<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.4.9) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-many-seat-architecture-00" category="info" consensus="true" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="SEAT Architecture">Secure Evidence and Attestation Transport (SEAT) Architecture</title>
    <seriesInfo name="Internet-Draft" value="draft-many-seat-architecture-00"/>
    <author fullname="Nathanael Ritz">
      <organization>Independent</organization>
      <address>
        <email>ietf@nritz.com</email>
      </address>
    </author>
    <author fullname="Thomas Fossati">
      <organization>Independent</organization>
      <address>
        <email>tho.ietf@gmail.com</email>
      </address>
    </author>
    <author fullname="Tirumaleswar Reddy">
      <organization>Nokia</organization>
      <address>
        <email>kondtir@gmail.com</email>
      </address>
    </author>
    <author fullname="Ionuț Mihalcea">
      <organization>Arm</organization>
      <address>
        <email>ionut.mihalcea@arm.com</email>
      </address>
    </author>
    <date year="2026" month="July" day="04"/>
    <keyword>remote attestation</keyword>
    <keyword>TLS</keyword>
    <keyword>confidential computing</keyword>
    <keyword>transport security</keyword>
    <abstract>
      <?line 60?>

<t>This document defines an architectural framework for composing Remote
ATtestation procedureS (RATS) with Secure Evidence and Attestation
Transport (SEAT).  The document establishes normalized terminology
for SEAT, aligns RATS roles to transport endpoints, outlines
topological patterns for attestation delivery timing, characterizes
the abstract cryptographic pattern by which Evidence is bound to a
given transport connection.</t>
    </abstract>
    <note removeInRFC="true">
      <name>About This Document</name>
      <t>
        The latest revision of this draft can be found at <eref target="https://tls-attestation.github.io/seat-architecture/draft-seat-architecture.html"/>.
        Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-many-seat-architecture/"/>.
      </t>
      <t>Source for this draft and an issue tracker can be found at
        <eref target="https://github.com/tls-attestation/seat-architecture"/>.</t>
    </note>
  </front>
  <middle>
    <?line 72?>

<section anchor="introduction">
      <name>Introduction</name>
      <section anchor="establishing-trust-in-secure-communications">
        <name>Establishing Trust in Secure Communications</name>
        <ul empty="true">
          <li>
            <t>"Cryptography <em>without system integrity</em> is like investing in an
  armored car to carry money between a customer living in a cardboard
  box and a person doing business on a park bench."</t>
            <t>— Gene Spafford</t>
          </li>
        </ul>
        <t>Traditional secure channel protocols, such as Transport Layer
Security (TLS), primarily establish trust in a peer's identity. This
is typically achieved through mechanisms like a Public Key
Infrastructure (PKI), where a trusted Certification Authority (CA)
vouches for the binding between a public key and an identifier (e.g.,
a hostname).</t>
        <t>However, this model has a core limitation: identity authentication
provides no assurance about the peer's internal state or the
integrity of its software stack.  A compromised server, for instance,
can still present a valid X.509 certificate and be considered
"trusted" by a client.  This gap allows compromised endpoints to
maintain network access and the trust of their peers, posing a
significant security risk in many environments.</t>
      </section>
      <section anchor="the-role-of-remote-attestation">
        <name>The Role of Remote Attestation</name>
        <t>Remote Attestation (RA), as described in the RATS architecture
<xref target="RFC9334"/>, is a mechanism designed to fill this gap.  RA allows an
entity (the "Attester") to produce verifiable "Evidence" about its
current runtime state.  This Evidence covers the Attester's TCB, and
can thus include measurements of its firmware, operating system, and
application code, as well as the configuration of its hardware and
software security features (e.g., secure boot status, memory
isolation).  A "Relying Party" can then use this Evidence, often with
the help of a trusted "Verifier", to appraise the Attester's
trustworthiness.</t>
        <t>By integrating RA into a secure channel establishment protocol, a
second dimension of trust—trustworthiness—is added to complement
regular peer authentication.  This allows a peer to make
authorization decisions based not just on who the other party is, but
also on what it is (e.g., an AMD SEV-SNP-based server running in some
known datacenter) and whether its state is acceptable.</t>
      </section>
      <section anchor="purpose-and-scope">
        <name>Purpose and Scope</name>
        <t>This document is intended as an input to the design of protocol
solutions within the SEAT working group.  A key goal is to define
requirements for a solution that is agnostic to any specific
attestation technology (e.g., Trusted Platform Modules (TPMs), Intel
TDX, AMD SEV, Arm CCA, etc.).</t>
        <t>For the scope of this architecture, the term "transport" is used
interchangeably with "secure transport" to refer to secure channel
establishment protocols.</t>
      </section>
      <section anchor="use-cases">
        <name>Use Cases</name>
        <t>The use cases motivating this architecture are defined in
<xref target="I-D.mihalcea-seat-use-cases"/>.  Readers are directed there for the
full enumeration of deployment scenarios, requirements, and
properties that protocol work in the SEAT working group is expected
to satisfy.</t>
      </section>
    </section>
    <section anchor="definitions">
      <name>Conventions and Definitions</name>
      <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
      <?line -18?>

<t>The following terms are used in this document.  Terms defined in
<xref target="RFC9334"/> are used with the meanings established there; the
definitions below extend or specialize those terms for the transport
context.</t>
      <t>This document adopts terms of art such as <tt>intra-</tt> and <tt>post-</tt>
as coined by <xref target="NIEME2021"/>.</t>
      <dl>
        <dt>Target/TEE‑Bound Key (<tt>tbK</tt>):</dt>
        <dd>
          <t>An asymmetric key pair whose private key is generated
and maintained exclusively within the Target Environment
(e.g., a TEE). The <tt>tbK</tt> is used to authenticate the Attester’s
transport endpoint (for example, signing the TLS CertificateVerify
message). Evidence produced by the Attesting Environment
<bcp14>MUST</bcp14> include a binding to the <tt>tbK</tt>.</t>
        </dd>
        <dt>Hardware‑Bound Key (<tt>hbK</tt>):</dt>
        <dd>
          <t>A long‑lived asymmetric key pair whose private key resides
outside the Target Environment, typically in a Hardware Security
Module (HSM) or similar hardened service. The <tt>hbK</tt>’s certificate
provides the conventional identity (e.g., a WebPKI domain
validation) to the Relying Party. In deployments where a
short‑lived <tt>tbK</tt> is used, the <tt>hbK</tt> <bcp14>MAY</bcp14> authorise the <tt>tbK</tt>.</t>
        </dd>
        <dt>Attesting Environment Key (<tt>aeK</tt>):</dt>
        <dd>
          <t>The asymmetric key used by the Attesting Environment
to sign Evidence. The Verifier trusts the <tt>aeK</tt> through an
Endorsement chain that typically roots in a hardware manufacturer
or a device‑specific CA. The <tt>aeK</tt> is used solely for attestation
and is distinct from any key used for transport authentication.</t>
        </dd>
        <dt>Attestation Result Key (<tt>arK</tt>):</dt>
        <dd>
          <t>The asymmetric key used by a Verifier to sign
Attestation Results. The Relying Party must possess the
corresponding trust anchor for the <tt>arK</tt> so that it can verify
the integrity and authenticity of received Attestation Results.</t>
        </dd>
        <dt>Attestation Credential:</dt>
        <dd>
          <t>The attestation payload conveyed by the Attester to the Relying
Party across the transport connection. Depending on the RATS
conveyance model in use, this payload consists of either Evidence
(Background-Check Model) or an Attestation Result (Passport Model).
Where a statement applies specifically to one but not the other,
this document uses the more specific term.</t>
        </dd>
      </dl>
      <ul empty="true">
        <li>
          <t>While Evidence is exclusively generated by the Attester and
Attestation Results are generated by a Verifier, in the SEAT
transport context, the Attestation Credential is always presented
by the Attester directly to the Relying Party over the secure channel.</t>
        </li>
      </ul>
      <dl>
        <dt>Attested Channel:</dt>
        <dd>
          <t>A transport session in which at least one endpoint
has produced Evidence that has been appraised, and in which that
Evidence is cryptographically bound to the session such that the
appraisal cannot be replayed to a different session or transferred
to a different endpoint.</t>
        </dd>
        <dt>Attestation Timing Model:</dt>
        <dd>
          <t>The temporal relationship between Evidence
conveyance and connection establishment time.  This document
defines two timing models: Intra-Handshake Attestation and Post-
Handshake Attestation. See <xref target="timing-models"/>.</t>
        </dd>
        <dt>Evidence Generation Time:</dt>
        <dd>
          <t>The point at which an Attester's Claims
are signed to produce Evidence. Depending on the internal workings
of the Attester, the Evidence reflects the reported state at the
time the underlying Claims were collected and may not represent a
snapshot of state at the exact moment of signing the evidence.
In all cases, it makes no representation about the Attester's
state at any later time.</t>
        </dd>
        <dt>Connection Establishment Time:</dt>
        <dd>
          <t>The point at which a transport
handshake completes and the session becomes usable for application
data exchange.</t>
        </dd>
        <dt>Lifetime of Connection:</dt>
        <dd>
          <t>The period from Connection Establishment
Time until the session is torn down.  Post-handshake re-
attestation operates during the Lifetime of Connection, allowing
Evidence to reflect the Attester's current state rather than its
state at Connection Establishment Time.</t>
        </dd>
        <dt>Re-attestation:</dt>
        <dd>
          <t>The production and appraisal of fresh Evidence during an
established session's Lifetime of Connection.</t>
        </dd>
        <dt>Intra-Handshake Window:</dt>
        <dd>
          <t>The interval during transport connection
establishment in which Evidence is conveyed within the handshake
messages themselves, prior to the transition to application data
exchange.</t>
        </dd>
        <dt>Post-Handshake Window:</dt>
        <dd>
          <t>The interval following connection establishment in which Evidence
is conveyed to the Relying Party using post-handshake protocol
mechanisms (e.g., Exported Authenticators or application-layer
exchanges).</t>
        </dd>
        <dt>Session Binding Value:</dt>
        <dd>
          <t>A value, uniquely determined by a specific transport
session, from which Attestation Binders are derived.  A Session
Binding Value may be public or secret depending on the topology;
what is required is that it cannot be known before the session is
initiated.  See <xref target="channel-binding-pattern"/>.</t>
        </dd>
        <dt>Attestation Binder:</dt>
        <dd>
          <t>A cryptographic value derived from a Session Binding
Value and committed to by the Attesting Environment into its
Evidence payload. This value binds the Evidence to a specific
session guaranteed under typical cryptographic assumptions.</t>
        </dd>
        <dt>Transmission Anchor:</dt>
        <dd>
          <t>The point in the protocol at which an
Attestation Binder is included in a protocol message.  A binder
may be computed and transmitted before peer authentication is
complete.</t>
        </dd>
        <dt>Verification Anchor:</dt>
        <dd>
          <t>The protocol mechanism by which the integrity
of a transmitted Attestation Binder is established. Depending on
the Attestation Timing Model, this may be achieved via a MAC
that authenticates the handshake transcript (e.g., the TLS Finished
message), or through post-handshake cryptographic binding (e.g.,
Exported Authenticators).</t>
        </dd>
        <dt>Split Deployment:</dt>
        <dd>
          <t>A deployment in which the Attesting Environment
and the transport stack reside in different execution contexts.
The transport stack is in the Target Environment; the Attesting
Environment (e.g., a TEE) must receive the attestation binder
input — typically a handshake transcript hash or exported key —
from the transport stack via a trusted interface.</t>
        </dd>
      </dl>
    </section>
    <section anchor="roles-and-entities">
      <name>Roles and Entities</name>
      <t>The SEAT architecture maps the roles defined in <xref target="RFC9334"/> to standard
transport protocol entities.  The subsections below describe each
role and its specific character in the transport context.</t>
      <t>The overarching SEAT goal is to establish an Attested Channel between two
entities.  <xref target="fig-atls"/> shows the TLS and RATS roles that are involved in
achieving this goal, and how they interact.</t>
      <figure anchor="fig-atls">
        <name>Attested Secure Channel</name>
        <artset>
          <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="416" width="552" viewBox="0 0 552 416" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
              <path d="M 8,128 L 8,400" fill="none" stroke="black"/>
              <path d="M 32,160 L 32,192" fill="none" stroke="black"/>
              <path d="M 32,272 L 32,368" fill="none" stroke="black"/>
              <path d="M 56,208 L 56,248" fill="none" stroke="black"/>
              <path d="M 96,64 L 96,144" fill="none" stroke="black"/>
              <path d="M 160,160 L 160,192" fill="none" stroke="black"/>
              <path d="M 160,272 L 160,368" fill="none" stroke="black"/>
              <path d="M 184,128 L 184,400" fill="none" stroke="black"/>
              <path d="M 232,48 L 232,64" fill="none" stroke="black"/>
              <path d="M 272,168 L 272,288" fill="none" stroke="black"/>
              <path d="M 320,48 L 320,64" fill="none" stroke="black"/>
              <path d="M 368,128 L 368,280" fill="none" stroke="black"/>
              <path d="M 368,296 L 368,400" fill="none" stroke="black"/>
              <path d="M 456,64 L 456,144" fill="none" stroke="black"/>
              <path d="M 544,128 L 544,400" fill="none" stroke="black"/>
              <path d="M 248,32 L 304,32" fill="none" stroke="black"/>
              <path d="M 112,48 L 232,48" fill="none" stroke="black"/>
              <path d="M 320,48 L 440,48" fill="none" stroke="black"/>
              <path d="M 248,80 L 304,80" fill="none" stroke="black"/>
              <path d="M 8,128 L 88,128" fill="none" stroke="black"/>
              <path d="M 104,128 L 184,128" fill="none" stroke="black"/>
              <path d="M 368,128 L 448,128" fill="none" stroke="black"/>
              <path d="M 464,128 L 544,128" fill="none" stroke="black"/>
              <path d="M 48,144 L 144,144" fill="none" stroke="black"/>
              <path d="M 408,144 L 504,144" fill="none" stroke="black"/>
              <path d="M 168,160 L 384,160" fill="none" stroke="black"/>
              <path d="M 408,176 L 504,176" fill="none" stroke="black"/>
              <path d="M 48,208 L 144,208" fill="none" stroke="black"/>
              <path d="M 48,256 L 144,256" fill="none" stroke="black"/>
              <path d="M 64,272 L 120,272" fill="none" stroke="black"/>
              <path d="M 408,272 L 504,272" fill="none" stroke="black"/>
              <path d="M 144,288 L 384,288" fill="none" stroke="black"/>
              <path d="M 64,304 L 120,304" fill="none" stroke="black"/>
              <path d="M 408,304 L 504,304" fill="none" stroke="black"/>
              <path d="M 48,384 L 144,384" fill="none" stroke="black"/>
              <path d="M 8,400 L 184,400" fill="none" stroke="black"/>
              <path d="M 368,400 L 544,400" fill="none" stroke="black"/>
              <path d="M 248,32 C 239.16936,32 232,39.16936 232,48" fill="none" stroke="black"/>
              <path d="M 304,32 C 312.83064,32 320,39.16936 320,48" fill="none" stroke="black"/>
              <path d="M 112,48 C 103.16936,48 96,55.16936 96,64" fill="none" stroke="black"/>
              <path d="M 440,48 C 448.83064,48 456,55.16936 456,64" fill="none" stroke="black"/>
              <path d="M 248,80 C 239.16936,80 232,72.83064 232,64" fill="none" stroke="black"/>
              <path d="M 304,80 C 312.83064,80 320,72.83064 320,64" fill="none" stroke="black"/>
              <path d="M 48,144 C 39.16936,144 32,151.16936 32,160" fill="none" stroke="black"/>
              <path d="M 144,144 C 152.83064,144 160,151.16936 160,160" fill="none" stroke="black"/>
              <path d="M 408,144 C 399.16936,144 392,151.16936 392,160" fill="none" stroke="black"/>
              <path d="M 504,144 C 512.83064,144 520,151.16936 520,160" fill="none" stroke="black"/>
              <path d="M 408,176 C 399.16936,176 392,168.83064 392,160" fill="none" stroke="black"/>
              <path d="M 504,176 C 512.83064,176 520,168.83064 520,160" fill="none" stroke="black"/>
              <path d="M 48,208 C 39.16936,208 32,200.83064 32,192" fill="none" stroke="black"/>
              <path d="M 144,208 C 152.83064,208 160,200.83064 160,192" fill="none" stroke="black"/>
              <path d="M 48,256 C 39.16936,256 32,263.16936 32,272" fill="none" stroke="black"/>
              <path d="M 144,256 C 152.83064,256 160,263.16936 160,272" fill="none" stroke="black"/>
              <path d="M 64,272 C 55.16936,272 48,279.16936 48,288" fill="none" stroke="black"/>
              <path d="M 120,272 C 128.83064,272 136,279.16936 136,288" fill="none" stroke="black"/>
              <path d="M 408,272 C 399.16936,272 392,279.16936 392,288" fill="none" stroke="black"/>
              <path d="M 504,272 C 512.83064,272 520,279.16936 520,288" fill="none" stroke="black"/>
              <path d="M 64,304 C 55.16936,304 48,296.83064 48,288" fill="none" stroke="black"/>
              <path d="M 120,304 C 128.83064,304 136,296.83064 136,288" fill="none" stroke="black"/>
              <path d="M 408,304 C 399.16936,304 392,296.83064 392,288" fill="none" stroke="black"/>
              <path d="M 504,304 C 512.83064,304 520,296.83064 520,288" fill="none" stroke="black"/>
              <path d="M 48,384 C 39.16936,384 32,376.83064 32,368" fill="none" stroke="black"/>
              <path d="M 144,384 C 152.83064,384 160,376.83064 160,368" fill="none" stroke="black"/>
              <polygon class="arrowhead" points="392,288 380,282.4 380,293.6" fill="black" transform="rotate(0,384,288)"/>
              <polygon class="arrowhead" points="392,160 380,154.4 380,165.6" fill="black" transform="rotate(0,384,160)"/>
              <polygon class="arrowhead" points="280,168 268,162.4 268,173.6" fill="black" transform="rotate(270,272,168)"/>
              <polygon class="arrowhead" points="176,160 164,154.4 164,165.6" fill="black" transform="rotate(180,168,160)"/>
              <polygon class="arrowhead" points="152,288 140,282.4 140,293.6" fill="black" transform="rotate(180,144,288)"/>
              <polygon class="arrowhead" points="64,248 52,242.4 52,253.6" fill="black" transform="rotate(90,56,248)"/>
              <g class="text">
                <text x="276" y="52">Verifier</text>
                <text x="272" y="68">[arK]</text>
                <text x="248" y="132">Nonce-based</text>
                <text x="228" y="148">Remote</text>
                <text x="304" y="148">Attestation</text>
                <text x="96" y="164">Attesting</text>
                <text x="432" y="164">Relying</text>
                <text x="488" y="164">Party</text>
                <text x="96" y="180">Environment</text>
                <text x="96" y="196">[aeK]</text>
                <text x="96" y="228">Collect</text>
                <text x="316" y="228">Attest'n</text>
                <text x="92" y="244">Claims</text>
                <text x="308" y="244">Binder</text>
                <text x="72" y="292">TLS</text>
                <text x="108" y="292">peer</text>
                <text x="432" y="292">TLS</text>
                <text x="468" y="292">peer</text>
                <text x="244" y="308">Secure</text>
                <text x="304" y="308">Channel</text>
                <text x="68" y="324">[tbK</text>
                <text x="96" y="324">/</text>
                <text x="124" y="324">hbK]</text>
                <text x="92" y="356">Target</text>
                <text x="96" y="372">Environment</text>
              </g>
            </svg>
          </artwork>
          <artwork type="ascii-art" align="center"><![CDATA[
                             .--------.
            .---------------+ Verifier +---------------.
           |                |  [arK]   |                |
           |                 '--------'                 |
           |                                            |
           |                                            |
.----------|----------.  Nonce-based         .----------|----------.
|   .------+------.   |  Remote Attestation  |   .------+------.   |
|  |   Attesting   |<-+----------------------+->| Relying Party |  |
|  |  Environment  |  |          ^           |   '-------------'   |
|  |     [aeK]     |  |          |           |                     |
|   '-+-----------'   |          |           |                     |
|     | Collect       |          | Attest'n  |                     |
|     v Claims        |          | Binder    |                     |
|   .-------------.   |          |           |                     |
|  |  .--------.   |  |          |           |   .-------------.   |
|  | | TLS peer |<-+--+----------+------------->|   TLS peer    |  |
|  |  '--------'   |  |    Secure Channel    |   '-------------'   |
|  |  [tbK / hbK]  |  |                      |                     |
|  |               |  |                      |                     |
|  |    Target     |  |                      |                     |
|  |  Environment  |  |                      |                     |
|   '-------------'   |                      |                     |
'---------------------'                      '---------------------'
]]></artwork>
        </artset>
      </figure>
      <section anchor="attester">
        <name>Attester</name>
        <t>The Attester produces Evidence about its current state for
consumption by a Verifier.  In the transport context, the Attester is
a network endpoint — either the Client or the Server — that possesses
an Attesting Environment (such as a Trusted Execution Environment)
capable of securely collecting Claims and signing them with an
attestation key.</t>
        <t>The Attester's transport stack provides the attestation binder input
to the Attesting Environment so that Evidence can be bound to the
specific session.  In a Split Deployment, the transport stack is in
the Target Environment and the interface between the transport stack
and the Attesting Environment is a security-critical boundary.
See <xref target="security-considerations"/>.</t>
        <t>In mutual attestation deployments, both the Client and the Server
simultaneously act as Attesters.  Each endpoint's Attesting
Environment independently generates Evidence bound to the session.</t>
      </section>
      <section anchor="relying-party">
        <name>Relying Party</name>
        <t>The Relying Party consumes an Attestation Result and uses
it to make authorization decisions about the transport connection.
In the transport context, the Relying Party is typically the endpoint
opposite the Attester — the Server when the Client attests, or the
Client when the Server attests.</t>
      </section>
      <section anchor="verifier">
        <name>Verifier</name>
        <t>The Verifier appraises the validity of Evidence and produces
Attestation Results, as defined in <xref section="4" sectionFormat="of" target="RFC9334"/>.</t>
        <t>The appraisal is driven by an Appraisal Policy for Evidence,
a set of rules that determines which Endorsements and Reference
Values are required, which Claims must be present, and under what
conditions Evidence is considered acceptable.</t>
        <t>The Appraisal Policy may be configured as part of the Verifier’s
trust anchors or supplied by a Relying Party in a
deployment-specific manner. When Attestation Results are produced,
they reflect the outcome of applying that policy.</t>
        <t>How Evidence reaches the Verifier follows one of the two RATS
conveyance models (<xref section="5" sectionFormat="of" target="RFC9334"/>):</t>
        <dl>
          <dt>Background-Check Model:</dt>
          <dd>
            <t>The Relying Party conveys the Attester's Evidence to the Verifier
and receives Attestation Results in return.  The Verifier may be
co-located with the Relying Party, appraising Evidence inline, for
example during an intra-handshake exchange that requires a real-time
result before the connection is finalized or operated as a remote
service.</t>
          </dd>
          <dt>Passport Model:</dt>
          <dd>
            <t>The Attester conveys its Evidence to a remote Verifier, obtains
Attestation Results, and presents those Results to the Relying
Party.</t>
          </dd>
        </dl>
        <t>Verifier location is an independent deployment choice: a co-located
Verifier operates under the Background-Check Model, whereas a remote
Verifier may operate under either model.</t>
        <t><xref target="fig-roles"/> illustrates how Evidence and Attestation Results flow
under the two conveyance models.</t>
        <figure anchor="fig-roles">
          <name>RATS Conveyance Models in the Transport Context</name>
          <artset>
            <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="416" width="520" viewBox="0 0 520 416" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                <path d="M 16,96 L 16,144" fill="none" stroke="black"/>
                <path d="M 16,240 L 16,288" fill="none" stroke="black"/>
                <path d="M 16,352 L 16,384" fill="none" stroke="black"/>
                <path d="M 64,296 L 64,344" fill="none" stroke="black"/>
                <path d="M 104,96 L 104,144" fill="none" stroke="black"/>
                <path d="M 104,240 L 104,288" fill="none" stroke="black"/>
                <path d="M 144,352 L 144,384" fill="none" stroke="black"/>
                <path d="M 200,96 L 200,144" fill="none" stroke="black"/>
                <path d="M 200,240 L 200,288" fill="none" stroke="black"/>
                <path d="M 288,240 L 288,288" fill="none" stroke="black"/>
                <path d="M 328,96 L 328,144" fill="none" stroke="black"/>
                <path d="M 424,96 L 424,144" fill="none" stroke="black"/>
                <path d="M 512,96 L 512,144" fill="none" stroke="black"/>
                <path d="M 16,96 L 104,96" fill="none" stroke="black"/>
                <path d="M 200,96 L 328,96" fill="none" stroke="black"/>
                <path d="M 424,96 L 512,96" fill="none" stroke="black"/>
                <path d="M 112,112 L 192,112" fill="none" stroke="black"/>
                <path d="M 336,112 L 416,112" fill="none" stroke="black"/>
                <path d="M 336,128 L 416,128" fill="none" stroke="black"/>
                <path d="M 16,144 L 104,144" fill="none" stroke="black"/>
                <path d="M 200,144 L 328,144" fill="none" stroke="black"/>
                <path d="M 424,144 L 512,144" fill="none" stroke="black"/>
                <path d="M 16,240 L 104,240" fill="none" stroke="black"/>
                <path d="M 200,240 L 288,240" fill="none" stroke="black"/>
                <path d="M 112,256 L 192,256" fill="none" stroke="black"/>
                <path d="M 112,272 L 192,272" fill="none" stroke="black"/>
                <path d="M 16,288 L 104,288" fill="none" stroke="black"/>
                <path d="M 200,288 L 288,288" fill="none" stroke="black"/>
                <path d="M 16,352 L 144,352" fill="none" stroke="black"/>
                <path d="M 16,384 L 144,384" fill="none" stroke="black"/>
                <polygon class="arrowhead" points="424,112 412,106.4 412,117.6" fill="black" transform="rotate(0,416,112)"/>
                <polygon class="arrowhead" points="344,128 332,122.4 332,133.6" fill="black" transform="rotate(180,336,128)"/>
                <polygon class="arrowhead" points="200,256 188,250.4 188,261.6" fill="black" transform="rotate(0,192,256)"/>
                <polygon class="arrowhead" points="200,112 188,106.4 188,117.6" fill="black" transform="rotate(0,192,112)"/>
                <polygon class="arrowhead" points="120,272 108,266.4 108,277.6" fill="black" transform="rotate(180,112,272)"/>
                <polygon class="arrowhead" points="72,344 60,338.4 60,349.6" fill="black" transform="rotate(90,64,344)"/>
                <g class="text">
                  <text x="68" y="36">Background-Check</text>
                  <text x="160" y="36">Model</text>
                  <text x="20" y="52">(the</text>
                  <text x="72" y="52">Relying</text>
                  <text x="128" y="52">Party</text>
                  <text x="184" y="52">conveys</text>
                  <text x="252" y="52">Evidence</text>
                  <text x="300" y="52">to</text>
                  <text x="328" y="52">the</text>
                  <text x="384" y="52">Verifier;</text>
                  <text x="440" y="52">the</text>
                  <text x="44" y="68">Verifier</text>
                  <text x="96" y="68">may</text>
                  <text x="124" y="68">be</text>
                  <text x="180" y="68">co-located</text>
                  <text x="244" y="68">with</text>
                  <text x="280" y="68">the</text>
                  <text x="328" y="68">Relying</text>
                  <text x="384" y="68">Party</text>
                  <text x="420" y="68">or</text>
                  <text x="464" y="68">remote)</text>
                  <text x="148" y="100">Evidence</text>
                  <text x="372" y="100">Evidence</text>
                  <text x="60" y="116">Attester</text>
                  <text x="240" y="116">Relying</text>
                  <text x="296" y="116">Party</text>
                  <text x="468" y="116">Verifier</text>
                  <text x="372" y="148">Att.Res.</text>
                  <text x="36" y="180">Passport</text>
                  <text x="96" y="180">Model</text>
                  <text x="20" y="196">(the</text>
                  <text x="76" y="196">Attester</text>
                  <text x="144" y="196">conveys</text>
                  <text x="212" y="196">Evidence</text>
                  <text x="260" y="196">to</text>
                  <text x="288" y="196">the</text>
                  <text x="340" y="196">Verifier</text>
                  <text x="392" y="196">and</text>
                  <text x="444" y="196">presents</text>
                  <text x="24" y="212">the</text>
                  <text x="80" y="212">resulting</text>
                  <text x="168" y="212">Attestation</text>
                  <text x="248" y="212">Results</text>
                  <text x="292" y="212">to</text>
                  <text x="320" y="212">the</text>
                  <text x="368" y="212">Relying</text>
                  <text x="428" y="212">Party)</text>
                  <text x="148" y="244">Evidence</text>
                  <text x="60" y="260">Attester</text>
                  <text x="244" y="260">Verifier</text>
                  <text x="148" y="292">Att.Res.</text>
                  <text x="120" y="324">Attestation</text>
                  <text x="200" y="324">Results</text>
                  <text x="56" y="372">Relying</text>
                  <text x="112" y="372">Party</text>
                </g>
              </svg>
            </artwork>
            <artwork type="ascii-art"><![CDATA[
 Background-Check Model
 (the Relying Party conveys Evidence to the Verifier; the
  Verifier may be co-located with the Relying Party or remote)

  +----------+ Evidence  +---------------+ Evidence  +----------+
  | Attester |---------->| Relying Party |---------->| Verifier |
  |          |           |               |<----------|          |
  +----------+           +---------------+ Att.Res.  +----------+

 Passport Model
 (the Attester conveys Evidence to the Verifier and presents
  the resulting Attestation Results to the Relying Party)

  +----------+ Evidence  +----------+
  | Attester |---------->| Verifier |
  |          |<----------|          |
  +----------+ Att.Res.  +----------+
        |
        | Attestation Results
        v
  +---------------+
  | Relying Party |
  +---------------+
]]></artwork>
          </artset>
        </figure>
      </section>
    </section>
    <section anchor="trust-model">
      <name>Trust Model</name>
      <t>This section describes the trust relationships required to establish
an Attested Channel.  The general trust model of <xref target="RFC9334"/> Section 7
applies; the subsections below specialise it for the transport
context.</t>
      <section anchor="relying-party-trust">
        <name>Relying Party Trust</name>
        <t>The Relying Party must trust that the Attestation Credential it receives
accurately reflects the Attester's state, which depends on its trust
in the Verifier and in the Endorsement chain for the Attesting
Environment.</t>
        <t>The Relying Party must additionally satisfy itself that
the Attestation Credential is bound to the current session — that it has not been
replayed from a different session or transferred from a different
endpoint.  This assurance is provided by the session binding mechanism
described in <xref target="channel-binding-pattern"/>; the check may be performed by
the Relying Party itself or delegated to the Verifier, but it cannot
be pre-computed independently of the session.</t>
      </section>
      <section anchor="attester-trust">
        <name>Attester Trust</name>
        <t>For an Attesting Environment to be trustworthy to a Verifier, the
Verifier must be able to establish trust in the signing key the
Attesting Environment uses to produce Evidence.  This is accomplished
via an Endorsement chain from a hardware manufacturer or certificate
authority that attests to the Attesting Environment's properties and
the provenance of its attestation key.  In the transport context,
Endorsements may be conveyed alongside Evidence in the same transport
message, or fetched out-of-band by the Verifier prior to or during
appraisal.</t>
      </section>
      <section anchor="verifier-trust">
        <name>Verifier Trust</name>
        <t>The Relying Party must have a trust relationship with the Verifier
commensurate with the sensitivity of the authorization decision.  In
the co-located Verifier deployment, this relationship is implicit:
the Verifier's logic is part of the Relying Party's own
implementation.  In the remote Verifier deployment, the Relying Party
must authenticate the Verifier and confirm that the Verifier's
Appraisal Policy for Evidence is consistent with the Relying Party's
own requirements before accepting any Attestation Credentials.</t>
      </section>
    </section>
    <section anchor="timing-models">
      <name>Timing Models</name>
      <t>The timing and conveyance of Attestation Credentials relative to the
transport handshake define the two Attestation Timing Models used in
this architecture.</t>
      <t>Depending on the approach, an Attestation Credential may be conveyed
during Intra-Handshake Window or conveyed at the application layer in
the Post-Handshake Window.</t>
      <t>If the credential is Evidence, the Relying Party acts as or forwards
it to a Verifier to appraise the Evidence. If the credential is an
Attestation Result, the Relying Party evaluates it against its own
Appraisal Policy for Attestation Results.</t>
      <t>In both cases, an authorization decision must be made before the
transport state machine permits application data to flow.</t>
      <section anchor="intra-handshake-attestation">
        <name>Intra-Handshake Attestation</name>
        <t>An Attestation Credential is conveyed by the Attester <strong>during</strong> the
transport connection establishment to the Relying Party within the
handshake messages themselves, prior to the transition to application
data exchange. Upon receipt, the Relying Party processes the
Attestation Credential.</t>
        <t>The Relying Party, which may be deployed with a co-located Verifier,
appraises the Evidence in real time and makes an authorization
decision before the transport state machine permits application data
to flow.</t>
      </section>
      <section anchor="post-handshake-attestation">
        <name>Post-Handshake Attestation</name>
        <t>An Attestation Credential is conveyed by the Attester <strong>after</strong> transport
connection establishment to the Relying Party following the transition to
application data exchange.</t>
        <t>The Attestation Binder is derived after handshake completion,
tying the Attestation Credential to the completed session.</t>
        <t>This deployment can be localized with the sidecar pattern, which
withholds application data until the attestation procedure completes,
decoupling the attestation protocol from application logic.</t>
      </section>
      <section anchor="combining-timing-models">
        <name>Combining Timing Models</name>
        <t>The two timing models may also be used together and their combination
is the natural architecture for deployments requiring both immediate
trust establishment and durable session integrity over long-lived
connections.</t>
        <t>In this composition, intra-handshake attestation establishes baseline
trust before the session becomes usable: the Relying Party's Verifier
must accept the Attester's Attestation Credential before application
data can flow. The combined model suits constrained device and IoT
deployments where a single attestation protocol handles both initial
session trust and ongoing periodic re-attestion, avoiding separate
code paths for onboarding and normal operation.</t>
        <t>Protocol specifications building on this architecture <bcp14>MAY</bcp14> support one
or both timing models.</t>
      </section>
    </section>
    <section anchor="failure-handling">
      <name>Failure handling considerations</name>
      <section anchor="failure-handing-within-intra-handshake-window">
        <name>Failure handing within Intra-Handshake Window</name>
        <t>When remote attestation occurs within the Intra-Handshake Window,
the transport handshake withholds progression to application data
exchange until the Attestation Result is available: application
data exchange has not yet begun. A Verifier rejection, or a
Relying Party policy rejection of an otherwise valid Attestation
Result, <bcp14>MUST</bcp14> result in a fatal error consistent with the transport
protocol's existing handshake-failure handling.</t>
        <t>It is <bcp14>RECOMMENDED</bcp14> that the failure mode be interpretable by the
application as a remote-attestation-related fault. Remote attestation
specificity provides greater flexibility to apply application-layer
policies, and assists in auditing and general debugging.</t>
      </section>
      <section anchor="failure-handing-within-post-handshake-window">
        <name>Failure handing within Post-Handshake Window</name>
        <t>When attestation occurs within the Post-Handshake Window, or when
Re-attestation fails during the Lifetime of Connection, the
transport session already exists and application data may already
be flowing.  <xref target="RFC9334"/> expects a failed Attester appraisal to
result in reduced access or privileges rather than outright
rejection.  In the event of failures occurring within the
Post-Handshake Window, this behaviour is to be handled at
the transport layer.</t>
        <t>As the Relying Party's enforcement point sits outside the
transport handshake, operating on already-established
application-layer traffic, the Appraisal Policy determines
whether the connection is torn down, or restricted to a subset
of application-layer functionality. Failure handling of
Post-Handshake Attestation does not retroactively protect
application data already exchanged prior to the failed appraisal;
it bounds further exposure going forward.</t>
      </section>
    </section>
    <section anchor="channel-binding-pattern">
      <name>Attestation Session Binding</name>
      <t>Regardless of which timing model is used or which transport protocol
is in use, a correctly bound attested channel requires that three
conditions hold in sequence.</t>
      <t>The first condition is Session Binding Value establishment.  The
endpoints must derive or obtain a shared, session-specific Session
Binding Value from which Attestation Binders can be derived.  The
Session Binding Value is bound to the specific session instance by
construction, and may be public (for example, a handshake transcript)
or secret (for example, an exporter-derived value).</t>
      <t>The second condition is directional Binder derivation.  From the
Session Binding Value, the protocol derives distinct Attestation
Binders for the initiator and the responder.  The binders are directional:
the initiator's binder cannot be substituted for the responder's and vice
versa.  This ensures that Evidence produced by one endpoint cannot
satisfy the verification requirement for the opposite endpoint, even
within the same session.</t>
      <t>The third condition is channel binding to an Attestation Credential. The
Attesting Environment signs its directional Attestation Binder into its
Evidence payload, committing that Evidence to this specific session.</t>
      <t>For this condition to hold when using the Passport model, the Verifier
must propagate this binding into the resulting Attestation Result,
ensuring the final Attestation Credential presented to the Relying Party
remains committed to the specific transport session.</t>
      <t>The first is replay across sessions.  Because the Session Binding
Value is unique to the session, an Attestation Credential committed
to a binder derived from it cannot be presented in a different session.
Where the Session Binding Value is secret, only the session participants
can derive it.  Where it is public, for example, a handshake transcript,
its uniqueness follows from the ephemeral keying material that the
transport establishes per session, so the transcript, and hence the
binder, cannot recur across sessions.</t>
      <t>The second is a Key Substitution Attack: a valid Attestation Credential
produced by a genuine attested execution environment is presented while
the Subject Key used for authentication was not generated or protected
within that environment.  Session binding alone does not bind the
Subject Key to the attested environment; this is handled at the RATS
layer, as discussed under Key Non-exportability in
<xref target="security-considerations"/>.</t>
      <t>The Attestation Credential itself plays a critical role in verifying
that these three session binding conditions have been successfully
achieved. Beyond the cryptographic inclusion of the Attestation Binder,
strict requirements for the internal structure and the application of
logical safeguards protecting the Attestation Credential are necessary
to provide assurance that the Attestation Credential could not have been
generated through alternative means such as side-channel exploits.</t>
      <t>When all three conditions are met, the channel-binding check may be
performed either by the Relying Party itself or by the Verifier.  As a
session participant, the Relying Party holds the Session Binding Value
and can compute the binder locally and <bcp14>MAY</bcp14> send it to the Verifier
which compares it with the binder in the Evidence, avoiding the
need requiring that the Relying Party decode the Evidence first.</t>
      <t>If the Relying Party is directly consuming Evidence (Background-Check
model), it rejects Evidence whose binder does not match. If the Relying
Party is consuming an Attestation Result (Passport model) and expects
per-session freshness (see <xref target="per-session-freshness"/>), it <bcp14>MUST</bcp14> reject
the Attestation Result if it cannot affirmatively evaluate that the
Verifier explicitly tied the Attestation Result to the current
session's Attestation Binder.</t>
    </section>
    <section anchor="freshness">
      <name>Freshness</name>
      <t>The freshness of Evidence is critical to its value as a
trustworthiness signal.  In the transport context, freshness has
several distinct scopes that must be addressed separately.</t>
      <section anchor="per-session-freshness">
        <name>Per-session freshness</name>
        <t>Per-session freshness ensures that Evidence is bound to the specific
session being evaluated and cannot be replayed from a prior session.
This property is addressed directly by the session binding mechanism
of <xref target="channel-binding-pattern"/>.  The Session Binding Value is specific
to the session and cannot be known before the session is initiated,
providing nonce-style freshness in the sense of <xref target="RFC9334"/> Section 10.
Evidence committed to an Attestation Binder derived from the Session
Binding Value is therefore intrinsically fresh with respect to the
session: a replay from a different session will carry an Attestation
Binder derived from a different Session Binding Value, and appraisal
will fail.</t>
      </section>
      <section anchor="session-resumption">
        <name>Session resumption</name>
        <t>Session resumption introduces a specific freshness consideration.
When a transport session is resumed, a previously obtained
Attestation Credential may no longer reflect the Attester's
current state.</t>
      </section>
      <section anchor="re-attestation-in-long-running-sessions">
        <name>Re-Attestation in Long-Running Sessions</name>
        <t>Initial attestation at Connection Establishment Time addresses
the architectural invariants the Relying Party's policy
requires before application data may flow.  Re-attestation
addresses the dynamic reality that established sessions may
outlast the validity of a single trust assessment.  Protocol
specifications building on this architecture <bcp14>SHOULD</bcp14> treat
these as distinct concerns.</t>
        <t>Per-session freshness ensures Evidence cannot be replayed across
sessions but does not address changes in the Attester's state
during the Lifetime of Connection. A Relying Party <bcp14>MAY</bcp14> require
Re-attestation before continuing to transmit sensitive data to a
peer whose trust assessment has expired or whose deployment
environment may have changed in ways material to its policy.</t>
        <t>Re-attestation does not retroactively protect data transmitted
before a state change occurred.  It bounds further exposure by
conditioning continued sensitive data transmission on a current
trust assessment.  Whether to terminate a session upon
re-attestation failure or continue with reduced privilege is
a matter of Relying Party policy; see <xref target="failure-handling"/>.</t>
      </section>
    </section>
    <section anchor="privacy-considerations">
      <name>Privacy Considerations</name>
      <section anchor="evidence-payload-confidentiality">
        <name>Evidence Payload Confidentiality</name>
        <t>The Evidence payload carries Claims about the Attester's state and is
the most privacy-sensitive artifact in the protocol.  It is
<bcp14>RECOMMENDED</bcp14> that Evidence payloads be encrypted to a key
held exclusively by the intended recipient (typically the Verifier),
so that the Evidence content is disclosed only to that recipient and
not to the Relying Party or to other parties on the path.</t>
        <t>The complementary control for the Relying Party surface is minimization:
the Attestation Results returned to the Relying Party <bcp14>SHOULD NOT</bcp14>
re-expose sensitive Claims that were protected in any encrypted Evidence.
A framework for consistent handling of sensitive Evidence across RATS roles,
including claim classification, Trusted Verifier management, and
Attestation Credential minimization, is provided in
<xref target="I-D.ounsworth-rats-privacy-framework"/>.</t>
      </section>
      <section anchor="transport-metadata">
        <name>Transport Metadata</name>
        <t>The transport connection discloses metadata — IP addresses, server
name indications, and connection timing — that is visible to passive
network observers.  This disclosure is inherent to the transport
protocol and is not specific to the attestation layer.</t>
      </section>
      <section anchor="attestation-key-correlation">
        <name>Attestation Key Correlation</name>
        <t>When the same attestation signing key is used across multiple
sessions, any party with access to Evidence from more than one of
those sessions can correlate the sessions to the same Attesting
Environment.  This linkability consideration is particularly relevant
for client Attesters where privacy of individual connections is a
concern.</t>
      </section>
      <section anchor="anonymous-client-attestation">
        <name>Anonymous Client Attestation</name>
        <t>The SEAT architecture supports deployments where a client Attester
attests to the trustworthiness of its Attesting Environment without
presenting a TLS client identity certificate, enabling anonymous
client attestation.  In this deployment, the Relying Party's
appraisal policy applies to the client's hardware and software state
rather than to a disclosed identity.</t>
      </section>
      <section anchor="scope-boundary-and-internet-openness">
        <name>Scope Boundary and Internet Openness</name>
        <t>The IAB has issued a statement cautioning that using client
attestation as a barrier to access for otherwise open protocols and
services risks undermining Internet openness <xref target="IAB-Attestation-Risks"/>.
The statement distinguishes services with intentionally restricted
access — for which client attestation is recognized as a valuable
security measure — from openly accessible services, for which
imposing hardware or software requirements on participating
implementations is inappropriate.  SEAT is scoped to the former
category: the use cases motivating this work involve confidential
workloads, enterprise-controlled environments, and TEE-backed
services where access is explicitly conditioned on verified platform
state.</t>
        <t>The IAB statement further identifies the disclosure of vendor-
specific hardware and software information as a distinct risk:
attestation evidence that reveals which specific implementations are
in use can restrict access and enable tracking in ways that undermine
the open internet.  Protocol designs building on this architecture
should minimize vendor-specific claim disclosure consistent with the
Attestation Credential minimization controls described in this section
and in <xref target="I-D.ounsworth-rats-privacy-framework"/>.</t>
      </section>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <t>This section enumerates the security properties and considerations
of the SEAT architecture.  Security goals state outcomes the
architecture is designed to achieve; they carry no normative
mandates.  Security properties state technical characteristics the
protocol is expected to exhibit and may carry normative
requirements.  Implementations <bcp14>MUST</bcp14> also consider the Security
Considerations of <xref target="RFC9334"/> and of any protocol specification that
instantiates this architecture.</t>
      <t><strong>Cryptographic Session Binding and Relay Prevention.</strong> An Attestation
Credential presented on a session <bcp14>MUST</bcp14> be cryptographically bound to that
session and to the endpoint role in which it is presented. This is
achieved by binding the Attestation Credential to an Attestation Binder
derived from a Session Binding Value that is specific to the session and
cannot be known before the session is initiated. Consequently, a valid
Attestation Credential from one session cannot satisfy a Verifier or
Relying Party on a different session or from a different endpoint;
a replay carries a Binder derived from a different Session Binding
Value and <bcp14>MUST</bcp14> be rejected. See <xref target="channel-binding-pattern"/>.</t>
      <t><strong>Split-Deployments.</strong> Because a compromised host could attempt to
use the Attesting Environment as a signing oracle by substituting
the attestation binder input, the architecture relies on
cryptographic binding rather than continuous state monitoring.
The Attesting Environment <bcp14>MUST</bcp14> bind the Attestation Credential
to the private identity key it holds to authenticate a connection
(for example, by including a hash of the associated public key in the
signed payload).</t>
      <t>The Relying Party then verifies that this claim matches the
identity key presented in the transport handshake, preventing
an untrusted host from successfully substituting the binder.</t>
      <t><strong>Key Non-exportability (informative).</strong> The specific concern of
demonstrating that the Subject Key used for transport authentication
is physically confined within the attested execution environment is
addressed at the RATS layer by <xref target="I-D.reddy-rats-key-binding"/> and is
not re-specified here.</t>
      <t><strong>Evidence Freshness.</strong> Evidence reflects the Attester's state at or
near the Evidence Generation Time for the session in which it is
presented.  Per-session freshness ensures Evidence from a prior
session cannot be replayed against a new one.  When re-attestation
occurs during a session's Lifetime of Connection, the re-attestation
Evidence reflects the Attester's state at the time of re-attestation,
not at Connection Establishment Time.</t>
      <t><strong>Evidence Confidentiality.</strong> Evidence payloads <bcp14>SHOULD</bcp14> be protected by
object-level encryption to a key held exclusively by the intended
recipient.  See <xref target="I-D.ounsworth-rats-privacy-framework"/>.</t>
      <t><strong>Session Resumption.</strong> When a transport session is resumed, previously
obtained Attestation Credential may no longer reflect the Attester's
current state.  Attestation from a prior session does not carry over
to a resumed session.</t>
      <t><strong>Directional Endpoint Binding.</strong> Distinct Attestation Binders <bcp14>MUST</bcp14> be
derived for the initiator and the responder from the same Session
Binding Value using distinct inputs.  Evidence produced by one endpoint
<bcp14>MUST NOT</bcp14> satisfy the verification requirement for the opposite endpoint.
See <xref target="channel-binding-pattern"/>.</t>
      <t><strong>Transmission and Verification Anchor Soundness.</strong> An Attestation
Binder may be included in a transport message before peer
authentication is complete (the Transmission Anchor).
Implementations <bcp14>MUST</bcp14> ensure the transport protocol's integrity
guarantee covers the message carrying the Attestation Binder; for
example, the TLS 1.3 handshake MAC (the Verification Anchor)
retroactively guarantees the Binder's integrity at handshake
completion.</t>
      <t><strong>Downgrade Prevention.</strong> Two endpoints that both support attestation
cannot be caused by an active adversary to negotiate a connection
without it.  The negotiation of attestation capabilities is protected
against suppression.</t>
      <t><strong>Dynamic Verification Code Integrity.</strong> When client-side attestation
verification logic is dynamically delivered by the endpoint under
appraisal (such as browser-based JavaScript), a circular trust
dependency exists.  Unless the client's execution environment
enforces an independent, orthogonal guarantee of code integrity
and binary transparency, Application-layer attestation cannot
provide security assurance, as the Attester may serve malicious
code that bypasses cryptographic validation.</t>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>This document has no IANA actions.</t>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
        <reference anchor="RFC9334">
          <front>
            <title>Remote ATtestation procedureS (RATS) Architecture</title>
            <author fullname="H. Birkholz" initials="H." surname="Birkholz"/>
            <author fullname="D. Thaler" initials="D." surname="Thaler"/>
            <author fullname="M. Richardson" initials="M." surname="Richardson"/>
            <author fullname="N. Smith" initials="N." surname="Smith"/>
            <author fullname="W. Pan" initials="W." surname="Pan"/>
            <date month="January" year="2023"/>
            <abstract>
              <t>In network protocol exchanges, it is often useful for one end of a communication to know whether the other end is in an intended operating state. This document provides an architectural overview of the entities involved that make such tests possible through the process of generating, conveying, and evaluating evidentiary Claims. It provides a model that is neutral toward processor architectures, the content of Claims, and protocols.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9334"/>
          <seriesInfo name="DOI" value="10.17487/RFC9334"/>
        </reference>
        <reference anchor="I-D.mihalcea-seat-use-cases">
          <front>
            <title>Security Goals and Use Cases for Integrating Remote Attestation with Secure Channel Protocols</title>
            <author fullname="Ionuț Mihalcea" initials="I." surname="Mihalcea">
              <organization>Arm</organization>
            </author>
            <author fullname="Muhammad Usama Sardar" initials="M. U." surname="Sardar">
              <organization>TU Dresden</organization>
            </author>
            <author fullname="Thomas Fossati" initials="T." surname="Fossati">
              <organization>Linaro</organization>
            </author>
            <author fullname="Tirumaleswar Reddy.K" initials="T." surname="Reddy.K">
              <organization>Nokia</organization>
            </author>
            <author fullname="Yuning Jiang" initials="Y." surname="Jiang">
         </author>
            <author fullname="Meiling Chen" initials="M." surname="Chen">
              <organization>China Mobile</organization>
            </author>
            <date day="16" month="June" year="2026"/>
            <abstract>
              <t>   This document outlines desirable security goals and use cases for
   integrating remote attestation (RA) capabilities with secure channel
   establishment protocols (e.g., TLS and DTLS).  Peer authentication in
   such protocols establishes trust in a peer's network identifiers but
   provides no assurance regarding the integrity of its underlying
   software and hardware stack.  Remote attestation addresses this gap
   by enabling a peer to provide verifiable evidence about the current
   state of the Target Environment.  This document specifies a set of
   essential security goals the protocol solution must have, including
   cryptographic binding to the secure connection, evidence freshness,
   and flexibility to support different attestation models.  It then
   explores relevant use cases, such as confidential data collaboration
   and secure secrets provisioning, to motivate the need for this
   integration.  This document is intended to serve as an input to the
   design of protocol solutions within the SEAT working group.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-mihalcea-seat-use-cases-03"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="I-D.ounsworth-rats-privacy-framework">
          <front>
            <title>Privacy Framework for Remote ATtestation procedureS</title>
            <author fullname="Mike Ounsworth" initials="M." surname="Ounsworth">
              <organization>Cryptic Forest Software</organization>
            </author>
            <author fullname="Hannes Tschofenig" initials="H." surname="Tschofenig">
              <organization>University of the Bundeswehr Munich</organization>
            </author>
            <author fullname="Guiliano Lehmann" initials="G." surname="Lehmann">
              <organization>University of Applied Sciences Bonn-Rhein-Sieg</organization>
            </author>
            <date day="18" month="June" year="2026"/>
            <abstract>
              <t>   This document extends the RATS Architecture to consider "coercive
   uses of RATS" where a malicious Verifier or Relying Party uses RATS
   protocols to extract sensitive information from an Attester or a
   victim Verifier that it would not otherwise be inclined to disclose.
   This over-disclosure can include revealing sensitive measurements,
   stable identifiers, device fingerprints, vendor information, or
   conclusions derived from Evidence.  This document defines a privacy
   framework for Remote Attestation that identifies this threat
   surfaces; classifies claims produced by Attesters and Presenters;
   restricts sensitive Evidence disclosure to authorized Trusted
   Verifiers using confidentiality protection; and describes privacy-
   preserving Attestation Results based on data minimization, Selective
   Disclosure, and Zero-Knowledge Proofs.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ounsworth-rats-privacy-framework-00"/>
        </reference>
        <reference anchor="I-D.reddy-rats-key-binding">
          <front>
            <title>Key Attestation for Entity Attestation Tokens (EAT)</title>
            <author fullname="Tirumaleswar Reddy.K" initials="T." surname="Reddy.K">
              <organization>Nokia</organization>
            </author>
            <author fullname="Hannes Tschofenig" initials="H." surname="Tschofenig">
              <organization>University of the Bundeswehr Munich</organization>
            </author>
            <author fullname="Thomas Fossati" initials="T." surname="Fossati">
              <organization>Linaro</organization>
            </author>
            <author fullname="Ionuț Mihalcea" initials="I." surname="Mihalcea">
              <organization>Arm Limited</organization>
            </author>
            <date day="7" month="June" year="2026"/>
            <abstract>
              <t>   This document defines an Entity Attestation Token (EAT) profile and a
   new EAT claim that convey the subject public key and its protection
   properties within attestation evidence.  Combined with protocol-level
   proof of possession from the surrounding protocol, this establishes a
   cryptographic binding between a private key and an attested execution
   environment.

   The subject public key is conveyed using the EAT cnf claim defined in
   [RFC8747] and [RFC7800], and freshness uses the EAT eat_nonce claim
   defined in [RFC9711].  The proof of possession of the subject key is
   obtained from the surrounding protocol, such as TLS certificate-based
   authentication or CSR signature verification.  Because the EAT is
   signed by a hardware-backed Attestation Key (AK), successful
   verification of the EAT signature together with protocol-level proof
   of possession establishes a cryptographic binding between the private
   key and the attested platform state.  This mechanism addresses key
   substitution attacks that arise when attestation evidence and the
   certificate private keys are validated independently.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-reddy-rats-key-binding-01"/>
        </reference>
        <reference anchor="IAB-Attestation-Risks" target="https://datatracker.ietf.org/doc/statement-iab-statement-on-the-risks-of-attestation-of-software-and-hardware-on-the-open-internet/">
          <front>
            <title>IAB Statement on the Risks of Attestation of Software and Hardware on the Open Internet</title>
            <author>
              <organization>Internet Architecture Board (IAB)</organization>
            </author>
            <date year="2023" month="September" day="25"/>
          </front>
        </reference>
        <reference anchor="NIEME2021">
          <front>
            <title>Trusted Sockets Layer: A TLS 1.3 Based Trusted Channel Protocol</title>
            <author fullname="Arto Niemi" initials="A." surname="Niemi">
              <organization/>
            </author>
            <author fullname="Vasile Adrian Bogdan Pop" initials="V." surname="Pop">
              <organization/>
            </author>
            <author fullname="Jan-Erik Ekberg" initials="J." surname="Ekberg">
              <organization/>
            </author>
            <date year="2021"/>
          </front>
          <seriesInfo name="Lecture Notes in Computer Science" value="pp. 175-191"/>
          <seriesInfo name="DOI" value="10.1007/978-3-030-91625-1_10"/>
          <seriesInfo name="ISBN" value="[&quot;9783030916244&quot;, &quot;9783030916251&quot;]"/>
          <refcontent>Springer International Publishing</refcontent>
        </reference>
      </references>
    </references>
    <?line 853?>

<section anchor="integration-patterns">
      <name>Implementing Transport Integration (informational)</name>
      <t>The Timing Models of <xref target="timing-models"/> describe when an Attestation
Credential is conveyed relative to connection establishment.  This
section describes two structural implementation examples by which a
transport protocol conveys an Attestation Credential to the Relying
Party without requiring the transport specification itself to encode
RATS semantics.</t>
      <t>Depending on the conveyance model, the Relying Party either forwards
Evidence to a Verifier to receive an authorization decision
(Background-Check Model) or validates an Attestation Result directly
(Passport Model).</t>
      <section anchor="extension-based-conveyance">
        <name>Extension-Based Conveyance</name>
        <t>In this pattern, the transport protocol's existing identity or
authentication structures (such as an X.509 certificate extension, or
a comparable protocol-specific extension point) are reused to carry an
Attestation Credential.  The transport stack itself remains unaware of
<xref target="RFC9334"/> semantics: it recognizes only that an extension it is
configured to process is present, and delegates interpretation of the
extension's contents to an external callback.</t>
        <t>The transport state machine suspends progress at the point the
extension is processed, invokes the callback with the extension
payload, and resumes or aborts the handshake based on the callback's
return value.  The callback interface is transport-external: it need
not be specified by the transport protocol itself, only supported by
it as an extension point.</t>
      </section>
      <section anchor="structured-payload-conveyance">
        <name>Structured Payload Conveyance</name>
        <t>In this pattern, the transport protocol defines a dedicated, opaque
field for authorization-related data as part of its handshake or
key-exchange messages, distinct from the identity structures used for
peer authentication.  The Attestation Credential, and any associated
attestation-specific protocol elements, are carried within this field.</t>
        <t>The transport stack extracts the field's contents and passes them
to an adjacent component responsible for <xref target="RFC9334"/> semantics,
without needing to parse or understand the contents itself.  As in
Extension-Based Conveyance, the transport state machine halts
pending the outcome of this processing.  The distinction between
the two patterns is where the extension point is anchored: an
existing identity structure being overloaded (Extension-Based
Conveyance) versus a field purpose-defined by the transport
protocol for authorization data (Structured Payload Conveyance).</t>
        <t>Both patterns satisfy the requirement that an Attestation Credential
be conveyed prior to the transition to application data exchange; the
choice between them depends on the target transport protocol's
extension model and is otherwise architecturally equivalent from an
<xref target="RFC9334"/> perspective.</t>
      </section>
    </section>
    <section numbered="false" anchor="acknowledgments">
      <name>Acknowledgments</name>
      <t>The authors wish to thank all SEAT WG participants for their
thoughtful input and contributions that have helped influence
this document.</t>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA61923Ybx7Xge31FD/UgUQYgyY4nMZ34hKJoW8eWrBHpKGdl
nRkXgALQZqMb6WqQhiVl5RdmrXmZNS/zLfM035EvmX2tS6NBSifDlVgk0F2X
Xft+q/F4bLqyq9xJcXThZtvWFefX5dzVM1fYel6cdp3zne3Kpi4uW1v7TdN2
xYOL89PL4+K0na3Kzs06eO3I2Om0ddc4DnzZ+25mO7ds2t1JUdaLxph5M6vt
Giadt3bRjde23o29s93YJq+NHz82fjtdl97D9N1uA88/P7/8uijuFbbyDUxV
1nO3cfCfujsaFUduXnZNW9oK/3h++hT+aVr47fXl10em3q6nrj0xc1jLiZk1
tXe13/qTomu3zsDCPzMwbuvsSXFxfga/3zTt1bJtthv8ALb0Bv4u62XxDX5m
rtwOHpifmGJctG7ddACwCCz89PL7C/wHZlogRDtYF/yx3mw7GAW/6QJAPYK+
7Hbm2tVbWN29okhmxj95+/kS4OO1LauTAkH3x9J1i0nTLvFjBONJseq6jT95
9Mj9Ytebyk1g8kdvvjEwdtmttlOAX1f5cbLqR3tncARPVxYfgKd1vN5bEx5u
Ujb77z/iA977fLLq1tWRMXbbrRo4lALAsdhWFWPFS9utbG1dVbwuu1/hywLO
cWnr8leaENAgnjt96xgORwiDP9YAyV9xs0e9YS9Xzdr64uvGexjnI4aFNU5o
6CV+MDh02W7XtnL+xrbFazef7waGf9lclTYb+Kqp513ZHh73eVNv/+//Kl6U
K1vNnB0Y9LRd5yCAN7rJWl74o23XPK6pm3YN71w7hPbrr88+ffLkC/n1d09+
+xv59YvPPqNfn4+fhUH4+LbejWfWO39iDFJxMho+3GxrDwTRrcat7fx405bX
drYbL1rYB1KSPtcicPgZIKHxFEgYMJq+PX06TvjN+HXpr/wJbU5ZFDxSXMDX
bg1HVABP6lauoOeKZpExK/jzoll0cBzMyL617Zz+kJd+gHOG8+5cW7vuiCYh
xlB8+vjTz8aPvxh/+jnPbNul6yItwUMW6HZ25dqJUtwjYGePvC5rXNrpOP4F
G4H5xi0uctwsUsLBP70scgyLHK9kkfpSA4scl7LIR7SeSDD4M0ZkOAn7yLhu
8bSB4YoHALNjePzl8/MX57C5JyfFsx+eT548hv89/u2jL377uzHs97PH4y+e
/OdPPx8/+W9PHhszmUyMGY/HhZ163G1njLlclb6AnW4J9nO3KGvnAbZFQtfA
4cKBF4AixO8ajyzrNfFIc3oZz2jTNjM3h6VeFA9en15eHBc3wEmKO+SQ6cuh
SQGU7eLS8MFpVfoVLI+Qvip/dfMCQLQu66ZqljuDS8N3RyBIymXtC5y+aBsg
4KJrEsYMzGDTwAl4kCTbrsItm67Z4CjlDHa7weNsYQAcMTlagE8FxNHuAHVh
1uWomMHhAiBdC4uBMWDBCtti1u42XbNs7WZVznTIYrorbuDvVQQEwH8KZDbH
JVqzhPHrZKkgZ2o4BGTIhg9vXc7nlTMgEABB2ma+pW/h73vFucIIj+ay3foO
JLNC/qxZr7c17A8f98Z8VRydxSXuiod4TACOwu88YHmBGLpE8fUQl1iVV7DU
+hpAgYPDsBbEIWDJugHaL2bAIGH98A8AZ93UbldMXXfjYC+2mMFCmrVrYZBr
fRkfnU8Rl2GUafML4YMtNq71COcGn5tuPR6NR+qGryxg3xRAtpocma9g+f/4
+/8ovnG1Ky42dgEnNTdvT4o/WA9wfW8Qn0BvgK3CeXqGABwWALNCDO2aWVPB
8fstHAVIj4h939uda82FiO7iAcj74xG8Uq5tW1a7iIeoYTCAcdmuve8LVgi6
3aRAsjIANhDwiFHwngVycteIsSsQ88tVsXa4ntKvBbi2eLWFgWfFd25nntdA
cYBIWyb6B6++ew6ruFk5ZHw8Mwx15tquXMiRFqfERGjRZ6fH5rqBvTnGYURM
4cnJuWx4PmDYDP1aNrAo4aweuMlyMjK2WDW+Q7F1DAj4bXMDe2hHMCBsbt0A
PRQrAB8cJ6AB7GNddiLBFBbE2/BXXqUB4CPmIxED4D1wF+IGU8Q8XKaCkpgf
nh3y3IL3YAJOoiQoO18oo8XHZlfAM06JObUN6JcAIO9aWi7CoKzhGZhrBHpr
Dc+XFWKC88hcbHENLGNe/Hny+eMvilkAK7OpqUMyRLwCVDdHAv0jpGXYeFXC
CMStACRLuwHmUzU3PltHYDhAJAZEet3B/wvg7cRS7WyGWI5TIQQYr2CD8EfZ
EkAAU4XhWuOBtdHq6qhhFiiIEBVR54bZrsu2qZFt+gkxBuSkr4EP4qjMsjPe
a/Y/Q94NGAdnC2c1a8sp7KIUyYxcNVX7zNu3omO8fz9CZmEjcuPrsGBH7G2B
MO8ETgCy16cKLGAmgi4PcIojXolrj47xvQ2xOVfAWcLOgfzgCeWfR4I7gA0G
gNHicbZbGGvtGHf0aALDnTUwjqet6DSAcJdnT0d4BIQdoPkiCs6q7dzBXiyg
Kcl9r3i3KNs14h0IEGBZlngi800exG42ldLlDMiEIHnjYPuWZyb7Ybltg16D
o6qmQENE1NZDXoDCBgvxQpvK1qZN09FWt4AmazjJdgesp6lo6GOiiaPXrtrh
Gl/ZttsdFbxHYAKg/vGBKHRgQ4sOvkBhQPJs5aoNri9ynaM/0THA4YxIZm02
rS1pnBSghh4n3ZGYOCDi050IFYYXnD78CQP0+XNgsST4lVuPEPcdwG1ezOFw
ay+Ao3lAFvTmg08QE+dzRj2kxorO0LRuua0sE1aPOymuKFbyM/D62l45MWtE
RwfEnpW4BhDfFmm8hlP4mSgXoLdqCBwN/KdFyQWnV8LpTLedQSOXn7GItUgv
cp5wKKcvnoEK86fxxctXYx6WWRiidC2y04MsNVd1c1OjcmtnDlnlMbEPEBA0
I7FGYpy4GWAvG4SoY2bwatsCM2HWdjED/O1rgSWz3xpBZ0kZLOsNsmfeFFM0
gl6PBnC12pJaQXgjfILM6xuxbcnwJVxEcbNsgLOXpJWxygmH8tdtqURGaleh
g8JglhZllzXIIpBYiDTA5/wGjgA4oUlVNOBJK9YHFayXgrevgCLQwCleADdB
nfDB5asXHpgcKtqVuXz255HCf4QGWHF2djoqXDeboOj7WsSoR4gxd8YlJWxw
xNwbFFKwLVWfOMKFA5XNSXa1iOJLB2exY634SFA/eR4217oFo11OGGaYMITH
/whHeoaWHB6nI8omww7ENFh0THJ7a0bXiBwB8nfg5LeYiO/fI892do7sk16E
E5t1pNOgYiKahkFDF4QQIFNkb2CCV82O1u0BY0GXaoAe0lNnxgmb2qD4RZUd
j103SYhUHMQshLL7ZUOrMQg4mNgvdggZUHxBba0ZPRHnn+F2S/777b15/Os9
Qw4RFJ1Avjh68ePFJXqd8N/i5Q/0++vz//Lj89fnz/D3i29Pv/8+/GLkiYtv
f/jx+2fxt/jm2Q8vXpy/fMYvw6dF9pE5enH6b0cEh+Loh1eXz394efr9EW86
pU8EPexx6lhLAiWmI0o1mah+evbq//zvJ78p3r79T+IXeP9e/kDPAPwB3KLm
2ZoaEZL+BPjuUHw525JuC0c5sxtQ61BdBm7gV8h48LwBuA//gpD595Pi99PZ
5slvvpIPcMPZhwqz7EOC2f4ney8zEAc+GpgmQDP7vAfpfL2n/5b9rXBPPvz9
v6CJWIyf/O5fvjKMI4sGJQSRFNA7UwNS+d5hoUShJzIiC+pSfJHYASI3qBvI
6X1i8QqBfUnUlSAsoACsAhAfmTXqyMQRyTKGR5HH8+rUBAhcBh2lHbw26bN+
O282qKXSayj10Y0pNtJPgG2tHf9EGPMTiJBu/JOxqOjSxkAbfvs2+COAV8DY
5GZ5dHl+/o+///enZOSCcVM8+KmbfvfT8Yk5KU4Bw/xuvXZdK5bIxoLOe0OL
J29TxwSJOiPYesBQHFqMuATVo1G//gVUNQ+ms/BV4RM8f3Ee9WF4VYVtAcs6
npBqTOtRRk3SJWoFuV7zj7//Tw9j7LsSigcIZPHJgmqGSjoxXIce48RSc6Q9
oSNxDVqKXYJdFVVTUXQJmHFaHCjfAxGZ6qc2mHYioGk7aK2JOtkD/ioAv6ia
egnfolNj/oEHAfonmm+wCNC68dcDkB4lti/ZyMFXp7Y17oMkcfHg24sXx4S/
YECiaoaKsKtF+ylnTo4JV44nkFpoMEowKUWxFm6PKoYaoeHQ37gp2NKA8Ig9
8C7ZfawpK/gyXXkC2kEivLza4PAqcMK2C9DLcIhVAVpvAQxG/HuqJOv5DJ6u
HJJ1cki48d7JEJbegSEoA1FLU9RiCKrmzkozA4ymCl4J8uqc1/Om9eyOBd2j
FBUsHmgLJofnYw02C5ie24UlraJF7EAVbu7w9ABGqqoVZ6dyljSrkhyoeki6
PXeb0DnypxL3OOuKBVjUpPsFOBBvC+TYU+cVxqyGvHZ+WwUAt3cD2CYAY3jC
kvZH9LylDG+KNZoCwCQ9mvbItwv0kQD1bBohVjLzbT0DzAgcmpYF4BCdtyNL
7Vo5Bj4RXSDks9H9ik8E9DFH6Di0yhwaZ62T+FWAQvLtxu6qxs6ZnHZ9fGOA
JMQCi+Nt21nb8IaHnZigfWEsBgHQRHcCAQcnImcQ+5VKsk7F1ZQsx5ee7XBX
kq2jGI6s/amdUXCvno/PVm52hQzGVcRa0Ljax4UHr6znNfKTExjljXjZgre/
IGse+ItiMdFAh1acQ5OOTL9g7o3ooFKhuvXCm9BXGgYhITtBP+ybVVm5zCGc
yrMg9vaOAPXlr4ZOmrSK7L2IyaNUiYbXs1NCnWCUTNLHFLLCqhu78+o6c7iE
/sLYLmAY7XHUAt0vbEpl1k1AT3Rs8kcspNKAKgWNcQfsRAcaqZwlm9sFUQzw
R59kkKUBsERT+NWU/J/it5izChzGxKeQBybHkbny6fCDx573wcsiRYk5JdG7
zIABYtgO4Aho7C2IErsTLQMAtQBLj4wiGUO5GXzckqbTe0432SPmS4pHMBIr
OQPyAtRg9taxL8ivyk1w/yZkk5AeQiJSa88Tgz419ZAocsPrGjTqbhqJizAF
ewphgcb4LYzqV/Yqxyqc6hUqkTDE4BMT0BQc6JQ85pjHJL0ynM03jOMCAac7
Z40MzkGwpE4dfWeVLdeeYheuiL5J9TFGgbnHqYJPWkxPUoIWGeoz8YT1gSFf
ASiZ+uHoAYlR2pFnJqAJuSrxAUAp1zKl8CKLG+REYP1WbGaz1rsjfgOjqfMa
dZHabkAfIbdxOjxqpCA21w2HVheZYup0qximVVMPEHGEggc9XuSkDxPJsQVP
feLrK+KkKJwxt6BldDHmLKLTeYZOt51YYqogNSt2sBevc9FZrnQzdfCdQ3WC
3MOkSUQfrKE4sEW+Sg4YWNb35cIR5AEocYlhPcAtmzmrG4c2AIPiFgp0NlfZ
Ysiz1WIY6wZdioTlcROtQ5RPhS37kGH1c1CM5XCG1zdi1yRL3MjYGsW0vldb
PeJ8PDDJingvuvS67NhuPaUJRgjSGHcAU4g/sjYSGB4segFYk4Q5ZWukX6aW
rcAM1jq8Y5i7z0XegLnT3OgaiCpBjQ/AG1A70jnZxVkPhGGDrpOYkOHYosFG
1Lz2rrpGUgHbqAnaEM1dsh+ySRGQ0A9XERGQsOLOTUVHw0G2vLcXmCfdzaAQ
3lI0aZNjZvDnFml0Umyn81+EfZ1GHRushCKntHFF8dO4U4/O0wshjKdiqP7J
VlvH0v0afx0BEZV/3aK6M3cc0le9JapLCUcQpBkxgfLuU9mC8wQnJZAyaMTk
e5Z1wAjZSoipgnCWgCgaom7WOsyH6IkAyRLYfQlD3IhbWpyYZKgkarsIfHbU
T90Cdb+cSeA5oScHlTRYHks70YY0hWYsiQMk9/a3yDDMUw0IorptsZiK3gnA
1LxzFvjrddl1jCq32ZUcr2HOEX0WrJpzzFsmx8X7XBRyoEc99uEIi+XWwsF2
DmYn+adWZm9TGCpeb0iLmRhOFpEUwuKUTKhckgj1Bu9xogv0TDiGI8c8yJ8y
l5C+vipUT/gzpYeRPBhhOPFPJHPHiyJAynkPhJj43FWQwV5YMdcYfr6XuAYN
p4b8kcwWZEXEZksY3mTCenMNR8zLQ0qlhvx53yGZ4bq0MO2L0zN63WYGuBg9
kb3Q6mZtuemUp6h77GugA1xS4hUbccyfvRI9PpWjhnq/JGOhOMSpiBEBo+pw
3+LPYfpJghOJGXDYuRIj9cEywfQD8Y3hGInC/gtYORIHJvvKo7p1OfA2oeAB
b9qX+XrIRxPJMnNpsudBHAH0WqpqBAzmkB7m0CQ5KsOHBSbTqiDvpsAVfSTw
JoxC3GUIFIwYGjImcbawM4pAUiYCa3Dn6J0rNWRFYZ0sOrUGrZZ1Z3ol+tCL
1IeOvpkOhsNkoriOQDxOJpGMMr+depaj6j/XsEnhAK8NTsUWYRct/pjopWe0
ZzdPeBNo3dIeAGtoQ0msM+YORZMkGLvBMgM7yiRrfvt2US5B+ULbh6IvPpAN
rjLNcSMCbClPq6muOdjApBqCf7gaNnhhJAr28OHA3mADf/vb3wpr/fVSMhEP
/EzG8jMxgx/LzyfRffZJ76vsxXf98eGDv9j2u38f/O7WN4v7OsP9va/uePOW
n3/mzQQo75L9F8XLBsSiBPn158DD5l387pMwAK5kIHGnOPAwDoJfRaYGf/9+
3D8ZPbvxV+96KuO7OEjKfIp3GUz+aw9U97Nh76crwVN2dMr9Qd4Vw7+ngOXB
P+kP/vGD4LdnbGPvP/1O4HW/vmuQazXahwYRAXzHSnICmvyHtvMuJc/iLsAO
zMiDvCMGQ/oLI0kC6BxlvsJxwsMyo6wko0ZdieajCtsr7sKTv3TT74pHxWqK
qPLu0ObvgEn/0f/gICKZ/5lBbqGdDxxkCFYfN0g+QDrQwM+Bh1FYYMbtPRVP
GCxGz9iYsq//cMSJSUec5v+HoyDv8vM/ek/ZK+qzYCEaPMnilUuy90K2X8+3
Afo2lf+IlZA7vSfk4BoU26PMZYLauQ2JmSG4i2qShBvw6TPK+ZSkVNgPZWiR
KkUpKxz0Aa0mSPm+HfVAY+o2ZCedBz0xefDYzOyGHFrouiO4gZomDsHET4jy
PPHsrTmbAGydVPUDrW2Sg/e+39PbsljqvuLIaqMRl8Lw5jR6FRMuLRrAmc/c
BMVK7EA+IbBTewr6aFC7JFXZDKvKQTsPSmfUrPaHMvr0AYPXa3oiWFlj0BI7
sk1pK7YFeLLRHp+QPGH2t5PRDttab7utrXqVBCGkPILhJPdDEEvXxJhlfLne
VqDgumbrKZO8Q9TRQ0Qd8Ry0vICt931iKOTWeyiESuJKCW0NRTU4uSzTBBiJ
cuWASY9LRwbibLgjDIOZstN0yuJQOmX0MA+XQdxOyfmyshR88nlrkKjZYEZ1
L71DiDjQNKZEZQdDz/mR5qPLx+ExeU0eY9ApD2KoBY1Yw09MaZSGIDHcrERG
GeBAINtLenZiE12Ig/A3lOitBpJQffTOYvympUIT5JJwYOGbV01VzjgQHzKC
DVIABQ/abTAzgpvOq/Mx5gwwP3rtyAKeOUOeJnbGqa9sJG8J/yKTFR1wHGlg
A4XdQehlQ8Y+l5SnnsNWsvLzJFficf09BZcNJ15zbium5moMR4+GcnzS6Dz5
OP2WgsDilexhGXAuEyl6HJjbGkUcSJ83iCCHArUaqBwZMsdSTz4QAoY1yLkD
0++Yv5OMwT1xRUYabrJU8pHuRjzInkKkslOM1FHYvR9098WDiESfZ0h0fGLM
cHhdvVV7DAGG3kuzT/2B6TLFqyJuCz8ILABz67ptW4slH7bIR0tutXHVzCjo
HfLpsmWNlAqI0QdUqjHBj8pEyHNNSVwxYlFw4lv0jahvm89CcBolBRxANcYY
BgzTMudLPL+JB7/EEoJaatgAuyQCxPnWUnlMTlJOfzImz1NQkAe+pdBGvSh3
uUoVcwz/N1NMmvPDmSwjYTpEhl6SCBX+wykfwYWJBV5NcHIy3ILASX1sQFOw
qROqGtLzimOEYJi4g2HGYbyTeqgUYhlGyEAyjqhvhOawZPaqkN/k/fuirKot
lu3htKuUovrV8gqKBZCUiQtEgtqjpdyfMrwHw/Uuw6RziFa+lMBxD//vxn7E
NIbUsYH3U5MuTrbnqznw3ScmWsdoJWYWYc9zkH0Xlv3OfLCBCzZo+Elf6e8i
/uzvApY6eU0utWwXpshpS45kj7QOnUZGMeJFZ9pHAAwhz1BA7gMP5FagHwTs
BwLvAIDS5/V0BrYVvr02A9CnFfWwYvC51KoUtybbj+ToPItE9oIFlrrMgzZ4
xtog2ZVSBMvnyqnO4vsNTl/NVWOneUyUSeJ6qefWDHhuRRyxQl3JWJzEBhI0
9VSraP2tkZQy9uvvu6Q1kRu4L2jMt+Vv95Vz3vKQik5KFi9Ok5QOpnmFAAIY
sbMZlqmh4ZmlsyRCnSxwVemY5VPRLkojmtDIKWU0I5/tJ5vqdgetmMnBrdm5
FvzCUqUABJfgqgUndd22YZ8bP8G3IFHKYNyXnEHGwV1Xm5DPJXHWuzK69p4z
IaNLa89CUWzp1RwPuX8h3UViXiEwmNd+3BJGZoybkQjSsDeYyU27plnMgA3F
IIR9AEa7pe1iTkHUKqbbJO5tWJUfh/BobnmKFpoZmIGlCfp+naZs9q1yLn6J
BX87VnXialA+RukoxgX5UbIoTKjgpuWI/wSDW/j+8NScyzmULsanx/V2GN3l
gCbFweohJGc8GEyfRlinKe42VHZziIfNy+I2L8x9wh0tpcJMUYmHg9VHyCUl
p30H0S2OMpOZeNGc4iwTi7UEFP5M1GoGrF2nrEsCvGRDL1w3wyQgsHOwbcaU
qq13OasICTaIgKSSm2DJ5hb2HaxvZa9D8XyeExm0pWCNYEoENhIiBTJ8jb2F
gMVci6FOLrJBJwaB0bDOH3SysMx55t2iDJJkMYhEiD6zsjsx6aLgSKlBBfGF
xG7NtgoPNTe1KbXaVcta5VR71kBvKb2xDLPVfi1MxsTJnG7XUaLE1Zpb3QrB
fgeqRxfKoMIKg2D2TFYcKgYVG/xsoO0OsHXywGRpDFjxl+eTMrpI3qrsSFWM
XveZZGA5smvVBpO4czQT2TUTDIRDqRVeK8fMXnkmrH8vCxWRvwE7f9R3tSXi
rEecRkzZ4UQ64jaBjDudJKSuUUaX+lsHs9bQy8m4OMtEaiwq35cqFvUIS64V
OE9ggXN1DuZVF1l5eeS2g/PZesBNNjS5wzQlsvZgSrtEe5hjCkg7g2g7XE8B
VEW+W0mbxbY5g/wgyKC1nbvEJWAyb3SH32PmAInkNbHnXgohdVGoCOL37t2W
Xm3M6UHsSJMD+6n7Dx8yrjx82Fvf4azwofTCmEFpIj38E/mTJk/fLX7cNDWr
qJvBA6YmRF68qwfKXoY0SVVihYCYPao9bYe4+cjkntxU+qE7iNO7OXP7Slor
pThiAo4knqKPRQuToUWPRv+/YIVdwL+IFKkJ8hEIkRTM9s/Z7CF5kiUbvVz9
TDZNcKSV7eeIY3qo6XY644FNq7ov6XjzRCnlMofEa8VRLDx/dttFtQBOHBsg
iY4tOGTw+1VTzQeoOKaMZzVX2jkr5rmPED2aLbwu++g9zxlOrEumLBv1BEaG
s2YNNgA1hEpljoi9fskGIT51qJg6rYZdck8JCUqV1P4LhmSEKhnra8t9wrLs
rUXTZqWTLMapBxEyzRJUrDkmv4qzPccinA5gQUp7rPsJ7X+uydsIYpyqLxNk
FLZMolT6lHHifN+Jm0IybS6GGTnoDpZVDWTu5rUGJ4NKWNAkWYciZaVvNh/A
SVVw+twPEZCInLwNfAhwQOxo8FsKicP+YZf0OddeEhyfN5dmoIa1QC94dQCn
EFDofeGjojTlyigENDqCnQOW1KuLCyZAOW21UICrFa6bkpQX70BlxbPGbjhI
KSsuS29qagKmyhd3dtOmOkSHr3RFofpOHCXbsop6Ub+vBVbdYsgGeWgDhwlT
cZQ1xXZSD7+2ZYVv0IYl0T6J4YLCuOAnxvoEZyyk7+FrIvKGdSxjKAS031K0
aNC9kvVNGR6BokPFkJoZ+Qwc3rLVIxqoPwhxi8h/BmK1CMpr2Bwj90EhHPwg
O4dUstyCmXEaVbfW/awlK2jKm558Zs0qPEQRrpoLKG9Q2+N+XKnoUm2Oat8l
uEKZ2gtYVVW4tmU9ds+iiCJLkfs+VliWbDMHOI4XPURARkLQSFpHRDtHn0ZM
ylpxEMdiAZpJtiROkbWLJEsCHUMWdjTRjL60DFoRv2TFhvMz4KCpympRwVam
ZUXeAT7z3UBBBgG8dBLgsZ6raBF+W/SaCfmpC3PuptvlkmFwGNUHbQHB9NtR
fPBNQhQMpfeKjQjUH1Qb1dOohRJsBaCa7/jIvRYq5QKZxR49h86rBesqlH0b
vbfcYMYTypVVSLGPwXxSKEzETeDpVIEqDd4acmZcw6uoBKfFWM22a8vlCntT
/ayF0mqyu2sp3ROM8wzPNjkI3PcBkBJnnLqVvS6bbSt5yFNBcrL3enyF0AVr
TfygXHPYI3bGjizOjfJkN8VeEEOmcNomLZ7IOClGMHsoi2taANZLglbfKIsJ
CEa7Xu3HWEMV3ohDXx5L/DutviW3e2ckuJ5PvtjWM3YmUz/HPSHRLPoQTznp
vHFeqjQ7NNY7LuVG/gOL21d4I4oyb53nZpGgW8CyL9FSJn81CNFtS5vH5Hxs
U1ewPBabmiRcurJ+Jdbbe4c8xVjzt4QhKkLdhZZFJPIztG8guqVv97LvDVc1
UCW/5Q4IVBnO3narkRRt/RZi6cJnW+fS5A8Uc9QCDR7jylXuxlO2nixUfg7X
NVhxlquYHLYxsTcjqWpsVlBMngLliCcrSykrwlBieoeWk+WT3FGTJnZELEvD
RQwvtx+V6CfNhZ6W6Lhn3W+rZaJSKhyr2vIGNcOlHscm1r71nq+1/KMdq+VF
tV7HcgbSmi87BO4DQFSkhhu9q07Jr6V6ZHj7TPhBIeVZk14gqXKgwNXQkdTV
NcFsKaTzBuWC4nqnaYlgXCe7XMPrwPEk8TFW9CHb6MqOAhs6Xxj9PgsYVL0N
tpm0Ghggb7Ii9mDDn7SHgQZSNIyFc1ynhWKJSzQsIqS06SgjEh4mEbzki09t
XGr/2PbOTakx6St00NdI1siBYImnLswoH1JMGDLnta6wX1U40uLEkPmUh+FL
v0cUoVcfOzTmwZ1EzOOGu16qJhFC/2stcnM90w2jKHbJvu/SB5DQiu8K9Y8M
nbpORhk/h6y+0E9j0H8CigE2LPJ5rWbGE/YUn4w5UpQBQ5XaoUUewmj/Uzez
W/Gw9utEAyPiAt1ecuhtPuiwUkPCdprQv4ZBs0LZCABiunuB1InhxiwDq4zs
knnXiBvapTY7BkxAAd5YTNJAFix8vkQxwANzL07mltwy+A5uOTKI2gwY6lOt
qXahKs5tVm5NGvWVo8Nco85OjidtE5K0EkucEKAtRRj7xDnKE3MBlzQ1cYZh
O1JgtpiNvHfOGZumvGZshHShzAyBBCdpZ1cnoR3y8MmalGlZtBm26JsMsjxW
PLo8kzqe8A12vCFOC/OjxktrCf2cehWzN2Joxo42pEmTLgXoFdib7dIZqaI6
j5ZjjNJF5Qw/ZvGTLEIQPO4mL8LkEG/UnplUMZeS9EZOyS39bOt9qGjGYV+C
3sAC1IqxRo0Ab0sc77s+s/wMCskjPVPzbc1Lp9rFUjtGIf0qnhF5gza1l0GQ
alcYIKXeOH5LFgs28twZLfadAKPYNSJO8xJcKp0ODXkHXbYjw8p3sdfplQVu
aPetPc9VcKfKMmjd2qPf24XD2nF2e3RSD3GLqxcFPZgGGINod4ZD+ChLkoSL
u9JiZs224ka/AVQmImVooVbRXig6iM0cfeigiCc8Dl2Of9lUTUlhJLaYqTc2
HlFyJJQZ4CTE0dPUsyQOE5M4JNNRfPiHcjl6YXYsb/fUYXmPXw7FV9jfdJAV
U1UFclnJAKEnRQKQA73i9mXkpXNUa7uXEMwaNA5gWw7UBY9OqEXJIi6JtxGJ
usaWAtHlHM423wi61+d5cJElZoxp7lUUhPZWXPSQpRLvtSAzpFkcjzin6mdy
IISnub2iikblSyAkZqsQ4tR02zB9nPWunmY8NUFafBeIJmM9Y+rQQoLrgacy
luTLcfjy/XtevPjdcAd7mVTqOVwkIh2Nd7lNpooR1yj4gqcQCQGdWyixSzff
I0AZPM/MUkTtudGZ17BfVzcgalDYbFpiQc29hHmyCiodLNBb129hTvosary3
FJPFaVbWwyKv2Z+mNgt1jxYjIOQlzefotKXgEzvJq50E8gYP6+294XMyZvj5
YcvjkG1pYpQDUUzPjVtcDPQxkzwm9lcEVY1MHklAIqSNmwzUc2dKGyVPHu6H
wnbcYVVQN9Tr0pbv45b2LLE5y0hurcDxayrb9t2uSnFKzSuAtTuU9Pnk8STa
N5ke36PjpwOqcsJqzd5Wkd/zDjDIBWaCFDxxCyZim2igUlWJlN/xUCfkkiaz
4GD+4k1JfcHwYpd8nWZonekIB6z6rFOUoeHRwcUor++gWcWVnLF7UPyM9imV
oUmLoHgemTo1EQE71EnQ86jUBRAVVHSTYpEdO39Au7wlw6ZuKARJwY6h7lsm
q1DVXN30NizEm+8xivla2vvLVj3GMEtWW5Kn7+rTFahMriLKrnAq62sLpkfd
DTt2OSJjggNuPwoZPeUchSxyN70Jk9P4811t1xQPtFXIXBxo/EUhZ4PXMFnP
AExr4UKMUiKOVFkr2v2rcPvAxwQGpXV4h+ETw4qxTZxKMyTvlsyl27lpWt3a
54lsepmwQ0yODdJdwFRIeyxlHf10anNnvAPDbbluguqUHGA/hiLHiXKqRHtt
GW7EAjYUEhtdSDKyhsr5WUHpA59CfyC2KTu+0adihNmkhh8iDKnL6trGFjto
t0RbmAVvqGnrLf12Z7qsODY+Moq5kjsj0UoOmpDD9flh5zn7UVn7FusI4UXo
moMo7UDV8C1XrJgMYOobDVA0cl8ZNd0LTGi7aTCRfC/mhQvimCatQRk5294h
ksQl62sSi3y/z36g9cuCFby9SPZ7UpVe8bV+iFuJEcpXiimav5IOvGfJxZel
1gL33XYkLzDxWOvTB5pGau9B8kYQv1o35G/jKwYjvNESwczoflMvPkl4dy8+
218OcjMgXLJZNfhz5XZm5aq8d7yoJOH2E9BUyg2V+D7Iy4hVeT0Gs7aJtkUi
3utOvB7oDagaCpPU2hKXqgZ1aEzOpg7Cg81yOfW503tkEKiSCIpJFOImiLfb
gG1Lk7eYFiTGdT4i4DkVxWM3L9Bw1nrn5AGl3kvN5aFGgvEqBkRhIiSXEIsg
AG2ZupkGvw3fIbdLziVkd5rTvQsHQ1g/icAl08SCPfZ6xa5II8N93YiacTH4
X6A7lRfxfpiknK62S7fWQuSDKkACvVFWrBEuUrnr+kymv3tJ9dIL11nK1WDf
/FD6pSKUR88APUzlKc9fRfE/kmuDDF7chtUXKhxH/Q6/Es+L9S1gAJW+lFKJ
DULqGm1pbojRTHlcH9oA81qQU5HCvGLNL03nzDIvtKE74nv0XKcutyTnOK0M
4Y/Rk3aGMcRK0hnfaOU9BTbSEdJyDo1TCnJgN4US6CUI6BEh4iZkrmrAHhYW
nQKo3a7ZSsCIPVVTGy6QDYKeXR68vsycCMUatM7hwiYBKSD3lfoIMzVW8/7L
GV5fReVYFZhnIHKIRLgVQegKIUlegnJU7gFoALvZkiMrpMuRcWZE7RGIg42z
W4MerG0PsgxSMrr2OrVJrpUvhvLMemszvQKWvpktpSnDMSW5pdKIM5ncINR+
SCYJVz4kBTQjYDKod5LLRPZmZmlLh6xMIsv7HPB+gWYfEz4kk0lbxKuXgga/
n1/plt1WCBpemgEibb5VVISbJNkoojunnkrTEU7p08th8crb6OXAq3RROQPF
BJWWtIn9zG5VqyFK5yAYLzTrE0OJSlMS4JyBz8RA2Xqd5mfhJbbxBiq+sI6L
1T1dRijl22tOPQ2rbWS1oIsMXgyMDJHCFGHZrJkvtxwXCXMQmZKc5qgikYOm
dxhZMnK1RUhO2D9wNv9mDXCKX7X2nvwdU2IOcu2e3P/HoyEXwE1QHxacpOQE
VV7WKE6HJTh8ZWNAAXSQKAZkXvDU30psIS/f8cxbqfAD6JnvNCQSRDcH4kaQ
zeQCbpOb2fHDw1eByaVa1C0wu9Lc4DekOiHtUGZbideAsWZR5XERkSqX5+fj
Kd6hnKCCcAA+Dr6jS319Qc8mzUii26jYyjVtRq1mxeuIE6q2h+tKxeSMwghY
yLXDcrVx7DQ0TIrh0mvF/GAKIhqfZJThQuyZNbhrh6VAjF1hmv7ZwSSGM2BI
PCiWprd+EncicTm74uAyW0hMp0JHHC8jutPLoxMjWG7lu8P6NX5FIQxRXZwC
Kba5JA0pAeRAQuWH6EOqg+5dHxorsI3UAH+MphTuDuqZKsXbe4ciab2yb72W
TlAmEHleLNnLATYS1doTe5Mirgg7a6pRI31buPokk5MkW+KtAxJbo6LcnXjZ
6qYIt7qbNfY17ago/2JgrTwd3XnITZPDfdR4USLPH3Sv5I48qoP9ZVVOyy6k
CunsOnXKolA09vCa4gFUKqDAEiel3O7UO6GeU5Ryxxesdw0meBPyG05wIi+s
30dnvIHu4VkWiez7HLkTETo4X7VOLoaaPHxY5HUwZjARg8x6NdJpu1N3+10g
NsQlOHzJTDkk9Wh4ljlGmQfFJ1pAHAKuaI6GFJxba1gGHcjm9hbg4j5Wrb+v
jSf7MB/pLp8QdVKKHjD6kaYTHOIbLFPrOJZMp7lPST1g0/byyJvBVBEqKux7
o/UUvjTB561eCjvocr/FlW1i83TFC46M4ebv7uP+8CG1uRvHNncecVLzcGx2
dzTevy2RZxxijXUkjdlmF+72lWQSZGoBNcAROCU9ZK5xZsDhBn+s9GaMC4wN
9j2Y4e7bqTIrHiu0IKR+DfTOrmkpofzy4KoZlGW9HwJMkk8EPfVKuqDuk53X
aWC6d4WfTe+CyBMbp7siOgis9LqW2m7vmxlhdHpVuuRbCw8XD5NmQebYiStQ
xSaktGLIkaQshXlFRmTbyDKh8jhjklG9EX6G9fA1VnSIG4PwhRA4zeLIzj4J
ohM2DieoPAiq0bU7Rvy8TNPNxGJEI3ju1lx3FLP0Dqb2HLqqDfOEN6udRq5I
F63zqzjuTDAyMciYJOZI/TJdT4maBqDSfMdaBgBb6VNEEgzCnmZViRCgctfp
w+ALCKFlhMrwZT/7fk7sF2pqvFY18xT2rjAKTru9u65IXJhEXBwID+8FKNII
renx2CxqIXXQ2P/0Bhkye67rIndNGynn0PZod97gwsykN8iHQ40IQAbNBxnR
WX3A5TXJ0fXc19kBBm+x+DSnqbdyujMN4fO4Arqr1G1ZSqkVEe5d/mQTnL7h
uo8P1n1BZsjRvQ5hUFz9B4U2Y2DTaGDzttYBHxnYzDvJDSUExBgOK5lYvmmk
PR0tMclZffjwWZIsfK66k0he3PKzgQzwkF4v8jgqP3dnhMcIO3nnhsPs7C4J
xiGJSWq9elcqt9EbkYt/Lplbe83erlhkN6PgTgeuFykuUGNV/nU6GNSX2oH8
TpSIZFLKn95zYvbuOQllzNxRbeDSFhCbg2YF87Ce7Euq9+LFJ+H6GJgMHdP0
jq6OkG1Ie+ZNfkkNH4MmQGv8/qJ4MvksSfd9cXrGyx8A5LHJQ5JhMbwMniVd
bmETEW5ipTqjPajWoFXNXc9UubxpilikQuKVSlm1vDVlq5Gtkyo5lwavvMLC
zqkkoaUoVO2WDenruXYk/lVOjEaJr8+VnN2ZqozUnBqVBVRvSp/k5KoswTW2
KWlLVkAGzDPMwHuuMApMjf11Y6orS/eYkU7oiCP5BqQ9zB1WhbexkUGwwMiZ
knhvQyPuadvceJCnfB/Dv9pre8EVMVS2VLbkc5dmZtrLaqY1hQCpH2uqk8p8
v4N6ipEKun6DTKxQA8gvietFrAaIU4JixHjqkVTWdIpEGxa77IKZdbpXxJaf
FRWUaNJrcHyE7FdKXU75PPEAivfAb+i1I685Z0siDu42FOTev31KLlQmh83z
05ene3Hl/M5xriPmJ22o4Tfj8bhAdyKNokyC+hgEjsA4w/t7kDjybHVcvL1X
xm+VSWq7n7z9DrkmerdMxkthqGLEHnQXpG0z0qZAh9pjSJjHDPQhvGlC+jMO
nDFGNVh8vAHKDl12o90qD9dl9Lq4xn4tSPVpvmzWhiRzzWhTPeRLiBCG9Gzv
1uiqmfmhrkX97qiDXXk4cTm0A8ob2aZNgfR2o4MNd8xtVwELih5sVq4Zimb/
dmBKifilw7gzYNVTYhaxJ2XsPBFagRwUYaEAPZh+zZ4IDcnwPrkxoC7+PPn8
8RdpfAsGkyWNaBTJmiansk4ZfbzhYS7gPZbG3NLtI6T6Heqac+DyKkYJLVPa
1pZDHguTev0CipxIi0kOvXit16H7Q5MFss2TtOzmtH2NJmTtwrU5oU9K8VVo
oYkdRr3vNT3Di+8Mv6LqAxQfyHMm/fB73obHbz33uNSGC2qnsJDJZhO5SN2I
5iMKtlzpVfUyW0xsD2+ZUP/GXbG5tz4qr1OKsuLDUUdhoaWUJqOCms6ZG5zR
LOcW5oy3I5TJLRBjBQUdEKbQG616DPawyNQB5sNIINVXop6w6VR2grs95JP4
puL5PE0z+liiChcR473zlPGAAG829q9bZ2DlVSwuCgwjdF/gMuzYWA8D0BHA
QFToKwitL7ST1ah3Mz0ZGkrPCfWq+8MMXAgoBzNMbZItW+8SZ1QakopUHa87
Y6mBQbnWiYsz8aNQ53GAxRCKA1rA+bRWzXF6MCUXanVsNcdzbZh87PxnO6MQ
M/bbqfE3tq04OIpAH2QCo6BsIqJJTiIcgKdQKalq6P2fqwDhNTCScb1KWZvD
3Hjg6pCEhle2onKI6F5Pmu13q0i13AfikuOLdNbkLeUrRbh5wk2juEls6SbU
KfawnXvUoeXg5ifIYveFQKx/4vx7NGqQIGBnD3pbNXGrx2hPAlfC1hSE6Jtt
i4lYY70dok+zMSi0RxJMCg9upUmUhE/RBgnbTm3b1JxVnn7Am5t2EP2Im3RD
owRuhc4N5dNrXtZpG2Iaj++JGRLFCa/mtgaSoxSTHbJEaixmgf0BUyVznbwd
dSblNnAWGGYDDYX7L8wwbFK5+ZII07w9qbfrKdonfzha2Mq7I1FL+RwwuQGb
01JAqb6iwjCKPL75JitjVVdB2WIa0na56hbbSu51lBhmB5rllu1qOgjKw125
akMW/aKiJgrcdlLVcVjx/wMZZkl+P54AAA==

-->

</rfc>
