<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.2.3) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-rats-epoch-markers-05" category="std" consensus="true" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="Epoch Markers">Epoch Markers</title>
    <seriesInfo name="Internet-Draft" value="draft-ietf-rats-epoch-markers-05"/>
    <author initials="H." surname="Birkholz" fullname="Henk Birkholz">
      <organization abbrev="Fraunhofer SIT">Fraunhofer SIT</organization>
      <address>
        <postal>
          <street>Rheinstrasse 75</street>
          <city>Darmstadt</city>
          <code>64295</code>
          <country>Germany</country>
        </postal>
        <email>henk.birkholz@ietf.contact</email>
      </address>
    </author>
    <author initials="T." surname="Fossati" fullname="Thomas Fossati">
      <organization>Linaro</organization>
      <address>
        <postal>
          <country>Switzerland</country>
        </postal>
        <email>Thomas.Fossati@linaro.org</email>
      </address>
    </author>
    <author initials="W." surname="Pan" fullname="Wei Pan">
      <organization>Huawei Technologies</organization>
      <address>
        <email>william.panwei@huawei.com</email>
      </address>
    </author>
    <author initials="I." surname="Mihalcea" fullname="Ionuț Mihalcea">
      <organization>Arm</organization>
      <address>
        <postal>
          <country>United Kingdom</country>
        </postal>
        <email>ionut.mihalcea@arm.com</email>
      </address>
    </author>
    <author initials="C." surname="Bormann" fullname="Carsten Bormann">
      <organization>Universität Bremen TZI</organization>
      <address>
        <postal>
          <street>Bibliothekstr. 1</street>
          <city>Bremen</city>
          <code>D-28359</code>
          <country>Germany</country>
        </postal>
        <phone>+49-421-218-63921</phone>
        <email>cabo@tzi.org</email>
      </address>
    </author>
    <date year="2026" month="July" day="03"/>
    <area>Security</area>
    <workgroup>RATS Working Group</workgroup>
    <keyword>Internet-Draft</keyword>
    <abstract>
      <?line 104?>

<t>This document defines Epoch Markers as a means to establish a notion of freshness among actors in a distributed system.
Epoch Markers are similar to "time ticks" and are produced and distributed by a dedicated system known as the Epoch Bell.
Systems receiving Epoch Markers do not need to track freshness using their own understanding of time (e.g., via a local real-time clock).
Instead, the reception of a specific Epoch Marker establishes a new epoch that is shared among all recipients.
This document defines Epoch Marker types, including CBOR time tags, RFC 3161 TimeStampToken, and nonce-like structures.
It also defines a CWT Claim to embed Epoch Markers in RFC 8392 CBOR Web Tokens, which serve as vehicles for signed protocol messages.</t>
    </abstract>
    <note removeInRFC="true">
      <name>About This Document</name>
      <t>
        Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-ietf-rats-epoch-markers/"/>.
      </t>
      <t>
        Discussion of this document takes place on the
        rats Working Group mailing list (<eref target="mailto:rats@ietf.org"/>),
        which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/rats/"/>.
        Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/rats/"/>.
      </t>
      <t>Source for this draft and an issue tracker can be found at
        <eref target="https://github.com/ietf-rats-wg/draft-birkholz-rats-epoch-marker"/>.</t>
    </note>
  </front>
  <middle>
    <?line 113?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>Systems that need to interact securely often require a shared understanding of the freshness of conveyed information.
This is certainly the case in the domain of remote attestation procedures.
In general, securely establishing a shared notion of freshness of the exchanged information among entities in a distributed system is not a simple task.</t>
      <t>The entire <xref section="A" sectionFormat="of" target="RFC9334"/> deals solely with the topic of freshness, which is in itself an indication of how relevant, and complex, it is to establish a trusted and shared understanding of freshness in a RATS system.</t>
      <t>This document defines Epoch Markers as a way to establish a notion of freshness among actors in distributed systems.
Epoch Markers are similar to "time ticks" and are produced and distributed by a dedicated system, the Epoch Bell.
Actors in a system that receive Epoch Markers do not have to track freshness using their own understanding of time (e.g., via a local real-time clock).
Instead, the reception of a certain Epoch Marker establishes a new epoch that is shared between all recipients.
In essence, the emissions and corresponding receptions of Epoch Markers are like the ticks of a clock, with these ticks being conveyed over the Internet.</t>
      <t>In general (barring highly symmetrical topologies), epoch ticking incurs differential latency due to the non-uniform distribution of receivers with respect to the Epoch Bell.
This introduces skew that needs to be taken into consideration when Epoch Markers are used.</t>
      <t>While all Epoch Markers share the same core property of behaving like clock ticks in a shared domain, various "Epoch ID" values are defined as Epoch Marker types in this document to accommodate different use cases and diverse kinds of Epoch Bells.</t>
      <t>While most Epoch Markers types are encoded in CBOR <xref target="STD94"/>, and many of the Epoch ID types are themselves encoded in CBOR, a prominent format in this space is the TimeStampToken (TST) defined by <xref target="RFC3161"/>, a DER-encoded TSTInfo value wrapped in a CMS envelope <xref target="RFC5652"/>.
TSTs are produced by Time-Stamp Authorities (TSA) and exchanged via the Time-Stamp Protocol (TSP).
At the time of writing, TSAs are the most common providers of secure time-stamping services.
Therefore, reusing the core TSTInfo structure as an Epoch ID type for Epoch Markers is instrumental for enabling smooth migration paths and promote interoperability.
There are, however, several other ways to represent a signed timestamp or the start of a new freshness epoch, respectively, and therefore other Epoch Marker types.</t>
      <t>To inform the design, this document discusses a number of interaction models in which Epoch Markers are expected to be exchanged.
The default top-level structure of Epoch Markers described in this document is CBOR Web Tokens (CWT) <xref target="RFC8392"/>.
The present document specifies an extensible set of Epoch Marker types, along with the <tt>em</tt> CWT claim to include them in CWTs.
CWTs are signed using COSE <xref target="STD96"/> and benefit from wide tool support.
However, CWTs are not the only containers in which Epoch Markers can be embedded.
Epoch Markers can be included in any type of message that allows for the embedding of opaque bytes or CBOR data items.
Examples include the Collection CMW in <xref target="I-D.ietf-lamps-csr-attestation"/>, Evidence formats such as <xref target="TCG-CoEvidence"/> or <xref target="I-D.ietf-rats-eat"/>, Attestation Results formats such as <xref target="I-D.ietf-rats-ar4si"/>, or the CWT Claims Header Parameter of <xref target="I-D.ietf-scitt-architecture"/>.</t>
      <t>Epoch markers can be used in the following ways:</t>
      <ul spacing="normal">
        <li>
          <t>as embeddings in other data formats</t>
        </li>
        <li>
          <t>as information elements in protocols</t>
        </li>
        <li>
          <t>in systems that integrate the aforementioned protocols or data formats</t>
        </li>
        <li>
          <t>in the deployment of such systems</t>
        </li>
      </ul>
      <t>All of these can be considered "users" of Epoch Markers and will be referred to as entities "using Epoch Markers” throughout the document.</t>
      <section anchor="terminology">
        <name>Terminology</name>
        <t>This document makes use of the following terms from other documents:</t>
        <ul spacing="normal">
          <li>
            <t>"conceptual messages" as defined in <xref section="8" sectionFormat="of" target="RFC9334"/></t>
          </li>
          <li>
            <t>"freshness" and "epoch" as defined in <xref section="10" sectionFormat="of" target="RFC9334"/></t>
          </li>
          <li>
            <t>"handle" as defined in <xref section="6" sectionFormat="of" target="I-D.ietf-rats-reference-interaction-models"/></t>
          </li>
          <li>
            <t>"Time-Stamp Authority" as defined by <xref target="RFC3161"/></t>
          </li>
        </ul>
        <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
        <?line -18?>

<t>In this document, CDDL <xref target="RFC8610"/> is used to describe the data formats.  The examples in <xref target="examples"/> use the CBOR Extended Diagnostic Notation (EDN, <xref target="I-D.ietf-cbor-edn-literals"/>).</t>
      </section>
    </section>
    <section anchor="epoch-ids">
      <name>Epoch IDs</name>
      <t>The RATS architecture introduces the concept of Epoch IDs that mark certain events during remote attestation procedures ranging from simple handshakes to rather complex interactions including elaborate freshness proofs.
The Epoch Markers defined in this document are a solution that includes the lessons learned from TSAs, the concept of Epoch IDs defined in the RATS architecture, and provides several means to identify a new freshness epoch. Some of these methods are introduced and discussed in <xref section="10.3" sectionFormat="of" target="RFC9334"/> (the RATS architecture).</t>
    </section>
    <section anchor="interaction-models">
      <name>Interaction Models</name>
      <t>The interaction models illustrated in this section are derived from the RATS Reference Interaction Models <xref target="I-D.ietf-rats-reference-interaction-models"/>.
In general, there are three major interaction models used in remote attestation:</t>
      <ul spacing="normal">
        <li>
          <t>ad-hoc requests (e.g., via challenge-response requests addressed at Epoch Bells), corresponding to <xref section="7.1" sectionFormat="of" target="I-D.ietf-rats-reference-interaction-models"/></t>
        </li>
        <li>
          <t>unsolicited distribution (e.g., via uni-directional methods, such as broad- or multicasting from Epoch Bells), corresponding to <xref section="7.2" sectionFormat="of" target="I-D.ietf-rats-reference-interaction-models"/></t>
        </li>
        <li>
          <t>solicited distribution (e.g., via a subscription to Epoch Bells), corresponding to <xref section="7.3" sectionFormat="of" target="I-D.ietf-rats-reference-interaction-models"/></t>
        </li>
      </ul>
      <t>In all three interaction models, Epoch Markers can be used as content for the generic information element <tt>handle</tt> as introduced by <xref target="I-D.ietf-rats-reference-interaction-models"/>.
Handles are used to establish freshness in ad-hoc, unsolicited, and solicited distribution mechanisms of an Epoch Bell.
For example, an Epoch Marker can be used as a nonce in challenge-response remote attestation (e.g., for limiting the number of ad-hoc requests by a Verifier).
If embedded in a CWT, an Epoch Marker can be used as a <tt>handle</tt> by extracting the value of the <tt>em</tt> Claim or by using the complete CWT including an <tt>em</tt> Claim (e.g., functioning as a signed time-stamp token).
Using an Epoch Marker requires the challenger to acquire an Epoch Marker beforehand, which may introduce a sensible overhead compared to using a simple nonce.</t>
      <t>When an Epoch Marker is used as the <tt>handle</tt> in the Passport or Background-Check challenge-response flows defined by <xref target="I-D.ietf-rats-reference-interaction-models"/>, the Verifier <bcp14>MUST</bcp14> follow the relevant Epoch Marker validation and acceptance policy.
That policy <bcp14>MUST</bcp14> fulfil the applicable requirements presented in this document, such as accepted epoch windows, replay or rollback detection state, and deployment-specific skew introduced by the Evidence path.</t>
      <t>For Background-Check, the policy <bcp14>MUST</bcp14> account for the additional path through the Relying Party before Evidence reaches the Verifier.
For Passport, any Attestation Result derived from such Evidence <bcp14>MUST</bcp14> remain bound to the Epoch Marker, or to the <tt>handle</tt> containing it, so that subsequent freshness decisions can be made according to Relying Party policy.</t>
    </section>
    <section anchor="sec-epoch-markers">
      <name>Epoch Marker Structure</name>
      <t>This section specifies the structure of Epoch Marker types using CDDL <xref target="RFC8610"/> and illustrates their usage and relationship with other IETF work (e.g, <xref target="RFC3161"/>) where applicable.
In general, Epoch Markers are intended to be conveyed securely, e.g., by being included in a signed data structure, such as a CBOR Web Token (CWT), or by being sent via a secure channel.
The specification of such "outer" structures and protocols and the means how to secure them is beyond the scope of this document.
This document defines the different types of Epoch Markers in <xref target="sec-iana-cbor-tags"/>.
When the media type <tt>application/epoch-marker+cbor</tt> is used to label content as an Epoch Marker, the <tt>em-type</tt> media type parameter can optionally specify the Epoch Marker type by referencing its CBOR tag number.
For example, an Epoch Marker can be used to construct a CBOR-based trusted time stamp token, similar in function to a <xref target="RFC3161"/> TimeStampToken, using CWT and the <tt>em</tt> Claim defined in this document (see <xref target="fig-ex-2"/> for an illustration).
The value(s) that an Epoch Marker represents are intended to demonstrate freshness of messages and protocols, but they can also serve other purposes in cases where trusted timestamps or time intervals are required.
Taken as an opaque value, it is possible to use Epoch Markers as values for a nonce field in existing data structures or protocols that already support extra data fields, such as <tt>extraData</tt> in TPMS_ATTEST <xref target="TCG-TPM2"/>.
Similarities in the usage of nonces and Epoch Markers can sometimes lead to applications where both are used in the same interaction, albeit in different places and for different purposes.
One example of such an application scenario is the "nested" use of classical nonces and Epoch Markers, whereby an Epoch Marker is requested to be used as a nonce value for a specific data structure, while a locally generated nonce is used to retrieve that Epoch Marker via an "outer" ad hoc interaction (e.g., nonce retrieval protocols that interact with an Epoch Bell to fetch an Epoch Marker to be used as a nonce).
As some Epoch Marker types represent certain timestamp variants, these Epoch Markers or the secure conveyance method they are used in do not necessarily have a hard-coded message imprint, as is always the case with <xref target="RFC3161"/> TimeStampTokens.
This means that not all Epoch Marker types support binding a message to an Epoch Marker (unlike the example in <xref target="fig-ex-2"/>.</t>
      <t>The following Epoch Marker types are defined in this document:</t>
      <figure anchor="fig-epoch-marker-cddl">
        <name>Epoch Marker types (tag numbers 2698x are suggested, not yet allocated)</name>
        <sourcecode type="cddl"><![CDATA[
{::include cddl/epoch-marker.cddl}
]]></sourcecode>
      </figure>
      <figure anchor="fig-epoch-marker-cwt">
        <name>Epoch Marker as a CWT Claim (CWT claim number 2000 is suggested, not yet allocated)</name>
        <sourcecode type="cddl"><![CDATA[
{::include cddl/epoch-marker-claim.cddl}
]]></sourcecode>
      </figure>
      <section anchor="epoch-payloads">
        <name>Epoch Marker Types</name>
        <t>This section specifies the Epoch Marker types listed in <xref target="fig-epoch-marker-cddl"/>.</t>
        <section anchor="sec-cbor-time">
          <name>CBOR Time Tags</name>
          <t>CBOR Time Tags are CBOR time representations choosing from CBOR tag 0 (<tt>tdate</tt>, RFC3339 time as a string), tag 1 (<tt>time</tt>, POSIX time as int or float), or tag 1001 (extended time data item).</t>
          <sourcecode type="cddl"><![CDATA[
{::include cddl/cbor-time-tag.cddl}
]]></sourcecode>
          <t>The CBOR Time Tag represents a freshly sourced timestamp represented as either <tt>time</tt> or <tt>tdate</tt>
(Sections <xref target="RFC8949" section="3.4.2" sectionFormat="bare"/> and <xref target="RFC8949" section="3.4.1" sectionFormat="bare"/> of RFC 8949 <xref target="STD94"/>, <xref section="D" sectionFormat="of" target="RFC8610"/>), or <tt>etime</tt> (<xref section="3" sectionFormat="of" target="RFC9581"/>).
The <tt>etime</tt> rule shown in the CDDL above is imported from <xref section="6" sectionFormat="of" target="RFC9581"/>; RFC 9581 remains the authoritative specification of CBOR tag 1001, and this document neither updates nor redefines it.
This document merely profiles <tt>etime</tt> for use with Epoch Markers.</t>
          <section anchor="creation">
            <name>Creation</name>
            <t>To generate the cbor-time value, the emitter <bcp14>MUST</bcp14> follow the requirements in <xref target="sec-time-reqs"/>.</t>
          </section>
        </section>
        <section anchor="sec-rfc3161-classic">
          <name>Classical RFC 3161 TST Info</name>
          <t>DER-encoded <xref target="X.690"/> TSTInfo <xref target="RFC3161"/>.  See <xref target="classic-tstinfo"/> for the layout.</t>
          <sourcecode type="cddl"><![CDATA[
{::include cddl/classical-rfc3161-tst-info.cddl}
]]></sourcecode>
          <t>The following describes the classical-rfc3161-TST-info type.</t>
          <dl newline="true">
            <dt>classical-rfc3161-TST-info:</dt>
            <dd>
              <t>The DER-encoded TSTInfo generated by a <xref target="RFC3161"/> Time Stamping Authority.</t>
            </dd>
          </dl>
          <section anchor="creation-1">
            <name>Creation</name>
            <t>The Epoch Bell <bcp14>MUST</bcp14> use the following value as MessageImprint in its request to the TSA:</t>
            <sourcecode type="asn.1"><![CDATA[
SEQUENCE {
  SEQUENCE {
    OBJECT      2.16.840.1.101.3.4.2.1 (sha256)
    NULL
  }
  OCTET STRING
    BF4EE9143EF2329B1B778974AAD445064940B9CAE373C9E35A7B23361282698F
}
]]></sourcecode>
            <t>This is the sha-256 hash of the string "EPOCH_BELL".</t>
            <t>The TimeStampToken obtained from the TSA <bcp14>MUST</bcp14> be stripped of the TSA signature.
Only the TSTInfo is to be kept the rest <bcp14>MUST</bcp14> be discarded.
The Epoch Bell COSE signature will replace the TSA signature.</t>
          </section>
        </section>
        <section anchor="sec-rfc3161-fancy">
          <name>CBOR-encoded RFC3161 TST Info</name>
          <t>The TST-info-based-on-CBOR-time-tag is semantically equivalent to classical <xref target="RFC3161"/> TSTInfo, rewritten using the CBOR type system.</t>
          <sourcecode type="cddl"><![CDATA[
{::include cddl/tst-info.cddl}
]]></sourcecode>
          <t>The following describes each member of the TST-info-based-on-CBOR-time-tag map.</t>
          <dl newline="true">
            <dt>version:</dt>
            <dd>
              <t>The integer value 1.  Cf. version, <xref section="2.4.2" sectionFormat="of" target="RFC3161"/>.</t>
            </dd>
            <dt>policy:</dt>
            <dd>
              <t>A <xref target="RFC9090"/> object identifier tag (111 or 112) representing the TSA's policy under which the tst-info was produced.
Cf. policy, <xref section="2.4.2" sectionFormat="of" target="RFC3161"/>.</t>
            </dd>
            <dt>messageImprint:</dt>
            <dd>
              <t>A <xref target="RFC9054"/> COSE_Hash_Find array carrying the hash algorithm
identifier and the hash value of the time-stamped datum.
Cf. messageImprint, <xref section="2.4.2" sectionFormat="of" target="RFC3161"/>.</t>
            </dd>
            <dt>serialNumber:</dt>
            <dd>
              <t>A unique integer value assigned by the TSA to each issued tst-info.
Cf. serialNumber, <xref section="2.4.2" sectionFormat="of" target="RFC3161"/>.</t>
            </dd>
            <dt>eTime:</dt>
            <dd>
              <t>The time at which the tst-info has been created by the TSA.
Cf. genTime, <xref section="2.4.2" sectionFormat="of" target="RFC3161"/>.
Encoded as extended time <xref target="RFC9581"/>, indicated by CBOR tag 1001.
A separate tag is unnecessary because the profiled form remains an <tt>etime</tt> item carried with tag 1001.
RFC 9581 defines tag 1001 and its semantics; this document constrains one valid <tt>etime</tt> shape for Epoch Markers but does not introduce a new CBOR tag or alter the definition of <tt>etime</tt>.
The resulting <tt>profiled-etime</tt> remains a subset/profile of <tt>etime</tt> encoded with tag 1001 and is defined as follows:</t>
            </dd>
          </dl>
          <ul spacing="normal">
            <li>
              <t>The "base time" is encoded using key 1, indicating POSIX time as int or float, to align the profile with the baseline representation defined in <xref target="RFC9581"/>.</t>
            </li>
            <li>
              <t>The stated "accuracy" is encoded using key -8, which indicates the maximum
allowed deviation from the value indicated by "base time". The duration map
is profiled to disallow string keys. This is an optional field specialized to the needs of this profile.</t>
            </li>
            <li>
              <t>The map <bcp14>MUST</bcp14> include key 1 and <bcp14>MAY</bcp14> include additional negative integer keys, which can be used to encode supplementary information.
Unsigned integer keys, including 4, 5, and the keys in the $$ETIME-CRITICAL group choice, <bcp14>MUST NOT</bcp14> be used, unless the emitter wants to ensure that only implementations that understand the critical key interoperate.</t>
            </li>
          </ul>
          <t>Fixing key 1 for the base time and profiling key -8 provide a consistent shape for the profiled <tt>etime</tt> maps consumed by Epoch Markers without changing the meaning of the corresponding keys in <xref target="RFC9581"/>.
Key 1 is pinned so all profiled <tt>etime</tt> values share the same base-time representation, and key -8 is specialized to carry the accuracy bound expected by the TSA-style timestamps used here.
The permissive <tt>* int =&gt; any</tt> entry remains to allow other members defined by <xref target="RFC9581"/> and future extensions; implementations still rely on <xref target="RFC9581"/> for the full semantics and validation of <tt>etime</tt> beyond the constraints listed here.</t>
          <dl newline="true">
            <dt>ordering:</dt>
            <dd>
              <t>boolean indicating whether tst-info issued by the TSA can be ordered solely based on the "base time".
This is an optional field, whose default value is "false".
Cf. ordering, <xref section="2.4.2" sectionFormat="of" target="RFC3161"/>.</t>
            </dd>
            <dt>nonce:</dt>
            <dd>
              <t>int value echoing the nonce supplied by the requestor.
Cf. nonce, <xref section="2.4.2" sectionFormat="of" target="RFC3161"/>.</t>
            </dd>
            <dt>tsa:</dt>
            <dd>
              <t>a single-entry GeneralNames array <xref section="11.8" sectionFormat="of" target="I-D.ietf-cose-cbor-encoded-cert"/> providing a hint in identifying the name of the TSA.
Cf. tsa, <xref section="2.4.2" sectionFormat="of" target="RFC3161"/>.</t>
            </dd>
            <dt>$$TSTInfoExtensions:</dt>
            <dd>
              <t>A CDDL socket (<xref section="3.9" sectionFormat="of" target="RFC8610"/>) to allow extensibility of the data format.
Note that any extensions appearing here <bcp14>MUST</bcp14> match an extension in the
corresponding request.
Cf. extensions, <xref section="2.4.2" sectionFormat="of" target="RFC3161"/>.</t>
            </dd>
          </dl>
          <section anchor="creation-2">
            <name>Creation</name>
            <t>The Epoch Bell <bcp14>MUST</bcp14> use the following value as messageImprint in its request to the TSA:</t>
            <sourcecode type="cbor-diag"><![CDATA[
[
    / hashAlg   / -16, / sha-256 /
    / hashValue / h'BF4EE9143EF2329B1B778974AAD44506
                    4940B9CAE373C9E35A7B23361282698F'
]
]]></sourcecode>
            <t>This is the sha-256 hash of the string "EPOCH_BELL".</t>
          </section>
        </section>
        <section anchor="sec-epoch-tick">
          <name>Epoch Tick</name>
          <t>An Epoch Tick is a single opaque blob sent to multiple consumers.</t>
          <sourcecode type="cddl"><![CDATA[
{::include cddl/multi-nonce.cddl}
]]></sourcecode>
          <t>The following describes the epoch-tick type.</t>
          <dl newline="true">
            <dt>epoch-tick:</dt>
            <dd>
              <t>Either a string, a byte string, or an integer used by RATS roles within a trust domain as extra data (<tt>handle</tt>) included in conceptual messages <xref target="RFC9334"/>. Similarly to the use of nonces, this allows the conceptual messages to be associated with a certain epoch. However, unlike nonces (which require uniqueness), Epoch Markers can be used in multiple interactions by every consumer involved.</t>
            </dd>
          </dl>
          <section anchor="creation-3">
            <name>Creation</name>
            <t>The emitter <bcp14>MUST</bcp14> follow the requirements in <xref target="sec-nonce-reqs"/>.</t>
          </section>
        </section>
        <section anchor="sec-epoch-tick-list">
          <name>Epoch Tick List</name>
          <t>A list of Epoch Ticks sent to multiple consumers.
The consumers use each Epoch Tick in the list sequentially.
Similarly to the use of nonces, this allows each interaction to be associated with a certain epoch. However, unlike nonces (which require uniqueness), Epoch Markers can be used in multiple interactions by every consumer involved.</t>
          <sourcecode type="cddl"><![CDATA[
{::include cddl/multi-nonce-list.cddl}
]]></sourcecode>
          <t>The following describes the Epoch Tick List type.</t>
          <dl newline="true">
            <dt>epoch-tick-list:</dt>
            <dd>
              <t>A sequence of byte strings used by RATS roles in trust domain as extra data (<tt>handle</tt>) in the generation of conceptual messages as specified by the RATS architecture <xref target="RFC9334"/> to associate them with a certain epoch.
Each Epoch Tick in the list is used in a consecutive generation of a conceptual message.
Asserting freshness of a conceptual message including an Epoch Tick from the epoch-tick-list requires some state on the receiver side to assess if that Epoch Tick is the appropriate next unused Epoch Tick from the epoch-tick-list.</t>
            </dd>
          </dl>
          <section anchor="creation-4">
            <name>Creation</name>
            <t>The emitter <bcp14>MUST</bcp14> follow the requirements in <xref target="sec-nonce-reqs"/>.</t>
          </section>
          <section anchor="usage">
            <name>Usage</name>
            <t>Proving freshness requires receiver-side state to identify the “next unused” tick.
Systems using Epoch Tick lists <bcp14>SHOULD</bcp14> define how missing/out-of-order ticks are handled and how resynchronization occurs, as per <xref target="sec-state-seq-mgmt"/>.</t>
          </section>
        </section>
        <section anchor="sec-strictly-monotonic">
          <name>Strictly Monotonically Increasing Counter</name>
          <t>A strictly monotonically increasing counter.</t>
          <t>The counter context is defined by the Epoch Bell.</t>
          <sourcecode type="cddl"><![CDATA[
{::include cddl/strictly-monotonic-counter.cddl}
]]></sourcecode>
          <t>The following describes the strictly-monotonic-counter type.</t>
          <dl newline="true">
            <dt>strictly-monotonic-counter:</dt>
            <dd>
              <t>An unsigned integer used by RATS roles in a trust domain as extra data in the production of conceptual messages as specified by the RATS architecture <xref target="RFC9334"/> to associate them with a certain epoch. Each new strictly-monotonic-counter value must be higher than the last one.</t>
            </dd>
          </dl>
          <section anchor="usage-1">
            <name>Usage</name>
            <t>Systems that use Epoch Markers <bcp14>SHOULD</bcp14> follow the guidance in <xref target="sec-state-seq-mgmt"/> in establishing an Epoch Marker acceptance policy for receivers.
To prove freshness, receivers <bcp14>SHOULD</bcp14> track the highest accepted counter and ensure it fulfills the acceptance policy.</t>
          </section>
        </section>
        <section anchor="sec-epoclet">
          <name>Epoclet</name>
          <t>In a highly available service (e.g., a cloud attestation Verifier), maintaining per-session nonce state can cause scalability issues.
One alternative is to use time-synchronized servers that share a symmetric key and produce and consume nonces based on epoch ticks signed using the shared secret.
This means that a nonce minted by one server can be processed by any other server, avoiding the need for session "stickiness".</t>
          <t>An <tt>epoclet</tt> is an Epoch ID variant that supports the above use case by encoding a POSIX time (i.e., the epoch identifier) alongside a minimal set of metadata.
This is all authenticated with a symmetric key in a self-contained and compact token that fits within 64 bytes.
This makes it easy to use with common Evidence retrieval ABIs, which tend to limit the size of the challenge parameter to 64 bytes.</t>
          <sourcecode type="cddl"><![CDATA[
{::include cddl/epoclet.cddl}
]]></sourcecode>
          <t>The following describes the <tt>epoclet</tt> type.</t>
          <dl newline="true">
            <dt>KeyID:</dt>
            <dd>
              <t>A one-byte opaque identifier that is shared across the server pool.
It is used to identify the key used to compute the AuthTag.
Its interpretation is deployment-specific.</t>
            </dd>
            <dt>Timestamp:</dt>
            <dd>
              <t>The time associated with the current epoch encoded as the CBOR tag for POSIX time.
It <bcp14>MUST</bcp14> use the int format.
The CBOR tag <bcp14>MUST</bcp14> be removed.
Note that this encoding restricts the granularity of this Epoch ID to one second.</t>
            </dd>
            <dt>Pad:</dt>
            <dd>
              <t>Zero or more (up to 20) bytes of padding.
This field is used to adjust the overall size of the <tt>epoclet</tt>, ranging from a minimum of 44 bytes (0 bytes of padding) to a maximum of 64 bytes (20 bytes of padding).
The padding bytes can assume any value.</t>
            </dd>
            <dt>AuthTag:</dt>
            <dd>
              <t>32 bytes string which is the result of applying HMAC <xref target="RFC2104"/> with SHA-256 over the CBOR serialization of the TimeToken array.
The serialization <bcp14>MUST</bcp14> use the CBOR deterministic encoding as specified in Section <xref target="RFC8949" section="4.2" sectionFormat="bare"/> of RFC 8949 <xref target="STD94"/>.</t>
            </dd>
          </dl>
          <section anchor="usage-2">
            <name>Usage</name>
            <t>The same size limit defined in <xref target="sec-nonce-reqs"/> applies: an encoded <tt>epoclet</tt> <bcp14>MUST</bcp14> be no more than 64 bytes in length.</t>
            <t>The requirements in <xref target="sec-time-reqs"/> apply.
Furthermore, when used in a server farm, the clocks of the servers that participate in the protocol <bcp14>MUST</bcp14> be synchronized.</t>
            <t>It is <bcp14>RECOMMENDED</bcp14> that the handling (i.e., storage, replication and rotation) of the symmetric key used to generate the authentication tag follows the recommendations and best practices described in <xref target="NIST-SP-800-pt2"/>.</t>
          </section>
        </section>
      </section>
      <section anchor="sec-time-reqs">
        <name>Time Requirements</name>
        <t>Time <bcp14>MUST</bcp14> be sourced from a trusted clock (see <xref section="10.1" sectionFormat="of" target="RFC9334"/>).</t>
      </section>
      <section anchor="sec-nonce-reqs">
        <name>Nonce Requirements</name>
        <t>A nonce value used in a protocol or message to retrieve an Epoch Marker <bcp14>MUST</bcp14> be freshly generated.
The generated value <bcp14>MUST</bcp14> have at least 64 bits of entropy (before encoding).
The generated value <bcp14>MUST</bcp14> be generated via a cryptographically secure random number generator.</t>
        <t>A maximum nonce size of 512 bits is set to limit the memory requirements.
All receivers <bcp14>MUST</bcp14> be able to accommodate the maximum size.</t>
      </section>
      <section anchor="sec-state-seq-mgmt">
        <name>State and Sequencing Management</name>
        <t>Data structures containing Epoch Markers could be reordered in-flight even without malicious intent, leading to perceived sequencing issues.
Some Epoch Marker types thus require receiver state to detect replay/rollback or establish sequencing.
Systems that use Epoch Markers <bcp14>SHOULD</bcp14> define an explicit acceptance policy (e.g., bounded acceptance window) that accounts for reordering of markers.</t>
        <t>Usage of variable emission timings or counter increments when emitting Epoch Markers (see <xref target="priv-cons"/>) <bcp14>SHOULD</bcp14> be coupled with an assessment of acceptance window sizes.
The maximum timing variability used by the Epoch Bell, marker distribution latency, expected in-flight reordering, and conceptual message delivery latency <bcp14>SHOULD</bcp14> all be considered when determining the minimum practical acceptance window.
Excessive timing variability reduces the effective lifetime of epochs, and so can cause freshness failures for distant participants.</t>
        <t>There is a trade-off between keeping a single “global” epoch view versus per-Attester state at the Verifier: global-only policies can exacerbate latency-induced false replay rejections, while per-Attester tracking can be costly.
Systems that use Epoch Markers <bcp14>SHOULD</bcp14> document whether they use global epoch tracking or per-Attester state and, if necessary, the associated window.</t>
      </section>
    </section>
    <section anchor="sec-signature-reqs">
      <name>Signature Requirements</name>
      <t>The signature over an Epoch Marker <bcp14>MUST</bcp14> be generated by the Epoch Bell.
Conversely, applying the first signature to an Epoch Marker always makes the issuer of a signed message containing an Epoch Marker an Epoch Bell.</t>
    </section>
    <section anchor="sec-seccons">
      <name>Security Considerations</name>
      <t>In distributed systems that rely on Epoch Markers for conveyance of freshness, the Epoch Bell plays a significant role in the assumed trust model.
Freshness decisions derived from Epoch Markers depend on the Epoch Bell’s key(s) and correct behavior.
If the Epoch Bell key is compromised, or the Bell is malicious/misconfigured, an attacker can emit valid-looking “fresh” Epoch Markers.
System deployments using Epoch Markers generally need to protect Bell signing keys (secure storage, rotation, revocation) and scope acceptance to the intended trust domain (e.g., expected issuer/trust anchor).
Similarly, the Bell's clock needs to be securely sourced and managed, to prevent attacks that skew the Bell's perception of time.</t>
      <section anchor="epoch-signalling-issues">
        <name>Epoch Signalling Issues</name>
        <t><xref section="12.3" sectionFormat="of" target="RFC9334"/> provides a good introduction to attacks on conveyance of Epoch Markers.
A network adversary can replay validly signed Epoch Markers or delay distribution, and differential latency can lead to different parties having different views of the “current” epoch.</t>
        <t>The epoch (acceptable window) duration is an operational security parameter: if too long, an Attester can create “good” Evidence in a good state and release it later while the epoch is still acceptable (notably for epoch-tick, epoch-tick-list, and strictly-monotonic-counter); if too short, distant Attesters may be rejected as stale due to latency.
Epoch Markers are also designed to be reusable by multiple consumers, unlike nonces.
Where per-session uniqueness is required, protocols typically need to bind Epoch Markers to an explicit nonce (e.g., see <xref target="sec-epoch-markers"/>).
Finally, system deployments using Epoch Markers are normally required to pin which Epoch Marker types are acceptable for a given trust domain to avoid downgrade.</t>
      </section>
      <section anchor="operational-examples">
        <name>Operational Examples</name>
        <t>The following illustrative cases highlight “reasonable best practice” choices for balancing freshness, replay protection, and scalability.</t>
        <ul spacing="normal">
          <li>
            <t><em>Nonce-bound Bell interaction</em>: When a Verifier uses a nonce challenge to trigger Evidence creation, the Attester can forward that nonce to the Epoch Bell to request an Epoch Marker with the nonce echoed inside.
For reuse and caching, the typical pattern is to keep the marker generic and embed the Verifier nonce alongside the marker in the Evidence: if the Bell signs a nonce-echoed marker, that marker is not reusable across sessions.
The nonce and marker are thus either bound by the Bell's signature, or by the attester's signature on the Evidence.
The Verifier checks that (1) the nonce matches its challenge, (2) the Epoch Marker signature chains to the expected Bell key, and (3) the marker satisfies the acceptance policy (e.g., highest-seen counter or time window).
This pairing gives per-session uniqueness while still allowing Epoch Marker reuse by multiple consumers.</t>
          </li>
          <li>
            <t><em>Long-latency paths (e.g., LoRaWAN or DTN profiles)</em>: High propagation and queuing delays make tight epoch windows brittle.
In system deployments using Epoch Markers, epoch-tick-list can be pre-provisioned to Attesters so that each interaction consumes the next tick, with the Verifier keeping per-Attester sequencing state (<xref target="sec-state-seq-mgmt"/>).
Epoch duration should cover worst-case delivery plus clock skew of the Bell, and acceptance policies should allow an overlap (e.g., current and immediately previous epoch) to absorb in-flight drift while still rejecting replays beyond that window.</t>
          </li>
          <li>
            <t><em>Large fleets sharing a Bell</em>: When many Attesters reuse the same Epoch Marker, per-Attester state at the Verifier may be impractical.
One approach is to accept a global highest-seen epoch (with a bounded replay window) while requiring each Evidence record to bind the Epoch Marker to the Attester identity and, when feasible, a Verifier-provided nonce.
This limits cross-attester replay of a single Epoch Marker while keeping the Bell stateless, which allows Epoch Markers to be cached and enables their broadcast distribution at scale.</t>
          </li>
        </ul>
      </section>
    </section>
    <section anchor="priv-cons">
      <name>Privacy Considerations</name>
      <t>When issued at predictable time intervals or with predictably sequential values, Epoch Markers can act as system-wide synchronization signals.
Observers may be able to infer epoch boundaries, correlate messages produced within the same epoch, identify entities using the same Epoch Bell, and learn the cadence of specific operations.
This linking may be performed even when the conceptual messages are otherwise protected.</t>
      <t>System deployments using Epoch Markers where traffic analysis is a concern should make Epoch Marker values and issuance patterns less predictable.
Epoch Bells can make their Epoch Marker emission timing variable.
When monotonic-counter-based markers are used, the increments between successive marker values can be made variable.
As an additional step, the scoping of markers (per trust domain, audience, or protocol context) should be considered.</t>
    </section>
    <section anchor="sec-iana-cons">
      <name>IANA Considerations</name>
      <t><cref anchor="rfced-replace">RFC Editor: please replace RFCthis with the RFC
number of this RFC and remove this note.</cref></t>
      <section anchor="sec-iana-cbor-tags">
        <name>New CBOR Tags</name>
        <t>IANA is requested to allocate the following tags in the "CBOR Tags" registry
<xref target="IANA.cbor-tags"/>, preferably with the specific CBOR tag value requested:</t>
        <table align="left" anchor="tbl-cbor-tags">
          <name>New CBOR Tags</name>
          <thead>
            <tr>
              <th align="left">Tag</th>
              <th align="left">Data Item</th>
              <th align="left">Semantics</th>
              <th align="left">Reference</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">26980</td>
              <td align="left">bytes</td>
              <td align="left">DER-encoded RFC3161 TSTInfo</td>
              <td align="left">
                <xref target="sec-rfc3161-classic"/> of RFCthis</td>
            </tr>
            <tr>
              <td align="left">26981</td>
              <td align="left">map</td>
              <td align="left">CBOR representation of RFC3161 TSTInfo semantics</td>
              <td align="left">
                <xref target="sec-rfc3161-fancy"/> of RFCthis</td>
            </tr>
            <tr>
              <td align="left">26982</td>
              <td align="left">tstr / bstr / int</td>
              <td align="left">a nonce that is shared among many participants but that can only be used once by each participant</td>
              <td align="left">
                <xref target="sec-epoch-tick"/> of RFCthis</td>
            </tr>
            <tr>
              <td align="left">26983</td>
              <td align="left">array</td>
              <td align="left">a list of multi-nonce</td>
              <td align="left">
                <xref target="sec-epoch-tick-list"/> of RFCthis</td>
            </tr>
            <tr>
              <td align="left">26984</td>
              <td align="left">uint</td>
              <td align="left">strictly monotonically increasing counter</td>
              <td align="left">
                <xref target="sec-strictly-monotonic"/> of RFCthis</td>
            </tr>
            <tr>
              <td align="left">26985</td>
              <td align="left">array</td>
              <td align="left">an "epoclet"</td>
              <td align="left">
                <xref target="sec-epoclet"/> of RFCthis</td>
            </tr>
          </tbody>
        </table>
      </section>
      <section anchor="sec-iana-em-claim">
        <name> New EM CWT Claim</name>
        <t>This specification adds the following value to the "CBOR Web Token Claims" registry <xref target="IANA.cwt"/>.</t>
        <ul spacing="normal">
          <li>
            <t>Claim Name: em</t>
          </li>
          <li>
            <t>Claim Description: Epoch Marker</t>
          </li>
          <li>
            <t>Claim Key: 2000 (IANA: suggested assignment)</t>
          </li>
          <li>
            <t>Claim Value Type(s): CBOR array</t>
          </li>
          <li>
            <t>Change Controller: IETF</t>
          </li>
          <li>
            <t>Specification Document(s): <xref target="sec-epoch-markers"/> of RFCthis</t>
          </li>
        </ul>
      </section>
      <section anchor="new-media-type-applicationepoch-markercbor">
        <name>New Media Type <tt>application/epoch-marker+cbor</tt></name>
        <t>IANA is requested to add the <tt>application/epoch-marker+cbor</tt> media types to the "Media Types" registry <xref target="IANA.media-types"/>, using the following template:</t>
        <dl spacing="compact">
          <dt>Type name:</dt>
          <dd>
            <t>application</t>
          </dd>
          <dt>Subtype name:</dt>
          <dd>
            <t>epoch-marker+cbor</t>
          </dd>
          <dt>Required parameters:</dt>
          <dd>
            <t>no</t>
          </dd>
          <dt>Optional parameters:</dt>
          <dd>
            <t><tt>em-type</tt>: the CBOR tag number that identifies the specific Epoch Marker.
This value is encoded as an unsigned decimal integer, without leading zeroes, except for the actual number 0.
For example, <tt>em-type=26982</tt> identifies an Epoch Tick.</t>
          </dd>
          <dt>Encoding considerations:</dt>
          <dd>
            <t>binary (CBOR)</t>
          </dd>
          <dt>Security considerations:</dt>
          <dd>
            <t><xref target="sec-seccons"/> of RFCthis</t>
          </dd>
          <dt>Interoperability considerations:</dt>
          <dd>
            <t>n/a</t>
          </dd>
          <dt>Published specification:</dt>
          <dd>
            <t>RFCthis</t>
          </dd>
          <dt>Applications that use this media type:</dt>
          <dd>
            <t>RATS Attesters, Verifiers, Endorsers and Reference-Value providers, and Relying Parties that need to transfer Epoch Markers payloads over HTTP(S), CoAP(S), and other transports.</t>
          </dd>
          <dt>Fragment identifier considerations:</dt>
          <dd>
            <t>The syntax and semantics of fragment identifiers are as specified for "application/cbor". (No fragment identification syntax is currently defined for "application/cbor".)</t>
          </dd>
          <dt>Person &amp; email address to contact for further information:</dt>
          <dd>
            <t>RATS WG mailing list (rats@ietf.org)</t>
          </dd>
          <dt>Intended usage:</dt>
          <dd>
            <t>COMMON</t>
          </dd>
          <dt>Restrictions on usage:</dt>
          <dd>
            <t>none</t>
          </dd>
          <dt>Author/Change controller:</dt>
          <dd>
            <t>IETF</t>
          </dd>
          <dt>Provisional registration:</dt>
          <dd>
            <t>no</t>
          </dd>
        </dl>
      </section>
      <section anchor="new-coap-content-formats">
        <name>New CoAP Content-Formats</name>
        <t>IANA is requested to register the following Content-Format IDs in the "CoAP Content-Formats" registry, within the "Constrained RESTful Environments (CoRE) Parameters" registry group <xref target="IANA.core-parameters"/>:</t>
        <table align="left">
          <name>New CoAP Content Formats</name>
          <thead>
            <tr>
              <th align="left">Content-Type</th>
              <th align="left">Content Coding</th>
              <th align="left">ID</th>
              <th align="left">Reference</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">application/epoch-marker+cbor</td>
              <td align="left">-</td>
              <td align="left">TBD1</td>
              <td align="left">RFCthis</td>
            </tr>
            <tr>
              <td align="left">application/epoch-marker+cbor; em-type=0</td>
              <td align="left">-</td>
              <td align="left">TBD2</td>
              <td align="left">
                <xref target="sec-cbor-time"/> of RFCthis</td>
            </tr>
            <tr>
              <td align="left">application/epoch-marker+cbor; em-type=1</td>
              <td align="left">-</td>
              <td align="left">TBD3</td>
              <td align="left">
                <xref target="sec-cbor-time"/> of RFCthis</td>
            </tr>
            <tr>
              <td align="left">application/epoch-marker+cbor; em-type=1001</td>
              <td align="left">-</td>
              <td align="left">TBD4</td>
              <td align="left">
                <xref target="sec-cbor-time"/> of RFCthis</td>
            </tr>
            <tr>
              <td align="left">application/epoch-marker+cbor; em-type=26980</td>
              <td align="left">-</td>
              <td align="left">TBD5</td>
              <td align="left">
                <xref target="sec-rfc3161-classic"/> of RFCthis</td>
            </tr>
            <tr>
              <td align="left">application/epoch-marker+cbor; em-type=26981</td>
              <td align="left">-</td>
              <td align="left">TBD6</td>
              <td align="left">
                <xref target="sec-rfc3161-fancy"/> of RFCthis</td>
            </tr>
            <tr>
              <td align="left">application/epoch-marker+cbor; em-type=26982</td>
              <td align="left">-</td>
              <td align="left">TBD7</td>
              <td align="left">
                <xref target="sec-epoch-tick"/> of RFCthis</td>
            </tr>
            <tr>
              <td align="left">application/epoch-marker+cbor; em-type=26983</td>
              <td align="left">-</td>
              <td align="left">TBD8</td>
              <td align="left">
                <xref target="sec-epoch-tick-list"/> of RFCthis</td>
            </tr>
            <tr>
              <td align="left">application/epoch-marker+cbor; em-type=26984</td>
              <td align="left">-</td>
              <td align="left">TBD9</td>
              <td align="left">
                <xref target="sec-strictly-monotonic"/> of RFCthis</td>
            </tr>
            <tr>
              <td align="left">application/epoch-marker+cbor; em-type=26985</td>
              <td align="left">-</td>
              <td align="left">TBD10</td>
              <td align="left">
                <xref target="sec-epoclet"/> of RFCthis</td>
            </tr>
          </tbody>
        </table>
        <t>If possible, TBD1..TBD10 should be assigned in the 256..9999 range.</t>
      </section>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC3161">
          <front>
            <title>Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)</title>
            <author fullname="C. Adams" initials="C." surname="Adams"/>
            <author fullname="P. Cain" initials="P." surname="Cain"/>
            <author fullname="D. Pinkas" initials="D." surname="Pinkas"/>
            <author fullname="R. Zuccherato" initials="R." surname="Zuccherato"/>
            <date month="August" year="2001"/>
            <abstract>
              <t>This document describes the format of a request sent to a Time Stamping Authority (TSA) and of the response that is returned. It also establishes several security-relevant requirements for TSA operation, with regards to processing requests to generate responses. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="3161"/>
          <seriesInfo name="DOI" value="10.17487/RFC3161"/>
        </reference>
        <reference anchor="RFC5652">
          <front>
            <title>Cryptographic Message Syntax (CMS)</title>
            <author fullname="R. Housley" initials="R." surname="Housley"/>
            <date month="September" year="2009"/>
            <abstract>
              <t>This document describes the Cryptographic Message Syntax (CMS). This syntax is used to digitally sign, digest, authenticate, or encrypt arbitrary message content. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="70"/>
          <seriesInfo name="RFC" value="5652"/>
          <seriesInfo name="DOI" value="10.17487/RFC5652"/>
        </reference>
        <reference anchor="RFC8392">
          <front>
            <title>CBOR Web Token (CWT)</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="E. Wahlstroem" initials="E." surname="Wahlstroem"/>
            <author fullname="S. Erdtman" initials="S." surname="Erdtman"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <date month="May" year="2018"/>
            <abstract>
              <t>CBOR Web Token (CWT) is a compact means of representing claims to be transferred between two parties. The claims in a CWT are encoded in the Concise Binary Object Representation (CBOR), and CBOR Object Signing and Encryption (COSE) is used for added application-layer security protection. A claim is a piece of information asserted about a subject and is represented as a name/value pair consisting of a claim name and a claim value. CWT is derived from JSON Web Token (JWT) but uses CBOR rather than JSON.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8392"/>
          <seriesInfo name="DOI" value="10.17487/RFC8392"/>
        </reference>
        <reference anchor="RFC8610">
          <front>
            <title>Concise Data Definition Language (CDDL): A Notational Convention to Express Concise Binary Object Representation (CBOR) and JSON Data Structures</title>
            <author fullname="H. Birkholz" initials="H." surname="Birkholz"/>
            <author fullname="C. Vigano" initials="C." surname="Vigano"/>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <date month="June" year="2019"/>
            <abstract>
              <t>This document proposes a notational convention to express Concise Binary Object Representation (CBOR) data structures (RFC 7049). Its main goal is to provide an easy and unambiguous way to express structures for protocol messages and data formats that use CBOR or JSON.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8610"/>
          <seriesInfo name="DOI" value="10.17487/RFC8610"/>
        </reference>
        <reference anchor="RFC9090">
          <front>
            <title>Concise Binary Object Representation (CBOR) Tags for Object Identifiers</title>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <date month="July" year="2021"/>
            <abstract>
              <t>The Concise Binary Object Representation (CBOR), defined in RFC 8949, is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation.</t>
              <t>This document defines CBOR tags for object identifiers (OIDs) and is the reference document for the IANA registration of the CBOR tags so defined.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9090"/>
          <seriesInfo name="DOI" value="10.17487/RFC9090"/>
        </reference>
        <reference anchor="RFC9054">
          <front>
            <title>CBOR Object Signing and Encryption (COSE): Hash Algorithms</title>
            <author fullname="J. Schaad" initials="J." surname="Schaad"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>The CBOR Object Signing and Encryption (COSE) syntax (see RFC 9052) does not define any direct methods for using hash algorithms. There are, however, circumstances where hash algorithms are used, such as indirect signatures, where the hash of one or more contents are signed, and identification of an X.509 certificate or other object by the use of a fingerprint. This document defines hash algorithms that are identified by COSE algorithm identifiers.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9054"/>
          <seriesInfo name="DOI" value="10.17487/RFC9054"/>
        </reference>
        <referencegroup anchor="STD94" target="https://www.rfc-editor.org/info/std94">
          <reference anchor="RFC8949" target="https://www.rfc-editor.org/info/rfc8949">
            <front>
              <title>Concise Binary Object Representation (CBOR)</title>
              <author fullname="C. Bormann" initials="C." surname="Bormann"/>
              <author fullname="P. Hoffman" initials="P." surname="Hoffman"/>
              <date month="December" year="2020"/>
              <abstract>
                <t>The Concise Binary Object Representation (CBOR) is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation. These design goals make it different from earlier binary serializations such as ASN.1 and MessagePack.</t>
                <t>This document obsoletes RFC 7049, providing editorial improvements, new details, and errata fixes while keeping full compatibility with the interchange format of RFC 7049. It does not create a new version of the format.</t>
              </abstract>
            </front>
            <seriesInfo name="STD" value="94"/>
            <seriesInfo name="RFC" value="8949"/>
            <seriesInfo name="DOI" value="10.17487/RFC8949"/>
          </reference>
        </referencegroup>
        <referencegroup anchor="STD96" target="https://www.rfc-editor.org/info/std96">
          <reference anchor="RFC9052" target="https://www.rfc-editor.org/info/rfc9052">
            <front>
              <title>CBOR Object Signing and Encryption (COSE): Structures and Process</title>
              <author fullname="J. Schaad" initials="J." surname="Schaad"/>
              <date month="August" year="2022"/>
              <abstract>
                <t>Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need to be able to define basic security services for this data format. This document defines the CBOR Object Signing and Encryption (COSE) protocol. This specification describes how to create and process signatures, message authentication codes, and encryption using CBOR for serialization. This specification additionally describes how to represent cryptographic keys using CBOR.</t>
                <t>This document, along with RFC 9053, obsoletes RFC 8152.</t>
              </abstract>
            </front>
            <seriesInfo name="STD" value="96"/>
            <seriesInfo name="RFC" value="9052"/>
            <seriesInfo name="DOI" value="10.17487/RFC9052"/>
          </reference>
          <reference anchor="RFC9338" target="https://www.rfc-editor.org/info/rfc9338">
            <front>
              <title>CBOR Object Signing and Encryption (COSE): Countersignatures</title>
              <author fullname="J. Schaad" initials="J." surname="Schaad"/>
              <date month="December" year="2022"/>
              <abstract>
                <t>Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. CBOR Object Signing and Encryption (COSE) defines a set of security services for CBOR. This document defines a countersignature algorithm along with the needed header parameters and CBOR tags for COSE. This document updates RFC 9052.</t>
              </abstract>
            </front>
            <seriesInfo name="STD" value="96"/>
            <seriesInfo name="RFC" value="9338"/>
            <seriesInfo name="DOI" value="10.17487/RFC9338"/>
          </reference>
        </referencegroup>
        <reference anchor="RFC9581">
          <front>
            <title>Concise Binary Object Representation (CBOR) Tags for Time, Duration, and Period</title>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <author fullname="B. Gamari" initials="B." surname="Gamari"/>
            <author fullname="H. Birkholz" initials="H." surname="Birkholz"/>
            <date month="August" year="2024"/>
            <abstract>
              <t>The Concise Binary Object Representation (CBOR, RFC 8949) is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation.</t>
              <t>In CBOR, one point of extensibility is the definition of CBOR tags. RFC 8949 defines two tags for time: CBOR tag 0 (RFC 3339 time as a string) and tag 1 (POSIX time as int or float). Since then, additional requirements have become known. The present document defines a CBOR tag for time that allows a more elaborate representation of time, as well as related CBOR tags for duration and time period. This document is intended as the reference document for the IANA registration of the CBOR tags defined.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9581"/>
          <seriesInfo name="DOI" value="10.17487/RFC9581"/>
        </reference>
        <reference anchor="I-D.ietf-cose-cbor-encoded-cert">
          <front>
            <title>CBOR Encoded X.509 Certificates (C509 Certificates)</title>
            <author fullname="John Preuß Mattsson" initials="J. P." surname="Mattsson">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="Göran Selander" initials="G." surname="Selander">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="Shahid Raza" initials="S." surname="Raza">
              <organization>University of Glasgow</organization>
            </author>
            <author fullname="Joel Höglund" initials="J." surname="Höglund">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Martin Furuhed" initials="M." surname="Furuhed">
              <organization>IN Groupe</organization>
            </author>
            <author fullname="Lijun Liao" initials="L." surname="Liao">
              <organization>NIO</organization>
            </author>
            <date day="30" month="June" year="2026"/>
            <abstract>
              <t>   This document specifies a CBOR encoding of X.509 certificates.  The
   resulting certificates are called C509 certificates.  The CBOR
   encoding supports a large subset of RFC 5280 and common certificate
   profiles, and it is extensible.

   Two types of C509 certificates are defined.  One type is an
   invertible CBOR re-encoding of DER-encoded X.509 certificates with
   the signature field copied from the DER encoding.  The other type is
   identical except that the signature is computed over the CBOR
   encoding instead of the DER encoding, thereby avoiding the use of
   ASN.1.  Both types of certificates have the same semantics as X.509
   while providing comparable size reduction.

   This document also specifies CBOR-encoded data structures for
   certification requests and certification request templates, new COSE
   headers, as well as a TLS certificate type and a file format for
   C509.  This document updates RFC 6698 by extending the TLSA selectors
   registry to include C509 certificates.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-cose-cbor-encoded-cert-20"/>
        </reference>
        <reference anchor="I-D.ietf-cbor-edn-literals">
          <front>
            <title>Concise Diagnostic Notation (CDN)</title>
            <author fullname="Carsten Bormann" initials="C." surname="Bormann">
              <organization>Universität Bremen TZI</organization>
            </author>
            <date day="15" month="June" year="2026"/>
            <abstract>
              <t>   This document formalizes and consolidates the definition of the
   Concise Diagnostic Notation (CDN) of the Concise Binary Object
   Representation (CBOR), addressing implementer experience.

   Replacing CDN's previous informal descriptions, it updates RFC 8949,
   obsoleting its Section 8, and RFC 8610, obsoleting its Appendix G.

   It also specifies registry-based extension points and uses them to
   support text representations such as of epoch-based dates/times and
   of IP addresses and prefixes.


   // (This cref will be removed by the RFC editor:) -26 is intended to
   // address the May/June 2026 Working Group Last Call comments on -25
   // and the ensuing WG discussions.  Specifically, this update: • is
   // going further with the idea to entirely replace the non- backwards
   // compatible update considered for the RFC 8610/G.4 concatenation by
   // two new application extensions (temporarily named b1/t1), and to
   // add related application-oriented extensions that deprecate the
   // original streamstring syntax. • includes the float'' application-
   // extension so that the entire CBOR format can be covered. • now
   // uses rules closer to those of markdown for handling data
   // transparency in raw strings, simplifying their implementation. •
   // adds security considerations. • proactively reserves the
   // application-extension identifier "pragma" for potential future
   // standardization. • This update does not address certain comments
   // that propose some editorial restructuring requiring moving text
   // around; this is best done in a next revision after the technical
   // comments are addressed.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-cbor-edn-literals-26"/>
        </reference>
        <reference anchor="X.690" target="https://www.itu.int/rec/T-REC-X.690">
          <front>
            <title>Information technology — ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)</title>
            <author>
              <organization>International Telecommunications Union</organization>
            </author>
            <date year="2015" month="August"/>
          </front>
          <seriesInfo name="ITU-T" value="Recommendation X.690"/>
        </reference>
        <reference anchor="NIST-SP-800-pt2">
          <front>
            <title>Recommendation for key management:: part 2 -- best practices for key management organizations</title>
            <author fullname="Elaine Barker" initials="E." surname="Barker">
              <organization/>
            </author>
            <author fullname="William C Barker" initials="W." surname="Barker">
              <organization/>
            </author>
            <date month="May" year="2019"/>
          </front>
          <seriesInfo name="DOI" value="10.6028/nist.sp.800-57pt2r1"/>
          <refcontent>National Institute of Standards and Technology</refcontent>
        </reference>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
        <reference anchor="RFC2104">
          <front>
            <title>HMAC: Keyed-Hashing for Message Authentication</title>
            <author fullname="H. Krawczyk" initials="H." surname="Krawczyk"/>
            <author fullname="M. Bellare" initials="M." surname="Bellare"/>
            <author fullname="R. Canetti" initials="R." surname="Canetti"/>
            <date month="February" year="1997"/>
            <abstract>
              <t>This document describes HMAC, a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative cryptographic hash function, e.g., MD5, SHA-1, in combination with a secret shared key. The cryptographic strength of HMAC depends on the properties of the underlying hash function. This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="2104"/>
          <seriesInfo name="DOI" value="10.17487/RFC2104"/>
        </reference>
        <reference anchor="IANA.media-types" target="https://www.iana.org/assignments/media-types">
          <front>
            <title>Media Types</title>
            <author>
              <organization>IANA</organization>
            </author>
          </front>
        </reference>
        <reference anchor="IANA.core-parameters" target="https://www.iana.org/assignments/core-parameters">
          <front>
            <title>Constrained RESTful Environments (CoRE) Parameters</title>
            <author>
              <organization>IANA</organization>
            </author>
          </front>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="RFC9334">
          <front>
            <title>Remote ATtestation procedureS (RATS) Architecture</title>
            <author fullname="H. Birkholz" initials="H." surname="Birkholz"/>
            <author fullname="D. Thaler" initials="D." surname="Thaler"/>
            <author fullname="M. Richardson" initials="M." surname="Richardson"/>
            <author fullname="N. Smith" initials="N." surname="Smith"/>
            <author fullname="W. Pan" initials="W." surname="Pan"/>
            <date month="January" year="2023"/>
            <abstract>
              <t>In network protocol exchanges, it is often useful for one end of a communication to know whether the other end is in an intended operating state. This document provides an architectural overview of the entities involved that make such tests possible through the process of generating, conveying, and evaluating evidentiary Claims. It provides a model that is neutral toward processor architectures, the content of Claims, and protocols.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9334"/>
          <seriesInfo name="DOI" value="10.17487/RFC9334"/>
        </reference>
        <reference anchor="I-D.ietf-rats-reference-interaction-models">
          <front>
            <title>Reference Interaction Models for Remote Attestation Procedures</title>
            <author fullname="Henk Birkholz" initials="H." surname="Birkholz">
              <organization>Fraunhofer SIT</organization>
            </author>
            <author fullname="Michael Eckel" initials="M." surname="Eckel">
              <organization>Fraunhofer SIT</organization>
            </author>
            <author fullname="Wei Pan" initials="W." surname="Pan">
              <organization>Huawei Technologies</organization>
            </author>
            <author fullname="Eric Voit" initials="E." surname="Voit">
              <organization>Cisco Systems</organization>
            </author>
            <date day="2" month="April" year="2026"/>
            <abstract>
              <t>   This document describes interaction models for remote attestation
   procedures (RATS) [RFC9334].  Three conveying mechanisms --
   Challenge/Response, Uni-Directional, and Streaming Remote Attestation
   -- are illustrated and defined.  Analogously, a general overview
   about the information elements typically used by corresponding
   conveyance protocols are highlighted.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-rats-reference-interaction-models-17"/>
        </reference>
        <reference anchor="I-D.ietf-scitt-architecture">
          <front>
            <title>An Architecture for Trustworthy and Transparent Digital Supply Chains</title>
            <author fullname="Henk Birkholz" initials="H." surname="Birkholz">
              <organization>Fraunhofer SIT</organization>
            </author>
            <author fullname="Antoine Delignat-Lavaud" initials="A." surname="Delignat-Lavaud">
              <organization>Microsoft Research</organization>
            </author>
            <author fullname="Cedric Fournet" initials="C." surname="Fournet">
              <organization>Microsoft Research</organization>
            </author>
            <author fullname="Yogesh Deshpande" initials="Y." surname="Deshpande">
              <organization>ARM</organization>
            </author>
            <author fullname="Steve Lasker" initials="S." surname="Lasker">
         </author>
            <date day="10" month="October" year="2025"/>
            <abstract>
              <t>   Traceability in supply chains is a growing security concern.  While
   verifiable data structures have addressed specific issues, such as
   equivocation over digital certificates, they lack a universal
   architecture for all supply chains.  This document defines such an
   architecture for single-issuer signed statement transparency.  It
   ensures extensibility, interoperability between different
   transparency services, and compliance with various auditing
   procedures and regulatory requirements.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-scitt-architecture-22"/>
        </reference>
        <reference anchor="I-D.ietf-rats-eat">
          <front>
            <title>The Entity Attestation Token (EAT)</title>
            <author fullname="Laurence Lundblade" initials="L." surname="Lundblade">
              <organization>Security Theory LLC</organization>
            </author>
            <author fullname="Giridhar Mandyam" initials="G." surname="Mandyam">
              <organization>Mediatek USA</organization>
            </author>
            <author fullname="Jeremy O'Donoghue" initials="J." surname="O'Donoghue">
              <organization>Qualcomm Technologies Inc.</organization>
            </author>
            <author fullname="Carl Wallace" initials="C." surname="Wallace">
              <organization>Red Hound Software, Inc.</organization>
            </author>
            <date day="6" month="September" year="2024"/>
            <abstract>
              <t>   An Entity Attestation Token (EAT) provides an attested claims set
   that describes state and characteristics of an entity, a device like
   a smartphone, IoT device, network equipment or such.  This claims set
   is used by a relying party, server or service to determine the type
   and degree of trust placed in the entity.

   An EAT is either a CBOR Web Token (CWT) or JSON Web Token (JWT) with
   attestation-oriented claims.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-rats-eat-31"/>
        </reference>
        <reference anchor="I-D.ietf-lamps-csr-attestation">
          <front>
            <title>Use of Remote Attestation with Certification Signing Requests</title>
            <author fullname="Mike Ounsworth" initials="M." surname="Ounsworth">
              <organization>Cryptic Forest Software</organization>
            </author>
            <author fullname="Hannes Tschofenig" initials="H." surname="Tschofenig">
              <organization>Siemens</organization>
            </author>
            <author fullname="Henk Birkholz" initials="H." surname="Birkholz">
              <organization>Fraunhofer SIT</organization>
            </author>
            <author fullname="Monty Wiseman" initials="M." surname="Wiseman">
              <organization>Independent</organization>
            </author>
            <author fullname="Ned Smith" initials="N." surname="Smith">
         </author>
            <date day="16" month="June" year="2026"/>
            <abstract>
              <t>   Certification Authorities (CAs) issuing certificates to Public Key
   Infrastructure (PKI) end entities may require a certificate signing
   request (CSR) to include additional verifiable information to confirm
   policy compliance.  For example, a CA may require an end entity to
   demonstrate that the private key corresponding to a CSR's public key
   is secured by a hardware security module (HSM), is not exportable,
   etc.  The process of generating, transmitting, and verifying
   additional information required by the CA is called remote
   attestation.  While work is currently underway to standardize various
   aspects of remote attestation, a variety of proprietary mechanisms
   have been in use for years, particularly regarding protection of
   private keys.

   This specification defines ASN.1 structures which may carry
   attestation data for PKCS#10 and Certificate Request Message Format
   (CRMF) messages.  Both standardized and proprietary attestation
   formats are supported by this specification.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-lamps-csr-attestation-28"/>
        </reference>
        <reference anchor="TCG-CoEvidence" target="https://trustedcomputinggroup.org/wp-content/uploads/TCG-DICE-Concise-Evidence-Binding-for-SPDM-Version-1.0-Revision-53_1August2023.pdf">
          <front>
            <title>TCG DICE Concise Evidence Binding for SPDM</title>
            <author>
              <organization>Trusted Computing Group</organization>
            </author>
            <date year="2023" month="June"/>
          </front>
          <refcontent>Version 1.00</refcontent>
        </reference>
        <reference anchor="I-D.ietf-rats-ar4si">
          <front>
            <title>Attestation Results for Secure Interactions</title>
            <author fullname="Eric Voit" initials="E." surname="Voit">
              <organization>Cisco Systems</organization>
            </author>
            <author fullname="Henk Birkholz" initials="H." surname="Birkholz">
              <organization>Fraunhofer SIT</organization>
            </author>
            <author fullname="Thomas Hardjono" initials="T." surname="Hardjono">
              <organization>MIT</organization>
            </author>
            <author fullname="Thomas Fossati" initials="T." surname="Fossati">
              <organization>Linaro</organization>
            </author>
            <author fullname="Vincent Scarlata" initials="V." surname="Scarlata">
              <organization>Intel</organization>
            </author>
            <date day="18" month="May" year="2026"/>
            <abstract>
              <t>   This document defines reusable Attestation Result information
   elements.  When these elements are offered to Relying Parties as
   Evidence, different aspects of Attester trustworthiness can be
   evaluated.  Additionally, where the Relying Party is interfacing with
   a heterogeneous mix of Attesting Environment and Verifier types,
   consistent policies can be applied to subsequent information exchange
   between each Attester and the Relying Party.

   This document also defines two serialisations of the proposed
   information model, utilising CBOR and JSON.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-rats-ar4si-10"/>
        </reference>
        <reference anchor="IANA.cwt" target="https://www.iana.org/assignments/cwt">
          <front>
            <title>CBOR Web Token (CWT) Claims</title>
            <author>
              <organization>IANA</organization>
            </author>
          </front>
        </reference>
        <reference anchor="IANA.cbor-tags" target="https://www.iana.org/assignments/cbor-tags">
          <front>
            <title>Concise Binary Object Representation (CBOR) Tags</title>
            <author>
              <organization>IANA</organization>
            </author>
          </front>
        </reference>
        <reference anchor="TCG-TPM2" target="https://trustedcomputinggroup.org/wp-content/uploads/Trusted-Platform-Module-2.0-Library-Part-2-Version-184_pub.pdf">
          <front>
            <title>Trusted Platform Module 2.0 Library Part 2: Structures</title>
            <author>
              <organization>Trusted Computing Group</organization>
            </author>
            <date year="2025" month="March"/>
          </front>
          <refcontent>Version 184</refcontent>
        </reference>
      </references>
    </references>
    <?line 679?>

<section anchor="examples">
      <name>Examples</name>
      <t>The example in <xref target="fig-ex-1"/> shows an Epoch Marker with an <tt>etime</tt> as the Epoch Marker type.</t>
      <figure anchor="fig-ex-1">
        <name>CBOR Epoch Marker based on `etime` (EDN)</name>
        <sourcecode type="cbor-diag"><![CDATA[
{::include cddl/examples/1.diag}
]]></sourcecode>
      </figure>
      <t>The encoded data item in CBOR pretty-printed form (hex with comments) is shown in <xref target="fig-ex-1-pretty"/>.</t>
      <figure anchor="fig-ex-1-pretty">
        <name>CBOR Epoch Marker based on `etime` (pretty hex)</name>
        <sourcecode type="cbor-pretty"><![CDATA[
{::include cddl/examples/1.pretty}
]]></sourcecode>
      </figure>
      <t>The example in <xref target="fig-ex-2"/> shows an Epoch Marker with an <tt>etime</tt> as the Epoch Marker type carried within a CWT.</t>
      <figure anchor="fig-ex-2">
        <name>CBOR Epoch Marker based on `etime` carried within a CWT (EDN)</name>
        <sourcecode type="cbor-diag"><![CDATA[
{::include-fold cddl/examples/1-cwt.diag}
]]></sourcecode>
      </figure>
      <t>The encoded data item in CBOR pretty-printed form (hex with comments) is shown in <xref target="fig-ex-2-pretty"/>.</t>
      <figure anchor="fig-ex-2-pretty">
        <name>CBOR Epoch Marker based on `etime` carried within a CWT (pretty hex)</name>
        <sourcecode type="cbor-pretty"><![CDATA[
{::include-fold cddl/examples/1-cwt.pretty}
]]></sourcecode>
      </figure>
      <section anchor="classic-tstinfo">
        <name>RFC 3161 TSTInfo</name>
        <t>As a reference for the definition of TST-info-based-on-CBOR-time-tag the code block below depicts the original layout of the TSTInfo structure from <xref target="RFC3161"/>.</t>
        <sourcecode type="asn.1"><![CDATA[
TSTInfo ::= SEQUENCE  {
   version                      INTEGER  { v1(1) },
   policy                       TSAPolicyId,
   messageImprint               MessageImprint,
     -- MUST have the same value as the similar field in
     -- TimeStampReq
   serialNumber                 INTEGER,
    -- Time-Stamping users MUST be ready to accommodate integers
    -- up to 160 bits.
   genTime                      GeneralizedTime,
   accuracy                     Accuracy                 OPTIONAL,
   ordering                     BOOLEAN             DEFAULT FALSE,
   nonce                        INTEGER                  OPTIONAL,
     -- MUST be present if the similar field was present
     -- in TimeStampReq.  In that case it MUST have the same value.
   tsa                          [0] GeneralName          OPTIONAL,
   extensions                   [1] IMPLICIT Extensions   OPTIONAL  }
]]></sourcecode>
      </section>
    </section>
    <section numbered="false" anchor="acknowledgements">
      <name>Acknowledgements</name>
      <t>The authors would like to thank
Carl Wallace,
Jeremy O'Donoghue,
Jun Zhang,
and Antoine Fressancourt
for their reviews, suggestions and comments.</t>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA9V923Yb2XXgO76iAnmlyQ4KIsBLi3TaaYiEWoxFihEgK7aX
p3UAHABlFqqQupBCq5Xlj8jLrMmslYf5kszLfIe/ZPbtXKpQoCjbSVa0EjcB
nDqXvffZ970rDMPW3Vlw2GoVURHrs2C4TqfL4EpltzrLW2oyyfRd/dtZOk3U
CgbPMjUvwkgX8zBTRR5qHBaueFh4cNzKC5XMflBxmsDoIit1S2VanQXtkZ6W
WVRs2q37xVnwZjAeBe/S7DZKFsH3WVquW7f3Z8FlUugs0UV4geu0Wnc6KfVZ
KwhWKophElzzO1y9m2aLNny/iIplOYFf3JbuF095l5Mou12m8Y/bO223WlNV
nAV5MWtN0yTXSV7mst28nKyiPI/SpNis4QyXw/GLVkuVxTLNzlphwHB4qZPb
4LksAPuA7ZwFLzJVJst0rrNgdDmGbw0wt37QfJ4lzNI12+RzwXYKNS1gTF5k
WsMm3yx1lMAHlec6+OYYfpmmM9jCVydH/dPjr/AzgPUsuFDZCqA/K2hEmRQZ
fPm9zlYq2dh9j5fpSuXBizTPVRHxxlUS/Qgf0uQseBUlKkvdBnl4V4Z/F9PP
CHt/jdF9VPyosxgQb9d5p6PgRiUGMi9LdQ/fjPV0maRxuoh07ha5j+I4Uqvu
WiUw6LsljQVArOxsl2lS/r//FVxFSxVPtTKzDrKVmwX2XxbdlQz5DoBBU3j7
fJtEhZ4FvwSSm3mTn6ssL3QSPE8RVHbLMPoOaDoq/u//KYLnmV7BkPFvLj3E
PI8mcZQWS30L33SDnsUEj7aIugj7zw6PT5vQEgTrJd2Uvzk6DY/6vbDfexae
HJ72e+5gUzVJvyt+jAjsrQR3WcDW8Fa8eXF+2DvpAZ5GA/54fHLchyNdjfjj
M5gKPr4by8eT3gF8vLh4xZ9PD07x8/PXb8LXlxfmu+Mj+O71aBi+HIxehoNX
3+Nko/HF6RGPbT0J4N+3ZzTj6dGp/HrCT/m/wlx9mfX4WU9WGo4vr4bw7WV4
0aVbO01zHU4naRbqBCE2C6c6A/ieHx+cVsbRkFkSxoDHTMVwY4cX1zDiH7sn
cI4Wris87Rf0AZ5N5gyvNAkKQ3yb4I9/+JdgMLru9gJaEXlQVsY6P5PHRms9
jebRlB9M58FzlUfTYGgGv8HBwd7z4Zv9DtBPkiYwNra/yywy6hxGBXA3goso
L+DXMsqXQIb1yS5gGD1oWA1PQrTIbJF2A8uMdayBtFdlIjvMkVjThJ6YqQLO
3z/oHYcHz+ibXGdw3SKAhJnzcvw2HAOCaBadzPiYBEUGosoWSODLoljnZ0+f
3t/fd6Oi7EZJ8TTT06fj8M3wPDTjry9H43B0Ez47OAjXBZDbxevLbu+ge3LQ
f/YUf+yObrr44/E38HPWa7VakUGLJePTw0OgLmLUKpsufbTTl5kG5gnI0mGE
sAAOCVsOV0AtSAY0hD/4T+ZwHQuaDwhmWpQZQIa/g1PoaF3kW+toFAvmL//X
WK3WeTjNs1AVhQY+ywyz9gU8MT7/PjxPh3fRDLd7tgul46zMkRudp6t1WTgp
6BFxG6YKLi7PhzAomUbA/c2swHoSoh0AYzC6ubhqN+Kt4DWmZokFroBs5On9
OkRBowGh5TpO1Sx/ivvGxUJZLDSLhbJYCIuFuFj4K+SLAP5e9yB8o+8i+nB8
+ENvUC5gxf5B/7C7ns0r9Ng/DA9O6JtsehbIDAHMcLCFA5Ud5ZElBvgbRwyu
B93pfXFm/0ZmUKgF3Vnc+/jmqv/nQVvG3MSqQPIMrtIZXM2g3z0AuTjJVLYB
kZYVAZD4CEBLBJX/JSDPg0OzcMgLh7BwKAuHuHDYd5B/dvTDupxsQxlu/eE2
lJ8dtVqwIgonZNbDVy/gvHDrimUEB2iFYQiqCqoYoHi0xvBlAApfCayhCGZ6
HiXAnyr6YAAqhApWWgHrKdIAqR9EYb6EL5PU8Mw5QGcJj8LQVQoQh8lTeDRK
YNQMWGEWTUqEd76B06+6rdoKmQ7yaBXFKsMl2kW00oCq6W3eJmaKv68zANQU
psAv/CknG1xDz5A/2hWC2yS9T3DrILLlPM91HHdbI/o9D4gr3CF1VPcyS/FY
QaJhLtgLwunWO16Z4yMwaZQFuEKZzOAp1IPxe4AE7X1PdxfdTnAXKdhbnKK8
AMU4DunHKXxxu99tXYKip9WsQ1vE7awNNFWQi1CqbM7BXiNKEn0fkKILE6gi
AETmS4DUzKAgxkWn0ToC1ObdR6A6QCU47wDWpnFJ50EZzifC29dB5h2gEhKM
4btRAWxynN7qpENIAckIDCSObjVqTXJl4JgFbCVP7YoKVZTgPFbRiuhpNUEB
WcEBkA2uhAoNb+GdngS0EuzhfhnBUBB0dxrxe6fhMwpVZI95tEhgNqCVIp2m
MVAt6LIL3AXR/SqazWLdAq0FhCzRE/FxSxMER4N5I3tgKTBmdLwBzKDqmOl/
KiMgSGXAvU0CgE9HMfAFMIE7vYGhkVNRBCHwf6gAqSiBBfDBqQLeDwDAv0Fz
hR9wBlAy0wLWdNIHDwnXQWCcBAudoJ7Ucdu11ILbsrtturOyZ/1hulTJorpP
oSbiKKBa7LrSeBC8Nwov8jpGgslvu8hgND0LAPv4cbBegwYSfQgGuGRoNYBP
n4A6gEiCPI1x52BjLGlHRbqGO+Dv1eA/op1ERa5juC/wVzLzVLhleg8gi/Wd
SgomTuTOsf4AxE03pcbIhIXTyF1YdeAiEJBRa9jZ4/novdr8KVx0G+D5fzwT
7Wwxz4HH1gXvdGeYmepmVrpUd/q/kJXK9fqTOOlEF/ca7nydl8J9gxOgwsRL
avEi5EJrGRxynfJB7Hbonm3jjBgmETviSvaM5+rYe5CbHycaZ7TsJL1Dpg2P
GlcKUKJjBcHeRGUZPrCMFku4VvkGLABAOcIQbpbY5mDVyNlhCRwN7L9E7EVz
UsOLCIaDtgKn3QSzklEJawK7D8EqIe3JkpJAXegBZqEjIDRAJzdP+hTFTFC4
MSAjvwVcWD5MF3WCzAR4Pw5L8fA56KoZ3/X7pU4aYFrmegaweLeMgBMh8qpD
CLu0lVwhFaV8NdZAKcjlYUWgWQQF4YaQIQhgymfiYO4MpKmyKC3zoM2LXF60
4au41LwV5gUzvP3bspYZvc864IRqiqZaimqeQwIeiWRDLncXoasDQNjMoyuE
aW4PvkrzonZyXhX3JeY37oBE7MePIf730yfml+ixMHLBnMt7Gr5eAeu9g4+1
ieBxhOUKDg27ZjFij5mvFRg0EWtlVR0i2BuPxvsWXMCQYEfj0YA2FIDBbBwG
AYxDU5+BHNxnCqTKjDFzfjWC/dzpGHBJJ7oaffoERDYa51X+B9Pj8iGtHwzI
iGD5BtsYsAnvxCEyH7NjeeTGqBgw/gY40KCQOwz0BGC7x9mSRQedNRZijBBC
LolvtLkywh7LbHo6zHF+JD5UcaKpJtUNaABACdwm05ZtMt0aaFiVi+RMUkUa
KUc1HQuJDx9CsoMbjiN0gkwRl16lKdzbVbSQe7ZWxZIpD3GLqgipR3hl1CSK
wdiQXeJZOyh/NRAoKiN3xIrQc5ah8KMbnek1sASkD2VUNjw6nRxsOL6ZBZpf
xA2RPTuxQcyqY3gK3IN4wyRbGCjJatvXDQV1KsoNK1gal+/U7iBws2mZ5ywa
StBPM9yH54sI2P2ANMfayDYH0h9wd6xJTjzVisCEVK7KGG/7OgQtRcce+raE
BGxyCsyVaby6U/i7ph8He6Bd7xPtvxsT7S+R7Bna9jkxL4iZwN6At+fRBDhG
rov6+sYoQC//wmlm7/XqPSnyU6PIs9XArIGYwbsxABz/V1QTwjNTL/oOaY/w
X1D+EHsTEFpzUM7mQF+wDE6UwvXKy/U6zUCwvTQkZWdE3QK3kqLqTK504BzZ
TqxM4aiICbQ3ZoiIxp/lFMxPgAXS7QGQiCXBogkkSnrPFgdLf5xSlJZ0rf4J
2NJkA5o60jLhB3i5As2TtbYPClXR3AdYcJ7GsWbaOr96h4sDdGr+JuSE1inE
jBU4aglngBv/8WPVFwVQhcVhEuPfwqcHnvnwRudAgXnDRJ5jBh+SQ1qjLQ9e
gqoFhHGjMpCeBd8OeKzqbUPaExCvqiBG4WwsnHmKoETQIW84AzMN92ABSsjk
20wglM3yKN9IAV0fCZvGG+sPh8HH3Dfu8BIjT2OoK+QW+BxM4ZmNhLfaesYi
0+s43dAdQraNMJP5W60B6BksMUlU01mNtgKzt+HcGeji20ogUD+GRXA8uT4z
ZhsICGN1tfneVB784x/+NyyWpeVimZaFGIx8wQH0T54EY52BGCYveN1CWYFC
lZNOYexViwhAKECLrqFAXh5C9HwdtKdo5q+LUjnzuo17NZKbaHckxPysbujh
DJaXs2HSJo6+e47eQdMkwE7Blt/91Il7iLk1P9Yg9TeVSTzFg63XWw0GaZqB
mtW+ejsatzv83+D6Nf39ZvgPby/fDC/w79HLwatX9o+WjBi9fP321YX7yz15
/vrqanh9wQ/Dt0Hlq1b7avDrNsu29uub8eXr68Gr9rYQIO0iZeYFyANmT6Zs
3qoIjufnN//+b70jONxfvXlx3u/1ToFF8IdnvW+O4APq0rwacVT+CBSwaaGG
BVZlxIbQVK0j0BhQJqAqjaYbSl6gua9/i5D53Vnwt5Ppunf0C/kCD1z50sCs
8iXBbPubrYcZiA1fNSxjoVn5vgbp6n4Hv658NnD3vvzbvwMdSQdh79nf/aJF
BlcFHx2KuZF0g/8CXKOcWV6RWlHOl9XjMN0gIE+Jkw0wgfkEc+BNJS6M0mSI
Ahtl1EWkFgnolNE0uE6Fr+8NL647uDr899OnfeQEVhfMmaLJdeFHSnwDjBVL
uuKOVcGjzD+RlVuLGuQxstxZmbGd+4CLKshA+6EgBvIVcRHhFQZbCjkRKoWK
uI04anx1y4hKfF7HapISA3caISyTzllN3lKdLGfYvjMK3U1ssopsIHnMIACw
57hyDISPM9C+UZnv7IZQZbUGMHeMAo0yOre6sXWto+QuovmmWeXtBqN0pZ2E
AdG7TGesCln8Wc8OKbBbjLR7uOV422vcKtPNpafyXrHK+/HJdkxOGGWTghzH
JYYaCg8HueyGjeMMFHiBrt3IGxP/a9zAxypTrzo/C2ODoGTUACT1+zRr2plR
QraplqScmoXLdEq+Xvg+971QoMiDrga6fMhOnly7YWo2yzQBXhW+Sb7fqTmF
ANsOL990e43CqkyAQKMpJTJUPCzebsokCmdRxjMRMRFVdKw+N8lSOAxqNCvQ
96Kporg0Q/wLdthv3OHn9weXrJwg02OPHMz6BYseNiyK6EYpxPjdxmynWe0n
fAM4JB5ndXeiHOCfDcpk8J51jPesbBae72CbCF/SUOd9qjp5q75joq2Oj17m
DDugudJoO0b5ip2DScV/9gLNdpYTHfebmG61sysO0eAeGol4i38LHhFWcbQi
jwa7/qxRXL8n5Ef+FUAUjMsMHbNza3CJh+bd+BH7tJCH+cA8JQzL2uz1Ea2V
rVCyQGGPMNh3jiBMCjZcnPyAlbyHzAHLhEiIBuRVpwT7YwCdYF3Dgd7mMkvl
ABITEulpYJuxN0/CRbVHJuSqwHOakMZKbRyZ4SaMVY5u3iXYXHQmJdYBn9SG
Wwiz5PlDd3VtLaOBSDjUQlcE1Y3KczSyEYbP1fQWA9jJLDxf6ultE6XMyfqt
KsyV68Ay0pBBQDogGxjioOfITHWTgNhIslMoXDFFAauQXtd4L8jBBFyVP8ic
ZTyPYjbl1mv4XiG4BBlsD4rro0EHcCySl4Ih7AcHK2gGB0QX0zoGnABUMtj8
BKMXM10Id8I7IhLdGYWhjduSH7vKNMiVaux3dKgBul40gJyh558TPcKlx7RA
zETC73EeYwWyBNXxBikDkwg2QmVu2Uyr6VLo1OCHmYghgg65PbY9BVVZTaCz
s9ImM03BygkepOrpZwSzJyGtUqC4bSjsgBhJWRVDmYEsBc9sWecMQMtBFuEX
KzXTBJvMCI/q4Q3dWA1YKM0mdIA2A9pINa/1k5jKRk1xrjL2Su5w04lvXNxb
VQMAacRpQrmEvEryJ+FvcB84tWsZrdnDxoY3ZqOi6XlLfKpj7dJ9tM0yn+ar
StC2NxLFJFkMbCfaAJKJFXcCZoSTjYSYKm4www7JYLEQ8O5PzQnJPsiOsGSe
kPyPohCwsxuFWqJjVtvzehIezd1OSxDvbS+dwGjQ4qcRt6+o0Bj1hQMaZ/qS
o9ITvUllWD5N1yI7PEawKzWCbDQbf2H8bjlvSMFGIopUokKbqIQqAbFi3t0M
AwjoSXwvOMNjPvXp7m/w0fe+rQiGjo6tvuI79c19EgkY4szv/VXW1jOHNyVd
M6/ACCCBebN1N/kxQJZJveMLKd5lOJCI/C/QNyRUR5gTCgknin6RYDvFSjzp
2rHhawCqEckkQi3lb+WdyH0DEW9IwZPuO62/vVxjeGgeLUL9IezDvMhZMYvA
3FJYeZ8pk/SNvXxfPL9bgl8EzPY9m4E+lfCVr6ZaGK9ZlZbh8rETb0NgpJQZ
TnJhZrAus3Was2uA44DMBHxoEjDJe0mwJeX4DvMqcG8iFjECQdFUpihxV9Mp
TXIErMOKB6kZdZsac244vElAE50SOGRMkNYfOPO1xi1oV+7iihsdxNFsY3z8
rOmJWwSn86yY9/TbBfxEWsv45mr0w2A8HoLcYc83ZgTipRsxCdlcFSQJ5rQA
edoqw33bSMjBuiYgos3PDlh3Vw20JxgWszq+zE9BZM8SwWAJcL2CEzcMAwFd
wiyOgPN+EMx2W68T6wKyPBBpwe0DWJhOMN5sgqhtoCpAf9v4cqcxyHGK8O86
bIePgpr6tpooiryVFHXTgbVvRrzVdepy4Z7D7pytAVyHBVOhZ8b+cEwuw3wE
fSdxlao+iMIisTIAUIKWhm/wifbOk8pMqBJVqczmcZFkrZhPuIO5LqbLLVA0
nh7DvDnRSZPod0FN4x9zMU1MEQCFl51HWzfKRDxFLpJwJsWXjXlmCj7R2RzF
KbKSLAIYU5KNgv9ks5DD5CZiBfZBFlEaFAV9VcxRWJNqRlDZwV9N1qB4qCgr
Iy22EioEAOYaTyRfWbmgWboF4L0ysYkvhuRJljqmLNljLjLRsKafYVFn82et
1j/Dv2A6m8Wtj2dnJt6Gnyuyt4vffKLBMC54Qlvwfg9pBpM9/G27YR97Tkbm
Qf/k9NkHDnqWiwVdpw4BbqM5dkhJVvvtT4/dYEhB1s9v877YtUtVzbvcc5Fb
seX7BwcHlPj0uR0/qSnTYzr/xye8k7XaUJ7zw1p0AwDjKC+Mv7IR/kQPT2B1
UkmQToMxKFqiwrPiBV/CwrUBiAeXx2pvqbD16TJNc+sQs+rOQbD3vsAMnPeU
9Hp4eHjKz7N7oECPN2i4OLSHQ+EnGHnzenT5j3ZclJBFDdayKlgbpuEHB/CE
Ni58GmzDw+h23U0S9pCoYvrUQPekcuyKYsLqB6p/aZlNK8kWdhgzOhBaqGvw
eXDHAoTWnnXL5cFh96jbJ7mCf5HrUoqDvrMpRF6u5wU58dgUYjC81zy/mzRg
T58rGaLIxZjUOR6LJTsSbBKpS0aWmqR3JFCAywHvMeZpPQzoT/xzyi3GGiUx
WZkmlUQDqVBl2x6xlIH4M/kmvk6ZCOzK9YyMvATdBtrYEtGWlbHSlKQLwmoe
oePQHBRla2n4ckVOAG3gBYAbAGoTJy6PUytcmaMbCjEKnSQnFkWjG8bzk1g7
hugLfuIAPt84q1O4/G+YitKO+Ppl8yl+HYr2AZfQT9j6+JHKh1C8SLKSkTfd
IBiRKi4PhgXqjvNUNHIKxKgNaAAP3wuzP7sPmCbEebYuiRMmJhQnonBrCtgq
TUH8CZYHjntH6Wvftg+AD+5+AMTOGQXzmnLWnCpEntKK3A1GJvPLRqa72xiv
5E8yTk1w0B2O1TS40FcsgS9ZB5CUaaPlGW8MbIFlJTyRdHut0fAf3g6vz4fB
Ryog8T4Ewevnfz88H3O1Tb/bO+k+Ozro9rq9g16X+ALwg718qfrHJ1zgdv32
FdYffoL/f30+Ho6D0fjN5fX39NvzF0fD4Wnv6HD4on/YP33ee/7NN89Ovzka
DC6Ojo4PTo5Ojw6en54PhoffHJ6fDg+PB9887x8envT6z1DEvmgRZls2kZ6U
qKUKYXFQhPKl8RIzuw7aw5vX5y9/eD589aotukUtBTGdUA6RF48C0DCMJzwN
pRrKtPgbekYUar2ovEsGv8F1ZLJXbzFSyDcOgG6mwyAdaGsmJcxDKmVH2Zk5
N4R8kVPdtLCVipbapFR01y2dg3K5kaCdoVq2zcM0YV5ppAypBMAlE4wcoS6P
PAOoS1JVnbXhKJlPj95TTILEignnlGcuir4Gmzm/+1p/0SVGvybwVBOXKB5x
tJVab9/rOy6jOpM7TPlC7JyGC9UDfnU+7wYyqOPJmT4JRZQ1zNhaLfY+4kQD
k1yLhbeYmDX5PWZDS7gXPeS4nb1er4fSsdfr7zu5bCAHs36VG6cwZcpL1ICy
TgVSwb3KbY5rt4Vb5Sce3umqwiTcjitlwbBv/OKHl3CxfngRUUFBptBZkWUb
s0u6dSpeIPNarlreCY17hkZUYjguyMIuxnLFO6/u6uETYNmriq9JleX9l0mE
fo0q/pBYF4nzxuNFwjidooKSvETVyBAd7cGf9+EdaGQlhmpYAyyaMLTEkCyW
FEyRpVe2wkuChMCpHlxtKPccNbaKImnoTFSdjimL4XUqOgzYsnA89BQWVN1F
VnliTEp0206VESyipJDjYmW1JgqlsdKCuitRQqRnkiNql7HalvWrGi2Y/OKF
YzD5z2s6FTsQabE00RwhsmsCp29MbEY32izVXI7kx9Mwp8KCAD0YcSHlE7Sz
yKh6sgCz5YyCH0jf7w0UQqOSGjhwuKJ4KgO8OWxyfAUmfPDcLw1glsYJkLhs
G3kW4bSNI800zEkxI61ncUvxjp2GR4eM7xjI3seky+PFdSidqWoYVXPqKkTV
lS1SAGwWtNV0WmZqutmx0fCZLdkSWmRBvVIfolWJPRsomxbvvr6LeHErfvna
VojYg0yX9jErJUcd+DnMFuWOXNELG+U0v1ECYEs5Pscag+cdFw8mKf4Arx+1
DWJxIYqJGsjkBgqwKEt0I7oIOYThq8Gv7bdexC7RC7YxDG/CLRkY1TzoDE7y
rHBOAt7MShFhELxNhKlV53Mh76NOcGwz5OlXY0L97GeE0/D8zeX48nzwKqDS
ZbSJI6xsMrl7ZkeYsoB5URWr4h79WrzXnMMuwPgogZAC0ytnatMvrsiL9W70
1KL+gGBzJQUFqjUvog+W2q05YLFvvOeADEdqJrkKS6gw8zan2InjFBVmZu4o
oJDyQnJgOkRiVX6CVwXzaymB3wg69Ih51Z7VLBYD4q2L80s6ChJRlCDG8pR8
aVs7Ev96rUwJjx42ODEYtwIAKrKpkDAJaDZx5aZKjNaWKDgRBHJ4E2s/lkCU
yOmdSO5rTCkGKQrk+/5rYjTf/gIDxsjpimzjLOqUr7UEL1gxq+cM+MBhv3hJ
Cq8UJABGfr5FRGAfkjaM5bhbELY4npcwyIoVmttLL/D4sxcctMKmsN4oSWut
qYhphqHwZIHSfpKmsfbKTzGRfanpzFbki2bh6Rxyy2kiIgOqeuXoWMpX02dz
rZ3sCtlGmrt6EuGXedCeqzjHR1GlMBt+WIMhFzeeCbHKE2nkBCbnh7zsxIki
dxqxJNOMV6JBDy9T5AoXwaBysoh1yHTzPceur9WKnLqoWHp5i70u55FjkxjA
Ml9ydjEvjVkruZN2u8rmSjrdCtZ+eHM/+5mYL0NLgqxOkrMpT6e3uqi4rbqn
vnfLkb2pqaHSKLMPL+G327pOC1NNkmw8kg842ZrKNjHiREwYnuAghR0nLLxV
rzUldPBp3ZwPH/rP8zCsvszDQB6qWaQWrd+SD+ApWQSDeEF/h72TDvzHGPFP
vSG/ogXh768+5zaQXiDVf5/zJXzV+t2f40x4Yt3i42h6W8krwcJRMLYHiT8g
yu0NsBVDcTrhNAkAGuVqYkxE5BJ5/3abyjQ85Bywx7q83O52uLjcAHJpDdm/
abzfWJWJRU72o0TQRQkhuQFMghJ6sxQ9nChIKZ2EQtamuQHbMCbuu2cyg/Yr
KSgNNSdeoRLmMXcDifzGG0N0EhHlOKjU+EnlVuFSuCtzsr8GzMQUJGhh9HZX
Qy6J2LYWTYJYEmrdYx3ONIhgExSj/vsPJaXCtBbblaR3zH2EVTaWBuDnuzS+
o9Lmhkv7ZX5e7tZhHb01An4FAnCLikMUi0jKJB9dLsyYSqMfIt3x0vtIiCGb
278QLPZoYkn9itDhZCP6j8IrW/JeiPi/D0IfdbkJA4++4XV8fu6a0+x01weC
gylB2rvmedPFRtw98kq7nGurijXdQ5XbiKFVNbarVqocgEvmBNGc/dWI7Nbw
AdKLXGUAmxB6WpKxVt2zatg1JgfksBIHE718n6bB1YxkbzPW9K2hxaUYU/4B
Gd9GVzTdFoKcy2YRDJRrPvfTKozcKThbFgytjCCVAK6AtOnYj9jIfwzveRK8
RbC0Wjeo21UgaA9ujhnSMRkCftUMrvfHP/yrdx6qkISNu65PfhklHROPlAdS
QMbmCeURkpWTLJ6C5Rem85BUaOkBgUYZkzRX23CzmXyTTJdZatprBikaW1wj
B0aTHJw2HcLdCleLVWEZ7wibchTA4a7SJC24wSB8ukzQScgZbpj/i9M84Wl4
fLgy44krm6+DVWWayE0z5Wkk+iGfOMfwQ+G7pCZ+jiBXGjzAobb3E5qVHsur
dk+xg23tfoA5GPaTqTlGmlnXg/pIZN1m0izqv4JjBcSx0H35AJRYIV/hSUAQ
YccXcm4qYW4KBXaia7et0vhqO9VProV3nxclGNFSQ9JM0pQDWOk8Vcv82Urs
J6vddozpYlAbLTztN31yDWVkT9xMiCIKeFQ4nc3iNxChHh7slMK+AlQrEOfG
E1IvLrAaUKx9zQc+Sc2R6aKj7hToI9wtgRp0mDw0attTzioVNLYUpoNdjW2u
+xq5mKaWQcawJnaGagS73XO4u9JZgx0Ikh5ITutEHIi5ydDkGIrlQJTZnRG4
OJ1+KfWOpgEQeYvEgcbecWpbRFqJUX6sO8J1B8qrXRzERMo4kTzTxXa6mMkb
XEWJeJrQkc+bM0oTVYnmcjep7QwZGjwIwHqXsrFvfLHc6U2g1865bRFWk3fJ
ynovaHsvHhPbCEWS8EyFASWrCTlQFonpsEN6mmnYqnzf+l7U1d2Ok4peCG+f
G2Tk7HyE40YrFZt+GgB0hezE8+SAZY0ZJ5oCq55iWkURZ9/reB6a/hYz281M
UUOlWy3Vq3M0u8XEOjni/hMGH1RiC3cApMDGkAytJ71ovPIQk0Q5eH5pndIY
YaKMdKwBY6wDjVnfpykQ8tLOYbDbw2eS3ABVj5YSDrfNQuGXenN5wR4boLOQ
FFcxr/1oa61d4jRLxakthLlO05gaF3qZqhU1A3Hjstyx7yf7RzBxY6wW+Gzu
qvGZFZB03SoUQlFsvK3V8GHNZiFQlxllDDPxaRcFdLF1xX1iHdHSOSpOnMj2
Zeq6xDF80GQmYCUgGSXOR0VGluufrFkQ8cKLTCUl5VxvbJTEdR9K5cYDAaOZ
c6NmeMzf6CylmlSsTtorsQIg6B/sm7Ypc6AlagAiFCzZ5Q4bavZ7lHS4fEpV
1HGFJi2ddKqF53IzyxUOPBIKDfYOttZlV54JUuEPJ3Z0v2G4eMf5k/xMafw5
sVTkaiSgkUUxjSAUDvsyVJxKtrVhYSOPZECs11zW9PJqcG4bOBxQzwYkjdHL
AbmpbDs4wijHrq06Kq5QoAjOdSEnqxTfVEZWaIW71+CdRsBRpwHHGn2Vp1Jo
Lh7GWlZgTfcYm7gGIY55SyXqWLcUOA9e52fkCBXidxzBUG+SMlWR7mOxBjMi
k6Kiu/Fjkt8Y6t3WizJDcbRKObOd0llsXRSzi7nKpFcitYqz/TQrMhiYI0Av
WqtCe1ol9xCzGUaeBMdWfsSAvE4V5i6K/YFIEJGELniAKtcsmrRFqi2TvhD7
dlMVAWPuUyWL0BNM5EMhnuIcZ1mllXgu3ZvgNq7J04G6Q6XzyMePta7hQgqc
9PbGRwTrXQ4LzBwdfCR/Ve6yKX3hBn1S1OM1O/Cq6lnh3ud1r0klaVjYoza0
p/ySB4d0izVkXy7B3VYy1PVds3mThGtTAPnyuYxAXoiGczZ/gZUoAFckYpTu
cBqMlqTrTbAnhZ3mMu4/MNmk8j2V4E2zzbpIgXGvl2IkSvEBcEuwg0xSuDyG
0R0Ah2GGorAKuz3u9Xl3lClWVPWEFUgSigo6UHepT5LT580WlRQc+d0PvTwB
Wo/RNyJVGaluxE4qvAdXKgFEUNaIsZErdkmrdVGrR/JKT2u+vLSMZywHTYQu
SsJ5DOp/QT1PbEgYVDy40tj7kQq/ig6VDkktKuj4dMaZ8aVRTZ2o8qMdRSTF
srQeD8+vY3wdXH4shclPbVVy6jU09VbrPtK+E7cHhZfW1IKgwUgTI4dCx7pS
ns310qZAjkuVczHqTOiRtGCbxvzWFGSRSo6INw1UUWUhN2OaWTuO/Bd8TYn/
kq9pG21y/9dZdIfaco7xODkglbyW69iq2Ym4yEwjr63TELmJ49pQIG9N9syW
mfEoVH0lHTlqtY2DtFDtuLi7oyoHKNOteMthONNxRM5j04pVzqa4cZjXaIyA
ZGW2SVgQvUd4NEy8dWZsTYeGGJqWDWeFqW2DID2fc+9FuOtzbZpeklqam14W
njHrnHlzsJ3p9nEJHCaCeKKR2IP0kaQIGVj5Mx2m87ntxHur9do0PqDo2R//
8K+LOJ2oGJ19rBjfRfqecjRL8r2FXMxu75GIUGOanwX8fEhJK0TtkWhv+gNY
FtkEHxKohwApquen+LrpEJDp30txhCl+qyxLvgpyv5mmcHlBkY3H3U6TDWcT
C5YsuGXfxj43i2CdZcOhsc9ENLc1YxtWWCpWBhNBCziszT1uEJI289iK6KX2
spVJCd0lAyvp73UH4zkWvmU59/M0Ki9FnaMMo0J2iYZyMqlqY0uXjBxktJk0
02enhblJHuPfmqbaXAVBIW+ywtdyuL7DFhZ6SqyGPEQNPboD6Y7N2SpV9M6J
xdlav2qT8ypssHZ0Y/qSUFkKkAM6MI0myWaGlFZzIxzQXBs6J1SaONR7ZWHB
jokpuMX/+If/maOuiDXQtrv1tJAmyagbXM7r+yXfRU6mMbYCptwxSc2h38kp
IbLzKfwOcJhHC8AtdcJBDxoQs3iIkN1z9k4YpymRONx5ghVe+VqJDN8pz9Ku
+vzNYaVXAuDFtPtHtQ6PRfsjOJtMrj3RjZyOnZrEq0zfpVPRr4nrUYMBj7NK
yNLVhfuuZhGpTh4QzfL7RGC66TLFFjo2/tmx8PsqF53X75Ft+/4bLVnaOMOW
Zx0+ITVsE+ga1yD327bzktZiu6ezA8HV/BFjiMnwuCRNptXyNO5+Q3sx2+1M
BYs0ndmEXFvbL5tJk9plqOEVtHGQANgLQ82QS2AiJFKHcGCiDzw7X/Wt+lq4
EDDKl8fSuqWpyTnOa2rAvTJtlFJwEGkN7n5AcWNtPiBN8dJYeWTegkB72hPi
mMROcbIZrCbFS7gMORCF/Vjf2hmF9VLQslPWFgLL6UngUlo5SUUAN10Q49wj
64WQYEUCteKhF04UdPpMxJfn4TQpd96+95IU/2DHvQsPduqhQtEEdsYs9n9u
zpIvqfOMUQjMiXLqiUSa+O/5iqDPoVCxNo3oBWVN70KQl46YVk4pz1PmdAQQ
P9t5CrXwP3XwyHTFWe9SAEy1fERMy6s536zFpDKcBeuh623Y04q2zRaVsANW
Y7f70qD1+iKiPh4d8/KFz7E5bpOcrWg/ZrfECxqbJHtF1R66udp/EaHlU+Ff
eAp0zsPn+2SBqhrzitceAZtux3W/ruu0cWf62lN8hdRhoF6MWKYJ48r3LSBF
c34yS1BQgBSbVpVoETEFYen2snsxFWxWGnxNjoCQs2FZLrl0ja/PAu6l5fpY
ldISnLDl3N70aotogRFGe9emEh1nnl25obDre5XNAimn96REtTGBSaGr6yjW
G8zPYo4m2RKonXB/FqRyCemo6ZKMChwvlIktozCGJOEjVKjF0KbpTUM8ip7R
u3l8ZVkWdbEO70nRRezb0Dj/QDuJaoEXyqZXtpGNtBblJhRYuGFvqnjn5QKK
SSa7SMwU0vGxtBXMjFNRMkW0WQXSdCYizUlQ4/9udSA5Ca9pQTDFJl0iPvd6
+x4uKE2TQi25o49OsNff9/AraHSrwUhJmSa2a7QBo0gx7e4d7vuwxjd05rae
fqe1LrFRYF9YcST2tGkPI+JHXOxrFZGhjvc838XzWDqIQGhsy8C018he+c69
AsoJjaTl1wrIZl+lb9S7wTXu72J8bSuj9+EmvoRz0Bs61MK5NmFTJYeIYqP7
w8HISeP3cQsmWIYoPbIexze3JJkLVeqQNJqcO4YDzpysMs3LtpLQBAK5RDA/
FAGLS3uTLWkZ67ZqwDn3EQvuvebI+76RglafALGKrqwp2WSgPAElUIDT+hLW
wIRFlSRFMHU3ttPYhS+isgSalROdUV+5w/fBrg0aTZCKipxW1JWq4Ep3fUe+
MoItB1gmeZpNPD/IDOBQVKhMTGsKOrEVZFP2scDO2KxIWPhavmAea11waI/d
BHgWw8tXrrUdIoxptTBxiGpzrc87Doxygg1WxKkiMXrMrlISyUkFhihC2V6v
XErRCiX6a7xrIsCMgsgAYflNTZCV330P/fGZ0zS2OI0wFnsYjmQWm0B6T8Iu
5pgfNKGWXvZ4oajuM9NbktgE+XaBZpAph4Z52k6Jc+eXqcosOoChbicUEKyx
91YvSePcUpbQaYKNC2eS1IGSwfTRowa32Na26m5D2wYwQipJcANWLxa+bBnx
zlsorTOlWAMDNhm+DotVoFo7rVSksBuy8ZJWpXynKUUUY/aowhIXCuktF/W8
MZIL+BKf1xMTPxI6Mx7yKMF3SzPhEMEofOertNJFzuqykuz7biQxwNI6Pd1x
QW37ogEvs8PdCccPqB02h7rUzOSH2kZQ1nLJLbUkZLDLCeBnDDzDftiNbhrk
NSZUmfe43OPLUEWVo7DYI0180x5Nzeekzqh4k0vyBS+YWQZJoqPafEpe4JSw
Va6kZSfqTTn1BvfJw/Bd6mlMeGZZRORZmbbm5rb+b2kWuGUhSce8lafOcyEe
OxWsX9x4R/Nyajy4q8pB/I6ZbtEB2ZtebSIAds2Toyej6rcP9tbky3QGAJBE
OYv4LWhedzeTT7hvwFtxT3Nj8cH1oNmjxm0U+UL+9n9kcyDeUHof/G77G3rx
dDCE/adgGK/ZljWtEj5+/Gt8+6mJklNG3otzqg5xDYwpWwEnYWsYEx/4O8CE
mDPXpm7Y6zdU6/bYatGJ6g3UTOck9mK6N2yohS3BbNuZ2/DsAjnYpvXxY/W1
t1jJvabWjMRq7HHsxbMpHBz2s5s4a7V+onZAPwUU/rrEi/NTMLKVcT95zdZ/
grFhGNT/B77FCpkD+Mih9J8qnU28XhPUauInMV7rLWE+8VtiDErMtD14AGto
f+Iz1KqQOYmgMn/u7b26Ere12LFOH4YXANzgaTDh/2AazE/WnGt8hSrpC350
Qno0KlYIKWBgsv5pFswcQ9nsPWO36VUD7djjIe6Hat9wX6bGwkv/b5iLazJ2
THgED5R8zkfnBts1GpKMdyxz7O874fe5xLpoV7aLiZRbz2Mbs2ISu5vEperf
tmM9h+elk1nlAnIPsn//N/xyeOX1NPMuJshWam5mu5BVujkBv8trN5KvjShK
7Vo3W37rkbuegbme95zB/bVsAIsXz4DF2y8utG18f1aRA3bEL/XmjFuv7eGU
Z679mvSqQPa+b4dzDRx2XNvL988YJgR4HEHvF0OmWmBcGB2F2D8Yfqm+4P5C
wkk0Q6OfqYIkywGvqL3s+BFNbHcxw5k0aP1MC1zXx9baxG23eBUPf0WIoCeo
Cy5xSqfC+C81Wq1RNTrDlEHJnvzUotNgpShVpLptgY5RTgr/x619tlpvjDvN
umapVjRJW63Xpki3+pPt1XtWTdgTacQsyKQp5lUO75OPKFe22NdLBFRe2jtG
fTAJVdLfOzZtwSQp/KizFBVH/YEMFNtdfEqamOzqoNbz1xziW+Kq7/0NVypZ
8O1fJlOs8s5OAgVYKujB30MY7AO4jZt7e6QwIwm01YnzsvYWwoYJkqeq1bop
+W2vsyov4AXsbAO/4auNyhac02yoEp+hzH5rSHaszYRKP5hsWW7e62Wla8h3
1771sSM/u37ljHJVefV4kqOqX9VrTYtFjrS+HI9v9kb7Hbj4A/6DXuDEgWKc
gLKcsZtCphb8zkCXCLsNLIrlbkD8fmCPqRW2FJ7cmkF8xX4iIFJR27/ieFva
3WDvOt2ewTS15RUxYsjOA5BMJhVwx3xANDewPjz81wH2HIjNu1ek8XSBphY+
O+f8Pb9rhsXgu+8xK5/CWSRt9zBy9V2ki3k3zRb7TF4J9zMBowSfw1y819d4
+1k+Eqmgk8wMAEGtOckzzZ4KU546ptwStsyFTjmzCeFodnPIQ4ziCWglpo5J
wy/kdXTNDJZnkRRQx/qqD9OLiqzu2TC5468d32psn5v2CKjzDUfjeRkDrd9F
YLqyDbJ3nr4Z7ru3AvqcmvuKGH6N7y0NHWv89InUVLMPYsr2I/yXWMhPmExc
11YflCSovsL/j59f9EgR8bWWBx/8eWBY3IGbo2+VGddqtEEdeuTEPTfx4V92
YmwvZOc++ovObawAmfz4S1T9L1jC2//J43X8L1ig7xb45pHa+RfMfuhmf/Yl
+voXLHHkljj9QnX9C1Y59i7QwaNU+Z26u8dmAsNmUHjPbav5Di3T7fJizm9g
O7YJG+ofn3S7p/CP8vrRQA/BRsUkSHrLh3l93scn9t15EnxvaDHdg31jR9mt
NyvYJEHTJUbtaFtsa1tsU4utAhfZxtNeF3+vd2+GTXgdm/nlfv4itgbLtswd
XlxTG2Y6lOh9tn1wYF7mjVUnxSaklhymbdveUn9wVT/IsvfZ4JWeug4uIT9O
xo07H3/50Anlse0zmme/7Kj8UADbdidu7hT+Z6Kx0rnOvKXqIdyGIF1n9eNj
++0dSO5/2cmbtvOfgvn+IzG/+/y7SKD/J5FAMyBqdAGKkt+WWPqd1hsKt8jZ
ad9v4tqBVXv/fa5nKHurZ9StZXoLHApjYDO9tsVQaRYtMElD+hZ7vUhrb2mX
PtW2C88/u/67ZvDZ2beu/S7335XOo00dboLg8no8/H74BoYGdz2MTH/q4DMS
Em7+B8vf0O+XMxpca+dT/VftJtzhRjvAf13Ngg0c2P5AXC7I73UxLwmxD9r+
u2BM45d+v81dx+Nl5eHQ9kymtyt7JWz4YpFaOYEYwrmZgMvOeicHVMCAvfRM
981mWEmTKqzOoRad+IDtqdb0b7DrR/NWWZrC5sg3/Xv++vWr4eC68t3F8MXg
7atx8GLwajSkKdg7uOOfJYsHd+EQOXEvjJcMjir+uMksDbAP4jtZPFx2YdXE
OEo5vWwXjRDYi1zt2n0Q/Pbgd35/sB379zpoNUzR+11weXXz6vL8chwM/ZFm
DmxRzfWnTwBtt0l6H+sZF5TkwMjKhN0heiYcmNvF58E9aSr8KguK/ye3rXOV
xcE7FWMUotP6e3hqtQlef3UBitliWeJXZRL8Bk3DTgut7EFSpFiAgQm7OSi4
KZisLeFPEQZXKcOwY5yDtujKcPNu6/8DXfsayeiXAAA=

-->

</rfc>
