<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.2.3) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-pang-srv6ops-qkd-srv6-private-line-00" category="info" submissionType="IETF" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="QKD-Assisted SRv6 Private Line">Problem Statement and Operational Considerations for QKD-Assisted SRv6 Private Line Services</title>
    <seriesInfo name="Internet-Draft" value="draft-pang-srv6ops-qkd-srv6-private-line-00"/>
    <author initials="R." surname="Pang" fullname="Ran Pang">
      <organization>China Unicom</organization>
      <address>
        <postal>
          <city>Beijing</city>
          <country>China</country>
        </postal>
        <email>pangran@chinaunicom.cn</email>
      </address>
    </author>
    <author initials="J." surname="Li" fullname="Jianfei Li">
      <organization>China Unicom</organization>
      <address>
        <postal>
          <city>Beijing</city>
          <country>China</country>
        </postal>
        <email>lijf299@chinaunicom.cn</email>
      </address>
    </author>
    <author initials="J." surname="Zhao" fullname="Jing Zhao">
      <organization>China Unicom</organization>
      <address>
        <postal>
          <city>Beijing</city>
          <country>China</country>
        </postal>
        <email>zhaoj501@chinaunicom.cn</email>
      </address>
    </author>
    <date year="2026" month="July" day="05"/>
    <area>Operations and Management Area</area>
    <workgroup>srv6ops</workgroup>
    <abstract>
      <?line 50?>

<t>SRv6 is used by operators to provide programmable and traffic-engineered IP private line services. Such services are often deployed for customers with strict requirements on service isolation, predictable forwarding, and communication security.</t>
      <t>Quantum Key Distribution (QKD) networks can provide symmetric key material to authorized applications or security functions. When QKD-generated keys are used together with SRv6-based private line services, operators need to coordinate service provisioning, SRv6 policy state, endpoint security functions, and QKD key availability.</t>
      <t>This document describes the problem space and operational considerations for QKD-assisted SRv6 private line services. It does not define new SRv6 data-plane behavior, new SRv6 Segment Identifier semantics, a new QKD protocol, or a new cryptographic algorithm.</t>
    </abstract>
  </front>
  <middle>
    <?line 58?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>Segment Routing over IPv6 (SRv6) enables operators to steer traffic through explicit paths and to support service-aware forwarding. SRv6-based IP private line services are used in scenarios such as enterprise connectivity, government networks, financial services, industrial networks, and cloud interconnection.</t>
      <t>In these scenarios, encryption or authentication may be applied at customer edge devices, provider edge devices, gateways, or other service endpoints. These security functions require key material and key lifecycle management.</t>
      <t>QKD networks can provide symmetric keys to authorized key-consuming entities. However, QKD key availability is not independent from network operation. It may be affected by QKD link status, key generation rate, key pool level, trusted relay availability, key consumption rate, and security policy.</t>
      <t>When SRv6 private line services consume QKD-generated keys, the SRv6 service domain and the QKD key service domain need to be coordinated. A service may have a valid SRv6 path but insufficient QKD key resources. Conversely, QKD keys may be available, but not usable by the endpoints or service instance selected by the SRv6 service controller.</t>
      <t>This document identifies the main operational problems that need to be understood before detailed solution work is considered.</t>
    </section>
    <section anchor="requirements-language">
      <name>Requirements Language</name>
      <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", "and "OPTIONAL" in this document are to be interpreted as described in BCP 14 <xref target="RFC2119"/> .[FC8174] when, and only when, they appear in all capitals, as shown here.</t>
    </section>
    <section anchor="problem-statement">
      <name>Problem Statement</name>
      <section anchor="service-to-key-association">
        <name>Service-to-Key Association</name>
        <t>An SRv6 private line service is typically described by service endpoints, bandwidth, latency, availability, path constraints, and isolation requirements. A QKD key service is typically described by key availability, key identifiers, key pool status, key lifetime, and endpoint authorization.</t>
        <t>There is currently no common operational model that describes how an SRv6 private line service should be associated with QKD-provided key material. The main issue is not only how a key is delivered. Operators also need to know which service instance, endpoint pair, security function, and key resource belong together.</t>
      </section>
      <section anchor="coordination-of-srv6-path-state-and-qkd-key-state">
        <name>Coordination of SRv6 Path State and QKD Key State</name>
        <t>SRv6 path state and QKD key state may change independently. For example, an SRv6 policy may change because of traffic engineering, failure recovery, or maintenance. A QKD key service may change because of key expiration, key pool depletion, QKD link degradation, or policy changes.</t>
        <t>If these changes are not coordinated, a service may remain reachable from a forwarding perspective but may no longer have the expected key resources. Alternatively, a service may have available keys but may not be using the intended path, endpoint, or security policy. Operators need a way to correlate SRv6 service state and QKD key state for provisioning, monitoring, and troubleshooting.</t>
      </section>
      <section anchor="key-availability-and-service-assurance">
        <name>Key Availability and Service Assurance</name>
        <t>QKD-generated keys are a resource with capacity and lifecycle constraints. For SRv6 private line services, operators need to understand whether sufficient key resources are available for a requested service.</t>
        <t>The following core questions must be addressed:</t>
        <ul spacing="normal">
          <li>
            <t>Whether QKD key resources are available before service activation;</t>
          </li>
          <li>
            <t>Whether key resources remain sufficient during service operation;</t>
          </li>
          <li>
            <t>How key exhaustion or QKD degradation affects the service;</t>
          </li>
          <li>
            <t>How rekeying events are coordinated with service continuity;</t>
          </li>
          <li>
            <t>How service status is reported when forwarding is normal but key resources are degraded.</t>
          </li>
        </ul>
        <t>Without such coordination, the service assurance system may report incomplete or misleading information.</t>
      </section>
      <section anchor="failure-and-degradation-handling">
        <name>Failure and Degradation Handling</name>
        <t>SRv6 networks and QKD networks have different failure modes. SRv6 failures may include link failure, node failure, or policy invalidation. QKD-related failures may include QKD link degradation, key generation rate reduction, key pool exhaustion, or key synchronization failure.</t>
        <t>Operators need clear policies for how a QKD-assisted SRv6 private line service behaves under such conditions.</t>
        <t>Possible policies may include alarm-only operation, service degradation, rerouting, fallback to other keying mechanisms, or service blocking. This document does not recommend one policy for all deployments. The appropriate behavior depends on operator policy, customer requirement, and regulatory environment.</t>
      </section>
      <section anchor="telemetry-and-troubleshooting">
        <name>Telemetry and Troubleshooting</name>
        <t>Existing SRv6 OAM and telemetry can provide information about forwarding paths and service performance. QKD management systems can provide information about QKD links, key generation, key pool status, and alarms.</t>
        <t>For QKD-assisted SRv6 private line services, operators need a correlated view. It should be possible to determine whether a specific private line service is both reachable and operating with the expected security resources.</t>
        <t>At a high level, the following information may need to be integrated:</t>
        <ul spacing="normal">
          <li>
            <t>Service identifier and Endpoint pair;</t>
          </li>
          <li>
            <t>SRv6 policy or path information;</t>
          </li>
          <li>
            <t>Security function status;</t>
          </li>
          <li>
            <t>Key availability or key service status;</t>
          </li>
          <li>
            <t>Rekeying state with associated alarms and degradation events.</t>
          </li>
        </ul>
        <t>The problem is not the absence of telemetry in each individual domain, but the lack of an integrated operational view across the SRv6 service domain and the QKD key service domain.</t>
      </section>
    </section>
    <section anchor="operational-considerations">
      <name>Operational Considerations</name>
      <section anchor="avoiding-srv6-data-plane-dependency">
        <name>Avoiding SRv6 Data-Plane Dependency</name>
        <t>A QKD-assisted SRv6 private line service should not assume that QKD-specific information has to be carried in SRv6 packets.</t>
        <t>In particular, key material must not be carried in SRv6 packets. Key identifiers, security association identifiers, or other security metadata may also be sensitive and should not be exposed unless there is a clear requirement and adequate protection.</t>
        <t>A conservative deployment model is to keep QKD-related state in the management plane, control plane, or endpoint security functions, while SRv6 continues to provide packet forwarding and path steering.</t>
      </section>
      <section anchor="endpoint-based-security-functions">
        <name>Endpoint-Based Security Functions</name>
        <t>In many deployments, encryption and authentication are applied at service endpoints, such as customer edge devices, provider edge devices, or security gateways. Intermediate SRv6 routers should not be required to understand QKD key state. This reduces deployment complexity and avoids unnecessary changes to the SRv6 forwarding plane.</t>
      </section>
      <section anchor="service-provisioning">
        <name>Service Provisioning</name>
        <t>When a QKD-assisted SRv6 private line service is provisioned, operators must strictly verify both forwarding resources and key resources in a coordinated sequence.</t>
        <ul spacing="normal">
          <li>
            <t>whether the SRv6 path or policy can be established;</t>
          </li>
          <li>
            <t>whether the service endpoints are authorized to consume QKD keys;</t>
          </li>
          <li>
            <t>whether sufficient key resources are available;</t>
          </li>
          <li>
            <t>whether endpoint security functions are ready;</t>
          </li>
          <li>
            <t>whether service assurance systems can monitor both forwarding and key status.</t>
          </li>
        </ul>
        <t>The service should not be considered fully operational until both the SRv6 service state and the required security state are completely available.</t>
      </section>
      <section anchor="rekeying">
        <name>Rekeying</name>
        <t>QKD-generated keys may be refreshed based on time, consumption, policy, or security events.</t>
        <t>Rekeying should be coordinated with endpoint security functions so that service disruption is avoided. The SRv6 forwarding path does not necessarily need to change when a key is refreshed.</t>
        <t>A stable service association is therefore useful, so that the service can continue while underlying key material changes according to policy.</t>
      </section>
      <section anchor="degradation-and-fallback-policy">
        <name>Degradation and Fallback Policy</name>
        <t>Fallback behavior is deployment-specific and security-sensitive.</t>
        <t>For some services, fallback to non-QKD keying mechanisms may be acceptable. For other services, fallback may violate the customer’s security policy. In some cases, the correct behavior may be to raise an alarm or block service activation.</t>
        <t>Operators should define the fallback policy clearly and expose the resulting service status to service management systems and, where appropriate, to customers.</t>
      </section>
      <section anchor="multi-domain-deployment">
        <name>Multi-Domain Deployment</name>
        <t>SRv6 private line services and QKD networks may span multiple administrative domains.</t>
        <t>In such cases, operators need to consider:</t>
        <ul spacing="normal">
          <li>
            <t>how endpoint authorization is performed;</t>
          </li>
          <li>
            <t>which domain provides the QKD key service;</t>
          </li>
          <li>
            <t>how QKD coverage is represented when only part of the service path is supported;</t>
          </li>
          <li>
            <t>how alarms and audit information are exchanged;</t>
          </li>
          <li>
            <t>how customer-facing service status is reported.</t>
          </li>
        </ul>
        <t>This document does not define inter-domain procedures, but identifies multi-domain coordination as an important operational issue.</t>
      </section>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <t>This document does not define a protocol. However, security considerations are central to the problem space.</t>
      <t>QKD-generated keys do not by themselves secure an SRv6 private line service. Overall service security also depends on endpoint authentication, authorization, key delivery protection, cryptographic protocol design, implementation security, and operational policy.</t>
      <t>Key material must not be exposed in SRv6 packets. Sensitive key metadata should also be protected from unnecessary disclosure.</t>
      <t>Fallback behavior needs careful treatment. If a service falls back from QKD-assisted keying to another keying mechanism, the resulting security level should be clear to the operator and, where applicable, to the customer.</t>
      <t>Telemetry and audit data may reveal customer endpoints, service relationships, security status, and failure events. Access to such information should be controlled.</t>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>This document makes no request of IANA.</t>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC2119" target="https://www.rfc-editor.org/info/rfc2119" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174" target="https://www.rfc-editor.org/info/rfc8174" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
        <reference anchor="RFC8200" target="https://www.rfc-editor.org/info/rfc8200" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8200.xml">
          <front>
            <title>Internet Protocol, Version 6 (IPv6) Specification</title>
            <author fullname="S. Deering" initials="S." surname="Deering"/>
            <author fullname="R. Hinden" initials="R." surname="Hinden"/>
            <date month="July" year="2017"/>
            <abstract>
              <t>This document specifies version 6 of the Internet Protocol (IPv6). It obsoletes RFC 2460.</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="86"/>
          <seriesInfo name="RFC" value="8200"/>
          <seriesInfo name="DOI" value="10.17487/RFC8200"/>
        </reference>
        <reference anchor="RFC8305" target="https://www.rfc-editor.org/info/rfc8305" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8305.xml">
          <front>
            <title>Happy Eyeballs Version 2: Better Connectivity Using Concurrency</title>
            <author fullname="D. Schinazi" initials="D." surname="Schinazi"/>
            <author fullname="T. Pauly" initials="T." surname="Pauly"/>
            <date month="December" year="2017"/>
            <abstract>
              <t>Many communication protocols operating over the modern Internet use hostnames. These often resolve to multiple IP addresses, each of which may have different performance and connectivity characteristics. Since specific addresses or address families (IPv4 or IPv6) may be blocked, broken, or sub-optimal on a network, clients that attempt multiple connections in parallel have a chance of establishing a connection more quickly. This document specifies requirements for algorithms that reduce this user-visible delay and provides an example algorithm, referred to as "Happy Eyeballs". This document obsoletes the original algorithm description in RFC 6555.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8305"/>
          <seriesInfo name="DOI" value="10.17487/RFC8305"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="RFC9386" target="https://www.rfc-editor.org/info/rfc9386" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9386.xml">
          <front>
            <title>IPv6 Deployment Status</title>
            <author fullname="G. Fioccola" initials="G." surname="Fioccola"/>
            <author fullname="P. Volpato" initials="P." surname="Volpato"/>
            <author fullname="J. Palet Martinez" initials="J." surname="Palet Martinez"/>
            <author fullname="G. Mishra" initials="G." surname="Mishra"/>
            <author fullname="C. Xie" initials="C." surname="Xie"/>
            <date month="April" year="2023"/>
            <abstract>
              <t>This document provides an overview of the status of IPv6 deployment in 2022. Specifically, it looks at the degree of adoption of IPv6 in the industry, analyzes the remaining challenges, and proposes further investigations in areas where the industry has not yet taken a clear and unified approach in the transition to IPv6. It obsoletes RFC 6036.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9386"/>
          <seriesInfo name="DOI" value="10.17487/RFC9386"/>
        </reference>
        <reference anchor="RFC9099" target="https://www.rfc-editor.org/info/rfc9099" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9099.xml">
          <front>
            <title>Operational Security Considerations for IPv6 Networks</title>
            <author fullname="É. Vyncke" surname="É. Vyncke"/>
            <author fullname="K. Chittimaneni" initials="K." surname="Chittimaneni"/>
            <author fullname="M. Kaeo" initials="M." surname="Kaeo"/>
            <author fullname="E. Rey" initials="E." surname="Rey"/>
            <date month="August" year="2021"/>
            <abstract>
              <t>Knowledge and experience on how to operate IPv4 networks securely is available, whether the operator is an Internet Service Provider (ISP) or an enterprise internal network. However, IPv6 presents some new security challenges. RFC 4942 describes security issues in the protocol, but network managers also need a more practical, operations-minded document to enumerate advantages and/or disadvantages of certain choices.</t>
              <t>This document analyzes the operational security issues associated with several types of networks and proposes technical and procedural mitigation techniques. This document is only applicable to managed networks, such as enterprise networks, service provider networks, or managed residential networks.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9099"/>
          <seriesInfo name="DOI" value="10.17487/RFC9099"/>
        </reference>
      </references>
    </references>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA61a23IbNxJ9V5X/AeW8JClSJTuXjZWXVSy7ovimSHKldlN5
AGdAEhFmMAFmKDNP+xv7e/sle7pxGQxJyd6tlKsscohLoy+nTzdmPp8/Oup1
b9SpuHR2YVQjrnvZq0a1vZBtLd51ysle21Ya8dy2XtfxuxdL68TPr87nZ95r
36taXF9tvsUyeoMFxGvdKnGt3EZXyj86kouFU5vTj0x4dFTh48q67anQ7dI+
Oqpt1coG4tVOLvt5J9vV3LvNt7bz8z9ua/4878ISc4Ml5icnj478sGg0drFt
v+0w+eLFzctHR+3QLJQ7FVgVo+lvhXOo1g+evugOv/Vu8P3Tk5NnJ08htFPy
dFSBZ428ka1cBQWd4XdMvLPuduXs0J2KKNqjo1u1xeP69NER/ZNDv7YOX4SY
42DY7upYXOIs9ESIcMIr2RbPrFudiudr3UrxvtWVbcLjSvfQzQ9K/67TyMoO
bU8a49HhmWqkNqeC1OVk+/eKfhl4meOqLcT46Rh6L4X4Sct2qXR++peIYfTv
y6fPnj0oxj/X0k4FaVfFw79Ejj+x3O/fnDzZEyT8a61rYOiNYkNdvXz+9MmT
Z+nzd0/+9nX+DAfJn786+YatTP66M//ZV999mz+fPHvG446Pj+nPfD4XcuF7
J6uevnMsaC8Gj8BYbIVlr7POi96KztkNIo/+wp5NIxGp7IyYvlzqaq7aFXxf
Ocy9uBQxHgTFg/AxBo/F9VCt81cB5xZ22atW1KozdoupFNEV/N82Cvve6R7D
e6erXjj1x6Ade70Xtk2rQGBrODZm2FTVGMqiYaE76WrYZMZiQs8NqZuHYnI1
OBiO9fDzINt+aMQrtRXnmrZbDDzqc0DFF6JVPYWXFxWiI6nBb5tGkWACYSag
c+U08AmKCoGm/8RhZNeZuCNEdnlXsRzaip8ei1/WOD5B0kq1pG5Mw4pBN2yI
3q5Uv1YuKINsNF9I+uGgimeF1WANmo6jW1IEjU1K42MQOLF+2PCdhaxbaBvj
ZkK1dWc1AGZf5qBPiMxHlxv4tVxok7R5s4YLATMHxqda+Qr6hLFxBtqWAd53
sgreYwtwrw6Du5xg9T2OdYGtLHZpLe25pB9bdRemAGrlvDMSzxZqLTfautn4
67VasaQXNf7XS63ITg08Qld0VB5Ih4Xsva2smZElw+PKbbuewqFbwxGkQdaA
jZocXI2ua6NCZH8mLoAJth5YiRxuceMrC28D0tgNtr64hEifk2BfwAbkyX4a
h9AEhsWgg1IB+qu1UB/I03QPuO3XIUnQ2KHrrOuTmubyjrxqjIzj0p3uC9rR
EzXipoJQTluPtRHJ0kNIuD4mekX2axWOt4ErzMSKztPyCVMEzQQMI9uKImV0
WN3WAwUdHo4DOWSNHWhXbJCWti0r96Ild8KWWR7yWDYHxS0ZCFFI9ozx3sgt
bB8CkgKzzyAjVL1ScJkoTIzv3ccrqOVObj0b33I4plBKkQInvAky7UVMwq4p
VtAR6YHRS1VtK2BWk/N6wCV43cfBx++ADh7NKZKGhpyKdNBripAf7Z2CRWYH
I5dgn0IHtlAdTkRWWzrbpP3HOOVQS+pcQvI+JAtaFX5zywAyQFG0RcQ0soBj
WKGHnbVGGMiCUGKugwWcMnIqURgbDtIVK5DWsoYDZrGyGEfvR4i4kjoAtTOG
Jp6abFpbZOs2hNFaZY3t/JzwdaEKiK2PxVkeSHoC4EBTYiONThCGGBVIMUQ8
BgpjTepOmzjl7eAY1MB2YTGvzDZbzWfdB10ZqISWIuMNnjMfjEFCZ78MmScm
yxbmaSvSi8mm2zs+dAWoMka5A4iuE04GSGdNlCgeMZ5+lX2powFu5RB0Fpsq
gBCFV49DYABSeMi47Gva51QAdQbwvCqz/2twygGREoQLYUVU14vHb95f3zye
hb/i7Tv+fPXi5/cXVy/O6fP1j2evX+cPacT1j+/evz4fP40zn7978+bF2/Mw
GU/FzqM3Z/+gP+Qpj99d3ly8e3v2+jEhZT9RGmFo0IIOeKlI94DPlB8ZXX94
fimefC1+jbzvN3H8a2B9v4k7uHdwftuabfwK/W8J05R0NF0a5FDZ6V4aQlBg
9NretQJgpaIW9wosfvxZKpLmvZ0TCUJ1ZAHSKVGdPRBYZCwUOMBZA7HG0yy2
+wAJT8UB7nTdr2cCnA2IDceeBj3HBlkfGS7MoTNnjjdhgRRpu6F5vzi7kBcA
Jnuz8wU6lRhG8NzrJkJP5kUJcWVOSjekaHbewTmsCgFay7zTTiOksbUyITxG
egRTYYMHFA1jDqbm0I/mwbmYExKkxdRQT1IMZ6QQoShFB5VQnl2INww6IDc0
KBoo3GKtSWwDbmRzAN+2GH8HnrPeA5OCLXZSI8PsZcBZTnYJ3XAOY5GfErs9
jp74PAEp5/FlrM/JKdhnM/UkN+UnuXBhz/GTQewY/IRAs1oDNlSZ4sz2WLwE
OqoPsukMW3jChYtZC1VJkCASKXGvVPAwhV7CsQaY36mKeM+WiQJpHl5OOjrk
q4eXpxGgc9rFoiY7JdVIKjzLybZWYJ91HIkdo+BhVR+40jJypfiQsYi8oMhZ
xHNLqZxip3FKYhJXU8QFZEEdBbzEd8z2FCcgmgZ3J6OCHHHS4yz0oQt5Zie1
nRm4aMulKmU3eSBlpgQX0t64R8/JxJMQtAOrmDyfHGB0xdmk4IpEoXBu9msp
QOpCieSIgvQ7ifA+d6LSZFpCIcY11s3lJvLnQOR9bS2R++TejK4l76KxEX0J
dgdHzhLJ36GSUI4RxLEPvJdVWmhkkgWCBhe/nxkdqhhjqqY1kWkC3R2ZysSU
QapsqyUXR4TSiold3CUBJH43xt6R7SpiADyMKXIDIsjgVtdYG+UGdyq+pPqY
99+jRzsbR0qRLCfJMzkuvi9Xma4Q3bw4Wj2QCfMqGbV5ETDoGJ1rBGuqNEiw
IgwjKQ7kKK6TZzuF+UzLN0xk6AhFGMZ+R8HCdDvAuHl+6ZeDJ+B2iio8xXZq
y/hkqHcN0g1Fzr7mgsiRX/2CfVGFhqKuKiB4Vh6DEk9wUFQgsG4TsYJrTN0i
0xFAKUY+7Y2SQZDUlIppElHwMoIl+dd5obof8cBwFy1ieq5+UgjmBwwRtYau
HdcqcUVKrT6UtelZYMwQzwy1CqgZf5lBQ3iUv434qVum67HgoVAM6FAfXvQw
HB8ogKCs2AAocH10JxaBUWbbVqjs20gv0q6svx0IQ7TLKDdRcoq/kNk/rXUS
OiKYyCGfHKCtdWxP0Y6XFstQjOVdysNLI10zZ0qRw2U2lkqlRpxyoddB+dKY
haxuCW1sCk1yl0ZRntK+8bOycFkYW91yy2Knv5SaPpR4URUzQVbJjoxGxsT2
YiSNBEMgzc5CH6SO1BMSgRdwczFBYlxoNrYLCgIakN6p1WBoLICh3WhYLRfw
cPUb1FlUqweAvplmBRrz4gMsRAdnE707exPSR55W1v1FKAm5oIAtE3Lu/OQm
n3I8nukH+ejYX4gB7D+yfHLsvXL+AFemndkXAu14+endu70MJMd8XIuNVnfc
dBgJcJccEs6DGlK5hpZLmQpcApxDE0W7r2JZwOUKdlM0IqFIBuEJd8k0oiAw
XBihDBBrvVrndsYkw5X6ZOoy1sJEWlac2mOaSxxgrEdYqhclseY0UPJT8k9i
vcVGYcwu/45G4h9f7bZ+EuZMcgsPvUrpKrAeVkxRfARrs5xlAgy5LWf81PON
tQepSC68oixCZDo7OhIxGYT4uYY7Dshcoc8SGhw0zxBgYBJ8dlTgpLQiZ0Hu
d3CQ/7OrEyvl+y8dY2Cfbayuc9yeU4v5klvM57G6qLbsIp+Kw9G7SUWUZhsV
CkSand25dKi19Kn3JJ3ToYEQC6HqVkUDXCC6pet1BYhys2n/kRlXpNP3rcHe
MqmRcyzIsUkwHVF0SONQGJicQ3IUcFW5oINDq1w+MGaNx19w5FnqOA8twJIt
GSprGdNdAcIBd2o8IJVSk77oE58xEYaGudAo0kCswTXr8FapbpLkg7tzE6ds
ygq+Q5il9lj6SgXkQ7clKJpN9MRI6dT0Ro11XUI5HSmWs6G+TNkkwcH8B27Z
5zh/mXaLNofM2zLpTbrjrLBpe5yp9NgbP9C5Se3+/61tXpZgqYV+TBchgGxV
61xvES2g+76pF0Qr71Ykk1Is8gHmVcqXFg509EOqjSTFK9GcVmGgly5XybR8
xooyoZJ5j6cdMuqg5aovt50/mWxB0lw2UtU95j0OxnDTCSK1gdWX25CmCokK
Br/TTvHc/5vUEp5qsDaWXl/m7JhPyg5WtAwAqhR5nq5PtV+r+vvdaXtuEfxm
vHrgQjq32blonSzyaTXkZMoDkcWzkMTr7XSTe4qVwHVinb6n2qTQkP1y8jqA
zgtVdKchjSmJL2B1QFiZsP5eBhr7CfRT9u98tvg7V4WhmDLbUTHJF1NaPtgk
iNcDTi2h3jW1PhkqEOShiVncqMwyuy3jtEjfY/7P1GuvWn3IQN6GJJYzrPZu
CCBEYE4RSR3Hm0PBR96ZyX2KWW1GFhU7Z3chAGMfMx87wr8PLwMUPjHmrJhX
uG0weAVLzrLEpbuT2yTgjmDOaGRYNZOUmltsVWXDOQjnx0sqNl9Z8ZIrvEyl
0CUPZPKcHuXaRJfYNjKC8jZsnjNqJuAeUF3Q7LLoam07j0E6LbvyBVNVqY7V
FzpIk1vPcjEaDxm5e0Z6SyniP//6t9/vwCE7sVQV3DJevTHZr/rxsFECSOkk
XSzLNnBN8lMuBA+0eXZq4+ix8VUA5uVJ3gR4xCRMSA6Bb8Sg9IPpyyZQbLbQ
fXruUe7VUViFMr1yk9pyxo6aXmdJ8fuGNpifBzZ6nq06drIPX8PvtkBIS74j
TKP1OqpjahRC9AJLpDu8QyaCobYPaj/0kkjAtFiPUA/h8F0HJ7FQWeYcQbcC
kV1HJuAPUezv08r0nPvkcqViFwt6p1cJYiOL2wnEXLlGKIIx1Ds+vdoQJeCO
x1iNyKHW/bScdUQqQ3iOU5Jl5ktZHbB40V479GbLzusmfLE3H7VQgZI40jXf
9I6XpmytNK7stRG9osqmoS0ldiizCt/fxNok0779wuRhEWV+iaV4HSBH6M7r
N5yFsIoLrzXtvb6TXlHYTUC1DWmS75Ubrwx1l3gT9eAF17F4Rw5hzGiGXGpQ
yVB0ZyaOOdLY2dRRQ7kTb7a2RWkw23lxJymFbuP0Cj9ryr2kwenLYrO9N5YK
aH91X2mVapm90uo6F0CcQ1KNFJErlUlRbKIadAdT8lek08pYnxqD+0mDYpto
j6PkJnpwpZ57U+JiWdy4EDB6wTN5iwmXjemBXjFpD/fpZnuwGa3GPZGSOnDp
Fl0pN9imwEmvy/E7DXFYitAQf5NeWgjyXFY67EYZONcnRe0SD8rlHfn2Wndl
JVt2sFIjObIgcVZVXIHaAJ8lppSkKL4vkd5WuDh7e/bR6GzkLYdnui0hqKOJ
+fUxMsnRfwH1mfgdIC0AAA==

-->

</rfc>
