<?xml version="1.0" encoding="UTF-8"?>
  <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
  <!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.4.2) -->


<!DOCTYPE rfc  [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">

]>

<?rfc comments="yes"?>

<rfc ipr="trust200902" docName="draft-chandra-agent-registry-corroboration-00" category="std" consensus="true" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true">
  <front>
    <title abbrev="Agent Discovery Corroboration">Multi-Source Corroboration for AI Agent Discovery</title>

    <author initials="S." surname="Chandra" fullname="Sharath Chandra">
      <organization>Stellarminds.ai</organization>
      <address>
        <postal>
          <city>Richmond</city>
          <region>California</region>
          <country>United States of America</country>
        </postal>
        <email>sharath@stellarminds.ai</email>
        <uri>https://stellarminds.ai</uri>
      </address>
    </author>

    <date year="2026" month="July" day="04"/>

    <area>Security</area>
    <workgroup>Network Working Group</workgroup>
    <keyword>AI agents</keyword> <keyword>discovery</keyword> <keyword>registry</keyword> <keyword>corroboration</keyword> <keyword>transparency</keyword>

    <abstract>


<?line 88?>

<t>AI agents are discovered and identified through independent sources — registries,
name services, DID methods, catalogs. A single source can misrepresent an agent
by omission (withholding a record it holds) or equivocation (serving different
answers to different observers); no signature on a served artifact defends
against either. This document specifies a corroboration procedure: how one
source's claim about one agent, observed from one network vantage, is classified;
how a claim is reduced to a comparable view; how claims are diffed into findings
with deterministic attribution; how legitimate propagation delay is distinguished
from persistent disagreement; and a signed Corroboration Record emitted on every
sweep — agreement included — that other evidence formats can bind by digest. The
procedure is source-, format-, and layer-agnostic, requires no cooperation from
or modification of any source, and is verifiable from recorded bytes.</t>



    </abstract>



  </front>

  <middle>


<?line 103?>

<section anchor="introduction"><name>Introduction</name>

<t>An artifact served by a discovery source can be self-certifying: signed such that any consumer verifies its content offline. Self-certification defeats tampering. It cannot, in principle, defeat two other misbehaviors available to any source: <strong>omission</strong> (a withheld artifact has no signature to check) and <strong>equivocation</strong> (two inconsistent artifacts served to different observers are each individually valid). Both require a structurally different defense — comparison of independent observations — with its own failure modes and its own evidence.</t>

<t>This document specifies that comparison. It normatively fixes the decision procedure — claim classification (Section 4), the view contract (Section 5), the diff (Section 6), the confirmation discipline (Section 7), the self-description mechanism (Section 8), and the Corroboration Record (Section 9) — and treats the byte-level fetch per source as an injectable implementation detail, because interoperability lives in the comparison and the record, not in any source's wire format.</t>

<t>The procedure serves any layer at which a middleman answers questions about an agent: discovery (which endpoint), identity (which key), capability (which functions), and evidence (which records exist). Section 10 gives the two reference layer instantiations.</t>

</section>
<section anchor="conventions-and-definitions"><name>Conventions and Definitions</name>

<t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>

<?line -18?>

<t><strong>Source:</strong> Anything that answers "what do you have for agent X?" — a registry, a name service, a DID method, a catalog, an evidence store.</t>

<t><strong>Vantage:</strong> A network perspective from which a source is observed. One source <bcp14>MAY</bcp14> be observed from multiple vantages; vantage is part of a claim's identity.</t>

<t><strong>Watch set:</strong> The set of canonical agent identifiers a consumer corroborates.</t>

<t><strong>Claim:</strong> One source's answer about one agent as observed from one vantage at one instant, classified <spanx style="verb">present</spanx>, <spanx style="verb">absent</spanx>, or <spanx style="verb">error</spanx> (Section 4), carrying an <spanx style="verb">observed_at</spanx> timestamp.</t>

<t><strong>View:</strong> The comparable reduction of a <spanx style="verb">present</spanx> claim: named string fields (Section 5).</t>

<t><strong>Resolver:</strong> The per-source adapter mapping a canonical agent identifier to a classified claim (Section 4), applying that source's native verification.</t>

<t><strong>Sweep:</strong> One corroboration cycle: every watch-set identifier resolved against every (source, vantage), diffed, and recorded.</t>

<t><strong>Finding:</strong> One detected disagreement: <spanx style="verb">{kind, agent_id, confirmation, detail}</spanx> (Section 6).</t>

<t><strong>Corroboration Record:</strong> The signed, content-addressed result of one sweep for one subject (Section 9).</t>

<t><strong>Self-Description:</strong> An agent-signed bundle of sequence number, aliases, and service endpoints (Section 8).</t>

<t><strong>CORR-DIGEST:</strong> <spanx style="verb">lowercase-hex(SHA-256(JCS(v)))</spanx>, the SHA-256 of the RFC 8785 <xref target="RFC8785"/> JSON Canonicalization Scheme serialization of a value. All digests in this document use this construction. Values in digest-bearing fields <bcp14>MUST NOT</bcp14> be JSON floating-point numbers.</t>

</section>
<section anchor="claim-model"><name>Claim Model</name>

<t>The unit of observation is the tuple <strong>(source, vantage, agent, observed_at)</strong>. Vantage <bcp14>MUST</bcp14> be preserved as a distinct axis and <bcp14>MUST NOT</bcp14> be encoded by treating each vantage as an independent source: intra-source disagreement across vantages attributes a different misbehavior (equivocation by that source) than inter-source disagreement, and collapsing the axes destroys the attribution (Section 6.3).</t>

<t>A sweep with fewer than two <spanx style="verb">present</spanx>-or-<spanx style="verb">absent</spanx> claims for a subject has nothing to corroborate; its verdict is <spanx style="verb">INSUFFICIENT</spanx> (Section 9), and an implementation <bcp14>MUST NOT</bcp14> report agreement in that case.</t>

</section>
<section anchor="classifying-one-claim"><name>Classifying One Claim</name>

<t>For a source S, vantage V, and agent A, a resolver <bcp14>MUST</bcp14> classify the outcome as exactly one of:</t>

<t><list style="symbols">
  <t><strong><spanx style="verb">present</spanx></strong> — S served a claim for A, reduced to a view (Section 5).</t>
  <t><strong><spanx style="verb">absent</spanx></strong> — S positively asserts A is unknown. Each resolver defines the positive-absence predicate for its source type; for HTTP sources a <spanx style="verb">404</spanx> <bcp14>MUST</bcp14> be classified <spanx style="verb">absent</spanx>, and a <spanx style="verb">200</spanx> whose body positively signals not-found <bcp14>SHOULD</bcp14> be classified <spanx style="verb">absent</spanx>. Non-normative examples of the latter include <spanx style="verb">{"success": false}</spanx> bodies and error strings containing "not found".</t>
  <t><strong><spanx style="verb">error</spanx></strong> — any other outcome: connection failure, timeout, non-absence error status, unparseable body, or an answer the resolver cannot map to a view.</t>
</list></t>

<t>A resolver <bcp14>MUST NOT</bcp14> raise; failures are <spanx style="verb">error</spanx> claims. An <spanx style="verb">error</spanx> claim <bcp14>MUST</bcp14> be excluded from the diff entirely. This rule is central: <strong>a source that failed to answer has asserted nothing and <bcp14>MUST NOT</bcp14> be treated as claiming absence</strong> — otherwise every transient fault becomes a false omission finding.</t>

</section>
<section anchor="the-view-contract"><name>The View Contract</name>

<t>A <spanx style="verb">present</spanx> claim <bcp14>MUST</bcp14> be reduced to a <strong>view</strong>: a mapping of field names to string values or null. A null value <bcp14>MUST NOT</bcp14> participate in the diff: an unverifiable or missing field is not a disagreement.</t>

<t>Fields whose values are compared as strings <bcp14>MUST</bcp14> be canonicalized by the layer before entering the view, such that two references to the same resource compare equal. For URI-valued fields (e.g., endpoints), implementations <bcp14>MUST</bcp14> apply syntax-based normalization per RFC 3986 <xref target="RFC3986"/> Section 6 (case of scheme and host, default ports, empty path) before comparison. For key-valued fields, the multibase <spanx style="verb">did:key</spanx> form is the comparison encoding.</t>

<t>Where a field carries its own proof (a signed record's DID, a key), the resolver <bcp14>MUST</bcp14> populate it only from a successfully verified artifact whose subject binds to the outer agent identifier; on any verification failure the field is null. A verifier <bcp14>MUST NOT</bcp14> allow an unverified value to produce a divergence finding against a verified one (the no-laundering rule).</t>

</section>
<section anchor="the-diff"><name>The Diff</name>

<t>Input: the claims of one sweep for one agent. The diff <bcp14>MUST</bcp14> be pure — deterministic ordering, no I/O, no exceptions — and <bcp14>MUST</bcp14> derive findings as follows. One agent <bcp14>MAY</bcp14> yield multiple simultaneous findings.</t>

<section anchor="omission"><name>omission</name>

<t>Emit an <spanx style="verb">omission</spanx> finding iff the agent is <spanx style="verb">present</spanx> on at least one source and <spanx style="verb">absent</spanx> on at least one other source. Both sides <bcp14>MUST</bcp14> be positive claims; <spanx style="verb">error</spanx> claims contribute to neither. Detail: <spanx style="verb">{present_on, missing_from}</spanx> as sorted lists of source labels.</t>

</section>
<section anchor="field-divergence"><name>Field Divergence</name>

<t>For each field name appearing in any present view, collect the non-null values keyed by (source, vantage). Emit a finding of <spanx style="verb">kind</spanx> equal to the field name iff more than one distinct value appears <strong>across sources</strong> (using, per source, the value agreed by its vantages; see Section 6.3 when they disagree). Detail: <spanx style="verb">{field, values}</spanx> where <spanx style="verb">values</spanx> maps source labels to values.</t>

</section>
<section anchor="sourceequivocation"><name>source_equivocation</name>

<t>For each source observed from more than one vantage, if that source's vantages yield differing non-null values for any field, emit a <spanx style="verb">source_equivocation</spanx> finding attributing that source. Detail: <spanx style="verb">{source, field, values}</spanx> where <spanx style="verb">values</spanx> maps vantage labels to values. A source under <spanx style="verb">source_equivocation</spanx> for a field contributes no single agreed value to the Section 6.2 comparison for that field; its per-vantage values are carried in the record for audit.</t>

</section>
</section>
<section anchor="observation-time-and-confirmation"><name>Observation Time and Confirmation</name>

<t>Sources propagate updates asynchronously; a legitimate change is served inconsistently for a bounded window. Every claim <bcp14>MUST</bcp14> carry <spanx style="verb">observed_at</spanx>. Every finding <bcp14>MUST</bcp14> carry a <spanx style="verb">confirmation</spanx> state:</t>

<t><list style="symbols">
  <t><strong><spanx style="verb">suspected</spanx></strong> — first observation of the disagreement.</t>
  <t><strong><spanx style="verb">confirmed</spanx></strong> — the disagreement was re-observed in a sweep whose <spanx style="verb">observed_at</spanx> exceeds the first observation by at least the deployment's configured <strong>staleness window</strong> for the participating sources.</t>
</list></t>

<t>The staleness window is deployment configuration derived from the sources' propagation characteristics (TTLs, sync intervals). A verifier evaluates confirmation deterministically from the recorded timestamps and the window recorded in the Corroboration Record; no external clock is consulted. Consumers <bcp14>SHOULD</bcp14> treat <spanx style="verb">suspected</spanx> findings as monitoring signals and <spanx style="verb">confirmed</spanx> findings as evidence.</t>

</section>
<section anchor="the-self-description"><name>The Self-Description</name>

<t>Corroboration requires knowing each source's name for the same agent (<strong>identity correspondence</strong>). This document defines an <bcp14>OPTIONAL</bcp14> agent-signed bundle that makes the correspondence verifiable rather than configured:</t>

<figure><artwork><![CDATA[
{
  "version": "self-description/0.1",
  "subject": "did:key:z6Mk...",
  "seq": 7,
  "aliases": { "<source-label-or-namespace>": "<name>", ... },
  "endpoints": [ "<uri>", ... ],
  "signature": "<base64 Ed25519 over JCS of all other members>"
}
]]></artwork></figure>

<t>Rules:</t>

<t><list style="numbers" type="1">
  <t>The signature <bcp14>MUST</bcp14> verify against the key encoded in <spanx style="verb">subject</spanx> (offline; <spanx style="verb">did:key</spanx> per its method specification <xref target="DIDKEY"/>). On failure the description contributes nothing and the consumer falls back to caller-supplied correspondence. A fallback <bcp14>MUST NOT</bcp14> be silently overridden by an unverifiable description.</t>
  <t><strong>Supersession.</strong> <spanx style="verb">seq</spanx> is a monotonically increasing integer. Among validly signed descriptions for one subject, the highest <spanx style="verb">seq</spanx> is authoritative. A source serving a description with <spanx style="verb">seq</spanx> lower than one the consumer has already verified is serving superseded material; this <bcp14>SHOULD</bcp14> be reported as a finding of kind <spanx style="verb">stale_description</spanx> attributing that source.</t>
  <t><strong>Agent equivocation.</strong> Two validly signed descriptions for one subject with equal <spanx style="verb">seq</spanx> and differing JCS bytes <bcp14>MUST</bcp14> be reported as a finding of kind <spanx style="verb">agent_equivocation</spanx>. This indicates key compromise or a misbehaving agent and is not attributable to any source.</t>
  <t><strong>Distribution.</strong> The description <bcp14>SHOULD</bcp14> be obtainable from each participating source and <bcp14>MUST</bcp14>, when so distributed, be corroborated as its own layer under this procedure (view: <spanx style="verb">{seq, aliases_digest, endpoints_digest}</spanx>), so that omission or replay of the description by a source is an ordinary finding.</t>
  <t><strong>Verify-back.</strong> A record fetched via an alias asserted in a description <bcp14>MUST</bcp14> bind to the same <spanx style="verb">subject</spanx> key to contribute a claim; a record that does not bind back contributes no claim and <bcp14>MUST NOT</bcp14> produce a divergence finding (Section 5's no-laundering rule extended to correspondence).</t>
</list></t>

<t>The bundle is deliberately the minimal offline-verifiable profile of DID Core's <xref target="DIDCORE"/> <spanx style="verb">alsoKnownAs</spanx> and <spanx style="verb">service</spanx> constructs; implementations integrating richer self-descriptions (e.g., AgentFacts) <bcp14>MAY</bcp14> derive this bundle from them.</t>

</section>
<section anchor="the-corroboration-record"><name>The Corroboration Record</name>

<t>An implementation <bcp14>MUST</bcp14> emit a Corroboration Record for every (sweep, subject) pair, <strong>whatever the verdict</strong> — <spanx style="verb">AGREE</spanx>, <spanx style="verb">DIVERGENT</spanx>, or <spanx style="verb">INSUFFICIENT</spanx>. A corroboration trail recording only disagreements cannot prove its checks ran; the agreement record is the positive attestation downstream consumers bind.</t>

<figure><artwork><![CDATA[
{
  "version": "corroboration/0.1",
  "record_id": "<CORR-DIGEST of the object minus these two fields>",
  "subject": { "agent_id": "<id>", "did": "<did:key or null>" },
  "observed_at": "<RFC 3339 UTC, Z suffix>",
  "staleness_window_s": <integer>,
  "verdict": "AGREE" | "DIVERGENT" | "INSUFFICIENT",
  "claims": [
    { "source": "<label>", "vantage": "<label or null>",
      "status": "present" | "absent" | "error",
      "view": { "<field>": "<value or null>", ... } | null,
      "outcome": "<resolver outcome string>" }
  ],
  "findings": [
    { "kind": "<see Section 11>", "agent_id": "<id>",
      "confirmation": "suspected" | "confirmed",
      "detail": { ... } }
  ],
  "sweeper": "did:key:z6Mk...",
  "signature": "<base64 Ed25519 over JCS of all other members>"
}
]]></artwork></figure>

<t>Rules:</t>

<t><list style="numbers" type="1">
  <t><spanx style="verb">record_id</spanx> <bcp14>MUST</bcp14> equal the CORR-DIGEST of the record minus <spanx style="verb">record_id</spanx> and <spanx style="verb">signature</spanx>. A verifier <bcp14>MUST</bcp14> recompute and compare. <spanx style="verb">observed_at</spanx> is an RFC 3339 <xref target="RFC3339"/> UTC timestamp with a <spanx style="verb">Z</spanx> suffix.</t>
  <t>The signature <bcp14>MUST</bcp14> verify against <spanx style="verb">sweeper</spanx>. Self-attestation by the sweeping party is the base tier; a record <bcp14>MAY</bcp14> additionally be registered with an append-only transparency service (e.g., a SCITT Transparency Service <xref target="SCITT"/>), in which case a consumer <bcp14>MUST NOT</bcp14> report the anchored tier without verifying an inclusion proof against a log key it trusts.</t>
  <t>All monetary, count, and window values are exact integers or decimal strings; floating-point values <bcp14>MUST NOT</bcp14> appear.</t>
  <t><spanx style="verb">claims</spanx> <bcp14>MUST</bcp14> include <spanx style="verb">error</spanx>-status entries (excluded from the diff, preserved for audit).</t>
  <t>A consumer binding a Corroboration Record from another evidence format <bcp14>SHOULD</bcp14> bind <spanx style="verb">record_id</spanx> and <bcp14>SHOULD</bcp14> state the verdict it relied upon.</t>
</list></t>

</section>
<section anchor="reference-layer-instantiations"><name>Reference Layer Instantiations</name>

<t><strong>Discovery</strong> — view <spanx style="verb">{endpoint, did}</spanx>. Resolvers: a by-id HTTP registry resolver (<spanx style="verb">GET {base}/api/agents/{id}</spanx>, path injectable); a two-hop index resolver (resolve a locator to <spanx style="verb">{registry_url, identifier}</spanx>, then fetch the record; a missing or empty hop field is <spanx style="verb">error</spanx>, a not-found at either hop is <spanx style="verb">absent</spanx>). The <spanx style="verb">did</spanx> field is populated only per Section 5's verified-field rule, from a signed record verified offline against its embedded <spanx style="verb">did:key</spanx>, with subject binding to the outer id.</t>

<t><strong>Identity</strong> — view <spanx style="verb">{key}</spanx>, the agent's Ed25519 verification key in <spanx style="verb">did:key</spanx> multibase form (the encoding shared by <spanx style="verb">did:key</spanx> identifiers and <spanx style="verb">Ed25519VerificationKey2020</spanx> <xref target="EDSIG2020"/> <spanx style="verb">publicKeyMultibase</spanx>, so keys compare as strings). Resolvers: <spanx style="verb">did:key</spanx> (offline; the self-certifying root), <spanx style="verb">did:web</spanx> (fetched from the method-specified document location; <spanx style="verb">404</spanx> is <spanx style="verb">absent</spanx>), and a Universal Resolver adapter. A method serving a different key than the root is a <spanx style="verb">key</spanx> divergence.</t>

</section>
<section anchor="finding-kinds-and-extensibility"><name>Finding Kinds and Extensibility</name>

<t>Kinds seeded by this document: <spanx style="verb">omission</spanx>, <spanx style="verb">source_equivocation</spanx>, <spanx style="verb">stale_description</spanx>, <spanx style="verb">agent_equivocation</spanx>, and one kind per view field name of a registered layer (this document seeds <spanx style="verb">endpoint</spanx>, <spanx style="verb">did</spanx>, <spanx style="verb">key</spanx>). Bare (un-prefixed) kind names are reserved for values seeded in this document and its successors; any party introducing a new kind <bcp14>MUST</bcp14> namespace it with a reverse-DNS or URI prefix. A consumer <bcp14>MUST</bcp14> treat unknown kinds as informational and <bcp14>MUST NOT</bcp14> reject a record for carrying one.</t>

</section>
<section anchor="conformance"><name>Conformance</name>

<t>A conforming implementation <bcp14>MUST</bcp14> reproduce, for the shared corpus of fixed per-claim inputs, the exact finding set of Section 6 and the exact verdicts of Section 9, including: agreement yields no findings and an <spanx style="verb">AGREE</spanx> record; present-beside-absent yields <spanx style="verb">omission</spanx> with correct attribution; distinct field values yield that field's kind; an <spanx style="verb">error</spanx> claim is excluded and creates no omission; a positive soft-404 is <spanx style="verb">absent</spanx>; vantage disagreement within one source yields <spanx style="verb">source_equivocation</spanx> and withholds that source from the cross-source field comparison; one subject may carry multiple simultaneous findings; and every sweep yields a record whose <spanx style="verb">record_id</spanx> recomputes. The corpus is view-agnostic and reused by every layer.</t>

</section>
<section anchor="security-considerations"><name>Security Considerations</name>

<t><strong>Independence.</strong> Corroboration among k sources is worth exactly the independence among them. Sources sharing an upstream feed, an operator, or an incentive corroborate each other's misinformation by construction. This procedure records which sources agreed, enabling diversity-weighted consumption; it cannot manufacture diversity. Deployments <bcp14>SHOULD</bcp14> select sources with distinct operational and data lineage and <bcp14>SHOULD</bcp14> disclose known dependencies.</t>

<t><strong>Residual equivocation.</strong> Cross-vantage comparison detects per-network-path splits. It cannot detect a source lying identically to all of one consumer's vantages while answering other consumers differently; that residual requires witnessed, append-only transparency over served answers (<xref target="RFC6962"/>, <xref target="RFC9162"/>, <xref target="CONIKS"/>), out of scope here. The Corroboration Record is forward-compatible with such logs (a witnessed history of records).</t>

<t><strong>Watch-set bootstrap.</strong> A consumer cannot detect omission of an agent it never watched; a watch set enumerated from a single source inherits that source's omissions. Watch-set construction <bcp14>SHOULD</bcp14> draw on multiple sources.</t>

<t><strong>Sweeper honesty.</strong> A record attests the sweep's recorded observations, not the sweeper's honesty; a dishonest sweeper can sign a fiction. Anchoring bounds timing and prevents silent substitution; consumers with high assurance requirements <bcp14>SHOULD</bcp14> corroborate the corroborator — multiple independent sweepers over the same watch set — which this procedure supports without modification (sweep records are themselves views to diff).</t>

<t><strong>Staleness abuse.</strong> An attacker aware of the staleness window can rotate lies faster than confirmation. <spanx style="verb">suspected</spanx> findings therefore <bcp14>MUST</bcp14> be preserved in records even when never confirmed; a pattern of unconfirmed, short-lived divergences from one source is itself signal, and its evaluation is consumer policy.</t>

<t><strong>Self-description replay and squatting.</strong> Addressed structurally in Section 8 (supersession, corroborated distribution, verify-back); implementations <bcp14>MUST NOT</bcp14> skip the verify-back rule, which is the sole defense against alias squatting manufacturing false divergences.</t>

<t><strong>Privacy.</strong> A watch set reveals the sweeping party's interests to every queried source; records reveal them to every consumer. Deployments handling sensitive watch sets <bcp14>SHOULD</bcp14> consider query padding and record-level access control; both are out of scope.</t>

</section>
<section anchor="iana-considerations"><name>IANA Considerations</name>

<t>This document requests no IANA actions. The finding-kind vocabulary is governed by the namespacing convention of Section 11; the record and self-description <spanx style="verb">version</spanx> strings are governed by this document and its successors. A future revision <bcp14>MAY</bcp14> register a media type for the Corroboration Record (candidate: <spanx style="verb">application/corroboration-record+json</spanx>) once transport contexts warrant it.</t>

</section>


  </middle>

  <back>


<references title='References' anchor="sec-combined-references">

    <references title='Normative References' anchor="sec-normative-references">



<reference anchor="RFC2119">
  <front>
    <title>Key words for use in RFCs to Indicate Requirement Levels</title>
    <author fullname="S. Bradner" initials="S." surname="Bradner"/>
    <date month="March" year="1997"/>
    <abstract>
      <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
    </abstract>
  </front>
  <seriesInfo name="BCP" value="14"/>
  <seriesInfo name="RFC" value="2119"/>
  <seriesInfo name="DOI" value="10.17487/RFC2119"/>
</reference>
<reference anchor="RFC8174">
  <front>
    <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
    <author fullname="B. Leiba" initials="B." surname="Leiba"/>
    <date month="May" year="2017"/>
    <abstract>
      <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
    </abstract>
  </front>
  <seriesInfo name="BCP" value="14"/>
  <seriesInfo name="RFC" value="8174"/>
  <seriesInfo name="DOI" value="10.17487/RFC8174"/>
</reference>
<reference anchor="RFC3339">
  <front>
    <title>Date and Time on the Internet: Timestamps</title>
    <author fullname="G. Klyne" initials="G." surname="Klyne"/>
    <author fullname="C. Newman" initials="C." surname="Newman"/>
    <date month="July" year="2002"/>
    <abstract>
      <t>This document defines a date and time format for use in Internet protocols that is a profile of the ISO 8601 standard for representation of dates and times using the Gregorian calendar.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="3339"/>
  <seriesInfo name="DOI" value="10.17487/RFC3339"/>
</reference>
<reference anchor="RFC3986">
  <front>
    <title>Uniform Resource Identifier (URI): Generic Syntax</title>
    <author fullname="T. Berners-Lee" initials="T." surname="Berners-Lee"/>
    <author fullname="R. Fielding" initials="R." surname="Fielding"/>
    <author fullname="L. Masinter" initials="L." surname="Masinter"/>
    <date month="January" year="2005"/>
    <abstract>
      <t>A Uniform Resource Identifier (URI) is a compact sequence of characters that identifies an abstract or physical resource. This specification defines the generic URI syntax and a process for resolving URI references that might be in relative form, along with guidelines and security considerations for the use of URIs on the Internet. The URI syntax defines a grammar that is a superset of all valid URIs, allowing an implementation to parse the common components of a URI reference without knowing the scheme-specific requirements of every possible identifier. This specification does not define a generative grammar for URIs; that task is performed by the individual specifications of each URI scheme. [STANDARDS-TRACK]</t>
    </abstract>
  </front>
  <seriesInfo name="STD" value="66"/>
  <seriesInfo name="RFC" value="3986"/>
  <seriesInfo name="DOI" value="10.17487/RFC3986"/>
</reference>
<reference anchor="RFC8785">
  <front>
    <title>JSON Canonicalization Scheme (JCS)</title>
    <author fullname="A. Rundgren" initials="A." surname="Rundgren"/>
    <author fullname="B. Jordan" initials="B." surname="Jordan"/>
    <author fullname="S. Erdtman" initials="S." surname="Erdtman"/>
    <date month="June" year="2020"/>
    <abstract>
      <t>Cryptographic operations like hashing and signing need the data to be expressed in an invariant format so that the operations are reliably repeatable. One way to address this is to create a canonical representation of the data. Canonicalization also permits data to be exchanged in its original form on the "wire" while cryptographic operations performed on the canonicalized counterpart of the data in the producer and consumer endpoints generate consistent results.</t>
      <t>This document describes the JSON Canonicalization Scheme (JCS). This specification defines how to create a canonical representation of JSON data by building on the strict serialization methods for JSON primitives defined by ECMAScript, constraining JSON data to the Internet JSON (I-JSON) subset, and by using deterministic property sorting.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="8785"/>
  <seriesInfo name="DOI" value="10.17487/RFC8785"/>
</reference>

<reference anchor="DIDCORE" target="https://www.w3.org/TR/did-core/">
  <front>
    <title>Decentralized Identifiers (DIDs) v1.0</title>
    <author >
      <organization>W3C</organization>
    </author>
    <date year="2022" month="July"/>
  </front>
</reference>
<reference anchor="DIDKEY" target="https://w3c-ccg.github.io/did-method-key/">
  <front>
    <title>The did:key Method</title>
    <author >
      <organization>W3C Credentials Community Group</organization>
    </author>
    <date year="n.d."/>
  </front>
</reference>
<reference anchor="EDSIG2020" target="https://w3c-ccg.github.io/lds-ed25519-2020/">
  <front>
    <title>Ed25519Signature2020</title>
    <author initials="M." surname="Sporny">
      <organization></organization>
    </author>
    <date year="n.d."/>
  </front>
</reference>


    </references>

    <references title='Informative References' anchor="sec-informative-references">



<reference anchor="RFC6962">
  <front>
    <title>Certificate Transparency</title>
    <author fullname="B. Laurie" initials="B." surname="Laurie"/>
    <author fullname="A. Langley" initials="A." surname="Langley"/>
    <author fullname="E. Kasper" initials="E." surname="Kasper"/>
    <date month="June" year="2013"/>
    <abstract>
      <t>This document describes an experimental protocol for publicly logging the existence of Transport Layer Security (TLS) certificates as they are issued or observed, in a manner that allows anyone to audit certificate authority (CA) activity and notice the issuance of suspect certificates as well as to audit the certificate logs themselves. The intent is that eventually clients would refuse to honor certificates that do not appear in a log, effectively forcing CAs to add all issued certificates to the logs.</t>
      <t>Logs are network services that implement the protocol operations for submissions and queries that are defined in this document.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="6962"/>
  <seriesInfo name="DOI" value="10.17487/RFC6962"/>
</reference>
<reference anchor="RFC9162">
  <front>
    <title>Certificate Transparency Version 2.0</title>
    <author fullname="B. Laurie" initials="B." surname="Laurie"/>
    <author fullname="E. Messeri" initials="E." surname="Messeri"/>
    <author fullname="R. Stradling" initials="R." surname="Stradling"/>
    <date month="December" year="2021"/>
    <abstract>
      <t>This document describes version 2.0 of the Certificate Transparency (CT) protocol for publicly logging the existence of Transport Layer Security (TLS) server certificates as they are issued or observed, in a manner that allows anyone to audit certification authority (CA) activity and notice the issuance of suspect certificates as well as to audit the certificate logs themselves. The intent is that eventually clients would refuse to honor certificates that do not appear in a log, effectively forcing CAs to add all issued certificates to the logs.</t>
      <t>This document obsoletes RFC 6962. It also specifies a new TLS extension that is used to send various CT log artifacts.</t>
      <t>Logs are network services that implement the protocol operations for submissions and queries that are defined in this document.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="9162"/>
  <seriesInfo name="DOI" value="10.17487/RFC9162"/>
</reference>

<reference anchor="CONIKS" target="https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/melara">
  <front>
    <title>CONIKS: Bringing Key Transparency to End Users</title>
    <author initials="M." surname="Melara">
      <organization></organization>
    </author>
    <author initials="A." surname="Blankstein">
      <organization></organization>
    </author>
    <author initials="J." surname="Bonneau">
      <organization></organization>
    </author>
    <author initials="E." surname="Felten">
      <organization></organization>
    </author>
    <author initials="M." surname="Freedman">
      <organization></organization>
    </author>
    <date year="2015"/>
  </front>
  <seriesInfo name="USENIX Security" value="2015"/>
</reference>
<reference anchor="MPIC" target="https://cabforum.org/">
  <front>
    <title>Multi-Perspective Issuance Corroboration (Baseline Requirements amendment)</title>
    <author >
      <organization>CA/Browser Forum</organization>
    </author>
    <date year="n.d."/>
  </front>
</reference>
<reference anchor="ANSV2" target="https://datatracker.ietf.org/doc/draft-narajala-courtney-ansv2/">
  <front>
    <title>Agent Name Service v2 (ANS): A Domain-Anchored Trust Layer for Autonomous AI Agent Identity</title>
    <author initials="V." surname="Narajala">
      <organization></organization>
    </author>
    <author initials="M." surname="Courtney">
      <organization></organization>
    </author>
    <date year="2026" month="April"/>
  </front>
</reference>
<reference anchor="SCITT" target="https://datatracker.ietf.org/doc/draft-ietf-scitt-architecture/">
  <front>
    <title>An Architecture for Trustworthy and Transparent Digital Supply Chains (SCITT)</title>
    <author initials="H." surname="Birkholz">
      <organization></organization>
    </author>
    <date year="n.d."/>
  </front>
</reference>
<reference anchor="CAPSULE" target="https://datatracker.ietf.org/doc/draft-mih-scitt-agent-action-capsule/">
  <front>
    <title>An Agent Action Capsule Profile for SCITT</title>
    <author initials="S." surname="Mih">
      <organization></organization>
    </author>
    <date year="2026" month="June"/>
  </front>
</reference>


    </references>

</references>


<?line 301?>

<section anchor="mapping-to-the-reference-implementation"><name>Mapping to the Reference Implementation</name>

<t>Every normative element of this document is implemented in the reference implementation, split across two packages: the source-agnostic <strong>sm-resolver</strong> kernel (the claim model of Section 3, the view contract of Section 5, the diff of Section 6, and the confirmation discipline of Section 7, producing an unsigned sweep result with the verdict of Section 9) and <strong>sm-divergence</strong> built on it (the reference discovery and identity layers of Section 10, the agent self-description of Section 8, and the signing that seals a sweep result into the Corroboration Record of Section 9). The <spanx style="verb">present</spanx>/<spanx style="verb">absent</spanx>/<spanx style="verb">error</spanx> classification (Section 4), the view contract (Section 5), and the diff (Section 6) are the kernel's stable core; the vantage axis and <spanx style="verb">source_equivocation</spanx> (Sections 3, 6.3), observation time and confirmation (Section 7), the self-description schema and hardening (Section 8), and the Corroboration Record emitted on every verdict (Section 9) are all present and covered by the conformance corpus.</t>

<t>The reference implementation is available as open-source software (MIT License) at https://github.com/Sharathvc23/sm-divergence and https://github.com/Sharathvc23/sm-resolver, and is published on PyPI as <spanx style="verb">sm-divergence</spanx> and <spanx style="verb">sm-resolver</spanx>. The companion informative essay is "The Quilt That Checks Itself" (Stellarminds.ai / Project NANDA research).</t>

</section>
<section anchor="related"><name>Related Work</name>

<t>The multi-perspective corroboration pattern this document applies to agent discovery mirrors the CA/Browser Forum's Multi-Perspective Issuance Corroboration <xref target="MPIC"/> for certificate issuance and transparency-log constructions <xref target="RFC6962"/> <xref target="RFC9162"/> <xref target="CONIKS"/>. Adjacent agent-identity work includes Agent Name Service v2 <xref target="ANSV2"/> and SCITT-based evidence profiles <xref target="SCITT"/> <xref target="CAPSULE"/>; this document is complementary, defining the cross-source comparison and record rather than a naming or transparency substrate.</t>

</section>


  </back>

<!-- ##markdown-source:
H4sIAAAAAAAAA61c63bjyHH+z6foyD9WVAhqNLfdkfaso5U0a3l3Lh5p1nF8
fIYg0BLhAQEuGpCGVuSTh8gD5FnyKHmS1FdV3WhQnLHjk/2xI5INdHV1Xb66
dCdJMmqLtrSH5lVXtkVyUXdNZs1J3TT1vG7Stqgrc1U35vjcHF/bqjWnhcvq
G9usR+l83tibw83vhw+P8jqr0iVNkDfpVZtki7Siv5IUDyWNvS5c26yTLH4m
efRolKWtva6b9aFxbT4qVs2haZvOtY8fPXrx6PEobWx6aC5s1jVFux7d1s3H
66buVofmtW3xyfye/ldU1+YHfD1y3XxZOEcvb9crIub87PLl6KNd09D8cGRM
ggUyTY4/5WGV+OTJ5A8DUvmbtkkrtyKSqmw9ci0t8ENa1hVNs7ZutCoOzR/b
OpsYVzdtY68c/bVeyh9ZvVxi0j+N0q5d1I3QUlSOFjc1J8Is+s4YYeLFIqWJ
F4Nf6uY6rYq/MD00orVlmTbLosrdNC14hF2mRUmclIf/xW0ZQnw8NIu2XbnD
/f1tAzLi86F5V2SLZV3l/BXYgilP0rIgGakKoSeru6rFzr2vitbmRBHtpTP1
lTle2qbI0lFVN0si98Ziue9enjw+OHihf35z8PVT/fPJkyf+2ycvvnnuB3z9
zTP8eXp+evLm3dkhT6kyvHNqM+JmQ/T8hSY+z+lDcVXYxpldGu/G5uZg+miH
H+n5jf8ScPHQ/P7JCX+RE8WH5vGjx4+TR1/LDGlzbdueRbe3t9PbJ1N6av/y
3X5e5BBhuy+E/Xj2hyFdlwtLIpUfksSZV5Ymzr9MhDlpLBOflo70abnsiJVr
leWt5DzJkiy7nl4X7aKbT4uaSVryVAnNCsLOTi/Of6A1PRrSdpY/fvbs4MVF
cV2lbddYjNhOHYvlq6m5WNFmr/9OOsrcJVamSPDq/VFRXW3s//MXzx/rny8O
5M+TN6/Pf7wYUqrfme8bUmzo9o/EzstI+Uxbm7MqN+8dbfmX1/DKkoCnw6+P
p+b7Mq0+kvgX1fCn39JPdVXZtBt+fzY1L23Z2urBBC8ba/NlWg3k6eAZfyTy
CuvAB0/Y+4uz1+f/GgwaLRaDdz4rep2zVfGJxS+rqyuL5dt9+dbpSw6e7bc2
W1SkcWXiLFs/t79qLI1q2VrsLz0XXr09PxkyW/zBW2LkymbYK3PuXJdWD7zD
7veps2VRWfPO/tIVjWWDZshcVTn+HH9B1E+O979v6lvih3lZN91y63qzdH6F
H3m1NOL49cXPj4fEigt6TXMSC5ubgoi8eWx2aeSYttWc1mQAq+S4yogEMgyX
8CTmp3RN87Jz69q6qpd153o/J8ajXX9BjH6e0pRN+ue0TB9s/wk50ray66E5
eZ48erp1jTQiJbuVfbTNtLDtFa+VXOe+eM1KpyEjI69NSOhvHoMbFyfnl5cb
3KjMcZMtyPhmUGheIi+ZvF27WBtyHZHawHWTuqaluehWq3IN30KrMLv85s/s
Hi/zN6QURfNxUZd/+UcWha8SR36lTdKIXCzq5Pjtxfufzh4ui7fmOGPBO0lX
riutedvUV0Upy2Sav0AyOdVXxeLBpjz/R+hfFgtPPoOZlMlKMiFrfzRKksSk
c4dXtKNRABiGuB4ABkkjtqPwrio37YKs/PWC6M3tinQIK3YMy5z5n//4Tw9G
yIBMRgAFsCaQeEIT5HqM2HxAC6K+rK/dlBSAbM01cUheQ79UhtBQY9UWEAVC
2mi+NrXiJLN7Szac9jaHpU1pWnJwRGhr8B25UuI29P2mztQOMB00Ni+u2CC1
IxKxWzhfMsvhS1PPMZC+Hh+ZqibS1O8YekfKiwFPGuIGsc3k9op44EbpNYSy
NZaIou0wl4vCGdqLbsn8IRsF7hFvh/jMrJo6szm9nra1vqU57Ei48JUzWZkW
S9qhumvxg/Bg4gnMzVVTL/mHSjHlTUqG89pOTMEPE5+wY0cjvDnV19FPtKld
hp2smZwlqVk6J/bfFPb2iMngoV4QiDHE14pGX9GeEwfdCKynpbcWGIx2u8hM
2tKezzssSt5Rkhy0BflRi0WuiEG84JxM+hpU5Hiuuu4Kt7D5iNeyIq7Tt+AY
/Zpek4sC+45YBFPeCiJlaN7fyb7bJQk6/UjfWMbFtLN2xQIZ3kOLyMoup1H4
ul2kxFbsFj0B+c5YRYlgxxI4p8UaEri8uLauxY7aUdgtLED2KZnoU/QHyCxh
tUnjqhpsmRCz2ek4yFJW17REDVpowSOS0WVNHC5URgmDptVa3yzvo4loPTSE
t4jZJKJuQR0B16ko8rLI89KORr8y54Qwa9phxv8jskpBWFVuaFFpH0HEWjeH
tpZXSWbxyJq259Bz3XXZQngGCsmpOxLtRmmj5RVgG4UvrEJXV3C4hMT6l/kl
QmHA4jZdEi9ohqk5bzF5VZNsF9AI2qZiVdL6Zawh4daNIt2f20V6U9SktekN
RQ3MFQhyYNuh2dvzRmJvz+ymhg2FLSOtXaRuqNv0hmxhs49j5vneXmw58BKQ
QGTRqlU+/aucZ+p2G8IqZNOMzWVBYtalJbmwG4oA8jEwG+mRSggEnEJI+Bge
07+NbYyzLLWiroUTYYltsMzJFIshZiXFttS3JG7EKyyUxA1WCIKlv3jhJzn6
nNHibe9n5h0LMRKRelV84lFkLegRN7BrQjWbHm+SvEG+sOIon44n/DDsD8sQ
HFL/8zP9GQzpv32u3wJeFkwKhIuEmkQHYC8M/FoHsmDT4rOmWPEPS4tgv3DL
fuw3Y1E6jN9qZsLIF2OxLRjciEDTM1DIpCQDVJor29Kuk4h7/UrBdtqxP9Mb
WGqLJQn50mNdmFPaownpYJYSUIbFtQ3bi3lRIroqidkOGiLLDnLgCRazMKGd
gaWLNIJcyW3ReOvG+2yjDWJRdTyejReZcnO7oECaJFKsyhIOWH3lLx1ZQ5Yx
cUzeNx9GFmVXHifBXNW0DGJqoWjV/0Qh3xgQYOUXp99fdRXz1+lGBMusv8sa
nbGfSA/HMDCyHQePzDWzB4yAsjZWgw5dE5xzioCV3z6FnTypqxtQxWuhuU4t
+beCPwuLEA3f8nQ7r95fXO5M5F/z+g3//e7sd+/P352d4u+L3xz/9FP4Y6Qj
Ln7z5v1Pp/1f/ZMnb169Ont9Kg/Tt2bw1Wjn1fEfdoQDO2/eXp6/eX38045s
fayhqViuuQoLwSW4wNSNRMzn7LfN9ydv//u/Dp6au7t/0lzG/b1+QDaDPtwu
bCWz1RWps3wkTq5H6Wpl04bFqSyxXwDiBN5ImN0C1oOsMizH3h/BmT8dmm/n
2erg6Xf6BRY8+NLzbPAl8+zhNw8eFiZu+WrLNIGbg+83OD2k9/gPg8+e79GX
3/6aTUty8M2vvxvRovckHXlIHuK4WtPeELpUFynKsnOLT3lt1nVHTudGggDW
F/Ovv94RExLSd8RWEyNmfO4hMz4pZsZe9arh2lr2YO9nwX9MTwCFqyhEZvjg
dVvtEgmUR5RT86YKKJz4Ackaos0lou4VsKJM5Y78X3gPWaSWMYwYfLI7Xu+Z
vN+nMImOQhgi8JJNMg8n519zFkA5U0R5sbSHGj1wZtCzt3eCSfCunuqvnPJ+
EzZDYh8CZ097KiPVSEwi8GxmGoTMJmZGwZL8RZs4s0RNMxt6sSxtmjXHI5WZ
+ek+pO2MgsQl2U3CPLJR5Ok8EyIAzsA8AMF+amHnIQtHDpSAKYg6inNiN8mv
fmddXZIV9q+n7U+8B8rTVQsURVotQdPnOa/BQc8HceGD1aYIx4PMhw2oGBYo
MhRfz5RdAJH77RpGQdk6QwjNyN3cQkwSyEZETiPLIuvmAy3xNB4q604SVRKw
iDnzSJnnfynRi6cA4UsGexmHGodmdveRxk2EIR+KfDJAGBN10/ezGImING7B
C0HQGUNPPEBO0jynBTkLCikYZy2AAErQAhvBn7o5wEIMOoSRQDKnPZIR+yMU
JwrX511FjhvvdQQv2U5U3XJuG1pZWaQO4Tg4pKYm+GoXgyFZ15t375LT8x/O
Li4x0aysSb0yekOysJ92yVInj5893/3tycXuzXg8ngnY0q8xPz6SqzFIjJPb
0RQ5eZ3fXrx5bU68BGqBwFwQDhcTWPRfsjoQaO4opjgmRyQxmXvoEQGc+BtY
DUbTkD7zMx7l4fJkMievFimR91UweEzWVVmniE4TZoqyTmEDK8IrwtGlwATk
vnkDewAOY8hIpIOt3NvbFNPJZixPNmK8twdCxSAxQXOgNOszDk6CNqKKRCIl
/MP7F1NOu1xLWCiYFAvk2COYOYWgm4mbQ+CHJvV2IlYIk2ZN7Vyw9yHOt0KP
j1GiyMzsDvIuoKa3D2N8qASvbJtPpDKryzJdObEtRDfCC8I0FNeuhbFRtiFS
xOkTiOyxqhHHP1cWzoDnBCwMJjWpm8Tbc5/uYN8ctE5iRHXqdex9jjh2IvuT
FzSONmJ2/vri/cuX5yfnZ68vZ7G+ynKw4CHYD9vW2FVNTjPOUWi4RRrm5Q02
mA0t7BbL32j0UogVDl4EyTI/65SSiZwwvBCPIJOqSV8zG8lFkvthwbCfKOgi
8AfDU18djkYJyW1gFyk+sMpFyH+pP+Ds9GSYUeIwbuCW+FXK7PCmVe0KjR+J
ItsQS4/BzK76WBGynJqzlAG/Ep8DnSvA948m/M6M1SSHqxF8hd1RxqCaesRf
/uby8m3IU5Jvffro6SyoWezvg5OXpNPs8aNHM8JMNVmWeZ2vY7o5f1CymCRX
NVlco3h0+yun5nVdJSFwBsshFc5byZKkmkMVzlKRJ9pxXUbkup1Dit9LZ8nr
EAmFBvAMQBQNSO6FPCOkZAcRINOzo7wXrKKsR6An6RTd/kM8XOl+aaJgwoiF
BiCerAKj/Zxp25ED6SpCLs4ydgFvGBiFWFGDUt0/yfAAe/RSwso6FE/WibRw
2DWhRHIoHm6Jqk7h7wZfha20nzTHxyAv5A0AJBraM83MNkjMw01IORY5o6BM
rH6YXAVaFgNzIHJKX3u7sGmB2eyKsWaqeIywTpnPjL+l9SmA4dp8AV29SgEE
KPqnHYGE8o736W7NvbJJgNcBhEQI67P3m2gxMGSgm3t74Pve3iFie4WBJH3s
BhlecjJcEeaNeE3a06orS+Tp8a983S8boL/IihW0T5MT4PghBKGrotxlzfk7
F9wu+A+RSAcOgBb4Upyy6JwSARkQpCzs9WIfNLjHEeoBFz70n1vSf3jHlvON
IdU0iXKag5QB84BTRgjGIJ+SIJXpUVVIiRswwO/fnSdMYB7guJ1eTyc9nELu
Y2D6lWTGzsat6dtPyTx1LFRkGALkQeYIsAmtBQKb8BfBpuDtzC58BEM8wUyQ
RuJZy4lTlib4FtJTu1y1ZLjSdjH23IizeVjJR7serkRwHMd7IM/MtD9gxmkk
D3CiNBSjD5HQ3yMrABHmbUZQ5DPESBmsmppo3g35fAHpFDhQrAt/JbmhgfFg
lq3qVVeylLWSp2ANh8NmI3nVcWZV8tFRrlfEyHt1ZPXD/pJ5s82D0OeIKz3V
ehDBhAQqnuvFV/VCZ41sWFqWKLr0KkAkieLQ3CvOz1uWfPr1WmoPouAhwEn7
tcAn72Liqk7KlOy6CDKM2DgYhFNSutHovFp1FMXw3giq2Rpa8Jq5piHmMeBN
n7EdFncQRGFKOANzvv+G/yVLa1d9ujnYQgy9CeuB1aRpwQ4n+QXhN9ILa+Zj
yCm4An+mlUWh2z+O9f0qmMHR6GxZtBJe61ezwDkshMGhbKiLTCJ2tDWlTZ1E
+j4irnrv/GCM+EgZqal6VyB7HpilSEA5fbThpCSVzVgZm1750uApR5CINJW8
D4gr1TR+gFCTn4eJq9nXlAUiHWi50Fymc1sqW9hS0s57IRJYyJi/N+lGknjM
IRFsX1cVKwiwDdUQASOAEoy8gy6KOX0QaBM+450I3CcKZwidZ2IgvY5FdGB/
ljXrEG0gWBziGVENIdTBGUvUoXgNFZjOsfz1CXWtGciD8B5MJyPzkJty1poo
OuDMJic2g8sZx/vBtE507fdAfbBjM/k8g8N0w13AIuVX2Q/58UMc/0Rboo9u
ZNQGDOkruFcbWZUQgInSSOQFvm9uGUcx1droYqzs0mwLab3mhHBqmMyJeeOZ
/vfwyMciD5iEUr8wgY3Y56ji0EadR9Ahrdhxo4DudzConHII+/w4dkt4mSA6
vE9CN+TEPI0xvmBHlXsUox0FTE2XFy1b2jdRkH9ZqNM9iTJEo9GFBhm+6k2L
XeXcYpiSv88WTV2RgSvXR7TIqEiOYpSkUVU84nojvB1zZQ5YTz/e0s7Vt6SE
jCIjxMcpyGHy0Y/yux2NI8GI01szhvbWR3+u48yxzX3oQAPdoNLoQ5chguOH
9b39w5vjzG2KXoQk6EPBDRYSu7PTHqZQ4W9s7tSqbBKCora33lKJXJX1GvN8
5SSFd90BO+7t0RJLS6GkUyYSeSIkNsKy4JNaHy2YbT7GPQxhkjCFL+bBB0ZB
iL7rq0EvRIaG1wywFF6WwOPl5U/cfVtlkiEh4XTjAcCwkFcWpmHhM3bXXD4O
M4dugZCCdqFkqCsJQ1Tyt6Uyj8Tl0zQU8pLA1dlHo3k2ctqoHZxoot75KJij
IRNJ0QATLAmvtzWbMB9Hszvu5WYwPCpTC97ZzIKORkOyQ+MF0gkhFRZlqZc2
7DsDfYENu3t7oViJnI91q7rKJYIbb/b1+KQEWW9fLtqahmUDtEw/Wo+a4/fG
/R3of/b5ql5oSR//+te/ju5Gxuygq4CWt3NodjYr2vuPpgc7EwxStItBCtsP
//L81cfpdKq/21/ot6/5b00H0+c7s/OtNrWw5UaOjGPCVZrZ7/Cyb/Hxu52J
oTeZe348RDr0+x9pRNcUfsCfZC7fZMEvQCzx/KnRpl6DerH57ckFZ3jJh2mb
h+V063c7o3te+OgdIV1HXDiYhnS69G2wKWP+rQNwbrV069OhJNQzZcjM7Gpv
ylEU0ABTwC1Inc33PSjuv7uThun7+zHg6yAOiLsJho6qTw9oj4KUsCimJzGf
p6Q7SCnSJ2RB0dbIJZaBWEDtMZ5Hx0kGV5TiEcC8pshpNFu/jXA7Im46ejwl
w3fRoRYojbZTpPJJDGZQ4hTKWLcSQNOLyfOQ6jpBjK29Bmo9piHX0riimS+U
Tvo53GbZQvDZorhekNWJ5uK2x6LlFFgECHx3XjrgKudw5VmuO/RIacBXTs6U
RHMeRYDqSdnAyMohDfC1KC0cSZ2gT9hJJtZn2iNUC1BLNMD8f4hom30WNY2e
gNvSCxojG/D88rb+vzBRGCCAWtgAmerBH1SHu8CidM8XlyFlrQHeUqOGkRl7
FigPEFSDEIvzNmmf3+cIVZoy+wyOMuJhM9Z09BS8OOWOUMnXT7UmFm9zvwv1
HFnMvteNjfY2txzizYmgeldzNCEqmE84J9Sn7JkdPgEhaSFBoCwEfS/MLkIi
hrv2l1Ap+yBFoyiro9/cz8Y4NaOthD5TV6NauUKXowdH0Uq5966vvEOYG9qh
tIdn09EzsOxnNmoJtH/K9XwPR9FXBOxbpJxqBYl9YpIhVDyfiAW2Ps5p9fYQ
e83VjRCqamr/qO+pbaWJQQyb9kXCKG1gc21XjVOiX0x09CUCuOMHmQ0GG4x1
tfrSm8axQjL1rgzEymKO1kqk5TlxRVhoSUqj5j6JDONK+7Fpd9BdQagBeIDt
PE7s3N+TlpSu/hFViGMnGjfTOumsLyxSeLmZ2WNj2YiUNkXG6YMNHx0yhGwe
XqKDcMy5EM2asDzqujyEWwbMsw2YcYvntvKSRn5b+9hgZnwFHYB74g3OmJSt
aCYkgGhdwRAJs6XYpUh+dvzDu7MzdEScnv989u4HVL2kKWJQCIN1H9b524a8
p4oVm6WqXA9iAufrBLRJN1aaStGXSYFCWh1pdsfHD77le1gUgjUCzhVcTHvo
gEOXwVk4luDpdkg1ILfHUzLThyJnDBNVxL2K12KtSeo6psZJF5qkUr/bBGUE
tHx7Ab+wyAGZANX4oz+JpYn373YUakXREI/j9PCTJy/M+8uTifk32sKrq+KT
n82HKx8E5H8AQPtW3fl3E103NhXv4g3dMf9udsKO8qd4P+W9ktsC2OMzCbQU
sWZMEcNGXouG1/23/WomeuRhR8pIGKIJKZ5S0nH8J6fT+vGwzQpTmbECSSUJ
0L9dsCk9js/hWS118RMhrezLn1JMAJ9puKBWH3rEC4UH5RfEaaWDA17vw/30
M8dxGqN2Hw7xEkO00z8gHSa8UFlKTxXrqm0+j+v/f7H2LMi9lko1swdL9FAH
VB1FB+JHxYB60mYPE+YYu1yx8+HiP9dZphvhv3jLIPNSEqG/yF6T/PfRrUCm
1Mz+baYawfD3b8cNM+XuTPvWYzuiBSUeAcMFRLL2lofrIy1XDoLPhElP85zb
SRlTMzRDnx+fqREaK854VnnCdjA+phv6ctRbpHJyaHia0B8lu7vjHylC4QZ6
6e/j2lDUPbfZccCm1B84A/FME3rmhC3axcbFaN/RDcEJ1Ymyvmb0QE6GTz47
xr3ozqFIgUQY/Yx81FYq6ZpqiNJt3HHgAwwuM6J7HE5bi3tHm204+nBfZOF8
MWPMmdglldNQQpeEfCKWBiVArkTtbi8ST6J2m5D1GzMeO+4ZOfc50894Vi5K
VVsPlgScy1B8Q0P0N07AxT4XDG4sB4jdilvpfkVz+e5mOSR4PuhuRtdWOO6u
LpubMmZ3HsGiTS6/J0n37YIOFeH5Oily6ZTwPal9DW539sPZpbmDsN/vp6ti
X06L7d/hRROuLkbd7WPoArnAZFGvuOPoU/Qm/YuFiEKOmrsNZ3d+zg9dU06i
gty9NJVV2lPf25ojCUw4UAWg4TInJgwFOhUA7qwNTRqpP6bFYzFKS0BjMRPI
DMz6d/i6o3ZHI1sQI1cfbybyAKDrJJQm4wpnVM8TUBqUCTAHZjiHSIa8xESs
RFy51F6kvnZZSGujPww63Gx6ibJOQjYi1vuCQWmTtbiKEiJ91ZdrvVx69OVd
PqUvtZb+gUHHLmRb5/k5muZHu8b56hmZq3DSG1h71c3LIqNfX/lZZxxU0Ytd
qLn3Ff/xQGZ7EvrETjjs0Z9iMmS7cAyBh9/aOQ33cVSwAHoY3Z96yfssX6mR
8pF2DcUS49uE3lcIcBwZL0+db7eF8fCZpT7HERrnOADj9jSIdV23kpCZ8aL6
qInVXjtYzY9cxMbEZ4iRXCGHKEYj+YHgiW8DjLOVh1HNdLK99DLZlueYbM0a
+PMCVhIL0AoWu6jex12bkdOTuHt32LHpOKc/84ZpJpuEf8ABnJHC/u92VULG
GQeN8rHMKN0q+HFgtNVHKA8eHpnQk0/aNFA37khKouLQ9eicbFJFy+Gp2KeE
TCgMsmKMBgGSs8np6wsj7SBGqBx4DH5ckuHa3Mav5bR2uGwAMGEYPDeW9T6N
C1GhwZwY7w+x8Au4+Mtz4iNn7raEhDhSyxH5pE99izrTDKvOSS8Q8ZhLZHpg
FB0F2g4iLtsH8Nq+3zek+HynDFP/5eIxLybqm/loYR/KraV7pqqjnL80Tmqs
GSy+hgrJ3KIYL41p4fmoKYB3iNMGWTs8nBqKziKqKjBSVu0rhWQssUlHTMOg
06xwfZMZ41Vu+mLi/fRwTCEedfVVm5DhiO1Gf2xiWBErkDiOOxT8wrYWSgVX
ySloF6cge6vGdXTfaOtLqr44ejRINS7TtVYFv9yRcaQns/jsKFfrlMggqVq9
iwBOQPhuqoceWNxwuJWMRjguq037nRPzJXOw2WBh99dPcKmJdr/p8c55aGom
W0lucIjNUk5efwz9nzQv3zUQul7BqiJ6hT7ByRfjC7pQFYXF3UqzCldWzhoY
OdlbN74HkiQMPvFmkIaUdCZjQ5IvEpZI/bHgYdf65TA36c++Cb4PraxcCkdu
kmCXHG/nfEa7Tm5tcb1oWblhiVYi/kXb92JWHVqkOj7mrU+h5u+LmiE9Tu4U
EuLnlOPfXo3CmWY1YLiWwMAVc8t5j2xxPrCEYIgJDMwu9DjPO2g04svNnPkJ
y7BXmKi2L0c4pJ6vx50SxqFuRf7QRSeLdWife5WDK4JbpOiBvDWiYmmX8sY7
7rwgxqP3gPtB2QYzhuzzSsGpo7bP2tj4JYViJLGu4pMfk8/Hfhyo+0ZrPUm2
y/EuLqK5v59I8IuraOSDXDzD8R8fekJHIO2KHM77bOIQWkDSd5s2uBxoiew6
0qMKOknEcDuDnp8Wmg0JJIk4J7ZVGsf9yS4+sjMnBIMbJVaStO4Pbw22oc+V
X4UDpBDMihOOfADIMrq/9UfGSL7xHobhAVzHl0YUFa22aAdmkDbPz0TC0BMZ
q1mQzibF9QuR7QvVfz26xPECMYJ0JE7IS5rA9fmBr1xfUI8PZcvJ3DCMZUtf
eCRNsPLJ/8wn8hFBcB1HbYLcEQPp404Qh7yHLzWuAEegtVIhhGEnFW3V7fVy
yjuMwhzqBl3Dd+Y08d04ypLYcPmytXwmE4c4I/BqcKREqHcixqHk0O8kn01n
G7ZRfEEhFA2rIRMxuBtBEtXBCqZSg12SacK5X7iRcJGHHpMKDRvpnDzKVE9J
tS3fmGLSW7xCc1cPmjvA+6bmWLxEyuAqBYiNCvNqtafb+xtgGaTR9uFJnqLq
jzHTfkn5SiQ/ZAMZQPBxANaRrgq/THDwtmmTkvtL+gDB9aca+/IS6QMFQtpf
MQngV5tI9KBS0NFVTYHYuj9iFteRtKLFR8Z+oWeRlWGOhpNsg8sLaI3hGBnt
XFR4ngzLcnlUGZxo6omLXuOH5ZWAjN3HYuVTJH68Bt4iWJqYo0DMhtsTQuaK
K2ZhEZEX5M507rqP2MrseNsUN2mmet9LMvQNfSsPU4NfSTGoEctQK5L5pbPc
YCYbdBTEQN7D4twP9tsydMi4V68U8F0pvgz0RIor8IgnRGyT595GyJR6R0HK
MZDU8eryiEwKoprGDrwII6/z49fHD1DXsBcGFoSXixZhDJf7hhTwqWYkHE/B
uc+7EkVPesM1DEXVd+37QAskZ+GMfhxFHBwcxRlnOce4IbAzrerMwlEBLGw4
15cDQ27A6FqBXjdyrQXSuj6iRfLJ5kXKh4xCPLX92ggyJxTV8o1OM7T+q1Hb
H94rKev55z8TtpmNSZVxGIWBARK2fHb0E6wjYfSU/aVe/QLxxya90gMdmiHq
k4TnA0UajaQdMDqIJL+KMYyZAhPin40bI/2Lhxo6EdzljwyiAEbb+BHY6TBq
guvR/t6eWyY+LUi69RF7U0q+SWItXFdSxlv/ZNtVIdHvz6K7QuLYtL/X43MX
hkSjv55o5dqj/cpfgqMuiM/sshuNE7VxnOsvkqEF9saEljjvChz3rYB2dofM
7O/P6G/cajX8GQTRB4+ipN5DyY9GftMvGyvoG1XYbKXD9fAVT58V4cHiNE/q
2+v3fVi7H0XK/+hVL57gzetevMdXKfkKGUGu5+NiyyNtBtdzrv507Paw2b/U
QZpwaHQy6CRtfVvvQFL+9n0yfAonlVM4hKltNWhy+JtXy2zeYBXEKr5zhnOh
FKX0N6OBTLmnTc1n1meENMzWbonPqS0nHMNdSrgngaCcTxkgecFAaffV+aX5
qcjgS8dIoftb6PQqTYog9vX215vs8ZP9geALU/7mA94UhJuvODeM+8HAlbfr
t+cgbzZ4tS8v9k/Ppv29ChWvr7/Q05Bpl+vH+M7T37E2XkIlTqTN4JwR0w4x
fXjHrNnHPX6cJ3l9/PqUjy1aXAs41oKMVAhwq6+5+1UjH++F8QyTk/gejo07
4BTobTgk7gpk9CCK3tuHZQEtE9yxeUUl6cXffTXm3R3u1by/l9RiuKYL0FHH
y/1GfWyaoOoXh0/ORIFpHJdGYSk50vzPacaL4ubYYNv4ghIt1jmz/ZbMuzu+
UJPeyLkEVDr1wFyormlHj+sroZhd7mi8vz966NQgG6oBKFNyG68/GjjImG1c
s6SAI+7S5StbtAA1rOB2fLViSwDqfwE7eIfnx1oAAA==

-->

</rfc>

