<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.4.9) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-gray-lamps-compositepkc-01" category="info" consensus="true" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="Composite-PKC-Context">Preventing Key Reuse and Cross‑Key Forgeries in Composite ML-DSA</title>
    <seriesInfo name="Internet-Draft" value="draft-gray-lamps-compositepkc-01"/>
    <author initials="J." surname="Gray" fullname="John Gray">
      <organization abbrev="Entrust">Entrust Limited</organization>
      <address>
        <postal>
          <street>2500 Solandt Road – Suite 100</street>
          <city>Ottawa, Ontario</city>
          <code>K2K 3G5</code>
          <country>Canada</country>
        </postal>
        <email>john.gray@entrust.com</email>
      </address>
    </author>
    <author initials="L." surname="Prabel" fullname="Lucas Prabel">
      <organization>Huawei</organization>
      <address>
        <email>lucas.prabel@huawei.com</email>
      </address>
    </author>
    <date year="2026" month="July" day="06"/>
    <area>Security</area>
    <workgroup>Limited Additional Mechanisms for PKIX and SMIME</workgroup>
    <keyword>composite signatures</keyword>
    <keyword>public key binding</keyword>
    <abstract>
      <?line 52?>

<t>This document defines a small, backwards‑compatible change to composite ML-DSA that cryptographically binds the signature to the specific composite public key. It does so by defining a Public‑Key Context value (<tt>pkc</tt>) equal to a hash of the serialized composite public key, and by setting the composite context field to that value. This prevents key reuse and cross‑key forgeries across different composite keys, while preserving the API of Composite ML‑DSA. The construction introduces two helper procedures to compute <tt>pkc</tt> from either the composite private key or the composite public key.</t>
    </abstract>
    <note removeInRFC="true">
      <name>Discussion Venues</name>
      <t>Discussion of this document takes place on the
    Limited Additional Mechanisms for PKIX and SMIME Working Group mailing list (spasm@ietf.org),
    which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/spasm/"/>.</t>
      <t>Source for this draft and an issue tracker can be found at
    <eref target="https://github.com/johngray-dev/draft-gray-lamps-compositepkc"/>.</t>
    </note>
  </front>
  <middle>
    <?line 56?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>Composite signature schemes (e.g., Composite ML‑DSA) pre-hash the application message and prepend a Prefix, an algorithm‑specific Label, and an application‑provided ctx byte string to form the message representative <tt>M'</tt>, which is then signed by each component primitive. The current composite signature construction:</t>
      <artwork><![CDATA[
M' :=  Prefix || Label || len(ctx) || ctx || PH( M )
]]></artwork>
      <t>The <tt>ctx</tt> is an application context of up to 255 bytes.</t>
      <t>While the existing design already mitigates several cross‑protocol issues via <tt>Prefix</tt> and <tt>Label</tt>, and explicitly forbids key reuse, some deployments may still reuse component keys or attempt to combine component signatures across keys. This opens the door to cross‑key “mix‑and‑match” forgeries (splicing a valid ML‑DSA component from one composite with a valid traditional component from another).</t>
      <t>This document proposes a minimal change: set <tt>ctx</tt> to a hash of the composite public key. Because the hash depends on the exact public key bytes, both component signatures become bound to the same key material, preventing cross‑key recombination.</t>
    </section>
    <section anchor="conventions-and-definitions">
      <name>Conventions and Definitions</name>
      <t>This document inherits the notation of the Composite ML‑DSA draft (e.g., <tt>Prefix</tt>, <tt>Label</tt>, <tt>PH</tt>, <tt>SerializePublicKey</tt>, etc.) and the conventional KeyGen/Sign/Verify API of a signature scheme.</t>
      <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
      <?line -18?>

</section>
    <section anchor="threat-model-and-goals">
      <name>Threat Model and Goals</name>
      <t>Goal: prevent an adversary from taking valid component signatures produced under different composite keys and combining them into a valid composite signature for a target key.</t>
      <t>Approach: bind both component signatures to the same exact composite public key by including <tt>pkc = H(SerializePublicKey(..))</tt> inside <tt>M'</tt>. Because <tt>pkc</tt> changes with any bit of the key, component signatures extracted from different keys no longer verify together.</t>
      <ul empty="true">
        <li>
          <t>This does not change the malleability properties of individual primitives (e.g., ECDSA); therefore SUF‑CMA is still not claimed. It primarily removes cross‑key splicing and reduces the impact of accidental key reuse.</t>
        </li>
      </ul>
    </section>
    <section anchor="overview-of-the-construction">
      <name>Overview of the Construction</name>
      <t>This construction proposes <tt>len(pkc)</tt> as the length of the <tt>len(ctx)</tt> and <tt>pkc</tt> as the <tt>ctx</tt> value; all signature computation remains as specified in the base document.</t>
      <t>Let <tt>Hash_ctx</tt> denote the hash function chosen by the algorithm’s OID (e.g., SHA‑256, SHA‑512, SHAKE256/64). The Public‑Key Context is:</t>
      <artwork><![CDATA[
pkc = Hash_ctx( SerializePublicKey(mldsaPK, tradPK) )
]]></artwork>
      <t>The new message representative is:</t>
      <artwork><![CDATA[
M' := Prefix || Label || len(pkc) || pkc || PH(M)
]]></artwork>
      <t><tt>Prefix</tt> and <tt>Label</tt> are unchanged. <tt>len(pkc)</tt> is encoded as a single unsigned byte, which is sufficient because the mandated hash outputs are ≤ 64 bytes. The <tt>PH(M)</tt> is the pre‑hash of the application message as in <xref target="I-D.ietf-lamps-pq-composite-sigs"/>.</t>
    </section>
    <section anchor="publickey-context-pkc-routines">
      <name>Public‑Key Context (PKC) Routines</name>
      <t>This draft defines two convenience routines to compute <tt>pkc</tt> from either the composite private key or the composite public key.</t>
      <section anchor="computepublickeycontext-from-private-key">
        <name>ComputePublicKeyContext from Private Key</name>
        <artwork><![CDATA[
Composite-ML-DSA<OID>.ComputePublicKeyContext(sk) -> pkc

Inputs:
sk: composite private key

Implicit inputs (from <OID>):
Hash_ctx: the hash function for PKC (same as the algorithm’s PH unless specified otherwise)

Process:

1.  (mldsaSeed, tradSK) = DeserializePrivateKey(sk)
2.  (mldsaPK, mldsaSK) = ML-DSA.KeyGen_internal(mldsaSeed)
4.  tradPK  = Trad.PublicKey(tradSK)
5.  pk = SerializePublicKey(mldsaPK, tradPK)
6.  pkc = Hash_ctx(pk)
7.  return pkc
]]></artwork>
        <ul empty="true">
          <li>
            <t>Notes: The seed‑based ML‑DSA private key representation and the ability to re‑derive <tt>mldsaPK</tt> from <tt>mldsaSeed</tt> are already normative in <xref target="I-D.ietf-lamps-pq-composite-sigs"/></t>
          </li>
        </ul>
        <t>During the signing operation, access to the public key is required.  The above method suggests generating the composite public key from the composite private key by Deserializing the private key into its component keys, deriving the public component key for ML-DSA and the public component key for the traditional component, and then using the SerializePublicKey() method as defined in section 4.1 <xref target="I-D.ietf-lamps-pq-composite-sigs"/>.  This is only one of several options, but is a non-normative, non-exhautive list.</t>
        <ol spacing="normal" type="1"><li>
            <t>Derive or extract from private key as suggested above. Many cryptographic modules expose functionality to obtain an RSA or EC public key from the corresponding private key. For applications where such functionality does not exist, see section 10.4.1 and 10.4.2 in <xref target="I-D.ietf-lamps-pq-composite-kem"/> for mechanisms for extracting the public keys from private keys for RSA and ECDSA respectively. It is assumed that this is not required for Ed25519 or Ed448 since those private keys are seeds from which the public key can be obtained.</t>
          </li>
          <li>
            <t>Fetch it from an external data source, for example from the public-key certificate corresponding to this private key.</t>
          </li>
          <li>
            <t>If the composite signature private key is being carried within a PKCS#8 OneAsymmetricKey object, place the full composite public key within the optional OneAsymmetricKey.publicKey field (and re-encode as necessary for correctly using it in the context).</t>
          </li>
          <li>
            <t>Use an alternate private key encoding that explicitly carries the composite public key.</t>
          </li>
        </ol>
      </section>
      <section anchor="computepublickeycontext-from-public-key">
        <name>ComputePublicKeyContext from Public Key</name>
        <artwork><![CDATA[
Composite-ML-DSA<OID>.ComputePublicKeyContext(pk) -> pkc

Inputs:
pk: composite public key

Implicit inputs (from <OID>):
Hash_ctx

Process:
1.  pkc = Hash_ctx(pk)
2.  return pkc
]]></artwork>
      </section>
    </section>
    <section anchor="algorithms">
      <name>Algorithms</name>
      <t>Both <tt>Composite-ML-DSA&lt;OID&gt;.Sign(sk, M, ctx)</tt> and <tt>Composite-ML-DSA&lt;OID&gt;.Verify(pk, M, s, ctx)</tt> remain the same.   The only difference is that pkc is passed in as the ctx value.</t>
      <t>The signature interface remains the same.</t>
      <t>Note:  The application specific <tt>ctx</tt> argument is ignored with this current design.  To keep that property, a future version of this specification could set <tt>pkc = HASH (ctx || publickey)</tt>.</t>
    </section>
    <section anchor="serialization-and-asn1-usage">
      <name>Serialization and ASN.1 Usage</name>
      <t>This document does not change the composite public/private key or signature serialization formats from <xref target="I-D.ietf-lamps-pq-composite-sigs"/> and signatures remain concatenations of the component encodings. It also does not change DER wrapping in SPKI/PKCS#8.</t>
      <t>Because wire compatibility requires peers to know whether <tt>ctx</tt> is application‑set or PKC‑bound, this document could have registered new algorithm identifiers for each PKC‑bound combination.  However, that is not within the scope of this document.  This is meant for specific application context use-cases where the preventing key reuse is a desired security property.  For example, applications which choose to profile a set of composite signatures could choose to also adopt the use of this context.</t>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <t>Key Reuse: <xref target="I-D.ietf-lamps-pq-composite-sigs"/> strictly forbids reusing component keys. Binding <tt>ctx</tt> to <tt>pkc</tt> provides a cryptographic backstop: even if component keys were (improperly) reused, cross‑key splicing will fail because <tt>pkc</tt> differs for each public key instance.</t>
      <t>Non‑separability: <xref target="I-D.ietf-lamps-pq-composite-sigs"/> achieved Weak Non‑Separability (WNS) and a limited form of SNS for ML‑DSA via the <tt>mldsa_ctx=Label</tt>. PKC‑binding additionally prevents forming <tt>(mldsaSig1, tradSig2)</tt> under different keys, because both signatures are now bounded to the same <tt>pkc</tt>. This does not fix primitive‑level malleability (e.g., ECDSA) and therefore does not claim SUF‑CMA.  However, for algorithms like EdDSA or Ed448 which are SUF secure, this property should remain.</t>
      <t>Prefix: The existing Prefix and Label remain unchanged; deployments that implemented the optional Prefix in traditional verifiers can keep it as is.</t>
      <t>Hash Choices: <tt>Hash_ctx</tt> <bcp14>MUST</bcp14> be the algorithm’s registered pre‑hash function (e.g., SHA‑256, SHA‑512, SHAKE256/64). This keeps implementation complexity minimal and ensures digest sizes fit within the ctx length field.</t>
      <t>Privacy: <tt>pkc</tt> reveals nothing beyond what the public key already reveals; it is a hash of public data.</t>
    </section>
    <section anchor="implementation-considerations">
      <name>Implementation Considerations</name>
      <t>Signer Access to pk: The signer computes <tt>pkc</tt> either by deriving <tt>compositePK</tt> from <tt>compositeSK</tt>, or by keeping a cached copy of <tt>compositepk</tt> alongside <tt>compositesk</tt>.</t>
      <t>Interoperability: Because <tt>M'</tt> changes when this context type is used, peers <bcp14>MUST</bcp14> know that this context will be used.  One way to achieve this is for application specific use cases to specify this context type as part of the usage.  For example, if an application using composite signatures desired this security property, it could make use of the public key binding in the context mandatory.</t>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>None</t>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="I-D.ietf-lamps-pq-composite-sigs">
          <front>
            <title>Composite Module-Lattice-Based Digital Signature Algorithm (ML-DSA) for use in X.509 Public Key Infrastructure</title>
            <author fullname="Mike Ounsworth" initials="M." surname="Ounsworth">
              <organization>Entrust Limited</organization>
            </author>
            <author fullname="John Gray" initials="J." surname="Gray">
              <organization>Entrust Limited</organization>
            </author>
            <author fullname="Massimiliano Pala" initials="M." surname="Pala">
              <organization>OpenCA Labs</organization>
            </author>
            <author fullname="Jan Klaußner" initials="J." surname="Klaußner">
              <organization>Bundesdruckerei GmbH</organization>
            </author>
            <author fullname="Scott Fluhrer" initials="S." surname="Fluhrer">
              <organization>Cisco Systems</organization>
            </author>
            <date day="21" month="April" year="2026"/>
            <abstract>
              <t>   This document defines combinations of US NIST Module-Lattice-Based
   Digital Signature Algorithm (ML-DSA) in hybrid with traditional
   algorithms RSASSA-PKCS1-v1.5, RSASSA-PSS, ECDSA, Ed25519, and Ed448.
   These combinations are tailored to meet regulatory guidelines in
   certain regions.  Composite ML-DSA is applicable in applications that
   use X.509 or PKIX data structures that accept ML-DSA, but where the
   operator wants extra protection against breaks or catastrophic bugs
   in ML-DSA, and where existential unforgeability (EUF-CMA) level
   security is acceptable.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-lamps-pq-composite-sigs-19"/>
        </reference>
        <reference anchor="I-D.ietf-lamps-pq-composite-kem">
          <front>
            <title>Composite ML-KEM for use in X.509 Public Key Infrastructure</title>
            <author fullname="Mike Ounsworth" initials="M." surname="Ounsworth">
              <organization>Entrust Limited</organization>
            </author>
            <author fullname="John Gray" initials="J." surname="Gray">
              <organization>Entrust Limited</organization>
            </author>
            <author fullname="Massimiliano Pala" initials="M." surname="Pala">
              <organization>OpenCA Labs</organization>
            </author>
            <author fullname="Jan Klaußner" initials="J." surname="Klaußner">
              <organization>Bundesdruckerei GmbH</organization>
            </author>
            <author fullname="Scott Fluhrer" initials="S." surname="Fluhrer">
              <organization>Cisco Systems</organization>
            </author>
            <date day="28" month="June" year="2026"/>
            <abstract>
              <t>   This document defines combinations of US NIST ML-KEM in hybrid with
   traditional algorithms RSA-OAEP, ECDH, X25519, and X448.  These
   combinations are tailored to meet security best practices and
   regulatory guidelines.  Composite ML-KEM is applicable in any
   application that uses X.509 or PKIX data structures that accept ML-
   KEM, but where the operator wants extra protection against breaks or
   catastrophic bugs in ML-KEM.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-lamps-pq-composite-kem-17"/>
        </reference>
        <reference anchor="FIPS.204" target="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf">
          <front>
            <title>Module-Lattice-Based Digital Signature Standard</title>
            <author>
              <organization>National Institute of Standards and Technology (NIST)</organization>
            </author>
            <date year="2024" month="August"/>
          </front>
          <seriesInfo name="FIPS PUB" value="204"/>
        </reference>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="I-D.draft-ietf-pquip-hybrid-signature-spectrums-07">
          <front>
            <title>Hybrid signature spectrums</title>
            <author fullname="Nina Bindel" initials="N." surname="Bindel">
              <organization>SandboxAQ</organization>
            </author>
            <author fullname="Britta Hale" initials="B." surname="Hale">
              <organization>Naval Postgraduate School</organization>
            </author>
            <author fullname="Deirdre Connolly" initials="D." surname="Connolly">
              <organization>SandboxAQ</organization>
            </author>
            <author fullname="Flo D" initials="F." surname="D">
              <organization>UK National Cyber Security Centre</organization>
            </author>
            <date day="20" month="June" year="2025"/>
            <abstract>
              <t>   This document describes classification of design goals and security
   considerations for hybrid digital signature schemes, including proof
   composability, non-separability of the component signatures given a
   hybrid signature, backwards/forwards compatibility, hybrid
   generality, and simultaneous verification.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-pquip-hybrid-signature-spectrums-07"/>
        </reference>
      </references>
    </references>
    <?line 215?>

<section anchor="acknowledgments">
      <name>Acknowledgments</name>
      <t>Thanks to the Composite ML‑DSA authors and LAMPS WG for the existing design and analyses of pre‑hashing, non‑separability, and key‑reuse risks which this document builds upon.  Thanks to Daniel Van Geest for his feedback on this document.</t>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA7Va23IjR3J9768ocx5EbADNIUVKWkiaXQzJGXJ5gwnOyhsO
x6LQXQB62Td1dROD1Uqh133c8JMj7Ag/+Ev8KfMlPplZfQGIWY0d4XkYAo26
ZOXl5MmsHgwGXhmVsRmqvXFhnkxaRulCXZm1ujeVNUqnoTotMms//Pw3evom
KxamiIxVUapOsyTPbFQadXM9OJuM9jw9m2EVLNb8NBhfnQ5Os7Q078s9L9Cl
WWTFeojp88zzwixIdYLdw0LPy8Gi0OtBrJPcDoJ6gfwxGLw89Gw1SyJrI6y0
zjHh8vzhjVIvlI5thv2iNDS5wX9puddXeyaMyqyIdExfLkev8Scr8On+4c2e
l1bJzBRDL4QwQy/IUmtSW9mhKovKeJD+c08XRmPViQmqIirXe94qKx4XRVbl
eHodJZArVKMQu0AgHasbEyx1GtnEqjk2Gl9d/hOrbnJzeXO+5z2aNRYIh54a
qOZgykaLVJdVYSw9z6tZHAUKQ9UMp4EZPE9X5TIraJqn8C9KIeTvfPUWauIH
orvfZcu0fQYDDdV5irPYUjlR+YfaNu43fmbLwphyqI5OXr5UkyyGzKW6z3So
Pvz8r2pSkZiHL1/y2ACKGKq7stQr3Vd3aamLKJNfsgpr4sdTnepQu2chRLs6
ulKfvz3hJybRUTxUf4K0Phn6t0YE8aGRjRNe+2pc6JmJO2e8rgJtu4/5mBeV
Xpmou3pM4/ycx/12yT/z+p6XZkWiy+gJJlfqcnDmR6acO2fLv2/9bQCz2F8a
82gSGvLmcjzxj14eD1mEOpBusrCKzeBal2UUmMFrbeEsZ9EiKuEpk9roalJC
27oI93gyO6MaVQsy2+HnfXX08uhY7FY7Af8byMn3brVzvcvUYuMKhsrmzZqW
ve8BXplmcbZYq/3by8lDT7aC4RZk9GVZ5nZ4cJA+xXA+68N/S3+RPR3QB3py
QOc7oJl+fVI/D+fiOYwCFMW1ZHs0Ro3fvd6DeBi653n0c0frrFKJdFZs/n0V
5YPlelZE4aCJhoHNTQDPSOzg5ZdDz/d9zxsMBvBfeKsOSs97WEZWATqqBC6k
QjOPUgCSVjbRcdxXMx08rkgJwCwyGfafxUZRhC6MKrNOCApuqXKpSxUU67zM
4Jn5MgqwkMShxY+dUKXp/AAyRnPEa7tWG8C+uoRYGWSymZqtRULCVa3GPMiB
qYNF9aTjyqj9KaBu2lPm+wpmxT5aLbVdkll5R0N4Fv0ZvrRrzz5bHJtZUzKG
05x2YOC2mkcmDuUQ2m3sK9ZnLvBvGYGKBvwDB/70dN6Av+bHKozmc1OQEdqd
MND21WoZQeVYE2I/1eKMxpd0mm7awMowAInAMsLCVUCODSQoC8RRgM3KVaaW
Js5NgQWzwIQEmbUdyfFZcWpeZIkyETYqtg6fF9GTFtEoDWz92JpN/CyJwjA2
nvcCoSUykECed/ocuJUNliaBMPvGX/j9HSfrkQ4GbEfaVuc5NuPQVZhn9UK0
jEGUvchBCjjLe7ImUhtSJc6TYKnG364J2cTYNKRdD4OgnacoJAcp38MVSNKy
YOVnZLuERai3xY5kHcA4haea3nw2ZbMFSxWx06d8TsNOZTQes85SsjYUiryC
ac5wVbHlBK2GukYdet5PP/3k3Xymht8qd1L1l7/ImehDbNJ9yN6jz3QG/Blf
7Ksb1eOJHm02xQ9TEnHz+I2Hw8GqnE58dHLCSrCw63fsjnR88x7gRjoJDQkJ
JSPVh2tF51nASRCziIMCEVh7PrRaZkEWY09b4fenSKupCD9lO0xZ/qkYxbwn
kZAJOFxmUdgJqD7wIDHYOY+zdcLBlmhEbBnFsQu5VscUR+StyCImyUvn74Ck
7qCWQtQhSdNcRGdwKYGvMCO3zzaC+cPP/55E7/EFUuN/oHSw/PDzf3SCfN/y
URi3gBRR2Hh1RwKOuiztRtQKPttMAWQ3LGlrlk4zCtaev43o0DiWYkhPAJwJ
TWXwHhK6OQ94BpC7kfi1CTQplkbwaOGJ0E7q/AEpZYN8kcsgiUC23YqemYCs
OAPpCZt0AJLCs6FGxul+jaekvq7aCyNWZKfFyQEzSAM8EpHCLnTG6YK/b2sm
SqGwqBSrQn3i+k4Bz9FHaHWNTrXT9luPnY4v6P9JnVskPSE34akpA7/HAol2
ayFhDQx4a9ID4jIHv8fc+brGdv0MHH0JWzo7cWALfvRu8kC8nP6q2zv+fH/+
j+8u78/P6PPkYnR93Xzw3IjJxd2767P2Uzvz9O7m5vz2TCbjqdp45O3djP6w
J8G5dzd+uLy7HV3vUflSbqhWS3KfGUo9poD5iONr6wEogiKa4QvmvD4d//d/
Hh6rH374h/s3p0eHh7/+8Uf35avDL4/xZQXklN2yFCAgX6HBtQe0MrqgVcAu
VKBzIoRwNRBbu8xWKZJcQer61T+TZv5lqL6ZBfnh8Sv3gA688bDW2cZD1tnz
J88mixJ3PNqxTaPNjedbmt6Ud/SHje+13jsPv/lNTFg2OPzqN684DB6WQOJS
gT0jGZD+3mZQj+fRn2EdToz6IQDa6mItMFLqRwoygZudEZsLkwgVIhbk4GOs
RfgOR6djLAn5QtZg2a78RuWedpTakYhRjg2RMIdMIP8OknTBQ3BoF4ZR/o3S
IK6oJmSuo75VF/vPY3bf93u9KdVQIAGc0Fv4E4okKGodQqfEcMsaPZhD7hQT
WZV4N/TH+m7Vx0pLMxVnWLVQT4IE4NCGcB2aeKUcfBkaVzYUnGgIYsDoWRSj
qmTAN0VJSQfSUPULHkMsuCEaDcU6PyVW9TWtATTLqI569wZod3ozIlIguZT3
inWUmJC5OC2DajUm+E0yWq0LyW2ag7UK40gnZIxQOwSsIB0EEfUWIFKTzX1y
2rsn4rdm1WJwS3cceG/Q2ia1TYnrwCgwmJbd8GBRNtlsWnMhxzHYfm6kJEAm
718zlnTpFlFiSQsF1cSUU2xdrgiG0RIzFKUN9uEk15RXL5Af/8hr46xZ2Uma
8yoV+YMlpE/JJZnOtgz136y6uzyrrQTMgXKPTr6oP54cHvHHq3M8PPjiuCfM
cWc5FFlHFJ2rO6n21Q6XT+LQ6vFVn3nG+KrXZYopzPIRtttsIVz0I1SUzEOf
SQ6hojdu+V38jzMI9MQ+Dr/rWBheYFLqiFBC4RyZLmIa3DDs0nTIt63moPoR
hdisQ18Squ0pDIX1VKjRwQRo1w9//S/1xbFju6zYKQs7dVSe0BNK7rKlnZUI
d/V++OGXuiM//si+v9N4++Or0566h3RUlNf8hWlIXahTPSd0AkcMYBs3+P+n
pHvxgokRFm28ppaVlx+7lfBcXKJtXUp34Bv49Sv/I2vs28eeGrwiF/G8y5Qs
MvTs43C3qBiSSHkARbP19lkG3qI39GpXH+6IPOkrnoKVU7pwSLAZgOMLuFQM
Y3binSn2KrKm53ljqp4tuf6hr5TEzsSYUKJnguj5FuSzaTQ4zVCY4ZTeUTOH
4k0m8xRRky+k8I/MnkAS2+V73jGmSoAqjH/AJ78NYbe3d4JB+SN+/4Qw977g
wRvwkEPGL/EYxK0qUrYIx+ordQsss0OOCwt54LEz7sk1NLnrTV2kgNpr/lun
KvgoxxKIBJfNTjLnq9Pm0AIHdXXZNB8/NcA876wq6r4JoQR9piTJUvUpIZGd
HYPokAVEW2G+r6KCIIiPrGfIeIjxcpmFgJYFCAAcb2FSXuxZp6izltCrj8Yd
kkDrLfVC3QFMnqha2axq+4qV18yQDTfGsLe75lxtgY+Oox93lpn9em6qKltv
t8O7erV2EFUCUpwnrZHIO/YPPw0UldAdKr2J+lNVDLSt+wlZziUdSsuq5P4F
vCIdNJ7R56/m/VJX7CgxdWM5Us/E1XBSx8TEMF1NU4oXy1KKIYP76oYI3kZT
UyXcmSZGRySkwRZde3Y2KzWVJ6m6h+Kx4fnpR/yhQIxAyUxJO4L4dEHUzS2W
CiCqBatgubVfwwq5JdOn0GxUfvjSJ62T+fjj0S/HzaNJUH2RPySblzFOaVvu
xtx1W48y4d45HVNNRQclqZ5MLI1dMp21IE6hNFFLZ3M6Sh16vM55eHRycvhr
1mN4fPwVpf2AUjnpfmNXggpCJieREIGtwA5gFRSnYiIEt0eA/AZFOihD01Ch
wzL60n0CeEZWFQE8S9QAnYF0NEaUtQe8NpHvOZls27YMMNwdbm3seZ9DEdtN
l5aDbkAA9Uu4B6KLgvIRlR7kYpTLJi++UnepGdl1ggAsOBhxwD9B3X2VxzoQ
3jOv4ng3QLnFaJBEFw6+vaCf13Humt/7QvMHwsgodFJDYMoFJRTFCgiogSeg
wcm67oFQzqeGFTLaO+6QA+JZ41vYyIuLy+my2xQUPdi/x1h+mbLI6P8jY8l3
MJZ8k7E00nwqYelwi8PdmfloR2Z+oUY1fwFTfE118nT3WajTBBLSVzd91SmK
dg+WjhR25eG2niHlUFNxQx5OjwzVdU0bGGHMsBmdgRwfsS7pwFEu6kvLvYlU
Ga3fM/OZk9fWlVezl+cRBxm6hNyh3k1fX2o6XSxcow+QskBucBEjQVj32aV1
Tekmg5FM7gSWIppughAyLBH1SZoGYdTQwqZjXiEcuKPqDDaaXKh913gXJ4AP
9KbM9uu82dKi0eQWGP2OSodnd3I7Kv5t/zrY4vCdxuHGVnKF6KDxU/IwC9fp
XzjDI3oJ4FKXl7pdY6YTdchaRnl6r+DZMc7O79UKuTRnXEjVZHx1eSBABh3V
vZZV5ApxungU1ujyAtzJwCSEqo9ptqLcyLVNe6excZ9DphHWT5SV+s39raal
mHCpn8jnFkijhjyGCt+mMlDcuKBioHD5kO5yOmuqbkNaqYtsRYSlL07l8loH
aG0AN2s8qmkhtNwnMZo6/GTR2rl33dNAU4NAUytEGIIrU+ueeXsLyVSJXJ6O
Zt0bGY23Y+M3bXbrb3MPSqTBMqOMC6Vj0pwugjR7Pc6w62UMp9R2FruCDjO6
hIGQJFN9fHcYFyBONOoBQelC1QFszds0w09zX7q0C7oXSKQHzqEbNNpXr+U9
kfZCRKpmdw1Iatukf3QxbsssHypSs4rm29dNKzLEfpSIcuN1T0wAt9vZL1tR
r22uo7hpU4gAgqYdb+vWJ6ktNXCWIVGcPNeFq64+UUFYMsIJQvWd0Y9Klpl0
llH7391O5OpCg0fL2zp8AUqvSNxOXHXhij+6z+OuGtdulLC+lYaOX0eJU7Nu
3veJ1+11Oa3LRnAFb7Q4dPV0tDhC2tnuOUsFVCuMm8PdW7yC7nVWcrtkNu+X
WLn+VkuV+lZNlxTCxhAr3uyubnRO65LINU9bhKN2adtL7QIBt7ibRA2FPhoQ
2jNXITCzlUDT0o2VIDX9mjlKoNIdB8WVoLFPjIFaaFKWN7eyrhNHQkorzoF3
01f7euP6VDCKIp++m3CTCrrFCLg65SG3qRkNiVJz/gS9od4X3RQTaVGnyywK
qGXQaYnyFczM7Gi7dJC302drGjf/q5ZoZFki2x6qRk36/p7MWV+J8m1zatlt
wohqPzjSn/FlHm0ANuVz11tmAsyqR+YNEG4Sr+TKADnygyUZYWbWoP8wqi63
q5C6oeGmfM3s2HZuYt1YKj/kdvNy8yDb4EjMDvExavoZREVrXmWKuiFonaiu
Gcgv1bgewrTBh7YN0zyaXE351T9MIL3KZXYAAOHXaPI1idyOzh9Bweg2Q25Q
muf2kTjQJfE77sHUaNXcrtx81rlcoX5DNzsoemORtCRQKhSA3YlJQFtE1uMZ
V2ecaaiJg4pGrTQX6A75mppzvllttxmX3yXg7IpZ8nS9QyhNBLdo7oAq4nLb
GRVpYutVi0422s6ddZ4WurmdrPvkLpJeE/3YSaVmx+uPW1WXa39nxdr51eh2
9MybkAuMvMVDuY4rjICUHJtwwYhBRFWnj03nbMedubxvJ7eB16Ob8UR997bp
Mz17fYTfw9Hx2srdVQsAGMQtna0UJz0pHBPPhd8UkX20Tc3fZXezKkJKUVXO
xKwV/EynCGT1e5jlraG4J+lo5tyYkA4uLzd06Zn3PzvmWgzqKwAA

-->

</rfc>
