$@OGKks?unR%AFQZ2zjCdvLiTEndgLIb*u+k8^0Qg}B%j-1_Y6NLJK`FWvv z?`U?b47=xxixrymn&ceT(X!Nz$7n@k^i;byPNF2%N`>*{^;=t|ytidp4j zxJ~Jg4WzH94(pi}`2D#{M@gk)v^VT$*3j2cCd{u6baBoDTe;^6qG}kYWC~V-WXoOP z8}T@A@rBB?G};!CP{l&U|~uxw7u@a6c4&eBFIe`*l&= z!fji}rvJ;RR~LBDy1pNMatTL-6(En002 zQ_;EKB7Eepbe4c4a&y}wE`kOMydpuOq^H)tN(bRs&n~geaWuI=%{kI|*w0Ds-XHSO zJ~y^t^Fm+X?|-ff%&(UMjYmE58N5ECC_TN= zXjEgtV;hlF?aG>YYp8ws>{|K)m@DG0IIvb=FpW5cXr|W0mmZz5L*-5Y9FCYXyp3Q8pYKi>fu*J$b1GN_RabAYHAUToWko>OOTw{nk_b7A~xA{=5$9NXw>6FN=9Y4_= zX7a=)uux;)?IfKhsYEmP=8{~4BG&FTr+i{Ah@7E!l{8hjLGqEX;4FIc1rXv$8s1Uu z9k#r28pfQJnLqw5Zy+ywvEn_e=?hVS9QMp{5t6c zfIu{PeVGqAz2Q5n=u!U$Dk=M&H2LY0_VcE(ntZ-2a;chwWL3%3$WALZ^s}bQQ(+yk z3S+G`g!)$waktPr9WBioskiswix|XqdSYif)3udRN@)uR&%p;GXn1OYF3)_Fbp*LT zXt-2-Ix`7U_!!sOj%+P-Vz_l{?eI~`_xC4rIX;&1kcLUmU90qr(kEL8;~C0^{7=%L zW|J=OfM1B!leNSYFgOW;wO{F@w&R9b1;DN}b(&;Vk1YpZ&vYxo^stYrhV6b?X{t7w z<}zgXkab1L+sPq#_Ea@FOOa9&(Xi{9L5=BUhA?vXjEA-ZW?NZHTC*7*oCC{#9p6;r zFbr-){}ON>7~F~y@Hpd%U=NG@E{PJlS2sSEydZEg#KR;-8tE~wbnveK(D?{|<4N+< zQ*bNs+X-o}RpQZ!{&P5Xn1~Fo(|wISl*Hn%tCFcfDQUZN^Co6R+E3{d5@IHPsDbtO z=W+LH;Z+Ma3}1DIsMwbW86?79+ojq8_lm|4%Mci)K27)gwzK8S4&{rgN40q+4-Dd9 zMGkviS+YI(v>Cc0>r>rn`Sr&|*zjNH4I6&eFBRuF#7SLd(&2(buF^)Nf&Z5?895mi@_-HxZOaL|A77IrZQ%>L0L~C; zk~m^*btI^g?DX}5jErF3#3s`2Ak^G8@7P8)4gOBG{E*s2lj>-T(-Si&5LSa7nK$r3 zYG~cpkIm~epSNI~+>U}FUH5o<(R^$pdd#!hTu_jSe}c;Vd5-F zQTEfB2!olc!ju*|u2^X_J1*ZvhWr=-^&c>a6x$v~^DHvr+yzCYSw3(+TU?Y+Iyu}aPIvdy@_F6wl^wHyu`d++GoP{!g^~EI`5y>%fcJ84H515 zkQCU1!j$}IMEJ&P+_Ki&a6{j59Mo0Ud_vdZ>LChOCKWFj3UvA$ zD~Z=dMjFUZuDiMGo7pLVt+9gTHPtDmrz{~8d+6JLs9PW)&)Zw(`=O37WTbN6*(#V{ zLr>rZ5XdhreS@<_yu>87p33`fwGPjb5J+pC#7fDq_XCmAO1@0z1C@z_?!ngmh%#aG z#8VW6aATpB_JPKOe_}K7lS?Z%VMUq`5qk^jF}3{HuYHa7+ldD6Z-8EinMwSLYffvM z#^yjQ9T;o?s*#sCz<-&R=yKfc%!H7ACcK$U3*Qf=v9(W}mTfEI9&IQKBH9ed3-U5PC0E?;bEKSy*qxuW(-ae(Gdm>*RT>R=7ZeS&6Y?e=cO-+HlYZv`uZSBr;nv2rKh5gW4L|1e(uBis3UKGRlM`*{|Xcr>*(C9+Q5?& zOLWo33Edll03_#kOoQ+0G3`_%D^%5?c-W-7aJ!B($OHfY&maAB>}fcrJCts{J#O?bv$N{~v(Eb%^18mhzO-wP(BR*JV zTtoNQp8lV&6v=+24JQ8p;vd4#8xM=Wv;P2%uKX?HNRwoh?wDwUM^ta2%D+2_TRL zc=W7mWy(*V4=<6~M;&i+x88oJe$F58QBT>6_J`5!ue=5EV?@1q;}7LQs338kIaVQu z*ZS->^41$gi@~+BrjFybTNuyW-1_-Upv=3}h z0kqLzx%?~mbHV=r8)LhZPVi@duf&s$uMM5CbBuB@z5PXcajM_Kc{5aH@yL$j!#*z1 z(A@Z{-tI9JrDd|bzguJGW2cnAKk4~aoXxA=8or_$S~G2}SX;OPl>S!FIOV zl0%@~6-%W|NT|j=uY=z>=eJto&EroIkEtqd`tD_fg->A@vpkbi{k^|sqJ~&Jdp2VS zYDc2XyU%0jJ#p@M_45`ItL%Dr<Uk85+pdcy7lLz>*RQ5& zO9MB(hNRy@gZ}`*NB;n3a|7GWtZGG!hb*@6;p45FsCAuLx*VP$!-?#U|wp%%^Y_$cNCfg_aAY=+x8;C47W78e__pN@XALjfA z`_9I7-|f@jE88YIe}}bM?jkJnKiT}i6kz$BxY^I)igCilJ;=3W^k0dUKke<|Sc}_f z`UU7o6Ay6K@opf4mD`>NKi==2xTdhwukn5coVC1+>#y71);UsLGs71jET!Z(4jH6u z95-G%jL55$==Ab8mv6ea?qD$o~NA=fABbPM7ljBlZvZnG*ie-w_0at;8d8VD1Eg z^#1Rs6gqUDKva2lVjtRb;z^li6I=0&k1OwE*ViYLQ|xJWE7^IB{{V)S_>N=}yw>c& zw`8H`jC0REzgis{Pjpg)T}h<Dt_7D8CAT*y|Gc;3tk(Jr<$dQ zqP9YmZpbx%+PmU+h;7Zjth!vt-+Vrvr$3pk;TXYaXY69-sga_5aq-87H6_-3DX9%6 z^q!f|&l!vPPZ^{h{wKZK7o&(_DmI zqXFA5mi=pzcseUsY3OLHRPKFq@aO&x{{H}ik66bQuZaE={6E)9fEq)l&kH}l$tFKa z6*sE|xZ0GfLAF{4REdBj^XU zc0(69Qf}72QF?cve3f#j0EC8hqCRH;N73WFUe=9H`3n&$zCfE@e)= zUQ1b;%8RCxZ28q-hUPh>pHPMq8s$;L6Cv~)K^gksSETh@lXjX(6xi{c8qJ!dOJ`$s zd>ibrNh1&8jxxve=}jkLHj_0iJPG34q%*#WEHEpSlHzf-5RB(1w?p|=MlyX2-AZez zrK5Z@T}((Xd{tv;$qA5e+`)hu#{+}gk@|B_ms=9*q(^<=pAG4j!b|@E9m0(J@f0?# zD-b$;(}9!Nkyq^F&1pLz_OiB-xrM4(X%HM~I-HjP9A;a8ERpH}C-py_WhljL%^^8I ziCCxQzS8?n&~Q#T%}tFiCJ5<8fC7`+m4e}eMSw79unv)8P@Y?{C35?h7&$x+dE*@M zKn%ggaY$e>o@fDFN4%K93!VcWaX<(~04CFn=7HQWdr%q%4FCai$Mc{rCeuhR8%}8j z#lh}q00F&d)HDpgtuW9~(qkLV8jC_$XPFor2EoY9G|6cl--7-+-uOXL8{y}LH6JgP zI**6ol>RwhYkGB*H;QL8=*mqsCXZtHd;b6h7STK${{Znh{f>STYXGho-S|cz-ozEg zD4gij`!@7rRO&}*edn+E6aEV|@SDP^5W4>Wf_nTk-y7sTg}jgx_y)ytOAkf6tD{It zv^z7}yd(br2L=AicCkj9{{ZYAVG{%MeS=mi0QTIZ)I22?w>4Obt6Lt2r+>l2fACM~ zEfuvN*#lWge~D7=1|Oc$SgZ=}jefT^yiaiPc7v_!Hd4o`>)L&^L=|Td83^|!*n^Lt zuMRL*x(n%J&b5z+o&;H<@b$K%HP4u=(#@xMb9h$ICvqxAgy%VCInPSh-rVJPxwB*Y zJ7^N=(aCV$Aistp8YuN`buHn~pjg6;52^hqSc$C_gz)i`ypv}q;$H{+X7Fv@*16!X zhh7c0-!Ac~rNNr*$0UP2$mNOdI3D!WsMPq|{R91?4Y;Im-YbLR2gM%+YC1>7jdMz# z&VA8ct&QYT%&K_XloG0*4;z0GipHflQ>dLJ&1lM1qiT;+^NZvE0K>lqd@1pC-W=1s zDSs`bQ-H)x7w?JZYPv4synB5s>Ts2Pr4=dfEhnFj2QxCfo1f^um`mLzgE z@3EtQW2otRV%=+>4EIZR96=4%sD$hbwMl_NagMn-9+j@^V;iW?;`|O9#M(9foIuoW z;Z4oDD@bJ$EMbOt+DIH@jHxOpUy z38R&VG6^l^h=AxoJgLXt9;4cohjb^AA?Szlqm_p;4=9cskF6F9fQ*xYMS|m|xAJ9V zSrx*b8G0YihZ_Qw(7>d&06&E*4*Ck#@~Veqz&$;GDtw~mLw27^Ru~l+9Q{TrTCnaW zDFC=Mz%lDUg#*-30?;ACMhZ{?$sFKjmc^=clCuvKk~lv|M&V ziCfhEbX-xwh3lBx+Ki*dd3`7gqoS zyCtMD0NM0K1B?nzao)iSEo*a+@!jvjKLYA@>*5a*#U`mRXj%1(iM1=dV}yzv?N;hY z*^Ca9se4+RA}8#k-*OKR>wf|?-ImuL71ecpTH;kPj}XqWNg+QmDQ+26RA(pT81=1d zQm*ZGk|u=dt&#Hw?Pu`H^5f#v9y+nn5hu7)XaNL z%<*uXs$DJ4R_FF~@Rg(kRq>)+PWQIHc(H{GJdzL&4&?G<#(5a+?@q2Vq}xzhE}*C= zEo5=}CxCnvrCn+k`oF`pz1bOEJzD50mf=Y#yRsByK7gy@wL6A zdM}0ajSonYTR^urR*MLiV{~27ERHvN4Wyr?Zlt3Nw#es=*K(DQ!4HWZHnNic09U)! zZY|;>+TLkx#jsT6h!b3vWEuY8$@Z$LkD*2!v1rns9(8JSIG79j7x2=8iXC)Bryr&n(KFmA5)p94t`>Z9{d~*<$nr)+EKAejZ4^$+x9-x?iHi4)8#9_ zaJaY(HmKv3UEp$ip53Yc0BONQZjDRX6UqA-_<@`V7tMiRYrAk`7|-zeoM*lVPSp=I zi_@t7uT?9R*Y-K_GzL$zJ2Fa*w(Y@1+IRRQ2F=@M`9>${FwBNGsw{JQv&X;Xz3~H)wFGETp&o~^&m^tGiPd&M+jy^AEb2mbA z+1RMRvKFsB^p_V}ys}v!`K|@7*q8qJ4gl-@(?qii?2C;FC3aMo_C>zbr7`$k(WZ$; z=8|bJ%%iFO-P|~evqDP5$2i)c$)24`txLzo{_`o*m9!-P0ESV&xQI<1xw$bY6Hfp*Q=diidU|b7 z!k6}p6Cbjc<3Hh*Ea8RAB$o}>?Fjo-8@SrL@;UAk@TvO#w;H80H(C9byh4c~i%gQx z5s>o2c=tO@n@8e53ft?^^&hgFH#x0m_I&Y1lXK(?d0H`oZkaHEA7$J};zes5T`8>y zX`>PTAIi5z-CjmiY&5KZDC3|iSRc$*inMGZJI{w2vJbRc!7D-6&yfIM%o0B{OWVfw zVX8By@P@S!BwPH1{IW3tTmA+2e_FnHf_FtL-75OT19fi558Whi-r)DDO)`^Au3~<} z>55~z6u~;u z?OcvWC3Ng%T7J&jwxH>%_@m|_Up@XyQFFEhsqfSiys z&Q3=q&m%t7uhwHF?THcs%5u z-MKZFwvFzhjd^6=tnrVDKMVd5cqa2un)+`LYFd?&VhJuMMUFDSjy4rM?aAO*T{+jN z^s+}aXwypjo;j^r=+|P_EkeQ88@oljjbWX!_G0^dvIg88+~AfT_2^QAZ&MjXSn7Tk zcoX4+U0gyuAvUFYgtD94{{XYw>|^(QxKlfDGqjV`jQ6bZzTWocvh*{-4!k>ec#j>Z zX1BppFE|6H3C=4|Y}9NkN3h*n!5T%>FS61Q$L8E)83*cf?anGAQc2trN!+OqfpmRB z)nU}Ffo9R+J0RoHT?+^2Ej#F3so%AHzFjpecKf5NGQS2OQ?Gif%zYvtJ6yrw|N zZUJRX4CDX?4Gr?Zo>Y~Qb5Zbpg!lHd$P_d(d69)cM(#axkHZz5DtoP

t>`r{L=i zMpZhRMI%HvMgEQtm(TE?p!?LUMYbu~?o`x%ALue$p}eq$d0XzZ%e_a?9-S*iS@T$z z7$tiVS$HniT)}fOIZ~s`8%8twRL-k|DWuhkx8DxDF9}^f>rY9;9z^4K&#%p&N@}y5 zLzXtMx84@fe$yLEV-tCQEGT0IQ`}Wka^w_Y7?tik6KyQ}t}af-0}&tq41Icj6z)}# zTKB;E9nHjYT-z&^!6C-*#{_5Q&JVb$i*`BTO-oWs&kAThTq!1;j#Q1i#z4nIgT{Xf z8)a0Aj7V>^+cTAT`5cf31p57IOo})99gXS;Z!IB}Rl@-BgMvH#YPqbmG;)hpv74>< zV@uW{7PpqmDi69P85N?OlDTq(YAdsv)&3FqYfyl}d2W&-50PC11tXk|*(30(jcSQ# zWg1FRxz8uUe++rvaI=ky54$8`x_U7ihv!=RcWVQq7^5ct0O5Xzt+1ABWcfeUlFWAg zWVil3_*F`zq11lDEm);D!3`~g+}z#(DOz+w3E-k-%)^{HCIcx2U#i=Tkr9n^PC zdPLxY3racsvB>;stX$);zO56R*S-dLcTJhRt4nqb@~J7b55Yhu{`#%{w>w>tIx&vs dY4`!B++t$zox_fCf&Tz}Q~KnLy^>oW|Jj?Tn7sf1 literal 0 HcmV?d00001 diff --git a/docs/cosmos-hub/validators/kms/ledger_2.jpg b/docs/cosmos-hub/validators/kms/ledger_2.jpg new file mode 100644 index 0000000000000000000000000000000000000000..9c6fa6b1a6528c898d17372c168f31bb21c3abcb GIT binary patch literal 24150 zcmbTdbzEFO7d|)?_X0(Vw#ACO%M>VX#T{DQ-L*Kyo#Msa8Qk67-Cc%agYUHO_m%zQ zx1Ze&i;d+sd;51^Ol=%( z-iaETIoj9*0IbX`JiN@Tyeu5=SeSWP*?C!c{-gx}Nc~d&t?4T{zx4lLwU7`0)jEXw zAAAp`|F2SjV`gPziH7|*gI8ap;r@f2V_^Q46dcSeSU@Zc00sIUX!*PfkA3x@{1akf z{}Y}O3-=#f5DWhwnaWti|LPEn{11j^7K`#9nZ{VpzwgqA=HC??^cSN80I-y?(SP-U zW9H^yjg9#q9Q$AV>)%{hn3;dU{F6Ua(_gRtUFtAAzhM830g1V<{;NYS?Ehf+e=s2c zkc;p?;qU&w>pfH-HmKTvOW`k502cHC<^NDC|Hrygf+l+VC!1ubHw3)AywpGe>z|N6 z4yyRSqo4p6>fxcq@uw>OG$&>#$3L|GO1*;tp#2*|<6c80|AcEo{ipv4|MCz1n+68< zUumH-{|`=#g;hpIN{E?RN%q}eEG@&#A};%<3H*;khT=b&!oB*_t6=_?(krKqv9Cn`gu_8qga$(YH~&!<=C4)=f5V{=_8v;~9~n4U0LkC9sL+JOf06^3 zp#D#Sf7&A8PksE&;7>RH1IYfl|GVo!AODf~x3c*E1n~a7|F@R@2m)S~0RezlFn`>i z>#IKw4))I#9u5u`4gnqk;jc$TMnXVDMnphBLPbJG`QxAn4HX6L&%?ixy@H2@g-1a| zK>Qp1|LOA50l-26B*O5(!e9YjVZp#+!MyaqWJ8I-|5fcT<3H*`dnOz_0wPoeROr_X z1{M~oEId?GXpGmNUJHi>kNuuS2mwdo8{!AMH>|!fSxDrrgHN=PIU{=WmNQV&}Gw$r@tcnV0Vv4T&)bj5Vv$0G&bo9d7o^vm zzPX&4Cop1kb}~k%)!ar{8>_QMKW)>Ks`M&(Y%RyQsbw~r{Nrai=0@OHd|g%A;)g@D z3s^c9rR6;P+UXfTQ^#d3g*_`+fj(LyWBa()u*6v5@p`k4?Tn!6cc^OsGk8;U2jBClN1h!Wrj{e^$El%wlw25WN&cCP zAz#j2KG5}X($YYiUs(7AQ`ckeP){h{$+@-x_JpP3n!>3()U1y;%FviGNnkiS#9<*$ zbwNOuyM+||L0|-9=eH`yUY>H8N8B*BJVZ?9gtBIWI^xq^dI+xe6C-CFuK;Ebc{kR( ziCQfOR+qSaG_Q_ww=TA@J>%LV4}s_xz$qrSxr>QXqoJR;-S1v9vhQX3IRpzqXJ=Y9 zm9x70!)91JeJ)a~G|jAWCOlh7yyVR*>teCi&-jOTDus<$d<)x7KsXy@GDDYkVx*#xAtpwx%uT1ALys=nQ-aUu?r zWt~f`Je;%7r^sOWT`;tOh#Q~1WA>K&#KKitHC%>Xu$NJtR3z|ip{*HmJ+-r(;<3i% zjD>j~G9s%jW(CzR+4`*X0zEmuJxnaupPwsfSiT9NAKp(>y8TRAlvpbh>uax)>O+k?F7&_U3r#{w>#hN@N-9xQqLdIIKlX%(+l_ z?#|f&DV@a^YBE=}V8m#%v}yNv;}jab(P%b2p0SlU$i$}yj~GklXco+A{;jwVMpu4r zzgDVU4p&q;=<8XnyG7H=?Wb@e7s?$tuc`djl-?oz@?8gEe#4)dat-vF~P666y>aktjN6G!i7 zPHG>%Om;YQ!tWew`zu!A-i9(c5g8Dzio$*R3KzaJSDRffQ$eLt18QgfVbW~6#lOei zNq(%xWkt_=lJOpVmQdhTZCcP^NGWypZktT1kcJbHtK?DLPuytAG2GC=bIKk_yQt(P zyiZoNzGi+aD=@ti>k60~q$s5>B3v#mBoeIc&SK5|WX~cIpJ|Ism>KUxVkdW!HN+CV zEtrs<(EV*0|Jm&Yu-#QW+^Bu>@Zq6bO^LW4wNgL~-9vVDHCZWPHdJ;ata{B=v02XR zn2SL!K>&4b4cj9~eJ4ifbPTy%Gp=p~`iwu_u_Om*Xw>OHt9Stvx7;V}dSMjG3lBkP z=Y`d;LwalHMvyIEj|g~c&(jx6SrRpB^=8n3Gm>+{8WJR6qeHmf-*!+HrQyh_d)6AELZ(3*IzRa_ zX%i0rm7p)};M1oY*#l3WGt<@pNrO!_U*~QV-;Cp4^g1cCSYXg>=OrToa8bak2#0g7 z*R|G)lP85QiJatOE;%mFP|0+za>!XsLn~ht?gwWKY(;$HhC#GcsIc`wxS5@pN_xD0 z!eUykM$kuG;SvPIqA@y@BsTK{<@!3fv;M|c)s(pbJ~Tj=HzpJpz7iv5ghA)@TEsBX zqiZ#99b~JLzC>h2i&%?4*2aa(E+C|%tQ4d>6_o(&Ko|~^QcnnUrb~?Df=Ib>h_Nq# zj|I*Mff?y}i=PPs(YpCmxb&+P<8zgMM3jiU%31z!wzMc{41hh<>bEB}9j=?qX=u=3 zeLCr6W-+S@^SpF-W{ zr|f&#+^5M2)tG4o&0T~1^2cJFjBD=+vG!m=BFJ*D14DbjBT>~NC3pRG0n!&z8JTC8$8In-wAx9xm}T- zEz|Hg7pR(g6mGy>_I6ay6L=ByQ~oA6;F^Hh_H$ii!(*==yGII*=*f_{bn}m!L5mM$ zH_=i1a@$R0H^@FsKIfUwAb@w4{DwTz;heW?B6Y_gyOyK-EKksdX zm6Zh{{5UKer@(<4FHOI6GOWhbX)bnMMw%0yAAp!RGzp%%sM?wNQD}?6$xU}$W=j3N z9(oPS}tpQP6% z${S6PSP1IAVS&U`U*;u_X*i5M2}wM%DPGj7x8_RUya1}1df-L4;=V=OfzCPs?qFI{ z)`X#(vTI7RYOcteD7G(CpNNUIGoPtSj^l%>@TlY$ZhOS;DRk_I2d&y1OEGpSJQqm7 zuEgOFsx~-sJr6eTZ(jgaQBmdA-s1*aRt&!+)t8fra}utfQOw7J@|`QJX;9Z%b-In%NDR@p4W% zP}=*t4wgU1U-@M60th&k(q&Z|ii^2ZxIXeqCJtA4fQS6*->r|hItdS;Lru%#1DVJ04j&y9~Qis}FO3Ht<+f>cr!SD0ehZx8l<&0J{6I?sP#r!r2uF8iEK;lrcPeF=?zY1``?t|N8-oA(p+cTrmw%*2VjdWbIoveM_; z-3dL_OB|J_h*I+UAf*eT5GVa2+*re}+j}t80yRr{Tg19u_tj@muH9s=?#Nu)u6ujd zLWm~@Brkxag45*#GF6@7;Rg4YT*Gq(=^pOby9)1lE z&@#FHyMe3gGUXKN#axxt8w0R;o7JO8A)xrx4z=!6;l9C_P%6+zgJ56((o%y<6QA=I7i zU4p$pm9nr1_Lxk}6C?2Hx~F@7_I@KPlVFQ}?R`)0$>bIA#NY)0hXILsusDVmHO7_n zDp$ANVBHI#w`rzLCs+Mpm;lys{CUXVeuIS8Sh<+WSHI5|j?oPKR7%L!na5N44ZU{q-Vy99tZ=n5fv z@@b^mTI`n3`bqR2Nc$Y;i_;s3Arrk@n10^4EviS1j;JobSm373BcjbSZDw_p z%Wc(?K-7NS?=1^lykpn-vh=lY6leE_m%1lKgLG*uu}4OoR$Drn8zGMV#2z7+L|-JuV1eZu?-@j1U+ZwNu}|nX#MmK1TSk&$BMQxBw2nh8zr5hD@t3* z$`-Hn#HvZ^5=3bXVi+=Mgir1q?AXriYiU_4;Q!SUe%M^2d#PqdLEl0qv(2#uDw_Iy zAO7o{A=2G_`t^3PL^r81=KSNwN<4aw;bx=gUYailUjnJK2tI@XLN>=Ffm}*!>EElJ z+ekjpBJH;yU;jehbPF{Y+s_c7iID2aG|f=u`|)js`G7`pk+4YnhYjQGFfKLRSDGD{ z-fxXY!wgb;S}qtGJUh6j&!PaaTYURQo<4%O`n#(qI+{V2tnyoI^2ctoe)PfYjPC=v zT$XS$>f7NN{_~FyO8fId>V87}K5owUaYOrL&&7qq$-au}*7-w8{4D$Y7*9SZRyVH# zN?iQl%IXVAK`fI;!80Wk_Ek$F#7r_cW9~EZUcrru_e+PixU8=4XhtpYQfAU+N_?Gg zUVjO{26*$&BIP-nC{A#yQA3j8W*J_mG>RxU#F^>@+mgeDE^+Qo{9tk%XlyVxHYOmC zMwBuZRcr7B%g@R((=W>q1euKS?6*=EVXIMud-g`U-xgTBiDg{WsGXwlaJUS|)I^V0 ziJFv$P^dj(`_12kI71FE9zMmp@*=`Y)x~IX&g`kd*IkW>z-u%PQeX&?=U@t{-0oJT zYlxcG1NA)xHrp{>`Gi5>ihx=^9WL1_-)}Wl)xHLyZxp^47c;}VTvfBoR4Zd-M|XT4 zpY$Q5@7l21QAm7;S;hz7_x5zMj(rF--`r7T#ucVddB;Nu)L|i#F~g2ewBz9o;{WBt zsVUxtiGGkpURQ<9OvctevMzO9JXfn_l8z*XIaB+L4T@svHxC7Df9-YqT}HJU*^JBB z!h@vK$I)@@KUX6IYTKn@hfDCKi#mIlKEi2AEIs%Ds;dU~d?})NuP;BI0W6T(=;NZH zUWiaF9Ej!a+x8v5g_O%qwor~p+8CBMe(9$US5DNdpH6zmJT8D#;9|?zo#U2cCWrYB zj(CReGQuK@?od$LbH{EX9BuYT3CpAw+)mFc|KRa*cjNDjK1ThvIF9P{u7ijIA&Bf# zUnOs-WIkjj|jj61OGUnypV)0-puMuVlC z%X9GyqIu!a-b5zz!Ig&@aeI<)Gx%OvjAmG|=Xn%m1FjSGvWk0r)Aw96H~KXRjj^Ie z8v$<1*j$X`VmMwM?)dEs};cuJ6wn10Uc_&^XM2XS&^@n z9m5<3e&yTtUP5Reu1-nrz)a-eKVDEF2a;0zq|h`C7mkFXl?FEdJ~VSxMYy|7>xFVL{Q{WP z64vf>m?R(!N~Vt_5ceG)!VoYYky1RwK-d#5;5TXI``&57DuFSUM!N6|xlBJr1D7aT zjQ6U*!}n_c5hv<~f9?ffe!c|z8RBCdMVd?>w5`@^I_#A=#EMppu^iGxCC9~m#i4xI zlz@FWQzWRa{p`ov$bR5i2sX7*~+;0FSLEWy35x|(OwwUU@n zgzi{#?8jyV>3)wc8MTG*HCOg@d5~Hvw3Xa3^rx@k%{Li z4ILGJwp#?uBy*(eZ59M%11~YLhJO1VkV*@NU6?-xL)Y8#gKTvK3$ zZ|yohW9n98_Ua1&sjupxQ`0$L9y4AfE;)oeVNEtDg?n0Y=|24{ejD4n7j8RA9 z)+fZUCQh_6W$ciUx=zEu=`JCr&FEWX&ufeEo@u$@qEM3;XS2kC(DywIgmS;1cB}(zDO#KgN&Gdn8P2N-f&_b(HxUlD_XG)11--Z zc?&w20tka6JvppwI38bd)JezFrzUso!j9$!FnGHVc}9Z%-9o0Pxfo#&MV- zo@`*oB@d5UbhMIeNlk_PM=OSqh`IDM>PLEeL@=c zJY{SDv>}%3fn(*$c-`SkL{&-MO_vLsXOv5dDd^MzWfYeS{9)>=kdyx{T z(T7#VhdH%>9jp%hO8$H#O+2nF?nzN8T#U45l^i@A^FblilRU>9k!t^$M0op%rw|ZR z9zXdVM^J{)!yp`N?{I$Lx}8V1==cKIU*AK0UC~Te*8YemZ7Q=0Lp|axO^P9y<`aQR zU*NOZ-WY$}tWzhGBL0Xcb*f3xmMpg6?61%4*2m0!WMPt6ad!)0k$!8nNc@ZhZFyZI zfz}*{%4mM*qrZ+J3Qvjc`|BGofPwL21si96Pfn;vi?$97Qv@DK$7aU;qOx6@flWQJ zQ_cei)13>1bz4`5@zXjoaHH&`PtwzNpu6BvrmT}phJoqi{N4q^md%94k!?V^#K`dJUqs? z<+krHKZM=4@!hG%dBQ=p$!7iOvuU0v614hM=#NMuxZjvtY4!pbF1W?3bPJZKrg};T zZWM4~k@0QK_!{tq`Iukc1?(lwV*7OY*wSO@KX>C{E@nQXXxS0ok>T4Dn>-8u1Qsj0 za#%c2-x7(_kL=X?W6LknJ)@}mkHu}J1<-i18rODEH&(_Yd!3z7E3?_vC@E+) zt-p3SBnW2cpawpfU&fc)a4+P~g~h$f$Nb`udD*J~TT1^p9A6*uarNWdG2}76Yl3_{ zlT+a1Yqkx_f&g#$<8@M}H`qFmV1?(AX-c|V`cqf?_H&sr%qM%zE9T1Gg3*;RdwVl7 z4>o(bv!`P_bTb1#t_(L^g*S=D+$e~Orm$e(Gb$gn3w*jDJ59JS(1yGPulM~nYe#s* zabc({xp8Z$+LAtyywp`g1e%2Sy}Hup8Nl5iv#zbUWtz#Ink0*ACvCU1ve9evLG`3= zuws(X(a+#w~0N9Xbi)enF6Bw$NQQG;?AE>>)x;A9e+Tf<0nVf6ilc|()qWVc^ zlD)aPuCbxA{kP^2ESnT+Bo_cci-Anx)Nxz(wfrP}my%@M<|!FyzWxS++T-q=xkY09 zEN!~0gpgZLWLz1e_2ILv$X5d%MBDOW=CH{#d$nM$79a6-us9QhPOkNW>Q?$G0cc@^ z%`jK*g`ElOI=18cR2<%%14{2lr_nWtd)9>Uzx-OOU%3)_h#%bJAgFXTeIowsK9Bf; z?{4w&w>+3_bE=5$msYF?Qa?glqIz-IXE$jqMJ82aoku({WdVyR-cffJ%N%P3Cx|z} z%zkaZHxsOe#Lk2U0g8ZclHnAj?YtW2IQmgA_4;u))k=@HP8Ug7;%sLi9$n7_^N(t! zLV2zp;*G5-k}98_Cu(Bi)=B83oSm>KPsSGoxMX!OyHbEbkFmg-S`TTZG2m=h$@-zL z7;8<&2P-GbP_=M+3ap3){ZHfQa}ARPN^%3A<+eJ1Z2Qq_Oru8-8HNGh-$n7e2(TPV z&9CH$jbb4fb^y{0ukV$|R?4y+1$Ceusn{Iv1pv-1b5!p@_bAm8v*mq!0?JQisK}0! zCMU>76+L5^v6$(hwg7Ybio+110Pt^MzlZ5f6EnqbI1uwjsGlVEcNuf1%+PV+H=BrZ zCXfu$-(CXbX(JJ@DvDnK%Jxo^Py2{BiSMr|>cO)=DO1k2xjXJ&0Qa-lo0i!EWNTJv zUT&B^sAl`;lJ*YsY(Ce;z}d9y7Xa$R=w?{iN+J{D!RDu)6LFal*FsO8_!j`(!&r)I z)3UZ_2KF>rVx+@#>1qG5@a9OCSJG`wmi{rj%_9@o=DW`(-{cEmldZ;ON-huaCf?gJ znAy$WwJR+%Nr307s3hj=H(~1lfd@XF>$=p#c87s6JEv{`__*b|o3^?;GF=NFzze{z z$j7uD(3$s0GilSpu$5c@n%{=TpoJK%Xp# z44dDe*tNg6jTrx)pBFS5nVFrRU3G3pRG&;`h`yWu2GElD?g|04MYB=8gjFDhEZZwN zm_MZ^H7r(sz5co7#O3Ryb~o`sr%nl@ac=fX8ZoF@ZfNLcwysJ0PNdHpe!7+nTkoLy zu#<3Ucgyke$C64&pU7*w<5;>wsMV&r9{yvu_}=)`Z%Zd_F^shRW{KXU?k1tl(td&4 zddM91;P2}S>OC(8!a3T}O&xSKcZ~`X9^kh2?;+N++7|%ZRF1B^eeD|2)Qpi;bmWsy zUuB}ocfH>yS7!5c^1sZU%I4u5{46pwjFFi()31*DvvhS>=g1R+3yS9{W$IDte2>2E zBTm>h_SST4kj4KNw^ZvkfoM9~*?v)NdXgGZywBQYtpRqAV}hn_T(!Q0FduztZy*;8 zK!E*qz0U)r>-nIFH&pw${ZDV>!+^zh9%`y$}4FvAI43(rbE);^>wo`MjMf=8AqrJ+<6igj*l zbt*z(kKG;1xKp`wxZ>3-=77fR!+if0W5X%_JL{FMwL>rZVW9#9!|so3SW|!adXf zT1)bR0xeG`3$v3x7#mZ#LI<>0AXG51v13;>N?LGO{|Ll@jzxbk1{ zK9xC)w!MASs)ywL8r;&t#5m&hs#qeWQ=K7KevqQ+Ncg00E9VW?yxOPJ9NCJgzD$lD z7@nUMFEgNNHXkbB={*=9TZhnMCTwFa;dFbWH3=GiS(ap<>~jyjD^A!&Rw=BXB%LEf zah7?Kh0e2$1Q9%`!Sfx!A9`=DF@u+6YBWn1nwl#k#Z*EU8auz*LDWd`@}xk^h3AIO z4TZwmO{64SY7fRGcCK8wZa+&%5iq&S)=Dp9B$Zj7MkKrt1^dlj zVZU56-iW|IR*sFydk1*7NB^?UsrtpiJfz9>TFW*4uR0GkzPN^i$dTx$dDc-AxZfVw!UZjRPnl*{NEp%>Z;i)6C$yk{dnWTuSkxM zYP3Z?84;WcMbdk9N0&w0+JXnRtCTuL<@2Vj=RuF<6}Oo(rkP;5^pIKp#8XZ03?B z&D=xpO^yk-d!lGnXhF4FhC5zXZ?!zMPrmK5$k#y%fbiK|aH(GehwNtDAMMd;Y1v@* z4I(B0lfn`&ee8RMEFD(R=5qqa?6_NIH{T;s;^Hl*&Rw)OHG1u21oLzIV}or=2xW(? zCF#Uh?VN9yGa||qrNrd>$G<}xq#&LvQ&$tTsvj*%kGQ<4r{@*wgTG8?2Y#rdOxmL( zCwWNv1!us2Q^uOsPZrfXpQnixTEM7gylf+$H#IdrKX7f^*s3{^$APSAYww~U#c9o7 zJ{@O$c#=}Db>N&q@f38GDj%G<)aSpIE_21V9wJ;#reui%#jJ zZ_jF%&73|F*>y5;oqoUkbUVLejR z9)^%X@Q&(r4Sid624O9cpWH9M^q-M(}M37|J^|D*O(6p+Ta<*H0l_1XzMo_czdvu2%1~_LTX4GvVlDu=OQ?Yjl zXSc}1jOcLoVcA{#-jWP^B2Q(s{N535IKupT92?kqF#Mian8Od?#K}haTT%3WGT-|q0PYz-;o_5~A zEyEP=&={@$wz=I>-AkkSqEGo$DxE9H+j(xWBLyckW6W9((rU%~Us}9uMp6&lVlT+J z!ng4W%B*VEW5&j7RCg`zDh{|lJ$-K@b1e}C_Xb9VgOHpomeWxmjLp7^`47!>SBHGx zVgH6i`2$VfTs_=pc3)G`&o;DV*re=G13HTjz1K33BBeA@vG}N@(2`D3UUxIU>+M-L z-!4tc_F(vk0QTvW^$>1?c=&j5CTyX<(bMWJI%WIxc}jR-rH0x8Y9WI1-39-)pBr zO)Sf`Gd_LcL|loUp&C05HCZq%nq=PEx+bXvy=w2scXC49-9N|a1bRU2ja#NmWr%BJ zMUZFcUIs`l>NYuwbtEi_*4`UTni=TXEhTf>+^7??!x#43-MK_kR0C5Bk6nmDEfQ>` z_w9WovpeSH6ezEBGHt!d=d&JIPCys>fy0Do6$*Q+f^(4}<;pJr+UxwXtay@fV?MuV z`Av-!GU!m&>Ci&sw)FylP?7aCYf&3n&=FbOp@ct1uk@TqoW1h1JJnEGW2*VAEISpe z6Sdp^jN+R+Y;}PnF|!#hP&y&IBT@3ZlAajrM8%hMc9nZ6H&PQ@j>e6Qaf%BC@bT4H zvW>v%mX>D6Z;5@Rm~!>ZJR8Y}fw6)vcb}74yCTzeq85Q7^?qCG`WbSzkZo8?OJ`0w zR{~FOjzyqvPO=4schLTGs^qf|3ix!-MT1P}h;zPq4xu5Y>qC^F8eb~xTWSH<@@JFr zs?9|D(>)Kn4`(piQH{-lPj*t()`YllX)$+E4>m{j?(?UC#lv~cbY`0B3VWNC^3=a> z50~>iXH{GM+cijUNZ6Nu12v#C1AjsKi@kK{_DU0^WDDKcgS#}hY6jVKgN}|xp8j$1 z9wYrYCHBU3P?$*lxXD$V$~Cf3SY{VstG!L{!+XTP6SQ0sji%3v!PYXvVV8op@k-6K zgS+q9|2{NAjH(E8%up288P;lGAHL1yUTe8En|QFI`;;4SAIDK=~_Mlh~~+I zg+Y12$_LMl81u|=YzQ@Oc-_r&Pb`Ce3_`MNDHuR!Ew6jo$J*4&GE`k3!9bM%Q@n8~P;s zju>Tiv<#EMJf~Tr!uPG^Q<@efR!lwj{hwQ(ew~(k)429;xt#18QAKT~8_5;HpNC~n zFU?6HrjUzW;^q<1imkUs^3He7Xpk59W(D?wcojU$lpLB8lgvk%GWy52Ou|dluvE+5 zY;(rnrGzTVr&GF7J>i~3`bbwoA~yAWU7k_F?Oi0aQ}g|2b#bl%kX6R_VkVc9Myfyi zVNY}#ZIL_Ab)0s6dyT;*sx4`S9z&#Kql@-+nG8GS=Xryj9x@znXKUR|hSK7mf5*x? z{O-5VmE_aY8OaP;e+4vM54AU4BcAi5$vG_9SVvP|5V60%Zqi!mCLfxVs%}X&WbEx9 zl3(rB#bF<`6`U&L8Ir5rrD`->GNYJ{ZK|$&8aEE2*);n-QzOMv(}KMlpSyLJ$0v2# zs(){3?kQdORNf*_p{7~)12;XXd)dN+r`8md$GpPf_udVg;RVq8UPEIM2EbwTJqcs; zs(@zG_E1jOhYW+1aEIYSnu#W_*KvN8?pCy+B-VzDHV% z^AI48_iHnJPSW=m<`#*Gzt>p2xRh9GV_toTX3b=%hqD{#>@^7LFyemJ=EQ4>FPe5- zmfi|Hxm8`&0L>i7y8e)I05#5vd&kX5mTOSey3{slER7?8nD|a*z`_LgY?tujp3C6`H`TR}6X}3ljGOq_ zWSZ&S!pTu4>?EbvJO*WlPAN{xQ+2PbLG>bZo!-ol?u*pTvY9qi$hVxT@WsWW`?RDA z;-!vSc}_kfk#{fwc4t(~Wr4>j2NmLs!&Na($I_=#EY;@3XJcx0qs<=kY97RpQh0j) zHC*!)g?1<7DHrES@sr#W5ML|PR{be#zS+HeXl;8y+uK-leI43)*{OMjgmTM#2AY~g zW2QaUwtc!izVE-#04%yzGR@RQyzwTwX5C9XQp1VTa*he5Wk%l0>DP_>6G7OxM>#f}+HHQW%q9`F{;MA@0-WLGAsUYBjE2M?yn?pXti+qAn^f5!O z3`d?0lhO}+yfqzTrRdW7{8R6>C3hU}fkqcU^RD&hn zkGVJF#Jn4%66;u6j1^&7Ql+W(=60&L-ft-~GR+)-aSPML)sN$ByG5Kc*|SadjY92B zQiNAcmlh>ppT3HvI7Nuw)_CM3#6iSgDwI!y^!7`gpkvZ7K@FGl9o!)2yr2QgauW49 z;a1uAL4$}aU;8A%;=#jVZ*L9fi20_(CTE@tZh8jZmSQzf>eAynibVyRY>|LV^K4E5 zc(?vkwj3heaWC%sOyNp&!r(+CvW-emFk(}%4C-NCN&3#_rjWR#KtL+Q5ol%@U&Z}n zK1V5KY1(;KIX29$wzM(h*6c<+O8zJ=e}*b&=qk2p*D+_LF*V{`*1UBNRAYH}esg?L z2inRcGK)3$dCmX6tkWVdq_nIBA8m4Jf%@mjb$8RetJe~C} zr-b&_!#YG-6m8-sYXoB9rn1wa(xPXpVoS}U+`VVZ?$)=b8>$=QG#~AiGd`W_;r7nV zm`LdsoN}ylzLK~U&^g@%Kg~vq67g$!j*#;u?MJ@iq1d>Oq`UN{Rx1dKeO808{ibJc z-;{pcGC8iR-C@jxQ=h1{gN;V)co>W5qj{%(;{I9K!EXq#@0;fB^eI&|oz}J{DaPd; zkXdO)wYH7jL~X<5OzrXY{?=(y4{#xLy%RoL>m1=29}oXEdF*HFHAidj=H&ungQ^PS zYE@a{1`P)#!Oo$|rJZLL-x>RL!e>HLAA&Y)*WgXPkY8$5^H&~WsCkBnxAuKs(mYH! z64Wn0aZNny0ynaORrOJsn`0nwNiQ!!RG$wjhe7U2WRw@2xoG-Sg=5O%rxmuOA2p-y zUy|y(X!7d9FUV=W+3`mid+U#)%}sN(_Q=GN<2u^;Vr}NkXB}0v5AkxsE4ops z))(r=9=?QG-#hbenJ>(8adb_RH8m>;KKnKOJZxe_gA|O?t)I0|{w{9)1u(BU<98zq z&v}P2Sn-jLKg3a4vI zgku5tF=_a&4x<6iB;TSUgk@p;|`!e?kHF`=q@acWP!^cjHMh1MvGEf1)#>%?8 zx;ONPSA_OWhwqyZXqGDO+H7iamV@lAlI7|8`FRV(SZm8hUHLAxGz6?D>cSN@&6fo@ zmv5dRn8nA0JItPjjg!_(%Mx`_dOjGazJ+B)(Icwp8^RTPU(p_0((Env*Ti|1i?|46 zsTF>E$m!~O*gwqOmRWh6xQxT6jw&lS1nd$@XD${w*mI4Z@lcXl9K=m~m+pdmmP?LbT(K4X-7)8Z!;Z$9tm5CMdV9 zvT@4h>XZw70-nA)S{|p*5t~RvlN@)_k7L>0^Apv<%%%>(E27AXH9SD=6;W_bQQ^ zE&$Ka8aBjEbe%Awg-_rbf8{JO`gGW^jkXs^yaeJb7G^S&l+&Vdpd22GudpuDxF@dZ zFp2B)P!l~$Obk=2&GB|&G+mSyCulBT<$yMCYv^9}5`MQ2;=zR0+EG(^a+#T$W?Dq9 zkf|aabB8dcm~m!sS54q@eb%Uf5`17uRFAS#4uKp8IhniSob%i$B?(CCmfO^J&+ddA z)8t%OdDl6M=z(vEf6`h}?nX}1{>BKEY-xU@EU7o0x<^%);-Wk`AEMR0)h(CNw}#25 zvdSMjj60OLOf0+irYmUxaJ`|UK9%t*k7q1CPt|kmaW3cwHNHh%nU__0hS9|4<547G z0;QapD0_rQc9~W>`c!OxYR;y+M1UlI+iM8w*=abKjiiCv>8kfU(g}3&$G(X% zOa#ue)>z*p)PZtLfA{vMFg%o4F^mX3_&|*JH-hTH9;y(9f=WF!@tgzR00jw3r21E~ z)5bC;l$pE4JcsoKp9_to*$Tpf7%IHRBu`7N3YrfM^xzE8UP{>uIYY8m|(Xe@73Ibm}`~%ICr{x=XMHLCyThqARLaw-$k(` zZ+*8N{8k=5yyQpPahKqvs3wY}pvI+x^ux{6L02Zq1p-yBd9iamaoIQ}12w4{!NIBA zGjtnd^-9ndvVJkW1w2JAT|5@#)_Q&8ye3<*$i7h4?$VHkMTow#A9oJj<}>Q)nK|27yPIakrkr+lvZJp z>A_p<>PFtzV&Vip!<*8JB!n2UGoUt1!#R;g3ZbTl>0jf%eZ1vQE%NK;Je%j*^VX7M z*?t;Y-uL(fIwBBN&@Xtr5iiI<)|=oFyA9Qwzck3%NlQ?&xuNcBr|3XP!qOyl#H z1^C9I@&OMy&q!Vm3Jac?PsQz{g5&&jUx3)}!d; zRT2HU&8(9GzHL{*?S~<*CTWAf0au zG0e$Ix(m<2)uGQ>4UJ!9Q`Q&I~3qg1Cjh^#yp29Lrz8^8BG)%q*BgWnPu%4XyYeP3z5(`4s^jk+1^*O%65a< zIBecV1~E_KJH1}zg$=qy!=@`?Zi{9CKTYkMgkEBt{e@d15pj6X3zRz{jb79@MDZlj4KMiqEeBdE{mmsnn zU%TK)3GuQU2cuLBAzcsLkQj&eV8LCUF9#~<0sr@DbLRsiNoQcD4WahF-hANJJ z8uIWOAHj%3tc&18pCgvNpw-ZU5p<>X&bzI$e?MX8P%QAv$H@Y)ry0*a|g$c-1-M;3>1xy7POtm z$@;tg!a}GTHEK6WD^lH^tsztwyC-aSh#E1%m#qv|eO@)Y#P@qi_r1yO^$-$;EI5#G z6zSUOXDjQ&@eAhq`aZT9eMTT*Qjc5U={N*)QHgftQEFC|fB9JL(+j{}VoMizz5oEb zmIPxP3s4vyNaPiID$OOXhU)P+0q7`-j%T(j3XavDtBuJ`&9L%5eEP z=xMzxZ0|RjfEnd9peUK7+bqTsx5qJUyNckpGf!V5(|N9tO0W8XPhuo#D>$^vtz?Vu z_b;OaYoeHy@C%4j>26f7{8p;*G1(9EG0RaKto4=T@njZ!?7L|`!#Jvm<|q>9@9p3B zs*7~XObbU3>UdhylvnPn{bhDuwL3a~ZSg^7%d%vCAZkma!?%lp58~vI{6`NgqoGG*mT3(SpZcLCXQ9MUtGh zY6VnRCTBj6*kR8olABS>CL2wz7CkOom?0UM^^xT6>mQ3tNqEl4texSZS1V3g3ZMOH#IK#D~`F^&YW_Zd9Hc zlRf3P&e7@;wn`j(GeaHKUh9b=^2vPnJkH$wDh|>=lw;k?J-x$RN$QIl1}-5!qn|;? z^-xd##)he9T-Tf~GHiD2{u8ik=#1v-=}Eb_>5A|A?sy)Ds`Pe5W(*xhg=;G&?WE5} z@Oph`b0}&Bgc`b6BsklE%!C+1KSlona7EAcy_*>-_Tbdaqg=Spxq)^Xf0uT%iZ@59 zNo2KLy?W>nvhIP7(JWWe#d4-}p9V%lRAN1q@Jty6q=)(Xwa-O#N8_`4i(EGx5Yz`k z2(l+En5m=kFj_+72>&-3>)EsJ?{Sv9T!$lf=UyiUc*BG!^@a8|vILbrAKa$k$2V~| z;jMlWsl7>d>;c$dIpr#ng|xV<4LiMWPc;e*A3W!89FQ}LuH?zmSb;zKF7dyc-zuStBJ3k}k4NE%68AFD+D=CIDnJ?kUszGpIu;lEGyjpQaadHd{W z{vlhhRt*{LL~i!(Hh&G%#@cLksk`xglgm$r)+-I;J1Oc_0bZB=wdnB8!cNJ&-%jx*`)xGi%Ijy!%gG-pb zjS01&#yD)ghZmc4Jc3YBq~_KceTfsmSK+1QBy=yTu@3z3WC>O8jq{Cgfw zfir_f_%GSSIF%PqJm;Srv@PxLzQM_dhevx5=6qgeFTEztKj`>M0QkQGSQ@A0S0rPl zE7;Cx)9@d~FN|Na$Hh$}_JsYPyj%U3;yn^TUIO2`)FA#iC12x41dJY;?OvV>6ruaN zp9?tZ!fEqEbN0jj3D5rk1%&t=`)_zjZ4&h~9~Wursjv7_{!O(K}-Ss#*Q;vn`G|Sc6viNrLLo0ser9%=h{C~!& zJM=SlTJu=3r}$>|r)YIw2*k+X?Us9{h^7x?yB)E}J${v}DJi>3KaGT|L29Iant#D9 zJSP4Y{gSmy)bQjsg8Rg-yw1hgEMo+g>%#%S$I~^AeN9rsQHoa4oVZ#0Ttw${)Agw# z4TOn_Q~t0VkALZ3DtbxStQIS`l4f*-9F{DY1GyMbG5-M8qQ&0hND)egOtw^QWm357 z)E;s8QcyuHtW&tuQG|e$RU9bYk}!XkO*IsS7tp0VmnQ(WP>ttnU~&&9kTcVd=SGHu zX4R~b^=c)ClVO<&WYVg}dv(H7}5GpW1BOGwU2ZPr+6zs&> zGoMp|_sG&8o0S3}Njzt#Pj215pp!JLukBLX$$1PxPSFS$Ey4M^@zDDoeK1QhiH4>X z{@Wahw*;vG9Ccja)Omjx$pOh6lW9!a6@yA}Bx|@wReMyw8R=C$~Oygvd zVF*v%K0aJ-=zhI=@%Ynp?WnoRx`wpT+ozcvp)tc@2p_I<&N&_PN}MmN6r^Nb>v2gT zxDl~n#g4}~9WXld_NO>D^a!%Fny8NB7Z)hZ2mpU{@NvjE^{M2SVw{o~b&+uAI9smH-7MAJ$q(_5!|tFt)pxq zfO5SzoHh?^3?826nod23a@=~1QXTC&?jYrdq3@IHPR5+-gOWAlx_fwHX``DG4ap;}1AuYI;tx+sH6^R+Ve8%-)SJXspAmi?c#iMGUMABV zNn@<(GML>+_1b=AIpiM1j`iJ!#?+%8SE@PZNjJ>2XV$;6cl;a``$YcFa@%-c_Nwqm z)ildyju-I`mY{jL=)KIveT`^iWd+GoU(EeU{gyxAufMUk z?Kh&@&*4vt`cmFbfW4LF$hVmr`=wtT*Pl37qU|{R&iKlmRd_S%UkrHD!(Jt}Tb&zP zx1C!UF-{nMVAVpTWz0c(&UU<)W^u410Z>=Exs~ zU$wilVosmg5+4fd8f~PyRfmRbZzYuTaUY#KsRy%?vHnEXk(?ro({EP)07L7)fIsk2 zxPNDl*^<-XRJ+RS>oK!IHp1PHM{0Navto@mXgQ^zWB+m&0?&jm(Q zd8K>Z+~;)<_$xG1O!@d4RyIHC#=gseoa2b`>D#q=AKCQn@iVze+{>H(3bz!S&Bwug z#Fp8OXn+Cf_fTZ@=lN6mg)45$=9fb`{{Y~t`pQODAA}bF0Ca^dsxb=O;DNJ_-<2hR zq@L^>oRJQ({{RJ9*EKlMC&GJJnNC=x_5*%MKh7!rN{^T&G-ApB00lJhiSoRk0o$sl zGAX@s82(uO4O+rcO2ECUce!1^;H2I&m5I6VEwd{Fy;AX)B$9K$_ZS@pD!!|S=!GcC zPjaGv!A8CyfU4dSw0tHpCCeVz7$jr?#~C@J>eNQmyOs4%+wjhM>9vjJuid`+s~*X!Z>n)R*FBl4m50U~T8+J$dg`=+J*;afIXc zimUs4d~LVbETy(Us8ojB+lLwN?VqlFYF-|L`y=F){vy-=0Kr23H!MaQNUUKF%w@tB zE*q#Ml6`yA_7p#qIcNOEJFnZz<4w$oA`2MGuHB+CL0&i`JpE5Ul~=N(*iI6A$g6ex zaeQu`;LrA(Bqazami!!o2_Tc2J(VuQP;00U+kfLAjbdo@=2f{99oFQMc;h?1?gvhs z(d?+-U~uyr5AC1vPCFZhlv|s*LaY;@+9Lz+4TFpkf!n@wR^v&pgv;1_*SSi6+W!FJ z)z6mlUqU2T%Qn-r`WyqCgZ>z$$xHc4bX$KDA)ofR_`xzLI*qt=B#8t>pH764`ciPD z{>ar7o$knG{j2^m$mst7+i(Uzyo)r!BcaAIo}ZO3XG+$wUe5hUrTwVBElk_aw1JC; zVz7a@@#)h&KAcr3QeR|`V7sxe`%ZjXC13k(1Fsvrp`3bu_4@nLP^6c_hwKy9>`6aq zzl$?DmR)c&?<^Rg) zl8@Re;*#5)QG8(++8S0vYvdilNXe5p+B$9Ee?y#Cd*j>^vDIAJY} zPXhz$HZUAjDamM3T)Q68@HhSn(ffP;&yvR zZPD-l01bcO@z2_C}`P)wMGPXW};UCVS){^K6MWeX?0En`F1^)oint1R300wrndw1LME0#Uq-Twdt z_y@#)@J)Rd;@DYO-rnAC{{UQP)g-q@9^rCd>0VrM*o7{~B(T(*IXi#&C-s+wHPLTl z;f*daDl~9jUEaqSGLgcfFlKZ3b6dw3QliwKV;DOa-X{15@cY8noce90EW`m+p_I z2jyE;#MGC>(g;JAS4p$WzCZr}!9JkW^eev`cw1h#w$TZ_#c&bL=Gzfq9@2^b@( zJVv1l{ySBc9@*)VXb>UEbSovbUaTIbxB(N`)OsZ~nDAXifDr2Y@_S zmg{wUrWd%A9xSy;6i;?!xx9E$+tVE~{sw+w3|{ zqbg1lfVu#hofk_LWWPX~|3k6HraZ8+&b?il8f5?y_l%^zYCZ1UH4n}T<3 z8?lbtvyW_3b_7I5DF9-Dg#Z))awq{QY5_nC%^HX~6lyVY;(=%=l0i=FRz#6cBAl{h zeQBl*9lwG+Yw(*(M2p5>3Qnd09%PZ~vqH!I`6PaotvOOp-d8b_snMRz;E#=8@J>~l zA>*If3tN#C0Vmjead3sbPt2y2l{tJZuf(2u(OX>hzlQ$+9Y5fQc9#l#Mf)-M^3aix z{{Zljt;&PwLj~fw>d8Y5!{jXIqf25U-@dqfX}dQe=6~m8{Bt1 z_g(OBhwilzb>hDlTUsNoL1>_tqiJaVd&otd^O@-TkWt-;wyO( z3Zz3rE+rL@RE3jX%)MLF~)Mh zAK}0pQugh;N!!s4(sp)^zGngBy+`(o@YbLI00`@8J|57t`B_ngo55`lAmkM|IVU6n zbAjKjZR~K;T-vwhXU&R>v$99VU$k$)e}(#Ih_Ad&;+suId+W6`C-xK(O$>(xzEGs( z^v+2*B=KH`7Oh*TExgL97)BSqr_GwZ&xO$4*gu0WNfpKRj@E)vx)FQ=ZXURNWP8*k+tAmZ7T@kS^kngM+WC_B z^1{juJ~xs$8vF#|M&N*C7HngVrkhQzNm7d08WMQfyjdg`mi`}`Q@isvCzEc{IR|bR zbCx5O$i_Oitr4_(ktFwS#M+IVcA7(I(|kLe-OCz$^XjPU3m@VLh)RQz_nNhPY-FUl zug&-zHoc|ZSiDPrsU)&_cvKQ@*rR|mllfLHd7V*`dm}u>fyQ|p6U8eRaYR#*~#1?svAb)+hAFX`sX}2C>`$c;Z!FPA9 zE7|HYrGhCwWY-gdTL*#8+~oEH6*E@Y9;m^+@JEOtNe+SI{YvU)keHz^Ep1>2yKGfy zan~MT2Ctbd(77b`WJlrH(L>$qKN7Wj!6Yh@jXFiPi-Ci>RSf>T?;l#mRih@Y64V;_ zndaKIukcDeS$sBpQjrCjkJ!964fW;19)Ej0%O=ur3ES<@dh{V2OIJ(p(HKd^Q$1G(Li@Us1_u>1y|gN+O_fqnblOMDzYhKl zNoTE}149Jk?bCU4eX!fxAyUI`8db`MB=QNs9M`Q=5}giXj+|Xei5q?;{hxdxrCEKV z6pvEA60-RzXw4J|FmlsKN~yu%k&X^eYT^3DNj}K!RN)0{nb!XR4m=Sik!@$Ed^=r3 zRl2$XE!sqAwyp=>-LvNBCyZl**A?w*w{B}98cAIl{wC2pWul~!X!d#*hi;RJUe>~R zg1e}|F34r%XB%?3^yJq?(@9F~#Xo;dKN6fjv;P3Z?;lyquIh1X5;fLkFJYo=FN4SL zravg}&<<*9W9ibg6GcZ4IY*n7oaEoKM!zi5>KAto%q1XOM=-yc#~CG{SpYdb3Xc78 znwewZosqAxsGw=L?3I5Q7V>C1lgY3*l`WT-B;La%fCJT|TE*roxP4x&)r#|e%DyOt z<$@0l3u#dP<~z4H5`m8E7BVyc08G!;n#?J-wHm|J>QFzjcZe=NZ$HMxH*;MFD z{{Re^;wg5Qu#!7w8-CR!MM&d4AIt0Rzf92c3VjNW9-5T0=F3O+ zOVu>iAKGzVD1H)2ATa_t>E?*XWBgreV~>oUgLI}#7wqkHAcoQ}4O~czBM9cyrVvJ? z`sGu9{02fZR`HNsO!+3AikIKBZ;Mv_BV(sq+dJc!+BMtk(iPqR00CpytuL3j zq!*vEzP8s54WPKZkhje$MYa^{z-Gd^{{VH*qY#@_K#jH9sFe`Q@{uo66*c8s#b z8_UV+%nz6O$he_nVQZoC&67XuzjBkRS{d~Kj6B9g0wIx*8RIOyJMX~mMIT;I$Q?O! z3I70Q3zoYw#iz?YU&5>FiGrrtUi0>Izq++s%Uf1CYbN>K*)khIZPevznjOjcZ ztiTDlghVre=btT)(OV7rR-EzZz!$ zPs{#IQj%hAA`@?Lycn2zaB1BSVmDS(wUmS0QW(?0=~4mydegYi-dz*J`rfgv%i*cK zMK+^zZky(xP$D#K=b%VHKn5@}znyqaO4|~m+YNK!C&YV*qtc-Gi)*Gp-!9EJOdFYw zMt8CKeXu)HRVl|;8;!zmsWy%KI^Srs+TZw_;!dY~<+&{yg(6Qvat2S=Ki0CXij7Sp z6pbm;<=xzWivAdQTT#7|;&q-&hlH$6b1O>}L#9Mbc4zReXw;lliuQ56%sq4AK7ph7 zRy!rqtnSx4uO*rx5x8!om5Eh-w)DX7T@bG)E8J6pakY$33VaFpnXGBX{{Tw5@Q#_M ze8SoYEG2ds1Lk4!@;SfD z2w=qUdD?Qm##6G6rmuAW06p2bMDm}IpoIh+ z+?SaNW3c6FAo~(9Ou}1H}+CAA8enKFPFn}(0fcPlr6bZZOMnd9F1 zJx3mcrYe2BoJFH5>s|oRH1#;sphqC>c-K51o1T@VD$b;=*)9>2D=&fco10NHT167< znkhyrWCOw4Nw?TwQRV^jZOQtddQJ5kN$x{?;JqbDy^h*3g~@*`ZUA-z z9=y|1b{8yr6kzb?n=;7Oc5yG9Hb~64+&+Wxq03!N=NQ<{*8D%=`)O9?>@p)NffMEa zrmmcyD<+y(CDwc&q3YWrk4}ei+H)$CwMKXZ5Pv=@RHU|MlBT5YEdB%V^xq^pJ-mGh zG44Xx9SK|#J+q1(N%sj;i&n9o{{Ra-GTEAYa3zT37*H=GoagTk&a2y0dNLIieMZON zjTvu0ePIK>{oABX`2h6E=B3VWOM<4ZLVg+POLF&D5|=DURan#o9>*KA_|WP}AeAV^ zTw9NZz8Pp*-sZ?k(l_rUm5aCFTR81aRG#-7X+p()L*f4bhwY(A?R1-MoGD3AFkl8b z$UmkijY;<$VIIUce-E_BvNp=GLV$dcK@bbKpOo&;=mjTINt04BZp3y!3Vbex8;`O9 zD&QoUEJiwyn-`63EOr2d_?;{3ul?ea9Ml+^qfz z@brhwmq@qyk0DnXKK`|*wPpJ_H*%AB2Sc{Am_cfxWj`=)n+MnsKpxnn>P__%r5jls zcCql9$z9UU_sSA|^;nY(I)S%t-^Xrhg#+rQuj?~v?72}&H!wBtggRZU z?Q1KeNbEsimks}r{{Y76eQlNXb=?2iBT-vx literal 0 HcmV?d00001 diff --git a/docs/cosmos-hub/validators/security.md b/docs/cosmos-hub/validators/security.md index cb822d45f435..4127b223777d 100644 --- a/docs/cosmos-hub/validators/security.md +++ b/docs/cosmos-hub/validators/security.md @@ -25,6 +25,7 @@ Sentry nodes can be quickly spun up or change their IP addresses. Because the li To setup your sentry node architecture you can follow the instructions below: Validators nodes should edit their config.toml: + ```bash # Comma separated list of nodes to keep persistent connections to # Do not add private peers to this list if you don't want them advertised @@ -35,6 +36,7 @@ pex = false ``` Sentry Nodes should edit their config.toml: + ```bash # Comma separated list of peer IDs to keep private (will not be gossiped to other peers) # Example ID: 3e16af0cead27979e1fc3dac57d03df3c7a77acc@3.87.179.235:26656 @@ -50,5 +52,5 @@ By default, uppercase environment variables with the following prefixes will rep - `TM` (for Tendermint flags) - `BC` (for democli or basecli flags) -For example, the environment variable `GA_CHAIN_ID` will map to the command line flag `--chain-id`. Note that while explicit command-line flags will take precedence over environment variables, environment variables will take precedence over any of your configuration files. For this reason, it's imperative that you lock down your environment such that any critical parameters are defined as flags on the CLI or prevent modification of any environment variables. - +For example, the environment variable `GA_CHAIN_ID` will map to the command line flag `--chain-id`. Note that while explicit command-line flags will take precedence over environment variables, environment variables will take precedence over any of your configuration files. For this reason, it's imperative that you lock down your environment such that any critical parameters are defined as flags on the CLI or prevent modification of any environment variables. + \ No newline at end of file diff --git a/docs/cosmos-hub/validators/validator-setup.md b/docs/cosmos-hub/validators/validator-setup.md index 87df725f4672..aa1bb2ca3b8d 100644 --- a/docs/cosmos-hub/validators/validator-setup.md +++ b/docs/cosmos-hub/validators/validator-setup.md @@ -6,6 +6,8 @@ Information on how to join the mainnet (`genesis.json` file and seeds) is held [ Before setting up your validator node, make sure you've already gone through the [Full Node Setup](../join-mainnet.md) guide. +If you plan to use a KMS (key management system), you should go through these steps first: [Using a KMS](kms/kms.md). + ## What is a Validator? [Validators](./overview.md) are responsible for committing new blocks to the blockchain through voting. A validator's stake is slashed if they become unavailable or sign blocks at the same height. Please read about [Sentry Node Architecture](./validator-faq.md#how-can-validators-protect-themselves-from-denial-of-service-attacks) to protect your node from DDOS attacks and to ensure high-availability.