<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.4.9) -->
<?rfc rfcedstyle="yes"?>
<?rfc tocindent="yes"?>
<?rfc strict="yes"?>
<?rfc comments="yes"?>
<?rfc inline="yes"?>
<?rfc text-list-symbols="-o*+"?>
<?rfc docmapping="yes"?>
<?rfc toc_levels="4"?>
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-rats-pkix-key-attestation-06" category="std" consensus="true" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="Evidence Encoding for HSMs">Evidence Encoding for Hardware Security Modules</title>
    <seriesInfo name="Internet-Draft" value="draft-ietf-rats-pkix-key-attestation-06"/>
    <author initials="J.-P." surname="Fiset" fullname="Jean-Pierre Fiset">
      <organization abbrev="Crypto4A">Crypto4A Inc.</organization>
      <address>
        <postal>
          <street>1550A Laperriere Ave</street>
          <city>Ottawa, Ontario</city>
          <code>K1Z 7T2</code>
          <country>Canada</country>
        </postal>
        <email>jp@crypto4a.com</email>
      </address>
    </author>
    <author initials="M." surname="Ounsworth" fullname="Mike Ounsworth">
      <organization abbrev="Cryptic Forest">Cryptic Forest Software</organization>
      <address>
        <postal>
          <city>Sioux Lookout</city>
          <country>Canada</country>
        </postal>
        <email>mike@ounsworth.ca</email>
      </address>
    </author>
    <author initials="H." surname="Tschofenig" fullname="Hannes Tschofenig">
      <organization abbrev="UniBw M.">University of the Bundeswehr Munich</organization>
      <address>
        <postal>
          <city>Neubiberg</city>
          <region>Bavaria</region>
          <code>85579</code>
          <country>Germany</country>
        </postal>
        <email>hannes.tschofenig@gmx.net</email>
      </address>
    </author>
    <author initials="H." surname="Birkholz" fullname="Henk Birkholz">
      <organization>Fraunhofer SIT</organization>
      <address>
        <email>henk.birkholz@ietf.contact</email>
      </address>
    </author>
    <author initials="M." surname="Wiseman" fullname="Monty Wiseman">
      <organization/>
      <address>
        <postal>
          <country>United States of America</country>
        </postal>
        <email>monty.wiseman@oracle.com</email>
      </address>
    </author>
    <author initials="N." surname="Smith" fullname="Ned Smith">
      <organization/>
      <address>
        <postal>
          <country>United States</country>
        </postal>
        <email>ned.smith.ietf@gmail.com</email>
      </address>
    </author>
    <date year="2026" month="June" day="30"/>
    <area>Security</area>
    <workgroup>RATS</workgroup>
    <keyword>Internet-Draft</keyword>
    <keyword>RATS</keyword>
    <keyword>PKIX</keyword>
    <keyword>HSM</keyword>
    <abstract>
      <?line 146?>

<t>This document specifies a vendor-agnostic format for Evidence produced and verified within a PKIX context.
The Evidence produced this way includes claims collected about a cryptographic module, such as a Hardware Security
Module (HSM),
and elements found within it such as cryptographic keys.</t>
      <t>One scenario envisaged is that the state information about the cryptographic module can be securely presented
to a remote operator or auditor in a vendor-agnostic verifiable format.
A more complex scenario would be to submit this Evidence to a Certification Authority to aid in determining
whether the storage properties of this key meet the requirements of a given certificate profile.</t>
      <t>This specification also offers a format for requesting a cryptographic module to produce Evidence tailored for expected use.</t>
    </abstract>
    <note removeInRFC="true">
      <name>About This Document</name>
      <t>
        The latest revision of this draft can be found at <eref target="https://ietf-rats-wg.github.io/key-attestation/draft-ietf-rats-pkix-key-attestation.html"/>.
        Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-ietf-rats-pkix-key-attestation/"/>.
      </t>
      <t>
        Discussion of this document takes place on the
        RATS Working Group mailing list (<eref target="mailto:rats@ietf.org"/>),
        which is archived at <eref target="https://datatracker.ietf.org/wg/rats/about/"/>.
        Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/rats/"/>.
      </t>
      <t>Source for this draft and an issue tracker can be found at
        <eref target="https://github.com/ietf-rats-wg/key-attestation"/>.</t>
    </note>
  </front>
  <middle>
    <?line 160?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>This document specifies a vendor-neutral Evidence format for remote attestation in PKIX-based environments, with a focus on hardware security modules (HSMs)
and cryptographic keys managed by such devices. The format enables an Attester to convey measured platform and key properties to a Verifier and, ultimately,
to a Relying Party in a form that integrates with existing X.509-based trust infrastructures.</t>
      <t>Concretely, this specification defines:
* an ASN.1/DER <tt>Evidence</tt> envelope containing a to-be-signed section, one or more signature blocks, and optional intermediate certificates;
* an element-and-claim data model organized around transaction, platform, and key elements, identified by OIDs;
* encoding and signature-verification processing rules for PKIX Evidence;
* an attestation request structure that allows a Presenter to request a scoped subset of elements and claims.</t>
      <t>The design is intentionally PKIX-native. ASN.1 and DER are used to align with existing certificate tooling, certification authority workflows, and HSM implementations where non-ASN.1 formats are less common.</t>
      <t>This document does not define a transport protocol for carrying Evidence, does not define Verifier appraisal policy, and
does not standardize device-internal authentication/authorization mechanisms. It defines the data model and cryptographic container
so that such mechanisms can be applied consistently across deployments.</t>
    </section>
    <section anchor="use-cases">
      <name>Use Cases</name>
      <t>This section covers use cases that motivated the development of this specification.</t>
      <section anchor="remote-audit-of-a-hardware-security-module-hsm">
        <name>Remote audit of a Hardware Security Module (HSM)</name>
        <t>There are situations where it is necessary to verify the current running state of an HSM as part of operational or
auditing procedures. For example, there are devices that are certified to work in an environment only if certain
versions of the firmware are loaded or only if user keys are protected with specific policies.</t>
        <t>The Evidence format offered by this specification allows a platform to report its firmware level along with
other collected claims necessary in critical deployments.</t>
      </section>
      <section anchor="key-import-and-hsm-clustering">
        <name>Key import and HSM clustering</name>
        <t>Consider that an HSM is being added to a logical HSM cluster. Part of the onboarding process could involve
the newly-added HSM providing Evidence of its running state, for example that it is a genuine device from
the same manufacturer as the existing clustered HSMs, firmware patch level, FIPS mode, etc.
It could also be required to provide information about any system-level keys required to establish
secure cluster communication. In this scenario, the Verifier and Relying Party will typically be other HSMs in the cluster
deciding whether or not to admit the new HSM.</t>
        <t>A related scenario is when performing a key migration across HSMs.
If the key is being migrated is associated with certain properties, for example an environment running in FIPS mode at
FIPS Level 3, and the key is set to certain protection properties such as Non-Exportable and Dual-Control,
then the HSM might wish to verify that the key was previously stored under the same conditions.
This specification provides an Evidence format with sufficient details to support this type of
implementation across HSM vendors.</t>
        <t>These scenarios motivate the design requirements to have an ASN.1 based Evidence format and a data model that
more closely matches typical HSM architecture since, as shown in both scenarios,
an HSM is acting as Verifier and Relying Party.</t>
      </section>
      <section anchor="attesting-subject-of-a-certificate-issuance">
        <name>Attesting subject of a certificate issuance</name>
        <t>Prior to a Certification Authority (CA) issuing a certificate on behalf of a subject, a number of procedures
are required to verify that the subject of the certificate is associated with the key that is certified.
In some cases, such as issuing a code signing certificate <xref target="CNSA2.0"/> <xref target="CSBR"/>, a CA must ensure that
the subject key is located in a Hardware Security Module (HSM).</t>
        <t>The Evidence format offered by this specification is designed to carry the information necessary for a CA to
assess the location of the subject key along a number of commonly-required attributes. More specifically, a CA could
determine which HSM was used to generate the subject key, whether this device adheres
to certain jurisdiction policies (such as FIPS mode) and the constraints applied to the key (such as whether is it extractable).</t>
        <t>For relatively simple HSM devices, storage properties such as "extractable" may always be false for all keys
since the devices are not capable of key export and so the Evidence could be essentially a hard-coded template asserting these
immutable attributes. However, more complex HSM devices require a more elaborate Evidence format that encompasses the
mutability of these attributes.</t>
        <t>Also, a client requesting a key attestation might wish to scope-down the content of the produced Evidence as
the HSM contains much more information than that which is relevant to the transaction.
Not reducing the scope of the generated Evidence could, in some scenarios, constitute a privacy violation.</t>
      </section>
    </section>
    <section anchor="terminology">
      <name>Conventions and Terminology</name>
      <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
      <?line -18?>

<t>This specification uses a necessary mixture of PKI terminology and RATS Architecture definitions
in order to map concepts between the two domains.</t>
      <t>The reader is assumed to be familiar with the vocabulary and concepts
defined in the RATS Architecture (<xref target="RFC9334"/>) such as Attester,
Relying Party, Verifier.</t>
      <t>The reader is assumed to be familiar with common vocabulary and concepts
defined in <xref target="RFC5280"/> such as certificate, signature, attribute, verification and validation.</t>
      <t>In order to avoid confusion, this document generally
capitalizes RATS terms such as Attester, Relying Party, and Claim.
Therefore, for example, a "Verifier"
should be assumed to be an entity that checks the validity of Evidence as per <xref target="RFC9334"/>,
whereas a "verifier" could be a more general reference to a PKI entity that checks
the validity of an X.509 certificate or other digital signature as per <xref target="RFC5280"/>.</t>
      <t>The following terms are used in this document:</t>
      <dl newline="true">
        <dt>Attestation Key (AK):</dt>
        <dd>
          <t>Cryptographic key controlled solely by the Attester and used only for the purpose
of producing Evidence. In other words, it is used to digitally sign the claims collected by
the Attester.</t>
        </dd>
        <dt>Attester:</dt>
        <dd>
          <t>The term Attester respects the definition offered in <xref target="RFC9334"/>. In this specification, it
is also interchangeable with "platform" or "HSM".</t>
        </dd>
        <dt>Attesting Environment:</dt>
        <dd>
          <t>As defined in <xref target="RFC9334"/>, the Attesting Environment collects the information to be represented
in Claims. In practical terms, an implementation may be designed with services to perform this function.
To remain consistent with the RATS Architecture, the term "Attesting Environment" is used throughout
this specification.</t>
        </dd>
        <dt>Evidence:</dt>
        <dd>
          <t>The term Evidence respects the definition offered in <xref target="RFC9334"/>. In this specification, it
refers to claims, encoded according to the format defined within this document, and signed using
Attestation Keys.</t>
        </dd>
        <dt>Hardware Security Module (HSM):</dt>
        <dd>
          <t>A physical computing device that safeguards and manages secrets, such as cryptographic keys,
and performs cryptographic operations based on those secrets.
This specification takes a broad definition of what counts as an HSM to include smartcards,
USB tokens, TPMs, cryptographic co-processors (PCI cards) and "enterprise-grade" or "cloud-service grade" HSMs
(possibly rack mounted). In this specification, it is interchangeable with "platform" or "Attester".</t>
        </dd>
        <dt>Key Attestation:</dt>
        <dd>
          <t>Process of producing Evidence containing claims pertaining to user keys found within an HSM. In
general, the claims include enough information about a user key and its hosting platform to allow
a Relying Party to make judicious decisions about the key, such as whether to issue a certificate for the key.</t>
        </dd>
        <dt>RATS:</dt>
        <dd>
          <t>Remote ATtestation procedureS. Refers to a working group within IETF and all the documents developed
under this umbrella of efforts. This specification is developed using concepts developed in RATS but more
particularly refers to the RATS Architecture as introduced in <xref target="RFC9334"/>.</t>
        </dd>
        <dt>PKIX:</dt>
        <dd>
          <t>Public Key Infrastructure based on X.509 certificates. Refers to the framework of technology, policies and
procedures used to manage and distribute digital certificates based on <xref target="RFC5280"/> and related specifications.</t>
        </dd>
        <dt>Platform:</dt>
        <dd>
          <t>The module or device that embodies the Attester. In this specification, it is interchangeable with
"Attester" or "HSM".</t>
        </dd>
        <dt>Platform Attestation:</dt>
        <dd>
          <t>Process of producing evidence containing claims pertaining to measured values associated with the platform itself. In general, the claims include
enough information about the platform to allow a Relying Party to make judicious decisions about the
platform, such as those carried out during audit reviews.</t>
        </dd>
        <dt>Presenter:</dt>
        <dd>
          <t>Role that facilitates communication between the Attester and the Verifier. The
Presenter initiates the operation of generating Evidence at the Attester and
passes the generated Evidence to the Verifier. In the case of HSMs, the Presenter
is responsible of selecting the claims that are part of the generated Evidence.</t>
        </dd>
        <dt>Trust Anchor:</dt>
        <dd>
          <t>As defined in <xref target="RFC6024"/> and <xref target="RFC9019"/>, a Trust Anchor
"represents an authoritative element via a public key and
associated data. The public key is used to verify digital
signatures, and the associated data is used to constrain the types
of information for which the trust anchor is authoritative." The
Trust Anchor may be a certificate, a raw public key, or other
structure, as appropriate.</t>
        </dd>
        <dt>Trusted Platform Module (TPM):</dt>
        <dd>
          <t>A tamper-resistant processor generally located on a computer's motherboard used to enhance attestation
functions for the hosting platform as defined by the Trusted Computer Group. TPMs are very specialized Hardware Security Modules and generally use
other protocols (than the one presented in this specification) to transmit Evidence.</t>
        </dd>
        <dt>User Key:</dt>
        <dd>
          <t>A user key consists of a key hosted by an HSM (the platform) and intended to be used by a client
of the HSM. Other terms used for a user key are "application key", "client key" or "operational key".
The access and operations on a user key are controlled by the HSM.</t>
        </dd>
      </dl>
      <section anchor="claims-and-measurements-in-generated-evidence">
        <name>Claims and measurements in generated Evidence</name>
        <t>The RATS Architecture <xref target="RFC9334"/> states that Evidence is made up of claims and that a claim is "a piece of
asserted information, often in the form of a name/value pair". The RATS Architecture also mentions
the concept of "measurements" that "can describe a variety of attributes of system components, such
as hardware, firmware, BIOS, software, etc., and how they are hardened."</t>
        <t>Some HSMs have a large amount of memory and can therefore contain a substantial amount of elements that
can be observed independently by the Attesting Environment. Each of those elements, in turn, can contain a
number of measurable attributes.</t>
        <t>A certain level of complexity arises as multiple elements of the same class can be reported simultaneously in generated
Evidence. In this case, multiple similar claims are reported simultaneously but associated with different elements.</t>
        <t>For example, two independent user keys could be reported simultaneously in Evidence. Each key is associated with a
SPKI (SubjectPublicKeyInfo). The measured values for the SPKI of the respective keys are different.</t>
        <t>To that end, in this specification, the claims are organized as collections where each claim is the association of
a claim type with the measured value. The collections, in turn, are organized by "elements". An element represents a
logical portion of the Target Environment that is observed by the Attesting Environment.</t>
        <t>Thus, an element is associated with a collection of claims. Each claim is the association of a claim type
with a measured value.</t>
        <t>The grouping of claims into elements facilitates the comprehension of a large addressable space into
portions recognizable by the user. More importantly, it curtails the produced Evidence to portions of the
Target Environment that relate to the needs of the Verifier. See <xref target="sec-cons-privacy"/>.</t>
      </section>
      <section anchor="sec-ak-chain">
        <name>Attestation Key Certificate Chain</name>
        <t>The data format in this specification represents Evidence and
requires third-party endorsement in order to establish trust. Part of this
endorsement is a trust anchor that chains to the HSM's attestation key (AK)
which signs the Evidence. In practice the trust anchor usually is a
manufacturing CA belonging to the device vendor which proves
that the device is genuine and not counterfeit. The trust anchor can also belong
to the device operator as would be the case when the AK certificate is replaced
as part of onboarding the device into a new operational environment.</t>
        <t>The AK certificate associated with the AK that signs the evidence have the following constraints:</t>
        <ul spacing="normal">
          <li>
            <t>the certificate <bcp14>MUST</bcp14> include the Extended Key Usage (EKU) certificate extension;</t>
          </li>
          <li>
            <t>the EKU certificate extension <bcp14>MUST</bcp14> include the <tt>id-kp-attestationKey</tt>, as defined in this specification; and,</t>
          </li>
          <li>
            <t>the <tt>KeyUsage</tt> extension (KU) <bcp14>MUST</bcp14> have the <tt>digitalSignature</tt> bit set.</t>
          </li>
        </ul>
        <t>An EKU that includes only a single KeyPurposeId of <tt>id-kp-attestationKey</tt> <bcp14>SHOULD</bcp14> be marked as <tt>critical</tt>.
The reasoning here is that the usage of a true attestation key is constrained by the security module it's
contained by.  Presenting non-attestation data for validation by this AK public key should ALWAYS fail.</t>
        <t>An EKU that includes a KeyPurposeId of <tt>id-kp-attestationKey</tt> along with other attestation-related
KeyPurposeId <bcp14>SHOULD NOT</bcp14> be marked as critical.</t>
        <t>Note that the data format specified in <xref target="sec-data-model"/> allows for zero, one, or multiple
'SignatureBlock's, so a single Evidence statement could be un-protected, or could be endorsed by multiple
AK chains leading to different trust anchors. See <xref target="sec-verif-proc"/> for a discussion of handling multiple SignatureBlocks.</t>
      </section>
    </section>
    <section anchor="sec-info-model">
      <name>Information Model</name>
      <t>The Evidence format is composed of two main sections:</t>
      <ul spacing="normal">
        <li>
          <t>An Evidence description which describes the list of reported elements.</t>
        </li>
        <li>
          <t>A signature section where one or more digital signatures are offered to prove the origin of the
Evidence description and maintain its integrity.</t>
        </li>
      </ul>
      <t>The details of the signature section is left to the data model. The remainder of this section
deals with the way the information is organized to form the Evidence description.</t>
      <t>The Evidence description is associated with elements to help with the organization and comprehension
of the information. Elements are portions of the Target Environment observed by the Attesting
Environment. Each element, in turn, is associated with a collection of claims that describes the attributes
of the element.</t>
      <t>Therefore, the Evidence description is composed of a set of elements and each element is composed
of a claim set.</t>
      <section anchor="element">
        <name>Element</name>
        <t>An element is a logical construct that refers to a portion of the Target Environment's state. It is
addressable via an identifier such as a UUID or a handle (as expressed in <xref target="PKCS11"/>). In general, an
element refers to a component recognized by users of the HSM, such as a user key or the platform itself.</t>
        <t>An element is composed of a type, the element type, and a collection of claims. The element type
describes the class of the element while the collection of claims defines its state.</t>
        <t>An element <bcp14>MUST</bcp14> be reported at most once in an Evidence description. The Evidence description can
have multiple elements of the same type (for example reporting multiple keys), but each
element <bcp14>MUST</bcp14> relate to different portions of the Target Environment.</t>
        <t>It is possible for two elements to be quite similar such as in a situation where a key is imported
twice in a HSM. In this case, the two related elements could be associated with similar claims. However, they
are treated as different elements as they are reporting different portions of the Target Environment.</t>
        <t>The number of elements reported in an Evidence description, and their respective type, is
left to the implementer. For a simple device where there is only one key, the list of
reported elements could be fixed. For larger and more complex devices, the list of
reported elements should be tailored to what is demanded by the Presenter.</t>
        <t>In particular, note that the <tt>nonce</tt> claim contained with the Transaction element is optional,
and therefore it is possible that an extremely simple device that holds one static key
could have its Evidence generated at manufacturing time and injected
statically into the device instead of
being generated on-demand. This model would essentially
off-board the Attesting Environment to be part of the manufacturing infrastructure. In the RATS
Architecture, this configuration would refer to the the information provided this way as an Endorsement
provided by the manufacturer as opposed to Evidence generated by the HSM.</t>
      </section>
      <section anchor="element-type">
        <name>Element Type</name>
        <t>An element is defined by its type. This specification defines three element types:</t>
        <ul spacing="normal">
          <li>
            <t>Platform : This element holds claims that describes the state of the platform (or device)
itself. Elements of this type hold claims that are global
in nature within the Target Environment.</t>
          </li>
          <li>
            <t>Key : The elements of this type represent a cryptographic key protected within the
Target Environment and hold claims that describes that specific key.</t>
          </li>
          <li>
            <t>Transaction : This element is abstract in nature since it is associated with claims
that do not describe portions of the Target Environment. Instead, these claims
relate to the current request for Evidence such as a <tt>nonce</tt> to support freshness.</t>
          </li>
        </ul>
        <t>Although this document defines a short list of element types, this list is extensible
to allow implementers to report on elements found in their implementation and not
covered by this specification. By using an Object Identifiers (OID) for specifying element types
and claim types, this format is inherently extensible;
implementers of this specification <bcp14>MAY</bcp14> define new custom or proprietary element types and
place them alongside the standardized elements, or define new claim types
and place them inside standardized elements.</t>
        <t>Verifiers <bcp14>SHOULD</bcp14> ignore and skip over
unrecognized element or claim types and continue processing normally.
In other words, if a given Evidence would have been acceptable without the
unrecognized elements or claims, then it <bcp14>SHOULD</bcp14> still be acceptable with them.</t>
      </section>
      <section anchor="claim-type">
        <name>Claim Type</name>
        <t>Each claim found in an element is composed of a claim type and a value.
Each claim describes a portion of the state from the associated element. For example,
a platform element could have a claim which indicates the firmware version currently running.
Another example is a key element with a claim that reports whether the key is extractable
or not.</t>
        <t>A value provided by a claim is to be interpreted within the context
of its element and in relation to the claim type.</t>
        <t>It is <bcp14>RECOMMENDED</bcp14> that a claim type be defined for a specific element type, to reduce
confusion when it comes to interpretation of the value. In other words, a claim type <bcp14>SHOULD
NOT</bcp14> be used by multiple element types. For example, if a concept of "revision" is applicable to a platform
and a key, the claim for one element type (platform revision) should have a different identifier
from the one for the other element type (key revision).</t>
        <t>The nature of the value (boolean, integer, string, bytes) and its format are dependent on the claim type.</t>
        <t>This specification defines a limited set of claim types. However, the list is extensible
through the IANA registration process or private OID allocation, enabling implementers to
report additional claims not covered by this specification.</t>
        <t>The number of claims reported within an element, and their respective type, is
left to the implementer. For a simple device, the reported list of claims for an element
might be fixed. However, for larger and more complex devices, the list of reported claims
should be tailored to what is demanded by the Presenter.</t>
        <t>Claims of a particular type <bcp14>MAY</bcp14> be repeated within an element while others <bcp14>MUST NOT</bcp14>. For example, for a
platform element, there can only be one "firmware version" claim. Therefore, the associated claim
<bcp14>MUST NOT</bcp14> be repeated as it may lead to confusion. However, a claim relating to
a "ak-spki" <bcp14>MAY</bcp14> be repeated, each claim describing a different attesting key.
Therefore, the definition of a claim specifies whether or not multiple copies of that
claim are allowed within an element's claim set.</t>
        <t>If a Verifier detects, within a single element, multiple copies of a claim type that should not
be repeated, it <bcp14>MUST</bcp14> reject the Evidence as malformed. Since a Verifier is encouraged to ignore
unrecognized claim types, it is possible that a potential rejection is missed.</t>
        <t>If a Verifier encounters, within the context of an element, a repeated claim for a type where
it is allowed, it <bcp14>MUST</bcp14> treat each one as an independent claim and <bcp14>MUST NOT</bcp14>
consider later ones to overwrite the previous one.</t>
      </section>
    </section>
    <section anchor="sec-data-model">
      <name>Data Model</name>
      <t>This section describes the data model associated with generated Evidence. For ease of
deployment within the target ecosystem, ASN.1 definitions and DER encoding
are used. A complete ASN.1 module is provided in <xref target="sec-asn1-mod"/>.</t>
      <t>The top-level structures, as ASN.1 fragments, are:</t>
      <sourcecode type="asn.1"><![CDATA[
Evidence ::= SEQUENCE {
    tbs  TbsEvidence,
    signatures  SEQUENCE SIZE (0..MAX) OF SignatureBlock,
    intermediateCertificates  [0] SEQUENCE OF Certificate OPTIONAL
                                  -- As defined in RFC 5912
}

SignatureBlock ::= SEQUENCE {
    sid SignerIdentifier,
    signatureAlgorithm AlgorithmIdentifier{
        SIGNATURE-ALGORITHM, {SignatureAlgSet} },
    signatureValue OCTET STRING
}

SignerIdentifier ::= SEQUENCE {
    keyId [0] EXPLICIT OCTET STRING OPTIONAL,
    subjectPublicKeyInfo [1] EXPLICIT
        SubjectPublicKeyInfo OPTIONAL,
        -- As defined in RFC 5912
    certificate [2] EXPLICIT Certificate OPTIONAL
      -- As defined in RFC 5912
} (
    WITH COMPONENTS { ..., keyId PRESENT}
    | WITH COMPONENTS { ..., subjectPublicKeyInfo PRESENT }
    | WITH COMPONENTS { ...,certificate PRESENT } )

TbsEvidence ::= SEQUENCE {
    version INTEGER,
    reportedElements SEQUENCE SIZE (1..MAX) OF ReportedElement
}
]]></sourcecode>
      <t>An <tt>Evidence</tt> message is composed of a protected section known as the To-Be-Signed (TBS) section.
The <tt>TbsEvidence</tt> corresponds to the "Evidence Description" referred to in <xref target="sec-info-model"/>.
The integrity of the TBS section is ensured with one or multiple cryptographic signatures
over the content of this section. There is a provision to carry X.509 certificates supporting each signature.
The SEQUENCE OF <tt>SignatureBlock</tt> allows for both multi-algorithm protection and for counter-signatures
of the Evidence.
In an effort to keep the Evidence format simple, distinguishing between these two cases is left up to Verifier policy,
potentially by making use of the certificates that accompany each signature.</t>
      <t>This design also does not prevent an attacker from removing, adding or re-ordering signatures without leaving trace.
This is discussed as part of the security considerations in <xref target="sec-detached-sigs"/>.</t>
      <t>The TBS section is composed of a version number, to ensure future extensibility, and a sequence of reported elements.
For compliance with this specification, <tt>TbsEvidence.version</tt> <bcp14>MUST</bcp14> be <tt>1</tt>.
This envelope format is not extensible; future specifications which make compatibility-breaking changes <bcp14>MUST</bcp14> increment the version number.</t>
      <t>A <tt>SignatureBlock</tt> is included for each signature submitted against the TBS section. The <tt>SignatureBlock</tt> includes
the signature algorithm (signatureAlgorithm) and the signature itself (signatureValue). It also includes
information to identify the authority that provided the signature which is the structure <tt>SignerIdentifier</tt> (sid).
The signer identifier includes a combination of X.509 certificate, SubjectPublicKeyInfo (SPKI) and/or
key identifier (keyId). It is expected that a X.509 certificate will be generally used, as it provides the public key needed
to verify the signature and clearly identifies the subject that provided the signature. The SPKI and keyId are allowed
to support environments where X.509 certificates are not used.</t>
      <t>The field <tt>SignerIdentifier.keyId</tt> is not constrained to specific details. It is an identifier that is shared between the Attester and
the Verifier to establish which public key should be used during the verification of a signature block. The fields <tt>SignerIdentifier.subjectPublicKeyInfo</tt>
and <tt>SignerIdentifier.certificate</tt> are encouraged as these fields have specific syntax and semantics.</t>
      <t>The optional certificate list provided in <tt>Evidence.intermediateCertificates</tt> enables the insertion
of X.509 certificates to support trusting the signatures found in signature blocks. This information is intended to provide
the certificates required by the Verifier to validate the endorsement on the certificates included
with the signatures. <tt>intermediateCertificates</tt> <bcp14>MAY</bcp14> include any or all intermediate CA certificates needed to build paths.
It is not required to include trust anchors. Order is not significant.</t>
      <t>As described in <xref target="sec-info-model"/>, the <tt>TbsEvidence</tt> is a collection of elements. Each element
is associated with a type that defines its class. The element types are represented by object identifiers
(OIDs). The following ASN.1 fragment defines the structures associated with elements:</t>
      <sourcecode type="asn.1"><![CDATA[
ReportedElement ::= SEQUENCE {
    elementType         OBJECT IDENTIFIER,
    claims             SEQUENCE SIZE (1..MAX) OF ReportedClaim
}

id-evidence-element             OBJECT IDENTIFIER ::=
    { id-evidence 0 }
id-evidence-element-transaction OBJECT IDENTIFIER ::=
    { id-evidence-element 0 }
id-evidence-element-platform    OBJECT IDENTIFIER ::=
    { id-evidence-element 1 }
id-evidence-element-key         OBJECT IDENTIFIER ::=
    { id-evidence-element 2 }
]]></sourcecode>
      <t>In turn, elements are composed of a collection of claims. Each claim is composed of a type and a value.
The claim types are represented by object identifiers (OIDs). The
following ASN.1 fragment defines the structures associated with claims:</t>
      <sourcecode type="asn.1"><![CDATA[
CLAIM ::= CLASS {
    &id       OBJECT IDENTIFIER UNIQUE,
    &Type
} WITH SYNTAX {
    ID &id
    WITH TYPE &Type
}

ReportedClaim ::= SEQUENCE {
    claimType  CLAIM.&id ({ClaimSet}),
    value      CLAIM.&Type ({ClaimSet}{@claimType}) OPTIONAL
}
]]></sourcecode>
      <t>Each claim type <bcp14>SHOULD</bcp14> be associated with a single element type. Therefore, it is encouraged
to define claim types grouped with their respective element type.</t>
      <t>The nature of a claim value is dictated by the claim type. When a claim type is defined, the
definition must include the type of the value, its semantic and interpretation.</t>
      <t>The following ASN.1 fragment illustrates how a claim is associated with a type, in this case the
OID <tt>id-evidence-claim-transaction-nonce</tt> and the expected data format (OCTET STRING).</t>
      <sourcecode type="asn.1"><![CDATA[
id-evidence-claim-transaction-nonce     OBJECT IDENTIFIER ::=
    { id-evidence-claim-transaction 0 }

claim-transaction-nonce CLAIM ::= {
  ID id-evidence-claim-transaction-nonce
  WITH TYPE OCTET STRING
}
]]></sourcecode>
      <t>The remainder of this section describes the element types and their associated claims.</t>
      <section anchor="platform-element">
        <name>Platform Element</name>
        <t>A platform element reports information about the device where the Evidence is generated and is
composed of a collection of claims that are global to the Target Environment.
It is associated with the type identifier <tt>id-evidence-element-platform</tt>.</t>
        <t>A platform element, if provided, <bcp14>MUST</bcp14> be included only once within the generated Evidence. If a
Verifier encounters multiple elements of type <tt>id-evidence-element-platform</tt>, it <bcp14>MUST</bcp14>
reject the Evidence as malformed.</t>
        <t>The following table lists the claims for a platform element (platform claims) defined
within this specification. In cases where the claim is borrowed from another specification,
the "Reference" column refers to the specification where the semantics
for the claim value can be found.</t>
        <table>
          <thead>
            <tr>
              <th align="left">Claim Type</th>
              <th align="left">Reference</th>
              <th align="left">Multiple?</th>
              <th align="left">OID</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">vendor</td>
              <td align="left">RFCthis</td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-platform-vendor</td>
            </tr>
            <tr>
              <td align="left">oemid</td>
              <td align="left">
                <xref target="RFC9711"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-platform-oemid</td>
            </tr>
            <tr>
              <td align="left">hwmodel</td>
              <td align="left">
                <xref target="RFC9711"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-platform-hwmodel</td>
            </tr>
            <tr>
              <td align="left">hwversion</td>
              <td align="left">
                <xref target="RFC9711"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-platform-hwversion</td>
            </tr>
            <tr>
              <td align="left">hwserial</td>
              <td align="left">RFCthis</td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-platform-hwserial</td>
            </tr>
            <tr>
              <td align="left">swname</td>
              <td align="left">
                <xref target="RFC9711"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-platform-swname</td>
            </tr>
            <tr>
              <td align="left">swversion</td>
              <td align="left">
                <xref target="RFC9711"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-platform-swversion</td>
            </tr>
            <tr>
              <td align="left">dbgstat</td>
              <td align="left">
                <xref target="RFC9711"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-platform-debugstat</td>
            </tr>
            <tr>
              <td align="left">uptime</td>
              <td align="left">
                <xref target="RFC9711"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-platform-uptime</td>
            </tr>
            <tr>
              <td align="left">bootcount</td>
              <td align="left">
                <xref target="RFC9711"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-platform-bootcount</td>
            </tr>
            <tr>
              <td align="left">fipsboot</td>
              <td align="left">
                <xref target="FIPS140-3"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-platform-fipsboot</td>
            </tr>
            <tr>
              <td align="left">fipsver</td>
              <td align="left">
                <xref target="FIPS140-3"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-platform-fipsver</td>
            </tr>
            <tr>
              <td align="left">fipslevel</td>
              <td align="left">
                <xref target="FIPS140-3"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-platform-fipslevel</td>
            </tr>
            <tr>
              <td align="left">fipsmodule</td>
              <td align="left">
                <xref target="FIPS140-3"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-platform-fipsmodule</td>
            </tr>
          </tbody>
        </table>
        <t>Each claim defined in the table above is described in the following sub-sections.</t>
        <section anchor="vendor">
          <name>vendor</name>
          <t>A human-readable string that reports the name of the device's manufacturer. This field is for informational
purposes only and should not be used in any automated mechanism to compare the Evidence. For the purposes of comparison,
the claims <tt>oemid</tt> and  <tt>hwmodel</tt> should be used.</t>
          <t>If the device is submitted to FIPS validation, this string should correspond to the vendor field of the submission.</t>
        </section>
        <section anchor="oemid-hwmodel-hwversion-swname-swversion-dbgstat-uptime-bootcount">
          <name>oemid, hwmodel, hwversion, swname, swversion, dbgstat, uptime, bootcount</name>
          <t>These claims are defined in <xref target="RFC9711"/> and are reused in this specification for interoperability. Small
descriptions are offered for each to ease the reading of this specification. In case of confusion between the
description offered here and the one in <xref target="RFC9711"/>, the definition offered in the latter shall prevail.</t>
          <t>The claim "oemid" uniquely identifies the Original Equipment Manufacturer (OEM) of the HSM. This is a
sequence of bytes and is not meant to be a human readable string.</t>
          <t>The claim "hwmodel" differentiates models, products, and variants manufactured by a particular OEM. A model
must be unique within a given "oemid". This is a sequence of bytes and is not meant to be a human readable string.</t>
          <t>The claim "hwversion" is a text string reporting the version of the hardware. This claim must be
interpreted along with the claim "hwmodel".</t>
          <t>The claim "swname" is a text string reporting the name of the firmware running on the platform.</t>
          <t>The claim "swversion" differentiates between the various revisions of a firmware offered for the platform. This
is a string that is expected to be human readable.</t>
          <t>The claim "dbgstat" refers to the state of the debug facilities offered by the HSM. This is an integer
value describing the current state as described in <xref target="RFC9711"/>.</t>
          <t>The claim "uptime" reports the number of seconds that have elapsed since the HSM was last booted.</t>
          <t>The claim "bootcount" reports the number of times the HSM was booted.</t>
        </section>
        <section anchor="hwserial">
          <name>hwserial</name>
          <t>A human-readable string that reports the serial number of the hardware module. This serial number often matches the number engraved
on the case or on an applied sticker.</t>
        </section>
        <section anchor="fipsboot-fipsver-fipslevel-and-fipsmodule">
          <name>fipsboot, fipsver, fipslevel and fipsmodule</name>
          <t>FIPS 140-3 CMVP validation places stringent requirements on the mode of operation of the device and the cryptography offered by the module,
including only enabling FIPS-approved algorithms, certain requirements on entropy sources, and extensive start-up self-tests.
FIPS 140-3 offers compliance levels 1 through 4 with increasingly strict requirements. Many HSMs include a configuration setting that allows
the device to be taken out of FIPS mode and thus enable additional functionality or performance, and some offer configuration settings to change between compliance levels.</t>
          <t>The boolean claim <tt>fipsboot</tt> indicates whether the device is currently operating in FIPS mode. When the claim value is "true", the HSM is running in compliance with the
FIPS 140 restrictions. Among other restrictions, it means that only FIPS-approved algorithms are available. If the value of this claim is "false", then the HSM is not
restricted to the behavior limited by compliance.</t>
          <t>The textual claim <tt>fipsver</tt> indicates the version of the FIPS CMVP specification with which the device's operational mode is compliant. At the time of writing, the strings "FIPS 140-2" or "FIPS 140-3" <bcp14>SHOULD</bcp14> be used.</t>
          <t>The integer claim <tt>fipslevel</tt> indicates the compliance level to which the device is currently operating and <bcp14>MUST</bcp14> only be 1, 2, 3, or 4. The <tt>fipslevel</tt> claim has no meaning if <tt>fipsboot</tt> is absent or <tt>false</tt>.</t>
          <t>The claim <tt>fipsmodule</tt> is a textual field used to represent the name of the module that was submitted to CMVP for validation. The information derived by combining this claim with the vendor name shall
be sufficient to find the associated records in the CMVP database.</t>
          <t>The FIPS status information found in Evidence indicates only the mode of operation of the device and is not authoritative of its validation status.
This information is available on the NIST CMVP website or by contacting the device vendor.
As an example, some devices may have the option to enable FIPS mode in configuration even if the vendor has not submitted this model for validation. As another example,
a device may be running in a mode consistent with FIPS Level 3 but the device was only validated and certified to Level 2.
A Relying Party wishing to know the validation status of the device <bcp14>MUST</bcp14> couple the device state information contained in the Evidence with a valid FIPS CMVP certificate for the device.</t>
        </section>
      </section>
      <section anchor="key-element">
        <name>Key Element</name>
        <t>A key element is associated with the type <tt>id-evidence-element-key</tt>. Each instance of a
key element represents a different addressable key found in the Target Environment. There can
be multiple key elements found in Evidence, but each reported key element <bcp14>MUST</bcp14>
describe a different key observed from the Target Environment. Two key elements may represent the same underlying cryptographic key
(keys with the exact same value) but they must be different portions of the Target Environment.</t>
        <t>A key element is composed of a collection of claims relating to the cryptographic key. At
minimum, a key element <bcp14>MUST</bcp14> report the claim "identifier" to uniquely identify this cryptographic
key from any others found in the same Target Environment.</t>
        <t>A Verifier that detects Evidence with multiple key elements referring to the
same addressable key <bcp14>MUST</bcp14> reject the Evidence.</t>
        <t>The following table lists the claims for a key element defined
within this specification. The "Reference" column refers to the specification where the semantics
for the claim can be found.</t>
        <table>
          <thead>
            <tr>
              <th align="left">Claim Type</th>
              <th align="left">Reference</th>
              <th align="left">Multiple?</th>
              <th align="left">OID</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">identifier</td>
              <td align="left">RFCthis</td>
              <td align="left">Yes</td>
              <td align="left">id-evidence-claim-key-identifier</td>
            </tr>
            <tr>
              <td align="left">spki</td>
              <td align="left">RFCthis</td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-key-spki</td>
            </tr>
            <tr>
              <td align="left">extractable</td>
              <td align="left">
                <xref target="PKCS11"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-key-extractable</td>
            </tr>
            <tr>
              <td align="left">sensitive</td>
              <td align="left">
                <xref target="PKCS11"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-key-sensitive</td>
            </tr>
            <tr>
              <td align="left">never-extractable</td>
              <td align="left">
                <xref target="PKCS11"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-key-never-extractable</td>
            </tr>
            <tr>
              <td align="left">local</td>
              <td align="left">
                <xref target="PKCS11"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-key-local</td>
            </tr>
            <tr>
              <td align="left">expiry</td>
              <td align="left">RFCthis</td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-key-expiry</td>
            </tr>
            <tr>
              <td align="left">purpose</td>
              <td align="left">RFCthis</td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-key-purpose</td>
            </tr>
          </tbody>
        </table>
        <t>An attestation key might be visible to a client of the device and be reported along with other cryptographic keys. Therefore,
it is acceptable to include a key element providing claims about an attestation key like any other cryptographic key. An
implementation <bcp14>MAY</bcp14> reject the generation of Evidence if it relates to an attestation key.</t>
        <section anchor="identifier">
          <name>identifier</name>
          <t>A human-readable string that uniquely identifies the cryptographic key. This value often contains
a UUID but could also have a numeric value expressed as text or any other textual description.</t>
          <t>This claim <bcp14>MAY</bcp14> be repeated as some environments have more than one way to refer to a
cryptographic key.</t>
        </section>
        <section anchor="spki">
          <name>spki</name>
          <t>The value of this claim contains the DER-encoded field SubjectPublicKeyInfo (see <xref target="RFC5280"/>) associated with the cryptographic
key.</t>
        </section>
        <section anchor="extractable-sensitive-never-extractable-local">
          <name>extractable, sensitive, never-extractable, local</name>
          <t>These claims are defined as key attributes in <xref target="PKCS11"/> and reused in this specification for interoperability. Small
descriptions are offered for each to ease the reading of this specification. In case of confusion between the
description offered here and the one in <xref target="PKCS11"/>, the definition offered in the latter shall prevail.</t>
          <t>The claim "extractable" indicates that the key can be exported from the HSM. Corresponds directly to the attribute CKA_EXTRACTABLE
found in PKCS#11.</t>
          <t>The claim "sensitive" indicates that the value of key cannot leave the HSM in plaintext. Corresponds directly to the attribute CKA_SENSITIVE
found in PKCS#11.</t>
          <t>The claim "never-extractable" indicates if the key was never extractable from the HSM throughout the life of the key. Corresponds
directly to the attribute CKA_NEVER_EXTRACTABLE found in PKCS#11.</t>
          <t>The claim "local" indicates whether the key was generated locally or imported. Corresponds directly to the attribute CKA_LOCAL
found in PKCS#11.</t>
        </section>
        <section anchor="expiry">
          <name>expiry</name>
          <t>Reports a time after which the key is not to be used. The device <bcp14>MAY</bcp14> enforce this policy based on its internal clock.</t>
          <t>Note that security considerations should be taken relating to HSMs and their internal clocks. See <xref target="sec-cons-hsm-timestamps"/>.</t>
        </section>
        <section anchor="purpose">
          <name>purpose</name>
          <t>Reports the key purposes, also referred to as key capabilities, associated with the subject key. Since multiple purposes can be associated with a single key,
the value of this claim is a list of purposes, each reported as an object identifier (OID).</t>
          <t>The value of this claim is the DER encoding of the following structure:</t>
          <sourcecode type="asn.1"><![CDATA[
claim-key-purpose CLAIM ::= {
  ID id-evidence-claim-key-purpose
  WITH TYPE KeyPurposes
}

KeyPurposes ::= SEQUENCE OF OBJECT IDENTIFIER

]]></sourcecode>
          <t>The following table describes the key purposes defined in this specification. The key purposes offered are based on key
attributes provided by PKCS#11. Each purpose is assigned an object identifier (OID).</t>
          <table>
            <thead>
              <tr>
                <th align="left">Capability</th>
                <th align="left">PKCS#11</th>
                <th align="left">OID</th>
              </tr>
            </thead>
            <tbody>
              <tr>
                <td align="left">encrypt</td>
                <td align="left">CKA_ENCRYPT</td>
                <td align="left">id-evidence-key-capability-encrypt</td>
              </tr>
              <tr>
                <td align="left">decrypt</td>
                <td align="left">CKA_DECRYPT</td>
                <td align="left">id-evidence-key-capability-decrypt</td>
              </tr>
              <tr>
                <td align="left">wrap</td>
                <td align="left">CKA_WRAP</td>
                <td align="left">id-evidence-key-capability-wrap</td>
              </tr>
              <tr>
                <td align="left">unwrap</td>
                <td align="left">CKA_UNWRAP</td>
                <td align="left">id-evidence-key-capability-unwrap</td>
              </tr>
              <tr>
                <td align="left">sign</td>
                <td align="left">CKA_SIGN</td>
                <td align="left">id-evidence-key-capability-sign</td>
              </tr>
              <tr>
                <td align="left">sign-recover</td>
                <td align="left">CKA_SIGN_RECOVER</td>
                <td align="left">id-evidence-key-capability-sign-recover</td>
              </tr>
              <tr>
                <td align="left">verify</td>
                <td align="left">CKA_VERIFY</td>
                <td align="left">id-evidence-key-capability-verify</td>
              </tr>
              <tr>
                <td align="left">verify-recover</td>
                <td align="left">CKA_VERIFY_RECOVER</td>
                <td align="left">id-evidence-key-capability-verify-recover</td>
              </tr>
              <tr>
                <td align="left">derive</td>
                <td align="left">CKA_DERIVE</td>
                <td align="left">id-evidence-key-capability-derive</td>
              </tr>
            </tbody>
          </table>
          <t>The use of an object identifier to report a purpose allows third parties to extend this list to support
implementations that have other key purposes.</t>
        </section>
      </section>
      <section anchor="transaction-element">
        <name>Transaction Element</name>
        <t>A transaction element is associated with the type <tt>id-evidence-element-transaction</tt>. This is
an abstract element and does not relate to any state found in the Target Environment. Instead, it
groups together claims that relate to the request of generating the Evidence.</t>
        <t>For example, it is possible to include a <tt>nonce</tt> as part of the request to produce Evidence. This
<tt>nonce</tt> is repeated as part of the Evidence to support
the freshness of the Evidence. The <tt>nonce</tt> is not related to any portion of the Target Environment
and the transaction element is used to gather those values into claims.</t>
        <t>A transaction element, if provided, <bcp14>MUST</bcp14> be included only once within the reported elements. If a
Verifier detects multiple elements of type <tt>id-evidence-element-transaction</tt>, it <bcp14>MUST</bcp14>
reject the Evidence.</t>
        <t>The following table lists the claims for a transaction element defined
within this specification. The "Reference" column refers to the specification where the semantics
for the claim value can be found.</t>
        <table>
          <thead>
            <tr>
              <th align="left">Claim Type</th>
              <th align="left">Reference</th>
              <th align="left">Multiple?</th>
              <th align="left">OID</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">nonce</td>
              <td align="left">
                <xref target="RFC9711"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-transaction-nonce</td>
            </tr>
            <tr>
              <td align="left">timestamp</td>
              <td align="left">
                <xref target="RFC9711"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-transaction-timestamp</td>
            </tr>
            <tr>
              <td align="left">ak-spki</td>
              <td align="left">RFCthis</td>
              <td align="left">Yes</td>
              <td align="left">id-evidence-claim-transaction-ak-spki</td>
            </tr>
          </tbody>
        </table>
        <section anchor="nonce">
          <name>nonce</name>
          <t>The claim <tt>nonce</tt> is used to provide "freshness" quality as to the generated Evidence. A Presenter requesting Evidence <bcp14>MAY</bcp14> provide a nonce
value as part of the request. This nonce value, if specified, <bcp14>SHOULD</bcp14> be repeated in the generated Evidence as a claim within the transaction element.</t>
          <t>This claim is similar to the "eat_nonce" as defined in <xref target="RFC9711"/>. According to that specification, this claim may be specified multiple times with
different values. However, within the scope of this specification, the "nonce" value can be specified only once within a transaction.</t>
        </section>
        <section anchor="timestamp">
          <name>timestamp</name>
          <t>The time at which the Evidence was generated, according to the internal system clock of the Attesting Environment. This is similar to the
"iat" claim in <xref target="RFC9711"/>.</t>
          <t>Note that security considerations should be taken relating to the evaluation of timestamps generated by HSMs. See <xref target="sec-cons-hsm-timestamps"/>.</t>
        </section>
        <section anchor="ak-spki">
          <name>ak-spki</name>
          <t>This claim contains the encoded Subject Public Key Information (SPKI) for the attestation key used to sign the Evidence. The definition
and encoding for SPKIs are defined in X.509 certificates (<xref target="RFC5280"/>).</t>
          <t>This transaction claim is used to bind the content of the Evidence with the key(s) used to sign that Evidence. The importance
of this binding is discussed in <xref target="sec-detached-sigs"/>.</t>
          <t>This claim can be reported multiple times. Each included claim <bcp14>MUST</bcp14> refer to a different attestation key. In other words, this claim
should be repeated only if multiple attestation keys are used to sign the Evidence.</t>
        </section>
      </section>
      <section anchor="sec-additional-claim-types">
        <name>Additional Element and Claim Types</name>
        <t>It is expected that HSM vendors will register additional Element and Claim types by assigning OIDs from their own proprietary OID arcs to hold data describing additional proprietary key properties.</t>
        <t>When new element and claim types are used, documentation similar to the one produced in this specification <bcp14>SHOULD</bcp14> be distributed to
explain the semantics of the claims and the frequency that values can be provided.</t>
        <t>See <xref target="sec-req-processing"/>, <xref target="sec-req-verification"/> and <xref target="sec-cons-verifier"/> for handling of unrecognized custom types.</t>
      </section>
      <section anchor="encoding">
        <name>Encoding</name>
        <t>The structure <tt>Evidence</tt> is to be DER encoded <xref target="X.690"/>.</t>
        <t>If a textual representation is required, then the DER encoding <bcp14>MAY</bcp14> be subsequently encoded into Standard Base64 as defined in <xref target="RFC4648"/>.</t>
        <t>PEM-like representations are also allowed where a MIME-compliant Base64 transformation of the DER encoding is used, provided that the
header label is "EVIDENCE". For example:</t>
        <artwork><![CDATA[
-----BEGIN EVIDENCE-----
(...)
-----END EVIDENCE-----
]]></artwork>
      </section>
    </section>
    <section anchor="sec-verif-proc">
      <name>Signing and Verification Procedures</name>
      <t>The <tt>SignatureBlock.signatureValue</tt> signs over the DER-encoded to-be-signed Evidence data
<tt>Evidence.tbs</tt> and <bcp14>MUST</bcp14> be validated with the subject public key of the end entity
X.509 certificate contained in the <tt>SignerIdentifier.certificate</tt>.</t>
      <t>Verifiers <bcp14>MUST</bcp14> ensure, prior to accepting the signature associated with an end-entity certificate, that:</t>
      <ul spacing="normal">
        <li>
          <t>the certificate contains the <tt>KeyUsage</tt> (KU) extension with the <tt>digitalSignature</tt> bit set; and,</t>
        </li>
        <li>
          <t>the certificate contains the <tt>Extended Key Usage</tt> (EKU) extension that includes the <tt>id-kp-attestationKey</tt> usage.</t>
        </li>
      </ul>
      <t>Verifiers <bcp14>MAY</bcp14> also use <tt>Evidence.intermediateCertificates</tt> to build a certification path from the end-entity
certificate to a trust anchor.</t>
      <t>Note that the structure <tt>Evidence</tt> <bcp14>MAY</bcp14> contain zero or more SignatureBlocks.
A structure <tt>Evidence</tt> with zero SignatureBlocks is unsigned and unprotected; Verifiers <bcp14>MUST</bcp14> treat it as untrusted and <bcp14>MUST NOT</bcp14> rely on its claims.</t>
      <t>More than one SignatureBlock <bcp14>MAY</bcp14> be used to convey a number of different semantics.
For example, the HSM's Attesting Environment might hold multiple Attestation Keys using different cryptographic
algorithms in order to provide resilience against cryptographic degradation in a hybrid fashion. In this case a Verifier would be expected to validate
all SignatureBlocks. Alternatively, the HSM's Attesting Service may hold multiple Attestation Keys (or multiple X.509 certificates for the same key) from
multiple operational environments to which it belongs. In this case a Verifier would be expected to only validate the SignatureBlock corresponding to its
own environment. Alternatively, multiple SignatureBlocks could be used to convey counter-signatures from external parties, in which case the Verifier
needs to be equipped with environment-specific verification logic. Multiple of these cases, and potentially others, could be supported by a single Evidence object.</t>
      <t>Note that each SignatureBlock is a fully detached signature over the tbs content with no binding between the signed content and the SignatureBlocks meaning that a third-party can add a
counter-signature of the Evidence after the fact, or an attacker can remove a SignatureBlock without leaving any trace. See <xref target="sec-detached-sigs"/> for further discussion.</t>
      <t>If any <tt>transaction.ak-spki</tt> claims are present, the Verifier <bcp14>SHOULD</bcp14> verify that each <tt>SignerIdentifier</tt>’s SubjectPublicKeyInfo (or the SPKI of its <tt>certificate</tt>) matches at least one <tt>ak-spki</tt> value.</t>
    </section>
    <section anchor="sec-reqs">
      <name>Attestation Requests</name>
      <t>This section is informative in nature and implementers of this specification do not need to adhere to it. The aim of this section is
to provide a standard interface between a Presenter and an HSM producing Evidence. The authors hope that this standard interface will
yield interoperable tools between offerings from different vendors.</t>
      <t>The interface presented in this section might be too complex for manufacturers of HSMs with limited capabilities such as smartcards
or personal ID tokens. For devices with limited capabilities, a fixed Evidence endorsed by the vendor might be installed
during manufacturing. Other approaches for constrained HSMs might be to report elements and claims that are fixed or offer limited
variations.</t>
      <t>On the other hand, an enterprise-grade HSM with the capability to hold a large number of private keys is expected to be capable of generating
Evidence catered to the specific constraints imposed by a Verifier and without exposing extraneous information. The aim of the request
interface is to provide the means to select and report specific information in the generated Evidence.</t>
      <t>This section introduces the role of "Presenter" as shown in <xref target="fig-arch"/>. The Presenter is the role that initiates the generation of
Evidence. Since HSMs are generally servers (client/server relationship) or peripherals (controller/peripheral relationship), a Presenter is
required to launch the process of creating the Evidence and capturing it to forward it to the Verifier.</t>
      <figure anchor="fig-arch">
        <name>Architecture</name>
        <artset>
          <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="496" width="408" viewBox="0 0 408 496" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
              <path d="M 8,32 L 8,336" fill="none" stroke="black"/>
              <path d="M 48,416 L 48,480" fill="none" stroke="black"/>
              <path d="M 64,80 L 64,160" fill="none" stroke="black"/>
              <path d="M 64,240 L 64,288" fill="none" stroke="black"/>
              <path d="M 112,296 L 112,408" fill="none" stroke="black"/>
              <path d="M 128,160 L 128,232" fill="none" stroke="black"/>
              <path d="M 136,288 L 136,408" fill="none" stroke="black"/>
              <path d="M 184,416 L 184,480" fill="none" stroke="black"/>
              <path d="M 216,80 L 216,160" fill="none" stroke="black"/>
              <path d="M 216,240 L 216,288" fill="none" stroke="black"/>
              <path d="M 248,32 L 248,336" fill="none" stroke="black"/>
              <path d="M 296,416 L 296,480" fill="none" stroke="black"/>
              <path d="M 400,416 L 400,480" fill="none" stroke="black"/>
              <path d="M 8,32 L 248,32" fill="none" stroke="black"/>
              <path d="M 64,80 L 216,80" fill="none" stroke="black"/>
              <path d="M 64,160 L 216,160" fill="none" stroke="black"/>
              <path d="M 64,240 L 216,240" fill="none" stroke="black"/>
              <path d="M 64,288 L 216,288" fill="none" stroke="black"/>
              <path d="M 8,336 L 248,336" fill="none" stroke="black"/>
              <path d="M 48,416 L 184,416" fill="none" stroke="black"/>
              <path d="M 296,416 L 400,416" fill="none" stroke="black"/>
              <path d="M 192,432 L 288,432" fill="none" stroke="black"/>
              <path d="M 192,464 L 288,464" fill="none" stroke="black"/>
              <path d="M 48,480 L 184,480" fill="none" stroke="black"/>
              <path d="M 296,480 L 400,480" fill="none" stroke="black"/>
              <polygon class="arrowhead" points="296,464 284,458.4 284,469.6" fill="black" transform="rotate(0,288,464)"/>
              <polygon class="arrowhead" points="200,432 188,426.4 188,437.6" fill="black" transform="rotate(180,192,432)"/>
              <polygon class="arrowhead" points="144,408 132,402.4 132,413.6" fill="black" transform="rotate(90,136,408)"/>
              <polygon class="arrowhead" points="136,232 124,226.4 124,237.6" fill="black" transform="rotate(90,128,232)"/>
              <polygon class="arrowhead" points="120,296 108,290.4 108,301.6" fill="black" transform="rotate(270,112,296)"/>
              <g class="text">
                <text x="60" y="52">Attester</text>
                <text x="120" y="52">(HSM)</text>
                <text x="100" y="100">Target</text>
                <text x="120" y="116">Environment</text>
                <text x="112" y="132">(Elements</text>
                <text x="160" y="132">&amp;</text>
                <text x="112" y="148">values)</text>
                <text x="168" y="196">Collect</text>
                <text x="176" y="212">Claims(3)</text>
                <text x="112" y="260">Attesting</text>
                <text x="120" y="276">Environment</text>
                <text x="56" y="372">Attestation</text>
                <text x="208" y="372">Evidence(4)</text>
                <text x="52" y="388">Request(2)</text>
                <text x="244" y="420">Nonce(1)</text>
                <text x="120" y="452">Presenter</text>
                <text x="348" y="452">Verifier</text>
                <text x="240" y="484">Evidence(5)</text>
              </g>
            </svg>
          </artwork>
          <artwork type="ascii-art"><![CDATA[
+-----------------------------+
|  Attester (HSM)             |
|                             |
|      +------------------+   |
|      | Target           |   |
|      | Environment      |   |
|      | (Elements &      |   |
|      |  values)         |   |
|      +-------+----------+   |
|              |              |
|              | Collect      |
|              | Claims(3)    |
|              v              |
|      +------------------+   |
|      | Attesting        |   |
|      | Environment      |   |
|      +--------+---------+   |
|            ^  |             |
|            |  |             |
+------------+--+-------------+
             |  |
 Attestation |  |   Evidence(4)
 Request(2)  |  |
             |  v
     +----------------+   Nonce(1)  +------------+
     |                |<------------|            |
     |    Presenter   |             |  Verifier  |
     |                |------------>|            |
     +----------------+ Evidence(5) +------------+
]]></artwork>
        </artset>
      </figure>
      <t>The process of generating Evidence generally starts at the Verifier with the generation of a nonce. The nonce is used to ensure freshness
of the Evidence and this quality is guaranteed by the Verifier. Therefore, if a nonce is used, it must be provided to the Presenter by
the Verifier (1).</t>
      <t>An Attestation Request (request) is assembled by the Presenter and submitted to the HSM (2). The Attesting Environment parses the request and
collects the appropriate measurements from the Target Environment (3).</t>
      <t>In the previous figure, the HSM is represented as being composed of an Attesting Environment and a Target Environment. This representation is offered
as a simplified view and implementations are not required to adhere to this separation of concerns.</t>
      <t>The Attesting Environment produces Evidence based on the collected information and returns it to the Presenter for distribution (4). Finally, the
Presenter forwards the Evidence to the Verifier (5).</t>
      <t>The aim of the figure is to depict the position of the Presenter as an intermediate role between the Attester and the Verifier.
The role of "Presenter" is privileged as it controls the claims included in the Evidence being generated by the Attester. However, the role is not "trusted" as
the Verifier does not have to take into account the participation of the Presenter as part of the function of appraising the Evidence.</t>
      <t>The attestation request, shown in the figure, consists of a structure <tt>TbsEvidence</tt> containing one <tt>ReportedElement</tt> for each element expected to
be included in the Evidence produced by the HSM.</t>
      <t>Each instance of <tt>ReportedElement</tt> included in the request is referred to as a requested element. A requested element contains a number of instances
of <tt>ReportedClaim</tt> known as requested claims. The collection of requested elements and requested claims represent the information desired
by the Presenter.</t>
      <t>In most cases the value of a requested claim should be left unspecified by the Presenter. In the process of generating
the Evidence, the values of the desired claims are measured by the Attesting Environment within the HSM and reported accordingly. For the purpose
of creating a request, the Presenter does not specify the value of the requested claims and leaves them empty. This is possible because the definition of
the structure <tt>ReportedClaim</tt> specifies the element <tt>value</tt> as optional.</t>
      <t>On the other hand, there are circumstances where the value of a requested claim should be provided by the Presenter. For example, when a particular
cryptographic key is to be included in the Evidence, the request must include a key element with one of the "identifier" claim set to the value
corresponding to the desired key.</t>
      <t>Some instances of <tt>ReportedElement</tt>, such as those representing the platform or the transaction, do not need identifiers as the associated elements are
implicit in nature. Custom element types might need selection during an attestation request and related documentation should specify how this is
achieved.</t>
      <t>The instance of <tt>TbsEvidence</tt> is unsigned and does not provide any means to maintain integrity when communicated from the Presenter to the HSM.
These details are left to the implementer. However, it is worth pointing out that the structure offered by <tt>Evidence</tt> could be reused by an
implementer to provide those capabilities, as described in <xref target="sec-cons-auth-the-presenter"/>.</t>
      <section anchor="requested-claims-with-specified-values">
        <name>Requested Claims with Specified Values</name>
        <t>This section deals with the requested claims specified in this document where a value should be provided by a Presenter. In other words, this
section defines all requested claims that should set a value in the structure <tt>ReportedClaim</tt>. Requested claims not covered in this sub-section
should not have a specified value (left empty).</t>
        <t>Since this section is non-normative, implementers may deviate from those recommendations.</t>
        <section anchor="key-identifiers">
          <name>Key Identifiers</name>
          <t>A Presenter may choose to select which cryptographic keys are reported as part of the generated Evidence. For each selected cryptographic key,
the Presenter includes a requested element of type <tt>id-evidence-element-key</tt>. Among the requested claims for this element, the
Presenter includes one claim with the type <tt>id-evidence-claim-key-identifier</tt>. The value of this claim should be
set to the utf8String that represents the identifier for the specific key.</t>
          <t>An HSM receiving an attestation request which selects a key via this approach <bcp14>SHOULD</bcp14> fail the transaction if it cannot find the cryptographic
key associated with the specified identifier.</t>
        </section>
        <section anchor="nonce-1">
          <name>Nonce</name>
          <t>A Presenter may choose to include a nonce as part of the attestation request. When producing the Evidence, the HSM repeats the
nonce that was provided as part of the request.</t>
          <t>When providing a nonce, a Presenter includes, in the attestation request, an element of type <tt>id-evidence-element-transaction</tt>
with a claim of type <tt>id-evidence-claim-transaction-nonce</tt>. This claim is set with the value of the
nonce as an octet string.</t>
          <t>It is important to note that the Presenter, as an untrusted participant, should not be generating the value for the nonce. In fact, the
nonce should be generated by the Verifier so that the freshness of the Evidence can be trusted by the Verifier.</t>
        </section>
        <section anchor="reporting-of-attestation-keys">
          <name>Reporting of Attestation Keys</name>
          <t>There is a provision for the Attesting Environment to report the attestation key(s) used during the generation of the Evidence. To this end,
the transaction claim "ak-spki" is used.</t>
          <t>A Presenter invokes this provision by submitting an attestation request with a transaction claim of type "ak-spki" with a
non-specified value (left empty).</t>
          <t>In this case, the Attesting Environment adds a transaction claim of type "ak-spki" for each Attestation Key used to sign the Evidence. The
value of this claim is an octet string which is the encoding of the Subject Public Key Information (SPKI) associated
with the Attestation Key. Details on SPKIs and their encoding can be found in X.509 certificates (<xref target="RFC5280"/>).</t>
          <t>This reporting effectively binds the signature blocks to the content (see <xref target="sec-detached-sigs"/>).</t>
        </section>
        <section anchor="custom-key-selection">
          <name>Custom Key Selection</name>
          <t>An implementer might desire to select multiple cryptographic keys based on a shared attribute. A possible approach
is to include a single request element of type <tt>id-evidence-element-key</tt> including a claim with a set value. This claim
would not be related to the key identifier as this is unique to each key. A HSM supporting this scheme could select all the cryptographic
keys matching the specified claim and report them in the generated Evidence.</t>
          <t>This is a departure from the base request interface, as multiple key elements are reported from a single requested element.</t>
          <t>More elaborate selection schemes can be envisaged where multiple requested claims specifying values would be tested against cryptographic keys.
Whether these claims are combined in a logical "and" or in a logical "or" would need to be specified by the implementer.</t>
        </section>
        <section anchor="custom-transaction-element-claims">
          <name>Custom Transaction Element Claims</name>
          <t>The extensibility offered by the proposed request interface allows an implementer to add custom claims to the transaction element in
order to influence the way that the Evidence generation is performed.</t>
          <t>In such an approach, a new custom claim for requested elements of type "transaction" is defined. Then, a
claim of that type is included in the attestation request (as part of the transaction element) while specifying a value. This value
is considered by the HSM to select elements and claims during the generation of the Evidence.</t>
        </section>
      </section>
      <section anchor="sec-req-processing">
        <name>Processing an Attestation Request</name>
        <t>This sub-section deals with the rules that should be considered when an Attesting Environment processes a request to generate
Evidence. This section is non-normative and implementers <bcp14>MAY</bcp14> choose to not follow these recommendations.</t>
        <t>These recommendations apply to any attestation request schemes and are not restricted solely to the request interface proposed
here.</t>
        <t>An Attesting Environment <bcp14>SHOULD</bcp14> fail an attestation request if it contains an unrecognized element type. This is to ensure that all the semantics expected
by the Presenter are fully understood by the Attesting Environment.</t>
        <t>An Attesting Environment <bcp14>MUST</bcp14> fail an attestation request if it contains a requested claim with an unrecognized type with a specified a value (not
empty). This represents a situation where the Presenter is selecting specific information that is not understood by the Attesting Environment.</t>
        <t>An Attesting Environment <bcp14>SHOULD</bcp14> ignore unrecognized claim types in an attestation request. In this situation, the Attesting Environment <bcp14>SHOULD NOT</bcp14> include
the claim as part of the response. This guidance is to increase the likelihood of interoperability between tools of different vendors.</t>
        <t>An Attesting Environment <bcp14>MUST NOT</bcp14> include elements and claims in the generated Evidence if these elements and claims were
not specified as part of the request. This is to give control to the Presenter as to what information is disclosed by the Attesting Environment.</t>
        <t>An Attesting Environment <bcp14>MUST</bcp14> fail an attestation request if the Presenter does not have the appropriate access rights to the elements or claims included
in the request.</t>
      </section>
      <section anchor="sec-req-verification">
        <name>Verification by Presenter</name>
        <t>This sub-section deals with the rules that should be considered when a Presenter receives Evidence from the Attester (the HSM)
prior to distribution. This section is non-normative and implementers <bcp14>MAY</bcp14> choose to not follow these recommendations.</t>
        <t>These recommendations apply to any Evidence and are not restricted solely to Evidence generated from the proposed request interface.</t>
        <t>A Presenter <bcp14>MUST</bcp14> review the Evidence produced by an Attester for fitness prior to distribution.</t>
        <t>A Presenter <bcp14>MUST NOT</bcp14> disclose Evidence if it contains information it
cannot parse. This restriction applies to element types and claim types. This is
to ensure that the information provided by the Attester can be evaluated by the
Presenter.</t>
        <t>A Presenter <bcp14>MUST NOT</bcp14> disclose Evidence if it contains elements others
than the ones that were requested of the Attester. This is to ensure that only the
selected elements are exposed to the Verifier.
M
A Presenter <bcp14>MUST NOT</bcp14> disclose Evidence if it contains an element with a claim
that was not requested of the Attester. This is to ensure that only the selected
information is disclosed to the Verifier.</t>
        <t>Further privacy concerns are discussed in <xref target="sec-cons-privacy"/>.</t>
      </section>
    </section>
    <section anchor="sec-asn1-mod">
      <name>ASN.1 Module</name>
      <sourcecode type="asn.1"><![CDATA[
<CODE STARTS>

PKIX-Evidence-2025
      { iso(1) identified-organization(3) dod(6) internet(1)
        security(5) mechanisms(5) pkix(7) id-mod(0)
        id-mod-pkix-evidence-2025(999) }

DEFINITIONS EXPLICIT TAGS ::=
BEGIN

EXPORTS ALL ;

IMPORTS
  AlgorithmIdentifier{}, SIGNATURE-ALGORITHM
    FROM AlgorithmInformation-2009 -- in [RFC5912]
  { iso(1) identified-organization(3) dod(6) internet(1)
    security(5)mechanisms(5) pkix(7) id-mod(0)
    id-mod-algorithmInformation-02(58) }

  Certificate, SubjectPublicKeyInfo
    FROM PKIX1Explicit-2009 -- in [RFC5912]
  { iso(1) identified-organization(3) dod(6) internet(1)
    security(5) mechanisms(5) pkix(7) id-mod(0)
    id-mod-pkix1-explicit-02(51) }
;

-- OID Arc

id-kp OBJECT IDENTIFIER ::=
  { iso(1) identified-organization(3) dod(6) internet(1)
    security(5) mechanisms(5) pkix(7) kp(3) }

  -- Attestation Key Extended Key Usage --

id-kp-attestationKey OBJECT IDENTIFIER ::= { id-kp 999 }

-- Evidence --

Evidence ::= SEQUENCE {
    tbs  TbsEvidence,
    signatures  SEQUENCE SIZE (0..MAX) OF SignatureBlock,
    intermediateCertificates  [0] SEQUENCE OF Certificate OPTIONAL
                                  -- As defined in RFC 5912
}
SignatureBlock ::= SEQUENCE {
    sid SignerIdentifier,
    signatureAlgorithm AlgorithmIdentifier{
        SIGNATURE-ALGORITHM, {SignatureAlgSet} },
    signatureValue OCTET STRING
}

SignerIdentifier ::= SEQUENCE {
    keyId [0] EXPLICIT OCTET STRING OPTIONAL,
    subjectPublicKeyInfo [1] EXPLICIT
        SubjectPublicKeyInfo OPTIONAL,
        -- As defined in RFC 5912
    certificate [2] EXPLICIT Certificate OPTIONAL
      -- As defined in RFC 5912
} (
    WITH COMPONENTS { ..., keyId PRESENT}
    | WITH COMPONENTS { ..., subjectPublicKeyInfo PRESENT }
    | WITH COMPONENTS { ...,certificate PRESENT } )

TbsEvidence ::= SEQUENCE {
    version INTEGER,
    reportedElements SEQUENCE SIZE (1..MAX) OF ReportedElement
}

ReportedElement ::= SEQUENCE {
    elementType         OBJECT IDENTIFIER,
    claims             SEQUENCE SIZE (1..MAX) OF ReportedClaim
}

CLAIM ::= CLASS {
    &id       OBJECT IDENTIFIER UNIQUE,
    &Type
} WITH SYNTAX {
    ID &id
    WITH TYPE &Type
}

ReportedClaim ::= SEQUENCE {
    claimType  CLAIM.&id ({ClaimSet}),
    value      CLAIM.&Type ({ClaimSet}{@claimType}) OPTIONAL
}

ClaimSet CLAIM ::= {
      claim-transaction-nonce
      | claim-transaction-timestamp
      | claim-transaction-ak-spki
      | claim-platform-vendor
      | claim-platform-oemid
      | claim-platform-hwmodel
      | claim-platform-hwversion
      | claim-platform-hwserial
      | claim-platform-swname
      | claim-platform-swversion
      | claim-platform-debugstat
      | claim-platform-uptime
      | claim-platform-bootcount
      | claim-platform-fipsboot
      | claim-platform-fipsver
      | claim-platform-fipslevel
      | claim-platform-fipsmodule
      | claim-key-identifier
      | claim-key-spki
      | claim-key-extractable
      | claim-key-sensitive
      | claim-key-never-extractable
      | claim-key-local
      | claim-key-expiry
      | claim-key-purpose
}

id-evidence OBJECT IDENTIFIER ::= { 1 2 3 999 }

id-evidence-element             OBJECT IDENTIFIER ::=
    { id-evidence 0 }
id-evidence-element-transaction OBJECT IDENTIFIER ::=
    { id-evidence-element 0 }
id-evidence-element-platform    OBJECT IDENTIFIER ::=
    { id-evidence-element 1 }
id-evidence-element-key         OBJECT IDENTIFIER ::=
    { id-evidence-element 2 }

id-evidence-claim    OBJECT IDENTIFIER ::=
    { id-evidence 1 }

id-evidence-claim-transaction           OBJECT IDENTIFIER ::=
    { id-evidence-claim 0 }
id-evidence-claim-transaction-nonce     OBJECT IDENTIFIER ::=
    { id-evidence-claim-transaction 0 }
id-evidence-claim-transaction-timestamp OBJECT IDENTIFIER ::=
    { id-evidence-claim-transaction 1 }
id-evidence-claim-transaction-ak-spki   OBJECT IDENTIFIER ::=
    { id-evidence-claim-transaction 2 }

id-evidence-claim-platform            OBJECT IDENTIFIER ::=
    { id-evidence-claim 1 }
id-evidence-claim-platform-vendor     OBJECT IDENTIFIER ::=
    { id-evidence-claim-platform 0 }
id-evidence-claim-platform-oemid      OBJECT IDENTIFIER ::=
    { id-evidence-claim-platform 1 }
id-evidence-claim-platform-hwmodel    OBJECT IDENTIFIER ::=
    { id-evidence-claim-platform 2 }
id-evidence-claim-platform-hwversion  OBJECT IDENTIFIER ::=
    { id-evidence-claim-platform 3 }
id-evidence-claim-platform-hwserial   OBJECT IDENTIFIER ::=
    { id-evidence-claim-platform 4 }
id-evidence-claim-platform-swname     OBJECT IDENTIFIER ::=
    { id-evidence-claim-platform 5 }
id-evidence-claim-platform-swversion  OBJECT IDENTIFIER ::=
    { id-evidence-claim-platform 6 }
id-evidence-claim-platform-debugstat  OBJECT IDENTIFIER ::=
    { id-evidence-claim-platform 7 }
id-evidence-claim-platform-uptime     OBJECT IDENTIFIER ::=
    { id-evidence-claim-platform 8 }
id-evidence-claim-platform-bootcount  OBJECT IDENTIFIER ::=
    { id-evidence-claim-platform 9 }
id-evidence-claim-platform-fipsboot   OBJECT IDENTIFIER ::=
    { id-evidence-claim-platform 10 }
id-evidence-claim-platform-fipsver    OBJECT IDENTIFIER ::=
    { id-evidence-claim-platform 11 }
id-evidence-claim-platform-fipslevel  OBJECT IDENTIFIER ::=
    { id-evidence-claim-platform 12 }
id-evidence-claim-platform-fipsmodule OBJECT IDENTIFIER ::=
    { id-evidence-claim-platform 13 }

id-evidence-claim-key                   OBJECT IDENTIFIER ::=
    { id-evidence-claim 2 }
id-evidence-claim-key-identifier        OBJECT IDENTIFIER ::=
    { id-evidence-claim-key 0 }
id-evidence-claim-key-spki              OBJECT IDENTIFIER ::=
    { id-evidence-claim-key 1 }
id-evidence-claim-key-extractable       OBJECT IDENTIFIER ::=
    { id-evidence-claim-key 2 }
id-evidence-claim-key-sensitive         OBJECT IDENTIFIER ::=
    { id-evidence-claim-key 3 }
id-evidence-claim-key-never-extractable OBJECT IDENTIFIER ::=
    { id-evidence-claim-key 4 }
id-evidence-claim-key-local             OBJECT IDENTIFIER ::=
    { id-evidence-claim-key 5 }
id-evidence-claim-key-expiry            OBJECT IDENTIFIER ::=
    { id-evidence-claim-key 6 }
id-evidence-claim-key-purpose           OBJECT IDENTIFIER ::=
    { id-evidence-claim-key 7 }

id-evidence-key-capability              OBJECT IDENTIFIER ::=
    { id-evidence 2 }
id-evidence-key-capability-encrypt      OBJECT IDENTIFIER ::=
    { id-evidence-key-capability 0 }
id-evidence-key-capability-decrypt      OBJECT IDENTIFIER ::=
    { id-evidence-key-capability 1 }
id-evidence-key-capability-wrap         OBJECT IDENTIFIER ::=
    { id-evidence-key-capability 2 }
id-evidence-key-capability-unwrap       OBJECT IDENTIFIER ::=
    { id-evidence-key-capability 3 }
id-evidence-key-capability-sign         OBJECT IDENTIFIER ::=
    { id-evidence-key-capability 4 }
id-evidence-key-capability-sign-recover OBJECT IDENTIFIER ::=
    { id-evidence-key-capability 5 }
id-evidence-key-capability-verify       OBJECT IDENTIFIER ::=
    { id-evidence-key-capability 6 }
id-evidence-key-capability-verify-recover OBJECT IDENTIFIER ::=
    { id-evidence-key-capability 7 }
id-evidence-key-capability-derive       OBJECT IDENTIFIER ::=
    { id-evidence-key-capability 8 }


claim-transaction-nonce CLAIM ::= {
  ID id-evidence-claim-transaction-nonce
  WITH TYPE OCTET STRING
}

claim-transaction-timestamp CLAIM ::= {
  ID id-evidence-claim-transaction-timestamp
  WITH TYPE GeneralizedTime
}

claim-transaction-ak-spki CLAIM ::= {
  ID id-evidence-claim-transaction-ak-spki
  WITH TYPE OCTET STRING
}

claim-platform-vendor CLAIM ::= {
  ID id-evidence-claim-platform-vendor
  WITH TYPE UTF8String
}

claim-platform-oemid CLAIM ::= {
  ID id-evidence-claim-platform-oemid
  WITH TYPE OCTET STRING
}

claim-platform-hwmodel CLAIM ::= {
  ID id-evidence-claim-platform-hwmodel
  WITH TYPE OCTET STRING
}

claim-platform-hwversion CLAIM ::= {
  ID id-evidence-claim-platform-hwversion
  WITH TYPE UTF8String
}

claim-platform-hwserial CLAIM ::= {
  ID id-evidence-claim-platform-hwserial
  WITH TYPE UTF8String
}

claim-platform-swname CLAIM ::= {
  ID id-evidence-claim-platform-swname
  WITH TYPE UTF8String
}

claim-platform-swversion CLAIM ::= {
  ID id-evidence-claim-platform-swversion
  WITH TYPE UTF8String
}

claim-platform-debugstat CLAIM ::= {
  ID id-evidence-claim-platform-debugstat
  WITH TYPE INTEGER
}

claim-platform-uptime CLAIM ::= {
  ID id-evidence-claim-platform-uptime
  WITH TYPE INTEGER
}

claim-platform-bootcount CLAIM ::= {
  ID id-evidence-claim-platform-bootcount
  WITH TYPE INTEGER
}

claim-platform-fipsboot CLAIM ::= {
  ID id-evidence-claim-platform-fipsboot
  WITH TYPE BOOLEAN
}

claim-platform-fipsver CLAIM ::= {
  ID id-evidence-claim-platform-fipsver
  WITH TYPE UTF8String
}

claim-platform-fipslevel CLAIM ::= {
  ID id-evidence-claim-platform-fipslevel
  WITH TYPE INTEGER
}

claim-platform-fipsmodule CLAIM ::= {
  ID id-evidence-claim-platform-fipsmodule
  WITH TYPE UTF8String
}

claim-key-identifier CLAIM ::= {
  ID id-evidence-claim-key-identifier
  WITH TYPE UTF8String
}

claim-key-spki CLAIM ::= {
  ID id-evidence-claim-key-spki
  WITH TYPE OCTET STRING
}

claim-key-extractable CLAIM ::= {
  ID id-evidence-claim-key-extractable
  WITH TYPE BOOLEAN
}

claim-key-sensitive CLAIM ::= {
  ID id-evidence-claim-key-sensitive
  WITH TYPE BOOLEAN
}

claim-key-never-extractable CLAIM ::= {
  ID id-evidence-claim-key-never-extractable
  WITH TYPE BOOLEAN
}

claim-key-local CLAIM ::= {
  ID id-evidence-claim-key-local
  WITH TYPE BOOLEAN
}

claim-key-expiry CLAIM ::= {
  ID id-evidence-claim-key-expiry
  WITH TYPE GeneralizedTime
}

claim-key-purpose CLAIM ::= {
  ID id-evidence-claim-key-purpose
  WITH TYPE KeyPurposes
}

KeyPurposes ::= SEQUENCE OF OBJECT IDENTIFIER

END

<CODE ENDS>

]]></sourcecode>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>Please replace "RFCthis" with the RFC number assigned to this document.</t>
      <t>For the ASN.1 module found in Section 8, IANA is requested to assign
an object identifier for the module identifier (TBDMOD) with a
description of "id-mod-pkix-evidence-2025". This should be allocated in the
"SMI Security for PKIX Module Identifier" registry (1.3.6.1.5.5.7.0).</t>
      <t>Fo the ASN.1 module found in section 8, IANA is requested to assign an
object identifier for the extended key usage <tt>id-kp-attestationKey</tt>.
This identifier should be allocated under the PKIX KP arc (1.3.6.1.5.5.7.3)
with the description "Extended Key Usage (EKU) for signing Evidence".</t>
      <t>IANA is asked to define a new arc under "SMI Security for Mechanism Codes" (1.3.6.1.5.5) with the following
details:</t>
      <ul spacing="normal">
        <li>
          <t>OID Value: 1.3.6.1.5.5.&lt;evidence&gt;</t>
        </li>
        <li>
          <t>Name: evidence</t>
        </li>
        <li>
          <t>Description: Evidence Encoding for Hardware Security Modules</t>
        </li>
        <li>
          <t>Reference: RFCthis</t>
        </li>
      </ul>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <section anchor="sec-cons-verifier">
        <name>Policies relating to Verifier and Relying Party</name>
        <t>The generation of Evidence by an HSM is to provide sufficient information to
a Verifier and, ultimately, a Relying Party to appraise the Target Environment (the HSM) and make
decisions based on this appraisal.</t>
        <t>The Appraisal Policy associated with the Verifier influences the generation of the Attestation
Results. Those results, in turn, are consumed by the Relying Party to make decisions about
the HSM, which might be based on a set of rules and policies. Therefore, the interpretation of
the provided Evidence may greatly influence the outcome of some decisions.</t>
        <t>A Verifier <bcp14>MAY</bcp14> reject Evidence if it lacks the claims required per the Verifier's
appraisal policy. For example, if a Relying Party mandates a FIPS-certified device,
it <bcp14>SHOULD</bcp14> reject Evidence lacking sufficient information to verify the device's FIPS
certification status.</t>
        <t>If a Verifier encounters a claim with an unrecognized claim type, it <bcp14>MAY</bcp14> ignore it and
treat it as extraneous information. By ignoring a claim, the Verifier may accept Evidence
that would be deemed malformed to a Verifier with different policies. However, this approach
fosters a higher likelihood of achieving interoperability.</t>
      </section>
      <section anchor="sec-cons-simple">
        <name>Simple to Implement</name>
        <t>The nature of attestation requires the Attesting Environment to be implemented in an extremely
privileged position within the HSM so that it can collect the required measurements such as
hardware registers and the user keys. For many HSM architectures, this will
place the Attesting Environment inside the "security kernel" and potentially subject to FIPS 140-3
or Common Criteria validation and change control. For both security and compliance reasons,
there is an incentive for the generation and parsing logic to be simple and easy to implement
correctly. Additionally, when the data formats contained in this specification are parsed
within an HSM boundary -- that would be parsing Evidence
produced by a different HSM -- implementers <bcp14>SHOULD</bcp14> opt for simple logic that rejects any
data that does not match the expected format, instead of attempting to be flexible.</t>
        <t>In particular, the Attesting Environment <bcp14>SHOULD</bcp14> generate Evidence from scratch and
avoid copying any content from the request. The Attesting Environment <bcp14>MUST</bcp14> generate Evidence
only from information and measurements that are directly observable by it.</t>
      </section>
      <section anchor="sec-detached-sigs">
        <name>Detached Signatures</name>
        <t>The construction of the Evidence structure includes a collection of signature
blocks that are not explicitly bound to the content. This approach was influenced by the following
motivations:</t>
        <ul spacing="normal">
          <li>
            <t>Multiple simultaneous signature blocks are desired to support hybrid environments where
multiple keys using different cryptographic algorithms are required to support appraisal
policies.</t>
          </li>
          <li>
            <t>Provide the ability to add counter-signatures without having to define an envelop scheme.</t>
          </li>
        </ul>
        <t>The concept of counter-signatures is important for environments where a number of heterogeneous
devices are deployed. In those environments, it is possible for a trusted actor, intermediary between
the Attester and the Verifier, to validate the original signature(s) and apply its own afterwards.</t>
        <t>The ability to add signature blocks to the Evidence after the original generation by the Attester leads
to the unfortunate situation where signature blocks can also be removed without leaving any trace.
Therefore, the signature blocks can be deemed as "detachable" or "stapled".</t>
        <t>Manipulation of the Evidence after it was generated can lead to undesired outcomes at the Verifier.</t>
        <t>Therefore, Verifiers <bcp14>MUST</bcp14> be designed to accept Evidence based on their appraisal policies, regardless
of the presence or absence of certain signature(s). Consequently, Verifiers <bcp14>MUST NOT</bcp14> make any inferences
based on the presence of a signature, as the signature could have been added or removed in transit.</t>
        <t>This specification provides the transaction claim "ak-spki" to effectively bind the content with
the signature blocks that were inserted by the Attesting Environment. When this claim is provided, it reports
the SPKI of one of the attestation keys used by the Attesting Environment to produce the Evidence. This claim
is repeated for each of the attestation keys used by the Attesting Environment.</t>
      </section>
      <section anchor="sec-cons-privacy">
        <name>Privacy</name>
        <t>Some HSMs have the capacity of supporting cryptographic keys controlled by separate elements referred to as "tenants", and when the HSM is used in that mode
it is referred to as a multi-tenant configuration.</t>
        <t>For example, an enterprise-grade HSM in a large multi-tenant cloud service could host TLS keys fronting multiple un-related web domains. Providing Evidence for
claims of any one of the keys would involve a Presenter that could potentially access any of the hosted keys.
In such a case, privacy violations could occur if the Presenter was to disclose information that does not relate to the subject key.</t>
        <t>Implementers <bcp14>SHOULD</bcp14> be careful to avoid over-disclosure of information, for example by authenticating the Presenter as described in <xref target="sec-cons-auth-the-presenter"/> and
only returning results for keys and portions of the Target Environment for which it is authorized.
In the absence of an existing mechanism for authenticating and authorizing administrative connections to the HSM, the attestation request authentication approach is described in <xref target="sec-cons-auth-the-presenter"/>.</t>
        <t>Furthermore, enterprise and cloud-services grade HSMs <bcp14>SHOULD</bcp14> support the full set of attestation request functionality described in <xref target="sec-reqs"/> so that
Presenters can fine-tune the content of the generated Evidence such that it is appropriate for the intended Verifier.</t>
      </section>
      <section anchor="sec-cons-auth-the-presenter">
        <name>Authenticating and Authorizing the Presenter</name>
        <t>The Presenter represents a privileged role within the architecture of this specification as it gets to learn about the existence of user keys and their protection properties, as well as details of the platform.
The Presenter is in the position of deciding how much information to disclose to the Verifier, and to request a suitably redacted Evidence from the HSM.</t>
        <t>For personal cryptographic tokens it might be appropriate for the attestation request interface to be un-authenticated. However, for enterprise and cloud-services
grade HSMs the Presenter <bcp14>SHOULD</bcp14> be authenticated using the HSM's native authentication mechanism. The details are HSM-specific and are thus left up to the implementer. However,
it is <bcp14>RECOMMENDED</bcp14> to implement an authorization framework similar to the following.</t>
        <t>A Presenter <bcp14>SHOULD</bcp14> be allowed to request Evidence for any user keys which it is allowed to use.
For example, a TLS application that is correctly authenticated to the HSM in order to use its TLS keys <bcp14>SHOULD</bcp14> be able to request Evidence related to those same keys without needing
to perform any additional authentication or requiring any additional roles or permissions.
HSMs that wish to allow a Presenter to request Evidence of keys which is not allowed to use, for example for the purposes of displaying HSM status information on an administrative
console or UI, <bcp14>SHOULD</bcp14> have a "Attestation Requester" role or permission and <bcp14>SHOULD</bcp14> enforce the HSM's native access controls such that the Presenter can only retrieve Evidence for keys for which it has visibility.</t>
        <t>In the absence of an existing mechanism for authenticating and authorizing administrative connections to the HSM, the attestation request <bcp14>MAY</bcp14> be authenticated by embedding the <tt>TbsEvidence</tt>
of the request inside an <tt>Evidence</tt> signed with a certificate belonging to the Presenter.</t>
      </section>
      <section anchor="proof-of-possession-of-user-keys">
        <name>Proof-of-Possession of User Keys</name>
        <t>With asymmetric keys within a Public Key Infrastructure (PKI) it is common to require a key holder to prove that they are in control of the private key by using it. This is
called "proof-of-possession (PoP)". This specification intentionally does not provide a mechanism for PoP of user keys and relies on the Presenter, Verifier, and Relying Party
trusting the Attester to correctly report the cryptographic keys that it is holding.</t>
        <t>It would be trivial to add a PoP Key claim that uses the attested user key to sign over, for example, the Transaction Element. However, this approach leads to undesired consequences, as explained
below.</t>
        <t>First, a user key intended for TLS, as an example, <bcp14>SHOULD</bcp14> only be used with the TLS protocol. Introducing a signature oracle whereby the TLS application key is used to sign Evidence could lead to cross-protocol attacks.
In this example, an attacker could submit a "nonce" value which is in fact not random but is crafted in such a way as to appear as a valid message in some other protocol context or exploit some other weakness in the signature algorithm.</t>
        <t>Second, the Presenter who has connected to the HSM to request Evidence may have permissions to list the requested application keys but not permission to use them,
as in the case where the Presenter is an administrative UI displaying HSM status information to a system's administrator or auditor.</t>
        <t>Requiring the Attesting Environment to use the reported application keys to generate Evidence could, in some architectures, require the Attesting Environment to
resolve complex access control logic and handle complex error conditions, which violates the "simple to implement" design principle outlined in <xref target="sec-cons-simple"/>.
More discussions on authenticating the Presenter can be found in <xref target="sec-cons-auth-the-presenter"/>.</t>
      </section>
      <section anchor="sec-cons-hsm-timestamps">
        <name>Timestamps and HSMs</name>
        <t>It is common for HSMs to have an inaccurate system clock. Most clocks have a natural drift and must be corrected periodically. HSMs, like any other devices,
are subject to these issues.</t>
        <t>There are many situations where HSMs can not naturally correct their internal system clocks. For example, consider a HSM hosting a trust anchor and usually kept offline
and booted up infrequently in a network without a reliable time management service. Another example is a smart card which boots up only when held against an NFC reader.</t>
        <t>When a timestamp generated from a HSM is evaluated, the expected behavior of the system clock <bcp14>SHOULD</bcp14> be considered.</t>
        <t>More specifically, the timestamp <bcp14>SHOULD NOT</bcp14> be relied on for establishing the freshness of the Evidence generated by a HSM. Instead, Verifiers <bcp14>SHOULD</bcp14> rely on other provisions
such as the "nonce" claim of the "transaction" element, introduced in this specification.</t>
        <t>Furthermore, the internal system clock of HSMs <bcp14>SHOULD NOT</bcp14> be relied on to enforce expiration policies.</t>
      </section>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC9334">
          <front>
            <title>Remote ATtestation procedureS (RATS) Architecture</title>
            <author fullname="H. Birkholz" initials="H." surname="Birkholz"/>
            <author fullname="D. Thaler" initials="D." surname="Thaler"/>
            <author fullname="M. Richardson" initials="M." surname="Richardson"/>
            <author fullname="N. Smith" initials="N." surname="Smith"/>
            <author fullname="W. Pan" initials="W." surname="Pan"/>
            <date month="January" year="2023"/>
            <abstract>
              <t>In network protocol exchanges, it is often useful for one end of a communication to know whether the other end is in an intended operating state. This document provides an architectural overview of the entities involved that make such tests possible through the process of generating, conveying, and evaluating evidentiary Claims. It provides a model that is neutral toward processor architectures, the content of Claims, and protocols.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9334"/>
          <seriesInfo name="DOI" value="10.17487/RFC9334"/>
        </reference>
        <reference anchor="RFC5280">
          <front>
            <title>Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile</title>
            <author fullname="D. Cooper" initials="D." surname="Cooper"/>
            <author fullname="S. Santesson" initials="S." surname="Santesson"/>
            <author fullname="S. Farrell" initials="S." surname="Farrell"/>
            <author fullname="S. Boeyen" initials="S." surname="Boeyen"/>
            <author fullname="R. Housley" initials="R." surname="Housley"/>
            <author fullname="W. Polk" initials="W." surname="Polk"/>
            <date month="May" year="2008"/>
            <abstract>
              <t>This memo profiles the X.509 v3 certificate and X.509 v2 certificate revocation list (CRL) for use in the Internet. An overview of this approach and model is provided as an introduction. The X.509 v3 certificate format is described in detail, with additional information regarding the format and semantics of Internet name forms. Standard certificate extensions are described and two Internet-specific extensions are defined. A set of required certificate extensions is specified. The X.509 v2 CRL format is described in detail along with standard and Internet-specific extensions. An algorithm for X.509 certification path validation is described. An ASN.1 module and examples are provided in the appendices. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="5280"/>
          <seriesInfo name="DOI" value="10.17487/RFC5280"/>
        </reference>
        <reference anchor="RFC9711">
          <front>
            <title>The Entity Attestation Token (EAT)</title>
            <author fullname="L. Lundblade" initials="L." surname="Lundblade"/>
            <author fullname="G. Mandyam" initials="G." surname="Mandyam"/>
            <author fullname="J. O'Donoghue" initials="J." surname="O'Donoghue"/>
            <author fullname="C. Wallace" initials="C." surname="Wallace"/>
            <date month="April" year="2025"/>
            <abstract>
              <t>An Entity Attestation Token (EAT) provides an attested claims set that describes the state and characteristics of an entity, a device such as a smartphone, an Internet of Things (IoT) device, network equipment, or such. This claims set is used by a relying party, server, or service to determine the type and degree of trust placed in the entity.</t>
              <t>An EAT is either a CBOR Web Token (CWT) or a JSON Web Token (JWT) with attestation-oriented claims.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9711"/>
          <seriesInfo name="DOI" value="10.17487/RFC9711"/>
        </reference>
        <reference anchor="RFC4648">
          <front>
            <title>The Base16, Base32, and Base64 Data Encodings</title>
            <author fullname="S. Josefsson" initials="S." surname="Josefsson"/>
            <date month="October" year="2006"/>
            <abstract>
              <t>This document describes the commonly used base 64, base 32, and base 16 encoding schemes. It also discusses the use of line-feeds in encoded data, use of padding in encoded data, use of non-alphabet characters in encoded data, use of different encoding alphabets, and canonical encodings. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="4648"/>
          <seriesInfo name="DOI" value="10.17487/RFC4648"/>
        </reference>
        <reference anchor="X680" target="https://www.itu.int/rec/T-REC-X.680">
          <front>
            <title>Information technology — ASN.1: Specification of basic notation</title>
            <author>
              <organization>ITU-T</organization>
            </author>
            <date>n.d.</date>
          </front>
        </reference>
        <reference anchor="X690" target="https://www.itu.int/rec/T-REC-X.690">
          <front>
            <title>Information technology — ASN.1 encoding rules: BER, CER, DER</title>
            <author>
              <organization>ITU-T</organization>
            </author>
            <date>n.d.</date>
          </front>
        </reference>
        <reference anchor="PKCS11" target="https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/pkcs11-spec-v3.1-cs01.html">
          <front>
            <title>PKCS #11 Specification Version 3.1</title>
            <author initials="D." surname="Bong" fullname="Dieter Bong">
              <organization/>
            </author>
            <author initials="T." surname="Cox" fullname="Tony Cox">
              <organization/>
            </author>
            <author>
              <organization>OASIS PKCS 11 TC</organization>
            </author>
            <date year="2022" month="August" day="11"/>
          </front>
        </reference>
        <reference anchor="FIPS140-3" target="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf">
          <front>
            <title>Security Requirements for Cryptographic Modules</title>
            <author>
              <organization>NIST, Information Technology Laboratory</organization>
            </author>
            <date>n.d.</date>
          </front>
          <seriesInfo name="FIPS" value="140-3"/>
        </reference>
        <reference anchor="X.690" target="https://www.itu.int/rec/T-REC-X.690">
          <front>
            <title>Information technology -- ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)</title>
            <author>
              <organization>ITU-T</organization>
            </author>
            <date year="2021" month="February"/>
          </front>
          <seriesInfo name="ITU-T Recommendation" value="X.690"/>
          <seriesInfo name="ISO/IEC" value="8825-1:2021"/>
        </reference>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="RFC2986">
          <front>
            <title>PKCS #10: Certification Request Syntax Specification Version 1.7</title>
            <author fullname="M. Nystrom" initials="M." surname="Nystrom"/>
            <author fullname="B. Kaliski" initials="B." surname="Kaliski"/>
            <date month="November" year="2000"/>
            <abstract>
              <t>This memo represents a republication of PKCS #10 v1.7 from RSA Laboratories' Public-Key Cryptography Standards (PKCS) series, and change control is retained within the PKCS process. The body of this document, except for the security considerations section, is taken directly from the PKCS #9 v2.0 or the PKCS #10 v1.7 document. This memo provides information for the Internet community.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="2986"/>
          <seriesInfo name="DOI" value="10.17487/RFC2986"/>
        </reference>
        <reference anchor="RFC6024">
          <front>
            <title>Trust Anchor Management Requirements</title>
            <author fullname="R. Reddy" initials="R." surname="Reddy"/>
            <author fullname="C. Wallace" initials="C." surname="Wallace"/>
            <date month="October" year="2010"/>
            <abstract>
              <t>A trust anchor represents an authoritative entity via a public key and associated data. The public key is used to verify digital signatures, and the associated data is used to constrain the types of information for which the trust anchor is authoritative. A relying party uses trust anchors to determine if a digitally signed object is valid by verifying a digital signature using the trust anchor's public key, and by enforcing the constraints expressed in the associated data for the trust anchor. This document describes some of the problems associated with the lack of a standard trust anchor management mechanism and defines requirements for data formats and push-based protocols designed to address these problems. This document is not an Internet Standards Track specification; it is published for informational purposes.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6024"/>
          <seriesInfo name="DOI" value="10.17487/RFC6024"/>
        </reference>
        <reference anchor="RFC9019">
          <front>
            <title>A Firmware Update Architecture for Internet of Things</title>
            <author fullname="B. Moran" initials="B." surname="Moran"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <author fullname="D. Brown" initials="D." surname="Brown"/>
            <author fullname="M. Meriac" initials="M." surname="Meriac"/>
            <date month="April" year="2021"/>
            <abstract>
              <t>Vulnerabilities in Internet of Things (IoT) devices have raised the need for a reliable and secure firmware update mechanism suitable for devices with resource constraints. Incorporating such an update mechanism is a fundamental requirement for fixing vulnerabilities, but it also enables other important capabilities such as updating configuration settings and adding new functionality.</t>
              <t>In addition to the definition of terminology and an architecture, this document provides the motivation for the standardization of a manifest format as a transport-agnostic means for describing and protecting firmware updates.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9019"/>
          <seriesInfo name="DOI" value="10.17487/RFC9019"/>
        </reference>
        <reference anchor="RFC4211">
          <front>
            <title>Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF)</title>
            <author fullname="J. Schaad" initials="J." surname="Schaad"/>
            <date month="September" year="2005"/>
            <abstract>
              <t>This document describes the Certificate Request Message Format (CRMF) syntax and semantics. This syntax is used to convey a request for a certificate to a Certification Authority (CA), possibly via a Registration Authority (RA), for the purposes of X.509 certificate production. The request will typically include a public key and the associated registration information. This document does not define a certificate request protocol. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="4211"/>
          <seriesInfo name="DOI" value="10.17487/RFC4211"/>
        </reference>
        <reference anchor="I-D.ietf-lamps-csr-attestation">
          <front>
            <title>Use of Remote Attestation with Certification Signing Requests</title>
            <author fullname="Mike Ounsworth" initials="M." surname="Ounsworth">
              <organization>Cryptic Forest Software</organization>
            </author>
            <author fullname="Hannes Tschofenig" initials="H." surname="Tschofenig">
              <organization>Siemens</organization>
            </author>
            <author fullname="Henk Birkholz" initials="H." surname="Birkholz">
              <organization>Fraunhofer SIT</organization>
            </author>
            <author fullname="Monty Wiseman" initials="M." surname="Wiseman">
              <organization>Independent</organization>
            </author>
            <author fullname="Ned Smith" initials="N." surname="Smith">
         </author>
            <date day="16" month="June" year="2026"/>
            <abstract>
              <t>   Certification Authorities (CAs) issuing certificates to Public Key
   Infrastructure (PKI) end entities may require a certificate signing
   request (CSR) to include additional verifiable information to confirm
   policy compliance.  For example, a CA may require an end entity to
   demonstrate that the private key corresponding to a CSR's public key
   is secured by a hardware security module (HSM), is not exportable,
   etc.  The process of generating, transmitting, and verifying
   additional information required by the CA is called remote
   attestation.  While work is currently underway to standardize various
   aspects of remote attestation, a variety of proprietary mechanisms
   have been in use for years, particularly regarding protection of
   private keys.

   This specification defines ASN.1 structures which may carry
   attestation data for PKCS#10 and Certificate Request Message Format
   (CRMF) messages.  Both standardized and proprietary attestation
   formats are supported by this specification.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-lamps-csr-attestation-28"/>
        </reference>
        <reference anchor="I-D.fossati-tls-attestation">
          <front>
            <title>Using Attestation in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)</title>
            <author fullname="Hannes Tschofenig" initials="H." surname="Tschofenig">
         </author>
            <author fullname="Yaron Sheffer" initials="Y." surname="Sheffer">
              <organization>Intuit</organization>
            </author>
            <author fullname="Paul Howard" initials="P." surname="Howard">
              <organization>Arm Limited</organization>
            </author>
            <author fullname="Ionuț Mihalcea" initials="I." surname="Mihalcea">
              <organization>Arm Limited</organization>
            </author>
            <author fullname="Yogesh Deshpande" initials="Y." surname="Deshpande">
              <organization>Arm Limited</organization>
            </author>
            <author fullname="Arto Niemi" initials="A." surname="Niemi">
              <organization>Huawei</organization>
            </author>
            <author fullname="Thomas Fossati" initials="T." surname="Fossati">
              <organization>Linaro</organization>
            </author>
            <date day="30" month="April" year="2025"/>
            <abstract>
              <t>   The TLS handshake protocol allows authentication of one or both peers
   using static, long-term credentials.  In some cases, it is also
   desirable to ensure that the peer runtime environment is in a secure
   state.  Such an assurance can be achieved using attestation which is
   a process by which an entity produces evidence about itself that
   another party can use to appraise whether that entity is found in a
   secure state.  This document describes a series of protocol
   extensions to the TLS 1.3 handshake that enables the binding of the
   TLS authentication key to a remote attestation session.  This enables
   an entity capable of producing attestation evidence, such as a
   confidential workload running in a Trusted Execution Environment
   (TEE), or an IoT device that is trying to authenticate itself to a
   network access point, to present a more comprehensive set of security
   metrics to its peer.  These extensions have been designed to allow
   the peers to use any attestation technology, in any remote
   attestation topology, and mutually.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-fossati-tls-attestation-09"/>
        </reference>
        <reference anchor="I-D.ietf-rats-msg-wrap">
          <front>
            <title>RATS Conceptual Messages Wrapper (CMW)</title>
            <author fullname="Henk Birkholz" initials="H." surname="Birkholz">
              <organization>Fraunhofer SIT</organization>
            </author>
            <author fullname="Ned Smith" initials="N." surname="Smith">
              <organization>Independent</organization>
            </author>
            <author fullname="Thomas Fossati" initials="T." surname="Fossati">
              <organization>Linaro</organization>
            </author>
            <author fullname="Hannes Tschofenig" initials="H." surname="Tschofenig">
              <organization>University of Applied Sciences Bonn-Rhein-Sieg</organization>
            </author>
            <author fullname="Dionna Glaze" initials="D." surname="Glaze">
              <organization>Google LLC</organization>
            </author>
            <date day="11" month="December" year="2025"/>
            <abstract>
              <t>   The Conceptual Messages introduced by the RATS architecture (RFC
   9334) are protocol-agnostic data units that are conveyed between RATS
   roles during remote attestation procedures.  Conceptual Messages
   describe the meaning and function of such data units within RATS data
   flows without specifying a wire format, encoding, transport
   mechanism, or processing details.  The initial set of Conceptual
   Messages is defined in Section 8 of RFC 9334 and includes Evidence,
   Attestation Results, Endorsements, Reference Values, and Appraisal
   Policies.

   This document introduces the Conceptual Message Wrapper (CMW) that
   provides a common structure to encapsulate these messages.  It
   defines a dedicated CBOR tag, corresponding JSON Web Token (JWT) and
   CBOR Web Token (CWT) claims, and an X.509 extension.

   This allows CMWs to be used in CBOR-based protocols, web APIs using
   JWTs and CWTs, and PKIX artifacts like X.509 certificates.
   Additionally, the draft defines a media type and a CoAP content
   format to transport CMWs over protocols like HTTP, MIME, and CoAP.

   The goal is to improve the interoperability and flexibility of remote
   attestation protocols.  Introducing a shared message format such as
   CMW enables consistent support for different attestation message
   types, evolving message serialization formats without breaking
   compatibility, and avoiding the need to redefine how messages are
   handled within each protocol.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-rats-msg-wrap-23"/>
        </reference>
        <reference anchor="CNSA2.0" target="https://media.defense.gov/2022/Sep/07/2003071834/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS_.PDF">
          <front>
            <title>Commercial National Security Algorithm Suite 2.0</title>
            <author>
              <organization>National Security Agency</organization>
            </author>
            <date>n.d.</date>
          </front>
        </reference>
        <reference anchor="CSBR" target="https://cabforum.org/working-groups/code-signing/documents/">
          <front>
            <title>Baseline Requirements for the Issuance and Management of Publicly-Trusted Code Signing Certificates Version 3.8.0</title>
            <author>
              <organization>CA/Browser Forum</organization>
            </author>
            <date>n.d.</date>
          </front>
        </reference>
      </references>
    </references>
    <?line 1711?>

<section anchor="samples">
      <name>Samples</name>
      <t>A reference implementation of this specification can be found at https://github.com/ietf-rats-wg/key-attestation</t>
      <t>It produces the following sample Evidence.</t>
      <t>All signatures throughout the samples chain to the following root certificate:</t>
      <artwork><![CDATA[
-----BEGIN CERTIFICATE-----
MIIB7DCCAZOgAwIBAgIUMgLblKxORZBH2V2Xbz6u0xR8+QswCgYIKoZIzj0EAwIw
RDESMBAGA1UECgwJaWV0Zi1yYXRzMR0wGwYDVQQLDBRwa2l4LWtleS1hdHRlc3Rh
dGlvbjEPMA0GA1UEAwwGUm9vdENBMB4XDTI2MDMxNjE4MjQzMFoXDTM2MDMxMzE4
MjUzMFowRDESMBAGA1UECgwJaWV0Zi1yYXRzMR0wGwYDVQQLDBRwa2l4LWtleS1h
dHRlc3RhdGlvbjEPMA0GA1UEAwwGUm9vdENBMFkwEwYHKoZIzj0CAQYIKoZIzj0D
AQcDQgAE53vdbWMLUqao8kieV4xu+uDatcj1Q137+WOyGyBoh0mwce5LXXm+9O4U
VGeLtI1krpn73CkiGtaCSUrLYfRG76NjMGEwDwYDVR0TAQH/BAUwAwEB/zAdBgNV
HQ4EFgQU68iIgHDteR5t28feYVdJRVHDUhgwHwYDVR0jBBgwFoAU68iIgHDteR5t
28feYVdJRVHDUhgwDgYDVR0PAQH/BAQDAgKEMAoGCCqGSM49BAMCA0cAMEQCIDTp
vQmYJQac4cjNRPWVwyEd3aC/9iuOg54+zv6vWFTJAiBqbVDsUtzpZhuAQqpk5OgY
OQtH0sRtYVvO8nPXxqUCoA==
-----END CERTIFICATE-----
]]></artwork>
      <section anchor="simple-platform-evidence">
        <name>Simple Platform Evidence</name>
        <t>This example shows a minimal PKIX Evidence object with only transaction and platform elements a single signature where the AK key is identified only by
its SHA1 hash KeyID. In other words, this Evidence describes only the HSM itself (rather than application keys stored within it), and it assumes
that the Verifier will be able to look up the AK key by its SHA1 hash.</t>
        <artwork><![CDATA[
-----BEGIN EVIDENCE-----
MIIBmzCCASMCAQEwggEcMIGkBgYqA4dnAAAwgZkwEwYHKgOHZwEAAIAI3q2+78r+ur4w
GgYHKgOHZwEAAYMPMjAyNTAzMTQxMjAwMDBaMGYGByoDh2cBAAKAWzBZMBMGByqGSM49
AgEGCCqGSM49AwEHA0IABPEy2tHFO7tXSeeWl1hKEJypI+YXc3z4ltaTPDFWGYlMhwHl
vclinZFfrxh8MyykNINMOGH0wj+4gOkeYj+vqFkwcwYGKgOHZwABMGkwFAYHKgOHZwEB
AIEJQWNtZSBDb3JwMBMGByoDh2cBAQKACEhTTS05MDAwMBAGByoDh2cBAQOBBTIuMS4w
MAwGByoDh2cBAQuCAf8wDAYHKgOHZwEBDYQBAzAOBgcqA4dnAQEIhAMBUYAwcjBwMBig
FgQUYcGIarqstIuidRFngOzU9OYYFe4wCgYIKoZIzj0EAwIESDBGAiEAtWNik/qin9rE
ofX9ZE4eKkmkcigBEnpZFTJ0izp4nLICIQCyalz4bslZXjtQC9MCombwXVcEGUIce94d
UFcI7QSSag==
-----END EVIDENCE-----
]]></artwork>
        <t>Here is a pretty-print of the Evidence object:</t>
        <artwork><![CDATA[
Evidence:
  TbsEvidence:
    version: 1
    ReportedEntity[0]: id-evidence-entity-transaction
      Claim[0]: id-evidence-claim-transaction-nonce
              -> [bytes] deadbeefcafebabe
      Claim[1]: id-evidence-claim-transaction-timestamp
              -> [time] 20250314120000Z
      Claim[2]: id-evidence-claim-transaction-ak-spki
              -> [bytes] 3059301306072a8648ce3d02...
    ReportedEntity[1]: id-evidence-entity-platform
      Claim[0]: id-evidence-claim-platform-vendor
              -> [utf8String] Acme Corp
      Claim[1]: id-evidence-claim-platform-hwmodel
              -> [bytes] 48534d2d39303030
      Claim[2]: id-evidence-claim-platform-hwversion
              -> [utf8String] 2.1.0
      Claim[3]: id-evidence-claim-platform-fipsboot
              -> [bool] True
      Claim[4]: id-evidence-claim-platform-fipslevel
              -> [int] 3
      Claim[5]: id-evidence-claim-platform-uptime
              -> [int] 86400
  Signatures (1):
    SignatureBlock[0]:
      algorithm      : 1.2.840.10045.4.3.2
      signatureValue : 3046022100b5636293faa29f...
      keyId          : 61c1886abaacb48ba275116780ecd4f4e61815ee
]]></artwork>
        <t>For completeness of the sample, the following AK and Intermediate CA certificates are required for verification:</t>
        <artwork><![CDATA[
-----BEGIN CERTIFICATE-----
MIICAjCCAaigAwIBAgIUNQtT1K8fMLmXpZ8s7hOFof0+iDQwCgYIKoZIzj0EAwIw
QzESMBAGA1UECgwJaWV0Zi1yYXRzMR0wGwYDVQQLDBRwa2l4LWtleS1hdHRlc3Rh
dGlvbjEOMAwGA1UEAwwFSW50Q0EwHhcNMjYwMzE2MTgyNDMwWhcNMzYwMzEzMTgy
NTMwWjBFMRIwEAYDVQQKDAlpZXRmLXJhdHMxHTAbBgNVBAsMFHBraXgta2V5LWF0
dGVzdGF0aW9uMRAwDgYDVQQDDAd0ZXN0LWFrMFkwEwYHKoZIzj0CAQYIKoZIzj0D
AQcDQgAE8TLa0cU7u1dJ55aXWEoQnKkj5hdzfPiW1pM8MVYZiUyHAeW9yWKdkV+v
GHwzLKQ0g0w4YfTCP7iA6R5iP6+oWaN4MHYwDAYDVR0TAQH/BAIwADAdBgNVHQ4E
FgQUYcGIarqstIuidRFngOzU9OYYFe4wHwYDVR0jBBgwFoAUdLGCWSkyCjjxyv0A
dCcN4mVoHz4wDgYDVR0PAQH/BAQDAgeAMBYGA1UdJQQPMA0GCysGAQQBgrddBAEB
MAoGCCqGSM49BAMCA0gAMEUCIQCMZbKvYR+v8Asmkxn6GvLy4DlyX+P6LP7BU+tc
ktulGAIgC+3QmgzhBO1lttLPlLiE8OZQVwk0jXp1OrE9ubs+G5c=
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIB7TCCAZKgAwIBAgIUZBusKENkkquWekNzoRqWJqu6qHowCgYIKoZIzj0EAwIw
RDESMBAGA1UECgwJaWV0Zi1yYXRzMR0wGwYDVQQLDBRwa2l4LWtleS1hdHRlc3Rh
dGlvbjEPMA0GA1UEAwwGUm9vdENBMB4XDTI2MDMxNjE4MjQzMFoXDTM2MDMxMzE4
MjUzMFowQzESMBAGA1UECgwJaWV0Zi1yYXRzMR0wGwYDVQQLDBRwa2l4LWtleS1h
dHRlc3RhdGlvbjEOMAwGA1UEAwwFSW50Q0EwWTATBgcqhkjOPQIBBggqhkjOPQMB
BwNCAARZ1Q2U/MYAnNiD26gCwAsTDJejLICmM1mgPN48PMky8p/9lW5v9UxBoNCL
JKHLTI2lD6L7Y47gfEos5Ro94Jomo2MwYTAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
DgQWBBR0sYJZKTIKOPHK/QB0Jw3iZWgfPjAfBgNVHSMEGDAWgBTryIiAcO15Hm3b
x95hV0lFUcNSGDAOBgNVHQ8BAf8EBAMCAoQwCgYIKoZIzj0EAwIDSQAwRgIhAOhn
0CRE/6Vy2yQ5LNTA/q0hVOWkqlogOYyv4Q5/8X0hAiEA4G46LGJaunN9s4U6LBU+
NFb0gpZ75WsNx43/r6CNdEM=
-----END CERTIFICATE-----
]]></artwork>
      </section>
      <section anchor="key-attestation-evidence">
        <name>Key Attestation Evidence</name>
        <t>This example shows a PKIX Evidence object that is attesting two different application keys held within the HSM.
For the purposes of this example, the Platform Element is kept short.
This example embeds the AK and Intermediate CA certificates in the Evidence object. It chains to the same root as above.</t>
        <artwork><![CDATA[
-----BEGIN EVIDENCE-----
MIIG7DCCAogCAQEwggKBMIGkBgYqA4dnAAAwgZkwEwYHKgOHZwEAAIAIvu/K/rq+3q0w
GgYHKgOHZwEAAYMPMjAyNTAzMTQxMjAwMDBaMGYGByoDh2cBAAKAWzBZMBMGByqGSM49
AgEGCCqGSM49AwEHA0IABPEy2tHFO7tXSeeWl1hKEJypI+YXc3z4ltaTPDFWGYlMhwHl
vclinZFfrxh8MyykNINMOGH0wj+4gOkeYj+vqFkwHwYGKgOHZwABMBUwEwYHKgOHZwEB
AoAISFNNLTkwMDAwgfMGBioDh2cAAjCB6DAvBgcqA4dnAQIAgSQ5YTI1ZjYwMy1hMmM0
LTRkYWQtOWVlMC1hMWI0ZTc3MWYyYzMwZgYHKgOHZwECAYBbMFkwEwYHKoZIzj0CAQYI
KoZIzj0DAQcDQgAEZO7hZ1LQjXT0965bVPqlogRQeAhtbx4rbnv8XUNJ+cs7S1YCYt0l
d/mWs1pDIQ4dbxPVCgKsG0UnwJm18ZtEsTAMBgcqA4dnAQICggEAMAwGByoDh2cBAgSC
Af8wDAYHKgOHZwECA4IB/zAMBgcqA4dnAQIFggH/MBUGByoDh2cBAgeACjAIBgYqA4dn
AgQwgcAGBioDh2cAAjCBtTAvBgcqA4dnAQIAgSQ4NTcwNGI5OS03MDk3LTRiY2EtOTNi
Ni0xMzM1MmY4NjVhY2UwZgYHKgOHZwECAYBbMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
QgAERMImI/BgGGCWlsMUPZDYjW1lg2/H3Y/40CUk3cRwRw34VLuS834P1azG2mlsi2sE
6NNzhbl8oYgRpuPbVBhrjDAMBgcqA4dnAQICggH/MAwGByoDh2cBAgOCAQAwggJnMIIC
YzCCAgqiggIGMIICAjCCAaigAwIBAgIUNQtT1K8fMLmXpZ8s7hOFof0+iDQwCgYIKoZI
zj0EAwIwQzESMBAGA1UECgwJaWV0Zi1yYXRzMR0wGwYDVQQLDBRwa2l4LWtleS1hdHRl
c3RhdGlvbjEOMAwGA1UEAwwFSW50Q0EwHhcNMjYwMzE2MTgyNDMwWhcNMzYwMzEzMTgy
NTMwWjBFMRIwEAYDVQQKDAlpZXRmLXJhdHMxHTAbBgNVBAsMFHBraXgta2V5LWF0dGVz
dGF0aW9uMRAwDgYDVQQDDAd0ZXN0LWFrMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
8TLa0cU7u1dJ55aXWEoQnKkj5hdzfPiW1pM8MVYZiUyHAeW9yWKdkV+vGHwzLKQ0g0w4
YfTCP7iA6R5iP6+oWaN4MHYwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUYcGIarqstIui
dRFngOzU9OYYFe4wHwYDVR0jBBgwFoAUdLGCWSkyCjjxyv0AdCcN4mVoHz4wDgYDVR0P
AQH/BAQDAgeAMBYGA1UdJQQPMA0GCysGAQQBgrddBAEBMAoGCCqGSM49BAMCA0gAMEUC
IQCMZbKvYR+v8Asmkxn6GvLy4DlyX+P6LP7BU+tcktulGAIgC+3QmgzhBO1lttLPlLiE
8OZQVwk0jXp1OrE9ubs+G5cwCgYIKoZIzj0EAwIERzBFAiAQkyMjDepyz0XX/eezdIPz
X7dOqqQ9AZi97nUiBWOorwIhAJRe5TF/KsX7I23xH9B+XmWTtei9hEQmYkwAak1K7Lr7
oIIB8TCCAe0wggGSoAMCAQICFGQbrChDZJKrlnpDc6Ealiaruqh6MAoGCCqGSM49BAMC
MEQxEjAQBgNVBAoMCWlldGYtcmF0czEdMBsGA1UECwwUcGtpeC1rZXktYXR0ZXN0YXRp
b24xDzANBgNVBAMMBlJvb3RDQTAeFw0yNjAzMTYxODI0MzBaFw0zNjAzMTMxODI1MzBa
MEMxEjAQBgNVBAoMCWlldGYtcmF0czEdMBsGA1UECwwUcGtpeC1rZXktYXR0ZXN0YXRp
b24xDjAMBgNVBAMMBUludENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWdUNlPzG
AJzYg9uoAsALEwyXoyyApjNZoDzePDzJMvKf/ZVub/VMQaDQiyShy0yNpQ+i+2OO4HxK
LOUaPeCaJqNjMGEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUdLGCWSkyCjjxyv0A
dCcN4mVoHz4wHwYDVR0jBBgwFoAU68iIgHDteR5t28feYVdJRVHDUhgwDgYDVR0PAQH/
BAQDAgKEMAoGCCqGSM49BAMCA0kAMEYCIQDoZ9AkRP+lctskOSzUwP6tIVTlpKpaIDmM
r+EOf/F9IQIhAOBuOixiWrpzfbOFOiwVPjRW9IKWe+VrDceN/6+gjXRD
-----END EVIDENCE-----
]]></artwork>
        <t>Here is a pretty-print of the Evidence object:</t>
        <artwork><![CDATA[
Evidence:
  TbsEvidence:
    version: 1
    ReportedEntity[0]: id-evidence-entity-transaction
      Claim[0]: id-evidence-claim-transaction-nonce
              -> [bytes] beefcafebabedead
      Claim[1]: id-evidence-claim-transaction-timestamp
              -> [time] 20250314120000Z
      Claim[2]: id-evidence-claim-transaction-ak-spki
              -> [bytes] 3059301306072a8648ce3d02...
    ReportedEntity[1]: id-evidence-entity-platform
      Claim[0]: id-evidence-claim-platform-hwmodel
              -> [bytes] 48534d2d39303030
    ReportedEntity[2]: id-evidence-entity-key
      Claim[0]: id-evidence-claim-key-identifier
              -> [utf8String] 9a25f603-a2c4-4dad-9ee0-a1b4e771f2c3
      Claim[1]: id-evidence-claim-key-spki
              -> [bytes] 3059301306072a8648ce3d02...
      Claim[2]: id-evidence-claim-key-extractable
              -> [bool] False
      Claim[3]: id-evidence-claim-key-never-extractable
              -> [bool] True
      Claim[4]: id-evidence-claim-key-sensitive
              -> [bool] True
      Claim[5]: id-evidence-claim-key-local
              -> [bool] True
      Claim[6]: id-evidence-claim-key-purpose
              -> [bytes] 300806062a0387670204
    ReportedEntity[3]: id-evidence-entity-key
      Claim[0]: id-evidence-claim-key-identifier
              -> [utf8String] 85704b99-7097-4bca-93b6-13352f865ace
      Claim[1]: id-evidence-claim-key-spki
              -> [bytes] 3059301306072a8648ce3d02...
      Claim[2]: id-evidence-claim-key-extractable
              -> [bool] True
      Claim[3]: id-evidence-claim-key-sensitive
              -> [bool] False
  Signatures (1):
    SignatureBlock[0]:
      algorithm      : 1.2.840.10045.4.3.2
      signatureValue : 30450220109323230dea72cf...
      AK Certificate : present
  Intermediate Certificates:  (1)
]]></artwork>
      </section>
      <section anchor="multi-hsm-and-multi-tenant-key-attestation-evidence">
        <name>Multi-HSM and Multi-Tenant Key Attestation Evidence</name>
        <t>Some of the design choices in this Evidence format -- such as extensible Elements and multiple signatures -- are motivated by attempting to
future-proof against needing to represent the state of a key in a distributed cloud key management service.</t>
        <t>TODO:</t>
        <ul spacing="normal">
          <li>
            <t>Illustrative example of having multiple signatures on a single Evidence.</t>
          </li>
          <li>
            <t>Illustrative example of how a vendor might represent that the key being attested is part of a logical tenant or access control group that spans multiple HSMs.</t>
          </li>
        </ul>
      </section>
    </section>
    <section anchor="acknowledgements">
      <name>Acknowledgements</name>
      <t>This specification is the work of a design team created by the chairs
of the RATS working group. This specification has been developed
based on discussions in that design team and also with great amounts of
input taken from discussions on the RATS mailing list.</t>
      <t>We would like to thank Jeff Andersen for the review comments.</t>
      <t>We would like to thank Dave Thaler for his guidance.</t>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA9y92XbbSLYo+I6vQCvXqpLKJDVYtmXXGYqiKJlpURMp23Kt
6hJIQiQskqABUDTt9Fn3I+5Lv/W39KfcL+k9xQSAGpxZ3afbddZJigQidkTs
2PNQrVa9LMrG4Ru/eRcNwmk/9JvTfjyIpkP/Jk78t0EyWARJ6HfC/jyJsqXf
jgfzcZh6Qa+XhHcr3+u0U28Q96fBBMYeJMFNVo3C7KaaBFland1GX6u34bIa
ZFmYZkEWxdPq1kvP6wdZOIyT5Rs/zQZeP56m4TSdp2/8LJmHXjrvTaI0hYez
5QyGbTW7h54XzRL6Pc12trZeb+14AG7wxl9TEK95izi5HSbxfAbfXtS7nTUP
5oYvB28836/6rWkWJtMwqx4gmPQVPkUfzt61PtIHWJDH63vjz2Ede54HgE8H
/wzG8RRgWcKWzCIcMLnph4M0W47lW9/P4r71MZrCfmXqizROsiS8SfXfy4nz
Z5ZEff1wP55M4F39azQdR1MzTfg1q46jNKvCIL14DI9V4788g1/gICbBbEbA
azj+OQ7vQnxo17sLp/MQYZddkuXzLn+A3cNjPcLf4NtJEI3f+HiOf8MTrcXJ
EL4Nkv7ojT/Ksln6ZnNzEMChJkH/Nkxq6qHNxXAT39oMevE828TZomw078Gh
GMyAZ3J4sQYPjgP8Ex5U49sv1HiYWhTnX918DN7VRtlkvOZ5wTwbxQljBGPt
r2EwrZ5FYQLofxilIaKG78NK3viNZDnL4t064E6/Rl+r66B+oS/h9MIQ4N5+
8WKr7h8HMxgLxgv9+l1ID/QBP9/4p1kWLIKKfzrNgiSK+Zd4Ps3wIjSCaTAI
5LsBgPVu+5P/qrtD34R8GJ9nf+vzvEENcMSzFtGObkP/dD5NAd+zUW4FUd8/
jBPYCb8T32R4z4tr0c9YAHeieP7VP47jWzjJleAKcBOA4G+xgqDWD2zw3gbT
aZj63bQ/im/CaTQ0EF5Oo7swSZHmxDd+Ngr9/TlcnXQRjhK/PZ9G/ZEDLTy/
v/DbNQvOk3Dei3phwqMm4RDO+42/H9zBNgcu3EdhMgmmS2uf9168ePXaXsiI
YK1lGta/DSdfa0A4nAWF01t/P0puR/H4m1nMYRLMp/ha4ndaXWdUeKHWkxf4
RgHdy4K+M2wbaZ7/AbAQoHQhh3Vn4cDvZHhJcKvqkxCIhnsG+Hptwa//LYab
OQ4JU2AGei6aAiE4qfmdSSRYwvOe4Mj6O1zKPZPbM07DQS3FF+n+w07Bt4yb
0xh2OoOzxaEuDhuvnz/flY8vdva21Levtrfl4+7L3T38+PEl/wqEiVnWWmt6
w4PFU6B+/dE0HsfDpf+//sf/9Oudk9o2YOos7Ec3sBv0DGxOL0gBo6exIS6A
Qfrq478qn1ire1nlg4JLOcRbrIjPYrGoRdm8Fk2zzSTsb3arF81G9WMNwCMo
Xz8RSj9UnDNBzgoI2ryo+A38fwfNiz8WxNcI4tm7Rod31wCJ3/m/bG/nduw9
3kD47/PadjkgjCYHcMiA2vvxdJj7pRtPl34j/upCflrvtDoEhw9Tdhv0KzAN
eGFna2enurVX3d4uXRmwsrQWwyGm1XgWTomxzG776fa2/KeawgI27wDgzX66
5XxbxW+r+C0RfRj/sHXW2d7dqj53N0MLOxfhl3mUhMR0Sa5h8j5MgtkI0Ehk
oXuO6KTV6VZ8GwO6BgOOgRMCXwJ5h7kFXNswjeBZNQiCB9wDASzdjOndeDbv
pbUpMP3aML7bxA/4zSa+uYmT1/BTjYaozQY3iKA1g6FPQhu9P/8h4K1A7GpV
fi/H7sKV3KcrqcXHC3zMX4dLsFGRgYCpxEDvg3HhKbglGz6IYYCBaQbfz6N0
BPQo/xjco43CIRVukUbA7erWzoojoacBL1gUG9Ai3vhmi+CJzulmq9kABrK3
86K6/QbHAylV7ZWmezuv917Kx5dbO4oEvt7afq3o3g5f0lb1gIhodRxMZing
b2LLL+qJmzhN4YtqNk7LfjZC0CQdVheAwPhL46RT36nl6FUDl5b0I9juExoD
PugbUR+DfA5kfeJ35kD6fXj7PvQvvj8EfFiWYt8kHERBbRACb01DQmekBZud
cLa59Qo+bz3ferW993x3s7qN/7e12ejU/4kr+CcA8c/68dHpRav7tt35Z+3s
4BAX19m/cFcGmBaixFy81yhetNJ0HqAmg/jUBjlmSA8gip7Ne+OoP15Wu6hn
AII1QEQAMWg4RSRrhEnGGA24Zijm3r1b06hv7ifxAjAM5av5pHRL+kHvBn9k
+ZkF8SoJ6ekmSinVlEFAsjin1Wx6HvwHpR8YsNM8PkSd57CRjSIgU161WgV5
KUXRHMSLLnzpqzf9lO8lLCHwQSEYxIBmw2mcogTIuEs7pfW9WQLUD1Qd2i6Q
1PDdgb8A3IimMARqTj5KMqCV1GCqsORNhMpfBEsQP/rjOch2fn8cRBP4Tzwe
h33caFIWYLi+Q3gnRHgrfjrvj/wAIS4oqh4TZ38dNDcgJAhkONYnDpKkAjXK
9DDuJKAopDXPOwV8SfvhFEVzIGZ3UQqIMfAB8mwEe4KYg3ct9COLHDLY+FsZ
4H4/mPo9eA9hDcdL2JEQNF1Yr5fFsBjAzBgGBAZH7AEQBnBoEOFH2tv88fDu
Bz0YmUGoeXWYCnYDyNRsHH41C1jE8/EA54aJSJ/O+BT04RAABqNxMXXCX7y9
+GM0QCAGyPAnESKftxiFsNJEtgJY2pDOeIaDsEhKU8B++hPQh+i5xL6B8EQA
2iAsy++bu4Rj3EQgqAqmpg7jCMZpDC+CRI3HbyEojhwSM1iBNrgKQUFr2SCf
woYNaIjw64yxb57i7HhrJtFgMA497xc0F9DLCMUj7tA0nMN1G5uZHFDpnC1y
jVuLN6cKcirMj+iWxFPapQohLK21P4c9m4JCIjifKurKC0wJ6dMNQvoiToMG
PyUU7i0Z8wfhXdQHzcbHWyrgAbr0cCRA1DqBh+cb44W+o2MM0jnu1gxUc3yD
iAAesHXuhEnvmTAk+EDFn4+zCEYHlK8wpl/ARzypsyDJlozcNBxdLRBDQgAc
qSotPfzKTB7Y7Yut17JFZPnBu5cEQNfgWAAuvLaNeNpPQpqK0c9FH2AzwAjS
N95faIkoqWyClOBfq3O6xs0Px7AaomIBoTqAl8XVHtNdmBw2HkerwGmEeEvp
zuFvAYLh98Zx/xYODjcnngkrxFUlxOvg6C10T//KsAiVqsJLVSKHKJcEeLTh
GFlHMI2+IWFMiIgBbk3TQKBQp1HRx6FIXsXHVWVMo+HcT1sHNJ8WzvAFDXiV
CYpsFRwpYEeqRThCXSLvaq8EchuP5Rb6+kz4SIPxGHgesgeheIRV6uEA6BRs
+AApUxoS59U0m3CZuAPRgxBOEOFFOow7OuXdBVpK12dKklZNRFASEOFw8a7M
CWkA98b4totXNvHJ4hhEhWHF+pLIjqaFyI5vcDW823Dj/AiJLYJLzwLWjtDY
A7JrleHgu5USHLCRKRn04mktT0YGMewy6KiCpYh1eMyzOMnwNLIY+COdQj9I
Ero/6iQqhXfNBZzNkgCY19ifwcr6SwLb04+TNRMICiCXEIQqYSqiLC4ad5j3
YFP24BvvyAQkf8DJFA7Gb6lpUyLyFuIWSZHcqjDxgJATchAxMsMpLgmAjxFt
0RwMBwWAwCkH/QQEXphtNo6XhCGwi0CdL9MQ1IU0TBXT4BsKL6MxCU8fhk1D
Yd5AfqO7ICNRhJaNF14JfUWqQVP8AkSLyTayZOZdq8zkLH0QvsKPRKpBv3Kw
A4aAaaYhXrEgIRZLt2/J0sM8SRCcZD4l+sOSBs45JYwDoWUGpBO/YWmBaUyc
eAQdvkLXd0BUESVNwPYA0RSpogJKGIBc0USTJb4piOhEmqc2PwKSB8cQ3dCz
cI7eHQu+qbLW3UTJhPaEsD0OBjAayjLy2hwlX2JH+DtiNbNcupFq1xlVo1Dd
+TwTJf7PFK2Exmtio7kU0Rq6RhGKgQpCsoT7aMkf0vxeTPKMkUJFLDWnBNvR
h3MmnTSPg7/474DyAi3AeRRpAPkWeSiKS8iaUlhHIvvNJwnQ90KixIOBUCjY
tSHNYA1QI1ap9jie9mK8s+qYiaSggBdN7+LxXejhQ9NwAZoLD4sjwZOwjTbV
wOFwQxwsq4goRNgiDJlwFUS1cDpH2sJ4498k8YRmSoNJiNLF/CYgmp8gfuIP
hsLyKhgSoJz6CGZBBpefDqJCdg+iGxU/zPo1D8gKL4uEvp6WHgciyuEySsTv
YAoCzhLmm1T5hAnd7HeRXYFml448FsUVfESY0cTM1x5kPsEvEaPp8jiyTU6S
WUTjMfpP8PgA3wFkRilcNSIP3W2eyxsAztJxKDkath0pMqLAgAV0OkR8GRCs
DisYE83SQn1ExAQ4dZjgHrCgQuJ2NExkR5he4vywn4w9+IRGO36UFZsgTeN+
FOjrKFfcEu5c5MhRBoVG8IY+SRAOPPrjmE7iOTNNCwrk9yhgmqkyId2WSKkU
tRNgqc2veMFI6SH+Pg/GVbhZIJyPK4iNvMmI8LC0UQYrSUcOdRXlDedfIB1N
AJvjeQrHhUoMSv/TgdJqELGB/yBJhctbK1NIBA9JZM7TKSZq85sbJGbI4EPU
N1JWwmZEKAi/0OMGl9FzBQnr8ESrEHqYGs001bxMWBkJR46WBZONgrtQy7s+
C9B5WHEzA5t14055rE2O4xTV1Qle1jBVCM6cKOmPIjyyOXE5kkVgV9NRvCCt
phfjFihoUSFXZA+lV8TY9J4LJYSVVREiUfPeZ5iM2a8tt0VixfG8M5gouV+f
XW/UN+gN0RatcWKUPUbB+IankPlgTf50PunhLb2xWCs6nR3KkscyC166+w7E
hQun8JKpbmr4MdzdqZ/GE5FijAXEWgTeNrELOfN8/y7mvh8/8HNn/+LHD1xP
o+5PUIdCV7vI6Z4NslxQ0GWYPkwfFHh+ilujAByKXoWEAEVb2gibsBsOjPSH
YM9iD7YPWR8+TFCKYTm/CGbw9gGy/A3cUR8d6DBJ1JtnKC21SZtTQI5Rk6QZ
iRd5ygISAu2N4BAQm5GOKAUDmCQKZGEejIpv7CW0ZuKhwQClsdSzSOBn2Nh0
EAkRFEHIX1cnrknrhialKCGDphCRviRScxZrbNKvKgBQd4Jz/0r2QKSkeHKH
ZJgYkwKFtJBoEa1OxMRKmZFHDb1mjbYGhAJ3fREskcv4N8C+Qz64MTNjjwiF
Er5JBg1IYwKGH8yItsMpkSL7VYtTKa9IY1dfmbQAB1BLIY4bkHWkipcB9iCc
oAgY4j1DeAELMqSeQGcnc2Eh1rm/jRfApJKKa0KzdkDddD/gR2C3yJNTRHm6
wKhkT2aEpDivR3NGY+PZTp35gcWDmIO41h8Tt3AsWoTIlqLtMjfSn6sDpLmC
EJnWZizDqwYzSD3FJUUfA0ZCahiuy755sJIpL4fRPcJdALEqmGYKxyxbRM07
iRFwmE52m0FTkKjLMcgdYwXJC9E3wyoYrUFvwgOENQCX6y994NVjo5T5DTRM
TVmxQiTp0t1kh9T3XzLz1w+mTcT142QAGNu+7HTXKvxf/+SUPl80zy9bF80D
/Nx5Wz8+1h88eaLz9vTy+MB8Mm82Ttvt5skBvwzf+s5X3lq7frXG4s/a6Vm3
dXpSP15jmdC2AeA9yEjYJTV8hrasAZ4XEElQPXpMifcbZ//X/7m9C/T8f0OX
0vb2ayLu+Mfe9qtd+AMFQ7FAoebFf8IRLD2gEGHAFmW4jnDfogwuqMW1kSLB
7v7l77gz/3jj/1uvP9ve/Q/5AhfsfKn2zPmS9qz4TeFl3sSSr0qm0bvpfJ/b
aRfe+pXzt9p368t/+0/yDFW39/7zP7xSi/M8JbuuYUGT6CtJO+ggetfyLSRj
Aabe7fh1Wywi2wiLkB5sO6Af278mwQyRvB/OMiSU2SIU6TVbxIARE7yWwlOT
MBgw5QZ6ApgyECS5CSZAUeA4tfxwB5ywNx8joGR8kfE9NtAMlBZShHL9+3cJ
y/jxY0MTdmUFrniOYFbRQtuTAGTG+xgYCRgMDAFc1n4aI9VUjNWyYohoxXcs
mOShCsbRQBGMlrX5wV0c0dQ385SsqO49ZEoFLMWTGxJ9AzSgXcMDT4sb5Oc2
CGdvoAGhxnYgoKmuco2kfk1t45oHl08YmruDpGVl5IZBMgwSeP+WhR5am7AT
i7SjPuhbh1nxyORE/rK1OzWf4Z/CzWTFcJIormmfEKJ4cX4vPz9ASeZ5V5hO
RP8dREPcQ8tGboPJxyyIdBOj+Ya4B+2zNt7mSeUbz/v+xr9LZ0E//Pe1rTWg
8HWLQaIxZr3+buON9yYXvoE8oM8a4xjV6XiMAk+PpU7t9cDjo3mJfipn8Wye
zEAZ8lgLEDan9p4MBrxg4jEVsZwo0VB2gaSroTIG5ByfvaVng1FTiwoTXAhu
EG6LAROER3RaieFVExotdKurxKhgmTRsGoeAenh10c5CfAeNscOQRCS6uGvK
lraGh7oGgsOaBo22wNgBEM566ufvsuCitcm599QmpAXpPxPjj3GXwqANdgrg
gmYoeZJGSiiDVy9nkyeJtBcaTYM18zARA2isbCi8OTfzqYgzXbQcIiG2zNCG
1haIKC+PTmitdJFrBh9GSTwfjjCSstTirJDKOXZ9y/+4Y6frTlvAuFhh5xAK
Hf1+zEZGEfREuFUnK45051JWtEeJ3Kho98xdSuRo96uRhED+bLRM6UxRiJ7T
PorOxE6D4CYczgOU5HBG9m2S3R8kJktBLvpBOShAzjv/gLamp2ImIRE4TkM1
cqkNKAtuSUboJXEwcI8DJK8g48DJlEIW2P6RxSr4wU8nwC/6uJKKd9nZh59u
QSWv+N0ztJTmnSdVMfjGcGbrZ42WT2+yLrgWssgYpWEV3hiEfFn743g+qAqy
+/IDReqvAy1Lox4QJAzaBjYwx9u1cQ+6KL/bQwRC0SekEkiJ63Zo0hv/TKzW
pWTUdrwKfZyxbiy4aHwITkQHby0C7wkvq9g0Vu13OMV7V2Y31gPTbqJlfBTz
DbY9CeRe8PI+bBLnbkPQ3kF1R3uij/Zd9oyYqBCyA+TVccQF4PhhzhKlWA68
A5uIpAZ3TpxQ9a65VNoc1anBz+o2B74EDnF0v9okTJ5gWx9aqpF4qBAi5QcD
8qosoEirJj3Q98YBOWVvAKaMAgbKzTjyPl98I9qaHwAAopkgrJHQ4aEXK+qj
KIhIqIEvl1ADwj2lzOZInOehB5iQi6K2SABoOfEB5koXRJXU3jqidUkwCckF
hqqrjnKsGIsMulGNJVAzeaZEtMWDKBXBVAtA9pQGHFvYxRe1pd/eYiScZ4KH
iilIZAtgik0bw0kvHkTijNWSxNMvtWeusc31FRCPutThYy+1ji0BqXIelttG
9TWEuxmOb2hJ91x1b+VVdwZTd7oQl/KoO+2Z6At1sZlhoCUTLXH4HKAImXHI
dYwOh3BBx6miIehmx8rfdhP00UxEOOJ4pBwl0ZFUbb8UBfSYsX1iRjQY+Q4V
h8NzEnuMQ33Fcm0P7xkrVpkJR66Mmb8lwi3gN87CPj/8RgPlkR0pnaFQJeY+
ONGwr4x06iS1a3pmuT+LIKDuQAFB9WmfYi5LRVCMt5UbxpRjC+0mqIbZL3tr
WtIkdq1CP8gyqgJT/LsoQKsUkxphGZ6Fs+hI4cgq6xlLFxBHgdAFTytGqfGQ
5Uaz39YWX5Y3l7MwRZXERnRkH2yyYxsdLjCgBZKSbi+qtkYYY2+CEpgDV+kO
QFBYWCuqaBXP01SWLEkYdRKDJAJvqbMByDXlUOIeyDgi7mWgEodJFTYgwpCU
zNdyjlHFtS8C77HIhWHyZ/KBAQjkE9dbFE5HHNVriJSn5HoT/Ftg8IFBG9EI
Tewvz8cZcTWSzwg14SiXTFTJSjBYnT1JR2uWM0dFkkQAFd0DMp0YXEOKLdMa
j9Z+HeK9QVcPza/oL7YuwyUKMsAAeW+1WCM6jERe4je4fl6qCKbrNmlksZLi
rAbaHkEbjC+IndqTW0my1ylLNKS504PsrzGCFezKGvkohKLBl2gvFZM3/kWs
xo5qwS85lBg0EmQwHFenBXXCBmcGS7uXQ2Qf+i+/iNrIOgNzHBZ+omkJWWGL
RFEQseQODpoQQqUpYoTRliBrgtyF7iYzJ9Mz/gafWgMaEoUUiuGxl4LOWl9j
uGA3sPvKakcoSoeHaTabxCqBNEYgZ/vloJJKPxETuSfOARTLcJg1ewvWGLg1
DL9SxmaMZw2Ai4mNRzsriF5TiAVdQ0DVqVK6YBk6QtUEelT8/dZpB56QhEOO
8GBaNwLWi5ZpOjp8NcQssjXP66BDgEIn2IHtjzFO3g9IT0EQJiAMKxsi3xo2
sylhgx24RE8wrcG8qMMLyespAWdxD3Uk2v9BOAspXzdvGMqp8zW/GQCFpRuA
PN+KuwRw5gmcHw6uwfGMD5K3Pu+EwjgP5Qjk4BV2V6IrCglJgModKZITDKpF
F51ei3J9UtDCOEh1JB3HPqE8GeFbwTTkeAcb5z3HiEWkBtl3xcwDL0dwABqb
k9UDo3ifl98GEZkmYP8VwOJ0NIFpi9jeekvN06bKe1Zi4KcjEXabhyLwOmjQ
XO+wY5ZVBSCUmNO0wXcoL4gqVkEvyh6L+QUFAh3LpheIDC9WLkB2bZXJ3ZaU
g69bIb7aHmjFC4a4KE02bPGARTlPERWKJdESs7sYXqA1uIWnLgyA9GvqnIC2
1HV8sm8LR56KVMNTsbzvXcpncYx7KqRBX7J7rxUS3jkb8tS8ZYdpLcXQWUGA
e/bKt/fKk6FyO8Wkn1RnBM5QceCGsZVSYonqTFwnsD2jcJrqqYRoDQYJ+o/w
vpPJmgbyZONQGO7HQ9h7ekD2Bi+AhCNwWGGABIk0NpArJJSo1L+LBk01Mp+J
t+pMWNdUMvw0DAeakhiBvhMi00vDfhVFiKo4Y0nrNvE5xu5uZUb5jRHSsu+/
4MvBbbWPf4ozlqRaMSqWXhIb2Yx+AoK2OOJx+VEyqM5IXeMQKcEWy9Ojo/1Y
CrZDKaPUc95KKebaEpXF5UEOctkiYEggctq++FtxNXgsb6MsnzqxCraVOizK
4/N0TvIgTu+ZOErKMasD2cP4FcsMK6o+h4SJjI9RaBhGouKO5BkYUQVtIpOk
AAsy8iU3YZQxOXBAQY4h0ZY4q+dOqTOT0HqlM4qUprdQwXf1d/lAJzjHMeA8
akgmcNkEsdoQT8l2hXGPtgwY5ohDYZIycwE8wrZifSDaGkECRea4m6womjee
9xdelzUDOb+VEZFO96vIxYjyl5ge5q83311uOG+F+BASg7+qMeGR8ieKM1xH
g+rtzM7rhKmuK7aSUnpv/kppN2rCa3iJwLu25lpHQGlCvRXXoox2lC567fcw
Sy7ELQcOgIBLgo6k7ZFrLMCwvyFQLZjmjN1jrQEecDn0vvj3exgynNwyv7tW
UdXXNeVNTmOyDHGwvJV0N6eNJsqK1WEKFxEFF3WShs3kUqWAhP459VQqAj5V
85VxAmfF3A17YEWpLHeyDmcDLLNUfPHi1o8/1K86wB6i8arNCx67YSZAXZyL
dvkcMRV6zlgmhMLdZrXLANJJnIVmU21KrJLZxG6CdBt/rlJUKJpPOLwed+Nb
mMSUBEV2ACUpen/WGLSPmVB/Rs0gNniiKTmpTuL6E2Iyn1Z1TgANaqK8mE7T
ieqZkAgwcR6HgXJVGUnTJm2pzcXI+kKuFFgQq6iDKO3PU8W2QQkfjCk+Wom/
7pok7cROhW9T1CwzOtTgZMPKYyIJSyd4XHTyKPqSl1HyVpgC1a2IYtbIKJlM
SL7S0SQAEvR6HElLyJaUDSNZnneVGsNypZ3BVvDSi2QqPkUJumdiESfwsBL4
PL8cUPbMRaz8RFkqqX0RBfaSBCAB0Up1KQCJAajhjQ41M+HJzLvYNztgjSqz
En+8QQhszLACzDbOu5VRGtUCL0wg/t+wdC352FZ7mSWiqVEwYyBh45mBRKY0
ESqOyKiMKRacIM/qZDg0hLpyXZmsvVLG9oqqqwBqKQKPFrSZfLhoaFRZtRKZ
oObZUTCrdjl/LwK/LB8wtAC33/As0Z65FsimsnlEhG1dQmfZMLeY97U8bDxo
D6o1IAgSEaMUOBAmbSmfLMRTk4CZWGnrl5etA0rvZkIDggN8HX5FYVdCXf7O
1Vr+seE6OYKpZxQxA6g2wmg9gk8fNQiNKSC42qnz2mKmQltyzpX8jrnngqpT
xT5g+YbTCMr1sm7uac/FHbZZuGiDtG4sMmYZCqq0QyQufBIO2CTg2HYDSv5D
SklWuqmTtGHfdn/lZQcJ2SOR6X4DDKnh63a2DMPg8BS0HWxUyFyCOO05YBvF
zDC0hy8/RrnRcYlrX/zIi9ghSbAlX6iOhzLq6HwCspmpZEXhEYESrFgLxXIF
i0j2T7ncbZMRKTiLWLsx9cx9K8LNITCubckKxc4oYhVjYkEk5EjYEkuS5Jst
LaMUxYs8bd/wyI19To+tcWc1umifTZTYpiG+EUAWbBamA5NQrz4kGiCx9qIB
8Z5nSvAlGRu5NLlbLFbvFVi92d+b6Gs44OHJ/MBOQieuXUf13z+kiUrUpRIw
N1SsOQMsLDYwnEb79zjY0nj3K6h7WgLn9TSmZHsm1kYQ12yya4LKbSKk0uk5
iMcYfCMX51WGJWYlwLsmn8F2k4/iMdo6piyIsvzu8RbSBY9sq4NxDiAJcXT0
LJqE4ij5TIKrx+OxTj91VWiQVTMQVXGzOQHPDAzSPO+nBFhwGhbr2VaOA3C5
myr7ulYa0OSO205TF2a3cIL22FIFyHxAG2tUN9FwLo5jBon4j84ByMlWkhVn
1Xrh2KemsbZ4+hlBnnwGaTxjfgNTlByD49ixGL3fRc6S412WSw9PFS9maRSL
yWJPQpdXsUSuHZhv+G31BKPSarFI5287jHZdx21glSoV09B02InKDsQZCk7x
4TjuBWOqCOqL4KyD8lYQub+QteKNzYtzM2mbW6GOihT6sDK2eSYAoEQKZddO
Dmp7W4yu2Zcgp7841z63xyi0SQ0ja72cSRSV2od5YqxoSlPHUh9BXFuP4Alw
Lei2EpFMQzOgazTV2fpSz8Kpl2QELkXzrOzPG9jpESAcZ/9kIwpXcQPRFUoG
SIrhFaXoOcgp15R+wy1jMw9QQk8Ht1h8J7US4g15VdF0fKbAyfLZqGxA9Kik
wqp0vpq/v5TwL7jtp5z91tIicOqvn7YONmiH+D0Kt3HW4umSH87ajOIcTUfE
1cdLa6F/9ZwFltZx8Nv1K1UfAw2MoO9n8QTlXw5WAGU0WbrAcPQL2i5xUyZs
i8EsfnWtVfEMwzIrHI5lZjFL4chTM1pEBQHKhwGMUPb3VBl0QD1GZkchtrfR
zMeT8OZTS+ZXwMeJPa/KsgA2MQ/twi5UlBN4CuWXupHrpjaTRuWF4Y09jEJC
d/ws0+FiKiCqDKBUQ8QSB9XfklUB9xqPSSp0x6M9EuJObnsh7ZZ7R2NscI+q
YvnFWDsRD481jiFLBaWPSTfWOnA8SWZpbnkNzyo7oSCyZAoFjSTTTQcSCkim
aFUUQUpqKLqCkZGcWl8DtsanpJQK0mStij9aX+c1s0KLK7LCTUc6+d5K2vS4
+gA5oCWswGLPVsRCMTnNYjlS+M2TwhIKKBaOJL2UA/q195OZsdJarEwu34mV
oOPrhZqTs9FO8w9XCSXyhi4xT+f3sHcCPWfxhCP+9RKcxGHxk+avgwMG460n
5tV5zijpEpBc8RW6VnYEBgYDInyUGCCBMb2x5N4oTPIYb7UGoJA/IenVns9f
19inRt5QMrwgoNGKjGnC0/iNAyqPt6CaMzxijh5ZKU2ByofTO+iv9+J4HAZo
T0KbH+pyGAyLlZV6S8D4DR1jreoPUKKc8v3H0yKG3COvBcD6JlSSWOxFFvFz
tclSHsmpGPRzq35Sp5LRKGnYdbCYTXCpBeBhxFWVK5+qppFY7TJZ0afQ+RuJ
I0uVlCFP3H2MNK+PyotaQzNB79qE98cpobxVei4lcwgMdPf0vB6nIhutU2/3
zRPVTzOhCFo/r3xKmBfRf6OFMg6jFMA2oTAo3UkxOhH6p75Kes3dZNoEL0/r
VXkl9KOS5t7jK7WWJ+5rvEYyNNlWUYu/0AOemt4BOaAMfozRRL+HRIQyobP2
XxEtprvkHAH2tBbcVtPZbbSW34iKHWQiHJGTzw3JCLS2SRJ7Dng380WbYnV1
xFylG00x+/FMV4zEeCx6jWpIoehadkR/Th07b+vGrjmIJRr6qnKiWLTI86QP
qWRmh8KzcsLYhzKvs0uRNtCRdOvYsjEwKxgjRuBN6JByYkGGdGcK4kBChRiR
CZFE54pMjuxbatiAvzM2BwgQYjrHNhlYLCS3HzQl0aRKCbOW7E1DRQyaGT4T
SFwRnrcn2hafjdkPMtExDiHKs8JvB3TJuWKZXUFq6vVBNbFQnyJ2RrwZKeMi
iaSKhirRgz+jUd8/QDeQ7W+zHJS5AnCuHm5XpsspiyVB5XzhOYjdM+W+7D3k
yr0+HB6HQ1akxo6V8q3LEKqii55Kaa35daGHmNFD7yn3dGrEL+2FDdLpNi5S
p8pm8UwqXJkSmBQcIGUHActEI4EZ33jef/3Xf8Gv09q2Dvbz37z5d7/TPL9s
njSa/ncuRtxLQZ/vpbq2IJfENj5B80Kn9anpr2/Vau36xw3/9DDnJK1IjwFT
+NIpmez/fesfZix42w4bUqn6Uj35vn/Vai7Y/+Kw4b94vb3jATK4EJWtF/CP
4A4To6fm1myqX+tP5tnvGsRO6+ik3r28aFZ1VeqK/71jjdIJsx/+j9zo70lg
Om10m12/071onRwpwG2QykAHGtwa0DY2P54dtxqtrjOM3kSZsCTm0f/7tnnZ
LKTsSXew+zcef7VjXP6+Y4F4zzHfc5T+Oj3zAXbVBx3h7PSkedLt+N/9Wq1W
kZ04u2h24Nsf9ORvq54t3Qd51b//XXtN+g0fKz2a+1J2UEqja510m0fNi4o0
JmFpRxv8cvdq29yrC/dRwA+4y2TktArXTtDzOAyLCrCx2SmqeDvFQh9Spa8b
V/fDaodzdte7+50N9RwH41xbi7uGoRNO3BnoiLg1vfQD4xNZYwOxyGyaiFmR
ET94eB0ToA1x+x3b/8/1qYRKq3AFzb8dA6UhUh5yEMPl7MqesjQWvFiBJlqb
imbKFaiKGYLKaEcGq0Di/Gg2XodNya5dsnNtB81QRTRaQDXQdMWqe4fs4oYj
X5ByVu1F3TjSBlltkHVTXibCfhuGM1cgUUE9EUutA9MvAddh5ZOl7LPjKqkq
7GI+w1G1ICEVZD0tfnB4/CSgPNN5qnVAZ99YZulTMaTpsrB3UgSXK9dR7KEu
TouMn+0HKHhSXym2xGAF7TtSJlG1wvhc1HmqFPJJZeIMt1KWKRCU70gGToJ+
KFncOC+H/bBMbftLdMSYElEk28QERYUA0Sgc4AGlmifnkNe9iIoMsFZX4TQl
qr52MycVWimlVCVKOdNTNCtLuc6S8J5DwhU43ojyncRyVow3t69xTSC51h7y
6+1r2RRd/9pYXPEsLFOrgtZNTxWbFmVM0llnso5qDwRDwhDOL011oGMiloVR
mNsaMkMVLlGkMzulXruDSVLXntSjIcaEZXlqwl794rASkee5IUjmcq4XBQFT
fM28wA4c62li7BsUGyKVNWSiXHELscOwFmsqTdO9sRxp9ly6GBebKFWC83Ve
arhGcAYbTKGoLENiR6RYwYhwZKDtaVtYgf5VyqWCdUyLoN3YjBOP7Ipm+HVi
yxsSHWPq64sWUywYsxBLsJMjN6iIvqtLbZJSYGIuMWideyhYJZStgyR/Qkgp
5ho42Tmpz3fPVjPSUPKHVFdvDWzd1LPcOXbdfvHjl/ARVepuzrpal0y/IWia
hdOr0WzX6graca04qzJ+ShSd2mY36EglXqSjgIxNKzKICfk1oXei5iXCvBDj
qmyfktwst9jp8RPkq+JLswFcblqy3jLR7Jqsn8VnrT29pj21NGuWbFI9E5k+
9X6ly2kWfGU3CtqQsqiv6mzpcv02VpJ5ytbHtNBVW6XcXOtOCuwZp/qDHN5X
ghF2PVgMWdW18wwb056OfJsB8WPnAhvtnE2B3CswZl39Ugxo9vFLoDMr4HaO
hLLM2gMpquzp8A0Dec2/Xr1JaIFSAe8oG0iNSKdXQqPuTsa3nfwQ8wjQEBjN
KK2J/2AaZ049Vh1N70YCnyZSrIxK4GPRVBydHOSkf1il9opiK9u6XKk4SgtR
b5pDO4GWXml4pTE62QFtFBBXDJvTuXc6ORjOL2ZCZi5+6qGrNd1Q7T1UmoNr
G3Dq9hsrwsp4VseKkNNKyhQfeQ8dd1pfP93/tdno+q0D0J5ahy2lDolx2f73
sEJEdl5Ul6NBVSV3VNVm2f8KkyK0NO9333rX3wINsGSsqlXk8rFjaThWjamN
x4+HT4+5vWJMpM9PXLMec8cXvbKlYoFNgJ2Y7i2v6iNS74oho64Htuu4eB6J
176F197vxWuG28HqxnG91SZchk+djiDyn6LByl29PGkBnjIW/4l81D/YftC5
OunWP8oIrQMcxBgxuldnTfW45zkIXXaTCFK+RwRhDSFa/07Po1lJuuax943+
yWP0jvXg97/poX5sGAOMHL11gJavsyxmM29V11FV2iXAdmLDllFUksAI+9Qp
ydKK/XP9V87oeX+jMtrzqkmd62d2eJjlQPQ/oAfYMfObyDCi6Z7lv5hweyGT
iyU12o2Ls8JBxyJA6EoJxqVcKGiYQ1GQdefkZQxTyoG3nOzlHMKkElO+HUKM
nshr+y7TEDa1qkrUkdJXtBBu5/ys22ZDdOua6/CIwZ9EbApjEHn0Vg1tbiNe
A1jtI+Dx7BuWs6sSknfvSx3JuQwK4UCConlHnWoCokMETeJBMSJExWSUVybK
BwI7dSWsQFTEOMxie4gs5wMGld2uLECwVRpJpy+ApVhc38fSrmtl66b4ByVI
V7TtQSv1Euvcd8IYyxwz6N/ySvxbK4LyEfL7wdVeLO9Br16hTCnFa4yproom
OeIkL568ic/g5zYUBfLscoq5mLrWVOxyBiU0qejFSUI+UjKMBRIf5Np+SPRf
u1CFXbH263g+meYKrrmhFWYqrSN5KjDEJrpSY4L0E9ib36xQLWZDv/l6Yvm7
LYf0n/AZCdjD/36DcbEdn/Nd7hv77+LTq8eVPGprnO/f/4QtNH/8kL9PYvNb
kfyoA61aA+G4cTjRMoMaVzpc08iPHtcaCMcdLdiB+bvHtQbicZUN7nePqwfi
cbGdbjC24f2p/bUGwnHTBdbA+QP21xqIx/2D9iF192HQG2Is4e+HdxD25jIU
jjufUQLC7x/XGgjH7cVxRnT1945rDYTj3kSzFL+y4dUNuWHkR49rDaTGRafP
HzKuDKTGZS/7HzCuDKTGFXf/7x9XBvrNc6NanZLv0vGihym8Uc7KkTksLZ33
qioTmbIofxEqiUx9NAd2UMV671zMJBPrnxVqmpGQPtHyMgs0f06dFA8xXLHp
kwO8bXkoGHtSbFvVGUBznQ7J0dZHCgtaotk8npCUoDsJcljUZBbkpCiO62Ab
sprgRp6MUsUuhY1fE/Vl8dm/FpJ5nTOBcsSNJbohC9feCACDmraY2gGqNSlv
nYxlHKuKIQtD4R0yjW0wyofVCzwYgq+iuELFkPGKUMiKoWgVRYQqQjUq5par
zlJWSaJCCW+++qTCk6bu1GV3xQc+TZDJqIoHO4JqfgejzT0rc87NMNdOHbQ/
i4pDnQWkBM89shEfoQr2tazc9mx6Ik5rFI0IfcruEkui2XRZbYpXxDC4BE3q
4zE5KbnMgzFnrNGprPnzafRlHhb9DqeUPY/tgb/MI+482bazn9ZPm+0NK29X
GXmxQIztDqRQWlEEOKQuDHT2V8BX1c9dVRdQwZs1E+PHpULp27QitYUyKUuJ
xeAClKqtiywB4laUJQCPoU00hEeKNFV2wK0wIXmcWyAbZa3P/6PXpwMuuboP
RrzJxTOZorYHUnZd1bAT0Hg4WYzn9GYx5Tmy4r660PCNfBAUm3bqwFHVXk8M
8Ir85yfQy80dqO34wWPEeDoVyC0BkHoq+z46c9FeeHxMFt13fHt0Nu7JuDAK
DVrLqx92jhzJOKq6FkdoWk3E8ndiqoLMPdZJrOBVOhLJz+IZgoKBX997F04m
kWsuV9Px2MAfOQaGUkkDslQFMySIprmV6g02DhBtgNJq9VGm0NR31SwIQeqM
pYdB4q9E4ifwZZGhrSksZJf4Q5UbmXsUC1HqHoAGzHA6TGD9A0+5hogcJ1SX
c6obkmHH+lvy7CPgSnarKLGtYslZFAGjhRqPG0iSWOQ32u/P7CI8lEylOKnK
wTMN5hkgakQZ37iljy1urfuomWCiZR7hGJaKx7YKvoeYgKYi/xHGKlW9vSOa
IHECaUWXc8xDFmKN0tnST+N50ld1fyXK4o6uQ5KBTI51kW+q6KjFWA+zEwRf
akd+0Oal/rav8hl2mSpRoEVAxtol7VTf3aYa8p6l6lEqzrhcym8aZplGJw5m
8qwd5EuPbRCmVO8a9tdqAUrbO0/FJWpnQ6iCvAF3RUtUW4aA+0hS17eJ0KNy
iLhzBcWVaBJX2BO5dJKSIpfvWuHgtZWHZSdJGVnOJGIJCuW6nIptOW8awfqu
WKNqraJvcJTabVKLYTuhPmK0gdNZkRDu1yfIZdi4Y/9ChivkikKJCCtXISPH
LaC0QlTZb9kZO0q+MrVpqXHfmuTrWSvAiHgFQ6ilVWybeYetN1UqTm9pLVCF
LAOCz1UaDB/BHUapuJlwOVZMW0I3P2eiwj0zNa61lmEXjiMMjMw9yWAr2bpH
yi426EioYXZFuYoIqdb0TdvhgsTm5q1ZPhErhEM4kL0yQr782vLIyRkt7hpW
4ZwOnVepJdsVf6eCXXUBxF0Jb7JmZlhGAR4ZIQnh3Y2D+pRVLSmj13Ti1w6P
ujaU+NrILXiGrJeoetsmbTwvwYhuyk0Eg5xmRMfqVlbjddimcYzqu9MY1ZOe
AQZZTfMz1phodpLOMXPDasCLVZ6iYnl1TL7ATjIi3hNM6B7BBg2yGXT+KEDM
Xau9jsswNnp93HRKj2VAIuC61eYlj9JieAyCil90gz70zVaM76QFuEKrWYS9
NOKOXD3ufhWYWvtOQckaRkBQ6QxJdCIKrDpgYsqRLhjIwTIcxUjTGprPDZMs
co2BnIh61ikxXmY2PpiyF3mUIKCc3FdMtRXIpVi9RVk5y6PQtMluRU1ld2x3
SyAnpkJf2MOie/DiOvnVHdijQuNvDqjFGNwp17Munlru1Okmg/Q3G9utUEVK
tY/WlEcRBDUZ2ewcpJksMlnWRoZHtzrVW/4pO4H4Pu9PqQ8FXr4Wxz8GXQai
ugWePapdNdhOJ7PqZeHjdgWC0oIMXZVdhxfbrqNUUsVAJ7DoAksmfNaGjdw+
VsVzAx5Vx1LF1HSKbClci9iFAlHSJYlUFoo66zDiFGpreOtUS1pvOeB5P+PX
iENvKIxdKj30qRWOCif9CN+hlTyYF5KlbgcwVG8CNHkyn1Ry2eiSJyedzrXa
Y7yIa9TPKWclkXxYZybCJnFxLVVqpoMutFErlm0i2zjGivIDc9eoHJs4icGs
36Np8ni7Kh/wac5Ce+ce4RXs/iuceg+68/IOvZ9x55U79PJuu59x6PHIlpfa
Mtobp9Nv/lWY6l+KpnU4iGrJGOgcmt1GeZjdke832uPIJWPAyFYtBv2+KgLo
P3LkkjEQZtQoSZzwf3rkkjFg5CnmGTuzPn3kkjFgZMytNy7On4O5ZAza51mU
LN2Rn3qCJWPAyOJN+F0jl4xBaV75Ksc65x4NeLpehHRRKQqXTgnEfDnhYotE
O4pLZfua2ixWWK1Lsziyw+rwJX31iuCPo9vQEPJSnjL1cvWHMFbYIrGqdRUz
KyN9o8Qs9Zm4OGZhdjFBWdUv7reerTLil0BNUrlSp7NQi26pJzU/kYNzORjK
CJGSHNP5BBhUX940dUAxjJ0ytBNrs5T6lS9Oq7WhfH0DVLlQhneyE7iEZUzc
gGoVSI3c2NR1C7ziCnnrkIIxZyszHeiO8rhJB82LqmooygpjeRpJGoZ2G7yN
UiG0IBEIPBb1qBhyVynSpwoTlnt8XbBZ1EXItLqxirFKc77/X7m91Np+v8/L
2uc1x+gR6OaXSrwAFGdipIVqMug3rNzSQQRaOZo/RJDRJ+I33tX/2fzYvag3
uvX946anpUBcyS/b2zmPiEKHUpg0/gpwqI9ipqCx30dkZI6oVMJTIOw0Tzqt
buv9Q/AVcNSGUxRmBA7VU3rWkRTs/fNNS2E+sehG22CIOlnAe/cDf9J837yw
N9m/fxF0q2zA88WmEHoTyEePj8ngq0rKPmVrj08b9eOybWVagLxZBVSTvYrq
c94g9hpDm1TAwvM2bc1YplbqOZDRELVwcuZQEQ7MfjVdO1VB84Tr+mB2k11X
f1UCqV3UBu3ltoJFNngTY+qOnhb6sIzSSZU8RNg9j3NQcQtUk3K9B2rBKt6h
wtzHTtAWutcPZky1Ii4lUaTBKmWOMIoLnGjNScdTyDVfGTKOlay8bAX/4Orc
UhLIgOwq8FxdpJAdwPUFa6uZU6TZkq7HoT2tJv5FJQw4iQFeUUx7RHSy9bgT
l2waNqQY/2/96Ub/nx4WQ6s9E8acVy3d4GX70O9vGcKo7zyvGEBgd85FO4XF
HO0iceoesi1IbRHbk7i4wL0nBqqmQr6llpJlTFdcf6ySuULNLNUlH69gihox
JWHEHoD40knj4uqsa760EQJRQV+wZTU3BMUIhqWjHjQfP2puCBx1AQJTbrE4
6oeL+pnz5T2j5oaguMNp/ksa9fLEGffeUXNDkLKKVQCKsGJplcfCmhtCjVpF
K78KEDSj/hNLDgK3e8yo1hAcOUzZxnlYYbDW4dXjYM0NYUa1p7JG1dA+YlQ9
BGNWYmvvBrMuQER5HKy5IX5jAiRVH0qvtikzG2h6IJUwqHEXBw2xnkaeb3EB
EPE3SbE5TdCOuWCVyCZb3PXBriNsGbqz8qriTzN4W4Nc6yAUD/VMVZ7Yrnup
i1mYmsGoy0lZ0Yfs3boAcZR5lCeFezVk2cpO7nALEqtCxLHT4TlnmHTrUubK
jNkqvqpbnCuQoSbhDGOstmlFWFKckHoxSh1l1B7E7linTpt4sSqMnH9QnJxm
ZLO1A7W3D7btUMXjV+GD8mkOAxFiEXGlHSQVdNcZP6Uo9VNpLsXKHrksF2W1
fmKKi42t92a5PM1WXbZz/2/ZrEsTUf5FmSj+vy4ZRYY2KXXq9afF3Zen59HQ
Wlf4A4a2xsKhpaikA7Wb5XG/yd0e2hrrN9ZoOK3PjkowBEBdVrlw/pqmHWv+
lzlHFgUat8qyyeqmdKiiatRPQdEm1ATV6IHAwjhXThKFKfDmq1zRG9NYrWJF
kGjCuDLbjYvHm0AHFc1fvICuGRAvn7RVUXW6YKZ/ElRruRaCdgykX+9jNIR2
eVll+u3gdQmIZc+76RmnqRNHLiLAnvFSMg21SpRaC0r78SwsN3exbWpNQHeu
u5m5QFUdIiWqscZaCUci00Bm2QWMT9C2WFSofpW1KaHRzVUfbKovKIiwolm0
Clh1z8VbizAaVk4tH5D6+wwK5EfGDTNhJ9pe4DbTQNPDYw0MckEddHOsvsri
K7Zen429FHZgt8yT4kGKmue9BOpmk0BfFAKMrZL4uVbncTgcuJDEUFJ5Zd22
Oav7Y18tfZcUMD0VP+QUlsvHZIjyvZ5u5FdhtYmXQCdp7QtERSE/zkGBLHZ9
snsLj5ljyLX8du+jjtMQSUQcBuy9Vmb/Qrlf4zkp1EU3pMAq1qxpGl1JoHwa
iNx4fEKrj5mbC5tw0aYlVxvmnqruwvpBxVPwxx+qtLxbfQrtpRyHlHLVKa75
jcWQ7puPs8Ax4YFsGnhIWI1C22GjxMfKinY/CSoWnvS5FSD2Q6HEe7u+spnQ
fk+6rcxCUpFgLyjGFDtK2OpFvnwG18tS3UMk+shlA2j41y2jy90Yhj9hwUA2
9uAZebCJaAx3xTFd9U/cKXJBbhLO5JBKZiI/C4Iq8RjWZWgOvFA13SkwD8d8
b5eWkiQki1DdiZQs7Tx1+06AzK2tzC0/uDA8tw1SVXm5RJoppeYU92EbsbYa
hjj5x9rL11t0/6jcsvLL6agfHZenChJZkbSO/VEcdum8x7kv1NlEpiF1oyMN
Qvz9IA1f7pYx792Xu3sEy1mzXSX3qguHxP6i2VcX1Zbmbu1Wu1nV8bFqDiKC
hlTLETtwC1Ws2JXT2K/ijUBpparOvXBMscTN92i+bDTXnDLqbF/1qvhvv3nU
OvHVc/SVt16r1Tb45+bJQe5HsoF6v1DxXhUd+94uQHaGqDSgui9MIay2r3zc
uVqANbd037V0jta1RG1nZhZXe2FVDJumKRzcbc+UB8t66bWJ2u2FVmxhwaBu
FVhTPRCJq2XA8r1iqbxCUOD9FdKcdjIEDVeexMPDoG0k/OTiL9QeK1rxMXcB
BHiCzC0RiOdf2jzbkQ6shtTUhtp0pdabsroXtdvbevUcxe7c19Ke20znNmSm
18pbMFPTaXcL4c7SbUL712Pqwel6ZYEFNKWwBLBm7cczO+vZayO+bBcxK7Rw
LqVcCKVsCzVr1q1+C92M6+UD0IHQm7k36PJPtV1/AH/oMsN/9XOoxpXh4fwC
fImWIW/p7gZJSNK7qnvG1pW2E5+QK+UtVFNJD7DMO3TcW5lNRo6xyvw5Zi/x
nP45XdFGj8NsiGtrGaZuyTDvUIbhdldmMjdKwcq+wH7JVHjO0laBOEUYtYN6
nlQtdaMuBiF8kjBiUmpGy14SDfybIB2pSABTE8iq+r/QnbOt1DxFfzz04ueR
wK+PSadBb/l4Wb47nTDRIdcP7Mu6Xai5RPZWYj9FVALZ26Bb4OlX7DQOJ3ZF
Z0xEGAJFHbmeuA1OnDcBkUMuk4wtihTgpYeSXWjrc7n9WtUr3Gpv7iJrscQz
EwKkUKRbin2cCj/xklXlJ71AD+shKgEFBY2ZrqVlwVrVxS+dEp3UA7mmzWDC
eFLO4ZOUNLvYM8fdVsyCxGarkoDzHd7ZJeDQKnLj5nabPL43c5xBKTcW/9Hs
FzsTKK2LFjiNtapkp7cKVVKPKnk0fyoqIUaq0ZJHojqjcH4UUkEsxxCo/BEV
9D2OLCCBF3TGCgdrmXrVfcqDncQU6JVbd742NRqvuT61pYjn1D26NjfzhLQw
07RepFAY4Nq2eoimfm2HOolYWHHQSIn8uoKuOqpiSeH/9T/+j3RFFJfcaKqW
K7kr17YUsqHzRwNaNXViBoajwZTCgCjW2fTkgg1rSo4DgTrNN/qw02HuQqtD
JCXXPNwbUNpD4m0ibjtgszPefNbTUc/KlwqLUs+i5YHu5MfWoRts9KcQM7CM
jFRBYUo6KCtitrlRZqM8ICwMN9NMnkpGFCZA7dVbchUNE3lGTpx4bPK+yZtP
uW1EYiybHGvBVhobj2vKMGodUVatg09hBt3QCdHSLu9B+0zxLHRVVVKgHWCi
e2OmE7h1fVhW6nEOaEpEHxTnLL4Np9JETeUgrRyvQjnsX215XCrX6jReST3S
K6CMlfE4HHhSxdhpk1vzT+maUSplQHjLlflNHWZaobUhyuHpNKzPl2FjIDFF
mhJbZS0eVVdQRVdOmZaxtQX12QoL3lR4IErDKooFkhau4yNNAIUyNgTcgcuS
ilQTM7K/FDP3aQxmBcZ3aBrG4DVOTNKnZit6TzJuE54qlqAJDG6EIngY/0dS
E8WyTcPYzarLXThtWPcMdrJOrm4ePiNJsDEmTKM+xbGadBgaSidhbmV5uTxl
wURttJawipDEvDtr+j6TNT0doXhA6vhNNKwGSX+ExnRciLn4kTWEKB+R1Gew
YGF92zMEgcOsODgssaujU2oSlkTlyO9N/ls3WgQJcbYhadXRbIQv4bMxLgiQ
Ptk037vvVBxyBVTOrqk8DuZTsZbr3ng3PuaYF9zMjP3BTHWd5gzMOFkQCdPt
6BSOqMKTQXo39J5V7/v3zPvNNwXM12FvNgqetIc8bfSvZJpn9u+/Kf+x7ZFz
frcVhrLf13WDlz+V/i6WsY3y8RV8z1bAZ7903/p/8xuc3rX6d6JS6883Sn+/
WzH+w/tnlIey9T20f3r8Z/et/3/Pb0Du99+KvzuAP3M2mPDLz7/vOSKJjKgw
fX13w1NiyvrOhnojN8adV75nuKIT9F2tb2/kfhZACtj827/ZT7mLtV4xt7iw
A76hzc4rzkP2JP9RNkvJWvSevNjIrwVtdt/f+L8oEulnUTYO/33N7jm/BqId
ySIWdbHCWDRtscgg1sogmdIRaTVfdHNFxIXLtJmdtJZ/RzVkUU7kfNMdUSfg
DeVcxqKs8wDYWBaGhVr6bkFkPbmxnWL5BsnmNGZUJovm7HpLtz8DoEmN8oJK
hGR/XbjlhoQ2hRPg58UumVxew87FF33fB/zlzSk3ioCKlCpeKFNiAwnJHuUf
SGKaJVTAHxgzbqlk567OovWB9NS4+PjIavpHSeShW0LDqhGOJXFCyjmyc1mn
K2Dn8uPlmcX2wNp2L0GwHjnhqYsSe5vvonDhqhaWmT3fhcAoEyJHwxZqdKRu
wMlUCeAr9lxJIBoNdUQu+yJp70lWtyoKkwSEldxTi9kaBEBZVvt3yB+7Cwd/
iIXJxPzjOQ8j104LYVsuYr5QwdeW9MYnKCLbIJxFEnmEMqDtXLBQUxd10m0g
SGZa1b0kJ0V0V4hpGOIG0m80DqVJCPWDJmnICXHS/tF8vj1jmuM3t0HJtRom
ECREbU2snigrundZBwhyXYWYvPjs98Ggg7mkj3N9tWgWrNwxOxJFFdahywB3
MYjSkhDAbs7pLte5YoRZc3wVVUxBioVZ5uJcfzgyN3OFJPgx1yTi2mQ7KTem
pYB4dphcfvO1z9KqASb1Lu3CA8UZ8yMqqhWp9G6dAhGo30KrvXu9+KXxNdj2
ZgUF8Yxrp6L/tWm5ZwZTTRO65gbLkRUmTOUyu6/mKgy4JVNSpD5eSW9kILCT
GO3MgSLjOlEiyE9hBZdwQ7ipCbgpDO1r0l3Ctz37LCtmWqsqBkFsW6qEc+Tu
WZ42WjFEyB+M3od3XIXtjJeFsp+erbUEBvndi6WvJy986W6YhU4W6AABJZHR
7k78cDLLlib6R0fZ9sJ+ME9V8Q8r8c7LOXRyqGQaKpPHSFDy+o59lljGRLoY
lZsRMvb7Yh2NKOnPJ4K0VqDlo/DBTv3I4YHjY1lw2wVTH7KYVmo87Ksuf8W5
uE5zBjcH2XSJ5MNxak3IEkLNC2mhXsHYb6MjZ5l2MIFW3+9SMlPR5iyOF9Z3
UxFeXfld0NCy01Yc86Pd7ER6dFo+WLsnC0XGA1fIjL2z5jc4xsFtXMAmKhqe
7SNEJFgtz6VIW0KdjqzOBZQwEqgbMaKCNxIGD3I8cEBTFcsizPmOSY7/0Gr6
KNbU6dLYdLBXA3kxTbdQwisQ+ibzKRmXrWRSc3uNVFuTnF9plkb4TyRNxfMZ
E7HFxjkufgEHPYJ7G/FhcoJlwe9qVQy8tvmhjoqaK6OYldvuegMZc/JJeGUN
qSjqBY3EVQCiqsThhEJAMKzlQt9bVuv5YnQ08aYAh7TQLBsNRFptKhA2Q/uV
SVjhhQ4mYdJRTiWCHK8oRJJ5BhDu3hNQYFYOCrs5O95lNakKS1pFN2vWpshQ
3FXvzuQ5c+FmVfzas+pNS6q+2QKedJ1wiCg8Sr4dqf3pOiamFIotromK641A
RypatikdhBGYqQeidjgdaIPwL1K3yXhiUsw/MLiOI/VHMb5trKDiNSyUeFC9
lnQ2pS09ru6Fjg03Q1E1CoNySqdlNzTdJYsS1L1JC1xTimselmIi+47Req1S
LlxtRU8d62ZD92T2lFV9uWa5rCyHVGO3Z7GSeXaz13FrrqqKV0ReTFaU9nsr
qzSzmDo7hODgw+juHrLMJ8qnkAr3A/RhAJWnQrnzboDW5ZmN1MiQbHddD69Y
bqk0/deQABNoxMh5wkH6q1HScGy2geSwrmSxUljTOMmKMgHvGQac0kZ7PLQu
Nqjpz4pQfQmrNKVLBLicBVzQqaKITKnWFEwfh912So4nidGMWaWvrWrp5FSm
JoKTWZUQLQnV09uNkTRwdzNTKptjY1UMMmHz1Ikr0ptQkQFMAI9WSaesMlql
+XNpZwyNQnwxvwEHYI+5AdHwjYKOrfXlNDbArUwTU2GmCtS8VY4x9kJX3YbX
8/ErJMAUO4SrRZTrIsYBmMcSOxrc6pjqmiYd/dzvir0oxIC3/CWWygviOV9T
BsWaewGj6V18S4pClFqLgO0Qy999hEY6jxUmVVhqJudH8RCrDzBIO0yncs9G
BoNB+sjJtUEhd4IP5A94q2oPuHfEbbWcrxnwuAQHQ0hNh9QcsDX/QARTDL/m
7AVdB0LPaue4PSWjwZSXD0FI7XPAEsXOSFHwXFNZXexPQmikPE9JOMqGXCVR
OnADOkq/IJ5mS7qshLBmZckoOm6qREzRZs5AdTDW1QfQMqN1acX4PFYlDauR
kCSF1I8WP3xT6dvOvqIGBRLMbhNgb2GTPyshFbcx1xY7SJW6pLoiUOEfwDIu
fUU8TSKrdKXbFDZ9Eoo6oVzc43E56045zkbH8uo7yQuxXONkoHjQFU40cIBm
64ydI6Jo4ekYc5pyzhOnKC+n6EidXM4xd0KW5U0CQGEvezHCZWmuvBs6mwAj
3VLq/Mx6iJ58hQpDBTjF/KQDBDN+sDwMk8qioayQSVkbt3wUlyVmLSLgsLpg
DDRqOqDy0e63cbIms6poIyeRTXiVrZA6d6wkt12UPNa5Jb5ZAkFydezRLUNe
ksKpqcz8wL2z5L7QiRNKBYsLQqVOn556Osg1mt6MuZcHPk31xRTnznnxlKYk
9d+5pc5ULCpTfbtRKsMMGBsaov8lBlPNKCwo16yWn8QEphWM8dOMhaCTzqB5
U1QZi1zPSZUlG7KBDGQc2ogXOOSDbVBUjJXT+hwLt0Umy0KKHidJcGNKnVhj
3GOu41AH19lJOMpEYLTigplgPg5drbwX2othA+Aqj5xMZWuJlHovtMizefY9
WnUxzI9i37XuQaoOpbbL5S0q2N2y76l/xVJVFijDAUWKVFskdv7p6vhpPA5N
IavirVMX0kPCZTt18xtla3QrJDZR7LRvYuomP+Ub9TJhNz5v1dyBeYbO7lL+
mYIvgWPZKGyX6hrDnYzvt9Xftz5KBXjK6gq2aZWd4iyarrPi3JrGKpvROvYy
EOE05wJmh282z1chcKK5hCNhzaiyGDPVHQdx4g/YIkEBENaQL7qJbVYeYDRd
sYUmSl4v7D4ZXKbD9AwhhqYzWlGfRgN6qvBqOI8GwVTH6UkLEt5AzE4bRyPc
CHKaudUSjY+XwledNA4Tqno/FlkQl1LN1bn2kQqAL3ttAVB4xhUUrbYq2JcL
G10pL3PRBx9IOgPFAjrV/DG2exxbsav/khu1wtmla/zbgRyYIAaqdoJSvJYB
DL9NzPYy5/Rcf6tYpp0UPSwbpmc3/MdJ9vyjOJBT5QGNbHY4hRZpTUyhcOAN
T2fI2cES/y34kROUdC/zyctbtrtktUyYsyZIojjFvjhCnO2a15xeTJ03UUYW
mvJdLJkAb69C/nxhX039ncuSeWLMpNAkTch1lxxpQsW8rtDP2yKdppxTjitm
Ofd63vmpV6wUEq65oB/wbAf8z63YXDRUQTCIJBDf7lQhPxIoiys6xSh0w80i
y1d9Sjxt2nf0NQrWNsqssaG1f3Illp3Utn562mir4qd+bhnaQ+GtpKjFuOND
yaih6Pj+UkdlcQ2JYhEG8r/Jw+J08+udk9q23+Z2N1KTIJ1uVyfx4IdTSPLf
GqcHTb/TrV90O//heWfvWh+rarOqO1s7LyRw9DtAHWNIqDYeDKpxMgyA5dOi
MFZ3EA/WX25IOZIwg6d11KkqGIJxmLoraop/zW6jr+uvcFwEbn3LvMPfVPEB
YxdBkNZfv3694cM6DpqHrZNWt3V60vGbH8+OW41W1+/WjzpYt9KjLG7Pgx9O
YXF+/fjY/yuocm36E2apq3RI48b6/qPiYyW+evfyolmtHx+dXrS6b9sE0uHF
adt6x5wnwLT12q9WqYQxGrxeb+/8w/tdW2Zt12N2S3YqKANua2f9xR7tlu83
7ATpsrQps1BEhO3mV3bp/2tX+CiEsJBhG4veM1y4uG1cHBwsgIf1LepJ3/Mo
dbpYrJTQ4l8M9u0MX6ftBojyduBiKjg8JfDmUr3LwUfgaXFwB3AWmEPTNhxJ
/+FUbv1OwGPSom9FPlR4SSbj07zQaX1q+utbtVq7/nEDC7+66YL85qoMc9//
+9Y/nLKx1q/+6Rle2PqxG5Fe+g830KkvAbjnI/J5P7xc/mLJckHk8vMZg7kl
6+tcSgw0hCUkoeJ/71ijdMLsh/8jNzoFNvinjW6zCxT2onVyhOV18yCVgX4L
13FAu6jJmj2M3kOZsCwB8u/b5mWzkLIn3cHu33f81S4G8PcdC8R7Tvmek/TX
6RkqR9w4Bep8AvjeATyv1WoV2Ymzi2YHvv1BT/626tnSfZBX/fvftdek3/A3
QPI116XsoFR7wNZJt3nUvOAtTNxwrDR/rbbNtcpFbiF+5L4qm1VEFrsTTpFa
MCyiB9n/HoaGTLgIiykqDZ86HZn+T3CxVkzqX560YHSe+08IIBwwbXnn6qRb
/ygjAJ2GQcy5UxlqedzsANc5Klk/LYpXTxDWEKL17/Q83sQNnp/tKvRPHqN3
rAe//00P9WPD4CyuXB7J1dXWsxed4PLrbyW/m1Jvq59RhczcJ1SgXlWa3q/4
lVpXr/pR+j+v/lmQePUD0tl3xe/cSXr1rw8MT/2Vke2teoCbH6/61XSNX/GA
ajB53+8A4n0/Uw/L+x6Q9sDuE24QT8mPJeeda51U9pJqIlHyW6GBQ8kz3HWk
bFZqVlD8QYUo/yAxRQniK6WTbX/Hf66kkxKPpm//WyWh+Szm6Mm2YLAHwlce
O5aGY9WYOjb28fDpMbdXjImOxyeuWY+5k99INhI8Yfe2S0dwNu/JRyJQ5Dfx
vrqvTxrZge7hWUwJ2J+fJX9491WD/flZyo/TwbqfO4py8HMM5CcOQkNWfgou
D/oJwM0ED6xA+NjvmGDnoQmUOPezEzx/aALpY//TE+zePwGz4t9zBi8emuD3
btHL+yfQ0sBPT/Dq/glYmvg9W7R3/wRaIPnpCV7fP4ESaH7HRXvgKotI9Huu
8gN3WUtVPz/DA5fZiGU/PcPzclJtM/OfJdblwJc3+3wa+Ahd+fGWN/x8+ujl
R1ve9PPpo6/emWLjz6ePXk6gy5t/Pn30cupc3gD06aOXk+byJqBPH72cLpc3
An366K/yV8lt6PJTKFlAlfuaGj0W5Bxc+Zt0X4ejn5wif53ua3f0k1M8sFFO
76OfnCJ/se5rhPSTU+Rv131dkX5yivwVu69F0k9Okb9n9/dL+slJ8jLQfe2T
fnIKlIJUH7qivveIbnRlBjRjDMxbze9T+Z44mW2NMxMecQkXjGDqormpdE6l
AD5xRmPbe2iBeXXtERMVTYRmksvuoWSClUzBCttTZlBmxkevQqlsT5nEmCuf
MI3SSp42kbFMPnLLtAL3tHm0/fSR04ga95RJtBH20VP8zJalT98yo9A9ZSLb
KGwmEi9LySyi1T1lCm1Wfsz4Rql7yhS2bfoxs2jN7imTWPZtM8f+6elxs36y
Yg7kLE+dgk3kjzx0o949dRplan/sdomK99RptMH+/gXlFLJH9lh1jP4PT/BY
jmK5DB6ijHll7JGju56De7DJVcceC7vluXhg7KIy9sg5yjwgD8zFqtkjx1fe
kwfGFIXs0dsurpdHSCP/LVr+Nk8OVOQYfMS4MWqA8Yvfqp/U/YbTE8rzzsYh
52bBDQTRcE13Y1szYbMYDiDVi3SLXlWjTBV2kEaRFIBH4W1y93UKYkcCYPcq
DEhkVziiqko4slfaH1Tl0sqY1i/r3f2D9unBhsosdbvZY1WXFWFqayouV8cB
Y1pT32qx5q112i0Em5tpIQwYd6Xi9kyMyJr0BAKcWt+uPa+9rG3XXsD/XtW2
Nmhb7tmV9FG7gpVAVu9KqMKWuBcWhi2Vt6eoSZKeGaJs9ZR/wPHeuNx3Z9iV
KL+y5xsmQ9Xe87WSGCrupoHQqlZIKmhjDbO3ZNlBestL5jgUSeDCqRmg4mm0
VYgXIDXAsObAuGHQV3eq9KSmC3UewXA0igF649tL+9M4+6tClD8Ns7/ioycg
vL3x1bf4zYFZ8hsT4tW0O4u9DZLBAoNCNcyMOCm+r/tLvjHtD6lFjXo2f00x
LwvbymNwst23zamafBGOKW/sjGrTc2Cp2/WIE//cDDANPsdkS+lEq9hMOr+5
wZmnbupBFntu1eaKj9mU8Cs1OQhy4CAyc4E5Thgoq+uoIulpNZPgNoQT61Mm
emrXMZT6FTAUla7CJdXV37xN5TUpNLA637CknHI+6dq7CFNYF4V8c8EV+pMr
PMwTTAxMOIkA6KCO8y6sHVfjm9UEvXjOHWxhvRXJHdflwe1k5pCSRjhzgdss
MBo4BUM57JxKfoeZLgwtMfscgK6PGWttDLGcGfZccxIvAaQ+1q+C+VL8rwaX
YtH17mGCgvSFzUVuAwu5dQok6uKWMyEpapA/p54+Ql7SMlcOjGqguts4wZr2
GWUAHrbOOlWJC8NCCSGWfK94kU5GygOIoFH61SpkNh0NQhnuzylN47lteBAt
5qlq5qU3BSbhDhBpLg18uir/ipvswl5KmlbE5VHtHjirqp7vL/klK+k816UB
D5n7NOktkLB5RfAHYYj4OgnGnEjLrYPcmrgmo8pgnVW50qoj493EqSx+BFhM
xert7C0u90W1vXN5XJx02qEUGIShpXJhbAJGBVVDIV+mv0Y+VylK5EavLLrR
s/OlB5IBh9sM34yXnlX1UxcdzZUNVGVFuDKOqseo85cI251KtlLtzRsphqA6
CJoOePOUm5NLA4MJpuxQiUKr2rFqokhtHFhYW73SiLgHPbCm24HeYrD0eK3Q
rEU1FoPtQXz3t3e3qs+xwUIjnkzQBgFvo41ENcJRJWOR+w51yhqD3ouzkWlA
Sk9Jw7g+LjxI4TSpRokUTMFCbX2E5M6UfbHIMYEaJJSMTGnxKgme0YXaeQYp
EVh9rFymr59hJUfTExJZ0kJ11aPOinyf0nyDtELDD2qFgvlCumG1cMkeCnHY
gbFa9d27pUDWV8/Je7KuFQ6Dkft2/pcQsHiWicxES5XVc8Woz1zSabr0aCX0
rU7Jo4oOIhhKwVReaoWq7IXBQF2dyUyJEVgrZBx+xQoZnFBvqjA+IvFTpYrl
suRARCJQkKoFd3GEuDBbqv41qmSIzi6zciJXzUepQ4XZPErooXHyVY2di6jb
agwixg/QNLARAqmwcDBRxrToQLUW6pjge6ZFbk0T6TNNDS3mfVt80PtgasxZ
Nc7cEq46IN1TJVUUmHiYKpkCq7CQzuAWXBElRlfzwqQozdO1MGIE4EmcYVMP
5OkkBOuGToBl8FF4TaHKC/fHTVWZaik5ojqMOT23KP/Zs4t6PND4zLcanwWJ
RUStibSo4Gk+hNCfWV09rH4mVIai2DFL9RQZcQ8lS9Ogbl3hOJ5Jjn5Nnywx
UKq9XRjOqYZFpYUK2+AU/R2FyPcQeWGLPdWjhnd2No6XWGiCsq5RyLTHUsUl
dQkbnCzQFauCfhZjAUqd7pHo1GjPyTjMl7+u2H3eWP5LomFErarVMrESFaWM
UjIptmmi4sTYyYqKfKva0O7mr6oSpK+FaYWlp7SIfj5VcgwkixItiVXiDc/m
Uyrzksu6L8xL7bmw+SKV2sHeWoN7eml5OYG6dDgjOcFVW2OCgASEyresgTAC
WD9AvbYNqulsPi4ttCEbEGVu93CaAFeLG4ZaL984EcsLfQtqng1xrpVij2+s
stXkZEGnKnyU+DlZnOqJgpgCRzy2WhtwwQMs0gpv9OTjDaWcYMlVG2tqpMGq
LrUF6DD9kzQi3H0gWKwMp55TrN5MR3XE1egVVevWnA8XO6Jc9B710BqgxkPl
XvjQkbOjy49IfLfI40VLSgvFWVhcNzXEMJU0VxnLKYBFfezLK2XpxFvgwmFi
Un5XNYH/wNKKXXJMKXNEEjiRhYvEq0ZqVkHjQgvt+UMlAkTnR0HFLQtjl6/i
yhfctlsXVPvpKVXFGc6ltQR+lTErFZWppZGuNYCO7j7XLLLLX5VUBdMtjAgM
6adg1SLIlXVfgzMEcp6ucUdDLS+KTWSeKiERjhL9oF5UXhye2F+VB0MYqDJ+
IHnsjpa7qlUXF4KijlzuYON4PqB2TthcU/Aei7R3jzu8ZJCDuPqw5sFzjLzg
OmOLsAeCIhZJBlXjTNeyNHJbnHiiusfcJdDCKBqeZVwsFzimOrdWCWXcFYbI
1i6kGASNxeMgvGytBP6hizdJpT+VV30XxdJnSsaM+6BUFCtRLLgwhs4lL1RV
0XIx74FuSCZKD9dUbZUI4NTjDI52TtU4WIDFsI+qzCU6qDVhhW8Eny2J+nOY
CovjmAqXTkWPp9RrJjGaJF1u1YEDii2KpuVivaTaJbxvst0lhjZ8XndGRfmR
mgiifaKm2qpY9J005Ijvrk6rZSnEXR9JCjIUN6yfRFM0jHOlC1jalOVeLRGQ
8StPOnRdcWv02NT24tJcTyp0LUn7E2KU5r5JVQe4UVW5UcCM1RXUeKCEUJKk
5+OxMsmVgazaaXDDnxIoqSPlD2VEMNUeWLhAcbQKwk3o8JSVxZb55ihrhNID
pAiL0qZRMCSDvCU2INGtF8+ubp2di6sWZS7ZYhYC7aopVmkky6RCfU4sc4pt
3ljRbZN7rwD+EsqAbJRM2XYqCi4aUgRNtRHFKogpraaFxc/CRJdKX4RwknQF
pZqmiDjih67llhTpYkB2Mxo0kBIBxcr2kzk1GHFsipos5QpJMH+hIrCC63CW
EfpE8XoPgr5zzFpF5k4mh3bvS5fpcRtM6hWlbMllOFFa40dXGmN7AHAN6wKi
dqItf6zt3HOLPOsWuYhkaKszuKiIssY/p/5UiuO4JEBTHzYS2CX64TXTu1hV
uclGoM1yP5LZvfX7hZFfNBun7Xbz5KB54JiUqC6SXA6G5CYJJuEiTm5Rc46A
Uavhta6dq99iLRwfCJ3Tt/kvcUqDyw6ZNm/CA7kW5QGJAFTApu8WFdP2sNye
W5287I7j2GkENT0tUVigc7vYItxOHVPEd9Wr26jdWMKS2rvEqngjV8rTFrr8
YUu1xihRWpr1KFKSVBpWTqJUnBSCbyhnR+mIuDYVTgrcRg8F6OEm23vN4oK7
2S5rV/doptzyVH0sBeJB5i0yE5ObwKEHMZdbc5iihzSVOlAl/mWrovZamgis
lVRfJH+zvGFWTygvL4c4p8jw7m1iUUx3sjLsw72kyIqUpJFglw4XQVnMtEWI
ERBSrBitLfr/fYQIdLAUqA2IZuEE+PJAER2n5YhSdw1lJGM6rMBq1yGqtapL
ZFUo4E7zVocYu6QT19eMb6rwf2cxlrNMhZdc4pXneuIfaNB0OZng/vfNPSKt
wC0hnQTGxrhORaQjufRkuxd0jxLV/wab/ZpeIqZq1ZIIZjTVFei0zq+7AOO2
MZ2OTOU6r09tkf21mVrWzCxr/Sw+29CRFg5jJ7FEmeZLmrrkkAQGKvJ4oDoR
tW5wt7mSY7OOE9Eju5k6d21jymKLTFqV2Ut0Skvews3U5fFNfWCUeIKxsoYF
BDwel/j+8P25aqnFOEsckJemC5HHhtcqGk/ifLGq7yqnHFvOXGNSX5ll+iII
oYWZ3B8eIu4C5YsooS4FBiQtQyI0wBdUiX8NmPJZINHohawoa7c7MhIUxOI+
eola0iWZfZfGTBInQR/FQ7Roickgz9CkA5RTrl1TJtYSlfWsnwAWVtWsuMvo
mq7psvK2As4/It3jmtlU8B6pLwW+r0mlCs0cIm5HwDol4BfIZr0537kE7Xoc
18M6LZYyZgUV1gHCK5sHyOgKCJ5SeAw+TV73jOuKCcgk/X/NfDr/2TgGkKzH
FmFwS9XyVDMbvY/anI5dZkIYZZDvVLYYxUSxhZS6kkAZf0RnMnEki9uSOB6l
mU0pw0H+uFLaGrrYhlWJjAEvTipeoJeA+v+q8qkFvgnM8hEcl1za6RIgmwAX
tEbAlurIeUCgiJEsX2hB417rmGrCZvrh5JdrVSTOoWZFH3TOq6vo830ze/Ak
GVzImxp+zbFy8Q4iscPWbWPzXJgk3IieRadUhZqweUVo0Fqqve9a5F0T8zEy
gGmf7EggxY2Vn9TSucU3D3o2VWGXGnhsgZjebwLJtyl4WJMH/tlVGSLMBEjo
s/TTUToxSSTopGvZ/JAis0hMjEXIQlYUoG2JPAqEK6jN9G9rfpu6H7L5ViQy
umRA2wfAYLjzmWrKK+yDY12ieIAl3NEFjbNVKBqCbWB0fcX9A+ifhLb/PaNS
nnBP5mGqzPvc4RDf1f4O5V+ileAmUks4Bm28VKCIDsxV0tCrYy0uzUXbqCKo
sES8S2iiYwJN7BIg749idiHN0zlNcsuusRtECQ9/wDB35GMzvIKJMv2zJXMa
ZqQsKWUgIN7N6gSmBsDygBQSsosOWfPrU94rJXRTb4F0glV0+9gWnhEZZ01x
UuI9ZLEdhWNTnR825+SwgaEHAxLAPnCJV5OflKtzGihjr67MWXF96b0QHYhx
ogQke1dt06GuKqvaE2j5RzXNtYCwKihzV4iI3SDE/VO0C4BCo+7P6mY2TjMc
WgnyW/L52y4YHSKFLvCpYTzc9CX1TH/CUDNBll1Us0SnVL5urRUJa18VSpG3
xCnzVAE7cR7bBFfYF6royVoOxWeLF0c7h6vVqt8Dpk4xlYQ+1AMtUWGXuW7M
K4xPDnkCoW2UZbP0zebmELB43qsBSdmMwuymCtOn1cVwE+O5LR2ESI9uyOwY
B1A/RpzWLhaAbjy2q/1loySeD0fK0sXPpxhzE00LtgZQCLFBnVFC3nDQNzVT
p0qbfqN5gQHijXq3Sd967VZr/9VBo1H/dDqsL1r79WHrsj087o3ffT29+LT/
duf9zsfet5fzra8Xe8/O00VjeNV6F39qffu81YTnF97FQbPT3q8f1bcvm43h
4tfgw/utT9H28urjxbf2xdbiaHF18P78/Phg/2IR7Ix3jz9k47CzPRq8vRj3
n1+MvMHR+K73uXnWrm/RIPXF4uhy8vpu0DzZb+/vfjzotnbaB+2vJ5+bu+3P
59/ahzF816bv2t+au1778yV+ufhZSDwFyr2QHN4umourt7L2Rv1c78OBVz/v
H5wP680Xz+8GvQ/t48svQbx3G4Xvd7/On80Pgqz/eft8+/mrZx9Ol0fL/Xi0
NVn0wxfHHz9Onr0+3b303h+Fx1lr+zaZTV89b9xGR1nQ6Fwmx1c3F0evXp58
bh81FwcI/sVWt37+dnO/frmoL5r7m9/qg/3hyXvv7flu83B4fvlyL2oN3x5k
4cWLbGfvJrx6P/j14v3bg8vRcPGWB/i8vz9cHMZ151kv//DBkB4+49nOD+rD
d812PT5qNL4cddq7r/fr7UZ9q19vN88brYPuzLs7n1z9eh70d/ufTy7OPrxf
LJuD50Fj83U0Px2+2H327e7l3YfD7q/1aP9L7/1Bepl9m30azevnX2a3L06H
V97pefZ2K73Irt7fne5Nzz5+/XLZiOv//u+Mvs2TgyLyckaDDhs8U1UhdEgQ
O3kV68A21eSXA/lvgjHCGNhuzD/MfqUj7HjpOIDJo6KGN+WOVTMaI3cbybX+
TmkqOtJ+IKrR0kPLWudtfRsl8BFqha2DWmmPSwOfciOkpnIx8agsDcc3/jpQ
H241E0yL8mgK8q3oYtgUNdtglZjCSzFgOfW0/ccK/QRSZFn7xnF8SwZUs7Ye
B4PohdQK9Kb5HnNSGhaxmXwDYtMB5DlvLobDZr/dOrrdH159qe8OpvV6fTH8
JBdtePr206JZr7fqredfdp692kuezZPdhXc0tH68ap+1P9eXJ936t3b3/Ct8
XrQP9oP20dXR/jI+GO309+v1d/UP3/Y/tffb8B1jr1cfNjUqw0V6W99q1ffP
msud7O3h6avsYycMP4y3R++avy5nrWdXH/vPv+2Os6B7dnD44ehq3B4t3o69
uz5IPZ8Ob5Kvo732cnl70jppnx693Vp8frY7PL0Nrz4/u/sCdKO/uDpiiOsA
w+3isK5XsO/VW81fzz+cZJ86+we9578uGEwB/fxdvdEcdbudrRftA1gaUDfz
2+n+frc1b3dgT9r1hfXDvFG/2VscWLMcXJ3v17/VT/eHfd7o82ZrVG/vX17V
F/3P+zBwNPSQflz1j1pB8iXNWvNocHE4HZ5+u3x9enV1GO7mSX+zc7B/VI+a
9ezDSXS7+SWavk6aXnzz8fWn5m747nZy24+G+83p7BPc+q3o22x3iiVIzxvL
YPxtt5eOP338nJ03Xrcb8aS3+Pi+3zy6bPXD17sD7/Kw33p13ukEQ/v6u7hE
d/+t1XEvzLIlBgwYV1nuags3VN++8ZxCu2+4HCWnzr7xt+lPXecT7m+2/PvW
P9645d/oazuNXGrzNVBMKjy+Oqfe/lf9D//vvSWID//AvgWDXhje9IObsBf0
Qmf07QdHz5e0tGfA3/7hYwrU1vPt3e2dLfj3yRl/58HxA6ccZgn8z7devH6+
tf186+XWq51g7+XuXj98PtjaqdVqZdubX5Fsr6K7j9jb8lKcNmSm7+o//Hof
05HjZPaIfV1RqbNk0bt7L57vDnYGz2Hp+L9HbOrKOp+rIN+pbdfcgZ/fP3Cu
wKYDdhyP/+F3k7mLXrsPD2iX3LRHhCsIZ++M9uL+0ZzyoYWhAHG2cLVWIO76
9gZfWLfENKKFjKINYPwnpnft1PZ2t2rbW1u7L2q7tee1HXk0Vwz6DeDt7sut
nR14svfi5fOXO6+f3wTBzusbhbeq+LP+98Z/ud3f3tt7GfSCoN/b3esFO69e
bG+/fLW3FfYHuze74cvtve0XYch0i3x2bJzJQluHSy0Tr5Hrgd0iu25Ztbz9
Rt1t5OgEzaLCaDdFeZwi0Kh/Bt4cRFoRODnPutvv9m7ax5OPs0976avR6WF8
s/UsOjgvKgLn3/4YReAUmZmI34edDy+2zreai7ej/kn789UCBP6ddne4PDlo
Lz7gd9/ou2/4nXfShS8/7x+2L1ogG9Bs7w7q49mnjxeT44+/wkztr2+79R5K
zPv1tH34dj8JPg6zYOf9i+MPh1sAwftvg6PDreDD63n7os5C8Pn5wUF9sPXp
48kWPJQ8ShHY6x4HW/3LV/Ptwa8vXgQfPzTj8+m7288vRoNvN2fRh+1Ze6/9
/upTdLl8Ww8/vF5+eDe4ff/szjt6u/h2/O58a7i12L266TbOXkX1lxcvorOX
z+IPwclu++0VMnZLEWgt6gesBKAO8CATzysBg+OjxofO7bLx+fPX5d1W3Rs0
+ie7k/fx22+7JUpACELDFZ7O4Nfzc1KUGsv0qH5+vj9MBoP9Ogg0RS1hCFrC
JXL+9qfeu7uri2d3e/V0cvt1+vLo7ni5ezBefnx29vL47NX+5bOs791m8/FR
vTVsPHt+Phl+G+2fbo+z7PhsfBw1904/nb9f3G59/jjbPk2ar+e99NnRi/59
SsLD6m8X1d93Gus/7c/Td82T29sv8w/h7cm3+OLLh1+/zF9+eRv/d1Z/f/b+
5dXf0vv3oVvvovA4uv18enbeAuwZyuf2vre/OGnU6xefts93LjfbV/XpSXSw
83LYWNTT7sGv4WcQ+ybt7cnw7GR376x9u9ybbb4ef3hx9/ry63580jj2fn33
9hiWOT54efzqavfV8KYZpy8u4te7v8aTeKe9uOrWzwjDL2CBN3vN/S7gPOBk
e5/2bOAdDM8/7O9fbKVXv3561229Oz17+27zfH/r18Xz6NOH4c3Z5/oNDdBp
N48O6h+G+91k2Yrq/dPtF28nz3ve19cvRu+3xoeX/ZMOPHDK92mPZ0MkjgsU
76BzXl9cDEGOPh1Nva3GRXPz5fvlzvL8xTGoI5tftkbvTz/cfhnHw9Or5d3u
+YvNvY9bIxSYd492Xx4f/RrMpyev093Ll8eA997JYW9rOPv06sWH9OTr7vPN
5GXjZNBsP6j+ov6LXkU7RuAB/bdU71VhIoH2PWSL2MrWKOiUZF91s+JqOvnf
DolwPW1k+teKuuoCmrIhGSBMspoLNbnoU6V2PsgHo2mZ7A/KdcZWMx0vQLEp
ZDELKBH3LnyE+npEtrJ4KOrru/3HqK938813m8mXZ8+/bP1/UX19a6uv+5f2
8kB9jeutzuHJyXH3doEq6vAGwIwI9DqIE/svD+p3Ruts1Yed8xdX3db2J2Tm
y+1Re9Le8o67F7dXH86z0w/vx+0GfPmhtfWp23/e/nC1vPrWXnwye9aoX+33
yniwp5iw4sGfTl+NPm0fn3/+2N16/fJF7/0Z3sWL87A+ynpfd5Pe9G7v4+XJ
r8/66avO9lXjKtsae4PNyYd0e3bQOt8d9L6evW8M36VHW5fTxa+T7b1PWTPt
AgM0y2kMh826o3wPOw0vp3036rsttNTZLx4Oh0i+Lq0Xw3rjc72lcAmO+Hwx
7Nedzcy6hc3cPen2FydHrRenna3n7YPb57CX0dVOMzvtnkTeSbQFTKK93Z5c
7Z58fj+62rl81Gbae+nhZl60W5PW5v7wCKSFcdq+PPt0cPX5w/Z4uLP59vnV
5u5W4/L2ef9icbF4vvv+eN7Ze757th18O9qZjNNoJ216L09Ovo164734angx
m5/13u+Pks8H+c2EPXE28xSgAZwa/jpF8dS7QtvR8Es0HLaOflZe9RTr/j3y
qvcQv/x/RF5FcdX7PfKquirez8qrtrjq/Yy8mhdXvafKq2XiqvcUeXWVuPp/
t3cty6kqUXTOVzi3KBEU5MwwqEcNIr511kATERSCeFC+/vQDDDForPuqW3Vv
ZWAFpdm9ezc0q9dem3l2vfpoucrcWa9+wdImaburuIrhXbSdCsNLyq1WNQhT
uz9OmZVk6+/vhqxsXFk6zN32Ug+iBC08BhPYnHVrw+NK6vPC+afcrq72y1kM
XXnbMfZrL1GAVx9Kr5HEBGil28IrXcihCdWbBrivaNJ1e4YZvWzVzWAY+YdQ
tcQO8F0Qnd634q1vGK1jnDs7xaARGWjoZuDbvXVs7buclXZsrX2k8ylJ5lYv
DuFLPdqsvBjNKRKQ6DNkTL5xVlNlRBvRtLY/+GUKE9WYKbCbcJfRDj8N12dd
7XNa2gboWEqPafhYHR9Dlmh/kSU7fBPKLJn7p+82e/I5s7TnI3+c9hhlkK7f
5FOgHJXXTnJZBZeLEu5Gm0BN4VhNB9qvoVPbLE5mbaEZQDXcy3R7Qb0Mjapb
5XW98fM8ZF71ORjDFzB4/36zJ583D1/dHm32PNrrYe5v9nhoXqzRa5wabGTF
m4yrvhUfPX2azpOxGPcXMz8chqCv7jUmqnZ0p9aV+wZeHrdPunt2l1GYOqbe
1d1kMd5NlnJ/uITVRaRacFQTq2+71UT9L4O9RaAXA7//g73f+PZPQrI39tx6
ILMHveo8YUppGaGiIUXwVgZ80xE5gQW81WAbNrBZGUKOBXWzASWp7vCW8MTg
31Qn+gMj8njwy8scfboMQY67wD/CJ7DoR8WPvrb6JB5dVm3picbK4ejb0ktP
NCTebehD0e/u6HAtNDIiDzihJYkSx3ONssC89ebfF5itpsQ1TFlmJU6W2IZp
AVYWTJGtC0KTd1piE1jPbEH9WwLzy2Ddj8vvQyiP8n9yD6LJ8TxX52SBR38c
eiZIvFXYg1CGn6o5/sgy5fEez2eEpACP/Khgsz+QI6L8wRKRoYOd/TejOcb3
QaVppg4Wb3N1AVypnORN5oSvYqbIHsRY3SankxGdQiphcS2+SBmUVxGSq4vR
aYT2SPVKMkJbUbKGcU74lyxJO7iy/bIkI8pizrxCMZ8YO4QICVBCO5HhyeqL
wyx/jXxVQkVkmJmu6kQwpe/7pysHOQeqsLoHFZMo6wqVcaN0kQLf60FbJGUp
0xineXzFzmR0DULDgISkmacQYIUATI8k3SSUYJyFQAcVszc/c4bfooCQOlB7
xxA97j+Mx9S7rFK15R2CxIc29cixVDzBpRgdIXiSS2ehEUOwr1gRLJQ3J0hc
dBWUmCizKTkPd4PYU5orgsnqRNfBhkSmBecq5EIRRbpxnppfvD5JJ8ISIITe
Q3TvKmCP5VwwRMm4hxAz7IAHD5T/eUNfvlq5B65PVKhQ0GAaKczyPQixlwCL
4OBVBtBxKgrWqzzCwzVNLEI3HpgQCjJ24v3TVUwynm2Bn6l7Yle8nVwb0JD5
DXW9/SWPdwEA

-->

</rfc>
