<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.2.3) -->
<?rfc strict="yes"?>
<?rfc comments="yes"?>
<?rfc docmapping="yes"?>
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ar-acme-pqc-tlsjws-00" category="std" consensus="true" submissionType="IETF" updates="RFC8555" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="Quantum-Ready ACME Profiles">Quantum-Ready Profiles for ACME</title>
    <seriesInfo name="Internet-Draft" value="draft-ar-acme-pqc-tlsjws-00"/>
    <author fullname="Aritra Banerjee">
      <organization>Nokia</organization>
      <address>
        <postal>
          <city>London</city>
          <country>United Kingdom</country>
        </postal>
        <email>aritra.banerjee@nokia.com</email>
      </address>
    </author>
    <author fullname="Tirumaleswar Reddy">
      <organization>Nokia</organization>
      <address>
        <postal>
          <city>Bangalore</city>
          <region>Karnataka</region>
          <country>India</country>
        </postal>
        <email>k.tirumaleswar_reddy@nokia.com</email>
      </address>
    </author>
    <date year="2026" month="June" day="30"/>
    <area>Security</area>
    <workgroup>ACME</workgroup>
    <keyword>PQC</keyword>
    <keyword>ACME</keyword>
    <abstract>
      <?line 69?>

<t>This document updates RFC 8555 (ACME) to specify post-quantum and PQ/T hybrid cryptographic requirements for quantum-ready deployments. The Automatic Certificate Management Environment (ACME) automates certificate issuance, validation, and management over HTTPS using JSON Web Signatures (JWS) to authenticate client request payloads. Current ACME deployments rely on traditional public-key algorithms in both JWS and TLS, which are vulnerable to attacks from Cryptographically Relevant Quantum Computers (CRQCs). These profiles define PQC or PQ/T TLS 1.3 key establishment and specify PQC or PQ/T authentication mechanisms for JWS and TLS where required by the selected quantum-ready profile. Together, these profiles enable ACME clients and servers to achieve quantum-resistant confidentiality and authentication.</t>
    </abstract>
    <note removeInRFC="true">
      <name>About This Document</name>
      <t>
        Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-ar-acme-pqc-tlsjws/"/>.
      </t>
      <t>
        Discussion of this document takes place on the
        acme Working Group mailing list (<eref target="mailto:acme@ietf.org"/>),
        which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/acme/"/>.
        Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/acme/"/>.
      </t>
    </note>
  </front>
  <middle>
    <?line 73?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>The Automatic Certificate Management Environment (ACME <xref target="RFC8555"/>) automates certificate issuance, validation, and management over HTTPS using JSON Web Signatures (JWS) <xref target="RFC7515"/> for authenticating client requests to the Certificate Authority (CA). ACME relies on TLS to provide confidentiality, integrity, and authentication of the ACME server, ensuring secure transport of protocol messages.</t>
      <t>ACME defines multiple domain control validation methods, such as HTTP-01, DNS-01, and TLS-based challenges like tls-alpn-01 <xref target="RFC8737"/>. In all cases, ACME depends on traditional public-key cryptography, both in JWS for client request authentication and in TLS for server authentication and session key establishment.</t>
      <t>The emergence of Cryptographically Relevant Quantum Computers (CRQCs) threatens the security of these mechanisms. Quantum algorithms, such as Shor's algorithm, would render widely deployed public-key algorithms (e.g., RSA, ECDSA, and ECDH) insecure. Consequently, there is a need to transition ACME to post-quantum cryptography (PQC) to ensure long-term security.</t>
      <t>This document makes two distinct contributions. First, it specifies post-quantum and PQ/T hybrid signature algorithms as mandatory-to-implement for authentication in quantum-ready ACME deployments — covering both JWS request authentication (updating RFC 8555 Section 6.2, following the same precedent by which RFC 8555 mandated ES256) and TLS server authentication. Second, it mandates the use of post-quantum or PQ/T hybrid key exchange for the TLS channel underlying ACME, specifically to address the Harvest-Now, Decrypt-Later (HNDL) threat to ACME traffic confidentiality. Unless explicitly stated otherwise, all requirements in this document apply only to deployments operating under these quantum-ready profiles.</t>
    </section>
    <section anchor="conventions-and-definitions">
      <name>Conventions and Definitions</name>
      <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals, as shown here.</t>
      <t>This document also adopts terminology defined in <xref target="RFC9794"/>.</t>
      <t>For the purposes of this document, it is useful to categorize cryptographic algorithms into three distinct classes:</t>
      <ul spacing="normal">
        <li>
          <t>Traditional Algorithm: An asymmetric cryptographic algorithm based on integer factorization, finite field discrete logarithms, or elliptic curve discrete logarithms. In the context of TLS, an example of a traditional key exchange algorithm is Elliptic Curve Diffie-Hellman (ECDH), which is almost exclusively used in its ephemeral mode, referred to as Elliptic Curve Diffie-Hellman Ephemeral (ECDHE).</t>
        </li>
        <li>
          <t>Post-Quantum Algorithm: An asymmetric cryptographic algorithm designed to be secure against attacks from both quantum and classical computers. An example of a post-quantum key exchange algorithm is the Module-Lattice Key Encapsulation Mechanism (ML-KEM). Such algorithms rely on mathematical problems (e.g., lattices) that are believed to be hard for both classical and CRQCs to solve efficiently.</t>
        </li>
        <li>
          <t>Hybrid Algorithm: The distinction is made between key exchange algorithms and signature algorithms:  </t>
          <ul spacing="normal">
            <li>
              <t>PQ/T Hybrid Key Exchange: A key exchange mechanism that combines two component algorithms - one traditional algorithm and one post-quantum algorithm. The resulting shared secret remains secure as long as at least one of the component key exchange algorithms remains unbroken.</t>
            </li>
            <li>
              <t>PQ/T Hybrid Digital Signature: A multi-algorithm digital signature scheme composed of two or more component signature algorithms, where at least one is a post-quantum algorithm and at least one is a traditional algorithm.</t>
            </li>
          </ul>
        </li>
        <li>
          <t>For clarity, this document uses the term PQC-only to refer exclusively to cryptographic mechanisms that contain no traditional component, and distinguishes them from PQ/T hybrid mechanisms that combine post-quantum and traditional algorithms.</t>
        </li>
        <li>
          <t>Quantum-Ready Profile: A deployment profile under which all TLS connections use post-quantum or PQ/T hybrid key exchange, and post-quantum or PQ/T hybrid authentication is supported for both TLS server authentication and JWS request authentication. Traditional-only authentication may continue to be accepted during an explicitly bounded transition period.</t>
        </li>
        <li>
          <t>Strict Quantum-Ready Profile: A Quantum-Ready Profile that additionally rejects traditional-only authentication, requiring post-quantum or PQ/T hybrid signature algorithms for both TLS server authentication and JWS request authentication with no traditional-only fallback.</t>
        </li>
      </ul>
      <t>Selection of a Quantum-Ready Profile or Strict Quantum-Ready Profile is a matter of deployment policy.</t>
    </section>
    <section anchor="quantum-ready-tls-channel-requirements">
      <name>Quantum-Ready TLS Channel Requirements</name>
      <t>In ACME, clients may transmit personally identifiable information (PII) such as email addresses and other account-related metadata when creating or managing an account. The confidentiality of this information relies on the security of the TLS 1.3 <xref target="RFC8446"/> channel, which protects ACME exchanges from passive observation during transmission.</t>
      <t>ACME deployments operating under a quantum-ready profile MUST use TLS 1.3 <xref target="RFC8446"/>, or a later version of TLS, for all ACME message exchanges; earlier versions of TLS MUST NOT be used. Post-quantum and PQ/T hybrid key exchange for TLS is defined only for TLS 1.3, so this requirement is a prerequisite for the key-establishment protections specified below.</t>
      <t>One of the primary threats to TLS in ACME is the Harvest-Now, Decrypt-Later (HNDL) attack. In this scenario, an adversary passively records encrypted TLS traffic, such as ACME account creation or order requests, and stores it for future decryption once Cryptographically Relevant Quantum Computers (CRQCs) become available. CRQCs can break the traditional public-key algorithms (e.g., RSA, ECDH) used in TLS handshakes to establish session keys, exposing sensitive PII contained within ACME messages.</t>
      <t>To protect against HNDL, ACME deployments operating under a quantum-ready profile MUST adopt post-quantum or PQ/T hybrid key exchange mechanisms for all TLS connections, as outlined in Section 4 of <xref target="I-D.ietf-uta-pqc-app"/>. These mechanisms ensure that recorded TLS sessions cannot be retrospectively decrypted.</t>
    </section>
    <section anchor="quantum-ready-authentication">
      <name>Quantum-Ready Authentication</name>
      <t>Post-quantum protection requirements differ between key establishment and authentication mechanisms, but both require action before a Cryptographically Relevant Quantum Computer (CRQC) becomes available.</t>
      <t>Unlike Harvest-Now, Decrypt-Later attacks that target confidentiality retrospectively, the threat to authentication arises only from the moment a CRQC becomes available. However, as discussed in <xref target="I-D.reddy-pquip-pqc-signature-migration"/>, the availability of a CRQC may not be publicly disclosed — similar to a zero-day vulnerability, an adversary could exploit quantum capabilities privately to forge traditional certificates without alerting the wider ecosystem. Furthermore, because ecosystem-wide upgrades across cryptographic libraries, PKI infrastructure, Hardware Security Modules (HSMs), and dependent protocols require years of planning and deployment, preparations must begin well before a CRQC is publicly known. Post-quantum security is achieved only when relying parties enforce policies that reject traditional-only authentication.</t>
      <t>For these reasons, this document mandates support for post-quantum or PQ/T hybrid authentication mechanisms for quantum-ready ACME profiles, while permitting continued acceptance of traditional-only signatures during an explicitly bounded transition period.</t>
      <section anchor="tls-server-authentication">
        <name>TLS Server Authentication</name>
        <t>Migration to post-quantum X.509 certificates is operationally complex due to
the time required to establish new trust anchors, update validation
infrastructure, and deploy new root certificates across clients. As noted in
<xref target="I-D.reddy-pquip-pqc-signature-migration"/>, these transitions require years
of planning and must begin well before a CRQC is publicly known.</t>
        <t>For TLS server authentication, ACME servers operating under a quantum-ready profile:</t>
        <ul spacing="normal">
          <li>
            <t>MUST support TLS server authentication using PQC-only or PQ/T hybrid
certificate signatures, following the authentication guidance of
<xref target="I-D.ietf-uta-pqc-app"/>.</t>
          </li>
          <li>
            <t>MAY continue to accept traditional-only certificate signatures during
an explicitly bounded transition period.</t>
          </li>
        </ul>
      </section>
      <section anchor="jws-request-authentication">
        <name>JWS Request Authentication</name>
        <t>ACME request authentication relies on the integrity of JSON Web Signatures
(JWS) <xref target="RFC7515"/>. While JWS signatures cannot be retroactively forged, an 
adversary with a CRQC could forge them in real time to impersonate ACME clients 
and submit fraudulent certificate requests. As with TLS authentication, the 
risk that a CRQC may be available without public disclosure means that migration 
must be underway before the threat materialises.</t>
        <t>This document updates Section 6.2 of <xref target="RFC8555"/>.</t>
        <t>ACME servers operating under a quantum-ready profile MUST implement ML-DSA-44, ML-DSA-65, and ML-DSA-87 <xref target="RFC9964"/> and the composite ML-DSA algorithm pairing ML-DSA-44 with ECDSA-P256 <xref target="I-D.ietf-jose-pq-composite-sigs"/>.
Such servers SHOULD also implement SLH-DSA-SHAKE-128s, SLH-DSA-SHAKE-192s, and
SLH-DSA-SHAKE-256s <xref target="I-D.ietf-cose-sphincs-plus"/> and the composite ML-DSA
algorithms pairing ML-DSA-65 with Ed25519 and ML-DSA-87 with Ed448
<xref target="I-D.ietf-jose-pq-composite-sigs"/>. ES256 remains mandatory-to-implement
for backward compatibility during the transition period. ACME servers MAY
accept traditional-only JWS signatures during an explicitly bounded
transition period, except when operating under the Strict Quantum-Ready
Profile.</t>
        <t>The JWS "alg" values named in this section are registered in the IANA "JSON
Web Signature and Encryption Algorithms" registry established by <xref target="RFC7518"/>.</t>
        <t>This profile uses SLH‑DSA with SHAKE rather than SHA‑2. ML‑DSA and SLH‑DSA‑SHAKE both rely only on SHAKE, so this choice lets every post‑quantum signature in the profile use a single hash primitive, avoiding a separate SHA‑2 implementation needed only by SLH‑DSA‑SHA2 and reducing the number of distinct primitives. Composite ML‑DSA complements this by combining a post‑quantum signature with a traditional one (e.g., ECDSA or RSA), so a certificate remains secure as long as either component holds. This provides hybrid assurance during migration and lowers deployment risk for ACME clients and existing PKI that are not yet ready to rely on a post‑quantum algorithm alone.</t>
        <t>The security properties of these composite algorithms, including their
strong-unforgeability (SUF-CMA) characteristics, are described in the
Security Considerations of <xref target="I-D.ietf-jose-pq-composite-sigs"/>.</t>
      </section>
      <section anchor="strict-quantum-ready-profile">
        <name>Strict Quantum-Ready Profile</name>
        <t>The Strict Quantum-Ready Profile is intended for deployments that require
quantum-resistant authentication (e.g., high-assurance environments or
regulatory-driven profiles). Under this profile:</t>
        <ul spacing="normal">
          <li>
            <t>TLS server authentication and JWS request authentication MUST use PQC-only
or PQ/T hybrid signature algorithms.</t>
          </li>
          <li>
            <t>Any fallback to traditional-only signature algorithms MUST be rejected.</t>
          </li>
        </ul>
      </section>
    </section>
    <section anchor="additional-quantum-ready-requirements-for-acme">
      <name>Additional Quantum-Ready Requirements for ACME</name>
      <section anchor="dnssec-with-pqc-signatures">
        <name>DNSSEC with PQC Signatures</name>
        <t>When the DNS-01 challenge type is used, ACME servers rely on DNSSEC to authenticate the DNS records associated with the validation. However, the DNSSEC ecosystem does not yet have standardized use of post-quantum signature algorithms, and the IETF is still evaluating the feasibility and operational impact of introducing PQC into DNSSEC. As a result, DNSSEC today remains dependent on traditional algorithms such as RSA and ECDSA, which are vulnerable to future CRQCs.</t>
        <t>Given these limitations, ACME servers SHOULD assess the strength of the DNSSEC validation chain and treat DNSSEC dependencies on traditional-only algorithms as providing reduced or uncertain long-term authentication guarantees in the presence of CRQCs. Once DNSSEC supports PQC, ACME servers and CAs are expected to migrate DNS-01 validation policies accordingly.</t>
      </section>
      <section anchor="urls-with-pqc">
        <name>URLs with PQC</name>
        <t>When operating under a quantum-ready ACME profile, all URLs provided by the
ACME directory (e.g., <tt>newAccount</tt>, <tt>newOrder</tt>, <tt>revokeCert</tt>) MUST be
accessible over HTTPS endpoints that use post-quantum or PQ/T hybrid key
exchange mechanisms, consistent with the TLS channel requirements of
<xref target="quantum-ready-tls-channel-requirements"/>.</t>
        <t>The certificate authentication presented on these endpoints is the TLS
server authentication described in <xref target="tls-server-authentication"/> and is
governed by the authentication policy of the selected quantum-ready
profile. This section imposes no separate or additional authentication
requirement.</t>
      </section>
    </section>
    <section anchor="quantum-safe-acme-jws-signature">
      <name>Quantum Safe ACME JWS signature</name>
      <t>Following is an example for ACME JWS signature:</t>
      <artwork><![CDATA[
POST /acme/authz/1234/2
Host: example.com
Content-Type: application/jose+json

{
  "protected": base64url({
    "alg": "ML-DSA-44",
    "kid": "https://example.com/acme/acct/1",
    "nonce": "JHb54aT_KTXBWQOzGYkt9A",
    "url": "https://example.com/acme/authz/1234/2"
  }),
  "payload": base64url({}),
  "signature": "Q1bURgJoEslbD1c5...3pYdSMLio57mQNN4"
}
]]></artwork>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <t>The security considerations outlined in <xref target="RFC9958"/> must be carefully evaluated and taken into account.</t>
      <t>Post-quantum algorithms selected for standardization are relatively new, and their implementations are still in the early stages of maturity. This makes them more susceptible to implementation bugs compared to the well-established and extensively tested cryptographic algorithms currently in use. Furthermore, certain deployments may need to continue using traditional algorithms to meet regulatory requirements, such as Federal Information Processing Standard (FIPS) 140-3 <xref target="FIPS-140-3"/> or Payment Card Industry (PCI) compliance.
Hybrid key exchange provides a practical and flexible solution, offering protection against "Harvest Now, Decrypt Later" attacks while ensuring resilience to potential catastrophic vulnerabilities in any single algorithm. This approach allows for a gradual transition to PQC, preserving the benefits of traditional cryptosystems without requiring their immediate replacement.</t>
      <t>SLH-DSA signatures are substantially larger than ML-DSA or traditional
signatures. ACME servers that accept SLH-DSA-authenticated JWS requests
will have to account for the increased message size in request-size limits and
resource provisioning, so that the larger signatures do not become a
denial-of-service vector.</t>
      <section anchor="mitm-attacks-with-crqc-in-acme">
        <name>MITM Attacks with CRQC in ACME</name>
        <t>A MITM attack can occur if an adversary possesses a CRQC capable of breaking traditional public-key signature schemes. In such a scenario, the adversary can generate forged certificates and produce valid signatures, thereby impersonating a TLS peer (server or client). Consequently, the authentication guarantees of TLS have to be considered compromised when relying solely on traditional certificate-based authentication once a CRQC is available.</t>
        <t>The normative measures that mitigate this threat are specified in the profile
sections of this document and are not restated here as independent
requirements:</t>
        <ul spacing="normal">
          <li>
            <t>The Quantum-Ready Profile requires support for PQC-only or PQ/T hybrid authentication for both TLS server authentication (<xref target="tls-server-authentication"/>) and JWS request authentication (<xref target="jws-request-authentication"/>), and permits traditional-only authentication only during an explicitly bounded transition period.</t>
          </li>
          <li>
            <t>The Strict Quantum-Ready Profile rejects any authentication that relies solely on traditional signature algorithms, with no fallback (<xref target="strict-quantum-ready-profile"/>).</t>
          </li>
        </ul>
        <t>Independent of the selected profile, organizations operating PKI
infrastructures are expected to define and implement a transition strategy
toward issuing PQC or PQ/T hybrid certificates, phasing out certificates that
rely exclusively on traditional cryptographic algorithms within a defined
migration timeline as part of their quantum-readiness posture.</t>
      </section>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>This document has no IANA actions.</t>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC8737">
          <front>
            <title>Automated Certificate Management Environment (ACME) TLS Application-Layer Protocol Negotiation (ALPN) Challenge Extension</title>
            <author fullname="R.B. Shoemaker" initials="R.B." surname="Shoemaker"/>
            <date month="February" year="2020"/>
            <abstract>
              <t>This document specifies a new challenge for the Automated Certificate Management Environment (ACME) protocol that allows for domain control validation using TLS.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8737"/>
          <seriesInfo name="DOI" value="10.17487/RFC8737"/>
        </reference>
        <reference anchor="RFC8446">
          <front>
            <title>The Transport Layer Security (TLS) Protocol Version 1.3</title>
            <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
            <date month="August" year="2018"/>
            <abstract>
              <t>This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.</t>
              <t>This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8446"/>
          <seriesInfo name="DOI" value="10.17487/RFC8446"/>
        </reference>
        <reference anchor="RFC9794">
          <front>
            <title>Terminology for Post-Quantum Traditional Hybrid Schemes</title>
            <author fullname="F. Driscoll" initials="F." surname="Driscoll"/>
            <author fullname="M. Parsons" initials="M." surname="Parsons"/>
            <author fullname="B. Hale" initials="B." surname="Hale"/>
            <date month="June" year="2025"/>
            <abstract>
              <t>One aspect of the transition to post-quantum algorithms in cryptographic protocols is the development of hybrid schemes that incorporate both post-quantum and traditional asymmetric algorithms. This document defines terminology for such schemes. It is intended to be used as a reference and, hopefully, to ensure consistency and clarity across different protocols, standards, and organisations.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9794"/>
          <seriesInfo name="DOI" value="10.17487/RFC9794"/>
        </reference>
        <reference anchor="RFC8555">
          <front>
            <title>Automatic Certificate Management Environment (ACME)</title>
            <author fullname="R. Barnes" initials="R." surname="Barnes"/>
            <author fullname="J. Hoffman-Andrews" initials="J." surname="Hoffman-Andrews"/>
            <author fullname="D. McCarney" initials="D." surname="McCarney"/>
            <author fullname="J. Kasten" initials="J." surname="Kasten"/>
            <date month="March" year="2019"/>
            <abstract>
              <t>Public Key Infrastructure using X.509 (PKIX) certificates are used for a number of purposes, the most significant of which is the authentication of domain names. Thus, certification authorities (CAs) in the Web PKI are trusted to verify that an applicant for a certificate legitimately represents the domain name(s) in the certificate. As of this writing, this verification is done through a collection of ad hoc mechanisms. This document describes a protocol that a CA and an applicant can use to automate the process of verification and certificate issuance. The protocol also provides facilities for other certificate management functions, such as certificate revocation.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8555"/>
          <seriesInfo name="DOI" value="10.17487/RFC8555"/>
        </reference>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
        <reference anchor="RFC7515">
          <front>
            <title>JSON Web Signature (JWS)</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="N. Sakimura" initials="N." surname="Sakimura"/>
            <date month="May" year="2015"/>
            <abstract>
              <t>JSON Web Signature (JWS) represents content secured with digital signatures or Message Authentication Codes (MACs) using JSON-based data structures. Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and an IANA registry defined by that specification. Related encryption capabilities are described in the separate JSON Web Encryption (JWE) specification.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7515"/>
          <seriesInfo name="DOI" value="10.17487/RFC7515"/>
        </reference>
        <reference anchor="RFC7518">
          <front>
            <title>JSON Web Algorithms (JWA)</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <date month="May" year="2015"/>
            <abstract>
              <t>This specification registers cryptographic algorithms and identifiers to be used with the JSON Web Signature (JWS), JSON Web Encryption (JWE), and JSON Web Key (JWK) specifications. It defines several IANA registries for these identifiers.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7518"/>
          <seriesInfo name="DOI" value="10.17487/RFC7518"/>
        </reference>
        <reference anchor="RFC9964">
          <front>
            <title>ML-DSA for JSON Object Signing and Encryption (JOSE) and CBOR Object Signing and Encryption (COSE)</title>
            <author fullname="M. Prorock" initials="M." surname="Prorock"/>
            <author fullname="O. Steele" initials="O." surname="Steele"/>
            <date month="May" year="2026"/>
            <abstract>
              <t>This document specifies JSON Object Signing and Encryption (JOSE) and CBOR Object Signing and Encryption (COSE) serializations for the Module-Lattice-Based Digital Signature Standard (ML-DSA), a Post-Quantum Cryptography (PQC) digital signature scheme defined in US NIST FIPS 204.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9964"/>
          <seriesInfo name="DOI" value="10.17487/RFC9964"/>
        </reference>
        <reference anchor="I-D.ietf-uta-pqc-app">
          <front>
            <title>Post-Quantum Cryptography Recommendations for TLS-based Applications</title>
            <author fullname="Tirumaleswar Reddy.K" initials="T." surname="Reddy.K">
              <organization>Nokia</organization>
            </author>
            <author fullname="Hannes Tschofenig" initials="H." surname="Tschofenig">
              <organization>University of the Bundeswehr Munich</organization>
            </author>
            <date day="22" month="June" year="2026"/>
            <abstract>
              <t>   Post-quantum cryptography presents new challenges for device
   manufacturers, application developers, and service providers.  This
   document highlights the unique characteristics of applications and
   offers best practices for implementing quantum-ready usage profiles
   in applications that use TLS and supporting protocols such as DNS.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-uta-pqc-app-02"/>
        </reference>
        <reference anchor="I-D.ietf-jose-pq-composite-sigs">
          <front>
            <title>PQ/T Hybrid Composite Signatures for JOSE and COSE</title>
            <author fullname="Lucas Prabel" initials="L." surname="Prabel">
              <organization>Huawei</organization>
            </author>
            <author fullname="Sun Shuzhou" initials="S." surname="Shuzhou">
              <organization>Huawei</organization>
            </author>
            <author fullname="John Gray" initials="J." surname="Gray">
              <organization>Entrust Limited</organization>
            </author>
            <author fullname="Tirumaleswar Reddy.K" initials="T." surname="Reddy.K">
              <organization>Nokia</organization>
            </author>
            <date day="27" month="February" year="2026"/>
            <abstract>
              <t>   This document describes JSON Object Signing and Encryption (JOSE) and
   CBOR Object Signing and Encryption (COSE) serializations for PQ/T
   hybrid composite signatures.  The composite algorithms described
   combine ML-DSA as the post-quantum component and either ECDSA or
   EdDSA as the traditional component.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-jose-pq-composite-sigs-01"/>
        </reference>
        <reference anchor="I-D.ietf-cose-sphincs-plus">
          <front>
            <title>SLH-DSA for JOSE and COSE</title>
            <author fullname="Michael Prorock" initials="M." surname="Prorock">
              <organization>mesur.io</organization>
            </author>
            <author fullname="Orie Steele" initials="O." surname="Steele">
              <organization>Tradeverifyd</organization>
            </author>
            <author fullname="Hannes Tschofenig" initials="H." surname="Tschofenig">
              <organization>University of the Bundeswehr Munich</organization>
            </author>
            <date day="15" month="May" year="2026"/>
            <abstract>
              <t>   This document specifies JSON Object Signing and Encryption (JOSE) and
   CBOR Object Signing and Encryption (COSE) serializations for
   Stateless Hash-Based Digital Signature Standard (SLH-DSA), a Post-
   Quantum Cryptography (PQC) digital signature scheme defined in US
   NIST FIPS 205.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-cose-sphincs-plus-08"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="FIPS-140-3" target="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf">
          <front>
            <title>Security Requirements for Cryptographic Modules</title>
            <author>
              <organization>National Institute of Standards and Technology (NIST)</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="RFC9958">
          <front>
            <title>Post-Quantum Cryptography for Engineers</title>
            <author fullname="A. Banerjee" initials="A." surname="Banerjee"/>
            <author fullname="T. Reddy.K" initials="T." surname="Reddy.K"/>
            <author fullname="D. Schoinianakis" initials="D." surname="Schoinianakis"/>
            <author fullname="T. Hollebeek" initials="T." surname="Hollebeek"/>
            <author fullname="M. Ounsworth" initials="M." surname="Ounsworth"/>
            <date month="June" year="2026"/>
            <abstract>
              <t>The advent of a cryptographically relevant quantum computer (CRQC) would render state-of-the-art, traditional public key algorithms deployed today obsolete, as the mathematical assumptions underpinning their security would no longer hold. To address this, protocols and infrastructure must transition to post-quantum algorithms, which are designed to resist both traditional and quantum attacks. This document explains why engineers need to be aware of and understand post-quantum cryptography (PQC), and it details the impact of CRQCs on existing systems and the challenges involved in transitioning to post-quantum algorithms. Unlike previous cryptographic updates, this shift may require significant protocol redesign due to the unique properties of post-quantum algorithms.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9958"/>
          <seriesInfo name="DOI" value="10.17487/RFC9958"/>
        </reference>
        <reference anchor="I-D.reddy-pquip-pqc-signature-migration">
          <front>
            <title>Guidance for Migration to Composite, Dual, or PQC Authentication</title>
            <author fullname="Tirumaleswar Reddy.K" initials="T." surname="Reddy.K">
              <organization>Nokia</organization>
            </author>
            <author fullname="Dan Wing" initials="D." surname="Wing">
              <organization>Citrix</organization>
            </author>
            <author fullname="Yaroslav Rosomakho" initials="Y." surname="Rosomakho">
              <organization>Zscaler</organization>
            </author>
            <date day="14" month="October" year="2025"/>
            <abstract>
              <t>   This document provides guidance for migration from traditional
   digital signature algorithms to post-quantum cryptographic (PQC)
   signature algorithms.  It compares three models under discussion in
   the IETF for PKI-based protocols: composite certificates, dual
   certificates, and PQC certificates.  The goal is to help operators
   and engineers working on cryptographic libraries, network security,
   and PKI/key management infrastructure select an approach that
   balances interoperability, security, and operational efficiency
   during the transition to post-quantum authentication.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-reddy-pquip-pqc-signature-migration-01"/>
        </reference>
      </references>
    </references>
    <?line 263?>

<section anchor="acknowledgements">
      <name>Acknowledgements</name>
      <t>This draft leverages text from <xref target="RFC8555"/>, <xref target="RFC8737"/> and <xref target="I-D.ietf-uta-pqc-app"/>.</t>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA71c3XLbOJa+51NgnYu1d0W5ndj58V7MaGyn7Y7tOJFTma6t
rW6IhGTEFKkmSLuVlLvmFbZqn3CeZL9zAJAgJTlJb9XOxUSWSODg/H7nBx3H
cVTpKlOHYutdLfOqnsfvlUyX4qospjpTRkyLUoyOLk62IjmZlOpu5Un6sXl8
K0pkpWZFuTwUpkqjKC2SXM6xflrKaRXLMpbJXMWL35K4ysynexP/8ENk6slc
G6OLvFou8OzZyfXrKK/nE1UeRikWPIySIjcqN7U5FFVZqwh0PItkqSToGauk
LnW13Irui/J2Vhb1At9aom/VEl+mh5GIxdW7I/qHfoiiekELY7n3r49eHhwc
RNGdymvsJIRfgSjdwt+WqK2PWFznM/Ej/Uzfz6XO3GN/1aqaDotyRt/LMrnB
9zdVtTCHu7v0GH2l79TQP7ZLX+xOyuLeqF1aYHcriiJTyTz9RWZFjv2WykQL
fSj+syqSgTBFWZVqavBpOXcfqlIn1UAkxXyu8grfgNlzuViAyP+KIllXN0VJ
BwdJQkzrLLOSGIFXpRR/k7kqPynFv4IkmevPsoIMDsVlcaslf5+ArYfivMjT
IrdfFHVekXQ/5LpSqXiDzdJizr8pzxDeYDhxG/w1p+WGIHNrlZhrXdZzCc25
l6V4r9J0+Q30gPQZuFRa2ks146feyDKXlbyVXULP8tS97Om7HVbBrr+UtGtI
ZJQX5Rxb37E2CNaQF89etH/s7z9v/nj14tV++wsUqfnj6d7eq/aXvRftYy8O
9g4OhQj+fBn8+erV8338af8+i49ZaeK6kmw1kO9h95dPhSGDikH7ojCQSmz0
zPQeSughs7jReWLiRQY7inQ+Dc/5+uxqHO/t/xA/s68K7xi8eUE8v9W6VKxs
7BeOyuWiKmalxLqJuCjSml2AfVuWM1UdCm8F+V22qCdmmGtTDWfF3S59oG92
aePdy7Px9ZA+DZmE4SKd2nXY/MVUZsZKWzR67f4Xk7JAR1hXZAZ5G1BeV0oU
UzEmi5JlagT+FdcqucmLrJgtxTZtuBM5hh+8dAwnfrE+gKG1XjDHwU3oVV2q
eK5xVlZJGGscx0JOYIQyqaLo+kYbsr+auCOcc6HFBemE2CansyOqQpiFSvR0
KSCqKv7NelIm7urd7rW4WU5KnYqkw9iyz3f3WlyyA07VIiuW/OtQXN8oMaqr
guSaiCNVVnqqySeLC5nLGS8iTvI7XRY5f3aUSfsOaE6Cd+CUsVWiBuJOZjrl
sw+Y2nm7WnGnSnF6fX01FrUhB/nT+O2l+KgmYuw5Z8T2Tx/HfH4SH96y6yeZ
phXogMpUYiGXWSFTHOOoLkv6hYNLcEA8mi1FkSMIyFQ7iUOLMp3EcPVCZog9
urqZG6FzMSmqG4GNrfDPxwNxD37ewEErcVdncE9ykimmqqpkcgvulsW8q9Yy
y0jzM3UHngsX+sQRbA0qVuJgR+/fHZkd5rxRYuHjZqqmOlcUc6CfVrigQOwN
nwkiFMfF3trcMAuJPq8Y4RsBs3BUMYf+wi2auVWD4GQ4mMKhnKakYrIUeFMY
0J2Qm+5qjCMSNBewUbw5oKdD6lXOnGH2WyFZCzKqvKNTE8sQ0dSdCpY2mgJY
BdebT3VKdENp4Dfoxe5JhtZ85jpNMxVFT2C0VQn3kdCPZEx/RonFly/OBT88
/H8pNG9J7vzhgUUSHhMvdvWb2UZiCU80YndGbNo+GkGN+CTQco09IHKSLd6C
YO7A0j5rB9BywK2SP66ymTwg7cdrWtENBKGokogz5NcVWVJuFoAX9DT2Adwo
MqiaMeCHgaScDZI6GzGvs0ovoBoI+hImBoIguSxgJ17FiVICKDXZmmFWxj/s
DcTx5Zj/dUobT6SBbkKns0zl2Exk+hYEZSaW2SLHo06kCL4PD0MoCew7Ewne
wureNag8NY94hMCVgkfsEUA2mQ7Jq+eAeuwjOrWVAT1sObjuIRBE6HXVsodW
maFXiIbQO+Lxn3EvECNMt4LsnF27kGwFDMttXcOwWaV1hq0sxlC2fzXtT3CJ
RZ2l4ECe4mz3UK7MhxTIZr1r3VbD2XAg3o9HA3FydEz/EBfw8XQHDLOKBSdO
mB2MzatsyR6mJAMUUuQKS5MtkOqxzKw0SdHDsBjKTmzDMXIEYQVWAih5FoNH
84Ybw34YnstbKFV1X4gUrgnQp7L6qic1bQpWvdalAYTWlXO/ZHWPRuYGDIT8
AF/nhDMq5D1xVcR6DgthCvo+ASeFQnW98UqM++c//gd0QtXISpsYtkFHtxlr
0JMN2ABg45+eD58OQEGWFff0OysOQDeMXCWKnAiFCRsRm3ftOSCek/HTg+c7
TXxZq/tD2gq5ATPQvWkVtDas6h1W+qDmOMm28jtp7Uwxn+g92oq+ylUmatLI
bEmkE4sGXkTWZigCpSk8sd3wVII+bHZZ3MPPKNac+Bz0lGL79PL43FsQvWd1
Dfko1up71CESm4wWVb8voPmAwEskWsyRgjT4XhsED3JDHVQGoVYd1QNMZ6Bi
KQ2lWyxUaQXGB3T2uzZAk/d9QmZ0R/RBYVkcx+SK2WqM9S7ESUpyjdi6+DC+
3hrYf8XlW/78/uTdh7P3J8f0eXw6Oj9vPvgnxqdvP5wft5/aN4/eXlycXB7b
l/Gt6H11Mfp5yxr/1tur67O3l6PzrTXMKBlkTRSHqxL6R/yUBJJMAmtU7Gb/
dnQl9vaty6fcCSHVun+kTvgMhONCNXPV/gnmLYnXCtmj9uFhoSukCwPawNwU
97kgz7PiHPAIqVCxoLgMN6JdZmAjHVPE21OCh+gTRa+dji7qEnpN4XnaPSeb
Af6G8iPBpRO7Yoj+rHqQvoNTGRWUSgVeKpMGOyDN+DdxHcS1kX8NWTxOa5bI
/KkKsGl1YSMsex1QAm2bIlshghzyYU2C+WmFGIDtExINXOtM+sCBQ6ss0wtC
YnCzd2rdYxybiTfkXtXvDCUYb8schiTJHdJXshOkOw6gJRkMPPEbHvGGxxqW
quJT0AEnI7Y5zngsTwElm8PP0FrIa5HNQjtqYyWoIVy1uKH4ix3nRQrjLdVU
laWNQPJrm500L/O2JztDkskV+TUfZr9bKNB6RBFLwER5HCZnwFPk38NUhL1/
GItYM8gFUtnHYoQhbdvhcsftbmYzCcwm7eQpwQIl3uDhkxwmZOrMxpcLDyzE
9sV5/ObkAhh1zGCiVWGflAFvg1sE2gmDlQVSiBYtZHYLxjLS+oQJwdy7hhE3
SNQ5EvCp25PSuRkGcf5cZJCSIt+tGVmwQE5tTAlEQY7R2xOHXYrRKe1Z3SuV
b2CLy3LWBHnYouAaIiKY242Z5ZaA7LtLNoDMHhfSmjCAJjTClZrcOqFm4xgc
VB0DaYVlvZ7qQRP/s836EQoJmxOwByMVgVIyU3xPQN00amYYOdG/ICtTEipH
S7tUoSVtE4P8enU+KYtbRblcnzHHekYuuE2XiDucOcSBFbiHWmabhGzNksBu
a8rcgkLMizIkbZ18Bi4F7hyK0eZ6ptl0aeXhtfxnFXvN6YK0uVY3vtXGwR6G
o8CpsQ/87Gs6nomiQscvBEm905S8oswqLzrENKe3MdCq9qxGnmH3nluHESKs
1ZVZB1cB7tpDGz712q4AibOFNB6tODzjSiyIxAzmCmC5xIIXAoXfigjtKR97
ug+roeH1gvJYFTiRjdCVl98Mq4dh2LXS7Ndi5JJFpfPagxuZJGpB26c2webg
16DISUH8ScOkB0hQFynzeczF/M3sXvuD86SpJxS7lOoT2G1Cka4jf+DgK5H5
GJPXpjv/Z+4izcTbXQW3VE5xiAnCH3gy5tqVq2LIDQwAJY9xzto0IhLlAVgm
VNoCglkywO6+Soc6cilIp+L95UkHpFP/Kna5ShwmAw9RdJa7lMXXzkhbWPBz
QESI3Thx2cxjqrna1hTkKa27OjvbabJ27lz4fEfZIMXpCOkcNTpAQMZJCqCH
RBomGR/D0yibapAPpQKXU0v3lg0c/XKdh7UhOW1Bak35oSlsWri+v/8ccN1x
xsM0KiyxYnLy5a3coZwFRXpE9WJC2mR3dDbkmMbllbYWtTmbkuszKcEJETmg
NbQyyJUEULAAlTed0jGC5Qwezox3dlWxlv7/EMg8wJrmPeNeFD4DI8dAaHRo
QeOmusJKNkxraNNkI9Y63PegnzqCVkyB6rl4Vyr+zjCyd0kL1o+7NWcnEabZ
Fz9SgmTFPRj9toUEi1LPZbl0CTSDMCbOFW30tybgFti6VIHcdaJyhNOCswSZ
EgNpG6cM7MsSzmpVzqspW4lwiXtb0mIqnEY7jSf5weBL0ghffLURxSD7gdpp
W5qZ1uzbUksuv0ZFuj9VoZuAWqAXeUft3glV1y1mTXC6Cai6tQjhq32LXnHt
dKdJZuj0UJAU+I7rWkVbawwrkDgpwk5hbI2XYw1sC/7EQwusRg7YCzAo9V4X
Xi2adIRkN1itUX2X3XGW/e3FoF6bYw2U4Ny+qKvMZ+q+5LVPSvvly7quKVWQ
r3u1Ul9L5Dhq1U35epex5gzx5UVFVgwwXRZkKZVVT6c1Kl0TREadeBdFHdtv
La9bREqReoKVnQxlpU20sSU0EJO6snHZrQqj4Gcmakr4WX6PXlu19lptArWO
og851+kfsXifwzJfbSd4Jcz02Dmw5tEU6fqAotRccmE3SDGDnp4Xli1saWtI
FafFveKmB9WatElqY3xl5y/f2Oql8EB7uVW1D5FuUwrsTj+sOZNiYKeMMxiq
5Bo9p/kPPpP4rMoiTvGObz/qzPVuAg+YcEWeoGMBP9UUw+XCPs416lIjTrp8
AtKddT1L0PIybOuwFdgRfesKwVToR2KSFGZpKoUU8nVdEqCgTGtArJQULJvf
Y3pe1AswJSUWJxCd6SUymZ6UEBP1Zq7enBF8KJFalXVCDB2QuqT3lPU38wRu
YADxYXxhdlxeww0dH5+oFdVEOLFErOX4ushglBbKpIFXGlDoW0grN2pVGZIL
MI+4V/AhrRmQ4BCAGoHd5sV93gvQDcahmGpbnUHlkUseDJ5lyQJRBJYSZWGl
Vsa7FELjXwPjbW3RkJeRhj1c1WtluOq6S3LYM35HetTzqWs6EL7mzIgNnntB
NdHKtjFdnpO6FEe6TtbKuUzbH/3uHOjJE3a8Y5tPdB0osDehbZtrxN2jAW5f
eGNd6SD9fXjww6uuOegmeDkMTpl1pn4HxZTIReyG9DxopncCba7uaQKNcpo8
uSlK8MtOewQt0Kiv+62e8vtlAY/RIcoblE0XhmJkyKuwr4q+21cZFTC4Zz5R
33y+10qsrm7M/AZhs/mbYcJhFMUWKnj13pxa2pZ8U2Tpqn0kOu3+Vh/7jbDe
orMaorNajSU2AgiicvRzJ++3FrFqCuvJcGZBQ4LfYxiUSr93qfSKZdAQpQO5
q6bhxgnWZuHdpK6ZJCDLXjPxEK1MPAzFR/YURF1wxB5ikh4vcZhKOdZFbbDj
UoDTNhv4XDijkpYmIhHP2B7BbD13uXPVm02JGNvTGCk8YylrCix5x8aaPICN
i3clHetrL3EiAta4dbWVNspPAmzfxFRrHD7iE5ScK5k779/YpYiclVkruOfV
2MwCzEPDKiVhI2Oh+NqBsqC1a5FuM/Hik+PvtDxrdW3D+uI8Ph6P4v39gf/4
/MD6L/fnyxeuLfbqOXXluHzo68accdrngkLrQto6U7O05T4PDsRXTw+eY8F/
+co0I52Puw7+eK5RyU28lvrx+SnvMT4dvTmJ956+hN33vnv11GaCUfd7kGE6
dKwMTD5y2ChI33qnfX7gTps+PTjYe9XjpPtpf/9l9E08sF35pgS/fugg4voc
8Pc99VNoDeiBA66+qnKj1riaruuGo4s2ObeexT8W66OVfSg95WUZSK1ph68t
6UWupOcmaoiCLbB9i8Iu7FrQOHHatJ6NsxPJQ3EzDQxb+p+VOBtdjsQW+bio
4+PsFEveFAOadpLZcquUQUpmx+y8P3zJJshW29TDKWOBmv3zH/9NFsHCZm0T
peTiHbxETt/ggadDqIV7kKhoXsP/23dcZuenCorcrtUWgoBGqIWXKep5QoR2
xhTvN5C2OafjQ0Ao/APF1Yy6cOaGaz5cN4Ct3BU6ZfGCq4yulae5tTzr5miu
x6NksKZ3hqd8MIihTrwO2hl/rsz61nezM02BBnbmeGPBms2X+dSTpetrWBI3
HtnFmTBLoqaPq7awMyIs8X482mGWyl7w2NREU5pF2Tanboos5UFcqwk0tmca
UG4QIxhnOJNpQwTxBviELC+oUnMk8lcwOpOY6nfbAeJcq+moUuBdctOPfDw3
oKyurHAmaITRfQNnVk3WA8oXyqY2zYxZ6/bCthukltWpk6guIxgJTWbVOcdx
nzFvjz+8jo8uRjtUGKaRabgC0J+QM+YKXDAIgnWiJkmkITLKVV1S1y3vbA4W
hJoe7Qx8eWLvT8Tdor4ziQfLjq/1FggzMW4jEYXlMZf9MfCOVidk+zNcVglv
9OwmblVEtQOuOHcZwQNRU57cfYr0H77Tp2w7NLVknWfrfhhT/+kOTVMv90A7
Et/SGyKEPMrbPo6b8tuQJYZlT96QMeMnHlnmotqoaW31ZLByFcFe6oHQjy/H
45Mja+40Sh0A2OgjBRzyO3YQtZ085Ss+bnQn7aUw3oLcwv0RdrdcU6yG/IpE
cy+GaaDf28wwKEm5F2nNpswCwKdMY8Q38k4J424w6M9Ycd1Y3fpmuIcqdJWK
e6OVRnKnKFjKpgg0VdJ4ZMAtpTYvJtcOK6XdtJvNdmmXHViylDOWlm70YNCy
iCpc3mW2FZ3ekG4gfF/Kf++inxsq3TSt78r2XF+HnvzIxmB9VEbRQ7oicUeO
HjFSA81N0VYlhA8ZuUaHIz8YZYaC6Ny1yAmjuyf8kRKfPq3UdzqzoTYKEPs4
+FGELIF2KL7Q8u0g60pSCk8JD6NMG7BxRj9GzKcXb+lPR5dLng2JqXd6nqEh
YZXUvVrYWwFgpQ1AjUUEZ28qWdRaKYl8nrWBiX14f24aA3NW9bV0Iywx2flJ
XsUFSH9hwfX3YNk0pbb0jvHXXN2PbIPnV/vXW2rt0OdS3RW3igbqf93xPoRh
q4FmU4O4neWHyBaFbrzzN0wjRGtaEnTfLic/ThrdWHg4t9qp6RdTIPtv7Bs/
uCAcAo+eSlgFqOxMn9X49liuEwdaovU+vxNlv3zZXFKzqY420Yz4l7cXSvrk
cBPd28/62yZRe9skROZ6boco86KFldTsaT1+d68oYFXYcBFjOXXFgE5WQnUq
X/ChEm47ItfAqc7zCJd//PFHdPUWKmRvZNL+n3f3nj7b330anUJTDv0SdE0w
OqJRx7yKr/l2KM37Okp3CZX8+ydDfZ8vCJtbrt+j0q1DHsh8vl+X2fYXvsHG
Ocyh2GqS462B/f5W0+PNJdJgZ0ddklS7e/7pnPqW9PxPp5ODfXn9y5vrv//t
47u3n3/8+bZ6NfKPYd/HFw2OTPf4HnYGfAB7L6tLvvutYSAt/G5v8uH97Kfi
xGST473kYDgcPlv8nI4vznVx8GL+7vJyfyt6YEZDghswXg+JJj0AGHT9vnz5
i7u+B431JZYELo7uly59tKOyNXlweatyG7z8+EOvLxcGJK/KfO+jCcEySCoz
6epacEdNvNVlLyeyHtdGX+fEaWKAh8pnFlzPiX08es4G4i4tUPmLx95MbShb
1i729VKuST0zNsd3lWpu7qgsi8M81SYMdH3EDaHhR9W/ZhgcP7HX72hAhQqu
qtce8pErRLzcCHP3Opr6qK3Vbgj6FH0U5yoe13ZcZ9vgf61SnsA9CwZSAMLZ
x2N5f8dTbNP90R3BF0ihG+2FVmgHOXdpc6ojevYsT2tO57evjs52bFqpCXYP
o9M1LekmkaPxCqpo+rnUaYZEjERjiqy2JcSCurjcG2r7vL6bvuWapiJsmgpu
mm41XVPbf2nuaVHaQIlfomx7o7I9VBoupx5DwcIL+4naAgaZL31O3xkVJW+4
WFBhlsf0invXZhfU3Kup2tpWbLAhYwmOO+WdB44TlauprkyvCeQUymLZtvHY
jpp5C5mrVNu0epHJxPt0V5ELK0tsPPWEsybN3ZqMusmudOJKjdQ7a4mI2td7
FS2bJduSlq/+hVi+kxCZ6J5sljF46zKaeRpkvdSp44krOxNkaMpf5/79mP9m
OMroC/HLFDW3CEmXaLgAHHHVG2p5Y1F3trCyVrjusp0tiQA6NYHMKQduKvfc
MVSywOzi7PpCjLwWETaxTZzcpUcj+4TVMx5MKRKYutDT3ghOwSCZ1d0W5qn3
bKfLeZSlb9XBJEt/nNfeDbCmHIz8MJhoO97YfqZIge3I0oycU6c/RsOgnIW4
bKrT2uGrZUAobXvAFoMIlS0UDTM4PNTc+NtZczvtEfjtZrq8MkxUE5WUrbCW
xVyTMnR6w3AJa24rB+dyFyD7lzbJ0tv+Wzh5QYGx+Y8TUKvBsJa4bkOlZzYj
ZSDICQvbTzPc1S37RcaPf/UvsthBE1dOKpW7/2THq8m1NCldCMrcbRWsv75c
4h7tdrA3tPH6LPmGidPtR/HsztfqHXj9kT7ag5tOsD3xr07X2gron5gC/mrN
yY/3km/v7elKTtzSW695G8bm3SxuU7IBKx4tjT3QHZizPMjre/C/SfPC/4pH
2JG6enPWa5GvJqbu/jznIU1/R4Z8o//0QqVmy6gquNNBd7t9jaKnTqEvQTC7
kQwcKDZ1vAyxMOJ6Tzix37ffTaDJzdRJP7MZtcVd6l9mfBzDEyOOZbo7iEH3
Q+z105rvqz2xjYpVdByaKs5C0uMn7byXcbfrSZhcREuoc5+p1F5vb1ag/yCP
yKgYxUiU723xaFXQVRyEN7BZGJt74/8LtKSA/U1IAAA=

-->

</rfc>
